[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: snmpconf General Functional Questions



on 06/12/2000 4:46 AM, Dan Romascanu at dromasca@lucent.com wrote:

> Jon,
> 
> I think that making the solution TOO simple, may result it in being
> implementable and deployable, but not useful. We probably agree on this.

I think we do.
> 
> However, I do not understand your example about the 'exempted' element. Do
> you mean that once a value was overridden, the respective instance can't be
> touched any longer, until the 'touch' bit in Joel's second table is cleared?
> Who clears this table?
> 
I mean that the respective instance will be skipped each time a policy is
evaluated in the device that 'touches' that instance. This is like adding
another attribute/role to the instance that causes it to 'fail' the role
match in our system. This is how the policy system will know how to exempt
it. The attribute might be the 'exempt' attribute. It would have been placed
there if that instance had been touched by a mechanism other than the policy
system, for example a CLI, web interface, or a non-policy SNMP manager. The
way this works is that the policy system has access to the instances by
definition. It also knows if it changed a value or not.

I have not heard any objection to using the role table, so I assume for now
that is where this attribute is stored though that is not very important.
Once set the only way to reset it is by direct action on this attribute for
this instance. In an SNMP case the manager would sent a set to remove the
attribute. Certainly we have experience with enabling CLI's to have access
to such objects and I would have the CLI also able to remove this attribute.

/jon