CISCO-COMMON-ROLES-EXT-MIB: View SNMP OID List / Download MIB

VENDOR: CISCO


 Home MIB: CISCO-COMMON-ROLES-EXT-MIB
Download as:   

Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
Keep in mind that standard MIB files can be successfully loaded by systems and programs only if all the required MIB's from the "Imports" section are already loaded.
The tree-like SNMP object navigator requires no explanations because it is very simple to use. And if you stumbled on this MIB from Google note that you can always go back to the home page if you need to perform another MIB or OID lookup.


Object Name OID Type Access Info
 ciscoCommonRolesExtMIB 1.3.6.1.4.1.9.9.651
A MIB Module for managing the roles that are common between access methods like Command Line Interface (CLI), SNMP and XML interface. This MIB is an extension to the CISCO-COMMON-ROLES-MIB, which is for managing Common Roles on a device with fixed feature. Terminology: Commands are the basic operations that can be performed on a device. For example 'show aaa *', 'clear aaa *', 'config t; ip arp *'. Commands can be organized into groups called Features. Features can be organized into groups called Feature Groups. The constituents of a Feature (i.e. Commands) and the constituents of a Feature Group (i.e. Features) are collectively referred to as Feature Elements. This MIB extends the CISCO-COMMON-ROLES-MIB by adding the following. Features can be organized into groups called feature groups. Access privileges can be assigned to feature group(s) associated with a Role. The five access privileges (clear, config, debug, show & exec) are replaced by two access privileges ('read' and 'readWrite'). These two privileges have no relation to the replaced five privileges. The types of objects to which access can be restricted is extended to include VLANs and Interfaces. A device implementing this MIB need not implement CISCO-COMMON-ROLES-MIB.
         ciscoCommonRolesExtNotifications 1.3.6.1.4.1.9.9.651.0
         ciscoCommonRolesExtMIBObjects 1.3.6.1.4.1.9.9.651.1
             ccreInfo 1.3.6.1.4.1.9.9.651.1.1
                 ccreFeatureElementTable 1.3.6.1.4.1.9.9.651.1.1.1 no-access
This table lists all the features and feature groups configured on a device. For each feature it lists all the command(s) contained in the feature. For each feature groups it lists all the features contained in the group. A feature element is either a feature or a feature group. A device may have some predefined features which may not be editable by a user. In addition, a device may allow a user to define new feature group. A device implementing this MIB need not implement the objects that form a conceptual row in the 'commonRolesFeatureTable' table defined in the CISCO-COMMON-ROLES MIB. The entries in this table are persistent across device reboots.
                     ccreFeatureElementEntry 1.3.6.1.4.1.9.9.651.1.1.1.1 no-access
An entry (conceptual row) in the ccreFeatureElementTable. Each row in this table represents an element (command or a feature) contained in a feature or a feature group. For example a 'radius' feature that contains three commands - 'radius-server', 'radius-cfs' and 'aaa group server radius', this table will have three entries, one each for the three commands. ccreFeatureName ccreFeatureIndex ccreFeatureElementName 'radius' 1 'radius-server' 'radius' 2 'radius-cfs' 'radius' 3 'aaa group server radius' 'arp' 1 'show arp' 'arp' 2 'clear ip arp'
                         ccreFeatureName 1.3.6.1.4.1.9.9.651.1.1.1.1.1 snmpadminstring no-access
Identifies the feature or the feature group for which this entry represents an element. This object is the same as the commonRoleFeatureName.
                         ccreFeatureElementIndex 1.3.6.1.4.1.9.9.651.1.1.1.1.2 unsigned32 no-access
An index value for this element which uniquely distinguishes it from all other elements of same feature.
                         ccreFeatureElementName 1.3.6.1.4.1.9.9.651.1.1.1.1.3 snmpadminstring read-only
Name of the feature element represented by this row.
                         ccreFeatureElementType 1.3.6.1.4.1.9.9.651.1.1.1.1.4 integer read-only
An indication of the type of element represented by this row. When this field has the value 'command', this row represents a command name. When this field has the value 'feature', this row represents a feature name. This field must have the value 'none' when a feature could not otherwise be represented in this table because the feature does not yet have any elements defined for it. When features are added to an empty feature-group, the row with element type 'none' is still maintained in this table. Deleting this row (with type as 'none') will delete the feature group and all other rows representing relationship between this feature group and its members. A feature should have at least one element, whereas a feature-group may have zero or more entries. All entries in this table are persistent across device reboots Enumeration: 'none': 3, 'command': 1, 'feature': 2.
