idnits 2.17.1 draft-ietf-snmpv3-appl-03.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-19) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing document type: Expected "INTERNET-DRAFT" in the upper left hand corner of the first page ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** The document is more than 15 pages and seems to lack a Table of Contents. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([SNMP-ARCH]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 623: '...P manageable, it MUST use the SNMP-TAR...' RFC 2119 keyword, line 904: '...table SNMP manageable, it MUST use the...' Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 3396 has weird spacing: '...tyLevel auth...' == Line 3397 has weird spacing: '...tDomain snmp...' == Line 3403 has weird spacing: '...tyLevel auth...' == Line 3406 has weird spacing: '...tDomain snmp...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 1997) is 9683 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC1157' is defined on line 3243, but no explicit reference was found in the text == Unused Reference: 'RFC1213' is defined on line 3249, but no explicit reference was found in the text == Unused Reference: 'RFC1902' is defined on line 3255, but no explicit reference was found in the text == Unused Reference: 'RFC1903' is defined on line 3262, but no explicit reference was found in the text == Unused Reference: 'SNMP-MPD' is defined on line 3298, but no explicit reference was found in the text == Unused Reference: 'SNMP-ACM' is defined on line 3304, but no explicit reference was found in the text ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Obsolete normative reference: RFC 1902 (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1905 (Obsoleted by RFC 3416) -- Duplicate reference: RFC1905, mentioned in 'RFC1907', was also mentioned in 'RFC1905'. ** Obsolete normative reference: RFC 1905 (ref. 'RFC1907') (Obsoleted by RFC 3416) -- Duplicate reference: RFC1905, mentioned in 'RFC1908', was also mentioned in 'RFC1907'. ** Obsolete normative reference: RFC 1905 (ref. 'RFC1908') (Obsoleted by RFC 3416) == Outdated reference: A later version (-06) exists of draft-ietf-snmpv3-next-gen-arch-05 == Outdated reference: A later version (-06) exists of draft-ietf-snmpv3-v3mpc-model-05 == Outdated reference: A later version (-04) exists of draft-ietf-snmpv3-acm-03 Summary: 19 errors (**), 0 flaws (~~), 14 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Draft SNMPv3 Applications October 1997 4 SNMPv3 Applications 6 October 9, 1997 8 10 David B. Levi 11 SNMP Research, Inc. 12 levi@snmp.com 14 Paul Meyer 15 Secure Computing Corporation 16 paul_meyer@securecomputing.com 18 Bob Stewart 19 Cisco Systems 20 bstewart@cisco.com 22 Status of this Memo 24 This document is an Internet-Draft. Internet-Drafts are working 25 documents of the Internet Engineering Task Force (IETF), its areas, 26 and its working groups. Note that other groups may also distribute 27 working documents as Internet-Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as ``work in progress.'' 34 To learn the current status of any Internet-Draft, please check the 35 ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow 36 Directories on ds.internic.net (US East Coast), nic.nordu.net 37 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 38 Rim). 40 Draft SNMPv3 Applications October 1997 42 1. Abstract 44 This memo describes five types of SNMP applications which make use of 45 an SNMP engine as described in [SNMP-ARCH]. The types of application 46 described are: 48 - Command Generators 50 - Command Responders 52 - Notification Originators 54 - Notification Receivers 56 - Proxy Forwarders 58 This memo also defines MIB modules for specifying targets of 59 management operations, for notification filtering, and for proxy 60 forwarding. 62 Draft SNMPv3 Applications October 1997 64 2. Overview 66 This document describes five types of SNMP applications: 68 - Applications which initiate SNMP Get, GetNext, GetBulk, and/or 69 Set requests, called 'command generators.' 71 - Applications which respond to SNMP Get, GetNext, GetBulk, 72 and/or Set requests, called 'command responders.' 74 - Applications which generate notifications, called 75 'notification originators.' 77 - Applications which receive notifications, called 'notification 78 receivers.' 80 - Applications which forward SNMP Get, GetNext, GetBulk, and/or 81 Set requests or notifications, called 'proxy forwarder.' 83 Note that there are no restrictions on which types of applications 84 may be associated with a particular SNMP engine. For example, a 85 single SNMP engine may, in fact, be associated with both command 86 generator and command responder applications. 88 2.1. Command Generator Applications 90 A command generator application initiates SNMP Get, GetNext, GetBulk, 91 and/or Set requests, as well as processing the response to a request 92 which it generated. 94 2.2. Command Responder Applications 96 A command responder application receives SNMP Get, GetNext, GetBulk, 97 and/or Set requests destined for the local system as indicated by the 98 fact that the contextEngineID in the received request is equal to 99 that of the local engine through which the request was received. The 100 command responder application will perform the appropriate protocol 101 operation, using access control, and will generate a response message 102 to be sent to the request's originator. 104 Draft SNMPv3 Applications October 1997 106 2.3. Notification Originator Applications 108 A notification originator application conceptually monitors a system 109 for particular events or conditions, and generates Trap and/or Inform 110 messages based on these events or conditions. A notification 111 originator must have a mechanism for determining where to send 112 messages, and what SNMP version and security parameters to use when 113 sending messages. A mechanism and MIB module for this purpose is 114 provided in this document. 116 2.4. Notification Receiver Applications 118 A notification receiver application listens for notification 119 messages, and generates response messages when a message containing 120 an Inform PDU is received. 122 2.5. Proxy Forwarder Applications 124 A proxy forwarder application forwards SNMP messages. Note that 125 implementation of a proxy forwarder application is optional. The 126 sections describing proxy (4.5, 5.3, and 8) may be skipped for 127 implementations that do not include a proxy forwarder application. 129 The term "proxy" has historically been used very loosely, with 130 multiple different meanings. These different meanings include (among 131 others): 133 (1) the forwarding of SNMP requests to other SNMP entities without 134 regard for what managed object types are being accessed; for 135 example, in order to forward an SNMP request from one transport 136 domain to another, or to translate SNMP requests of one version 137 into SNMP requests of another version; 139 (2) the translation of SNMP requests into operations of some non-SNMP 140 management protocol; and 142 (3) support for aggregated managed objects where the value of one 143 managed object instance depends upon the values of multiple other 144 (remote) items of management information. 146 Each of these scenarios can be advantageous; for example, support for 147 aggregation of management information can significantly reduce the 148 bandwidth requirements of large-scale management activities. 149 However, using a single term to cover multiple different scenarios 150 causes confusion. 152 Draft SNMPv3 Applications October 1997 154 To avoid such confusion, this document uses the term "proxy" with a 155 much more tightly defined meaning. The term "proxy" is used in this 156 document to refer to a proxy forwarder application which forwards 157 either SNMP requests, notifications, and responses without regard for 158 what managed objects are contained within requests or notifications. 159 This definition is most closely related to the first definition 160 above. Note, however, that in the SNMP architecture [SNMP-ARCH], a 161 proxy forwarder is actually an application, and need not be 162 associated with what is traditionally thought of as an SNMP agent. 164 Specifically, the distinction between a traditional SNMP agent and a 165 proxy forwarder application is simple: 167 - a proxy forwarder application forwards requests and/or 168 notifications to other SNMP engines according to the context, 169 and irrespective of the specific managed object types being 170 accessed, and forwards the response to such previously 171 forwarded messages back to the SNMP engine from which the 172 original message was received; 174 - in contrast, the command responder application that is part of 175 what is traditionally thought of as an SNMP agent, and which 176 processes SNMP requests according to the (names of the) 177 individual managed object types and instances being accessed, 178 is NOT a proxy forwarder application from the perspective of 179 this document. 181 Thus, when a proxy forwarder application forwards a request or 182 notification for a particular contextEngineID / contextName pair, not 183 only is the information on how to forward the request specifically 184 associated with that context, but the proxy forwarder application has 185 no need of a detailed definition of a MIB view (since the proxy 186 forwarder application forwards the request irrespective of the 187 managed object types). 189 In contrast, a command responder application must have the detailed 190 definition of the MIB view, and even if it needs to issue requests to 191 other entities, via SNMP or otherwise, that need is dependent on the 192 individual managed object instances being accessed (i.e., not only on 193 the context). 195 Note that it is a design goal of a proxy forwarder application to act 196 as an intermediary between the endpoints of a transaction. In 197 particular, when forwarding Inform requests, the associated response 198 is forwarded when it is received from the target to which the Inform 199 request was forwarded, rather than generating a response immediately 200 when an Inform request is received. 202 Draft SNMPv3 Applications October 1997 204 3. Management Targets 206 Some types of applications (notification generators and proxy 207 forwarders in particular) require a mechanism for determining where 208 and how to send generated messages. This document provides a 209 mechanism and MIB module for this purpose. The set of information 210 that describes where and how to send a message is called a 211 'Management Target', and consists of two kinds of information: 213 - Destination information, consisting of a transport domain and 214 a transport address. This is also termed a transport 215 endpoint. 217 - SNMP parameters, consisting of message processing model, 218 security model, security level, and security name information. 220 The SNMP-TARGET-MIB module described later in this document contains 221 one table for each of these types of information. There can be a 222 many-to-many relationship in the MIB between these two types of 223 information. That is, there may be multiple transport endpoints 224 associated with a particular set of SNMP parameters, or a particular 225 transport endpoint may be associated with several sets of SNMP 226 parameters. 228 4. Elements Of Procedure 230 The following sections describe the procedures followed by each type 231 of application when generating messages for transmission or when 232 processing received messages. Applications communicate with the 233 Dispatcher using the abstract service interfaces defined in [SNMP- 234 ARCH]. 236 4.1. Command Generator Applications 238 A command generator initiates an SNMP request by calling the 239 Dispatcher using the following abstract service interface: 241 statusInformation = -- sendPduHandle if success 242 -- errorIndication if failure 243 sendPdu( 244 IN transportDomain -- transport domain to be used 245 IN transportAddress -- destination network address 246 IN messageProcessingModel -- typically, SNMP version 247 IN securityModel -- Security Model to use 248 IN securityName -- on behalf of this principal 250 Draft SNMPv3 Applications October 1997 252 IN securityLevel -- Level of Security requested 253 IN contextEngineID -- data from/at this entity 254 IN contextName -- data from/in this context 255 IN pduVersion -- the version of the PDU 256 IN PDU -- SNMP Protocol Data Unit 257 IN expectResponse -- TRUE or FALSE 258 ) 260 Where: 262 - The transportDomain is that of the destination of the message. 264 - The transportAddress is that of the destination of the 265 message. 