idnits 2.17.1 draft-ietf-snmpv3-appl-02.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-25) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing document type: Expected "INTERNET-DRAFT" in the upper left hand corner of the first page ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** The document is more than 15 pages and seems to lack a Table of Contents. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([SNMP-ARCH]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 606: '...P manageable, it MUST use the SNMP-TAR...' RFC 2119 keyword, line 887: '...table SNMP manageable, it MUST use the...' Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 3359 has weird spacing: '...tyLevel auth...' == Line 3360 has weird spacing: '...tDomain snmp...' == Line 3366 has weird spacing: '...tyLevel auth...' == Line 3369 has weird spacing: '...tDomain snmp...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 30, 1997) is 9704 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC1157' is defined on line 3206, but no explicit reference was found in the text == Unused Reference: 'RFC1213' is defined on line 3212, but no explicit reference was found in the text == Unused Reference: 'RFC1902' is defined on line 3218, but no explicit reference was found in the text == Unused Reference: 'RFC1903' is defined on line 3225, but no explicit reference was found in the text == Unused Reference: 'SNMP-MPD' is defined on line 3261, but no explicit reference was found in the text == Unused Reference: 'SNMP-ACM' is defined on line 3267, but no explicit reference was found in the text ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Obsolete normative reference: RFC 1902 (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1905 (Obsoleted by RFC 3416) -- Duplicate reference: RFC1905, mentioned in 'RFC1907', was also mentioned in 'RFC1905'. ** Obsolete normative reference: RFC 1905 (ref. 'RFC1907') (Obsoleted by RFC 3416) -- Duplicate reference: RFC1905, mentioned in 'RFC1908', was also mentioned in 'RFC1907'. ** Obsolete normative reference: RFC 1905 (ref. 'RFC1908') (Obsoleted by RFC 3416) == Outdated reference: A later version (-05) exists of draft-ietf-snmpv3-arch-00 -- No information found for draft-ietf-snmpv3-mpd - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'SNMP-MPD' == Outdated reference: A later version (-04) exists of draft-ietf-snmpv3-vacm-00 Summary: 19 errors (**), 0 flaws (~~), 13 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Draft SNMPv3 Applications September 1997 3 SNMPv3 Applications 5 September 30, 1997 7 9 David B. Levi 10 SNMP Research, Inc. 11 levi@snmp.com 13 Paul Meyer 14 Secure Computing Corporation 15 paul_meyer@securecomputing.com 17 Bob Stewart 18 Cisco Systems 19 bstewart@cisco.com 21 Status of this Memo 23 This document is an Internet-Draft. Internet-Drafts are working 24 documents of the Internet Engineering Task Force (IETF), its areas, 25 and its working groups. Note that other groups may also distribute 26 working documents as Internet-Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as ``work in progress.'' 33 To learn the current status of any Internet-Draft, please check the 34 ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow 35 Directories on ds.internic.net (US East Coast), nic.nordu.net 36 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 37 Rim). 39 Draft SNMPv3 Applications September 1997 41 1. Abstract 43 This memo describes five types of SNMP applications which make use of 44 an SNMP engine as described in [SNMP-ARCH]. The types of application 45 described are: 47 - Command Generators 49 - Command Responders 51 - Notification Originators 53 - Notification Receivers 55 - Proxy Forwarders 57 This memo also defines MIB modules for specifying targets of 58 management operations, for notification filtering, and for proxy 59 forwarding. 61 Draft SNMPv3 Applications September 1997 63 2. Overview 65 This document describes five types of SNMP applications: 67 - Applications which initiate SNMP Get, GetNext, GetBulk, and/or 68 Set requests, called 'command generators.' 70 - Applications which respond to SNMP Get, GetNext, GetBulk, 71 and/or Set requests, called 'command responders.' 73 - Applications which generate notifications, called 74 'notification originators.' 76 - Applications which receive notifications, called 'notification 77 receivers.' 79 - Applications which forward SNMP Get, GetNext, GetBulk, and/or 80 Set requests or notifications, called 'proxy forwarder.' 82 Note that there are no restrictions on which types of applications 83 may be associated with a particular SNMP engine. For example, a 84 single SNMP engine may, in fact, be associated with both command 85 generator and command responder applications. 87 2.1. Command Generator Applications 89 A command generator application initiates SNMP Get, GetNext, GetBulk, 90 and/or Set requests, as well as processing the response to a request 91 which it generated. 93 2.2. Command Responder Applications 95 A command responder application receives SNMP Get, GetNext, GetBulk, 96 and/or Set requests destined for the local system as indicated by the 97 fact that the contextEngineID in the received request is equal to 98 that of the local engine through which the request was received. The 99 command responder application will perform the appropriate protocol 100 operation, using access control, and will generate a response message 101 to be sent to the request's originator. 103 Draft SNMPv3 Applications September 1997 105 2.3. Notification Originator Applications 107 A notification originator application conceptually monitors a system 108 for particular events or conditions, and generates Trap and/or Inform 109 messages based on these events or conditions. A notification 110 originator must have a mechanism for determining where to send 111 messages, and what SNMP version and security parameters to use when 112 sending messages. A mechanism and MIB module for this purpose is 113 provided in this document. 115 2.4. Notification Receiver Applications 117 A notification receiver application listens for notification 118 messages, and generates response messages when a message containing 119 an Inform PDU is received. 121 2.5. Proxy Forwarder Applications 123 A proxy forwarder application forwards SNMP messages. Note that 124 implementation of a proxy forwarder application is optional. The 125 sections describing proxy (4.5, 5.3, and 8) may be skipped for 126 implementations that do not include a proxy forwarder application. 128 The term "proxy" has historically been used very loosely, with 129 multiple different meanings. These different meanings include (among 130 others): 132 (1) the forwarding of SNMP requests to other SNMP entities without 133 regard for what managed object types are being accessed; for 134 example, in order to forward an SNMP request from one transport 135 domain to another, or to translate SNMP requests of one version 136 into SNMP requests of another version; 138 (2) the translation of SNMP requests into operations of some non-SNMP 139 management protocol; and 141 (3) support for aggregated managed objects where the value of one 142 managed object instance depends upon the values of multiple other 143 (remote) items of management information. 145 Each of these scenarios can be advantageous; for example, support for 146 aggregation of management information can significantly reduce the 147 bandwidth requirements of large-scale management activities. 148 However, using a single term to cover multiple different scenarios 149 causes confusion. 151 Draft SNMPv3 Applications September 1997 153 To avoid such confusion, this document uses the term "proxy" with a 154 much more tightly defined meaning. The term "proxy" is used in this 155 document to refer to a proxy forwarder application which forwards 156 either SNMP requests, notifications, and responses without regard for 157 what managed objects are contained within requests or notifications. 158 This definition is most closely related to the first definition 159 above. Note, however, that in the SNMP architecture [SNMP-ARCH], a 160 proxy forwarder is actually an application, and need not be 161 associated with what is traditionally thought of as an SNMP agent. 163 Specifically, the distinction between a traditional SNMP agent and a 164 proxy forwarder application is simple: 166 - a proxy forwarder application forwards requests and/or 167 notifications to other SNMP engines according to the context, 168 and irrespective of the specific managed object types being 169 accessed, and forwards the response to such previously 170 forwarded messages back to the SNMP engine from which the 171 original message was received; 173 - in contrast, the command responder application that is part of 174 what is traditionally thought of as an SNMP agent, and which 175 processes SNMP requests according to the (names of the) 176 individual managed object types and instances being accessed, 177 is NOT a proxy forwarder application from the perspective of 178 this document. 180 Thus, when a proxy forwarder application forwards a request or 181 notification for a particular contextEngineID / contextName pair, not 182 only is the information on how to forward the request specifically 183 associated with that context, but the proxy forwarder application has 184 no need of a detailed definition of a MIB view (since the proxy 185 forwarder application forwards the request irrespective of the 186 managed object types). 188 In contrast, a command responder application must have the detailed 189 definition of the MIB view, and even if it needs to issue requests to 190 other entities, via SNMP or otherwise, that need is dependent on the 191 individual managed object instances being accessed (i.e., not only on 192 the context). 194 Note that it is a design goal of a proxy forwarder application to act 195 as an intermediary between the endpoints of a transaction. In 196 particular, when forwarding Inform requests, the associated response 197 is forwarded when it is received from the target to which the Inform 198 request was forwarded, rather than generating a response immediately 199 when an Inform request is received. 201 Draft SNMPv3 Applications September 1997 203 3. Management Targets 205 Some types of applications (notification generators and proxy 206 forwarders in particular) require a mechanism for determining where 207 and how to send generated messages. This document provides a 208 mechanism and MIB module for this purpose. The set of information 209 that describes where and how to send a message is called a 210 'Management Target', and consists of two kinds of information: 212 - Destination information, consisting of a transport domain and 213 a transport address. This is also termed a transport 214 endpoint. 216 - SNMP parameters, consisting of message processing model, 217 security model, security level, and security name information. 219 The SNMP-TARGET-MIB module described later in this document contains 220 one table for each of these types of information. There can be a 221 many-to-many relationship in the MIB between these two types of 222 information. That is, there may be multiple transport endpoints 223 associated with a particular set of SNMP parameters, or a particular 224 transport endpoint may be associated with several sets of SNMP 225 parameters. 227 4. Elements Of Procedure 229 The following sections describe the procedures followed by each type 230 of application when generating messages for transmission or when 231 processing received messages. Applications communicate with the 232 Dispatcher using the abstract service interfaces defined in [SNMP- 233 ARCH]. 235 4.1. Command Generator Applications 237 A command generator initiates an SNMP request by calling the 238 Dispatcher using the following abstract service interface: 240 statusInformation = -- sendPduHandle if success 241 -- errorIndication if failure 242 sendPdu( 243 IN transportDomain -- transport domain to be used 244 IN transportAddress -- destination network address 245 IN messageProcessingModel -- typically, SNMP version 246 IN securityModel -- Security Model to use 247 IN securityName -- on behalf of this principal 249 Draft SNMPv3 Applications September 1997 251 IN securityLevel -- Level of Security requested 252 IN contextEngineID -- data from/at this entity 253 IN contextName -- data from/in this context 254 IN pduVersion -- the version of the PDU 255 IN PDU -- SNMP Protocol Data Unit 256 IN expectResponse -- TRUE or FALSE 257 ) 259 Where: 261 - The transportDomain is that of the destination of the message. 263 - The transportAddress is that of the destination of the 264 message. 266 - The messageProcessingModel indicates which Message Processing 267 Model the application wishes to use. 269 - The securityModel is the security model that the application 270 wishes to use. 272 - The securityName is the security model independent name for 273 the principal on whose behalf the application wishes the 274 message is to be generated. 276 - The securityLevel is the security level that the application 277 wishes to use. 279 - The contextEngineID is provided by the command generator if it 280 wishes to explicitly specify the location of the management 281 information it is requesting. 283 - The contextName is provided by the command generator if it 284 wishes to explicitly specify the local context name for the 285 management information it is requesting. 287 - The pduVersion indicates the version of the PDU to be sent. 289 - The PDU is a value constructed by the command generator 290 containing the management operation that the command generator 291 wishes to perform. 293 - The expectResponse argument indicates that a response is 294 expected. 296 The result of the sendPdu interface indicates whether the PDU was 297 successfully sent. If it was successfully sent, the returned value 299 Draft SNMPv3 Applications September 1997 301 will be a sendPduHandle. The command generator should store the 302 sendPduHandle so that it can correlate a response to the original 303 request. 305 The Dispatcher is responsible for delivering the response to a 306 particular request to the correct command generator application. The 307 abstract service interface used is: 309 processResponsePdu( -- process Response PDU 310 IN messageProcessingModel -- typically, SNMP version 311 IN securityModel -- Security Model in use 312 IN securityName -- on behalf of this principal 313 IN securityLevel -- Level of Security 314 IN contextEngineID -- data from/at this SNMP entity 315 IN contextName -- data from/in this context 316 IN pduVersion -- the version of the PDU 317 IN PDU -- SNMP Protocol Data Unit 318 IN statusInformation -- success or errorIndication 319 IN sendPduHandle -- handle from sendPDU 320 ) 322 Where: 324 - The messageProcessingModel is the value from the received 325 response. 327 - The securityModel is the value from the received response. 329 - The securityName is the value from the received response. 331 - The securityLevel is the value from the received response. 333 - The contextEngineID is the value from the received response. 335 - The contextName is the value from the received response. 337 - The pduVersion indicates the version of the PDU in the 338 received response. 340 - The PDU is the value from the received response. 342 - The statusInformation indicates success or failure in 343 receiving the response. 