Where VACM Security Information Is Contained

VACM information is contained in several parameters in the SNMPv3 packet string. These parameters are passed to the isAccessAllowed mechanism. The isAccessAllowed mechanism is the single entry point in VACM for checking whether access should be granted.

VACM parameters are as follows:

msgFlags

A single octet that indicates how to process the message. For more information, see Where USM Security Information Is Contained.

msgSecurityModel

Indicates which security model was used at message generation, enabling the receiving entity to employ the appropriate model for security processing. You have a choice in SNMPv3 of using one security model or multiple security models.

msgSecurityParameters

An octet string containing data about the security model. The security model or models are determined in msgSecurityModel.

scopedPDU

Contains the PDU. Shows the administratively unique selector of management information for processing the PDU. In other words, the scopedPDU contains the context and managed object OIDs. The scopedPDU contains the following fields:

contextEngineID

Uniquely identifies an SNMP entity that can access an instance of a managed object within a context.

contextName

The name of the context to which the PDU data belongs. The contextName is unique.

PDU

The Protocol Data Unit (PDU) for SNMPv3 contains an operation for the data in the contextName. Identified by the combination of contextEngineID and the contextName.

For an explanation of the other fields of the SNMPv3 packet string, see SNMP Versions.

Figure 4–1 SNMPv3 Packet Format Showing Scopes of Authentication and Encryption