Appendix A - SNMP Service Configuration Attributes
SNMP Service Configuration Attributes
SNMP service configuration settings are stored in five StreetTalk attributes. Specifically, these attributes are:
![]()
Party table attribute - Specifies initial party table information for parties associated with the SNMP master agent ![]()
View table attribute - Specifies MIB view information for SNMPv1 community strings and SNMPv2 parties ![]()
Context table attribute - Specifies context information for SNMPv1 community strings and SNMPv2 parties ![]()
ACL table attribute - Specifies access control privileges (ACLs) for SNMPv1 community strings and SNMPv2 parties ![]()
SNMP agent attribute - Initializes system variables and defines authentication-failure traps for SNMPv2 parties
The following sections describe the configuration attributes for SNMP.
The party table attribute defines the party table entries for the parties associated with the SNMP master agent. The vendor attribute pair of this attribute is <35:250000>.
Syntax
Each entry in the attribute file consists of the following arguments:
PartyName PartyDiscriminator
TDomain TAddress Port Lifetime MaxMsgSize
partyIndex partyStorageType partyLocal partyAuthClock
AuthPublicSecret
AuthPrivateSecret
PrivPublicSecret
PrivPrivateSecret
The arguments must appear in correct order.
PartyName
PartyName specifies a unique name for the party. This argument is required and must map to an OID in the MIB.
The party name is composed of a text name, an address, and a unique index value. For example, a party name can be as follows:
initialPartyId.a.b.c.d.2
where initialPartyId represents the text name, a.b.c.d represents the TCP/IP address of the server on which the master agent resides, and 2 represents the index into the table. The index value is incremented for each new entry in the party table.
PartyDiscriminator
PartyDiscriminator specifies the authentication protocol used by this party. This argument is an integer and is required for SNMPv2 parties.
Valid values for this argument are as follows:
![]()
1 or 2 defines this party as noauth/nopriv. ![]()
3 or 4 defines this party as auth/nopriv. ![]()
5 or 6 defines this party as auth/priv.
When TDomain is rfc1157Domain, indicating that this entry is an SNMPv1 community, the PartyDiscriminator argument is ignored. However, a value is still required for this argument. Enter a value of 1.
TDomain
TDomain specifies the transport domain for the party. Valid values for this argument are as follows:
![]()
rfc1157Domain defines this entry in the party table as an SNMPv1 community entry. ![]()
snmpUDPDomain defines this entry as an SNMPv2 party entry.
TAddress
TAddress identifies the transport address used with the transport service specified by the transport domain. The address is either an IP address in dot notation or a VINES IP address. This argument is required.
In most cases, the TAddress argument is ignored. The special case in which the TAddress argument is used is when TDomain is snmpUDPDomain and partyLocal is false. In this case, TAddress, in conjunction with the Port argument, specify the address/port pair that should receive proxy requests.
Even in cases when the agent is not a proxy agent, a value is still required for the TAddress argument. Enter a transport address.
Port
Port identifies the port used with the transport service specified by the transport domain. This argument is an integer and is required.
In most cases, the Port argument is ignored. The special case in which the Port argument is used is when TDomain is snmpUDPDomain and partyLocal is false. In this case, Port, in conjunction with the TAddress argument, specify the address/port pair that should receive proxy requests.
Even in cases when the agent is not a proxy agent, a value is still required for the Port argument. Enter a port number.
Lifetime
Lifetime specifies a time interval, in seconds, during which a message is considered valid. When a message is received by a target, it is considered valid only if its timestamp differs from the target's current time within the interval specified by Lifetime. This specification is intended to prevent replay attacks.
This argument is required. When TDomain is rfc1157Domain, the Lifetime argument is ignored.
MaxMsgSize
MaxMsgSize specifies the maximum size, in bytes, of any message the party will accept.
partyIndex
partyIndex specifies an index value used by the ACL table to match a party entry with its access privileges (see Figure A-1). This argument is an integer in the range of 1 through 65535. Each party table entry has a unique partyIndex value.
partyStorageType
partyStorageType specifies the storage type for this row in the party table. This argument is a case-sensitive string. In the Banyan implementation of Enterprise Management, party tables are stored as StreetTalk attributes in stable storage. Thus, for this argument, use the value nonVolatile, specifying that the row in the party table is backed up by stable storage.
partyLocal
partyLocal indicates whether the party executes locally or in a remote entity. This argument is a case-sensitive string and is required. Possible values are:
![]()
true - Party is local. ![]()
false - Party is not local.
