idnits 2.17.1 draft-ietf-entmib-state-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 336 has weird spacing: '...or more alarm...' == Line 498 has weird spacing: '...a value of en...' == Line 789 has weird spacing: '...for the purpo...' == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 2003) is 7437 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'Alarm-MIB' is mentioned on line 103, but not defined == Missing Reference: 'Alarm MIB' is mentioned on line 176, but not defined == Unused Reference: 'ALARM-MIB' is defined on line 735, but no explicit reference was found in the text == Outdated reference: A later version (-18) exists of draft-ietf-disman-alarm-mib-16 ** Obsolete normative reference: RFC 2737 (Obsoleted by RFC 4133) -- Obsolete informational reference (is this intentional?): RFC 1493 (Obsoleted by RFC 4188) Summary: 5 errors (**), 0 flaws (~~), 9 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Entity MIB Working Group S. Chisholm 2 Internet Draft Nortel Networks 3 Document: draft-ietf-entmib-state-02.txt D. Perkins 4 Category: Standards Track SNMPinfo 5 Expiration Date: June 2004 December 2003 7 Entity State MIB 9 Status of this Memo 11 This document is an Internet-Draft and is in full conformance 12 with all provisions of Section 10 of RFC2026. 14 Internet-Drafts are working documents of the Internet Engineering 15 Task Force (IETF), its areas, and its working groups. Note that 16 other groups may also distribute working documents as 17 Internet-Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six 20 months and may be updated, replaced, or obsoleted by other 21 documents at any time. It is inappropriate to use Internet- 22 Drafts as reference material or to cite them other than as 23 "work in progress." 25 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 Abstract 34 This memo defines a portion of the Management Information Base (MIB) 35 for use with network management protocols in the Internet community. 36 In particular, it describes extensions to the Entity MIB to 37 provide information about the state of the entity. 39 Table of Contents 41 1. The Internet-Standard Management Framework 42 2. Entity State 43 2.1. Hierarchical State Management 44 2.2. Entity Redundancy 45 3. Relationship to Other MIBs 46 3.1. Relation to Interfaces MIB 47 3.2. Relation to Alarm MIB 48 3.3. Relation to Bridge MIB 49 3.4. Relation to Host Resource MIB 50 4. Definitions 51 5. Security Considerations 52 6. Intellectual Property 53 7. Authors' Addresses 54 8. Acknowledgements 55 9. References 56 10. Full Copyright Statement 57 1. 1. The Internet-Standard Management Framework 59 For a detailed overview of the documents that describe the current 60 Internet-Standard Management Framework, please refer to section 7 of 61 RFC 3410 [RFC3410]. 63 Managed objects are accessed via a virtual information store, termed 64 the Management Information Base or MIB. MIB objects are generally 65 accessed through the Simple Network Management Protocol (SNMP). 66 Objects in the MIB are defined using the mechanisms defined in the 67 Structure of Management Information (SMI). This memo specifies a MIB 68 module that is compliant to the SMIv2, which is described in STD 58, 69 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 70 [RFC2580]. 72 2. Entity State 74 The goal in adding state objects to the Entity MIB [RFC2737] is to 75 define a useful subset of the possible state attributes that could 76 be tracked for a given entity that both fit into the state models 77 such as those used in the Interfaces MIB [RFC2863] as well as 78 leverage existing well-deployed models. The entStateTable contains 79 state objects that are a subset of the popular ISO/OSI states that 80 are also defined in ITU's X.731 specification [X.731]. Objects are 81 defined to capture administrative, operational and usage states. In 82 addition there are further state objects defined to provide 83 additional information for these three basic states. 85 Administrative state indicates permission to use or prohibition 86 against using the entity and is imposed through the management 87 services. 89 Operational state indicates whether or not the entity is physically 90 installed and working. Note that unlike the ifOperStatus [RFC2863], 91 this operational state is independent of the administrative state. 