345 - The sendPduHandle is the value returned by the sendPdu call 346 which generated the original request to which this is a 347 response. 349 Draft SNMPv3 Applications September 1997 351 The procedure when a command generator receives a message is as 352 follows: 354 (1) If the received values of messageProcessingModel, securityModel, 355 securityName, contextEngineID, contextName, and pduVersion are not 356 all equal to the values used in the original request, the response 357 is discarded. 359 (2) The operation type, request-id, error-status, error-index, and 360 variable-bindings are extracted from the PDU and saved. If the 361 request-id is not equal to the value used in the original request, 362 the response is discarded. 364 (3) At this point, it is up to the application to take an appropriate 365 action. The specific action is implementation dependent. If the 366 statusInformation indicates that the request failed, an appropriate 367 action might be to attempt to transmit the request again, or to 368 notify the person operating the application that a failure 369 occurred. 371 Draft SNMPv3 Applications September 1997 373 4.2. Command Responder Applications 375 Before a command responder application can process messages, it must 376 first associate itself with an SNMP engine. The abstract service 377 interface used for this purpose is: 379 statusInformation = -- success or errorIndication 380 registerContextEngineID( 381 IN contextEngineID -- take responsibility for this one 382 IN pduType -- the pduType(s) to be registered 383 ) 385 Where: 387 - The statusInformation indicates success or failure of the 388 registration attempt. 390 - The contextEngineID is equal to the snmpEngineID of the SNMP 391 engine with which the command responder is registering. 393 - The pduType indicates a Get, GetNext, GetBulk, or Set pdu. 395 Note that if another command responder application is already 396 registered with an SNMP engine, any further attempts to register with 397 the same contextEngineID and pduType will be denied. This implies 398 that separate command responder applications could register 399 separately for the various pdu types. However, in practice this is 400 undesirable, and only a single command responder application should 401 be registered with an SNMP engine at any given time. 403 A command responder application can disassociate with an SNMP engine 404 using the following abstract service interface: 406 unregisterContextEngineID( 407 IN contextEngineID -- give up responsibility for this one 408 IN pduType -- the pduType(s) to be unregistered 409 ) 411 Where: 413 - The contextEngineID is equal to the snmpEngineID of the SNMP 414 engine with which the command responder is cancelling the 415 registration. 417 - The pduType indicates a Get, GetNext, GetBulk, or Set pdu. 419 Once the command responder has registered with the SNMP engine, it 421 Draft SNMPv3 Applications September 1997 423 waits to receive SNMP messages. The abstract service interface used 424 for receiving messages is: 426 processPdu( -- process Request/Notification PDU 427 IN messageProcessingModel -- typically, SNMP version 428 IN securityModel -- Security Model in use 429 IN securityName -- on behalf of this principal 430 IN securityLevel -- Level of Security 431 IN contextEngineID -- data from/at this SNMP entity 432 IN contextName -- data from/in this context 433 IN pduVersion -- the version of the PDU 434 IN PDU -- SNMP Protocol Data Unit 435 IN maxSizeResponseScopedPDU -- maximum size of the Response PDU 436 IN stateReference -- reference to state information 437 ) -- needed when sending a response 439 Where: 441 - The messageProcessingModel indicates which Message Processing 442 Model received and processed the message. 444 - The securityModel is the value from the received message. 446 - The securityName is the value from the received message. 448 - The securityLevel is the value from the received message. 450 - The contextEngineID is the value from the received message. 452 - The contextName is the value from the received message. 454 - The pduVersion indicates the version of the PDU in the 455 received message. 457 - The PDU is the value from the received message. 459 - The maxSizeResponseScopedPDU is the maximum allowable size of 460 a ScopedPDU containing a Response PDU (based on the maximum 461 message size that the originator of the message can accept). 463 - The stateReference is a value which references cached 464 information about each received request message. This value 465 must be returned to the Dispatcher in order to generate a 466 response. 468 The procedure when a message is received is as follows. 470 Draft SNMPv3 Applications September 1997 472 (1) The operation type is determined from the ASN.1 tag value 473 associated with the PDU parameter. The operation type should 474 always be one of the types previously registered by the 475 application. 477 (2) The request-id is extracted from the PDU and saved. 479 (3) If the SNMPv2 operation type is GetBulk, the non-repeaters and 480 max-repetitions values are extracted from the PDU and saved. 482 (4) The variable-bindings are extracted from the PDU and saved. 484 (5) The management operation represented by the SNMPv2 operation type 485 is performed with respect to the relevant MIB view within the 486 context named by the contextName, according to the procedures set 487 forth in [RFC1905]. The relevant MIB view is determined by the 488 securityLevel, securityModel, contextName, securityName, and SNMPv2 489 operation type. To determine whether a particular object instance 490 is within the relevant MIB view, the following abstract service 491 interface is called: 493 statusInformation = -- success or errorIndication 494 isAccessAllowed( 495 IN securityModel -- Security Model in use 496 IN securityName -- principal who wants to access 497 IN securityLevel -- Level of Security 498 IN viewType -- read, write, or notify view 499 IN contextName -- context containing variableName 500 IN variableName -- OID for the managed object 501 ) 503 Where: 505 - The securityModel is the value from the received message. 507 - The securityName is the value from the received message. 509 - The securityLevel is the value from the received message. 511 - The viewType indicates whether the PDU type is a read or write 512 operation. 514 - The contextName is the value from the received message. 516 - The variableName is the object instance of the variable for 517 which access rights are to be checked. 519 Draft SNMPv3 Applications September 1997 521 Normally, the result of the management operation will be a new PDU 522 value, and processing will continue in step (6) below. However, if 523 at any time during the processing of the management operation, the 524 context named by the contextName parameter is unavailable, 525 processing of the management operation is halted, no result PDU is 526 generated, the snmpUnavailableContexts counter is incremented, and 527 control is passed to step (6) below. In addition, if at any time 528 during the processing of the management operation, the 529 isAccessAllowed ASI returns a noSuchContext error, processing of 530 the management operation is halted, no result PDU is generated, the 531 snmpUnknownContexts counter is incremented, and control is passed 532 to step (6) below. 534 (6) The Dispatcher is called to generate a response or report message. 535 The abstract service interface is: 537 returnResponsePdu( 538 IN messageProcessingModel -- typically, SNMP version 539 IN securityModel -- Security Model in use 540 IN securityName -- on behalf of this principal 541 IN securityLevel -- same as on incoming request 542 IN contextEngineID -- data from/at this SNMP entity 543 IN contextName -- data from/in this context 544 IN pduVersion -- the version of the PDU 545 IN PDU -- SNMP Protocol Data Unit 546 IN maxSizeResponseScopedPDU -- maximum size of the Response PDU 547 IN stateReference -- reference to state information 548 -- as presented with the request 549 IN statusInformation -- success or errorIndication 550 ) -- error counter OID/value if error 552 Where: 554 - The messageProcessingModel is the value from the processPdu 555 call. 557 - The securityModel is the value from the processPdu call. 559 - The securityName is the value from the processPdu call. 561 - The securityLevel is the value from the processPdu call. 563 - The contextEngineID is the value from the processPdu call. 565 - The contextName is the value from the processPdu call. 567 Draft SNMPv3 Applications September 1997 569 - The pduVersion indicates the version of the PDU to be 570 returned. If no result PDU was generated, the pduVersion is 571 an undefined value. 573 - The PDU is the result generated in step (5) above. If no 574 result PDU was generated, the PDU is an undefined value. 576 - The maxSizeResponseScopedPDU is a local value indicating the 577 maximum size of a ScopedPDU that the application can accept. 579 - The stateReference is the value from the processPdu call. 581 - The statusInformation either contains an indication that no 582 error occurred and that a response should be generated, or 583 contains an indication that an error occurred along with the 584 OID and counter value of the appropriate error counter object. 586 Note that a command responder application should always call the 587 returnResponsePdu abstract service interface, even in the event of an 588 error such as a resource allocation error. In the event of such an 589 error, the PDU value passed to returnResponsePdu should contain 590 appropriate values for errorStatus and errorIndex. 592 Draft SNMPv3 Applications September 1997 594 4.3. Notification Originator Applications 596 A notification originator application generates SNMP notification 597 messages. A notification message may, for example, contain an 598 SNMPv2-Trap PDU or an Inform PDU. However, a particular 599 implementation is not required to be capable of generating both types 600 of messages. 602 Notification originator applications require a mechanism for 603 identifying the management targets to which notifications should be 604 sent. The particular mechanism used is implementation dependent. 605 However, if an implementation makes the configuration of management 606 targets SNMP manageable, it MUST use the SNMP-TARGET-MIB module 607 described in this document. 609 When a notification originator wishes to generate a notification, it 610 must first determine in which context the information to be conveyed 611 in the notification exists, i.e., it must determine the 612 contextEngineID and contextName. It must then determine the set of 613 management targets to which the notification should be sent. The 614 application must also determine, for each management target, whether 615 the notification message should contain an SNMPv2-Trap PDU or Inform 616 PDU, and if it is to contain an Inform PDU, the number of retries and 617 retransmission algorithm. 619 The mechanism by which a notification originator determines this 620 information is implementation dependent. Once the application has 621 determined this information, the following procedure is performed for 622 each management target: 624 (1) Any appropriate filtering mechanisms are applied to determine 625 whether the notification should be sent to the management target. 626 If such filtering mechanisms determine that the notification should 627 not be sent, processing continues with the next management target. 628 Otherwise, 630 (2) The appropriate set of variable-bindings is retrieved from local 631 MIB instrumentation within the relevant MIB view. The relevant MIB 632 view is determined by the securityLevel, securityModel, 633 contextName, and securityName of the management target. To 634 determine whether a particular object instance is within the 635 relevant MIB view, the isAccessAllowed abstract service interface 636 is used, in the same manner as described in the preceding section. 637 If the statusInformation returned by isAccessAllowed does not 638 indicate accessAllowed, the notification is not sent to the 639 management target. 641 Draft SNMPv3 Applications September 1997 643 (3) A PDU is constructed using a locally unique request-id value, an 644 operation type of SNMPv2-Trap or Inform, an error-status and 645 error-index value of 0, and the variable-bindings supplied 646 previously in step (2). 648 (4) If the notification contains an SNMPv2-Trap PDU, the Dispatcher is 649 called using the following abstract service interface: 651 statusInformation = -- sendPduHandle if success 652 -- errorIndication if failure 653 sendPdu( 654 IN transportDomain -- transport domain to be used 655 IN transportAddress -- destination network address 656 IN messageProcessingModel -- typically, SNMP version 657 IN securityModel -- Security Model to use 658 IN securityName -- on behalf of this principal 659 IN securityLevel -- Level of Security requested 660 IN contextEngineID -- data from/at this entity 661 IN contextName -- data from/in this context 662 IN pduVersion -- the version of the PDU 663 IN PDU -- SNMP Protocol Data Unit 664 IN expectResponse -- TRUE or FALSE 665 ) 667 Where: 669 - The transportDomain is that of the management target. 671 - The transportAddress is that of the management target. 673 - The messageProcessingModel is that of the management target. 675 - The securityModel is that of the management target. 677 - The securityName is that of the management target. 679 - The securityLevel is that of the management target. 681 - The contextEngineID is the value originally determined for the 682 notification. 684 - The contextName is the value originally determined for the 685 notification. 687 - The pduVersion is the version of the PDU to be sent. 689 Draft SNMPv3 Applications September 1997 691 - The PDU is the value constructed in step (3) above. 693 - The expectResponse argument indicates that no response is 694 expected. 696 Otherwise, 698 (5) If the notification contains an Inform PDU, then: 700 a) The Dispatcher is called using the sendPdu abstract service 701 interface as described in step (4) above, except that the 702 expectResponse argument indicates that a response is expected. 704 b) The application caches information about the management 705 target. 707 c) If a response is received within an appropriate time interval 708 from the transport endpoint of the management target, the 709 notification is considered acknowledged and the cached 710 information is deleted. Otherwise, 712 d) If a response is not received within an appropriate time 713 period, or if a report indication is received, information 714 about the management target is retrieved from the cache, and 715 steps a) through d) are repeated. The number of times these 716 steps are repeated is equal to the previously determined retry 717 count. If this retry count is exceeded, the acknowledgement 718 of the notification is considered to have failed, and 719 processing of the notification for this management target is 720 halted. 722 Responses to Inform PDU notifications will be received via the 723 processResponsePDU abstract service interface. 725 Draft SNMPv3 Applications September 1997 727 4.4. Notification Receiver Applications 729 Notification receiver applications receive SNMP Notification messages 730 from the Dispatcher. Before any messages can be received, the 731 notification receiver must register with the Dispatcher using the 732 registerContextEngineID abstract service interface. The parameters 733 used are: 735 - The contextEngineID is an undefined 'wildcard' value. 