267 - The messageProcessingModel indicates which Message Processing 268 Model the application wishes to use. 270 - The securityModel is the security model that the application 271 wishes to use. 273 - The securityName is the security model independent name for 274 the principal on whose behalf the application wishes the 275 message is to be generated. 277 - The securityLevel is the security level that the application 278 wishes to use. 280 - The contextEngineID is provided by the command generator if it 281 wishes to explicitly specify the location of the management 282 information it is requesting. 284 - The contextName is provided by the command generator if it 285 wishes to explicitly specify the local context name for the 286 management information it is requesting. 288 - The pduVersion indicates the version of the PDU to be sent. 290 - The PDU is a value constructed by the command generator 291 containing the management operation that the command generator 292 wishes to perform. 294 - The expectResponse argument indicates that a response is 295 expected. 297 The result of the sendPdu interface indicates whether the PDU was 298 successfully sent. If it was successfully sent, the returned value 300 Draft SNMPv3 Applications October 1997 302 will be a sendPduHandle. The command generator should store the 303 sendPduHandle so that it can correlate a response to the original 304 request. 306 The Dispatcher is responsible for delivering the response to a 307 particular request to the correct command generator application. The 308 abstract service interface used is: 310 processResponsePdu( -- process Response PDU 311 IN messageProcessingModel -- typically, SNMP version 312 IN securityModel -- Security Model in use 313 IN securityName -- on behalf of this principal 314 IN securityLevel -- Level of Security 315 IN contextEngineID -- data from/at this SNMP entity 316 IN contextName -- data from/in this context 317 IN pduVersion -- the version of the PDU 318 IN PDU -- SNMP Protocol Data Unit 319 IN statusInformation -- success or errorIndication 320 IN sendPduHandle -- handle from sendPDU 321 ) 323 Where: 325 - The messageProcessingModel is the value from the received 326 response. 328 - The securityModel is the value from the received response. 330 - The securityName is the value from the received response. 332 - The securityLevel is the value from the received response. 334 - The contextEngineID is the value from the received response. 336 - The contextName is the value from the received response. 338 - The pduVersion indicates the version of the PDU in the 339 received response. 341 - The PDU is the value from the received response. 343 - The statusInformation indicates success or failure in 344 receiving the response. 346 - The sendPduHandle is the value returned by the sendPdu call 347 which generated the original request to which this is a 348 response. 350 Draft SNMPv3 Applications October 1997 352 The procedure when a command generator receives a message is as 353 follows: 355 (1) If the received values of messageProcessingModel, securityModel, 356 securityName, contextEngineID, contextName, and pduVersion are not 357 all equal to the values used in the original request, the response 358 is discarded. 360 (2) The operation type, request-id, error-status, error-index, and 361 variable-bindings are extracted from the PDU and saved. If the 362 request-id is not equal to the value used in the original request, 363 the response is discarded. 365 (3) At this point, it is up to the application to take an appropriate 366 action. The specific action is implementation dependent. If the 367 statusInformation indicates that the request failed, an appropriate 368 action might be to attempt to transmit the request again, or to 369 notify the person operating the application that a failure 370 occurred. 372 Draft SNMPv3 Applications October 1997 374 4.2. Command Responder Applications 376 Before a command responder application can process messages, it must 377 first associate itself with an SNMP engine. The abstract service 378 interface used for this purpose is: 380 statusInformation = -- success or errorIndication 381 registerContextEngineID( 382 IN contextEngineID -- take responsibility for this one 383 IN pduType -- the pduType(s) to be registered 384 ) 386 Where: 388 - The statusInformation indicates success or failure of the 389 registration attempt. 391 - The contextEngineID is equal to the snmpEngineID of the SNMP 392 engine with which the command responder is registering. 394 - The pduType indicates a Get, GetNext, GetBulk, or Set pdu. 396 Note that if another command responder application is already 397 registered with an SNMP engine, any further attempts to register with 398 the same contextEngineID and pduType will be denied. This implies 399 that separate command responder applications could register 400 separately for the various pdu types. However, in practice this is 401 undesirable, and only a single command responder application should 402 be registered with an SNMP engine at any given time. 404 A command responder application can disassociate with an SNMP engine 405 using the following abstract service interface: 407 unregisterContextEngineID( 408 IN contextEngineID -- give up responsibility for this one 409 IN pduType -- the pduType(s) to be unregistered 410 ) 412 Where: 414 - The contextEngineID is equal to the snmpEngineID of the SNMP 415 engine with which the command responder is cancelling the 416 registration. 418 - The pduType indicates a Get, GetNext, GetBulk, or Set pdu. 420 Once the command responder has registered with the SNMP engine, it 422 Draft SNMPv3 Applications October 1997 424 waits to receive SNMP messages. The abstract service interface used 425 for receiving messages is: 427 processPdu( -- process Request/Notification PDU 428 IN messageProcessingModel -- typically, SNMP version 429 IN securityModel -- Security Model in use 430 IN securityName -- on behalf of this principal 431 IN securityLevel -- Level of Security 432 IN contextEngineID -- data from/at this SNMP entity 433 IN contextName -- data from/in this context 434 IN pduVersion -- the version of the PDU 435 IN PDU -- SNMP Protocol Data Unit 436 IN maxSizeResponseScopedPDU -- maximum size of the Response PDU 437 IN stateReference -- reference to state information 438 ) -- needed when sending a response 440 Where: 442 - The messageProcessingModel indicates which Message Processing 443 Model received and processed the message. 445 - The securityModel is the value from the received message. 447 - The securityName is the value from the received message. 449 - The securityLevel is the value from the received message. 451 - The contextEngineID is the value from the received message. 453 - The contextName is the value from the received message. 455 - The pduVersion indicates the version of the PDU in the 456 received message. 458 - The PDU is the value from the received message. 460 - The maxSizeResponseScopedPDU is the maximum allowable size of 461 a ScopedPDU containing a Response PDU (based on the maximum 462 message size that the originator of the message can accept). 464 - The stateReference is a value which references cached 465 information about each received request message. This value 466 must be returned to the Dispatcher in order to generate a 467 response. 469 The procedure when a message is received is as follows. 471 Draft SNMPv3 Applications October 1997 473 (1) The operation type is determined from the ASN.1 tag value 474 associated with the PDU parameter. The operation type should 475 always be one of the types previously registered by the 476 application. 478 (2) The request-id is extracted from the PDU and saved. 480 (3) If the SNMPv2 operation type is GetBulk, the non-repeaters and 481 max-repetitions values are extracted from the PDU and saved. 483 (4) The variable-bindings are extracted from the PDU and saved. 485 (5) The management operation represented by the SNMPv2 operation type 486 is performed with respect to the relevant MIB view within the 487 context named by the contextName, according to the procedures set 488 forth in [RFC1905]. The relevant MIB view is determined by the 489 securityLevel, securityModel, contextName, securityName, and SNMPv2 490 operation type. To determine whether a particular object instance 491 is within the relevant MIB view, the following abstract service 492 interface is called: 494 statusInformation = -- success or errorIndication 495 isAccessAllowed( 496 IN securityModel -- Security Model in use 497 IN securityName -- principal who wants to access 498 IN securityLevel -- Level of Security 499 IN viewType -- read, write, or notify view 500 IN contextName -- context containing variableName 501 IN variableName -- OID for the managed object 502 ) 504 Where: 506 - The securityModel is the value from the received message. 508 - The securityName is the value from the received message. 510 - The securityLevel is the value from the received message. 512 - The viewType indicates whether the PDU type is a read or write 513 operation. 515 - The contextName is the value from the received message. 517 - The variableName is the object instance of the variable for 518 which access rights are to be checked. 520 Draft SNMPv3 Applications October 1997 522 Normally, the result of the management operation will be a new PDU 523 value, and processing will continue in step (6) below. However, at 524 any time during the processing of the management operation: 526 - If the isAccessAllowed ASI returns a noSuchView, 527 noAccessEntry, or noGroupName error, processing of the 528 management operation is halted, a PDU value is contructed 529 using the values from the originally received PDU, but 530 replacing the error_status with an authorizationError code, 531 and error_index value of 0, and control is passed to step (6) 532 below. 534 - If the isAccessAllowed ASI returns an otherError, processing 535 of the management operation is halted, a different PDU value 536 is contructed using the values from the originally received 537 PDU, but replacing the error_status with a genError code, and 538 control is passed to step (6) below. 540 - If the isAccessAllowed ASI returns a noSuchContext error, 541 processing of the management operation is halted, no result 542 PDU is generated, the snmpUnknownContexts counter is 543 incremented, and control is passed to step (6) below. 545 - If the context named by the contextName parameter is 546 unavailable, processing of the management operation is halted, 547 no result PDU is generated, the snmpUnavailableContexts 548 counter is incremented, and control is passed to step (6) 549 below. 551 (6) The Dispatcher is called to generate a response or report message. 552 The abstract service interface is: 554 returnResponsePdu( 555 IN messageProcessingModel -- typically, SNMP version 556 IN securityModel -- Security Model in use 557 IN securityName -- on behalf of this principal 558 IN securityLevel -- same as on incoming request 559 IN contextEngineID -- data from/at this SNMP entity 560 IN contextName -- data from/in this context 561 IN pduVersion -- the version of the PDU 562 IN PDU -- SNMP Protocol Data Unit 563 IN maxSizeResponseScopedPDU -- maximum size of the Response PDU 564 IN stateReference -- reference to state information 565 -- as presented with the request 566 IN statusInformation -- success or errorIndication 567 ) -- error counter OID/value if error 569 Draft SNMPv3 Applications October 1997 571 Where: 573 - The messageProcessingModel is the value from the processPdu 574 call. 576 - The securityModel is the value from the processPdu call. 578 - The securityName is the value from the processPdu call. 580 - The securityLevel is the value from the processPdu call. 582 - The contextEngineID is the value from the processPdu call. 584 - The contextName is the value from the processPdu call. 586 - The pduVersion indicates the version of the PDU to be 587 returned. If no result PDU was generated, the pduVersion is 588 an undefined value. 590 - The PDU is the result generated in step (5) above. If no 591 result PDU was generated, the PDU is an undefined value. 593 - The maxSizeResponseScopedPDU is a local value indicating the 594 maximum size of a ScopedPDU that the application can accept. 596 - The stateReference is the value from the processPdu call. 598 - The statusInformation either contains an indication that no 599 error occurred and that a response should be generated, or 600 contains an indication that an error occurred along with the 601 OID and counter value of the appropriate error counter object. 603 Note that a command responder application should always call the 604 returnResponsePdu abstract service interface, even in the event of an 605 error such as a resource allocation error. In the event of such an 606 error, the PDU value passed to returnResponsePdu should contain 607 appropriate values for errorStatus and errorIndex. 