93 Usage state indicates whether or not the entity is in use at a 94 specific instance, and if so, whether or not it currently has spare 95 capacity to serve additional users. In the context of this MIB, the 96 user is equivalent to an entity, so this term is substituted. This 97 state refers to the ability of the entity to service other entities 98 within its containment hierarchy. 100 Alarm state indicates whether or not there are any alarms active 101 against the entity. In addition to those alarm status defined in 102 X.731 [X.731], warning and indeterminate status are also defined to 103 provide a more complete mapping to the Alarm MIB [Alarm-MIB]. 105 Standby state indicates whether the entity is currently running as 106 hot standby, cold standby or is currently providing service. 108 The terms state and status are used interchangeably in this memo. 110 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 111 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 112 document are to be interpreted as described in RFC 2119 [RFC2119]. 114 2.1 Hierarchical State Management 116 Physical entities exist within a containment hierarchy. This raises 117 some interesting issues not addressed in existing work on state 118 management [X.731]. 120 There are two types of state for an entity: 122 1) The state of the entity independent of the states of its parents 123 and children in its containment hierarchy. This is often referred to 124 as raw state. 126 2) The state of the entity, as it may be influenced by the state of 127 its parents and children. This is often referred to as computed 128 state. 130 All state objects in this memo are raw state. 132 2.2 Entity Redundancy 134 While this memo is not attempting to address the entire problem 135 space around redundancy, the entStateStandby object provides an 136 important piece of state information for entities, which helps 137 identify which pieces of redundant equipment are currently providing 138 service, and which are waiting in either hot or cold standby mode. 140 3 Relation to other MIBs 142 3.1 Relationship to the Interfaces MIB 144 The Interfaces MIB [RFC2863] defines the ifAdminStatus object, which 145 has states of up, down and testing and the ifOperStatus object, 146 which has states of up, down, testing, unknown, dormant, notPresent 147 and lowerLayerDown. 149 An ifAdminStatus of 'up' is equivalent to setting the entStateAdmin 150 object to 'unlocked'. An ifAdminStatus of 'down' is equivalent to 151 setting the entStateAdmin object to either 'locked' or 152 'shuttingDown', depending on a systems interpretation of 'down'. 154 An ifOperStatus of 'up' is equivalent to an entStateOper value of 155 'enabled'. An ifOperStatus of 'down' due to operational failure is 156 equivalent to an entStateOper value of 'disabled'. An ifOperStatus 157 of 'down' due to being administratively disabled is equivalent to an 158 entStateAdmin value of 'locked' and an entStateOper value of either 159 'enabled' or 'disabled' depending on whether there are any known 160 issues that would prevent the entity from becoming operational when 161 its entStateAdmin is set to 'unlocked'. An ifOperStatus of 162 'unknown' is equivalent to an entStateOper value of 'notSupported'. 163 The ifOperStatus values of 'testing' and 'dormant' are not 164 explicitly supported by this MIB, but the state objects will be able 165 to reflect other aspects of the entities administrative and 166 operational state. The ifOperStatus values of 'notPresent' and 167 'lowerLayerDown' are in some ways computed states and so are 168 therefore not supported in this MIB. They can though be computed by 169 examining the states of entities within this objects containment 170 hierarchy and other available related states. 172 3.2 Relation to Alarm MIB 174 The entStateAlarm object indicates whether or not there are any 175 active alarms against this entity. If there are active alarms, then 176 the alarmActiveTable in the Alarm MIB [Alarm MIB] should be searched 177 for alarmActiveResourceId that match this entPhysicalIndex. 179 3.3 Relation to Bridge MIB 181 For entities of physical type of 'port' that support the 182 dot1dStpPortEnable object in the Bridge MIB [RFC1493], a value of 183 'enabled' is equivalent to setting the entStateAdmin object to 184 'unlocked'. Setting dot1dStpPortEnable to 'disabled' is equivalent 185 to setting the entStateAdmin object to 'locked'. 