                         ccreFeatureRowStatus 1.3.6.1.4.1.9.9.651.1.1.1.1.5 rowstatus read-only
Status of this row.
             ccreRoleConfig 1.3.6.1.4.1.9.9.651.1.2
                 ccreRoleTable 1.3.6.1.4.1.9.9.651.1.2.2 no-access
This table lists all the common roles configured on this device. Common roles are the user roles which are common across SNMP and CLI. A device implementing this MIB need not implement the objects that form a conceptual row in the 'commonRoleTable' defined in the CISCO-COMMON-ROLES MIB. This table and the 'commonRoleTable' table both have one entry per Role defined on the device. However unlike the 'commonRoleTable', this table does not contain any scope restriction information. The scope restriction information instead is contained in the 'ccreRoleScopeTable' Table. If a device implements this this table along with 'commonRoleTable' a row existing in 'commonRoleTable' should also exist in this table and vice versa. All entries in this table are persistent across device reboots.
                     ccreRoleEntry 1.3.6.1.4.1.9.9.651.1.2.2.1 no-access
An entry (conceptual row) in the ccreRoleTable. One entry per role defined on the device.
                         ccreRoleName 1.3.6.1.4.1.9.9.651.1.2.2.1.1 snmpadminstring no-access
Name of the common role. This is same as commonRoleName.
                         ccreRoleDescription 1.3.6.1.4.1.9.9.651.1.2.2.1.2 snmpadminstring read-only
Description of the common role. This is same as commonRoleDescription.
                         ccreRoleResourceAccess 1.3.6.1.4.1.9.9.651.1.2.2.1.3 ccreresourceaccess read-only
Defines the default access to the resources to which access can be controlled. vsan(0) Bit value of 0 indicates that the user has access to no VSANs. However a user can be selectively assigned access to VSANs and each such accessible VSAN will have an entry in the 'ccreRoleScopeTable'. Bit value of 1 indicates that the user has access to all VSANs. In this case there are no VSAN entries in the 'ccreRoleScopeTable'. Setting the bit to 1 results in deletion of all VSAN entries from the ccreRoleScopeTable, for the role identified by 'ccreRoleName'. vlan(1) Bit value of 0 indicates that the user has access to no VLANs. However a user can be selectively assigned access to VLANs and each such accessible VLAN will have an entry in the 'ccreRoleScopeTable'. Bit value of 1 indicates that the user has access to all VLANs. In this case there are no VLAN entries in the 'ccreRoleScopeTable'. Setting the bit to 1 results in deletion of all VLAN entries from the ccreRoleScopeTable, for the role identified by 'ccreRoleName'. interface(2) Bit value of 0 indicates that the user has access to no Interfaces. However a user can be selectively assigned access to interfaces and each such accessible interface will have an entry in the 'ccreRoleScopeTable'. Bit value of 1 indicates that the user has access to all interfaces. In this case there are no interface entries in the 'ccreRoleScopeTable'. Setting the bit to 1 results in deletion of all interface entries from the ccreRoleScopeTable, for the role identified by 'ccreRoleName'. For example a role which has access to all VSANs, all VLANs and no Interface will have this field set as - - - |0|1|1| - - -
                         ccreRoleRowStatus 1.3.6.1.4.1.9.9.651.1.2.2.1.4 rowstatus read-only
Status of this role.
                 ccreRoleScopeTable 1.3.6.1.4.1.9.9.651.1.2.3 no-access
This table lists the resources to which a user belonging to a role can access. A role may be restricted from accessing various resources of a device. This table lists the resources that a role can access. If for a role there is no entry in this table, then restriction, if any, is determined by the ccrePermitAllPolicies object in the ccreRoleTable. Each resource (VSAN, VLAN or Interface) to which a role has access to, has a separate entry in the table. For e.g. if a role has access to VLAN 1, 2, 6 and 7; VSAN 2, 5 and 8 and interface 2/1 and 2/3, this table will have 9 entries, 4 for VSANs, 3 for VLANs and 2 for Interfaces. Entries in this table can be created/deleted using ccreRoleScopeRowStatus. The table provides the same information as 'commonRoleScopeRestriction', 'commonRoleScope1' and 'commonRoleScope2' but in a different way. The object 'commonRoleScope1' and 'commonRoleScope2' are 256*8 bit mask with each bit representing a VLAN. 'commonRoleScope1' identifies VLANS 1 to 2048 whereas 'commonRoleScope2' identifies VLANS 2049 to 4096. In this table, there is a separate entry for each VSAN, along with separate entry for each VLAN and Interface to which a role has access. The purpose of this table is to remove the limit of 4096 that are supported by 'commonRoleTable'. All entries in this table are persistent across device reboots
                     ccreRoleScopeEntry 1.3.6.1.4.1.9.9.651.1.2.3.1 no-access
An entry (conceptual row) in the ccreRoleScopeTable. There is one entry for each different scope value of a Role. If a Role 'R1' is defined to have scope on VSAN-1, VSAN-2, VLAN-1, VLAN#, Interface fc1/1 and fc1/2, then there will be six entries for role 'R1' in this table, one each for VSAN-1, VSAN2, VLAN-1, VLAN-1, fc1/1 and fc1/2.