609 Draft SNMPv3 Applications October 1997 611 4.3. Notification Originator Applications 613 A notification originator application generates SNMP notification 614 messages. A notification message may, for example, contain an 615 SNMPv2-Trap PDU or an Inform PDU. However, a particular 616 implementation is not required to be capable of generating both types 617 of messages. 619 Notification originator applications require a mechanism for 620 identifying the management targets to which notifications should be 621 sent. The particular mechanism used is implementation dependent. 622 However, if an implementation makes the configuration of management 623 targets SNMP manageable, it MUST use the SNMP-TARGET-MIB module 624 described in this document. 626 When a notification originator wishes to generate a notification, it 627 must first determine in which context the information to be conveyed 628 in the notification exists, i.e., it must determine the 629 contextEngineID and contextName. It must then determine the set of 630 management targets to which the notification should be sent. The 631 application must also determine, for each management target, whether 632 the notification message should contain an SNMPv2-Trap PDU or Inform 633 PDU, and if it is to contain an Inform PDU, the number of retries and 634 retransmission algorithm. 636 The mechanism by which a notification originator determines this 637 information is implementation dependent. Once the application has 638 determined this information, the following procedure is performed for 639 each management target: 641 (1) Any appropriate filtering mechanisms are applied to determine 642 whether the notification should be sent to the management target. 643 If such filtering mechanisms determine that the notification should 644 not be sent, processing continues with the next management target. 645 Otherwise, 647 (2) The appropriate set of variable-bindings is retrieved from local 648 MIB instrumentation within the relevant MIB view. The relevant MIB 649 view is determined by the securityLevel, securityModel, 650 contextName, and securityName of the management target. To 651 determine whether a particular object instance is within the 652 relevant MIB view, the isAccessAllowed abstract service interface 653 is used, in the same manner as described in the preceding section. 654 If the statusInformation returned by isAccessAllowed does not 655 indicate accessAllowed, the notification is not sent to the 656 management target. 658 Draft SNMPv3 Applications October 1997 660 (3) A PDU is constructed using a locally unique request-id value, an 661 operation type of SNMPv2-Trap or Inform, an error-status and 662 error-index value of 0, and the variable-bindings supplied 663 previously in step (2). 665 (4) If the notification contains an SNMPv2-Trap PDU, the Dispatcher is 666 called using the following abstract service interface: 668 statusInformation = -- sendPduHandle if success 669 -- errorIndication if failure 670 sendPdu( 671 IN transportDomain -- transport domain to be used 672 IN transportAddress -- destination network address 673 IN messageProcessingModel -- typically, SNMP version 674 IN securityModel -- Security Model to use 675 IN securityName -- on behalf of this principal 676 IN securityLevel -- Level of Security requested 677 IN contextEngineID -- data from/at this entity 678 IN contextName -- data from/in this context 679 IN pduVersion -- the version of the PDU 680 IN PDU -- SNMP Protocol Data Unit 681 IN expectResponse -- TRUE or FALSE 682 ) 684 Where: 686 - The transportDomain is that of the management target. 688 - The transportAddress is that of the management target. 690 - The messageProcessingModel is that of the management target. 692 - The securityModel is that of the management target. 694 - The securityName is that of the management target. 696 - The securityLevel is that of the management target. 698 - The contextEngineID is the value originally determined for the 699 notification. 701 - The contextName is the value originally determined for the 702 notification. 704 - The pduVersion is the version of the PDU to be sent. 706 Draft SNMPv3 Applications October 1997 708 - The PDU is the value constructed in step (3) above. 710 - The expectResponse argument indicates that no response is 711 expected. 713 Otherwise, 715 (5) If the notification contains an Inform PDU, then: 717 a) The Dispatcher is called using the sendPdu abstract service 718 interface as described in step (4) above, except that the 719 expectResponse argument indicates that a response is expected. 721 b) The application caches information about the management 722 target. 724 c) If a response is received within an appropriate time interval 725 from the transport endpoint of the management target, the 726 notification is considered acknowledged and the cached 727 information is deleted. Otherwise, 729 d) If a response is not received within an appropriate time 730 period, or if a report indication is received, information 731 about the management target is retrieved from the cache, and 732 steps a) through d) are repeated. The number of times these 733 steps are repeated is equal to the previously determined retry 734 count. If this retry count is exceeded, the acknowledgement 735 of the notification is considered to have failed, and 736 processing of the notification for this management target is 737 halted. 739 Responses to Inform PDU notifications will be received via the 740 processResponsePDU abstract service interface. 742 Draft SNMPv3 Applications October 1997 744 4.4. Notification Receiver Applications 746 Notification receiver applications receive SNMP Notification messages 747 from the Dispatcher. Before any messages can be received, the 748 notification receiver must register with the Dispatcher using the 749 registerContextEngineID abstract service interface. The parameters 750 used are: 752 - The contextEngineID is an undefined 'wildcard' value. 753 Notifications are delivered to a registered notification 754 receiver regardless of the contextEngineID contained in the 755 notification message. 757 - The pduType indicates the type of notifications that the 758 application wishes to receive (for example, SNMPv2-Trap PDUs 759 or Inform PDUs). 761 Once the notification receiver has registered with the Dispatcher, 762 messages are received using the processPdu abstract service 763 interface. Parameters are: 765 - The messageProcessingModel indicates which Message Processing 766 Model received and processed the message. 768 - The securityModel is the value from the received message. 770 - The securityName is the value from the received message. 772 - The securityLevel is the value from the received message. 774 - The contextEngineID is the value from the received message. 776 - The contextName is the value from the received message. 778 - The pduVersion indicates the version of the PDU in the 779 received message. 781 - The PDU is the value from the received message. 783 - The maxSizeResponseScopedPDU is the maximum allowable size of 784 a ScopedPDU containing a Response PDU (based on the maximum 785 message size that the originator of the message can accept). 787 - If the message contains an SNMPv2-Trap PDU, the stateReference 788 is undefined and unused. Otherwise, the stateReference is a 789 value which references cached information about the 790 notification. This value must be returned to the Dispatcher 792 Draft SNMPv3 Applications October 1997 794 in order to generate a response. 796 When an SNMPv2-Trap PDU is delivered to a notification receiver 797 application, it first extracts the SNMP operation type, request-id, 798 error-status, error-index, and variable-bindings from the PDU. After 799 this, processing depends on the particular implementation. 801 When an Inform PDU is received, the notification receiver application 802 follows the following procedure: 804 (1) The SNMPv2 operation type, request-id, error-status, error-index, 805 and variable-bindings are extracted from the PDU. 807 (2) A Response PDU is constructed using the extracted request-id and 808 variable-bindings, and with error-status and error-index both set 809 to 0. 811 (3) The Dispatcher is called to generate a response message using the 812 returnResponsePdu abstract service interface. Parameters are: 814 - The messageProcessingModel is the value from the processPdu 815 call. 817 - The securityModel is the value from the processPdu call. 819 - The securityName is the value from the processPdu call. 821 - The securityLevel is the value from the processPdu call. 823 - The contextEngineID is the value from the processPdu call. 825 - The contextName is the value from the processPdu call. 827 - The pduVersion indicates the version of the PDU to be 828 returned. 830 - The PDU is the result generated in step (2) above. 832 - The maxSizeResponseScopedPDU is a local value indicating the 833 maximum size of a ScopedPDU that the application can accept. 835 - The stateReference is the value from the processPdu call. 837 - The statusInformation indicates that no error occurred and 838 that a response should be generated. 840 Draft SNMPv3 Applications October 1997 842 4.5. Proxy Forwarder Applications 844 A proxy forwarder application deals with forwarding SNMP messages. 845 There are four basic types of messages which a proxy forwarder 846 application may need to forward. These are grouped according to the 847 PDU type contained in a message, or according to whether a report 848 indication is contained in the message. The four basic types of 849 messages are: 851 - Those containing PDU types which were generated by a command 852 generator application (for example, Get, GetNext, GetBulk, and 853 Set PDU types). These deal with requesting or modifying 854 information located within a particular context. 856 - Those containing PDU types which were generated by a 857 notification originator application (for example, SNMPv2-Trap 858 and Inform PDU types). These deal with notifications 859 concerning information located within a particular context. 861 - Those containing a Response PDU type. Forwarding of Response 862 PDUs always occurs as a result of receiving a response to a 863 previously forwarded message. 865 - Those containing a report indication. Forwarding of report 866 indications always occurs as a result of receiving a report 867 indication for a previously forwarded message. 869 For the first type, the proxy forwarder's role is to deliver a 870 request for management information to an SNMP engine which is 871 "closer" or "downstream in the path" to the SNMP engine which has 872 access to that information, and to deliver the response containing 873 the information back to the SNMP engine from which the request was 874 received. The context information in a request is used to determine 875 which SNMP engine has access to the requested information, and this 876 is used to determine where and how to forward the request. 878 For the second type, the proxy forwarder's role is to determine which 879 SNMP engines should receive notifications about management 880 information from a particular location. The context information in a 881 notification message determines the location to which the information 882 contained in the notification applies. This is used to determine 883 which SNMP engines should receive notification about this 884 information. 886 For the third type, the proxy forwarder's role is to determine which 887 previously forwarded request or notification (if any) the response 888 matches, and to forward the response back to the initiator of the 890 Draft SNMPv3 Applications October 1997 892 request or notification. 894 For the fourth type, the proxy forwarder's role is to determine which 895 previously forwarded request or notification (if any) the report 896 indication matches, and to forward the report indication back to the 897 initiator of the request or notification. 899 When forwarding messages, a proxy forwarder application must perform 900 a translation of incoming management target information into outgoing 901 management target information. How this translation is performed is 902 implementation specific. In many cases, this will be driven by a 903 preconfigured translation table. If a proxy forwarder application 904 makes the contents of this table SNMP manageable, it MUST use the 905 SNMP-PROXY-MIB module defined in this document. 907 4.5.1. Request Forwarding 909 There are two phases for request forwarding. First, the incoming 910 request needs to be passed through the proxy application. Then, the 911 resulting response needs to be passed back. These phases are 912 described in the following two sections. 