187 3.4 Relation to the Host Resources MIB 189 The hrDeviceStatus object in the Host Resources MIB [RFC2790] 190 provides an operational state for devices. For entities that 191 logically correspond to the concept of a device, a value of 192 'unknown' for hrDeviceStatus corresponds to an entStateOper value of 193 'notSupported'. A value of 'running' corresponds to an entStateOper 194 value of 'enabled'. A value of 'warning' also corresponds to an 195 entStateOper value of 'enabled', but with appropriate bits set in 196 the entStateAlarm object to indicate the alarms corresponding to the 197 unusual error condition detected. A value of 'testing' or 'down' is 198 equivalent to an entStateOper value of 'disabled'. 200 4. Definitions 202 ENTITY-STATE-MIB DEFINITIONS ::= BEGIN 204 IMPORTS 205 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, mib-2 206 FROM SNMPv2-SMI 208 TEXTUAL-CONVENTION, DateAndTime 209 FROM SNMPv2-TC 210 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 211 FROM SNMPv2-CONF 212 entPhysicalIndex 213 FROM ENTITY-MIB; 215 entityStateMIB MODULE-IDENTITY 216 LAST-UPDATED "200312180000Z" 217 ORGANIZATION "IETF Entity MIB Working Group" 218 CONTACT-INFO 219 " General Discussion: entmib@ietf.org 220 To Subscribe: 221 http://www.ietf.org/mailman/listinfo/entmib 223 http://www.ietf.org/html.charters/entmib-charter.html 225 Sharon Chisholm 226 Nortel Networks 227 PO Box 3511 Station C 228 Ottawa, Ont. K1Y 4H7 229 Canada 230 schishol@nortelnetworks.com 232 David T. Perkins 233 548 Qualbrook Ct 234 San Jose, CA 95110 235 USA 236 Phone: 408 394-8702 237 dperkins@snmpinfo.com 238 " 239 DESCRIPTION 240 "This MIB defines a state extension to the Entity MIB. 242 Copyright (C) The Internet Society 2003. This version 243 of this MIB module is part of RFC yyyy; see the RFC 244 itself for full legal notices." 245 -- RFC Ed.: replace yyyy with actual RFC number & remove 246 -- this note 247 REVISION "200312180000Z" 248 DESCRIPTION 249 "Initial version, published as RFC YYYY." 250 -- RFC-Editor assigns yyyy 251 ::= { mib-2 XX } -- to be assigned by IANA 253 -- Textual conventions 255 AdminState ::= TEXTUAL-CONVENTION 256 STATUS current 257 DESCRIPTION 258 " Represents the various possible administrative states. 260 A value of 'locked' means the resource is administratively 261 prohibited from use. A value of 'shuttingDown' means that 262 usage is administratively limited to current instances of 263 use. A value of 'unlocked' means the resource is not 264 administratively prohibited from use." 265 REFERENCE 266 "ITU Recommendation X.731, 'Information Technology - Open 267 Systems Interconnection - System Management: State 268 Management Function', 1992" 269 SYNTAX INTEGER 270 { 271 notSupported(1), 272 locked(2), 273 shuttingDown(3), 274 unlocked(4) 275 } 277 OperState ::= TEXTUAL-CONVENTION 278 STATUS current 279 DESCRIPTION 280 " Represents the possible values of operational states. 282 A value of 'disabled' means the resource is totally 283 inoperable. A value of 'enabled' means the resource 284 is partially or fully operable." 285 REFERENCE 286 "ITU Recommendation X.731, 'Information Technology - Open 287 Systems Interconnection - System Management: State 288 Management Function', 1992" 289 SYNTAX INTEGER 290 { 291 notSupported (1), 292 disabled(2), 293 enabled(3) 294 } 296 UsageState ::= TEXTUAL-CONVENTION 297 STATUS current 298 DESCRIPTION 299 " Represents the possible values of usage states. 300 A value of 'idle' means the resource is servicing no 301 users. A value of 'active' means the resource is 302 currently in use and it has sufficient spare capacity 303 to provide for additional users. A value of 'busy' 304 means the resource is currently in use, but it 305 currently has no spare capacity to provide for 306 additional users." 307 REFERENCE 308 "ITU Recommendation X.731, 'Information Technology - Open 309 Systems Interconnection - System Management: State 310 Management Function', 1992" 311 SYNTAX INTEGER 312 { 313 notSupported (1), 314 idle(2), 315 active(3), 316 busy(4) 317 } 319 AlarmStatus ::= TEXTUAL-CONVENTION 320 STATUS current 321 DESCRIPTION 322 "Represents the possible values of alarm status. 