736 Notifications are delivered to a registered notification 737 receiver regardless of the contextEngineID contained in the 738 notification message. 740 - The pduType indicates the type of notifications that the 741 application wishes to receive (for example, SNMPv2-Trap PDUs 742 or Inform PDUs). 744 Once the notification receiver has registered with the Dispatcher, 745 messages are received using the processPdu abstract service 746 interface. Parameters are: 748 - The messageProcessingModel indicates which Message Processing 749 Model received and processed the message. 751 - The securityModel is the value from the received message. 753 - The securityName is the value from the received message. 755 - The securityLevel is the value from the received message. 757 - The contextEngineID is the value from the received message. 759 - The contextName is the value from the received message. 761 - The pduVersion indicates the version of the PDU in the 762 received message. 764 - The PDU is the value from the received message. 766 - The maxSizeResponseScopedPDU is the maximum allowable size of 767 a ScopedPDU containing a Response PDU (based on the maximum 768 message size that the originator of the message can accept). 770 - If the message contains an SNMPv2-Trap PDU, the stateReference 771 is undefined and unused. Otherwise, the stateReference is a 772 value which references cached information about the 773 notification. This value must be returned to the Dispatcher 775 Draft SNMPv3 Applications September 1997 777 in order to generate a response. 779 When an SNMPv2-Trap PDU is delivered to a notification receiver 780 application, it first extracts the SNMP operation type, request-id, 781 error-status, error-index, and variable-bindings from the PDU. After 782 this, processing depends on the particular implementation. 784 When an Inform PDU is received, the notification receiver application 785 follows the following procedure: 787 (1) The SNMPv2 operation type, request-id, error-status, error-index, 788 and variable-bindings are extracted from the PDU. 790 (2) A Response PDU is constructed using the extracted request-id and 791 variable-bindings, and with error-status and error-index both set 792 to 0. 794 (3) The Dispatcher is called to generate a response message using the 795 returnResponsePdu abstract service interface. Parameters are: 797 - The messageProcessingModel is the value from the processPdu 798 call. 800 - The securityModel is the value from the processPdu call. 802 - The securityName is the value from the processPdu call. 804 - The securityLevel is the value from the processPdu call. 806 - The contextEngineID is the value from the processPdu call. 808 - The contextName is the value from the processPdu call. 810 - The pduVersion indicates the version of the PDU to be 811 returned. 813 - The PDU is the result generated in step (2) above. 815 - The maxSizeResponseScopedPDU is a local value indicating the 816 maximum size of a ScopedPDU that the application can accept. 818 - The stateReference is the value from the processPdu call. 820 - The statusInformation indicates that no error occurred and 821 that a response should be generated. 823 Draft SNMPv3 Applications September 1997 825 4.5. Proxy Forwarder Applications 827 A proxy forwarder application deals with forwarding SNMP messages. 828 There are four basic types of messages which a proxy forwarder 829 application may need to forward. These are grouped according to the 830 PDU type contained in a message, or according to whether a report 831 indication is contained in the message. The four basic types of 832 messages are: 834 - Those containing PDU types which were generated by a command 835 generator application (for example, Get, GetNext, GetBulk, and 836 Set PDU types). These deal with requesting or modifying 837 information located within a particular context. 839 - Those containing PDU types which were generated by a 840 notification originator application (for example, SNMPv2-Trap 841 and Inform PDU types). These deal with notifications 842 concerning information located within a particular context. 844 - Those containing a Response PDU type. Forwarding of Response 845 PDUs always occurs as a result of receiving a response to a 846 previously forwarded message. 848 - Those containing a report indication. Forwarding of report 849 indications always occurs as a result of receiving a report 850 indication for a previously forwarded message. 852 For the first type, the proxy forwarder's role is to deliver a 853 request for management information to an SNMP engine which is 854 "closer" or "downstream in the path" to the SNMP engine which has 855 access to that information, and to deliver the response containing 856 the information back to the SNMP engine from which the request was 857 received. The context information in a request is used to determine 858 which SNMP engine has access to the requested information, and this 859 is used to determine where and how to forward the request. 861 For the second type, the proxy forwarder's role is to determine which 862 SNMP engines should receive notifications about management 863 information from a particular location. The context information in a 864 notification message determines the location to which the information 865 contained in the notification applies. This is used to determine 866 which SNMP engines should receive notification about this 867 information. 869 For the third type, the proxy forwarder's role is to determine which 870 previously forwarded request or notification (if any) the response 871 matches, and to forward the response back to the initiator of the 873 Draft SNMPv3 Applications September 1997 875 request or notification. 877 For the fourth type, the proxy forwarder's role is to determine which 878 previously forwarded request or notification (if any) the report 879 indication matches, and to forward the report indication back to the 880 initiator of the request or notification. 882 When forwarding messages, a proxy forwarder application must perform 883 a translation of incoming management target information into outgoing 884 management target information. How this translation is performed is 885 implementation specific. In many cases, this will be driven by a 886 preconfigured translation table. If a proxy forwarder application 887 makes the contents of this table SNMP manageable, it MUST use the 888 SNMP-PROXY-MIB module defined in this document. 890 4.5.1. Request Forwarding 892 There are two phases for request forwarding. First, the incoming 893 request needs to be passed through the proxy application. Then, the 894 resulting response needs to be passed back. These phases are 895 described in the following two sections. 897 4.5.1.1. Processing an Incoming Request 899 A proxy forwarder application that wishes to forward request messages 900 must first register with the Dispatcher using the 901 registerContextEngineID abstract service interface. The proxy 902 forwarder must register each contextEngineID for which it wishes to 903 forward messages, as well as for each pduType. Note that as the 904 configuration of a proxy forwarder is changed, the particular 905 contextEngineID values for which it is forwarding may change. The 906 proxy forwarder should call the registerContextEngineID and 907 unregisterContextEngineID abstract service interfaces as needed to 908 reflect its current configuration. 910 A proxy forwarder application should never attempt to register a 911 value of contextEngineID which is equal to the snmpEngineID of the 912 SNMP engine to which the proxy forwarder is associated. 914 Once the proxy forwarder has registered for the appropriate 915 contextEngineId values, it can start processing messages. The 916 following procedure is used: 918 (1) A message is received using the processPdu abstract service 919 interface. The incoming management target information received 921 Draft SNMPv3 Applications September 1997 923 from the processPdu interface is translated into outgoing 924 management target information. Note that this translation may vary 925 for different values of contextEngineID and/or contextName. The 926 translation should result in a single management target. 928 (2) If appropriate outgoing management target information cannot be 929 found, the proxy forwarder increments the snmpProxyDrops counter 930 [RFC1907], and then calls the Dispatcher using the 931 returnResponsePdu abstract service interface. Parameters are: 933 - The messageProcessingModel is the value from the processPdu 934 call. 936 - The securityModel is the value from the processPdu call. 938 - The securityName is the value from the processPdu call. 940 - The securityLevel is the value from the processPdu call. 942 - The contextEngineID is the value from the processPdu call. 944 - The contextName is the value from the processPdu call. 946 - The pduVersion is the value from the processPdu call. 948 - The PDU is an undefined value. 950 - The maxSizeResponseScopedPDU is a local value indicating the 951 maximum size of a ScopedPDU that the application can accept. 953 - The stateReference is the value from the processPdu call. 955 - The statusInformation indicates that an error occurred and 956 includes the OID and value of the snmpProxyDrops object. 958 Processing of the message stops at this point. Otherwise, 960 (3) A new PDU is constructed. A unique value of request-id should be 961 used in the new PDU (this value will enable a subsequent response 962 message to be correlated with this request). The remainder of the 963 new PDU is identical to the received PDU, unless the incoming SNMP 964 version is SNMPv2 or SNMPv3 and the outgoing SNMP version is 965 SNMPv1, in which case the proxy forwarder must apply the 966 translation rules as documented in [RFC1908]. 968 (4) The proxy forwarder calls the Dispatcher to generate the forwarded 969 message, using the sendPdu abstract service interface. The 971 Draft SNMPv3 Applications September 1997 973 parameters are: 975 - The transportDomain is that of the outgoing management target. 977 - The transportAddress is that of the outgoing management 978 target. 980 - The messageProcessingModel is that of the outgoing management 981 target. 983 - The securityModel is that of the outgoing management target. 985 - The securityName is that of the outgoing management target. 987 - The securityLevel is that of the outgoing management target. 989 - The contextEngineID is the value originally received. 991 - The contextName is the value originally received. 993 - The pduVersion is the version of the PDU to be sent. 995 - The PDU is the value constructed in step (3) above. 997 - The expectResponse argument indicates that a response is 998 expected. If the sendPdu call is unsuccessful, the proxy 999 forwarder performs the steps described in (2) above. 1000 Otherwise: 1002 (5) The proxy forwarder caches the following information in order to 1003 match an incoming response to the forwarded request: 1005 - The sendPduHandle returned from the call to sendPdu, 1007 - The request-id from the received PDU. 1009 - the contextEngineID, 1011 - the contextName, 1013 - the stateReference, 1015 - the incoming management target information, 1017 - the outgoing management information, 1019 Draft SNMPv3 Applications September 1997 1021 - any other information needed to match an incoming response to 1022 the forwarded request. 1024 If this information cannot be cached (possibly due to a lack of 1025 resources), the proxy forwarder performs the steps described in (2) 1026 above. Otherwise: 1028 (6) Processing of the request stops until a response to the forwarded 1029 request is received, or until an appropriate time interval has 1030 expired. If this time interval expires before a response has been 1031 received, the cached information about this request is removed. 1033 4.5.1.2. Processing an Incoming Response 1035 A proxy forwarder follows the following procedure when an incoming 1036 response is received: 1038 (1) The incoming response is received using the processResponsePdu 1039 interface. The proxy forwarder uses the received parameters to 1040 locate an entry in its cache of pending forwarded requests. This 1041 is done by matching the received parameters with the cached values 1042 of sendPduHandle, contextEngineID, contextName, outgoing management 1043 target information, and the request-id contained in the received 1044 PDU (the proxy forwarder must extract the request-id for this 1045 purpose). If an appropriate cache entry cannot be found, 1046 processing of the response is halted. Otherwise: 1048 (2) The cache information is extracted, and removed from the cache. 1050 (3) A new Response PDU is constructed, using the request-id value from 1051 the original forwarded request (as extracted from the cache). All 1052 other values are identical to those in the received Response PDU. 1054 (4) If the incoming SNMP version is SNMPv1 and the outgoing SNMP 1055 version is SNMPv2 or SNMPv3, the proxy forwarder must apply the 1056 translation rules documented in [RFC1908]. 1058 (5) The proxy forwarder calls the Dispatcher using the 1059 returnResponsePdu abstract service interface. Parameters are: 1061 - The messageProcessingModel indicates the Message Processing 1062 Model by which the original incoming message was processed. 1064 - The securityModel is that of the original incoming management 1065 target extracted from the cache. 1067 Draft SNMPv3 Applications September 1997 1069 - The securityName is that of the original incoming management 1070 target extracted from the cache. 1072 - The securityLevel is that of the original incoming management 1073 target extracted from the cache. 1075 - The contextEngineID is the value extracted from the cache. 1077 - The contextName is the value extracted from the cache. 1079 - The pduVersion indicates the version of the PDU to be 1080 returned. 1082 - The PDU is the (possibly translated) Response PDU. 1084 - The maxSizeResponseScopedPDU is a local value indicating the 1085 maximum size of a ScopedPDU that the application can accept. 1087 - The stateReference is the value extracted from the cache. 1089 - The statusInformation indicates that no error occurred and 1090 that a Response PDU message should be generated. 1092 4.5.1.3. Processing an Incoming Report Indication 1094 A proxy forwarder follows the following procedure when an incoming 1095 report indication is received: 1097 (1) The incoming report indication is received using the 1098 processResponsePdu interface. The proxy forwarder uses the 1099 received parameters to locate an entry in its cache of pending 1100 forwarded requests. This is done by matching the received 1101 parameters with the cached values of sendPduHandle. If an 1102 appropriate cache entry cannot be found, processing of the report 1103 indication is halted. Otherwise: 1105 (2) The cache information is extracted, and removed from the cache. 1107 (3) If the original incoming management target information indicates 1108 SNMPv1, processing of the report indication is halted. 1110 (4) The proxy forwarder calls the Dispatcher using the 1111 returnResponsePdu abstract service interface. Parameters are: 1113 - The messageProcessingModel indicates the Message Processing 1114 Model by which the original incoming message was processed. 