When TDomain is rfc1157Domain, the partyLocal argument is ignored.
When partyLocal is false and TDomain is snmpUDPDomain, indicating that this entry is an SNMPv2 party, the TAddress and Port arguments can be used by a proxy agent to determine which address/port pair should receive proxy requests.
When the value of TDomain indicates that this entry is an SNMPv2 party, the term "local" does represent a location or address, but rather a point of origin. With outgoing packets, the source party must be "local" - a party representing the local entity as the source of the packet. With incoming packets, the source party must be "remote" - a party representing a valid source party for sending packets to the local entity. In this sense, local represents the local entity. "Nonlocal" or "remote" parties are logically remote to the entity. Packets are received from and sent to "nonlocal" (or remote) parties, and packets are sent from and received by "local" parties.
When entries are "shared" between entities, the values of their partyLocal arguments must be opposites. For example, an entry for a local party (partyLocal = true) in the agent's party file would be configured as a non-local (partyLocal = false) in the management application's party file.
partyAuthClock
partyAuthClock defines the current notion of time for the entity. This argument is an integer in the range of 0 through 4294967295 and is required. Zero is a valid initial value for this argument. Once an entire system is up and running, the security software should adjust and synchronize system clocks.
Upon startup, a time adjustment is added to the value of partyAuthClock. This adjustment is made to prevent replay attacks across reboots.
When TDomain is rfc1157Domain, the partyAuthClock argument is ignored.
AuthPublicSecret
AuthPublicSecret represents the "secret" as a series of hexadecimal numbers, each digit representing the corresponding ASCII value for the character in the string. A value of - represents the null string. The string can range from 0 to 16 bytes.
This argument is currently unused by the master agent. Set this argument to null ( - ).
AuthPrivateSecret
AuthPrivateSecret represents the "secrets" string for the authentication protocol. The secret is stored as a series of hexadecimal numbers; each digit is the ASCII value for the corresponding character in the string. A value of - represents the null string.
AuthPrivateSecret is valid only under either of the following conditions:
![]()
When PartyDiscriminator indicates authentication (PartyDiscriminator = 3, 4, 5, or 6) ![]()
TDomain indicates SNMPv1 community (TDomain = rfc1157Domain).
The string depends on the value of TDomain:
![]()
If the party is an auth/nopriv or auth/priv party, the length of AuthPrivateSecret must be 16 bytes (16 hexadecimal numbers in the configuration file). Each number must be entered as a two-digit representation. For example, enter 01 for 1, 02 for 2, and so on. ![]()
If the value of TDomain is rfc1157Domain, AuthPrivateSecret contains a community string name as an encoded string of characters of any length. For example, for the community name "public" use the entry "70 75 62 6c 69 63." One way to obtain the correct ASCII encoding is to use the following UNIX command: echo string | od -x
In most cases, you only need to specify the community string name for the AuthPrivateSecret argument. A special case of the community name is with multiple instances of a service residing on a server. When you are identifying a service that is one of multiple instances of a service residing on the server, append the StreetTalk name of the particular service to the community string. Use the syntax @service-name.
For example, if two print services reside locally on a server, use the community name "public@prntsvc2@sales@WCTUS" to specify both the community name and the particular service.
PrivPublicSecret
PrivPublicSecret stores the "secret" as a series of hexadecimal numbers, each digit is the ASCII value for the corresponding character in the string. A value of - represents the null string. The string can range from 0 to 16 bytes.
Currently, this argument is unused by the entity. Set this argument to null ( - ).
PrivPrivateSecret
PrivPrivateSecret represents the "secret" string for private privacy protocol. The secret is stored as a series of hexadecimal numbers; each digit is the ASCII value for the corresponding character in the string. A value of - represents the null string.
PrivPrivateSecret is valid only when PartyDiscriminator indicates privacy (PartyDiscriminator = 5 or 6). If the party is an auth/priv party, the length of PrivPrivateSecret must be 16 bytes (16 hexadecimal numbers in the configuration file). Each number must be entered as a two-digit representation. For example, enter 01 for 1, 02 for 2, and so on.