324 When no bits of this attribute are set, then none of the 325 status conditions described below are present. When the 326 value of under repair is set, the resource is currently 327 being repaired. 329 When the value of 'critical' is set, one or more critical 330 alarms are active against the resource. When the value of 331 'major' is set, one or more major alarms are active against 332 the resource. When the value of 'minor' is set, one or more 333 minor alarms are active against the resource. When the 334 value of 'warning' is set, one or more warning alarms are 335 active against the resource. When the value of 336 'indeterminate' is set, one or more alarms of 337 indeterminate severity are active against the resource. 339 When the value of 'alarmOutstanding' is set, one or more 340 alarms is active against the resource. The fault may or may 341 not be disabling. " 342 REFERENCE 343 "ITU Recommendation X.731, 'Information Technology - Open 344 Systems Interconnection - System Management: State 345 Management Function', 1992" 346 SYNTAX BITS 347 { 348 notSupported (0), 349 underRepair(1), 350 critical(2), 351 major(3), 352 minor(4), 353 alarmOutstanding(5), 354 -- The following are not defined in X.733 355 warning (6), 356 indeterminate (7) 357 } 359 StandbyStatus ::= TEXTUAL-CONVENTION 360 STATUS current 361 DESCRIPTION 362 " Represents the possible values of standby status. 364 A value of 'hotStandby' means the resource is not 365 providing service, but is will be immediately able to 366 take over the role of the resource to be backed-up, 367 without the need for initialization activity, and will 368 contain the same information as the resource to be 369 backed up. A value of 'coldStandy' means that the 370 resource is to back-up another resource, but will not 371 be immediately able to take over the role of a resource 372 to be backed up, and will require some initialization 373 activity. A value of 'providingService' means the 374 resource is providing service." 375 REFERENCE 376 "ITU Recommendation X.731, 'Information Technology - Open 377 Systems Interconnection - System Management: State 378 Management Function', 1992" 379 SYNTAX INTEGER 380 { 381 notSupported (1), 382 hotStandby(2), 383 coldStandby(3), 384 providingService(4) 385 } 387 -- Entity State Objects 389 entStateObjects OBJECT IDENTIFIER ::= { entityStateMIB 1 } 391 entStateTable OBJECT-TYPE 392 SYNTAX SEQUENCE OF EntStateEntry 393 MAX-ACCESS not-accessible 394 STATUS current 395 DESCRIPTION 396 "A table of information about state/status of entities. 397 This is a sparse augment of the entPhysicalTable. 398 " 399 ::= { entStateObjects 1 } 401 entStateEntry OBJECT-TYPE 402 SYNTAX EntStateEntry 403 MAX-ACCESS not-accessible 404 STATUS current 405 DESCRIPTION "State information about this entity." 406 INDEX { entPhysicalIndex } 407 ::= { entStateTable 1 } 409 EntStateEntry ::= SEQUENCE { 410 entStateLastChanged DateAndTime, 411 entStateAdmin AdminState, 412 entStateOper OperState, 413 entStateUsage UsageState, 414 entStateAlarm AlarmStatus, 415 entStateStandby StandbyStatus 416 } 418 entStateLastChanged OBJECT-TYPE 419 SYNTAX DateAndTime 420 MAX-ACCESS read-only 421 STATUS current 422 DESCRIPTION "The value of this object is the date and 423 time when state/status of the entity 424 last changed, or zero." 425 ::= { entStateEntry 1 } 427 entStateAdmin OBJECT-TYPE 428 SYNTAX AdminState 429 MAX-ACCESS read-write 430 STATUS current 431 DESCRIPTION 432 "The administrative state for this entity. A value 433 of 'notSupported' means that this entity is unable 434 to report administrative state. This object can not 435 be administratively set to 'notSupported'. For 436 entities that do not support administrative state, 437 changing the value of this object to something other 438 than 'notSupported' is not permitted. A value of 439 'inconsistentValue' will be returned in either case. 441 Some physical entities exhibit only a subset of the 442 remaining administrative state values. Some entities 443 cannot be locked, and hence this object exhibits only 444 the 'unlocked' state. Other entities can not be shutdown 445 gracefully, and hence this object does not exhibit the 446 'shuttingDown' state. A value of 'inconsistentValue' 447 will be returned if attempts are made to set this 448 object to values not supported by its administrative 449 model." 