1116 Draft SNMPv3 Applications September 1997 1118 - The securityModel is that of the original incoming management 1119 target extracted from the cache. 1121 - The securityName is that of the original incoming management 1122 target extracted from the cache. 1124 - The securityLevel is that of the original incoming management 1125 target extracted from the cache. 1127 - The contextEngineID is the value extracted from the cache. 1129 - The contextName is the value extracted from the cache. 1131 - The pduVersion indicates the version of the PDU to be 1132 returned. 1134 - The PDU is unused. 1136 - The maxSizeResponseScopedPDU is a local value indicating the 1137 maximum size of a ScopedPDU that the application can accept. 1139 - The stateReference is the value extracted from the cache. 1141 - The statusInformation contain the contextEngineID, 1142 contextName, counter OID, and counter value received in the 1143 report indication. 1145 4.5.2. Notification Forwarding 1147 A proxy forwarder receives notifications in the same manner as a 1148 notification receiver application, using the processPdu abstract 1149 service interface. The following procedure is used when a 1150 notification is received: 1152 (1) The incoming management target information received from the 1153 processPdu interface is translated into outgoing management target 1154 information. Note that this translation may vary for different 1155 values of contextEngineId and/or contextName. The translation may 1156 result in multiple management targets. 1158 (2) If appropriate outgoing management target information cannot be 1159 found and the notification was a Trap, processing of the 1160 notification is halted. If appropriate outgoing management target 1161 information cannot be found and the notification was an Inform, the 1162 proxy forwarder increments the snmpProxyDrops object, and calls the 1163 Dispatcher using the returnResponsePdu abstract service interface. 1165 Draft SNMPv3 Applications September 1997 1167 The parameters are: 1169 - The messageProcessingModel is the received value. 1171 - The securityModel is the received value. 1173 - The securityName is the received value. 1175 - The securityLevel is the received value. 1177 - The contextEngineID is the received value. 1179 - The contextName is the received value. 1181 - The pduVersion is the received value. 1183 - The PDU is an undefined and unused value. 1185 - The maxSizeResponseScopedPDU is a local value indicating the 1186 maximum size of a ScopedPDU that the application can accept. 1188 - The stateReference is the received value. 1190 - The statusInformation indicates that an error occurred and 1191 that a Report message should be generated. 1193 Processing of the message stops at this point. Otherwise, 1195 (3) The proxy forwarder generates a notification using the procedures 1196 described in the preceding section on Notification Originators, 1197 with the following exceptions: 1199 - The contextEngineID and contextName values from the original 1200 received notification are used. 1202 - The outgoing management targets previously determined are 1203 used. 1205 - No filtering mechanisms are applied. 1207 - The variable-bindings from the original received notification 1208 are used, rather than retrieving variable-bindings from local 1209 MIB instrumentation. In particular, no access-control is 1210 applied to these variable-bindings. 1212 - If for any of the outgoing management targets, the incoming 1213 SNMP version is SNMPv1 and the outgoing SNMP version is SNMPv2 1215 Draft SNMPv3 Applications September 1997 1217 or SNMPv3, the proxy forwarder must apply the translation 1218 rules as documented in [RFC1908]. 1220 - If for any of the outgoing management targets, the incoming 1221 SNMP version is SNMPv2 or SNMPv3, and the outgoing SNMP 1222 version is SNMPv1, this outgoing management target is not used 1223 when generating the forwarded notifications. 1225 (4) If the original received notification contains an SNMPv2-Trap PDU, 1226 processing of the notification is now completed. Otherwise, the 1227 original received notification must contain an Inform PDU, and 1228 processing continues. 1230 (5) If the forwarded notifications included any Inform PDUs, processing 1231 continues when the procedures described in the section for 1232 Notification Originators determine that either: 1234 - None of the generated notifications containing Inform PDUs 1235 have been successfully acknowledged within the longest of the 1236 time intervals, in which case processing of the original 1237 notification is halted, or, 1239 - At least one of the generated notifications containing Inform 1240 PDUs is successfully acknowledged, in which case a response to 1241 the original received notification containing an Inform PDU is 1242 generated as described in the following steps. 1244 (6) A Response PDU is constructed, using the values of request-id and 1245 variable-bindings from the original received Inform PDU, and 1246 error-status and error-index values of 0. 1248 (7) The Dispatcher is called using the returnResponsePdu abstract 1249 service interface. Parameters are: 1251 - The messageProcessingModel is the originally received value. 1253 - The securityModel is the originally received value. 1255 - The securityName is the originally received value. 1257 - The securityLevel is the originally received value. 1259 - The contextEngineID is the originally received value. 1261 - The contextName is the originally received value. 1263 Draft SNMPv3 Applications September 1997 1265 - The pduVersion indicates the version of the PDU constructed in 1266 step (6) above. 1268 - The PDU is the value constructed in step (6) above. 1270 - The maxSizeResponseScopedPDU is a local value indicating the 1271 maximum size of a ScopedPDU that the application can accept. 1273 - The stateReference is the originally received value. 1275 - The statusInformation indicates that no error occurred and 1276 that a Response PDU message should be generated. 1278 Draft SNMPv3 Applications September 1997 1280 5. The Structure of the MIB Modules 1282 There are three separate MIB modules described in this document, the 1283 management target MIB, the notification MIB, and the proxy MIB. The 1284 following sections describe the structure of these three MIB modules. 1286 The use of these MIBs by particular types of applications is 1287 described later in this document: 1289 - The use of the management target MIB and the notification MIB 1290 in notification originator applications is described in 1291 section 6. 1293 - The use of the notification MIB for filtering notifications in 1294 notification originator applications is described in section 1295 7. 1297 - The use of the management target MIB and the proxy MIB in 1298 proxy forwarding applications is described in section 8. 1300 5.1. The Management Target MIB Module 1302 The SNMP-TARGET-MIB module contains objects for defining management 1303 targets. It consists of two tables and conformance/compliance 1304 statements. 1306 The first table, the snmpTargetAddrTable, contains information about 1307 transport domains and addresses. It also contains an object, 1308 snmpTargetAddrTagList, which provides a mechanism for grouping 1309 entries. 1311 The second table, the snmpTargetParamsTable, contains information 1312 about SNMP version and security information to be used when sending 1313 messages to particular transport domains and addresses. 1315 5.1.1. Tag Lists 1317 The snmpTargetAddrTagList object is used for grouping entries in the 1318 snmpTargetAddrTable. The value of this object contains a list of tag 1319 values which are used to select target addresses to be used for a 1320 particular operation. 1322 A tag value, which may also be used in MIB objects other than 1323 snmpTargetAddrTagList, is an arbitrary string of octets, but may not 1325 Draft SNMPv3 Applications September 1997 1327 contain a delimiter character. Delimiter characters are defined to 1328 be one of the following characters: 1330 - An ASCII space character (0x20). 1332 - An ASCII TAB character (0x09). 1334 - An ASCII carriage return (CR) character (0x0D). 1336 - An ASCII line feed (LF) character (0x0B). 1338 In addition, a tag value may not have a zero length. Generally, a 1339 particular MIB object may contain either 1341 - a single tag value, in which case the value of the MIB object 1342 may not contain a delimiter character, or: 1344 - a MIB object may contain a list of tag values, separated by 1345 single delimiter characters. 1347 For a list of tag values, these constraints imply certain 1348 restrictions on the value of a MIB object: 1350 - There cannot be a leading or trailing delimiter character. 1352 - There cannot be multiple adjacent delimiter charaters. 1354 5.1.2. Definitions 1356 SNMP-TARGET-MIB DEFINITIONS ::= BEGIN 1358 IMPORTS 1359 TEXTUAL-CONVENTION, 1360 MODULE-IDENTITY, 1361 OBJECT-TYPE, 1362 snmpModules, 1363 Integer32 1364 FROM SNMPv2-SMI 1366 TDomain, 1367 TAddress, 1368 TimeInterval, 1369 RowStatus, 1370 StorageType, 1371 TestAndIncr 1372 FROM SNMPv2-TC 1374 Draft SNMPv3 Applications September 1997 1376 SnmpSecurityModel, 1377 SnmpMessageProcessingModel, 1378 SnmpSecurityLevel, 1379 SnmpAdminString 1380 FROM SNMP-FRAMEWORK-MIB 1382 OBJECT-GROUP 1383 FROM SNMPv2-CONF; 1385 snmpTargetMIB MODULE-IDENTITY 1386 LAST-UPDATED "9707140000Z" 1387 ORGANIZATION "IETF SNMPv3 Working Group" 1388 CONTACT-INFO 1389 "WG-email: snmpv3@tis.com 1390 Subscribe: majordomo@tis.com 1391 In message body: subscribe snmpv3 1393 Chair: Russ Mundy 1394 Trusted Information Systems 1395 Postal: 3060 Washington Rd 1396 Glenwood MD 21738 1397 USA 1398 Email: mundy@tis.com 1399 Phone: +1-301-854-6889 1401 Co-editor: David B. Levi 1402 SNMP Research, Inc. 1403 Postal: 3001 Kimberlin Heights Road 1404 Knoxville, TN 37920-9716 1405 E-mail: levi@snmp.com 1406 Phone: +1 423 573 1434 1408 Co-editor: Paul Meyer 1409 Secure Computing Corporation 1410 Postal: 2675 Long Lake Road 1411 Roseville, MN 55113 1412 E-mail: paul_meyer@securecomputing.com 1413 Phone: +1 612 628 1592 1415 Co-editor: Bob Stewart 1416 Cisco Systems, Inc. 1417 Postal: 170 West Tasman Drive 1418 San Jose, CA 95134-1706 1419 E-mail: bstewart@cisco.com 1420 Phone: +1 603 654 6923" 1421 DESCRIPTION 1422 "This MIB module defines MIB objects which provide 1424 Draft SNMPv3 Applications September 1997 1426 mechanisms to remotely configure the parameters used 1427 by an SNMP entity for the generation of SNMP messages." 1428 REVISION "9707140000Z" 1429 DESCRIPTION 1430 "The initial revision." 1431 ::= { snmpModules 11 } -- TBD 1433 snmpTargetObjects OBJECT IDENTIFIER ::= { snmpTargetMIB 1 } 1434 snmpTargetConformance OBJECT IDENTIFIER ::= { snmpTargetMIB 3 } 1436 SnmpTagValue ::= TEXTUAL-CONVENTION 1437 DISPLAY-HINT "255a" 1438 STATUS current 1439 DESCRIPTION 1440 "An octet string containing a tag value. 1441 Tag values are preferably in human-readable form. 1443 To facilitate internationalization, this information 1444 is represented using the ISO/IEC IS 10646-1 character 1445 set, encoded as an octet string using the UTF-8 1446 character encoding scheme described in RFC 2044. 1448 Since additional code points are added by amendments 1449 to the 10646 standard from time to time, 1450 implementations must be prepared to encounter any code 1451 point from 0x00000000 to 0x7fffffff. 1453 The use of control codes should be avoided, and certain 1454 control codes are not allowed as described below. 1456 For code points not directly supported by user 1457 interface hardware or software, an alternative means 1458 of entry and display, such as hexadecimal, may be 1459 provided. 1461 For information encoded in 7-bit US-ASCII, the UTF-8 1462 representation is identical to the US-ASCII encoding. 1464 Note that when this TC is used for an object that 1465 is used or envisioned to be used as an index, then a 1466 SIZE restriction must be specified so that the number 1467 sub-identifiers for any object instance do not exceed 1468 the limit of 128, as defined by [RFC1905]. 1470 An object of this type contains a single tag value 1471 which is used to select a set of entries in a table. 1473 Draft SNMPv3 Applications September 1997 1475 A tag value is an arbitrary string of octets, but 1476 may not contain a delimiter character. Delimiter 1477 characters are defined to be one of the following: 1479 - An ASCII space character (0x20). 1481 - An ASCII TAB character (0x09). 1483 - An ASCII carriage return (CR) character (0x0D). 1485 - An ASCII line feed (LF) character (0x0B). 1487 Delimiter characters are used to separate tag values 1488 in a tag list. An object of this type may only 1489 contain a single tag value, and so delimiter 1490 characters are not allowed in a value of this type. 1492 Some examples of valid tag values are: 1494 - 'acme' 1496 - 'router' 1498 - 'host' 1500 The use of a tag value to select table entries is 1501 application and MIB specific." 1502 SYNTAX OCTET STRING (SIZE (0..255)) 1504 SnmpTagList ::= TEXTUAL-CONVENTION 1505 DISPLAY-HINT "255a" 1506 STATUS current 1507 DESCRIPTION 1508 "An octet string containing a list of tag values. 1509 Tag values are preferably in human-readable form. 1511 To facilitate internationalization, this information 1512 is represented using the ISO/IEC IS 10646-1 character 1513 set, encoded as an octet string using the UTF-8 1514 character encoding scheme described in RFC 2044. 1516 Since additional code points are added by amendments 1517 to the 10646 standard from time to time, 1518 implementations must be prepared to encounter any code 1519 point from 0x00000000 to 0x7fffffff. 1521 The use of control codes should be avoided, except as 1523 Draft SNMPv3 Applications September 1997 1525 described below. 1527 For code points not directly supported by user 1528 interface hardware or software, an alternative means 1529 of entry and display, such as hexadecimal, may be 1530 provided. 1532 For information encoded in 7-bit US-ASCII, the UTF-8 1533 representation is identical to the US-ASCII encoding. 1535 An object of this type contains a list of tag values 1536 which are used to select a set of entries in a table. 1538 A tag value is an arbitrary string of octets, but 1539 may not contain a delimiter character. Delimiter 1540 characters are defined to be one of the following: 1542 - An ASCII space character (0x20). 1544 - An ASCII TAB character (0x09). 1546 - An ASCII carriage return (CR) character (0x0D). 1548 - An ASCII line feed (LF) character (0x0B). 1550 Delimiter characters are used to separate tag values 1551 in a tag list. Only a single delimiter character may 1552 occur between two tag values. A tag value may not 1553 have a zero length. These constraints imply certain 1554 restrictions on the contents of this object: 1556 - There cannot be a leading or trailing delimiter 1557 character. 1559 - There cannot be multiple adjacent delimiter 1560 characters. 1562 Some examples of valid tag lists are: 1564 - An empty string 1566 - 'acme router' 1568 - 'host managerStation' 1570 Note that although a tag value may not have a length of 1571 zero, an empty string is still valid. This indicates 1573 Draft SNMPv3 Applications September 1997 1575 an empty list (i.e. there are no tag values in the list). 1577 The use of the tag list to select table entries is 1578 application and MIB specific. Typically, an application 1579 will provide one or more tag values, and any entry 1580 which contains some combination of these tag values 1581 will be selected." 