1 SNMP-FRAMEWORK-MIB DEFINITIONS ::= BEGIN
4 MODULE-IDENTITY, OBJECT-TYPE,
6 snmpModules FROM SNMPv2-SMI
7 TEXTUAL-CONVENTION FROM SNMPv2-TC
8 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF;
10 snmpFrameworkMIB MODULE-IDENTITY
11 LAST-UPDATED "200210140000Z"
12 ORGANIZATION "SNMPv3 Working Group"
13 CONTACT-INFO "WG-EMail: snmpv3@lists.tislabs.com
14 Subscribe: snmpv3-request@lists.tislabs.com
17 Network Associates Laboratories
18 postal: 15204 Omega Drive, Suite 300
19 Rockville, MD 20850-4601
21 EMail: mundy@tislabs.com
22 phone: +1 301-947-7107
25 Co-editor: David Harrington
27 postal: 35 Industrial Way
29 Rochester, New Hampshire 03866-5005
31 EMail: dbh@enterasys.com
32 phone: +1 603-337-2614
34 Co-editor: Randy Presuhn
36 postal: 2141 North First Street
37 San Jose, California 95131
39 EMail: randy_presuhn@bmc.com
40 phone: +1 408-546-1006
42 Co-editor: Bert Wijnen
50 EMail: bwijnen@lucent.com
51 phone: +31 348-680-485
53 DESCRIPTION "The SNMP Management Architecture MIB
55 Copyright (C) The Internet Society (2002). This
56 version of this MIB module is part of RFC 3411;
57 see the RFC itself for full legal notices.
60 REVISION "200210140000Z" -- 14 October 2002
61 DESCRIPTION "Changes in this revision:
62 - Updated various administrative information.
63 - Corrected some typos.
64 - Corrected typo in description of SnmpEngineID
65 that led to range overlap for 127.
66 - Changed '255a' to '255t' in definition of
67 SnmpAdminString to align with current SMI.
68 - Reworded 'reserved' for value zero in
69 DESCRIPTION of SnmpSecurityModel.
70 - The algorithm for allocating security models
71 should give 256 per enterprise block, rather
73 - The example engine ID of 'abcd' is not
74 legal. Replaced with '800002b804616263'H based
75 on example enterprise 696, string 'abc'.
76 - Added clarification that engineID should
77 persist across re-initializations.
78 This revision published as RFC 3411.
80 REVISION "199901190000Z" -- 19 January 1999
81 DESCRIPTION "Updated editors' addresses, fixed typos.
82 Published as RFC 2571.
84 REVISION "199711200000Z" -- 20 November 1997
85 DESCRIPTION "The initial version, published in RFC 2271.
87 ::= { snmpModules 10 }
89 -- Textual Conventions used in the SNMP Management Architecture ***
91 SnmpEngineID ::= TEXTUAL-CONVENTION
93 DESCRIPTION "An SNMP engine's administratively-unique identifier.
94 Objects of this type are for identification, not for
95 addressing, even though it is possible that an
96 address may have been used in the generation of
101 The value for this object may not be all zeros or
102 all 'ff'H or the empty (zero length) string.
104 The initial value for this object may be configured
105 via an operator console entry or via an algorithmic
106 function. In the latter case, the following
107 example algorithm is recommended.
109 In cases where there are multiple engines on the
110 same system, the use of this algorithm is NOT
111 appropriate, as it would result in all of those
112 engines ending up with the same ID value.
114 1) The very first bit is used to indicate how the
115 rest of the data is composed.
117 0 - as defined by enterprise using former methods
118 that existed before SNMPv3. See item 2 below.
120 1 - as defined by this architecture, see item 3
123 Note that this allows existing uses of the
124 engineID (also known as AgentID [RFC1910]) to
125 co-exist with any new uses.
127 2) The snmpEngineID has a length of 12 octets.
129 The first four octets are set to the binary
130 equivalent of the agent's SNMP management
131 private enterprise number as assigned by the
132 Internet Assigned Numbers Authority (IANA).
133 For example, if Acme Networks has been assigned
134 { enterprises 696 }, the first four octets would
135 be assigned '000002b8'H.
137 The remaining eight octets are determined via
138 one or more enterprise-specific methods. Such
139 methods must be designed so as to maximize the
140 possibility that the value of this object will
141 be unique in the agent's administrative domain.
142 For example, it may be the IP address of the SNMP
143 entity, or the MAC address of one of the
144 interfaces, with each address suitably padded
145 with random octets. If multiple methods are
146 defined, then it is recommended that the first
147 octet indicate the method being used and the
148 remaining octets be a function of the method.
152 3) The length of the octet string varies.
154 The first four octets are set to the binary
155 equivalent of the agent's SNMP management
156 private enterprise number as assigned by the
157 Internet Assigned Numbers Authority (IANA).
158 For example, if Acme Networks has been assigned
159 { enterprises 696 }, the first four octets would
160 be assigned '000002b8'H.
162 The very first bit is set to 1. For example, the
163 above value for Acme Networks now changes to be
166 The fifth octet indicates how the rest (6th and
167 following octets) are formatted. The values for
170 0 - reserved, unused.