450 ::= { entStateEntry 2 } 452 entStateOper OBJECT-TYPE 453 SYNTAX OperState 454 MAX-ACCESS read-only 455 STATUS current 456 DESCRIPTION 457 "The operational state for this entity. A value 458 of 'notSupported' means that this entity is unable 459 to report operational state. 461 Note that unlike the state model used within the 462 Interfaces MIB [RFC2863], this object does not follow 463 the administrative state. An administrative state of 464 down does not predict an operational state 465 of disabled. 467 A value of 'disabled' means that an entity is totally 468 inoperable and unable to provide service both to entities 469 within its containment hierarchy, as defined by having 470 a value of entPhysicalContainedIn that refers to this 471 entity, or to other receivers of its service as defined 472 in ways outside the scope of this MIB. 474 A value of 'enabled' means that an entity is fully or 475 partially operable and able to provide service both to 476 entities within its containment hierarchy, as defined 477 by having a value of entPhysicalContainedIn that 478 refers to this entity, or to other receivers of its 479 service as defined in ways outside the scope of this 480 MIB." 481 ::= { entStateEntry 3 } 483 entStateUsage OBJECT-TYPE 484 SYNTAX UsageState 485 MAX-ACCESS read-only 486 STATUS current 487 DESCRIPTION 488 "The usage state for this entity. A value of 489 'notSupported' means that this entity is unable to 490 report usage state. 492 Note that in the context of a physical entity, this 493 object refers to an entity's ability to service more 494 physical entities in a containment hierarchy. A value 495 of 'idle' means this entity is able to contain other 496 entities but that no other entity is currently 497 contained within this entity, as would have been 498 demonstrated by a value of entPhysicalContainedIn 499 that referenced this entity. 501 A value of 'active' means that at least one entity is 502 contained within this entity and therefore has a value 503 of entPhysicalContainedIn that references this entity, 504 but that it could handle more. A value of 'busy' means 505 that the entity is unable to handle any additional 506 entities being contained in it, as demonstrated by 507 having a value of entPhysicalContainedIn that refers to 508 this entity. 510 Some entities will exhibit only a subset of the 511 usage state values. Entities that are unable to ever 512 service any entities within a containment hierarchy will 513 always have a usage state of 'busy'. Some entities will 514 only ever be able to support one entity within its 515 containment hierarchy and will therefore only exhibit 516 values of 'idle' and 'busy'." 517 ::= { entStateEntry 4 } 519 entStateAlarm OBJECT-TYPE 520 SYNTAX AlarmStatus 521 MAX-ACCESS read-only 522 STATUS current 523 DESCRIPTION 524 "The alarm status for this entity. It does not include 525 the alarms raised on child components within its 526 containment hierarchy, as defined by a value of 527 entPhysicalContainedIn that references this entity. 529 A value of 'notSupported' means that this entity is 530 unable to report alarm state. Note that this differs 531 from 'indeterminate' which means that that alarm state 532 is supported and there are alarms against this entity, 533 but the severity of some of the alarms is not known. 535 If no bits are set, then this entity supports reporting 536 of alarms, but there are currently no active alarms 537 against this entity. 538 " 539 ::= { entStateEntry 5 } 541 entStateStandby OBJECT-TYPE 542 SYNTAX StandbyStatus 543 MAX-ACCESS read-only 544 STATUS current 545 DESCRIPTION 546 "The standby status for this entity. A value of 547 'notSupported' means that this entity is unable to 548 report standby state. 550 Some entities will exhibit only a subset of the 551 remaining standby state values. If this entity does 552 not have a standby, this object will always be 553 'providingService'." 554 ::= { entStateEntry 6 } 556 -- Notifications 558 entStateTraps OBJECT IDENTIFIER ::= { entityStateMIB 2 } 559 entStateTrapPrefix OBJECT IDENTIFIER ::= { entStateTraps 0 } 561 entStateOperEnabled NOTIFICATION-TYPE 562 OBJECTS { entStateAdmin, 563 entStateAlarm 564 } 565 STATUS current 566 DESCRIPTION 567 "An entStateOperEnabled trap signifies that the SNMP 568 entity, acting in an agent role, has detected that the 569 entStateOper object for one of its entities has left 570 the 'disabled' state and transitioned into the 'enabled' 571 state. 