1582 SYNTAX OCTET STRING (SIZE (0..255)) 1584 -- 1585 -- 1586 -- The snmpTargetObjects group 1587 -- 1588 -- 1590 snmpTargetSpinLock OBJECT-TYPE 1591 SYNTAX TestAndIncr 1592 MAX-ACCESS read-write 1593 STATUS current 1594 DESCRIPTION 1595 "This object is used to facilitate modification of table 1596 entries in the SNMP-TARGET-MIB module by multiple 1597 managers. In particular, it is useful when modifying 1598 the value of the snmpTargetAddrTagList object. 1600 The procedure for modifying the snmpTargetAddrTagList 1601 object is as follows: 1603 1. Retrieve the value of snmpTargetSpinLock and 1604 of snmpTargetAddrTagList. 1606 2. Generate a new value for snmpTargetAddrTagList. 1608 3. Set the value of snmpTargetSpinLock to the 1609 retrieved value, and the value of 1610 snmpTargetAddrTagList to the new value. If 1611 the set fails for the snmpTargetSpinLock 1612 object, go back to step 1." 1613 ::= { snmpTargetObjects 1 } 1615 snmpTargetAddrTable OBJECT-TYPE 1616 SYNTAX SEQUENCE OF SnmpTargetAddrEntry 1617 MAX-ACCESS not-accessible 1618 STATUS current 1619 DESCRIPTION 1620 "A table of transport addresses to be used in the generation 1621 of SNMP messages." 1623 Draft SNMPv3 Applications September 1997 1625 ::= { snmpTargetObjects 2 } 1627 snmpTargetAddrEntry OBJECT-TYPE 1628 SYNTAX SnmpTargetAddrEntry 1629 MAX-ACCESS not-accessible 1630 STATUS current 1631 DESCRIPTION 1632 "A transport address to be used in the generation 1633 of SNMP operations. 1635 Entries in the snmpTargetAddrTable are created and 1636 deleted using the snmpTargetAddrRowStatus object." 1637 INDEX { IMPLIED snmpTargetAddrName } 1638 ::= { snmpTargetAddrTable 1 } 1640 SnmpTargetAddrEntry ::= SEQUENCE { 1641 snmpTargetAddrName SnmpAdminString, 1642 snmpTargetAddrTDomain TDomain, 1643 snmpTargetAddrTAddress TAddress, 1644 snmpTargetAddrTimeout TimeInterval, 1645 snmpTargetAddrRetryCount Integer32, 1646 snmpTargetAddrTagList SnmpTagList, 1647 snmpTargetAddrParams SnmpAdminString, 1648 snmpTargetAddrStorageType StorageType, 1649 snmpTargetAddrRowStatus RowStatus 1650 } 1652 snmpTargetAddrName OBJECT-TYPE 1653 SYNTAX SnmpAdminString (SIZE(1..32)) 1654 MAX-ACCESS not-accessible 1655 STATUS current 1656 DESCRIPTION 1657 "The locally arbitrary, but unique identifier associated 1658 with this snmpTargetAddrEntry." 1659 ::= { snmpTargetAddrEntry 1 } 1661 snmpTargetAddrTDomain OBJECT-TYPE 1662 SYNTAX TDomain 1663 MAX-ACCESS read-create 1664 STATUS current 1665 DESCRIPTION 1666 "This object indicates the transport type of the address 1667 contained in the snmpTargetAddrTAddress object." 1668 ::= { snmpTargetAddrEntry 2 } 1670 snmpTargetAddrTAddress OBJECT-TYPE 1671 SYNTAX TAddress 1673 Draft SNMPv3 Applications September 1997 1675 MAX-ACCESS read-create 1676 STATUS current 1677 DESCRIPTION 1678 "This object contains a transport address. The format of 1679 this address depends on the value of the 1680 snmpTargetAddrTDomain object." 1681 ::= { snmpTargetAddrEntry 3 } 1683 snmpTargetAddrTimeout OBJECT-TYPE 1684 SYNTAX TimeInterval 1685 MAX-ACCESS read-create 1686 STATUS current 1687 DESCRIPTION 1688 "This object should reflect the expected maximum round 1689 trip time for communicating with the transport address 1690 defined by this row. When a message is sent to this 1691 address, and a response (if one is expected) is not 1692 received within this time period, an implementation 1693 may assume that the response will not be delivered. 1695 Note that the time interval that an application waits 1696 for a response may actually be derived from the value 1697 of this object. The method for deriving the actual time 1698 interval is implementation dependent. One such method 1699 is to derive the expected round trip time based on a 1700 particular retransmission algorithm and on the number 1701 of timeouts which have occurred. The type of message may 1702 also be considered when deriving expected round trip 1703 times for retransmissions. For example, if a message is 1704 being sent with a securityLevel that indicates both 1705 authentication and privacy, the derived value may be 1706 increased to compensate for extra processing time spent 1707 during authentication and encryption processing." 1708 DEFVAL { 1500 } 1709 ::= { snmpTargetAddrEntry 4 } 1711 snmpTargetAddrRetryCount OBJECT-TYPE 1712 SYNTAX Integer32 (0..255) 1713 MAX-ACCESS read-create 1714 STATUS current 1715 DESCRIPTION 1716 "This object specifies a default number of retries to be 1717 attempted when a response is not received for a generated 1718 message. An application may provide its own retry count, 1719 in which case the value of this object is ignored." 1720 DEFVAL { 3 } 1721 ::= { snmpTargetAddrEntry 5 } 1723 Draft SNMPv3 Applications September 1997 1725 snmpTargetAddrTagList OBJECT-TYPE 1726 SYNTAX SnmpTagList 1727 MAX-ACCESS read-create 1728 STATUS current 1729 DESCRIPTION 1730 "This object contains a list of tag values which are 1731 used to select target addresses for a particular 1732 operation." 1733 ::= { snmpTargetAddrEntry 6 } 1735 snmpTargetAddrParams OBJECT-TYPE 1736 SYNTAX SnmpAdminString (SIZE(1..32)) 1737 MAX-ACCESS read-create 1738 STATUS current 1739 DESCRIPTION 1740 "The value of this object identifies an entry in the 1741 snmpTargetParamsTable. The identified entry 1742 contains SNMP parameters to be used when generating 1743 messages to be sent to this transport address." 1744 ::= { snmpTargetAddrEntry 7 } 1746 snmpTargetAddrStorageType OBJECT-TYPE 1747 SYNTAX StorageType 1748 MAX-ACCESS read-create 1749 STATUS current 1750 DESCRIPTION 1751 "The storage type for this conceptual row." 1752 ::= { snmpTargetAddrEntry 8 } 1754 snmpTargetAddrRowStatus OBJECT-TYPE 1755 SYNTAX RowStatus 1756 MAX-ACCESS read-create 1757 STATUS current 1758 DESCRIPTION 1759 "The status of this conceptual row. 1761 To create a row in this table, a manager must 1762 set this object to either createAndGo(4) or 1763 createAndWait(5). 1765 Until instances of all corresponding columns are 1766 appropriately configured, the value of the 1767 corresponding instance of the snmpTargetAddrRowStatus 1768 column is 'notReady'. 1770 In particular, a newly created row cannot be made 1771 active until the corresponding snmpTargetAddrTDomain 1773 Draft SNMPv3 Applications September 1997 1775 and snmpTargetAddrTAddress have both been set. 1777 The following objects may not be modified while the 1778 value of this object is active(1): 1779 - snmpTargetAddrTDomain 1780 - snmpTargetAddrTAddress" 1781 ::= { snmpTargetAddrEntry 9 } 1783 snmpTargetParamsTable OBJECT-TYPE 1784 SYNTAX SEQUENCE OF SnmpTargetParamsEntry 1785 MAX-ACCESS not-accessible 1786 STATUS current 1787 DESCRIPTION 1788 "A table of SNMP target information to be used 1789 in the generation of SNMP messages." 1790 ::= { snmpTargetObjects 3 } 1792 snmpTargetParamsEntry OBJECT-TYPE 1793 SYNTAX SnmpTargetParamsEntry 1794 MAX-ACCESS not-accessible 1795 STATUS current 1796 DESCRIPTION 1797 "A set of SNMP target information. 1799 Entries in the snmpTargetParamsTable are created and 1800 deleted using the snmpTargetParamsRowStatus object." 1801 INDEX { IMPLIED snmpTargetParamsName } 1802 ::= { snmpTargetParamsTable 1 } 1804 SnmpTargetParamsEntry ::= SEQUENCE { 1805 snmpTargetParamsName SnmpAdminString, 1806 snmpTargetParamsMPModel SnmpMessageProcessingModel, 1807 snmpTargetParamsSecurityModel SnmpSecurityModel, 1808 snmpTargetParamsSecurityName SnmpAdminString, 1809 snmpTargetParamsSecurityLevel SnmpSecurityLevel, 1810 snmpTargetParamsStorageType StorageType, 1811 snmpTargetParamsRowStatus RowStatus 1812 } 1814 snmpTargetParamsName OBJECT-TYPE 1815 SYNTAX SnmpAdminString (SIZE(1..32)) 1816 MAX-ACCESS not-accessible 1817 STATUS current 1818 DESCRIPTION 1819 "The locally arbitrary, but unique identifier associated 1820 with this snmpTargetParamsEntry." 1821 ::= { snmpTargetParamsEntry 1 } 1823 Draft SNMPv3 Applications September 1997 1825 snmpTargetParamsMPModel OBJECT-TYPE 1826 SYNTAX SnmpMessageProcessingModel 1827 MAX-ACCESS read-create 1828 STATUS current 1829 DESCRIPTION 1830 "The Message Processing Model to be used when generating 1831 SNMP messages using this entry." 1832 ::= { snmpTargetParamsEntry 2 } 1834 snmpTargetParamsSecurityModel OBJECT-TYPE 1835 SYNTAX SnmpSecurityModel (0..254 | 256..2147483647) 1836 MAX-ACCESS read-create 1837 STATUS current 1838 DESCRIPTION 1839 "The Security Model to be used when generating SNMP 1840 messages using this entry." 1841 ::= { snmpTargetParamsEntry 3 } 1843 snmpTargetParamsSecurityName OBJECT-TYPE 1844 SYNTAX SnmpAdminString 1845 MAX-ACCESS read-create 1846 STATUS current 1847 DESCRIPTION 1848 "The securityName which identifies the Principal on 1849 whose behalf SNMP messages will be generated using 1850 this entry." 1851 ::= { snmpTargetParamsEntry 4 } 1853 snmpTargetParamsSecurityLevel OBJECT-TYPE 1854 SYNTAX SnmpSecurityLevel 1855 MAX-ACCESS read-create 1856 STATUS current 1857 DESCRIPTION 1858 "The Level of Security to be used when generating 1859 SNMP messages using this entry." 1860 ::= { snmpTargetParamsEntry 5 } 1862 snmpTargetParamsStorageType OBJECT-TYPE 1863 SYNTAX StorageType 1864 MAX-ACCESS read-create 1865 STATUS current 1866 DESCRIPTION 1867 "The storage type for this conceptual row." 1868 ::= { snmpTargetParamsEntry 6 } 1870 snmpTargetParamsRowStatus OBJECT-TYPE 1871 SYNTAX RowStatus 1873 Draft SNMPv3 Applications September 1997 1875 MAX-ACCESS read-create 1876 STATUS current 1877 DESCRIPTION 1878 "The status of this conceptual row. 1880 To create a row in this table, a manager must 1881 set this object to either createAndGo(4) or 1882 createAndWait(5). 1884 Until instances of all corresponding columns are 1885 appropriately configured, the value of the 1886 corresponding instance of the snmpTargetParamsRowStatus 1887 column is 'notReady'. 1889 In particular, a newly created row cannot be made 1890 active until the corresponding 1891 snmpTargetParamsMPModel, 1892 snmpTargetParamsSecurityModel, 1893 snmpTargetParamsSecurityName, 1894 and snmpTargetParamsSecurityLevel have all been set. 1896 The following objects may not be modified while the 1897 value of this object is active(1): 1898 - snmpTargetParamsMPModel 1899 - snmpTargetParamsSecurityModel 1900 - snmpTargetParamsSecurityName 1901 - snmpTargetParamsSecurityLevel" 1902 ::= { snmpTargetParamsEntry 7 } 1904 snmpUnavailableContexts OBJECT-TYPE 1905 SYNTAX Counter32 1906 MAX-ACCESS read-only 1907 STATUS current 1908 DESCRIPTION 1909 "The total number of packets received by the SNMP 1910 engine which were dropped because the context 1911 contained in the mesage was unavailable." 1912 ::= { snmpTargetObjects 4 } 1914 snmpUnknownContexts OBJECT-TYPE 1915 SYNTAX Counter32 1916 MAX-ACCESS read-only 1917 STATUS current 1918 DESCRIPTION 1919 "The total number of packets received by the SNMP 1920 engine which were dropped because the context 1921 contained in the mesage was unknown." 1923 Draft SNMPv3 Applications September 1997 1925 ::= { snmpTargetObjects 5 } 1927 -- 1928 -- 1929 -- Conformance information 1930 -- 1931 -- 1933 snmpTargetCompliances OBJECT IDENTIFIER ::= 1934 { snmpTargetConformance 1 } 1935 snmpTargetGroups OBJECT IDENTIFIER ::= 1936 { snmpTargetConformance 2 } 1938 -- 1939 -- 1940 -- Compliance statements 1941 -- 1942 -- 1944 snmpTargetBasicGroup OBJECT-GROUP 1945 OBJECTS { 1946 snmpTargetSpinLock, 1947 snmpTargetAddrTDomain, 1948 snmpTargetAddrTAddress, 1949 snmpTargetAddrTagList, 1950 snmpTargetAddrParams, 1951 snmpTargetAddrStorageType, 1952 snmpTargetAddrRowStatus, 1953 snmpTargetParamsMPModel, 1954 snmpTargetParamsSecurityModel, 1955 snmpTargetParamsSecurityName, 1956 snmpTargetParamsSecurityLevel, 1957 snmpTargetParamsStorageType, 1958 snmpTargetParamsRowStatus 1959 } 1960 STATUS current 1961 DESCRIPTION 1962 "A collection of objects providing basic remote 1963 configuration of management targets." 1964 ::= { snmpTargetGroups 1 } 1966 snmpTargetResponseGroup OBJECT-GROUP 1967 OBJECTS { 1968 snmpTargetAddrTimeout, 1969 snmpTargetAddrRetryCount 1970 } 1971 STATUS current 1973 Draft SNMPv3 Applications September 1997 1975 DESCRIPTION 1976 "A collection of objects providing remote configuration 1977 of management targets for applications which generate 1978 SNMP messages for which a response message would be 1979 expected." 1980 ::= { snmpTargetGroups 2 } 1982 END 1984 Draft SNMPv3 Applications September 1997 1986 5.2. The Notification MIB Module 1988 The SNMP-NOTIFICATION-MIB module contains objects for the remote 1989 configuration of the parameters used by an SNMP entity for the 1990 generation of notifications. It consists of three tables and 1991 conformance/compliance statements. The first table, the 1992 snmpNotifyTable, contains entries which select which entries in the 1993 snmpTargetAddrTable should be used for generating notifications, and 1994 the type of notifications to be generated. 1996 The second table sparsely augments the snmpTargetAddrTable with an 1997 object which is used to associate a set of filters with a particular 1998 management target. 2000 The third table defines filters which are used to limit the number of 2001 notifications which are generated using particular management 2002 targets. 2004 5.2.1. Definitions 2006 SNMP-NOTIFICATION-MIB DEFINITIONS ::= BEGIN 2008 IMPORTS 2009 MODULE-IDENTITY, 2010 OBJECT-TYPE, 2011 snmpModules 2012 FROM SNMPv2-SMI 2014 RowStatus, 2015 StorageType 2016 FROM SNMPv2-TC 2018 SnmpAdminString 2019 FROM SNMP-FRAMEWORK-MIB 2021 SnmpTagValue, 2022 snmpTargetParamsName 2023 FROM SNMP-TARGET-MIB 2025 MODULE-COMPLIANCE, 2026 OBJECT-GROUP 2027 FROM SNMPv2-CONF; 2029 snmpNotificationMIB MODULE-IDENTITY 2030 LAST-UPDATED "9707140000Z" 2031 ORGANIZATION "IETF SNMPv3 Working Group" 2033 Draft SNMPv3 Applications September 1997 2035 CONTACT-INFO 2036 "WG-email: snmpv3@tis.com 2037 Subscribe: majordomo@tis.com 2038 In message body: subscribe snmpv3 2040 Chair: Russ Mundy 2041 Trusted Information Systems 2042 Postal: 3060 Washington Rd 2043 Glenwood MD 21738 2044 USA 2045 Email: mundy@tis.com 2046 Phone: +1-301-854-6889 2048 Co-editor: David B. Levi 2049 SNMP Research, Inc. 2050 Postal: 3001 Kimberlin Heights Road 2051 Knoxville, TN 37920-9716 2052 E-mail: levi@snmp.com 2053 Phone: +1 423 573 1434 2055 Co-editor: Paul Meyer 2056 Secure Computing Corporation 2057 Postal: 2675 Long Lake Road 2058 Roseville, MN 55113 2059 E-mail: paul_meyer@securecomputing.com 2060 Phone: +1 612 628 1592 2062 Co-editor: Bob Stewart 2063 Cisco Systems, Inc. 2064 Postal: 170 West Tasman Drive 2065 San Jose, CA 95134-1706 2066 E-mail: bstewart@cisco.com 2067 Phone: +1 603 654 6923" 2068 DESCRIPTION 2069 "This MIB module defines MIB objects which provide 2070 mechanisms to remotely configure the parameters 2071 used by an SNMP entity for the generation of 2072 notifications." 2073 REVISION "9707140000Z" 2074 DESCRIPTION 2075 "The initial revision." 2076 ::= { snmpModules 12 } -- TBD 2078 snmpNotifyObjects OBJECT IDENTIFIER ::= 2079 { snmpNotificationMIB 1 } 2080 snmpNotifyConformance OBJECT IDENTIFIER ::= 2081 { snmpNotificationMIB 3 } 2083 Draft SNMPv3 Applications September 1997 2085 -- 2086 -- 2087 -- The snmpNotifyObjects group 2088 -- 2089 -- 2091 snmpNotifyTable OBJECT-TYPE 2092 SYNTAX SEQUENCE OF SnmpNotifyEntry 2093 MAX-ACCESS not-accessible 2094 STATUS current 2095 DESCRIPTION 2096 "This table is used to select management targets which should 2097 receive notifications, as well as the type of notification 2098 which should be sent to each selected management target." 