Example 1 Party Table Entry for SNMPv2 party
The following entry in the party table attribute defines an SNMPv2 party:
initialPartyId.a.b.c.d.2 3
snmpUDPDomain a.b.c.d 162 300 1458
2 nonVolatile false 0
-
74 68 69 73 74 68 69 73 74 68 69 73 74 68 69 34
-
-
The party is defined as follows:
The party name is initialPartyId.a.b.c.d.2, where a.b.c.d represents the TCP/IP address of the server on which the master agent resides. The value 2 represents the index into the table. This value is incremented for each new entry.
PartyDiscriminator is set to 3. The party is an auth/nopriv party.
TDomain is set to snmpUDPDomain, indicating this is a SNMPv2 party.
Since partyLocal is false and this party is a SNMPv2 party, the TAddress and Port arguments specify the proxy address of port 162 at IP address a.b.c.d.
Lifetime is set to 300 seconds. When a message is received by the target, it is valid as long as its timestamp does not differ from the target's current time by more than 300 seconds.
MaxMsgSize is set to 1458 bytes. A message can be no longer than 1458 bytes.
partyIndex is set to 2. The unique party index is 2.
partyStorageType is set to nonVolatile. This party is stored in non-volatile storage (as a StreetTalk attribute).
partyLocal is set to false. This party is not local to the SNMPv2 entity, thus it is a valid outgoing destination or a valid incoming source.
partyAuthClock is set to 0. The initial clock is 0.
Because AuthPublicSecret is currently unused by the master agent, its value is set to the null string.
The AuthPrivateSecret is initialized to:
74 68 69 73 74 68 69 73 74 68 69 73 74 68 69 34
which decodes to thisthisthisthi4.
Because PrivPublicSecret is currently unused by the entity, its value is set to the null string.
Since PartyDiscriminator indicates that the party is an auth/nopriv party, the PrivPrivateSecret argument is unused. PrivPrivateSecret is set to the null string.
Example 2 Party Table Entry for SNMPv1 community
The following entry in the party table attribute defines an SNMPv1 community:
# public
initialPartyId.131.100.142.16.31 1
rfc1157Domain 131.100.142.16 162 300 1458
31 nonVolatile true 0
-
70 75 62 6c 69 63
-
-
The party is defined as follows:
The party name is initialPartyId.131.100.142.16.31.
PartyDiscriminator is ignored since this is an SNMPv1 community. Because PartyDiscriminator is a required argument, the value 1 is specified (representing a noauth/nopriv SNMPv2 party). An SNMPv1 community is essentially a noauth/nopriv party.
TDomain is set to rfc1157Domain, indicating that this is an SNMPv1 community entry in the party table.
The TAddress and Port arguments are ignored since this is not a proxy agent. However, because these arguments are required, the values port 162 at IP address 131.100.142.16 are specified.
The Lifetime argument is unused since this is a community. However, because Lifetime is a required argument, the value 300 is specified.
MaxMsgSize is set to 1458 bytes. The message can be no longer than 1458 bytes.
partyIndex is set to 31. The unique party index is 31.
partyStorageType is set to nonVolatile. This party is stored in non-volatile storage (as a StreetTalk attribute).
Since the value for TDomain is rfc1157Domain, indicating that this entry is a SNMPv1 community, the partyLocal and partyAuthClock arguments are unused. However, because they are both required arguments, their values are specified as true and 0, respectively.
The AuthPublicSecret, PrivPublicSecret, and PrivPrivateSecret arguments are unused since this entry is a SNMPv1 community. The null string is specified for each of these arguments.
AuthPrivateSecret contains the community name:
70 75 62 6c 69 63
which decodes to "public".
Note: The UNIX command od(1) can be used to decode the community name.
The view table attribute defines the MIB view information for the SNMPv2 parties in the party table. The vendor attribute pair of this attribute is <35:250001>.
Syntax
Each entry in the attribute file consists of the following arguments:
viewIndex viewSubtree viewType viewStorageType
viewMask
The arguments must appear in correct order.
viewIndex
viewIndex specifies the identity of the MIB view that includes or excludes this subtree family. This argument corresponds to the value of the contextViewIndex object for the context defining a MIB view (see Figure A-2). Refer to Context Table Attribute later in this appendix for more information on the contextViewIndex argument.