573 The entity this notification refers can be identified by 574 extracting the entPhysicalIndex from one of the 575 variable bindings." 577 ::= { entStateTrapPrefix 1 } 579 entStateOperDisabled NOTIFICATION-TYPE 580 OBJECTS { entStateAdmin, 581 entStateAlarm } 582 STATUS current 583 DESCRIPTION 584 "An entStateOperDisabled trap signifies that the SNMP 585 entity, acting in an agent role, has detected that the 586 entStateOper object for one of its entities has left 587 the 'enabled' state and transitioned into the 588 'disabled' state. 590 The entity this notification refers can be identified by 591 extracting the entPhysicalIndex from one of the 592 variable bindings." 593 ::= { entStateTrapPrefix 2 } 595 -- Conformance and Compliance 597 entStateConformance OBJECT IDENTIFIER ::= { entityStateMIB 3 } 599 entStateCompliances OBJECT IDENTIFIER 600 ::= { entStateConformance 1 } 602 entStateCompliance MODULE-COMPLIANCE 603 STATUS current 604 DESCRIPTION 605 "The compliance statement for systems supporting 606 the Entity State MIB." 607 MODULE -- this module 608 MANDATORY-GROUPS { 609 entStateGroup 610 } 611 GROUP entStateNotificationsGroup 612 DESCRIPTION 613 "This group is optional." 614 OBJECT entStateAdmin 615 MIN-ACCESS read-only 616 DESCRIPTION 617 "Write access is not required." 619 ::= { entStateCompliances 1 } 621 entStateGroups OBJECT IDENTIFIER ::= { entStateConformance 2 } 623 entStateGroup OBJECT-GROUP 624 OBJECTS { 625 entStateLastChanged, 626 entStateAdmin, 627 entStateOper, 628 entStateUsage, 629 entStateAlarm, 630 entStateStandby 631 } 632 STATUS current 633 DESCRIPTION 634 "Standard Entity State group." 635 ::= { entStateGroups 1} 637 entStateNotificationGroup NOTIFICATION-GROUP 638 NOTIFICATIONS { 639 entStateOperEnabled, 640 entStateOperDisabled 641 } 642 STATUS current 643 DESCRIPTION 644 "Standard Entity State Notification group." 645 ::= { entStateGroups 2} 647 END 649 5. Security Considerations 651 There is one management object defined in this MIB that has a 652 MAX-ACCESS clause of read-write. The object may be considered 653 sensitive or vulnerable in some network environments. The support 654 for SET operations in a non-secure environment without proper 655 protection can have a negative effect on network operations. 657 The following object is defined with a MAX-ACCESS clause of 658 read-write: entStateAdmin. 660 SNMP versions prior to SNMPv3 did not include adequate security. 661 Even if the network itself is secure (for example by using IPSec), 662 even then, there is no control as to who on the secure network is 663 allowed to access and GET/SET (read/change/create/delete) the 664 objects in this MIB module. 666 It is RECOMMENDED that implementers consider the security features 667 as provided by the SNMPv3 framework (see [RFC3410], section 8), 668 including full support for the SNMPv3 cryptographic mechanisms (for 669 authentication and privacy). 671 Further, deployment of SNMP versions prior to SNMPv3 is NOT 672 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 673 enable cryptographic security. It is then a customer/operator 674 responsibility to ensure that the SNMP entity giving access to an 675 instance of this MIB module is properly configured to give access to 676 the objects only to those principals (entities) that have legitimate 677 rights to indeed GET or SET (change/create/delete) them. 679 Note that setting the entStateAdmin to 'locked' or 'shuttingDown' 680 can cause disruption of services ranging from those running on a 681 port to those on an entire device, depending on the type of entity. 682 Access to this object should be properly protected. 684 Access to the objects defined in this MIB allows one to figure out 685 what the active and standby resources in a network are. This 686 information can be used to optimize attacks on networks so even 687 read-only access to this MIB should be properly protected. 