2099 ::= { snmpNotifyObjects 1 } 2101 snmpNotifyEntry OBJECT-TYPE 2102 SYNTAX SnmpNotifyEntry 2103 MAX-ACCESS not-accessible 2104 STATUS current 2105 DESCRIPTION 2106 "An entry in this table selects a set of management targets 2107 which should receive notifications, as well as the type of 2108 notification which should be sent to each selected 2109 management target. 2111 Entries in the snmpNotifyTable are created and 2112 deleted using the snmpNotifyRowStatus object." 2113 INDEX { IMPLIED snmpNotifyName } 2114 ::= { snmpNotifyTable 1 } 2116 SnmpNotifyEntry ::= SEQUENCE { 2117 snmpNotifyName SnmpAdminString, 2118 snmpNotifyTag SnmpTagValue, 2119 snmpNotifyType INTEGER, 2120 snmpNotifyStorageType StorageType, 2121 snmpNotifyRowStatus RowStatus 2122 } 2124 snmpNotifyName OBJECT-TYPE 2125 SYNTAX SnmpAdminString (SIZE(1..32)) 2126 MAX-ACCESS not-accessible 2127 STATUS current 2128 DESCRIPTION 2129 "The locally arbitrary, but unique identifier associated 2130 with this snmpNotifyEntry." 2131 ::= { snmpNotifyEntry 1 } 2133 Draft SNMPv3 Applications September 1997 2135 snmpNotifyTag OBJECT-TYPE 2136 SYNTAX SnmpTagValue 2137 MAX-ACCESS read-create 2138 STATUS current 2139 DESCRIPTION 2140 "This object contains a single tag value which is used 2141 to select entries in the snmpTargetAddrTable. Any entry 2142 in the snmpTargetAddrTable which contains a tag value 2143 which is equal to the value of an instance of this 2144 object is selected. If this object contains a value 2145 of zero length, no entries are selected." 2146 ::= { snmpNotifyEntry 2 } 2148 snmpNotifyType OBJECT-TYPE 2149 SYNTAX INTEGER { 2150 trap(1), 2151 inform(2) 2152 } 2153 MAX-ACCESS read-create 2154 STATUS current 2155 DESCRIPTION 2156 "This object determines the type of notification to 2157 be generated for entries in the snmpTargetAddrTable 2158 selected by the corresponding instance of 2159 snmpNotifyTag. 2161 If the value of this object is trap(1), then any 2162 messages generated for selected rows will contain 2163 SNMPv2-Trap PDUs. 2165 If the value of this object is inform(2), then any 2166 messages generated for selected rows will contain 2167 Inform PDUs. 2169 Note that if an SNMP entity only supports 2170 generation of traps (and not informs), then this 2171 object may be read-only." 2172 DEFVAL { trap } 2173 ::= { snmpNotifyEntry 3 } 2175 snmpNotifyStorageType OBJECT-TYPE 2176 SYNTAX StorageType 2177 MAX-ACCESS read-create 2178 STATUS current 2179 DESCRIPTION 2180 "The storage type for this conceptual row." 2181 ::= { snmpNotifyEntry 4 } 2183 Draft SNMPv3 Applications September 1997 2185 snmpNotifyRowStatus OBJECT-TYPE 2186 SYNTAX RowStatus 2187 MAX-ACCESS read-create 2188 STATUS current 2189 DESCRIPTION 2190 "The status of this conceptual row. 2192 To create a row in this table, a manager must 2193 set this object to either createAndGo(4) or 2194 createAndWait(5). 2196 Until instances of all corresponding columns are 2197 appropriately configured, the value of the 2198 corresponding instance of the snmpNotifyRowStatus 2199 column is 'notReady'. 2201 In particular, a newly created row cannot be made 2202 active until the corresponding snmpNotifyTag has 2203 been set." 2204 ::= { snmpNotifyEntry 5 } 2206 snmpNotifyFilterProfileTable OBJECT-TYPE 2207 SYNTAX SEQUENCE OF SnmpNotifyFilterProfileEntry 2208 MAX-ACCESS not-accessible 2209 STATUS current 2210 DESCRIPTION 2211 "This table is used to associate a notification filter 2212 profile with a particular set of target parameters." 2213 ::= { snmpNotifyObjects 2 } 2215 snmpNotifyFilterProfileEntry OBJECT-TYPE 2216 SYNTAX SnmpNotifyFilterProfileEntry 2217 MAX-ACCESS not-accessible 2218 STATUS current 2219 DESCRIPTION 2220 "An entry in this table indicates the name of the filter 2221 profile to be used when generating notifications using 2222 the corresponding entry in the snmpTargetParamsTable. 2224 Entries in the snmpNotifyFilterProfileTable are created 2225 and deleted using the snmpNotifyFilterProfileRowStatus 2226 object." 2227 INDEX { IMPLIED snmpTargetParamsName } 2228 ::= { snmpNotifyFilterProfileTable 1 } 2230 SnmpNotifyFilterProfileEntry ::= SEQUENCE { 2231 snmpNotifyFilterProfileName SnmpAdminString, 2233 Draft SNMPv3 Applications September 1997 2235 snmpNotifyFilterProfileStorType StorageType, 2236 snmpNotifyFilterProfileRowStatus RowStatus 2237 } 2239 snmpNotifyFilterProfileName OBJECT-TYPE 2240 SYNTAX SnmpAdminString (SIZE(1..32)) 2241 MAX-ACCESS read-create 2242 STATUS current 2243 DESCRIPTION 2244 "The name of the filter profile to be used when generating 2245 notifications using the corresponding entry in the 2246 snmpTargetAddrTable." 2247 ::= { snmpNotifyFilterProfileEntry 1 } 2249 snmpNotifyFilterProfileStorType OBJECT-TYPE 2250 SYNTAX StorageType 2251 MAX-ACCESS read-create 2252 STATUS current 2253 DESCRIPTION 2254 "The storage type of this conceptual row." 2255 ::= { snmpNotifyFilterProfileEntry 2 } 2257 snmpNotifyFilterProfileRowStatus OBJECT-TYPE 2258 SYNTAX RowStatus 2259 MAX-ACCESS read-create 2260 STATUS current 2261 DESCRIPTION 2262 "The status of this conceptual row. 2264 To create a row in this table, a manager must 2265 set this object to either createAndGo(4) or 2266 createAndWait(5)." 2267 ::= { snmpNotifyFilterProfileEntry 3 } 2269 snmpNotifyFilterTable OBJECT-TYPE 2270 SYNTAX SEQUENCE OF SnmpNotifyFilterEntry 2271 MAX-ACCESS not-accessible 2272 STATUS current 2273 DESCRIPTION 2274 "The table of filter profiles. Filter profiles are used 2275 to determine whether particular management targets should 2276 receive particular notifications. 2278 When a notification is generated, it must be compared 2279 with the filters associated with each management target 2280 which is configured to receive notifications. If the 2281 notification is matched by a filter, it is not sent to 2283 Draft SNMPv3 Applications September 1997 2285 the management target with which the filter is 2286 associated." 2287 ::= { snmpNotifyObjects 3 } 2289 snmpNotifyFilterEntry OBJECT-TYPE 2290 SYNTAX SnmpNotifyFilterEntry 2291 MAX-ACCESS not-accessible 2292 STATUS current 2293 DESCRIPTION 2294 "An element of a filter profile. 2296 Entries in the snmpNotifyFilterTable are created and 2297 deleted using the snmpNotifyFilterRowStatus object." 2298 INDEX { snmpNotifyFilterProfileName, 2299 IMPLIED snmpNotifyFilterSubtree } 2300 ::= { snmpNotifyFilterTable 1 } 2302 SnmpNotifyFilterEntry ::= SEQUENCE { 2303 snmpNotifyFilterSubtree OBJECT IDENTIFIER, 2304 snmpNotifyFilterMask OCTET STRING, 2305 snmpNotifyFilterType INTEGER, 2306 snmpNotifyFilterStorageType StorageType, 2307 snmpNotifyFilterRowStatus RowStatus 2308 } 2310 snmpNotifyFilterSubtree OBJECT-TYPE 2311 SYNTAX OBJECT IDENTIFIER 2312 MAX-ACCESS not-accessible 2313 STATUS current 2314 DESCRIPTION 2315 "The MIB subtree which, when combined with the corresponding 2316 instance of snmpNotifyFilterMask, defines a family of 2317 subtrees which are included in or excluded from the 2318 filter profile." 2319 ::= { snmpNotifyFilterEntry 1 } 2321 snmpNotifyFilterMask OBJECT-TYPE 2322 SYNTAX OCTET STRING (SIZE(0..16)) 2323 MAX-ACCESS read-create 2324 STATUS current 2325 DESCRIPTION 2326 "The bit mask which, in combination with the corresponding 2327 instance of snmpNotifyFilterSubtree, defines a family of 2328 subtrees which are included in or excluded from the 2329 filter profile. 2331 Each bit of this bit mask corresponds to a 2333 Draft SNMPv3 Applications September 1997 2335 sub-identifier of snmpNotifyFilterSubtree, with the 2336 most significant bit of the i-th octet of this octet 2337 string value (extended if necessary, see below) 2338 corresponding to the (8*i - 7)-th sub-identifier, and 2339 the least significant bit of the i-th octet of this 2340 octet string corresponding to the (8*i)-th 2341 sub-identifier, where i is in the range 1 through 16. 2343 Each bit of this bit mask specifies whether or not 2344 the corresponding sub-identifiers must match when 2345 determining if an OBJECT IDENTIFIER matches this 2346 family of filter subtrees; a '1' indicates that an 2347 exact match must occur; a '0' indicates 'wild card', 2348 i.e., any sub-identifier value matches. 2350 Thus, the OBJECT IDENTIFIER X of an object instance 2351 is contained in a family of filter subtrees if, for 2352 each sub-identifier of the value of 2353 snmpNotifyFilterSubtree, either: 2355 the i-th bit of snmpNotifyFilterMask is 0, or 2357 the i-th sub-identifier of X is equal to the i-th 2358 sub-identifier of the value of 2359 snmpNotifyFilterSubtree. 2361 If the value of this bit mask is M bits long and 2362 there are more than M sub-identifiers in the 2363 corresponding instance of snmpNotifyFilterSubtree, 2364 then the bit mask is extended with 1's to be the 2365 required length. 2367 Note that when the value of this object is the 2368 zero-length string, this extension rule results in 2369 a mask of all-1's being used (i.e., no 'wild card'), 2370 and the family of filter subtrees is the one 2371 subtree uniquely identified by the corresponding 2372 instance of snmpNotifyFilterSubtree." 2373 DEFVAL { ''H } 2374 ::= { snmpNotifyFilterEntry 2 } 2376 snmpNotifyFilterType OBJECT-TYPE 2377 SYNTAX INTEGER { 2378 included(1), 2379 excluded(2) 2380 } 2381 MAX-ACCESS read-create 2383 Draft SNMPv3 Applications September 1997 2385 STATUS current 2386 DESCRIPTION 2387 "This object indicates whether the family of filter subtrees 2388 defined by this entry are included in or excluded from a 2389 filter." 2390 DEFVAL { included } 2391 ::= { snmpNotifyFilterEntry 3 } 2393 snmpNotifyFilterStorageType OBJECT-TYPE 2394 SYNTAX StorageType 2395 MAX-ACCESS read-create 2396 STATUS current 2397 DESCRIPTION 2398 "The storage type of this conceptual row." 2399 ::= { snmpNotifyFilterEntry 4 } 2401 snmpNotifyFilterRowStatus OBJECT-TYPE 2402 SYNTAX RowStatus 2403 MAX-ACCESS read-create 2404 STATUS current 2405 DESCRIPTION 2406 "The status of this conceptual row. 2408 To create a row in this table, a manager must 2409 set this object to either createAndGo(4) or 2410 createAndWait(5)." 2411 ::= { snmpNotifyFilterEntry 5 } 2413 -- 2414 -- 2415 -- Conformance information 2416 -- 2417 -- 2419 snmpNotifyCompliances OBJECT IDENTIFIER ::= 2420 { snmpNotifyConformance 1 } 2421 snmpNotifyGroups OBJECT IDENTIFIER ::= 2422 { snmpNotifyConformance 2 } 2424 -- 2425 -- 2426 -- Compliance statements 2427 -- 2428 -- 2430 snmpNotifyBasicCompliance MODULE-COMPLIANCE 2431 STATUS current 2433 Draft SNMPv3 Applications September 1997 2435 DESCRIPTION 2436 "The compliance statement for minimal SNMP entities which 2437 implement only SNMP Traps and read-create operations on 2438 only the snmpTargetAddrTable." 2439 MODULE SNMP-TARGET-MIB 2440 MANDATORY-GROUPS { snmpTargetBasicGroup } 2442 OBJECT snmpTargetParamsMPModel 2443 MIN-ACCESS read-only 2444 DESCRIPTION 2445 "Create/delete/modify access is not required." 2447 OBJECT snmpTargetParamsSecurityModel 2448 MIN-ACCESS read-only 2449 DESCRIPTION 2450 "Create/delete/modify access is not required." 2452 OBJECT snmpTargetParamsSecurityName 2453 MIN-ACCESS read-only 2454 DESCRIPTION 2455 "Create/delete/modify access is not required." 2457 OBJECT snmpTargetParamsSecurityLevel 2458 MIN-ACCESS read-only 2459 DESCRIPTION 2460 "Create/delete/modify access is not required." 2462 OBJECT snmpTargetParamsStorageType 2463 SYNTAX INTEGER { 2464 readOnly(5) 2465 } 2466 MIN-ACCESS read-only 2467 DESCRIPTION 2468 "Create/delete/modify access is not required. 2469 Support of the values other(1), volatile(2), 2470 nonVolatile(3), and permanent(4) is not required." 2472 OBJECT snmpTargetParamsRowStatus 2473 SYNTAX INTEGER { 2474 active(1) 2475 } 2476 MIN-ACCESS read-only 2477 DESCRIPTION 2478 "Create/delete/modify access to the 2479 snmpTargetParamsTable is not required. 2480 Support of the values notInService(2), notReady(3), 2481 createAndGo(4), createAndWait(5), and destroy(6) is 2483 Draft SNMPv3 Applications September 1997 2485 not required." 2487 MODULE -- This Module 2488 MANDATORY-GROUPS { snmpNotifyGroup } 2490 OBJECT snmpNotifyTag 2491 MIN-ACCESS read-only 2492 DESCRIPTION 2493 "Create/delete/modify access is not required." 2495 OBJECT snmpNotifyType 2496 SYNTAX INTEGER { 2497 trap(1) 2498 } 2499 MIN-ACCESS read-only 2500 DESCRIPTION 2501 "Create/delete/modify access is not required. 2502 Support of the value notify(2) is not required." 2504 OBJECT snmpNotifyStorageType 2505 SYNTAX INTEGER { 2506 readOnly(5) 2507 } 2508 MIN-ACCESS read-only 2509 DESCRIPTION 2510 "Create/delete/modify access is not required. 2511 Support of the values other(1), volatile(2), 2512 nonVolatile(3), and permanent(4) is not required." 2514 OBJECT snmpNotifyRowStatus 2515 SYNTAX INTEGER { 2516 active(1) 2517 } 2518 MIN-ACCESS read-only 2519 DESCRIPTION 2520 "Create/delete/modify access to the 2521 snmpNotifyTable is not required. 2522 Support of the values notInService(2), notReady(3), 2523 createAndGo(4), createAndWait(5), and destroy(6) is 2524 not required." 2526 ::= { snmpNotifyCompliances 1 } 2528 snmpNotifyBasicFiltersCompliance MODULE-COMPLIANCE 2529 STATUS current 2530 DESCRIPTION 2531 "The compliance statement for SNMP entities which implement 2533 Draft SNMPv3 Applications September 1997 2535 SNMP Traps with filtering, and read-create operations on 2536 all related tables." 2537 MODULE SNMP-TARGET-MIB 2538 MANDATORY-GROUPS { snmpTargetBasicGroup } 2539 MODULE -- This Module 2540 MANDATORY-GROUPS { snmpNotifyGroup, 2541 snmpNotifyFilterGroup } 2542 ::= { snmpNotifyCompliances 2 } 2544 snmpNotifyFullCompliance MODULE-COMPLIANCE 2545 STATUS current 2546 DESCRIPTION 2547 "The compliance statement for SNMP entities which either 2548 implement only SNMP Informs, or both SNMP Traps and SNMP 2549 Informs, plus filtering and read-create operations on 2550 all related tables." 2551 MODULE SNMP-TARGET-MIB 2552 MANDATORY-GROUPS { snmpTargetBasicGroup, 2553 snmpTargetResponseGroup } 2554 MODULE -- This Module 2555 MANDATORY-GROUPS { snmpNotifyGroup, 2556 snmpNotifyFilterGroup } 2557 ::= { snmpNotifyCompliances 3 } 2559 snmpNotifyGroup OBJECT-GROUP 2560 OBJECTS { 2561 snmpNotifyTag, 2562 snmpNotifyType, 2563 snmpNotifyStorageType, 2564 snmpNotifyRowStatus 2565 } 2566 STATUS current 2567 DESCRIPTION 2568 "A collection of objects for selecting which management 2569 targets are used for generating notifications, and the 2570 type of notification to be generated for each selected 2571 management target." 2572 ::= { snmpNotifyGroups 1 } 2574 snmpNotifyFilterGroup OBJECT-GROUP 2575 OBJECTS { 2576 snmpNotifyFilterProfileName, 2577 snmpNotifyFilterProfileStorType, 2578 snmpNotifyFilterProfileRowStatus, 2579 snmpNotifyFilterMask, 2580 snmpNotifyFilterType, 2581 snmpNotifyFilterStorageType, 2583 Draft SNMPv3 Applications September 1997 2585 snmpNotifyFilterRowStatus 2586 } 2587 STATUS current 2588 DESCRIPTION 2589 "A collection of objects providing remote configuration 2590 of notification filters." 2591 ::= { snmpNotifyGroups 2 } 2593 END 2595 Draft SNMPv3 Applications September 1997 2597 5.3. The Proxy MIB Module 2599 The SNMP-PROXY-MIB module, which defines MIB objects that provide 2600 mechanisms to remotely configure the parameters used by an SNMP 2601 entity for proxy forwarding operations, contains a single table. 