This argument is an integer.
viewSubtree
viewSubtree, in combination with the viewMask argument, defines a family of MIB view subtrees. This family is included in or excluded from the MIB view for the context.
This argument is an OID. If an OID is used more than once, only the first instance of the OID is used. Any other matching OID will be ignored.
viewType
viewType indicates whether this subtree family is included or excluded from its MIB view. Valid values are as follows:
![]()
included includes this MIB view in the context's MIB view ![]()
excluded excludes this MIB view in the context's MIB view
viewStorageType
viewStorageType specifies the storage type for this row in the view table. This argument is a case-sensitive string. In the Banyan implementation of Enterprise Management, view tables are stored as StreetTalk attributes in stable storage. Thus, for this argument, use the value nonVolatile, specifying that the row in the view table is backed up by stable storage.
viewMask
viewMask specifies the bit-mask associated with the subtree family. This argument allows restriction of the view to a finer degree than the viewSubtree and viewType pair. For example, a view can be restricted to one row of a table. See "Example 3" later in this section.
Each bit of the bit mask specifies whether or not the corresponding sub-identifiers must match in order for an IOD to be in this family of view subtrees. A one-valued bit indicates that an exact match must occur, a zero-valued bit indicates that any sub-identifier value matches. If the value of the bit mask is shorter than the corresponding sub-identifier, extend the bit mask with 1's to make it the required length.
A value of - sets viewMask to the null string. Because a null string is shorter than the corresponding sub-identifiers, the bit mask is extended with 1's, thus creating a mask of one-valued bits. The mask allows all entries "below" the viewSubtree entry to be visible, unless canceled by another view entry.
The viewMask string can range from 0 to 16 bytes (from - to 16 hexadecimal digits.) Each number must be entered as a two-digit representation.
Example 1 Simple Subtree Inclusion
The following entry in the view table includes a subtree for viewing:
1 system included nonVolatile
-
The entry defines a view as follows:
viewIndex is set to 1, identifying the SNMPv2 parties for which this view is defined. These parties are those that have a SNMPv2 context with contextViewIndex of 1.
viewSubtree identifies the OID of the family "system" to be included in the MIB view.
viewType indicates that this subtree family is included in the MIB view.
viewStorageType is set to nonVolatile. This view is stored in non-volatile storage (as a StreetTalk attribute).
viewMask is set to the null string, allowing all entries "below" the viewSubtree entry to be visible, unless limited by another view entry.
In summary, this entry indicates that the SNMPv2 parties that have a SNMPv2 context with contextViewIndex of 1 have the viewSubtree of system included in their MIB view. The parties identified by viewIndex can see the system group, unless limited by another entry.
Example 2 Simple Subtree Exclusion
The following entry in the view table excludes a subtree from viewing:
2 interfaces excluded nonVolatile
-
The entry defines a view as follows:
viewIndex is set to 2, identifying the SNMPv2 parties for which this view is defined. These parties are those that have a SNMPv2 context with contextViewIndex of 2.
viewSubtree identifies the OID of the family "interfaces" to be excluded in the MIB view.
viewType indicates that this subtree family is excluded in the MIB view.
viewStorageType is set to nonVolatile. This view is stored in non-volatile storage (as a StreetTalk attribute).
viewMask is set to the null string, allowing all entries "below" the viewSubtree entry to be invisible, unless allowed by another view entry.
In summary, this entry indicates that the SNMPv2 parties that have a SNMPv2 context with contextViewIndex of 2 have the viewSubtree of interfaces excluded in their MIB view. The parties identified by viewIndex cannot see the interfaces group, unless allowed by another entry.
Example 3 Using viewMask to Limit the View
viewMask is a bit-mask built from octets that correspond to the OID being restricted. A one-valued bit indicates that the corresponding sub-identifiers must match in order for an IOD to be in this family of view subtrees. A zero-valued bit indicates that any sub-identifier value constitutes a match.