689 6. Intellectual Property 691 The IETF takes no position regarding the validity or scope of any 692 intellectual property or other rights that might be claimed to 693 pertain to the implementation or use of the technology described in 694 this document or the extent to which any license under such rights 695 might or might not be available; neither does it represent that it 696 has made any effort to identify any such rights. Information on the 697 IETF's procedures with respect to rights in standards-track and 698 standards-related documentation can be found in BCP-11. Copies of 699 claims of rights made available for publication and any assurances 700 of licenses to be made available, or the result of an attempt made 701 to obtain a general license or permission for the use of such 702 proprietary rights by implementors or users of this specification 703 can be obtained from the IETF Secretariat. 705 The IETF invites any interested party to bring to its attention any 706 copyrights, patents or patent applications, or other proprietary 707 rights which may cover technology that may be required to practice 708 this standard. Please address the information to the IETF Executive 709 Director. 711 7. Authors' Addresses 713 Sharon Chisholm 714 Nortel Networks 715 PO Box 3511, Station C 716 Ottawa, Ontario, K1Y 4H7 717 Canada 718 Email: schishol@nortelnetworks.com 720 David T. Perkins 721 548 Qualbrook Ct 722 San Jose, CA 95110 723 USA 724 Phone: 408 394-8702 725 Email: dperkins@snmpinfo.com 727 8. Acknowledgments 729 This document is a product of the Entity MIB Working Group. 731 9. References 733 9.1 Normative 735 [ALARM-MIB] Chisholm, S., Romascanu, D., "Alarm MIB", 736 draft-ietf-disman-alarm-mib-16.txt, November 2003 738 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 739 Requirement Levels", BCP 14, RFC 2119, March 1997. 741 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 742 Rose, M. and S. Waldbusser, "Structure of Management 743 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 744 1999. 746 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 747 Rose, M. and S. Waldbusser, "Textual Conventions for 748 SMIv2", STD 58, RFC 2579, April 1999. 750 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 751 Rose, M. and S. Waldbusser, "Conformance Statements for 752 SMIv2", STD 58, RFC 2580, April 1999. 754 [RFC2737] McCloghrie, K., Bierman, A., "Entity MIB (Version 2)", 755 December 1999. 757 [X.731] ITU Recommendation X.731, "Information Technology - Open 758 Systems Interconnection - System Management: State 759 Management Function", 1992 761 8.2 Informative References 763 [RFC1493] Decker, E., Langille, P., Rijsinghani, A., McCloghrie, K., 764 "Definitions of Managed Objects for Bridges", RFC 1493, 765 July 1993 767 [RFC2790] Waldbusser, S., Grillo, P., "Host Resources MIB", 768 RFC 2790, March 2000 770 [RFC2863] McCloghrie, K., Kastenholz, F., "The Interfaces Group 771 MIB using SMIv2", RFC2863, June 2000 773 [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, 774 "Introduction and Applicability Statements for Internet- 775 Standard Management Framework", RFC 3410, December 2002. 777 10. Full Copyright Statement 779 Copyright (C) The Internet Society (2003). All Rights Reserved. 781 This document and translations of it may be copied and furnished to 782 others, and derivative works that comment on or otherwise explain it 783 or assist in its implementation may be prepared, copied, published 784 and distributed, in whole or in part, without restriction of any kind, 785 provided that the above copyright notice and this paragraph are 786 included on all such copies and derivative works. However, this 787 document itself may not be modified in any way, such as by removing 788 the copyright notice or references to the Internet Society or other 789 Internet organizations, except as needed for the purpose of 790 developing Internet standards in which case the procedures for 791 copyrights defined in the Internet Standards process must be followed, 792 or as required to translate it into languages other than English. 794 The limited permissions granted above are perpetual and will not be 795 revoked by the Internet Society or its successors or assigns. 797 This document and the information contained herein is provided on an 798 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 799 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT 800 NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN 801 WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 802 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.