                         ccreRoleScopeIndex 1.3.6.1.4.1.9.9.651.1.2.3.1.1 unsigned32 no-access
An index value for this entry which uniquely distinguishes it from all other entries for same Role.
                         ccreRoleScopeRestriction 1.3.6.1.4.1.9.9.651.1.2.3.1.2 integer read-only
This object indicates the type of the scope restriction about which the information is provided by row. Enumeration: 'interface': 3, 'vlan': 2, 'vsan': 1.
                         ccreRoleScopeValue 1.3.6.1.4.1.9.9.651.1.2.3.1.3 integer32 read-only
This object identifies the resource this role can access. If the value of 'ccreRoleScopeRestriction' is 'vsan' or 'vlan', this object specifies the Id (which is a number) of the VSAN/VLAN. If the value of 'ccreRoleScopeRestriction' is 'interface', this object specifies the IfIndex of the interface.
                         ccreRoleScopeRowStatus 1.3.6.1.4.1.9.9.651.1.2.3.1.4 rowstatus read-only
Status of this scope restriction entry.
             ccreRuleConfig 1.3.6.1.4.1.9.9.651.1.3
                 ccreRuleTable 1.3.6.1.4.1.9.9.651.1.3.2 no-access
This table lists all the rules configured for roles defined in the ccreRoleTable. Each rule defines the access (permit/deny) allowed to a particular command, feature or a feature group. Entries in this table are also created/deleted using ccreRuleRowStatus. A row in this table cannot be made 'active' until a value is explicitly provided for that row's instances of following objects : - ccreRuleOperation If ccreRuleFeatureElementName is a command, then - ccreRuleOperation is not needed to be set A device implementing this MIB need not implement the objects that form a conceptual row in the 'commonRuleRoleTable' table, which is defined in the CISCO-COMMON-ROLES-MIB. There is no relation between the rows in 'commonRuleRoleTable' and this table as both define different operation types. Each table can have rows with no corresponding rows in other table. All entries in this table are persistent across device reboots
                     ccreRuleEntry 1.3.6.1.4.1.9.9.651.1.3.2.1 no-access
An entry (conceptual row) in the ccreRuleRuleTable. There is one entry for each Rule contained in a Role. For eg. if a Role 'R1' has 6 rules, there will be six entries for Role 'R1'.
                         ccreRuleNumber 1.3.6.1.4.1.9.9.651.1.3.2.1.1 unsigned32 no-access
A unique index for a rule in a particular role. The rule are applied according to their rule number, i.e. Rule 1 will be the first rule applied followed by Rule 2 and so on. Rule numbers need not be contiguous, for e.g. a Role can have three rule numbered 1, 4 & 7. Further when a new rule is added to this Role it can be rule number 2 or 5 or 9 (any number other than 1, 4 and 7).
                         ccreRuleFeatureElementName 1.3.6.1.4.1.9.9.651.1.3.2.1.2 snmpadminstring read-only
Name of the command or feature or feature group. If this is a zero-length string, then this rule applies to all the features supported on the device as enumerated in commonRoleFeatureTable.
                         ccreRuleFeatureElementType 1.3.6.1.4.1.9.9.651.1.3.2.1.3 integer read-only
Specifies the type of entry (command or feature or feature group) as specified by the object ccreRuleFeatureElementName Enumeration: 'all': 4, 'command': 1, 'feature': 2, 'featureGroup': 3.
                         ccreRuleOperation 1.3.6.1.4.1.9.9.651.1.3.2.1.4 ccreoperation read-only
The operation for this rule.
                         ccreRuleOperationPermitted 1.3.6.1.4.1.9.9.651.1.3.2.1.5 truthvalue read-only
This object tells if the operation `ccreRuleOperation' is permitted or denied. The operation is permitted if the value of this object is `true'. If the value of the object is 'false', the operation is not permitted.
                         ccreRuleRowStatus 1.3.6.1.4.1.9.9.651.1.3.2.1.6 rowstatus read-only
Status of this rule.
         ciscoCommonRolesExtMIBConformance 1.3.6.1.4.1.9.9.651.2
             ccreMIBCompliances 1.3.6.1.4.1.9.9.651.2.1
                 ccreMIBCompliance 1.3.6.1.4.1.9.9.651.2.1.1
The compliance statement for entities which implement the CISCO-COMMON-ROLES-EXT-MIB.
             ccreMIBGroups 1.3.6.1.4.1.9.9.651.2.2
                 ccreConfigurationGroup 1.3.6.1.4.1.9.9.651.2.2.1
A collection of objects for Common Roles Extention configuration.