Suppose you want to restrict a contextViewIndex entry's view of the ifTable to all columns of the second row. Set the first three arguments of the entry in the view table to:
3 ifEntry.0.2 included
These arguments are defined as follows:
viewIndex is set to 3, identifying the SNMPv2 parties for which this view is defined. These parties are those that have a SNMPv2 context with contextViewIndex of 3.
viewSubtree identifies the OID of the family ifEntry. The value .0.2 is included with ifEntry OID, creating two place holders to be used by viewMask.
viewType indicates that this subtree family is included in the MIB view.
For the viewMask setting, the null string cannot be used, because there can never be an exact match with the viewSubtree OID ifEntry.0.2. Instead, specify a viewMask setting that requires an exact match on all fields except the table column (the 0 in ifEntry.0.2).
Given the OID for ifEntry.0.2 of:
1.3.6.1.2.1.2.2.1.0.2
you need a mask as follows:
1 1 1 1 1 1 1 1 1 0 1
The 1's in the mask indicate that exact match must be made on a field. The zero bit represents a wildcard that allows any value in a field.
Using this mask, group the bits of the viewMask into bytes, padding the right end with 1's to make the total number of bits in the mask a multiple of 8. Use the padded mask to determine the hex value for the viewMask entry (see Figure A-3).
Thus, set the viewMask entry in the view table to the hex value:
ff bf
With this entry in the view table, and all appropriate entries in the other configuration attributes, an SNMP walk of the ifTable group would return something like the following:
ifIndex.2 = 2
ifDescr.2 = lo0
ifType.2 = softwareLoopback(24)
ifMtu.2 = 1536
ifSpeed.2 = 0
ifPhysAddress.2 =
ifAdminStatus.2 = up(1)
ifOperStatus.2 = up(1)
ifLastChange.2 = 0
ifInUcastPkts.2 =
182945 ifInErrors.2 = 0
ifOutUcastPkts.2 = 182949
ifOutErrors.2 = 0
ifOutQLen.2 = 0
ifSpecific.2 = ccitt.0
Keep in mind that the second row of the ifTable must exist before you could retrieve it.
The context table attribute defines context information for SNMP entities. If the managed objects that make up the context reside locally, then the context defines a party's MIB view. If the managed objects reside in a remote entity, then the context defines a proxy relationship. The vendor attribute pair of this attribute is <35:250002>.
Syntax
Each entry in the attribute file consists of the following arguments:
contextId contextIndex contextViewIndex LocalEntity
LocalTime PDst PSrc PContext StorageType Local
The arguments must appear in correct order.
contextId
contextId specifies a unique identifier for this context. This argument is required and must map to an OID in the MIB.
The identifier is composed of a text name, an address, and a unique index value. For example, an identifier can be as follows:
initialContextId.a.b.c.d.2
where initialContextId represents the text name, a.b.c.d represents the TCP/IP address of the server on which the master agent resides, and 2 represents the index into the table. The index value is incremented for each new entry in the context table.
contextIndex
contextIndex specifies the unique index for this SNMPv2 context. This index is used by the ACL table when determining access control. There are 0 or more entries in the ACL table (Resources) that point to this value in the context table (see Figure A-4).
This argument is an integer in the range of 1 through 65535.
Refer to "ACL Table Attribute" later in this appendix for more information on the ACL table configuration attribute.
contextViewIndex
contextViewIndex specifies whether this context refers to object resources that are local or remote.
This argument is an integer in the range of 0 through 65535.
A value of zero specifies that the object resources are remote, indicating a proxy relationship. The values of the PDst, PSrc, and PContext arguments provide further information on the proxy relationship.
A value greater than zero specifies that this is a local context and is, therefore, an index into the view table. There must exist at least one entry in the view table configuration attribute with the viewIndex argument matching this contextViewIndex (see Figure A-5). The entry in the view table will determine the MIB view available in this context.
The values of the LocalEntity and LocalTime arguments provide further information on the local entity and its temporal context.
Refer to "View Table Attribute" earlier in this appendix for more information on the view table configuration attribute.
LocalEntity
LocalEntity identifies the local entity whose management information is in the context's MIB view. This argument is an octet string and is required.
Valid values for this argument are as follows:
![]()
A string, indicating that the MIB view contains management information of some other local entity. The string is a StreetTalk name of a service. For Banyan services only, if the service is one of multiple local instances of a service, use this argument to identify the particular service you want. ![]()
The value -, representing the empty string. This value indicates that the MIB view contains the entity's own local management information.