914 4.5.1.1. Processing an Incoming Request 916 A proxy forwarder application that wishes to forward request messages 917 must first register with the Dispatcher using the 918 registerContextEngineID abstract service interface. The proxy 919 forwarder must register each contextEngineID for which it wishes to 920 forward messages, as well as for each pduType. Note that as the 921 configuration of a proxy forwarder is changed, the particular 922 contextEngineID values for which it is forwarding may change. The 923 proxy forwarder should call the registerContextEngineID and 924 unregisterContextEngineID abstract service interfaces as needed to 925 reflect its current configuration. 927 A proxy forwarder application should never attempt to register a 928 value of contextEngineID which is equal to the snmpEngineID of the 929 SNMP engine to which the proxy forwarder is associated. 931 Once the proxy forwarder has registered for the appropriate 932 contextEngineId values, it can start processing messages. The 933 following procedure is used: 935 (1) A message is received using the processPdu abstract service 936 interface. The incoming management target information received 938 Draft SNMPv3 Applications October 1997 940 from the processPdu interface is translated into outgoing 941 management target information. Note that this translation may vary 942 for different values of contextEngineID and/or contextName. The 943 translation should result in a single management target. 945 (2) If appropriate outgoing management target information cannot be 946 found, the proxy forwarder increments the snmpProxyDrops counter 947 [RFC1907], and then calls the Dispatcher using the 948 returnResponsePdu abstract service interface. Parameters are: 950 - The messageProcessingModel is the value from the processPdu 951 call. 953 - The securityModel is the value from the processPdu call. 955 - The securityName is the value from the processPdu call. 957 - The securityLevel is the value from the processPdu call. 959 - The contextEngineID is the value from the processPdu call. 961 - The contextName is the value from the processPdu call. 963 - The pduVersion is the value from the processPdu call. 965 - The PDU is an undefined value. 967 - The maxSizeResponseScopedPDU is a local value indicating the 968 maximum size of a ScopedPDU that the application can accept. 970 - The stateReference is the value from the processPdu call. 972 - The statusInformation indicates that an error occurred and 973 includes the OID and value of the snmpProxyDrops object. 975 Processing of the message stops at this point. Otherwise, 977 (3) A new PDU is constructed. A unique value of request-id should be 978 used in the new PDU (this value will enable a subsequent response 979 message to be correlated with this request). The remainder of the 980 new PDU is identical to the received PDU, unless the incoming SNMP 981 version is SNMPv2 or SNMPv3 and the outgoing SNMP version is 982 SNMPv1, in which case the proxy forwarder must apply the 983 translation rules as documented in [RFC1908]. 985 (4) The proxy forwarder calls the Dispatcher to generate the forwarded 986 message, using the sendPdu abstract service interface. The 988 Draft SNMPv3 Applications October 1997 990 parameters are: 992 - The transportDomain is that of the outgoing management target. 994 - The transportAddress is that of the outgoing management 995 target. 997 - The messageProcessingModel is that of the outgoing management 998 target. 1000 - The securityModel is that of the outgoing management target. 1002 - The securityName is that of the outgoing management target. 1004 - The securityLevel is that of the outgoing management target. 1006 - The contextEngineID is the value originally received. 1008 - The contextName is the value originally received. 1010 - The pduVersion is the version of the PDU to be sent. 1012 - The PDU is the value constructed in step (3) above. 1014 - The expectResponse argument indicates that a response is 1015 expected. If the sendPdu call is unsuccessful, the proxy 1016 forwarder performs the steps described in (2) above. 1017 Otherwise: 1019 (5) The proxy forwarder caches the following information in order to 1020 match an incoming response to the forwarded request: 1022 - The sendPduHandle returned from the call to sendPdu, 1024 - The request-id from the received PDU. 1026 - the contextEngineID, 1028 - the contextName, 1030 - the stateReference, 1032 - the incoming management target information, 1034 - the outgoing management information, 1036 Draft SNMPv3 Applications October 1997 1038 - any other information needed to match an incoming response to 1039 the forwarded request. 1041 If this information cannot be cached (possibly due to a lack of 1042 resources), the proxy forwarder performs the steps described in (2) 1043 above. Otherwise: 1045 (6) Processing of the request stops until a response to the forwarded 1046 request is received, or until an appropriate time interval has 1047 expired. If this time interval expires before a response has been 1048 received, the cached information about this request is removed. 1050 4.5.1.2. Processing an Incoming Response 1052 A proxy forwarder follows the following procedure when an incoming 1053 response is received: 1055 (1) The incoming response is received using the processResponsePdu 1056 interface. The proxy forwarder uses the received parameters to 1057 locate an entry in its cache of pending forwarded requests. This 1058 is done by matching the received parameters with the cached values 1059 of sendPduHandle, contextEngineID, contextName, outgoing management 1060 target information, and the request-id contained in the received 1061 PDU (the proxy forwarder must extract the request-id for this 1062 purpose). If an appropriate cache entry cannot be found, 1063 processing of the response is halted. Otherwise: 1065 (2) The cache information is extracted, and removed from the cache. 1067 (3) A new Response PDU is constructed, using the request-id value from 1068 the original forwarded request (as extracted from the cache). All 1069 other values are identical to those in the received Response PDU. 1071 (4) If the incoming SNMP version is SNMPv1 and the outgoing SNMP 1072 version is SNMPv2 or SNMPv3, the proxy forwarder must apply the 1073 translation rules documented in [RFC1908]. 1075 (5) The proxy forwarder calls the Dispatcher using the 1076 returnResponsePdu abstract service interface. Parameters are: 1078 - The messageProcessingModel indicates the Message Processing 1079 Model by which the original incoming message was processed. 1081 - The securityModel is that of the original incoming management 1082 target extracted from the cache. 1084 Draft SNMPv3 Applications October 1997 1086 - The securityName is that of the original incoming management 1087 target extracted from the cache. 1089 - The securityLevel is that of the original incoming management 1090 target extracted from the cache. 1092 - The contextEngineID is the value extracted from the cache. 1094 - The contextName is the value extracted from the cache. 1096 - The pduVersion indicates the version of the PDU to be 1097 returned. 1099 - The PDU is the (possibly translated) Response PDU. 1101 - The maxSizeResponseScopedPDU is a local value indicating the 1102 maximum size of a ScopedPDU that the application can accept. 1104 - The stateReference is the value extracted from the cache. 1106 - The statusInformation indicates that no error occurred and 1107 that a Response PDU message should be generated. 1109 4.5.1.3. Processing an Incoming Report Indication 1111 A proxy forwarder follows the following procedure when an incoming 1112 report indication is received: 1114 (1) The incoming report indication is received using the 1115 processResponsePdu interface. The proxy forwarder uses the 1116 received parameters to locate an entry in its cache of pending 1117 forwarded requests. This is done by matching the received 1118 parameters with the cached values of sendPduHandle. If an 1119 appropriate cache entry cannot be found, processing of the report 1120 indication is halted. Otherwise: 1122 (2) The cache information is extracted, and removed from the cache. 1124 (3) If the original incoming management target information indicates 1125 SNMPv1, processing of the report indication is halted. 1127 (4) The proxy forwarder calls the Dispatcher using the 1128 returnResponsePdu abstract service interface. Parameters are: 1130 - The messageProcessingModel indicates the Message Processing 1131 Model by which the original incoming message was processed. 1133 Draft SNMPv3 Applications October 1997 1135 - The securityModel is that of the original incoming management 1136 target extracted from the cache. 1138 - The securityName is that of the original incoming management 1139 target extracted from the cache. 1141 - The securityLevel is that of the original incoming management 1142 target extracted from the cache. 1144 - The contextEngineID is the value extracted from the cache. 1146 - The contextName is the value extracted from the cache. 1148 - The pduVersion indicates the version of the PDU to be 1149 returned. 1151 - The PDU is unused. 1153 - The maxSizeResponseScopedPDU is a local value indicating the 1154 maximum size of a ScopedPDU that the application can accept. 1156 - The stateReference is the value extracted from the cache. 1158 - The statusInformation contain the contextEngineID, 1159 contextName, counter OID, and counter value received in the 1160 report indication. 1162 4.5.2. Notification Forwarding 1164 A proxy forwarder receives notifications in the same manner as a 1165 notification receiver application, using the processPdu abstract 1166 service interface. The following procedure is used when a 1167 notification is received: 1169 (1) The incoming management target information received from the 1170 processPdu interface is translated into outgoing management target 1171 information. Note that this translation may vary for different 1172 values of contextEngineId and/or contextName. The translation may 1173 result in multiple management targets. 1175 (2) If appropriate outgoing management target information cannot be 1176 found and the notification was a Trap, processing of the 1177 notification is halted. If appropriate outgoing management target 1178 information cannot be found and the notification was an Inform, the 1179 proxy forwarder increments the snmpProxyDrops object, and calls the 1180 Dispatcher using the returnResponsePdu abstract service interface. 1182 Draft SNMPv3 Applications October 1997 1184 The parameters are: 1186 - The messageProcessingModel is the received value. 1188 - The securityModel is the received value. 1190 - The securityName is the received value. 1192 - The securityLevel is the received value. 1194 - The contextEngineID is the received value. 1196 - The contextName is the received value. 1198 - The pduVersion is the received value. 1200 - The PDU is an undefined and unused value. 1202 - The maxSizeResponseScopedPDU is a local value indicating the 1203 maximum size of a ScopedPDU that the application can accept. 1205 - The stateReference is the received value. 1207 - The statusInformation indicates that an error occurred and 1208 that a Report message should be generated. 1210 Processing of the message stops at this point. Otherwise, 1212 (3) The proxy forwarder generates a notification using the procedures 1213 described in the preceding section on Notification Originators, 1214 with the following exceptions: 1216 - The contextEngineID and contextName values from the original 1217 received notification are used. 1219 - The outgoing management targets previously determined are 1220 used. 1222 - No filtering mechanisms are applied. 1224 - The variable-bindings from the original received notification 1225 are used, rather than retrieving variable-bindings from local 1226 MIB instrumentation. In particular, no access-control is 1227 applied to these variable-bindings. 1229 - If for any of the outgoing management targets, the incoming 1230 SNMP version is SNMPv1 and the outgoing SNMP version is SNMPv2 1232 Draft SNMPv3 Applications October 1997 1234 or SNMPv3, the proxy forwarder must apply the translation 1235 rules as documented in [RFC1908]. 1237 - If for any of the outgoing management targets, the incoming 1238 SNMP version is SNMPv2 or SNMPv3, and the outgoing SNMP 1239 version is SNMPv1, this outgoing management target is not used 1240 when generating the forwarded notifications. 1242 (4) If the original received notification contains an SNMPv2-Trap PDU, 1243 processing of the notification is now completed. Otherwise, the 1244 original received notification must contain an Inform PDU, and 1245 processing continues. 