2602 This table, snmpProxyTable, is used to define translations between 2603 management targets for use when forwarding messages. 2605 5.3.1. Definitions 2607 SNMP-PROXY-MIB DEFINITIONS ::= BEGIN 2609 IMPORTS 2610 MODULE-IDENTITY, 2611 OBJECT-TYPE, 2612 snmpModules 2613 FROM SNMPv2-SMI 2615 RowStatus, 2616 StorageType 2617 FROM SNMPv2-TC 2619 SnmpEngineID, 2620 SnmpAdminString 2621 FROM SNMP-FRAMEWORK-MIB 2623 SnmpTagValue, 2624 FROM SNMP-TARGET-MIB 2626 MODULE-COMPLIANCE, 2627 OBJECT-GROUP 2628 FROM SNMPv2-CONF; 2630 snmpProxyMIB MODULE-IDENTITY 2631 LAST-UPDATED "9706140000Z" 2632 ORGANIZATION "IETF SNMPv3 Working Group" 2633 CONTACT-INFO 2634 "WG-email: snmpv3@tis.com 2635 Subscribe: majordomo@tis.com 2636 In message body: subscribe snmpv3 2638 Chair: Russ Mundy 2639 Trusted Information Systems 2640 Postal: 3060 Washington Rd 2641 Glenwood MD 21738 2642 USA 2644 Draft SNMPv3 Applications September 1997 2646 Email: mundy@tis.com 2647 Phone: +1-301-854-6889 2649 Co-editor: David B. Levi 2650 SNMP Research, Inc. 2651 Postal: 3001 Kimberlin Heights Road 2652 Knoxville, TN 37920-9716 2653 E-mail: levi@snmp.com 2654 Phone: +1 423 573 1434 2656 Co-editor: Paul Meyer 2657 Secure Computing Corporation 2658 Postal: 2675 Long Lake Road 2659 Roseville, MN 55113 2660 E-mail: paul_meyer@securecomputing.com 2661 Phone: +1 612 628 1592 2663 Co-editor: Bob Stewart 2664 Cisco Systems, Inc. 2665 Postal: 170 West Tasman Drive 2666 San Jose, CA 95134-1706 2667 E-mail: bstewart@cisco.com 2668 Phone: +1 603 654 6923" 2669 DESCRIPTION 2670 "This MIB module defines MIB objects which provide 2671 mechanisms to remotely configure the parameters 2672 used by a proxy forwarding application." 2673 REVISION "9707140000Z" 2674 DESCRIPTION 2675 "The initial revision." 2676 ::= { snmpModules 13 } -- TBD 2678 snmpProxyObjects OBJECT IDENTIFIER ::= { snmpProxyMIB 1 } 2679 snmpProxyConformance OBJECT IDENTIFIER ::= { snmpProxyMIB 3 } 2681 -- 2682 -- 2683 -- The snmpProxyObjects group 2684 -- 2685 -- 2687 snmpProxyTable OBJECT-TYPE 2688 SYNTAX SEQUENCE OF SnmpProxyEntry 2689 MAX-ACCESS not-accessible 2690 STATUS current 2691 DESCRIPTION 2692 "The table of translation parameters used by proxy forwarder 2694 Draft SNMPv3 Applications September 1997 2696 applications for forwarding SNMP messages." 2697 ::= { snmpProxyObjects 2 } 2699 snmpProxyEntry OBJECT-TYPE 2700 SYNTAX SnmpProxyEntry 2701 MAX-ACCESS not-accessible 2702 STATUS current 2703 DESCRIPTION 2704 "A set of translation parameters used by a proxy forwarder 2705 application for forwarding SNMP messages. 2707 Entries in the snmpProxyTable are created and deleted 2708 using the snmpProxyRowStatus object." 2709 INDEX { IMPLIED snmpProxyName } 2710 ::= { snmpProxyTable 1 } 2712 SnmpProxyEntry ::= SEQUENCE { 2713 snmpProxyName SnmpAdminString, 2714 snmpProxyType INTEGER, 2715 snmpProxyContextEngineID SnmpEngineID, 2716 snmpProxyContextName SnmpAdminString, 2717 snmpProxyTargetParamsIn SnmpAdminString, 2718 snmpProxySingleTargetOut SnmpAdminString, 2719 snmpProxyMultipleTargetOut SnmpTagValue, 2720 snmpProxyStorageType StorageType, 2721 snmpProxyRowStatus RowStatus 2722 } 2724 snmpProxyName OBJECT-TYPE 2725 SYNTAX SnmpAdminString (SIZE(1..32)) 2726 MAX-ACCESS not-accessible 2727 STATUS current 2728 DESCRIPTION 2729 "The locally arbitrary, but unique identifier associated 2730 with this snmpProxyEntry." 2731 ::= { snmpProxyEntry 1 } 2733 snmpProxyType OBJECT-TYPE 2734 SYNTAX INTEGER { 2735 read(1), 2736 write(2), 2737 trap(3), 2738 inform(4) 2739 } 2740 MAX-ACCESS read-create 2741 STATUS current 2742 DESCRIPTION 2744 Draft SNMPv3 Applications September 1997 2746 "The type of message that may be forwarded using 2747 the translation parameters defined by this entry." 2748 ::= { snmpProxyEntry 2 } 2750 snmpProxyContextEngineID OBJECT-TYPE 2751 SYNTAX SnmpEngineID 2752 MAX-ACCESS read-create 2753 STATUS current 2754 DESCRIPTION 2755 "The contextEngineID contained in messages that 2756 may be forwarded using the translation parameters 2757 defined by this entry." 2758 ::= { snmpProxyEntry 3 } 2760 snmpProxyContextName OBJECT-TYPE 2761 SYNTAX SnmpAdminString 2762 MAX-ACCESS read-create 2763 STATUS current 2764 DESCRIPTION 2765 "The contextName contained in messages that may be 2766 forwarded using the translation parameters defined 2767 by this entry. 2769 This object is optional, and if not supported, the 2770 contextName contained in a message is ignored when 2771 selecting an entry in the snmpProxyTable." 2772 ::= { snmpProxyEntry 4 } 2774 snmpProxyTargetParamsIn OBJECT-TYPE 2775 SYNTAX SnmpAdminString 2776 MAX-ACCESS read-create 2777 STATUS current 2778 DESCRIPTION 2779 "This object selects an entry in the snmpTargetParamsTable. 2780 The selected entry is used to determine which row of the 2781 snmpProxyTable to use for forwarding received messages." 2782 ::= { snmpProxyEntry 5 } 2784 snmpProxySingleTargetOut OBJECT-TYPE 2785 SYNTAX SnmpAdminString 2786 MAX-ACCESS read-create 2787 STATUS current 2788 DESCRIPTION 2789 "This object selects a management target defined in the 2790 snmpTargetAddrTable (in the SNMP-TARGET-MIB). The 2791 selected target is defined by an entry in the 2792 snmpTargetAddrTable whose index value (snmpTargetAddrName) 2794 Draft SNMPv3 Applications September 1997 2796 is equal to this object. 2798 This object is only used when selection of a single 2799 target is required (i.e. when forwarding an incoming 2800 read or write request)." 2801 ::= { snmpProxyEntry 6 } 2803 snmpProxyMultipleTargetOut OBJECT-TYPE 2804 SYNTAX SnmpTagValue 2805 MAX-ACCESS read-create 2806 STATUS current 2807 DESCRIPTION 2808 "This object selects a set of management targets defined 2809 in the snmpTargetAddrTable (in the SNMP-TARGET-MIB). 2811 This object is only used when selection of multiple 2812 targets is required (i.e. when forwarding an incoming 2813 notification)." 2814 ::= { snmpProxyEntry 7 } 2816 snmpProxyStorageType OBJECT-TYPE 2817 SYNTAX StorageType 2818 MAX-ACCESS read-create 2819 STATUS current 2820 DESCRIPTION 2821 "The storage type of this conceptual row." 2822 ::= { snmpProxyEntry 8 } 2824 snmpProxyRowStatus OBJECT-TYPE 2825 SYNTAX RowStatus 2826 MAX-ACCESS read-create 2827 STATUS current 2828 DESCRIPTION 2829 "The status of this conceptual row. 2831 To create a row in this table, a manager must 2832 set this object to either createAndGo(4) or 2833 createAndWait(5). 2835 The following objects may not be modified while the 2836 value of this object is active(1): 2837 - snmpProxyType 2838 - snmpProxyContextEngineID 2839 - snmpProxyContextName 2840 - snmpProxyTargetParamsIn 2841 - snmpProxySingleTargetOut 2842 - snmpProxyMultipleTargetOut" 2844 Draft SNMPv3 Applications September 1997 2846 ::= { snmpProxyEntry 9 } 2848 -- 2849 -- 2850 -- Conformance information 2851 -- 2852 -- 2854 snmpProxyCompliances OBJECT IDENTIFIER ::= 2855 { snmpProxyConformance 1 } 2856 snmpProxyGroups OBJECT IDENTIFIER ::= 2857 { snmpProxyConformance 2 } 2859 -- 2860 -- 2861 -- Compliance statements 2862 -- 2863 -- 2865 snmpProxyCompliance MODULE-COMPLIANCE 2866 STATUS current 2867 DESCRIPTION 2868 "The compliance statement for SNMP entities which include 2869 a proxy forwarding application." 2870 MODULE SNMP-TARGET-MIB 2871 MANDATORY-GROUPS { snmpTargetBasicGroup, 2872 snmpTargetResponseGroup } 2873 MODULE -- This Module 2874 MANDATORY-GROUPS { snmpProxyGroup } 2875 ::= { snmpProxyCompliances 1 } 2877 snmpProxyGroup OBJECT-GROUP 2878 OBJECTS { 2879 snmpProxyType, 2880 snmpProxyContextEngineID, 2881 snmpProxyContextName, 2882 snmpProxyTargetParamsIn, 2883 snmpProxySingleTargetOut, 2884 snmpProxyMultipleTargetOut, 2885 snmpProxyStorageType, 2886 snmpProxyRowStatus 2887 } 2888 STATUS current 2889 DESCRIPTION 2890 "A collection of objects providing remote configuration of 2891 management target translation parameters for use by 2892 proxy forwarder applications." 2894 Draft SNMPv3 Applications September 1997 2896 ::= { snmpProxyGroups 3 } 2898 END 2900 Draft SNMPv3 Applications September 1997 2902 6. Identification of Management Targets in Notification Originators 2904 This section describes the mechanisms used by a notification 2905 originator application when using the MIB module described in this 2906 document to determine the set of management targets to be used when 2907 generating a notification. 2909 A notification originator uses the snmpNotifyTable to find the 2910 management targets to be used for generating notifications. Each 2911 active entry in this table identifies zero or more entries in the 2912 snmpTargetAddrTable. Any entry in the snmpTargetAddrTable whose 2913 snmpTargetAddrTagList object contains a tag value which is equal to a 2914 value of snmpNotifyTag is selected by the snmpNotifyEntry which 2915 contains that instance of snmpNotifyTag. Note that a particular 2916 snmpTargetAddrEntry may be selected by multiple entries in the 2917 snmpNotifyTable, resulting in multiple notifications being generated 2918 using that snmpTargetAddrEntry. 2920 Each snmpTargetAddrEntry contains a pointer to the 2921 snmpTargetParamsTable (snmpTargetAddrParams). This pointer selects a 2922 set of SNMP parameters to be used for generating notifications. If 2923 the selected entry in the snmpTargetParamsTable does not exist, the 2924 management target is not used to generate notifications. 2926 The decision as to whether a notification should contain an SNMPv2- 2927 Trap or Inform PDU is determined by the value of the snmpNotifyType 2928 object. If the value of this object is trap(1), the notification 2929 should contain an SNMPv2-Trap PDU. If the value of this object is 2930 inform(2), then the notification should contain an Inform PDU, and 2931 the timeout time and number of retries for the Inform are the value 2932 of snmpTargetAddrTimeout and snmpTargetAddrRetryCount. Note that the 2933 exception to these rules is when the snmpTargetParamsMPModel object 2934 indicates SNMPv1. In this case, the notification is sent as a Trap 2935 if the value of snmpNotifyTargetType is either trap(1) or inform(2). 2937 Draft SNMPv3 Applications September 1997 2939 7. Notification Filtering 2941 This section describes the mechanisms used by a notification 2942 originator application when using the MIB module described in this 2943 document to filter generation of notifications. 2945 A notification originator uses the snmpNotifyFilterTable to filter 2946 notifications. A notification filter profile may be associated with 2947 a management target identified by a particular entry in the 2948 snmpTargetAddrTable. The associated filter profile is identified by 2949 an entry in the snmpNotifyFilterProfileTable whose index is equal to 2950 the index of the entry in the snmpTargetAddrTable. If no such entry 2951 exists in the snmpNotifyFilterProfileTable, no filtering is performed 2952 for that management target. 2954 If such an entry does exist, the value of snmpNotifyFilterProfileName 2955 of the entry is compared with the corresponding portion of the index 2956 of all active entries in the snmpNotifyFilterTable. All such entries 2957 for which this comparison results in an exact match are used for 2958 filtering the notification. If no such entries exist, no filtering 2959 is performed, and the notification may be sent to the management 2960 target. 2962 Otherwise, if matching entries do exist, the notification may be sent 2963 if the NOTIFICATION-TYPE OBJECT IDENTIFIER of the notification (this 2964 is the value of the element of the variable bindings whose name is 2965 snmpTrapOID.0, i.e., the second variable binding), and all of the 2966 object instances to be included in the variable-bindings of the 2967 notification, are not specifically excluded by the matching entries. 2969 Each set of snmpNotifyFilterTable entries is divided into two 2970 collections of filter subtrees: the included filter subtrees, and 2971 the excluded filter subtrees. The snmpNotifyFilterType object 2972 defines the collection to which each matching entry belongs. 2974 To determine whether a particular notification name or object 2975 instance is excluded by the set of matching entries, compare the 2976 notification name's or object instance's OBJECT IDENTIFIER with each 2977 of the matching entries. If none match, then the notification name 2978 or object instance is considered excluded, and the notification 2979 should not be sent to this management target. If one or more match, 2980 then the notification name or object instance is included or 2981 excluded, according to the value of snmpNotifyFilterType in the entry 2982 whose value of snmpNotifyFilterSubtree has the most sub-identifiers. 2983 If multiple entries match and have the same number of sub- 2984 identifiers, then the lexicographically greatest instance of 2985 snmpNotifyFilterType among those which match determines the inclusion 2987 Draft SNMPv3 Applications September 1997 2989 or exclusion. 2991 A notification name's or object instance's OBJECT IDENTIFIER X 2992 matches an entry in the snmpNotifyFilterTable when the number of 2993 sub-identifiers in X is at least as many as in the value of 2994 snmpNotifyFilterSubtree for the entry, and each sub-identifier in the 2995 value of snmpNotifyFilterSubtree matches its corresponding sub- 2996 identifier in X. Two sub-identifiers match either if the 2997 corresponding bit of snmpNotifyFilterMask is zero (the 'wild card' 2998 value), or if the two sub-identifiers are equal. 3000 Draft SNMPv3 Applications September 1997 3002 8. Management Target Translation in Proxy Forwarder Applications 3004 This section describes the mechanisms used by a proxy forwarder 3005 application when using the MIB module described in this document to 3006 translate incoming management target information into outgoing 3007 management target information for the purpose of forwarding messages. 3008 There are actually two mechanisms a proxy forwarder may use, one for 3009 forwarding request messages, and one for forwarding notification 3010 messages. 3012 8.1. Management Target Translation for Request Forwarding 3014 When forwarding request messages, the proxy forwarder will select a 3015 single entry in the snmpProxyTable. To select this entry, it will 3016 perform the following comparisons: 3018 - The snmpProxyType must be read(1) if the request is a Get, 3019 GetNext, or GetBulk request. The snmpProxyType must be 3020 write(2) if the request is a Set request. 3022 - The contextEngineId must equal the snmpProxyContextEngineID 3023 object. 3025 - If the snmpProxyContextName object is supported, it must equal 3026 the contextName. 3028 - The snmpProxyTargetParamsIn object identifies an entry in the 3029 snmpTargetParamsTable. The messageProcessingModel, 3030 securityLevel, security model, and securityName must match the 3031 values of snmpTargetParamsMPModel, 3032 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, 3033 and snmpTargetParamsSecurityLevel of the identified entry in 3034 the snmpTargetParamsTable. 3036 There may be multiple entries in the snmpProxyTable for which these 3037 comparisons succeed. The entry whose snmpProxyName has the 3038 lexicographically smallest value and for which the comparisons 3039 succeed will be selected by the proxy forwarder. 