When contextViewIndex is zero, indicating a proxy relationship, this field is ignored. However, a value is still required for this argument. Enter a value of -.
LocalTime
LocalTime identifies the temporal context of the management information in the MIB view. This argument is valid only when contextViewIndex is a non-zero value, indicating that this is a local context.
Valid values for this argument are as follows:
![]()
currentTime - Refers to management information at the present time. ![]()
restartTime - Refers to management information upon the next re-initialization of the managed device. ![]()
cacheTime.N - Refers to management information that is in cache and is guaranteed to be no more than N seconds old.
This argument is an OID.
PDst
PDst identifies an SNMPv2 party that is the proxy destination. This argument is valid only when contextViewIndex is 0, indicating that this is a proxy relationship.
If contextViewIndex is a non-zero value, enter a value of "0.0" for this argument.
This argument is an OID.
Note: This argument is referred to as contextProxyDstParty in RFC1447.
PSrc
PSrc identifies an SNMPv2 party that is the proxy source. This argument is valid only when contextViewIndex is 0, indicating that this is a proxy relationship.
If contextViewIndex is a non-zero value, enter a value of "0.0" for this argument.
Interpretation of this argument's value depends on the value of the transport domain associated with the SNMPv2 party used as the proxy destination in this proxy relationship.
Refer to "Party Table Attribute" earlier in this appendix for more information on the transport domain value (TDomain).
This argument is an OID.
Note: This argument is referred to as contextProxySrcParty in RFC1447.
PContext
PContext identifies the context of a proxy relationship. This argument is valid only when contextViewIndex is 0, indicating that this is a proxy relationship.
If contextViewIndex is a non-zero value, enter a value of "0.0" for this argument.
Interpretation of this argument's value depends on the value of the transport domain associated with the SNMPv2 party used as the proxy destination in this proxy relationship.
Refer to "Party Table Attribute" earlier in this appendix for more information on the transport domain value (TDomain).
This argument is an OID.
Note: This argument is referred to as contextProxyContext in RFC1447.
StorageType
StorageType specifies the storage type for this row in the context table. This argument is a case-sensitive string. In the Banyan implementation of Enterprise Management, context tables are stored as StreetTalk attributes in stable storage. Thus, for this argument, use the value nonVolatile, specifying that the row in the context table is backed up by stable storage.
Local
Local indicates whether the context is local to this SNMPv2 agent. The term "local" indicates "residing at the address with the entity."
This argument is a case-sensitive string and is required. Valid values are:
![]()
true - Context is local. ![]()
false - Context is not local.
When contextViewIndex is 0, indicating that this entry is a proxy context, set Local to false. An incoming protocol data unit (PDU) is a proxy get-response.
Example Context Table Entry for a Local Entity
The following entry in the context table defines a local entity:
initialContextId.a.b.c.d.1 1 1 -
currentTime 0.0 0.0 0.0 nonVolatile true
The entity is defined as follows:
contextId is initialContextId.a.b.c.d.1, where a.b.c.d represents the TCP/IP address of the server on which the master agent resides. The value 1 represents the index into the table. This value is incremented for each new entry.
contextIndex is set to 1. The unique context index is 1.
contextViewIndex is set to 1, indicating this is not a proxy relationship. The MIB view for this context is all subtrees in the view table that have a viewIndex value of 1.
LocalEntity is set to the empty string, indicating that the MIB view contains the local entity's own management information.
LocalTime is set to currentTime.
Each of the PDst, PSrc, and PContext arguments are set to 0.0, as this is local context, not a proxy relationship.
StorageType is set to nonVolatile. This context is stored in non-volatile storage (as a StreetTalk attribute).
Local is set to true, indicating a local context executing at the local address.
The Access Control List (ACL) table attribute defines information about access privileges for the target-party/subject-party pair. The vendor attribute pair of this attribute is <35:250003>.
An entry is required for each intended target. For each agent and management application, the entry in the ACL table and the corresponding entry in context table define the access privileges for the target and subject entities.
Syntax
Each entry in the file consists of the following arguments:
Target Subject Resources Privileges StorageType
The arguments must appear in correct order.