1247 (5) If the forwarded notifications included any Inform PDUs, processing 1248 continues when the procedures described in the section for 1249 Notification Originators determine that either: 1251 - None of the generated notifications containing Inform PDUs 1252 have been successfully acknowledged within the longest of the 1253 time intervals, in which case processing of the original 1254 notification is halted, or, 1256 - At least one of the generated notifications containing Inform 1257 PDUs is successfully acknowledged, in which case a response to 1258 the original received notification containing an Inform PDU is 1259 generated as described in the following steps. 1261 (6) A Response PDU is constructed, using the values of request-id and 1262 variable-bindings from the original received Inform PDU, and 1263 error-status and error-index values of 0. 1265 (7) The Dispatcher is called using the returnResponsePdu abstract 1266 service interface. Parameters are: 1268 - The messageProcessingModel is the originally received value. 1270 - The securityModel is the originally received value. 1272 - The securityName is the originally received value. 1274 - The securityLevel is the originally received value. 1276 - The contextEngineID is the originally received value. 1278 - The contextName is the originally received value. 1280 Draft SNMPv3 Applications October 1997 1282 - The pduVersion indicates the version of the PDU constructed in 1283 step (6) above. 1285 - The PDU is the value constructed in step (6) above. 1287 - The maxSizeResponseScopedPDU is a local value indicating the 1288 maximum size of a ScopedPDU that the application can accept. 1290 - The stateReference is the originally received value. 1292 - The statusInformation indicates that no error occurred and 1293 that a Response PDU message should be generated. 1295 Draft SNMPv3 Applications October 1997 1297 5. The Structure of the MIB Modules 1299 There are three separate MIB modules described in this document, the 1300 management target MIB, the notification MIB, and the proxy MIB. The 1301 following sections describe the structure of these three MIB modules. 1303 The use of these MIBs by particular types of applications is 1304 described later in this document: 1306 - The use of the management target MIB and the notification MIB 1307 in notification originator applications is described in 1308 section 6. 1310 - The use of the notification MIB for filtering notifications in 1311 notification originator applications is described in section 1312 7. 1314 - The use of the management target MIB and the proxy MIB in 1315 proxy forwarding applications is described in section 8. 1317 5.1. The Management Target MIB Module 1319 The SNMP-TARGET-MIB module contains objects for defining management 1320 targets. It consists of two tables and conformance/compliance 1321 statements. 1323 The first table, the snmpTargetAddrTable, contains information about 1324 transport domains and addresses. It also contains an object, 1325 snmpTargetAddrTagList, which provides a mechanism for grouping 1326 entries. 1328 The second table, the snmpTargetParamsTable, contains information 1329 about SNMP version and security information to be used when sending 1330 messages to particular transport domains and addresses. 1332 5.1.1. Tag Lists 1334 The snmpTargetAddrTagList object is used for grouping entries in the 1335 snmpTargetAddrTable. The value of this object contains a list of tag 1336 values which are used to select target addresses to be used for a 1337 particular operation. 1339 A tag value, which may also be used in MIB objects other than 1340 snmpTargetAddrTagList, is an arbitrary string of octets, but may not 1342 Draft SNMPv3 Applications October 1997 1344 contain a delimiter character. Delimiter characters are defined to 1345 be one of the following characters: 1347 - An ASCII space character (0x20). 1349 - An ASCII TAB character (0x09). 1351 - An ASCII carriage return (CR) character (0x0D). 1353 - An ASCII line feed (LF) character (0x0B). 1355 In addition, a tag value may not have a zero length. Generally, a 1356 particular MIB object may contain either 1358 - a single tag value, in which case the value of the MIB object 1359 may not contain a delimiter character, or: 1361 - a MIB object may contain a list of tag values, separated by 1362 single delimiter characters. 1364 For a list of tag values, these constraints imply certain 1365 restrictions on the value of a MIB object: 1367 - There cannot be a leading or trailing delimiter character. 1369 - There cannot be multiple adjacent delimiter charaters. 1371 5.1.2. Definitions 1373 SNMP-TARGET-MIB DEFINITIONS ::= BEGIN 1375 IMPORTS 1376 TEXTUAL-CONVENTION, 1377 MODULE-IDENTITY, 1378 OBJECT-TYPE, 1379 snmpModules, 1380 Integer32 1381 FROM SNMPv2-SMI 1383 TDomain, 1384 TAddress, 1385 TimeInterval, 1386 RowStatus, 1387 StorageType, 1388 TestAndIncr 1389 FROM SNMPv2-TC 1391 Draft SNMPv3 Applications October 1997 1393 SnmpSecurityModel, 1394 SnmpMessageProcessingModel, 1395 SnmpSecurityLevel, 1396 SnmpAdminString 1397 FROM SNMP-FRAMEWORK-MIB 1399 OBJECT-GROUP 1400 FROM SNMPv2-CONF; 1402 snmpTargetMIB MODULE-IDENTITY 1403 LAST-UPDATED "9707140000Z" 1404 ORGANIZATION "IETF SNMPv3 Working Group" 1405 CONTACT-INFO 1406 "WG-email: snmpv3@tis.com 1407 Subscribe: majordomo@tis.com 1408 In message body: subscribe snmpv3 1410 Chair: Russ Mundy 1411 Trusted Information Systems 1412 Postal: 3060 Washington Rd 1413 Glenwood MD 21738 1414 USA 1415 Email: mundy@tis.com 1416 Phone: +1-301-854-6889 1418 Co-editor: David B. Levi 1419 SNMP Research, Inc. 1420 Postal: 3001 Kimberlin Heights Road 1421 Knoxville, TN 37920-9716 1422 E-mail: levi@snmp.com 1423 Phone: +1 423 573 1434 1425 Co-editor: Paul Meyer 1426 Secure Computing Corporation 1427 Postal: 2675 Long Lake Road 1428 Roseville, MN 55113 1429 E-mail: paul_meyer@securecomputing.com 1430 Phone: +1 612 628 1592 1432 Co-editor: Bob Stewart 1433 Cisco Systems, Inc. 1434 Postal: 170 West Tasman Drive 1435 San Jose, CA 95134-1706 1436 E-mail: bstewart@cisco.com 1437 Phone: +1 603 654 6923" 1438 DESCRIPTION 1439 "This MIB module defines MIB objects which provide 1441 Draft SNMPv3 Applications October 1997 1443 mechanisms to remotely configure the parameters used 1444 by an SNMP entity for the generation of SNMP messages." 1445 REVISION "9707140000Z" 1446 DESCRIPTION 1447 "The initial revision." 1448 ::= { snmpModules 11 } -- TBD 1450 snmpTargetObjects OBJECT IDENTIFIER ::= { snmpTargetMIB 1 } 1451 snmpTargetConformance OBJECT IDENTIFIER ::= { snmpTargetMIB 3 } 1453 SnmpTagValue ::= TEXTUAL-CONVENTION 1454 DISPLAY-HINT "255a" 1455 STATUS current 1456 DESCRIPTION 1457 "An octet string containing a tag value. 1458 Tag values are preferably in human-readable form. 1460 To facilitate internationalization, this information 1461 is represented using the ISO/IEC IS 10646-1 character 1462 set, encoded as an octet string using the UTF-8 1463 character encoding scheme described in RFC 2044. 1465 Since additional code points are added by amendments 1466 to the 10646 standard from time to time, 1467 implementations must be prepared to encounter any code 1468 point from 0x00000000 to 0x7fffffff. 1470 The use of control codes should be avoided, and certain 1471 control codes are not allowed as described below. 1473 For code points not directly supported by user 1474 interface hardware or software, an alternative means 1475 of entry and display, such as hexadecimal, may be 1476 provided. 1478 For information encoded in 7-bit US-ASCII, the UTF-8 1479 representation is identical to the US-ASCII encoding. 1481 Note that when this TC is used for an object that 1482 is used or envisioned to be used as an index, then a 1483 SIZE restriction must be specified so that the number 1484 sub-identifiers for any object instance do not exceed 1485 the limit of 128, as defined by [RFC1905]. 1487 An object of this type contains a single tag value 1488 which is used to select a set of entries in a table. 1490 Draft SNMPv3 Applications October 1997 1492 A tag value is an arbitrary string of octets, but 1493 may not contain a delimiter character. Delimiter 1494 characters are defined to be one of the following: 1496 - An ASCII space character (0x20). 1498 - An ASCII TAB character (0x09). 1500 - An ASCII carriage return (CR) character (0x0D). 1502 - An ASCII line feed (LF) character (0x0B). 1504 Delimiter characters are used to separate tag values 1505 in a tag list. An object of this type may only 1506 contain a single tag value, and so delimiter 1507 characters are not allowed in a value of this type. 1509 Some examples of valid tag values are: 1511 - 'acme' 1513 - 'router' 1515 - 'host' 1517 The use of a tag value to select table entries is 1518 application and MIB specific." 1519 SYNTAX OCTET STRING (SIZE (0..255)) 1521 SnmpTagList ::= TEXTUAL-CONVENTION 1522 DISPLAY-HINT "255a" 1523 STATUS current 1524 DESCRIPTION 1525 "An octet string containing a list of tag values. 1526 Tag values are preferably in human-readable form. 1528 To facilitate internationalization, this information 1529 is represented using the ISO/IEC IS 10646-1 character 1530 set, encoded as an octet string using the UTF-8 1531 character encoding scheme described in RFC 2044. 1533 Since additional code points are added by amendments 1534 to the 10646 standard from time to time, 1535 implementations must be prepared to encounter any code 1536 point from 0x00000000 to 0x7fffffff. 1538 The use of control codes should be avoided, except as 1540 Draft SNMPv3 Applications October 1997 1542 described below. 1544 For code points not directly supported by user 1545 interface hardware or software, an alternative means 1546 of entry and display, such as hexadecimal, may be 1547 provided. 1549 For information encoded in 7-bit US-ASCII, the UTF-8 1550 representation is identical to the US-ASCII encoding. 1552 An object of this type contains a list of tag values 1553 which are used to select a set of entries in a table. 1555 A tag value is an arbitrary string of octets, but 1556 may not contain a delimiter character. Delimiter 1557 characters are defined to be one of the following: 1559 - An ASCII space character (0x20). 1561 - An ASCII TAB character (0x09). 1563 - An ASCII carriage return (CR) character (0x0D). 1565 - An ASCII line feed (LF) character (0x0B). 1567 Delimiter characters are used to separate tag values 1568 in a tag list. Only a single delimiter character may 1569 occur between two tag values. A tag value may not 1570 have a zero length. These constraints imply certain 1571 restrictions on the contents of this object: 1573 - There cannot be a leading or trailing delimiter 1574 character. 1576 - There cannot be multiple adjacent delimiter 1577 characters. 1579 Some examples of valid tag lists are: 1581 - An empty string 1583 - 'acme router' 1585 - 'host managerStation' 1587 Note that although a tag value may not have a length of 1588 zero, an empty string is still valid. This indicates 1590 Draft SNMPv3 Applications October 1997 1592 an empty list (i.e. there are no tag values in the list). 1594 The use of the tag list to select table entries is 1595 application and MIB specific. Typically, an application 1596 will provide one or more tag values, and any entry 1597 which contains some combination of these tag values 1598 will be selected." 1599 SYNTAX OCTET STRING (SIZE (0..255)) 1601 -- 1602 -- 1603 -- The snmpTargetObjects group 1604 -- 1605 -- 1607 snmpTargetSpinLock OBJECT-TYPE 1608 SYNTAX TestAndIncr 1609 MAX-ACCESS read-write 1610 STATUS current 1611 DESCRIPTION 1612 "This object is used to facilitate modification of table 1613 entries in the SNMP-TARGET-MIB module by multiple 1614 managers. In particular, it is useful when modifying 1615 the value of the snmpTargetAddrTagList object. 1617 The procedure for modifying the snmpTargetAddrTagList 1618 object is as follows: 1620 1. Retrieve the value of snmpTargetSpinLock and 1621 of snmpTargetAddrTagList. 1623 2. Generate a new value for snmpTargetAddrTagList. 1625 3. Set the value of snmpTargetSpinLock to the 1626 retrieved value, and the value of 1627 snmpTargetAddrTagList to the new value. If 1628 the set fails for the snmpTargetSpinLock 1629 object, go back to step 1." 1630 ::= { snmpTargetObjects 1 } 1632 snmpTargetAddrTable OBJECT-TYPE 1633 SYNTAX SEQUENCE OF SnmpTargetAddrEntry 1634 MAX-ACCESS not-accessible 1635 STATUS current 1636 DESCRIPTION 1637 "A table of transport addresses to be used in the generation 1638 of SNMP messages." 1640 Draft SNMPv3 Applications October 1997 1642 ::= { snmpTargetObjects 2 } 1644 snmpTargetAddrEntry OBJECT-TYPE 1645 SYNTAX SnmpTargetAddrEntry 1646 MAX-ACCESS not-accessible 1647 STATUS current 1648 DESCRIPTION 1649 "A transport address to be used in the generation 1650 of SNMP operations. 