172 1 - IPv4 address (4 octets)
173 lowest non-special IP address
175 2 - IPv6 address (16 octets)
176 lowest non-special IP address
178 3 - MAC address (6 octets)
179 lowest IEEE MAC address, canonical
182 4 - Text, administratively assigned
183 Maximum remaining length 27
185 5 - Octets, administratively assigned
186 Maximum remaining length 27
188 6-127 - reserved, unused
190 128-255 - as defined by the enterprise
191 Maximum remaining length 27
193 SYNTAX OCTET STRING (SIZE(5..32))
203 SnmpSecurityModel ::= TEXTUAL-CONVENTION
205 DESCRIPTION "An identifier that uniquely identifies a
206 Security Model of the Security Subsystem within
207 this SNMP Management Architecture.
209 The values for securityModel are allocated as
212 - The zero value does not identify any particular
215 - Values between 1 and 255, inclusive, are reserved
216 for standards-track Security Models and are
217 managed by the Internet Assigned Numbers Authority
219 - Values greater than 255 are allocated to
220 enterprise-specific Security Models. An
221 enterprise-specific securityModel value is defined
224 enterpriseID * 256 + security model within
227 For example, the fourth Security Model defined by
228 the enterprise whose enterpriseID is 1 would be
231 This scheme for allocation of securityModel
232 values allows for a maximum of 255 standards-
233 based Security Models, and for a maximum of
234 256 Security Models per enterprise.
236 It is believed that the assignment of new
237 securityModel values will be rare in practice
238 because the larger the number of simultaneously
239 utilized Security Models, the larger the
240 chance that interoperability will suffer.
241 Consequently, it is believed that such a range
242 will be sufficient. In the unlikely event that
243 the standards committee finds this number to be
244 insufficient over time, an enterprise number
245 can be allocated to obtain an additional 256
248 Note that the most significant bit must be zero;
249 hence, there are 23 bits allocated for various
250 organizations to design and define non-standard
254 securityModels. This limits the ability to
255 define new proprietary implementations of Security
256 Models to the first 8,388,608 enterprises.
258 It is worthwhile to note that, in its encoded
259 form, the securityModel value will normally
260 require only a single byte since, in practice,
261 the leftmost bits will be zero for most messages
262 and sign extension is suppressed by the encoding
265 As of this writing, there are several values
266 of securityModel defined for use with SNMP or
267 reserved for use with supporting MIB objects.
271 1 reserved for SNMPv1
272 2 reserved for SNMPv2c
273 3 User-Based Security Model (USM)
275 SYNTAX INTEGER(0 .. 2147483647)
278 SnmpMessageProcessingModel ::= TEXTUAL-CONVENTION
280 DESCRIPTION "An identifier that uniquely identifies a Message
281 Processing Model of the Message Processing
282 Subsystem within this SNMP Management Architecture.
284 The values for messageProcessingModel are
285 allocated as follows:
287 - Values between 0 and 255, inclusive, are
288 reserved for standards-track Message Processing
289 Models and are managed by the Internet Assigned
290 Numbers Authority (IANA).
292 - Values greater than 255 are allocated to
293 enterprise-specific Message Processing Models.
294 An enterprise messageProcessingModel value is
298 messageProcessingModel within enterprise
300 For example, the fourth Message Processing Model
301 defined by the enterprise whose enterpriseID
307 This scheme for allocating messageProcessingModel
308 values allows for a maximum of 255 standards-
309 based Message Processing Models, and for a
310 maximum of 256 Message Processing Models per
313 It is believed that the assignment of new
314 messageProcessingModel values will be rare
315 in practice because the larger the number of
316 simultaneously utilized Message Processing Models,
317 the larger the chance that interoperability
318 will suffer. It is believed that such a range
319 will be sufficient. In the unlikely event that
320 the standards committee finds this number to be
321 insufficient over time, an enterprise number
322 can be allocated to obtain an additional 256
325 Note that the most significant bit must be zero;
326 hence, there are 23 bits allocated for various
327 organizations to design and define non-standard
328 messageProcessingModels. This limits the ability
329 to define new proprietary implementations of
330 Message Processing Models to the first 8,388,608
333 It is worthwhile to note that, in its encoded
334 form, the messageProcessingModel value will
335 normally require only a single byte since, in
336 practice, the leftmost bits will be zero for
337 most messages and sign extension is suppressed
338 by the encoding rules.
340 As of this writing, there are several values of
341 messageProcessingModel defined for use with SNMP.
344 0 reserved for SNMPv1
345 1 reserved for SNMPv2c
346 2 reserved for SNMPv2u and SNMPv2*
347 3 reserved for SNMPv3
349 SYNTAX INTEGER(0 .. 2147483647)
356 SnmpSecurityLevel ::= TEXTUAL-CONVENTION
358 DESCRIPTION "A Level of Security at which SNMP messages can be
359 sent or with which operations are being processed;
360 in particular, one of:
362 noAuthNoPriv - without authentication and
364 authNoPriv - with authentication but
366 authPriv - with authentication and
369 These three values are ordered such that
370 noAuthNoPriv is less than authNoPriv and
371 authNoPriv is less than authPriv.