3041 The outgoing management target information is identified by the value 3042 of the snmpProxySingleTargetOut object of the selected entry. This 3043 object identifies an entry in the snmpTargetAddrTable. The 3044 identified entry in the snmpTargetAddrTable also contains a reference 3045 to the snmpTargetParamsTable (snmpTargetAddrParams). If either the 3046 identified entry in the snmpTargetAddrTable does not exist, or the 3047 identified entry in the snmpTargetParamsTable does not exist, then 3049 Draft SNMPv3 Applications September 1997 3051 this snmpProxyEntry does not identify valid forwarding information, 3052 and the proxy forwarder should attempt to identify another row. 3054 If there is no entry in the snmpProxyTable for which all of the 3055 conditions above may be met, then there is no appropriate forwarding 3056 information, and the proxy forwarder should take appropriate actions. 3058 Otherwise, The snmpTargetAddrTDomain, snmpTargetAddrTAddress, 3059 snmpTargetAddrTimeout, and snmpTargetRetryCount of the identified 3060 snmpTargetAddrEntry, and the snmpTargetParamsMPModel, 3061 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, and 3062 snmpTargetParamsSecurityLevel of the identified snmpTargetParamsEntry 3063 are used as the destination management target. 3065 8.2. Management Target Translation for Notification Forwarding 3067 When forwarding notification messages, the proxy forwarder will 3068 select multiple entries in the snmpProxyTable. To select these 3069 entries, it will perform the following comparisons: 3071 - The snmpProxyType must be trap(3) if the notification is a 3072 Trap. The snmpProxyType must be inform(4) if the request is 3073 an Inform. 3075 - The contextEngineId must equal the snmpProxyContextEngineID 3076 object. 3078 - If the snmpProxyContextName object is supported, it must equal 3079 the contextName. 3081 - The snmpProxyTargetParamsIn object identifies an entry in the 3082 snmpTargetParamsTable. The messageProcessingModel, 3083 securityLevel, security model, and securityName must match the 3084 values of snmpTargetParamsMPModel, 3085 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, 3086 and snmpTargetParamsSecurityLevel of the identified entry in 3087 the snmpTargetParamsTable. 3089 All entries for which these conditions are met are selected. The 3090 snmpProxyMultipleTargetOut object of each such entry is used to 3091 select a set of entries in the snmpTargetAddrTable. Any 3092 snmpTargetAddrEntry whose snmpTargetAddrTagList object contains a tag 3093 value equal to the value of snmpProxyMultipleTargetOut, and whose 3094 snmpTargetAddrParams object references an existing entry in the 3095 snmpTargetParamsTable, is selected as a destination for the forwarded 3096 notification. 3098 Draft SNMPv3 Applications September 1997 3100 9. Security Considerations 3102 The SNMP applications described in this document typically have 3103 direct access to MIB instrumentation. Thus, it is very important 3104 that these applications be strict in their application of access 3105 control as described in this document. 3107 In addition, there may be some types of notification generator 3108 applications which, rather than accessing MIB instrumentation using 3109 access control, will obtain MIB information through other means (such 3110 as from a command line). The implementors and users of such 3111 applications must be responsible for not divulging MIB information 3112 that normally would be inaccessible due to access control. 3114 10. Editor's Address 3116 David B. Levi 3117 SNMP Research, Inc. 3118 3001 Kimberlin Heights Road 3119 Knoxville, TN 37920-9716 3120 U.S.A. 3121 Phone: +1 423 573 1434 3122 EMail: levi@snmp.com 3124 Paul Meyer 3125 Secure Computing Corporation 3126 2675 Long Lake Road 3127 Roseville, MN 55113 3128 U.S.A. 3129 Phone: +1 612 628 1592 3130 EMail: paul_meyer@securecomputing.com 3132 Bob Stewart 3133 Cisco Systems, Inc. 3134 170 West Tasman Drive 3135 San Jose, CA 95134-1706 3136 U.S.A. 3137 Phone: +1 603 654 6923 3138 EMail: bstewart@cisco.com 3140 Draft SNMPv3 Applications September 1997 3142 11. Acknowledgments 3144 This document is the result of the efforts of the SNMPv3 Working 3145 Group. Some special thanks are in order to the following SNMPv3 WG 3146 members: 3148 Dave Battle (SNMP Research, Inc.) 3149 Uri Blumenthal (IBM T.J. Watson Research Center) 3150 Jeff Case (SNMP Research, Inc.) 3151 John Curran (BBN) 3152 T. Max Devlin (Hi-TECH Connections) 3153 John Flick (Hewlett Packard) 3154 David Harrington (Cabletron Systems Inc.) 3155 N.C. Hien (IBM T.J. Watson Research Center) 3156 Dave Levi (SNMP Research, Inc.) 3157 Louis A Mamakos (UUNET Technologies Inc.) 3158 Paul Meyer (Secure Computing Corporation) 3159 Keith McCloghrie (Cisco Systems) 3160 Russ Mundy (Trusted Information Systems, Inc.) 3161 Bob Natale (ACE*COMM Corporation) 3162 Mike O'Dell (UUNET Technologies Inc.) 3163 Dave Perkins (DeskTalk) 3164 Peter Polkinghorne (Brunel University) 3165 Randy Presuhn (BMC Software, Inc.) 3166 David Reid (SNMP Research, Inc.) 3167 Shawn Routhier (Epilogue) 3168 Juergen Schoenwaelder (TU Braunschweig) 3169 Bob Stewart (Cisco Systems) 3170 Bert Wijnen (IBM T.J. Watson Research Center) 3172 The document is based on recommendations of the IETF Security and 3173 Administrative Framework Evolution for SNMP Advisory Team. Members of 3174 that Advisory Team were: 3176 David Harrington (Cabletron Systems Inc.) 3177 Jeff Johnson (Cisco Systems) 3178 David Levi (SNMP Research Inc.) 3179 John Linn (Openvision) 3180 Russ Mundy (Trusted Information Systems) chair 3181 Shawn Routhier (Epilogue) 3182 Glenn Waters (Nortel) 3183 Bert Wijnen (IBM T. J. Watson Research Center) 3185 As recommended by the Advisory Team and the SNMPv3 Working Group 3186 Charter, the design incorporates as much as practical from previous 3187 RFCs and drafts. As a result, special thanks are due to the authors 3188 of previous designs known as SNMPv2u and SNMPv2*: 3190 Draft SNMPv3 Applications September 1997 3192 Jeff Case (SNMP Research, Inc.) 3193 David Harrington (Cabletron Systems Inc.) 3194 David Levi (SNMP Research, Inc.) 3195 Keith McCloghrie (Cisco Systems) 3196 Brian O'Keefe (Hewlett Packard) 3197 Marshall T. Rose (Dover Beach Consulting) 3198 Jon Saperia (BGS Systems Inc.) 3199 Steve Waldbusser (International Network Services) 3200 Glenn W. Waters (Bell-Northern Research Ltd.) 3202 Draft SNMPv3 Applications September 1997 3204 12. References 3206 [RFC1157] 3207 Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network 3208 Management Protocol", RFC 1157, SNMP Research, Performance Systems 3209 International, Performance Systems International, MIT Laboratory 3210 for Computer Science, May 1990. 3212 [RFC1213] 3213 McCloghrie, K., and M. Rose, Editors, "Management Information Base 3214 for Network Management of TCP/IP-based internets: MIB-II", STD 17, 3215 RFC 1213, Hughes LAN Systems, Performance Systems International, 3216 March 1991. 3218 [RFC1902] 3219 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3220 Waldbusser, "Structure of Management Information for Version 2 of 3221 the Simple Network Management Protocol (SNMPv2)", RFC1902, SNMP 3222 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3223 International Network Services, January 1996. 3225 [RFC1903] 3226 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3227 Waldbusser, "Textual Conventions for Version 2 of the Simple 3228 Network Management Protocol (SNMPv2)", RFC1903, SNMP Research,Inc., 3229 Cisco Systems, Inc., Dover Beach Consulting, Inc., International 3230 Network Services, January 1996. 3232 [RFC1905] 3233 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3234 Waldbusser, "Protocol Operations for Version 2 of the Simple 3235 Network Management Protocol (SNMPv2)", RFC1905, SNMP Research,Inc., 3236 Cisco Systems, Inc., Dover Beach Consulting, Inc., International 3237 Network Services, January 1996. 3239 [RFC1907] 3240 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3241 Waldbusser, "Management Information Base for Version 2 of the 3242 Simple Network Management Protocol (SNMPv2)", RFC1905, SNMP 3243 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3244 International Network Services, January 1996. 3246 [RFC1908] 3247 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3248 Waldbusser, "Coexistence between Version 1 and Version 2 of the 3249 Internet-standard Network Management Framework", RFC1905, SNMP 3250 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3252 Draft SNMPv3 Applications September 1997 3254 International Network Services, January 1996. 3256 [SNMP-ARCH] 3257 The SNMPv3 Working Group, Harrington, D., Wijnen, B., "An 3258 Architecture for Describing SNMP Management Frameworks", draft- 3259 ietf-snmpv3-arch-00.txt, September 1997. 3261 [SNMP-MPD] 3262 The SNMPv3 Working Group, Case, J., Harrington, D., Wijnen, B., 3263 "Message Processing and Dispatching for the Simple Network 3264 Management Protocol (SNMP)", draft-ietf-snmpv3-mpd-00.txt, 3265 September 1997. 3267 [SNMP-ACM] 3268 The SNMPv3 Working Group, Wijnen, B., Presuhn, R., McCloghrie, K., 3269 "View-based Access Control Model for the Simple Network Management 3270 Protocol (SNMP)", draft-ietf-snmpv3-vacm-00.txt, September 1997. 3272 APPENDIX A - Trap Configuration Example 3274 This section describes an example configuration for a Notification 3275 Generator application which implements the snmpNotifyBasicCompliance 3276 level. The example configuration specifies that the Notification 3277 Generator should send notifications to 3 separate managers, using 3278 authentication and no privacy for the first 2 managers, and using 3279 both authentication and privacy for the third manager. 3281 The configuration consists of three rows in the snmpTargetAddrTable, 3282 and two rows in the snmpTargetTable. 3284 snmpTargetAddrName SnmpAdminString, 3285 snmpTargetAddrTDomain TDomain, 3286 snmpTargetAddrTAddress TAddress, 3287 snmpTargetAddrTimeout TimeInterval, 3288 snmpTargetAddrRetryCount Integer32, 3289 snmpTargetAddrTagList SnmpAdminString, 3290 snmpTargetAddrParams SnmpAdminString, 3291 snmpTargetAddrStorageType StorageType, 3292 snmpTargetAddrRowStatus RowStatus 3294 * snmpTargetAddrName = "addr1" 3295 snmpTargetAddrTDomain = snmpUDPDomain 3296 snmpTargetAddrTAddress = 128.1.2.3:162 3297 snmpTargetAddrTagList = "group1" 3298 snmpTargetAddrParams = "AuthNoPriv joe" 3300 Draft SNMPv3 Applications September 1997 3302 snmpTargetAddrStorageType = readOnly(5) 3303 snmpTargetAddrRowStatus = active(1) 3305 * snmpTargetAddrName = "addr2" 3306 snmpTargetAddrTDomain = snmpUDPDomain 3307 snmpTargetAddrTAddress = 128.2.4.6:162 3308 snmpTargetAddrTagList = "group1" 3309 snmpTargetAddrParams = "AuthNoPriv-joe" 3310 snmpTargetAddrStorageType = readOnly(5) 3311 snmpTargetAddrRowStatus = active(1) 3313 * snmpTargetAddrName = "addr3" 3314 snmpTargetAddrTDomain = snmpUDPDomain 3315 snmpTargetAddrTAddress = 128.1.2.3:162 3316 snmpTargetAddrTagList = "group2" 3317 snmpTargetAddrParams = "AuthPriv-bob" 3318 snmpTargetAddrStorageType = readOnly(5) 3319 snmpTargetAddrRowStatus = active(1) 3321 * snmpTargetParamsName = "AuthNoPriv-joe" 3322 snmpTargetParamsMPModel = 3 3323 snmpTargetParamsSecurityModel = 3 (USM) 3324 snmpTargetParamsSecurityName = "joe" 3325 snmpTargetParamsSecurityLevel = authNoPriv(2) 3326 snmpTargetParamsStorageType = readOnly(5) 3327 snmpTargetParamsRowStatus = active(1) 3329 * snmpTargetParamsName = "AuthPriv-bob" 3330 snmpTargetParamsMPModel = 3 3331 snmpTargetParamsSecurityModel = 3 (USM) 3332 snmpTargetParamsSecurityName = "bob" 3333 snmpTargetParamsSecurityLevel = authPriv(3) 3334 snmpTargetParamsStorageType = readOnly(5) 3335 snmpTargetParamsRowStatus = active(1) 3337 * snmpNotifyName = "group1" 3338 snmpNotifyTag = "group1" 3339 snmpNotifyType = trap(1) 3340 snmpNotifyStorageType = readOnly(5) 3341 snmpNotifyRowStatus = active(1) 3343 * snmpNotifyName = "group2" 3344 snmpNotifyTag = "group2" 3345 snmpNotifyType = trap(1) 3346 snmpNotifyStorageType = readOnly(5) 3347 snmpNotifyRowStatus = active(1) 3349 Draft SNMPv3 Applications September 1997 3351 These entries define two groups of management targets. The first 3352 group contains two management targets: 3354 first target second target 3355 ------------ ------------- 3356 messageProcessingModel SNMPv3 SNMPv3 3357 securityModel 3 (USM) 3 (USM) 3358 securityName "joe" "joe" 3359 securityLevel authNoPriv(2) authNoPriv(2) 3360 transportDomain snmpUDPDomain snmpUDPDomain 3361 transportAddress 128.1.2.3:162 128.2.4.6:162 3363 And the second group contains a single management target: 3365 messageProcessingModel SNMPv3 3366 securityLevel authPriv(3) 3367 securityModel 3 (USM) 3368 securityName "bob" 3369 transportDomain snmpUDPDomain 3370 transportAddress 128.1.5.9:162 3372 Draft SNMPv3 Applications September 1997 3374 Table of Contents 3376 1 Abstract ..................................................... 2 3377 2 Overview ..................................................... 3 3378 2.1 Command Generator Applications ............................. 3 3379 2.2 Command Responder Applications ............................. 3 3380 2.3 Notification Originator Applications ....................... 4 3381 2.4 Notification Receiver Applications ......................... 4 3382 2.5 Proxy Forwarder Applications ............................... 4 3383 3 Management Targets ........................................... 6 3384 4 Elements Of Procedure ........................................ 6 3385 4.1 Command Generator Applications ............................. 6 3386 4.2 Command Responder Applications ............................. 10 3387 4.3 Notification Originator Applications ....................... 15 3388 4.4 Notification Receiver Applications ......................... 18 3389 4.5 Proxy Forwarder Applications ............................... 20 3390 4.5.1 Request Forwarding ....................................... 21 3391 4.5.1.1 Processing an Incoming Request ......................... 21 3392 4.5.1.2 Processing an Incoming Response ........................ 24 3393 4.5.1.3 Processing an Incoming Report Indication ............... 25 3394 4.5.2 Notification Forwarding .................................. 26 3395 5 The Structure of the MIB Modules ............................. 30 3396 5.1 The Management Target MIB Module ........................... 30 3397 5.1.1 Tag Lists ................................................ 30 3398 5.1.2 Definitions .............................................. 31 3399 5.2 The Notification MIB Module ................................ 45 3400 5.2.1 Definitions .............................................. 45 3401 5.3 The Proxy MIB Module ....................................... 58 3402 5.3.1 Definitions .............................................. 58 3403 6 Identification of Management Targets in Notification Origi- 3404 nators .................................................... 65 3405 7 Notification Filtering ....................................... 66 3406 8 Management Target Translation in Proxy Forwarder Applica- 3407 tions ..................................................... 68 3408 8.1 Management Target Translation for Request Forwarding ....... 68 3409 8.2 Management Target Translation for Notification Forwarding 3410 ........................................................... 69 3411 9 Security Considerations ...................................... 70 3412 10 Editor's Address ............................................ 70 3413 11 Acknowledgments ............................................. 71 3414 12 References .................................................. 73 3415 Appendix A Trap Configuration Example .......................... 74 3417 Expires March 1998 [Page 77ENDPAGE