1652 Entries in the snmpTargetAddrTable are created and 1653 deleted using the snmpTargetAddrRowStatus object." 1654 INDEX { IMPLIED snmpTargetAddrName } 1655 ::= { snmpTargetAddrTable 1 } 1657 SnmpTargetAddrEntry ::= SEQUENCE { 1658 snmpTargetAddrName SnmpAdminString, 1659 snmpTargetAddrTDomain TDomain, 1660 snmpTargetAddrTAddress TAddress, 1661 snmpTargetAddrTimeout TimeInterval, 1662 snmpTargetAddrRetryCount Integer32, 1663 snmpTargetAddrTagList SnmpTagList, 1664 snmpTargetAddrParams SnmpAdminString, 1665 snmpTargetAddrStorageType StorageType, 1666 snmpTargetAddrRowStatus RowStatus 1667 } 1669 snmpTargetAddrName OBJECT-TYPE 1670 SYNTAX SnmpAdminString (SIZE(1..32)) 1671 MAX-ACCESS not-accessible 1672 STATUS current 1673 DESCRIPTION 1674 "The locally arbitrary, but unique identifier associated 1675 with this snmpTargetAddrEntry." 1676 ::= { snmpTargetAddrEntry 1 } 1678 snmpTargetAddrTDomain OBJECT-TYPE 1679 SYNTAX TDomain 1680 MAX-ACCESS read-create 1681 STATUS current 1682 DESCRIPTION 1683 "This object indicates the transport type of the address 1684 contained in the snmpTargetAddrTAddress object." 1685 ::= { snmpTargetAddrEntry 2 } 1687 snmpTargetAddrTAddress OBJECT-TYPE 1688 SYNTAX TAddress 1690 Draft SNMPv3 Applications October 1997 1692 MAX-ACCESS read-create 1693 STATUS current 1694 DESCRIPTION 1695 "This object contains a transport address. The format of 1696 this address depends on the value of the 1697 snmpTargetAddrTDomain object." 1698 ::= { snmpTargetAddrEntry 3 } 1700 snmpTargetAddrTimeout OBJECT-TYPE 1701 SYNTAX TimeInterval 1702 MAX-ACCESS read-create 1703 STATUS current 1704 DESCRIPTION 1705 "This object should reflect the expected maximum round 1706 trip time for communicating with the transport address 1707 defined by this row. When a message is sent to this 1708 address, and a response (if one is expected) is not 1709 received within this time period, an implementation 1710 may assume that the response will not be delivered. 1712 Note that the time interval that an application waits 1713 for a response may actually be derived from the value 1714 of this object. The method for deriving the actual time 1715 interval is implementation dependent. One such method 1716 is to derive the expected round trip time based on a 1717 particular retransmission algorithm and on the number 1718 of timeouts which have occurred. The type of message may 1719 also be considered when deriving expected round trip 1720 times for retransmissions. For example, if a message is 1721 being sent with a securityLevel that indicates both 1722 authentication and privacy, the derived value may be 1723 increased to compensate for extra processing time spent 1724 during authentication and encryption processing." 1725 DEFVAL { 1500 } 1726 ::= { snmpTargetAddrEntry 4 } 1728 snmpTargetAddrRetryCount OBJECT-TYPE 1729 SYNTAX Integer32 (0..255) 1730 MAX-ACCESS read-create 1731 STATUS current 1732 DESCRIPTION 1733 "This object specifies a default number of retries to be 1734 attempted when a response is not received for a generated 1735 message. An application may provide its own retry count, 1736 in which case the value of this object is ignored." 1737 DEFVAL { 3 } 1738 ::= { snmpTargetAddrEntry 5 } 1740 Draft SNMPv3 Applications October 1997 1742 snmpTargetAddrTagList OBJECT-TYPE 1743 SYNTAX SnmpTagList 1744 MAX-ACCESS read-create 1745 STATUS current 1746 DESCRIPTION 1747 "This object contains a list of tag values which are 1748 used to select target addresses for a particular 1749 operation." 1750 ::= { snmpTargetAddrEntry 6 } 1752 snmpTargetAddrParams OBJECT-TYPE 1753 SYNTAX SnmpAdminString (SIZE(1..32)) 1754 MAX-ACCESS read-create 1755 STATUS current 1756 DESCRIPTION 1757 "The value of this object identifies an entry in the 1758 snmpTargetParamsTable. The identified entry 1759 contains SNMP parameters to be used when generating 1760 messages to be sent to this transport address." 1761 ::= { snmpTargetAddrEntry 7 } 1763 snmpTargetAddrStorageType OBJECT-TYPE 1764 SYNTAX StorageType 1765 MAX-ACCESS read-create 1766 STATUS current 1767 DESCRIPTION 1768 "The storage type for this conceptual row." 1769 ::= { snmpTargetAddrEntry 8 } 1771 snmpTargetAddrRowStatus OBJECT-TYPE 1772 SYNTAX RowStatus 1773 MAX-ACCESS read-create 1774 STATUS current 1775 DESCRIPTION 1776 "The status of this conceptual row. 1778 To create a row in this table, a manager must 1779 set this object to either createAndGo(4) or 1780 createAndWait(5). 1782 Until instances of all corresponding columns are 1783 appropriately configured, the value of the 1784 corresponding instance of the snmpTargetAddrRowStatus 1785 column is 'notReady'. 1787 In particular, a newly created row cannot be made 1788 active until the corresponding snmpTargetAddrTDomain 1790 Draft SNMPv3 Applications October 1997 1792 and snmpTargetAddrTAddress have both been set. 1794 The following objects may not be modified while the 1795 value of this object is active(1): 1796 - snmpTargetAddrTDomain 1797 - snmpTargetAddrTAddress" 1798 ::= { snmpTargetAddrEntry 9 } 1800 snmpTargetParamsTable OBJECT-TYPE 1801 SYNTAX SEQUENCE OF SnmpTargetParamsEntry 1802 MAX-ACCESS not-accessible 1803 STATUS current 1804 DESCRIPTION 1805 "A table of SNMP target information to be used 1806 in the generation of SNMP messages." 1807 ::= { snmpTargetObjects 3 } 1809 snmpTargetParamsEntry OBJECT-TYPE 1810 SYNTAX SnmpTargetParamsEntry 1811 MAX-ACCESS not-accessible 1812 STATUS current 1813 DESCRIPTION 1814 "A set of SNMP target information. 1816 Entries in the snmpTargetParamsTable are created and 1817 deleted using the snmpTargetParamsRowStatus object." 1818 INDEX { IMPLIED snmpTargetParamsName } 1819 ::= { snmpTargetParamsTable 1 } 1821 SnmpTargetParamsEntry ::= SEQUENCE { 1822 snmpTargetParamsName SnmpAdminString, 1823 snmpTargetParamsMPModel SnmpMessageProcessingModel, 1824 snmpTargetParamsSecurityModel SnmpSecurityModel, 1825 snmpTargetParamsSecurityName SnmpAdminString, 1826 snmpTargetParamsSecurityLevel SnmpSecurityLevel, 1827 snmpTargetParamsStorageType StorageType, 1828 snmpTargetParamsRowStatus RowStatus 1829 } 1831 snmpTargetParamsName OBJECT-TYPE 1832 SYNTAX SnmpAdminString (SIZE(1..32)) 1833 MAX-ACCESS not-accessible 1834 STATUS current 1835 DESCRIPTION 1836 "The locally arbitrary, but unique identifier associated 1837 with this snmpTargetParamsEntry." 1838 ::= { snmpTargetParamsEntry 1 } 1840 Draft SNMPv3 Applications October 1997 1842 snmpTargetParamsMPModel OBJECT-TYPE 1843 SYNTAX SnmpMessageProcessingModel 1844 MAX-ACCESS read-create 1845 STATUS current 1846 DESCRIPTION 1847 "The Message Processing Model to be used when generating 1848 SNMP messages using this entry." 1849 ::= { snmpTargetParamsEntry 2 } 1851 snmpTargetParamsSecurityModel OBJECT-TYPE 1852 SYNTAX SnmpSecurityModel (0..254 | 256..2147483647) 1853 MAX-ACCESS read-create 1854 STATUS current 1855 DESCRIPTION 1856 "The Security Model to be used when generating SNMP 1857 messages using this entry." 1858 ::= { snmpTargetParamsEntry 3 } 1860 snmpTargetParamsSecurityName OBJECT-TYPE 1861 SYNTAX SnmpAdminString 1862 MAX-ACCESS read-create 1863 STATUS current 1864 DESCRIPTION 1865 "The securityName which identifies the Principal on 1866 whose behalf SNMP messages will be generated using 1867 this entry." 1868 ::= { snmpTargetParamsEntry 4 } 1870 snmpTargetParamsSecurityLevel OBJECT-TYPE 1871 SYNTAX SnmpSecurityLevel 1872 MAX-ACCESS read-create 1873 STATUS current 1874 DESCRIPTION 1875 "The Level of Security to be used when generating 1876 SNMP messages using this entry." 1877 ::= { snmpTargetParamsEntry 5 } 1879 snmpTargetParamsStorageType OBJECT-TYPE 1880 SYNTAX StorageType 1881 MAX-ACCESS read-create 1882 STATUS current 1883 DESCRIPTION 1884 "The storage type for this conceptual row." 1885 ::= { snmpTargetParamsEntry 6 } 1887 snmpTargetParamsRowStatus OBJECT-TYPE 1888 SYNTAX RowStatus 1890 Draft SNMPv3 Applications October 1997 1892 MAX-ACCESS read-create 1893 STATUS current 1894 DESCRIPTION 1895 "The status of this conceptual row. 1897 To create a row in this table, a manager must 1898 set this object to either createAndGo(4) or 1899 createAndWait(5). 1901 Until instances of all corresponding columns are 1902 appropriately configured, the value of the 1903 corresponding instance of the snmpTargetParamsRowStatus 1904 column is 'notReady'. 1906 In particular, a newly created row cannot be made 1907 active until the corresponding 1908 snmpTargetParamsMPModel, 1909 snmpTargetParamsSecurityModel, 1910 snmpTargetParamsSecurityName, 1911 and snmpTargetParamsSecurityLevel have all been set. 1913 The following objects may not be modified while the 1914 value of this object is active(1): 1915 - snmpTargetParamsMPModel 1916 - snmpTargetParamsSecurityModel 1917 - snmpTargetParamsSecurityName 1918 - snmpTargetParamsSecurityLevel" 1919 ::= { snmpTargetParamsEntry 7 } 1921 snmpUnavailableContexts OBJECT-TYPE 1922 SYNTAX Counter32 1923 MAX-ACCESS read-only 1924 STATUS current 1925 DESCRIPTION 1926 "The total number of packets received by the SNMP 1927 engine which were dropped because the context 1928 contained in the mesage was unavailable." 1929 ::= { snmpTargetObjects 4 } 1931 snmpUnknownContexts OBJECT-TYPE 1932 SYNTAX Counter32 1933 MAX-ACCESS read-only 1934 STATUS current 1935 DESCRIPTION 1936 "The total number of packets received by the SNMP 1937 engine which were dropped because the context 1938 contained in the mesage was unknown." 1940 Draft SNMPv3 Applications October 1997 1942 ::= { snmpTargetObjects 5 } 1944 -- 1945 -- 1946 -- Conformance information 1947 -- 1948 -- 1950 snmpTargetCompliances OBJECT IDENTIFIER ::= 1951 { snmpTargetConformance 1 } 1952 snmpTargetGroups OBJECT IDENTIFIER ::= 1953 { snmpTargetConformance 2 } 1955 -- 1956 -- 1957 -- Compliance statements 1958 -- 1959 -- 1961 snmpTargetCommandResponderCompliance MODULE-COMPLIANCE 1962 STATUS current 1963 DESCRIPTION 1964 "The compliance statement for SNMP entities which include 1965 a command responder application." 1966 MODULE -- This Module 1967 MANDATORY-GROUPS { snmpTargetCommandResponderGroup } 1968 ::= { snmpTargetCompliances 1 } 1970 snmpTargetBasicGroup OBJECT-GROUP 1971 OBJECTS { 1972 snmpTargetSpinLock, 1973 snmpTargetAddrTDomain, 1974 snmpTargetAddrTAddress, 1975 snmpTargetAddrTagList, 1976 snmpTargetAddrParams, 1977 snmpTargetAddrStorageType, 1978 snmpTargetAddrRowStatus, 1979 snmpTargetParamsMPModel, 1980 snmpTargetParamsSecurityModel, 1981 snmpTargetParamsSecurityName, 1982 snmpTargetParamsSecurityLevel, 1983 snmpTargetParamsStorageType, 1984 snmpTargetParamsRowStatus 1985 } 1986 STATUS current 1987 DESCRIPTION 1989 Draft SNMPv3 Applications October 1997 1991 "A collection of objects providing basic remote 1992 configuration of management targets." 1993 ::= { snmpTargetGroups 1 } 1995 snmpTargetResponseGroup OBJECT-GROUP 1996 OBJECTS { 1997 snmpTargetAddrTimeout, 1998 snmpTargetAddrRetryCount 1999 } 2000 STATUS current 2001 DESCRIPTION 2002 "A collection of objects providing remote configuration 2003 of management targets for applications which generate 2004 SNMP messages for which a response message would be 2005 expected." 2006 ::= { snmpTargetGroups 2 } 2008 snmpTargetCommandResponderGroup OBJECT-GROUP 2009 OBJECTS { 2010 snmpUnavailableContexts, 2011 snmpUnknownContexts 2012 } 2013 STATUS current 2014 DESCRIPTION 2015 "A collection of objects required for command responder 2016 applications, used for counting error conditions." 2017 ::= { snmpTargetGroups 3 } 2019 END 2021 Draft SNMPv3 Applications October 1997 2023 5.2. The Notification MIB Module 2025 The SNMP-NOTIFICATION-MIB module contains objects for the remote 2026 configuration of the parameters used by an SNMP entity for the 2027 generation of notifications. It consists of three tables and 2028 conformance/compliance statements. The first table, the 2029 snmpNotifyTable, contains entries which select which entries in the 2030 snmpTargetAddrTable should be used for generating notifications, and 2031 the type of notifications to be generated. 2033 The second table sparsely augments the snmpTargetAddrTable with an 2034 object which is used to associate a set of filters with a particular 2035 management target. 2037 The third table defines filters which are used to limit the number of 2038 notifications which are generated using particular management 2039 targets. 