373 SYNTAX INTEGER { noAuthNoPriv(1),
378 SnmpAdminString ::= TEXTUAL-CONVENTION
381 DESCRIPTION "An octet string containing administrative
382 information, preferably in human-readable form.
384 To facilitate internationalization, this
385 information is represented using the ISO/IEC
386 IS 10646-1 character set, encoded as an octet
387 string using the UTF-8 transformation format
388 described in [RFC2279].
390 Since additional code points are added by
391 amendments to the 10646 standard from time
392 to time, implementations must be prepared to
393 encounter any code point from 0x00000000 to
394 0x7fffffff. Byte sequences that do not
395 correspond to the valid UTF-8 encoding of a
396 code point or are outside this range are
399 The use of control codes should be avoided.
401 When it is necessary to represent a newline,
402 the control code sequence CR LF should be used.
407 The use of leading or trailing white space should
410 For code points not directly supported by user
411 interface hardware or software, an alternative
412 means of entry and display, such as hexadecimal,
415 For information encoded in 7-bit US-ASCII,
416 the UTF-8 encoding is identical to the
419 UTF-8 may require multiple bytes to represent a
420 single character / code point; thus the length
421 of this object in octets may be different from
422 the number of characters encoded. Similarly,
423 size constraints refer to the number of encoded
424 octets, not the number of characters represented
427 Note that when this TC is used for an object that
428 is used or envisioned to be used as an index, then
429 a SIZE restriction MUST be specified so that the
430 number of sub-identifiers for any object instance
431 does not exceed the limit of 128, as defined by
434 Note that the size of an SnmpAdminString object is
435 measured in octets, not characters.
437 SYNTAX OCTET STRING (SIZE (0..255))
440 -- Administrative assignments ***************************************
443 OBJECT IDENTIFIER ::= { snmpFrameworkMIB 1 }
444 snmpFrameworkMIBObjects
445 OBJECT IDENTIFIER ::= { snmpFrameworkMIB 2 }
446 snmpFrameworkMIBConformance
447 OBJECT IDENTIFIER ::= { snmpFrameworkMIB 3 }
449 -- the snmpEngine Group ********************************************
451 snmpEngine OBJECT IDENTIFIER ::= { snmpFrameworkMIBObjects 1 }
458 snmpEngineID OBJECT-TYPE
462 DESCRIPTION "An SNMP engine's administratively-unique identifier.
464 This information SHOULD be stored in non-volatile
465 storage so that it remains constant across
466 re-initializations of the SNMP engine.
470 snmpEngineBoots OBJECT-TYPE
471 SYNTAX INTEGER (1..2147483647)
474 DESCRIPTION "The number of times that the SNMP engine has
475 (re-)initialized itself since snmpEngineID
480 snmpEngineTime OBJECT-TYPE
481 SYNTAX INTEGER (0..2147483647)
485 DESCRIPTION "The number of seconds since the value of
486 the snmpEngineBoots object last changed.
487 When incrementing this object's value would
488 cause it to exceed its maximum,
489 snmpEngineBoots is incremented as if a
490 re-initialization had occurred, and this
491 object's value consequently reverts to zero.
495 snmpEngineMaxMessageSize OBJECT-TYPE
496 SYNTAX INTEGER (484..2147483647)
499 DESCRIPTION "The maximum length in octets of an SNMP message
500 which this SNMP engine can send or receive and
501 process, determined as the minimum of the maximum
502 message size values supported among all of the
503 transports available to and supported by the engine.
509 -- Registration Points for Authentication and Privacy Protocols **
511 snmpAuthProtocols OBJECT-IDENTITY
513 DESCRIPTION "Registration point for standards-track
514 authentication protocols used in SNMP Management
517 ::= { snmpFrameworkAdmin 1 }
519 snmpPrivProtocols OBJECT-IDENTITY
521 DESCRIPTION "Registration point for standards-track privacy
522 protocols used in SNMP Management Frameworks.
524 ::= { snmpFrameworkAdmin 2 }
526 -- Conformance information ******************************************
528 snmpFrameworkMIBCompliances
529 OBJECT IDENTIFIER ::= {snmpFrameworkMIBConformance 1}
530 snmpFrameworkMIBGroups
531 OBJECT IDENTIFIER ::= {snmpFrameworkMIBConformance 2}
533 -- compliance statements
535 snmpFrameworkMIBCompliance MODULE-COMPLIANCE
537 DESCRIPTION "The compliance statement for SNMP engines which
538 implement the SNMP Management Framework MIB.
540 MODULE -- this module
541 MANDATORY-GROUPS { snmpEngineGroup }
543 ::= { snmpFrameworkMIBCompliances 1 }
545 -- units of conformance
547 snmpEngineGroup OBJECT-GROUP
552 snmpEngineMaxMessageSize
555 DESCRIPTION "A collection of objects for identifying and
556 determining the configuration and current timeliness
560 values of an SNMP engine.
562 ::= { snmpFrameworkMIBGroups 1 }