Target
Target represents the target party for this ACL entry (the recipient party). This index must match the partyIndex argument of an entry in the party table (see Figure A-6). This party's performance of management operations is constrained by the set of access privileges for this entry (see the Privileges argument).
Note: The target and the subject parties must have equivalent PartyDiscriminator types in the party table configuration attributes.
This field is an integer in the range of 1 through 65535.
For SNMPv1 parties, the Target and Subject arguments match.
Refer to "Party Table Attribute" earlier in this appendix for more information on the party table configuration attribute.
Subject
Subject represents the subject party for this ACL entry (the originating party). This index must match the partyIndex of an entry in the party table (see Figure A-7). This party's performance of management operations is constrained by the set of access privileges for this entry (see the Privileges argument).
Note: The target and the subject parties must have equivalent PartyDiscriminator types in the party table configuration records.
This field is an integer in the range of 1 through 65535.
For SNMPv1 parties, the Target and Subject arguments match.
Refer to "Party Table Attribute" earlier in this appendix for more information on the party table configuration attribute.
Resources
Resources represents the context for this ACL entry. This index must match the contextIndex of an entry in the context table attribute. Refer to "Context Table Attribute" earlier in this appendix for more information on the context information configuration attribute.
Privileges represents the management operations a particular target party can perform on behalf of the subject (source) party. Valid values for this argument range from 0 through 255. This value is a sum of values, representing a set of allowed management operations.
Individual values are:
![]()
1 defines Get ![]()
2 defines GetNext ![]()
4 defines Response ![]()
8 defines Set ![]()
16 defines SNMPv1Trap ![]()
32 defines GetBulk ![]()
64 defines Inform ![]()
128 defines SNMPv2trap
partyStorageType
partyStorageType specifies the storage type for this row in the ACL table. This argument is a case-sensitive string. In the Banyan implementation of Enterprise Management, ACL tables are stored as StreetTalk attributes in stable storage. Thus, for this argument, use the value nonVolatile, specifying that the row in the ACL table is backed up by stable storage.
Example ACL Table Entry
The following entry in the ACL table defines the ACL table entry:
1 2 1 43 nonVolatile
The entry defines the ACLs as follows:
The party entry with partyIndex of 1 is the destination (or target).
The party entry with partyIndex of 2 is the source (or subject).
The context entry with a contextIndex of 1 is the SNMPv2 context.
Privileges is set to 43. The entity is able to perform Get, GetNext, Set, and GetBulk requests with this ACL entry.
StorageType is set to nonVolatile. This entry is stored in non-volatile storage (as a StreetTalk attribute).
The SNMP agent configuration attribute is required by both SNMPv1 and SNMPv2 entities. It defines initial values for the system variables and specifies whether authentication-failure traps should be generated. The vendor attribute pair of this attribute is <35:250004>.
Syntax
Each entry in the SNMP agent attribute file consists of the following arguments:
TAG VALUE
TAG identifies a system variable and VALUE specified its initialization value. The arguments must appear in correct order.
TAG
TAG is one of the following keys:
![]()
sysDescr is a textual description of the entity. It should include the full name and version identification of the system's hardware type, the software operating system, and the networking software. ![]()
sysLocation is a textual description of the physical location of the managed node. ![]()
sysContact is a textual description that identifies the contact person for the managed node, as well as how to contact that person. ![]()
snmpEnableAuthenTraps specifies whether the SNMP agent is permitted to generate authentication-failure traps.
VALUE
VALUE is a valid value for the given key. This argument is any string of 0 to 255 characters from the Network Virtual Terminal (NVT) ASCII character set.
Blank space and blank lines produced by tabs, spaces, and line-feeds/carriage-returns are ignored.
The VALUE for snmpEnableAuthenTraps is either:
![]()
1 to enable traps ![]()
2 to disable traps
Example System Variable Initialization
The following entry in the SNMP agent attribute defines initial values for the system group:
sysDescr SNMP agent from My Company
sysLocation Anywhere, USA
sysContact George Talley (156) 555-7667
snmpEnableAuthenTraps 1
The entry initializes sysDescr, sysLocation, and sysContact to the specified strings and enables authentication-failure traps. The blank spaces between each TAG and VALUE are ignored.