2041 5.2.1. Definitions 2043 SNMP-NOTIFICATION-MIB DEFINITIONS ::= BEGIN 2045 IMPORTS 2046 MODULE-IDENTITY, 2047 OBJECT-TYPE, 2048 snmpModules 2049 FROM SNMPv2-SMI 2051 RowStatus, 2052 StorageType 2053 FROM SNMPv2-TC 2055 SnmpAdminString 2056 FROM SNMP-FRAMEWORK-MIB 2058 SnmpTagValue, 2059 snmpTargetParamsName 2060 FROM SNMP-TARGET-MIB 2062 MODULE-COMPLIANCE, 2063 OBJECT-GROUP 2064 FROM SNMPv2-CONF; 2066 snmpNotificationMIB MODULE-IDENTITY 2067 LAST-UPDATED "9707140000Z" 2068 ORGANIZATION "IETF SNMPv3 Working Group" 2070 Draft SNMPv3 Applications October 1997 2072 CONTACT-INFO 2073 "WG-email: snmpv3@tis.com 2074 Subscribe: majordomo@tis.com 2075 In message body: subscribe snmpv3 2077 Chair: Russ Mundy 2078 Trusted Information Systems 2079 Postal: 3060 Washington Rd 2080 Glenwood MD 21738 2081 USA 2082 Email: mundy@tis.com 2083 Phone: +1-301-854-6889 2085 Co-editor: David B. Levi 2086 SNMP Research, Inc. 2087 Postal: 3001 Kimberlin Heights Road 2088 Knoxville, TN 37920-9716 2089 E-mail: levi@snmp.com 2090 Phone: +1 423 573 1434 2092 Co-editor: Paul Meyer 2093 Secure Computing Corporation 2094 Postal: 2675 Long Lake Road 2095 Roseville, MN 55113 2096 E-mail: paul_meyer@securecomputing.com 2097 Phone: +1 612 628 1592 2099 Co-editor: Bob Stewart 2100 Cisco Systems, Inc. 2101 Postal: 170 West Tasman Drive 2102 San Jose, CA 95134-1706 2103 E-mail: bstewart@cisco.com 2104 Phone: +1 603 654 6923" 2105 DESCRIPTION 2106 "This MIB module defines MIB objects which provide 2107 mechanisms to remotely configure the parameters 2108 used by an SNMP entity for the generation of 2109 notifications." 2110 REVISION "9707140000Z" 2111 DESCRIPTION 2112 "The initial revision." 2113 ::= { snmpModules 12 } -- TBD 2115 snmpNotifyObjects OBJECT IDENTIFIER ::= 2116 { snmpNotificationMIB 1 } 2117 snmpNotifyConformance OBJECT IDENTIFIER ::= 2118 { snmpNotificationMIB 3 } 2120 Draft SNMPv3 Applications October 1997 2122 -- 2123 -- 2124 -- The snmpNotifyObjects group 2125 -- 2126 -- 2128 snmpNotifyTable OBJECT-TYPE 2129 SYNTAX SEQUENCE OF SnmpNotifyEntry 2130 MAX-ACCESS not-accessible 2131 STATUS current 2132 DESCRIPTION 2133 "This table is used to select management targets which should 2134 receive notifications, as well as the type of notification 2135 which should be sent to each selected management target." 2136 ::= { snmpNotifyObjects 1 } 2138 snmpNotifyEntry OBJECT-TYPE 2139 SYNTAX SnmpNotifyEntry 2140 MAX-ACCESS not-accessible 2141 STATUS current 2142 DESCRIPTION 2143 "An entry in this table selects a set of management targets 2144 which should receive notifications, as well as the type of 2145 notification which should be sent to each selected 2146 management target. 2148 Entries in the snmpNotifyTable are created and 2149 deleted using the snmpNotifyRowStatus object." 2150 INDEX { IMPLIED snmpNotifyName } 2151 ::= { snmpNotifyTable 1 } 2153 SnmpNotifyEntry ::= SEQUENCE { 2154 snmpNotifyName SnmpAdminString, 2155 snmpNotifyTag SnmpTagValue, 2156 snmpNotifyType INTEGER, 2157 snmpNotifyStorageType StorageType, 2158 snmpNotifyRowStatus RowStatus 2159 } 2161 snmpNotifyName OBJECT-TYPE 2162 SYNTAX SnmpAdminString (SIZE(1..32)) 2163 MAX-ACCESS not-accessible 2164 STATUS current 2165 DESCRIPTION 2166 "The locally arbitrary, but unique identifier associated 2167 with this snmpNotifyEntry." 2168 ::= { snmpNotifyEntry 1 } 2170 Draft SNMPv3 Applications October 1997 2172 snmpNotifyTag OBJECT-TYPE 2173 SYNTAX SnmpTagValue 2174 MAX-ACCESS read-create 2175 STATUS current 2176 DESCRIPTION 2177 "This object contains a single tag value which is used 2178 to select entries in the snmpTargetAddrTable. Any entry 2179 in the snmpTargetAddrTable which contains a tag value 2180 which is equal to the value of an instance of this 2181 object is selected. If this object contains a value 2182 of zero length, no entries are selected." 2183 ::= { snmpNotifyEntry 2 } 2185 snmpNotifyType OBJECT-TYPE 2186 SYNTAX INTEGER { 2187 trap(1), 2188 inform(2) 2189 } 2190 MAX-ACCESS read-create 2191 STATUS current 2192 DESCRIPTION 2193 "This object determines the type of notification to 2194 be generated for entries in the snmpTargetAddrTable 2195 selected by the corresponding instance of 2196 snmpNotifyTag. 2198 If the value of this object is trap(1), then any 2199 messages generated for selected rows will contain 2200 SNMPv2-Trap PDUs. 2202 If the value of this object is inform(2), then any 2203 messages generated for selected rows will contain 2204 Inform PDUs. 2206 Note that if an SNMP entity only supports 2207 generation of traps (and not informs), then this 2208 object may be read-only." 2209 DEFVAL { trap } 2210 ::= { snmpNotifyEntry 3 } 2212 snmpNotifyStorageType OBJECT-TYPE 2213 SYNTAX StorageType 2214 MAX-ACCESS read-create 2215 STATUS current 2216 DESCRIPTION 2217 "The storage type for this conceptual row." 2218 ::= { snmpNotifyEntry 4 } 2220 Draft SNMPv3 Applications October 1997 2222 snmpNotifyRowStatus OBJECT-TYPE 2223 SYNTAX RowStatus 2224 MAX-ACCESS read-create 2225 STATUS current 2226 DESCRIPTION 2227 "The status of this conceptual row. 2229 To create a row in this table, a manager must 2230 set this object to either createAndGo(4) or 2231 createAndWait(5). 2233 Until instances of all corresponding columns are 2234 appropriately configured, the value of the 2235 corresponding instance of the snmpNotifyRowStatus 2236 column is 'notReady'. 2238 In particular, a newly created row cannot be made 2239 active until the corresponding snmpNotifyTag has 2240 been set." 2241 ::= { snmpNotifyEntry 5 } 2243 snmpNotifyFilterProfileTable OBJECT-TYPE 2244 SYNTAX SEQUENCE OF SnmpNotifyFilterProfileEntry 2245 MAX-ACCESS not-accessible 2246 STATUS current 2247 DESCRIPTION 2248 "This table is used to associate a notification filter 2249 profile with a particular set of target parameters." 2250 ::= { snmpNotifyObjects 2 } 2252 snmpNotifyFilterProfileEntry OBJECT-TYPE 2253 SYNTAX SnmpNotifyFilterProfileEntry 2254 MAX-ACCESS not-accessible 2255 STATUS current 2256 DESCRIPTION 2257 "An entry in this table indicates the name of the filter 2258 profile to be used when generating notifications using 2259 the corresponding entry in the snmpTargetParamsTable. 2261 Entries in the snmpNotifyFilterProfileTable are created 2262 and deleted using the snmpNotifyFilterProfileRowStatus 2263 object." 2264 INDEX { IMPLIED snmpTargetParamsName } 2265 ::= { snmpNotifyFilterProfileTable 1 } 2267 SnmpNotifyFilterProfileEntry ::= SEQUENCE { 2268 snmpNotifyFilterProfileName SnmpAdminString, 2270 Draft SNMPv3 Applications October 1997 2272 snmpNotifyFilterProfileStorType StorageType, 2273 snmpNotifyFilterProfileRowStatus RowStatus 2274 } 2276 snmpNotifyFilterProfileName OBJECT-TYPE 2277 SYNTAX SnmpAdminString (SIZE(1..32)) 2278 MAX-ACCESS read-create 2279 STATUS current 2280 DESCRIPTION 2281 "The name of the filter profile to be used when generating 2282 notifications using the corresponding entry in the 2283 snmpTargetAddrTable." 2284 ::= { snmpNotifyFilterProfileEntry 1 } 2286 snmpNotifyFilterProfileStorType OBJECT-TYPE 2287 SYNTAX StorageType 2288 MAX-ACCESS read-create 2289 STATUS current 2290 DESCRIPTION 2291 "The storage type of this conceptual row." 2292 ::= { snmpNotifyFilterProfileEntry 2 } 2294 snmpNotifyFilterProfileRowStatus OBJECT-TYPE 2295 SYNTAX RowStatus 2296 MAX-ACCESS read-create 2297 STATUS current 2298 DESCRIPTION 2299 "The status of this conceptual row. 2301 To create a row in this table, a manager must 2302 set this object to either createAndGo(4) or 2303 createAndWait(5)." 2304 ::= { snmpNotifyFilterProfileEntry 3 } 2306 snmpNotifyFilterTable OBJECT-TYPE 2307 SYNTAX SEQUENCE OF SnmpNotifyFilterEntry 2308 MAX-ACCESS not-accessible 2309 STATUS current 2310 DESCRIPTION 2311 "The table of filter profiles. Filter profiles are used 2312 to determine whether particular management targets should 2313 receive particular notifications. 2315 When a notification is generated, it must be compared 2316 with the filters associated with each management target 2317 which is configured to receive notifications. If the 2318 notification is matched by a filter, it is not sent to 2320 Draft SNMPv3 Applications October 1997 2322 the management target with which the filter is 2323 associated." 2324 ::= { snmpNotifyObjects 3 } 2326 snmpNotifyFilterEntry OBJECT-TYPE 2327 SYNTAX SnmpNotifyFilterEntry 2328 MAX-ACCESS not-accessible 2329 STATUS current 2330 DESCRIPTION 2331 "An element of a filter profile. 2333 Entries in the snmpNotifyFilterTable are created and 2334 deleted using the snmpNotifyFilterRowStatus object." 2335 INDEX { snmpNotifyFilterProfileName, 2336 IMPLIED snmpNotifyFilterSubtree } 2337 ::= { snmpNotifyFilterTable 1 } 2339 SnmpNotifyFilterEntry ::= SEQUENCE { 2340 snmpNotifyFilterSubtree OBJECT IDENTIFIER, 2341 snmpNotifyFilterMask OCTET STRING, 2342 snmpNotifyFilterType INTEGER, 2343 snmpNotifyFilterStorageType StorageType, 2344 snmpNotifyFilterRowStatus RowStatus 2345 } 2347 snmpNotifyFilterSubtree OBJECT-TYPE 2348 SYNTAX OBJECT IDENTIFIER 2349 MAX-ACCESS not-accessible 2350 STATUS current 2351 DESCRIPTION 2352 "The MIB subtree which, when combined with the corresponding 2353 instance of snmpNotifyFilterMask, defines a family of 2354 subtrees which are included in or excluded from the 2355 filter profile." 2356 ::= { snmpNotifyFilterEntry 1 } 2358 snmpNotifyFilterMask OBJECT-TYPE 2359 SYNTAX OCTET STRING (SIZE(0..16)) 2360 MAX-ACCESS read-create 2361 STATUS current 2362 DESCRIPTION 2363 "The bit mask which, in combination with the corresponding 2364 instance of snmpNotifyFilterSubtree, defines a family of 2365 subtrees which are included in or excluded from the 2366 filter profile. 2368 Each bit of this bit mask corresponds to a 2370 Draft SNMPv3 Applications October 1997 2372 sub-identifier of snmpNotifyFilterSubtree, with the 2373 most significant bit of the i-th octet of this octet 2374 string value (extended if necessary, see below) 2375 corresponding to the (8*i - 7)-th sub-identifier, and 2376 the least significant bit of the i-th octet of this 2377 octet string corresponding to the (8*i)-th 2378 sub-identifier, where i is in the range 1 through 16. 2380 Each bit of this bit mask specifies whether or not 2381 the corresponding sub-identifiers must match when 2382 determining if an OBJECT IDENTIFIER matches this 2383 family of filter subtrees; a '1' indicates that an 2384 exact match must occur; a '0' indicates 'wild card', 2385 i.e., any sub-identifier value matches. 2387 Thus, the OBJECT IDENTIFIER X of an object instance 2388 is contained in a family of filter subtrees if, for 2389 each sub-identifier of the value of 2390 snmpNotifyFilterSubtree, either: 2392 the i-th bit of snmpNotifyFilterMask is 0, or 2394 the i-th sub-identifier of X is equal to the i-th 2395 sub-identifier of the value of 2396 snmpNotifyFilterSubtree. 2398 If the value of this bit mask is M bits long and 2399 there are more than M sub-identifiers in the 2400 corresponding instance of snmpNotifyFilterSubtree, 2401 then the bit mask is extended with 1's to be the 2402 required length. 2404 Note that when the value of this object is the 2405 zero-length string, this extension rule results in 2406 a mask of all-1's being used (i.e., no 'wild card'), 2407 and the family of filter subtrees is the one 2408 subtree uniquely identified by the corresponding 2409 instance of snmpNotifyFilterSubtree." 2410 DEFVAL { ''H } 2411 ::= { snmpNotifyFilterEntry 2 } 2413 snmpNotifyFilterType OBJECT-TYPE 2414 SYNTAX INTEGER { 2415 included(1), 2416 excluded(2) 2417 } 2418 MAX-ACCESS read-create 2420 Draft SNMPv3 Applications October 1997 2422 STATUS current 2423 DESCRIPTION 2424 "This object indicates whether the family of filter subtrees 2425 defined by this entry are included in or excluded from a 2426 filter." 2427 DEFVAL { included } 2428 ::= { snmpNotifyFilterEntry 3 } 2430 snmpNotifyFilterStorageType OBJECT-TYPE 2431 SYNTAX StorageType 2432 MAX-ACCESS read-create 2433 STATUS current 2434 DESCRIPTION 2435 "The storage type of this conceptual row." 2436 ::= { snmpNotifyFilterEntry 4 } 2438 snmpNotifyFilterRowStatus OBJECT-TYPE 2439 SYNTAX RowStatus 2440 MAX-ACCESS read-create 2441 STATUS current 2442 DESCRIPTION 2443 "The status of this conceptual row. 2445 To create a row in this table, a manager must 2446 set this object to either createAndGo(4) or 2447 createAndWait(5)." 2448 ::= { snmpNotifyFilterEntry 5 } 2450 -- 2451 -- 2452 -- Conformance information 2453 -- 2454 -- 2456 snmpNotifyCompliances OBJECT IDENTIFIER ::= 2457 { snmpNotifyConformance 1 } 2458 snmpNotifyGroups OBJECT IDENTIFIER ::= 2459 { snmpNotifyConformance 2 } 2461 -- 2462 -- 2463 -- Compliance statements 2464 -- 2465 -- 2467 snmpNotifyBasicCompliance MODULE-COMPLIANCE 2468 STATUS current 2470 Draft SNMPv3 Applications October 1997 2472 DESCRIPTION 2473 "The compliance statement for minimal SNMP entities which 2474 implement only SNMP Traps and read-create operations on 2475 only the snmpTargetAddrTable." 2476 MODULE SNMP-TARGET-MIB 2477 MANDATORY-GROUPS { snmpTargetBasicGroup } 2479 OBJECT snmpTargetParamsMPModel 2480 MIN-ACCESS read-only 2481 DESCRIPTION 2482 "Create/delete/modify access is not required." 2484 OBJECT snmpTargetParamsSecurityModel 2485 MIN-ACCESS read-only 2486 DESCRIPTION 2487 "Create/delete/modify access is not required." 2489 OBJECT snmpTargetParamsSecurityName 2490 MIN-ACCESS read-only 2491 DESCRIPTION 2492 "Create/delete/modify access is not required." 2494 OBJECT snmpTargetParamsSecurityLevel 2495 MIN-ACCESS read-only 2496 DESCRIPTION 2497 "Create/delete/modify access is not required." 2499 OBJECT snmpTargetParamsStorageType 2500 SYNTAX INTEGER { 2501 readOnly(5) 2502 } 2503 MIN-ACCESS read-only 2504 DESCRIPTION 2505 "Create/delete/modify access is not required. 2506 Support of the values other(1), volatile(2), 2507 nonVolatile(3), and permanent(4) is not required." 2509 OBJECT snmpTargetParamsRowStatus 2510 SYNTAX INTEGER { 2511 active(1) 2512 } 2513 MIN-ACCESS read-only 2514 DESCRIPTION 2515 "Create/delete/modify access to the 2516 snmpTargetParamsTable is not required. 2517 Support of the values notInService(2), notReady(3), 2518 createAndGo(4), createAndWait(5), and destroy(6) is 2520 Draft SNMPv3 Applications October 1997 2522 not required." 2524 MODULE -- This Module 2525 MANDATORY-GROUPS { snmpNotifyGroup } 2527 OBJECT snmpNotifyTag 2528 MIN-ACCESS read-only 2529 DESCRIPTION 2530 "Create/delete/modify access is not required." 2532 OBJECT snmpNotifyType 2533 SYNTAX INTEGER { 2534 trap(1) 2535 } 2536 MIN-ACCESS read-only 2537 DESCRIPTION 2538 "Create/delete/modify access is not required. 2539 Support of the value notify(2) is not required." 2541 OBJECT snmpNotifyStorageType 2542 SYNTAX INTEGER { 2543 readOnly(5) 2544 } 2545 MIN-ACCESS read-only 2546 DESCRIPTION 2547 "Create/delete/modify access is not required. 2548 Support of the values other(1), volatile(2), 2549 nonVolatile(3), and permanent(4) is not required." 2551 OBJECT snmpNotifyRowStatus 2552 SYNTAX INTEGER { 2553 active(1) 2554 } 2555 MIN-ACCESS read-only 2556 DESCRIPTION 2557 "Create/delete/modify access to the 2558 snmpNotifyTable is not required. 2559 Support of the values notInService(2), notReady(3), 2560 createAndGo(4), createAndWait(5), and destroy(6) is 2561 not required." 2563 ::= { snmpNotifyCompliances 1 } 2565 snmpNotifyBasicFiltersCompliance MODULE-COMPLIANCE 2566 STATUS current 2567 DESCRIPTION 2568 "The compliance statement for SNMP entities which implement 2570 Draft SNMPv3 Applications October 1997 2572 SNMP Traps with filtering, and read-create operations on 2573 all related tables." 2574 MODULE SNMP-TARGET-MIB 2575 MANDATORY-GROUPS { snmpTargetBasicGroup } 2576 MODULE -- This Module 2577 MANDATORY-GROUPS { snmpNotifyGroup, 2578 snmpNotifyFilterGroup } 2579 ::= { snmpNotifyCompliances 2 } 2581 snmpNotifyFullCompliance MODULE-COMPLIANCE 2582 STATUS current 2583 DESCRIPTION 2584 "The compliance statement for SNMP entities which either 2585 implement only SNMP Informs, or both SNMP Traps and SNMP 2586 Informs, plus filtering and read-create operations on 2587 all related tables." 2588 MODULE SNMP-TARGET-MIB 2589 MANDATORY-GROUPS { snmpTargetBasicGroup, 2590 snmpTargetResponseGroup } 2591 MODULE -- This Module 2592 MANDATORY-GROUPS { snmpNotifyGroup, 2593 snmpNotifyFilterGroup } 2594 ::= { snmpNotifyCompliances 3 } 2596 snmpNotifyGroup OBJECT-GROUP 2597 OBJECTS { 2598 snmpNotifyTag, 2599 snmpNotifyType, 2600 snmpNotifyStorageType, 2601 snmpNotifyRowStatus 2602 } 2603 STATUS current 2604 DESCRIPTION 2605 "A collection of objects for selecting which management 2606 targets are used for generating notifications, and the 2607 type of notification to be generated for each selected 2608 management target." 2609 ::= { snmpNotifyGroups 1 } 2611 snmpNotifyFilterGroup OBJECT-GROUP 2612 OBJECTS { 2613 snmpNotifyFilterProfileName, 2614 snmpNotifyFilterProfileStorType, 2615 snmpNotifyFilterProfileRowStatus, 2616 snmpNotifyFilterMask, 2617 snmpNotifyFilterType, 2618 snmpNotifyFilterStorageType, 2620 Draft SNMPv3 Applications October 1997 2622 snmpNotifyFilterRowStatus 2623 } 2624 STATUS current 2625 DESCRIPTION 2626 "A collection of objects providing remote configuration 2627 of notification filters." 2628 ::= { snmpNotifyGroups 2 } 2630 END 2632 Draft SNMPv3 Applications October 1997 2634 5.3. The Proxy MIB Module 2636 The SNMP-PROXY-MIB module, which defines MIB objects that provide 2637 mechanisms to remotely configure the parameters used by an SNMP 2638 entity for proxy forwarding operations, contains a single table. 2639 This table, snmpProxyTable, is used to define translations between 2640 management targets for use when forwarding messages. 2642 5.3.1. Definitions 2644 SNMP-PROXY-MIB DEFINITIONS ::= BEGIN 2646 IMPORTS 2647 MODULE-IDENTITY, 2648 OBJECT-TYPE, 2649 snmpModules 2650 FROM SNMPv2-SMI 2652 RowStatus, 2653 StorageType 2654 FROM SNMPv2-TC 2656 SnmpEngineID, 2657 SnmpAdminString 2658 FROM SNMP-FRAMEWORK-MIB 2660 SnmpTagValue, 2661 FROM SNMP-TARGET-MIB 2663 MODULE-COMPLIANCE, 2664 OBJECT-GROUP 2665 FROM SNMPv2-CONF; 2667 snmpProxyMIB MODULE-IDENTITY 2668 LAST-UPDATED "9706140000Z" 2669 ORGANIZATION "IETF SNMPv3 Working Group" 2670 CONTACT-INFO 2671 "WG-email: snmpv3@tis.com 2672 Subscribe: majordomo@tis.com 2673 In message body: subscribe snmpv3 2675 Chair: Russ Mundy 2676 Trusted Information Systems 2677 Postal: 3060 Washington Rd 2678 Glenwood MD 21738 2679 USA 2681 Draft SNMPv3 Applications October 1997 2683 Email: mundy@tis.com 2684 Phone: +1-301-854-6889 2686 Co-editor: David B. Levi 2687 SNMP Research, Inc. 2688 Postal: 3001 Kimberlin Heights Road 2689 Knoxville, TN 37920-9716 2690 E-mail: levi@snmp.com 2691 Phone: +1 423 573 1434 2693 Co-editor: Paul Meyer 2694 Secure Computing Corporation 2695 Postal: 2675 Long Lake Road 2696 Roseville, MN 55113 2697 E-mail: paul_meyer@securecomputing.com 2698 Phone: +1 612 628 1592 2700 Co-editor: Bob Stewart 2701 Cisco Systems, Inc. 2702 Postal: 170 West Tasman Drive 2703 San Jose, CA 95134-1706 2704 E-mail: bstewart@cisco.com 2705 Phone: +1 603 654 6923" 2706 DESCRIPTION 2707 "This MIB module defines MIB objects which provide 2708 mechanisms to remotely configure the parameters 2709 used by a proxy forwarding application." 2710 REVISION "9707140000Z" 2711 DESCRIPTION 2712 "The initial revision." 2713 ::= { snmpModules 13 } -- TBD 2715 snmpProxyObjects OBJECT IDENTIFIER ::= { snmpProxyMIB 1 } 2716 snmpProxyConformance OBJECT IDENTIFIER ::= { snmpProxyMIB 3 } 2718 -- 2719 -- 2720 -- The snmpProxyObjects group 2721 -- 2722 -- 2724 snmpProxyTable OBJECT-TYPE 2725 SYNTAX SEQUENCE OF SnmpProxyEntry 2726 MAX-ACCESS not-accessible 2727 STATUS current 2728 DESCRIPTION 2729 "The table of translation parameters used by proxy forwarder 2731 Draft SNMPv3 Applications October 1997 2733 applications for forwarding SNMP messages." 2734 ::= { snmpProxyObjects 2 } 2736 snmpProxyEntry OBJECT-TYPE 2737 SYNTAX SnmpProxyEntry 2738 MAX-ACCESS not-accessible 2739 STATUS current 2740 DESCRIPTION 2741 "A set of translation parameters used by a proxy forwarder 2742 application for forwarding SNMP messages. 2744 Entries in the snmpProxyTable are created and deleted 2745 using the snmpProxyRowStatus object." 2746 INDEX { IMPLIED snmpProxyName } 2747 ::= { snmpProxyTable 1 } 2749 SnmpProxyEntry ::= SEQUENCE { 2750 snmpProxyName SnmpAdminString, 2751 snmpProxyType INTEGER, 2752 snmpProxyContextEngineID SnmpEngineID, 2753 snmpProxyContextName SnmpAdminString, 2754 snmpProxyTargetParamsIn SnmpAdminString, 2755 snmpProxySingleTargetOut SnmpAdminString, 2756 snmpProxyMultipleTargetOut SnmpTagValue, 2757 snmpProxyStorageType StorageType, 2758 snmpProxyRowStatus RowStatus 2759 } 2761 snmpProxyName OBJECT-TYPE 2762 SYNTAX SnmpAdminString (SIZE(1..32)) 2763 MAX-ACCESS not-accessible 2764 STATUS current 2765 DESCRIPTION 2766 "The locally arbitrary, but unique identifier associated 2767 with this snmpProxyEntry." 2768 ::= { snmpProxyEntry 1 } 2770 snmpProxyType OBJECT-TYPE 2771 SYNTAX INTEGER { 2772 read(1), 2773 write(2), 2774 trap(3), 2775 inform(4) 2776 } 2777 MAX-ACCESS read-create 2778 STATUS current 2779 DESCRIPTION 2781 Draft SNMPv3 Applications October 1997 2783 "The type of message that may be forwarded using 2784 the translation parameters defined by this entry." 2785 ::= { snmpProxyEntry 2 } 2787 snmpProxyContextEngineID OBJECT-TYPE 2788 SYNTAX SnmpEngineID 2789 MAX-ACCESS read-create 2790 STATUS current 2791 DESCRIPTION 2792 "The contextEngineID contained in messages that 2793 may be forwarded using the translation parameters 2794 defined by this entry." 2795 ::= { snmpProxyEntry 3 } 2797 snmpProxyContextName OBJECT-TYPE 2798 SYNTAX SnmpAdminString 2799 MAX-ACCESS read-create 2800 STATUS current 2801 DESCRIPTION 2802 "The contextName contained in messages that may be 2803 forwarded using the translation parameters defined 2804 by this entry. 2806 This object is optional, and if not supported, the 2807 contextName contained in a message is ignored when 2808 selecting an entry in the snmpProxyTable." 2809 ::= { snmpProxyEntry 4 } 2811 snmpProxyTargetParamsIn OBJECT-TYPE 2812 SYNTAX SnmpAdminString 2813 MAX-ACCESS read-create 2814 STATUS current 2815 DESCRIPTION 2816 "This object selects an entry in the snmpTargetParamsTable. 2817 The selected entry is used to determine which row of the 2818 snmpProxyTable to use for forwarding received messages." 2819 ::= { snmpProxyEntry 5 } 2821 snmpProxySingleTargetOut OBJECT-TYPE 2822 SYNTAX SnmpAdminString 2823 MAX-ACCESS read-create 2824 STATUS current 2825 DESCRIPTION 2826 "This object selects a management target defined in the 2827 snmpTargetAddrTable (in the SNMP-TARGET-MIB). The 2828 selected target is defined by an entry in the 2829 snmpTargetAddrTable whose index value (snmpTargetAddrName) 2831 Draft SNMPv3 Applications October 1997 2833 is equal to this object. 2835 This object is only used when selection of a single 2836 target is required (i.e. when forwarding an incoming 2837 read or write request)." 2838 ::= { snmpProxyEntry 6 } 2840 snmpProxyMultipleTargetOut OBJECT-TYPE 2841 SYNTAX SnmpTagValue 2842 MAX-ACCESS read-create 2843 STATUS current 2844 DESCRIPTION 2845 "This object selects a set of management targets defined 2846 in the snmpTargetAddrTable (in the SNMP-TARGET-MIB). 2848 This object is only used when selection of multiple 2849 targets is required (i.e. when forwarding an incoming 2850 notification)." 2851 ::= { snmpProxyEntry 7 } 2853 snmpProxyStorageType OBJECT-TYPE 2854 SYNTAX StorageType 2855 MAX-ACCESS read-create 2856 STATUS current 2857 DESCRIPTION 2858 "The storage type of this conceptual row." 2859 ::= { snmpProxyEntry 8 } 2861 snmpProxyRowStatus OBJECT-TYPE 2862 SYNTAX RowStatus 2863 MAX-ACCESS read-create 2864 STATUS current 2865 DESCRIPTION 2866 "The status of this conceptual row. 2868 To create a row in this table, a manager must 2869 set this object to either createAndGo(4) or 2870 createAndWait(5). 2872 The following objects may not be modified while the 2873 value of this object is active(1): 2874 - snmpProxyType 2875 - snmpProxyContextEngineID 2876 - snmpProxyContextName 2877 - snmpProxyTargetParamsIn 2878 - snmpProxySingleTargetOut 2879 - snmpProxyMultipleTargetOut" 2881 Draft SNMPv3 Applications October 1997 2883 ::= { snmpProxyEntry 9 } 2885 -- 2886 -- 2887 -- Conformance information 2888 -- 2889 -- 2891 snmpProxyCompliances OBJECT IDENTIFIER ::= 2892 { snmpProxyConformance 1 } 2893 snmpProxyGroups OBJECT IDENTIFIER ::= 2894 { snmpProxyConformance 2 } 2896 -- 2897 -- 2898 -- Compliance statements 2899 -- 2900 -- 2902 snmpProxyCompliance MODULE-COMPLIANCE 2903 STATUS current 2904 DESCRIPTION 2905 "The compliance statement for SNMP entities which include 2906 a proxy forwarding application." 2907 MODULE SNMP-TARGET-MIB 2908 MANDATORY-GROUPS { snmpTargetBasicGroup, 2909 snmpTargetResponseGroup } 2910 MODULE -- This Module 2911 MANDATORY-GROUPS { snmpProxyGroup } 2912 ::= { snmpProxyCompliances 1 } 2914 snmpProxyGroup OBJECT-GROUP 2915 OBJECTS { 2916 snmpProxyType, 2917 snmpProxyContextEngineID, 2918 snmpProxyContextName, 2919 snmpProxyTargetParamsIn, 2920 snmpProxySingleTargetOut, 2921 snmpProxyMultipleTargetOut, 2922 snmpProxyStorageType, 2923 snmpProxyRowStatus 2924 } 2925 STATUS current 2926 DESCRIPTION 2927 "A collection of objects providing remote configuration of 2928 management target translation parameters for use by 2929 proxy forwarder applications." 2931 Draft SNMPv3 Applications October 1997 2933 ::= { snmpProxyGroups 3 } 2935 END 2937 Draft SNMPv3 Applications October 1997 2939 6. Identification of Management Targets in Notification Originators 2941 This section describes the mechanisms used by a notification 2942 originator application when using the MIB module described in this 2943 document to determine the set of management targets to be used when 2944 generating a notification. 2946 A notification originator uses the snmpNotifyTable to find the 2947 management targets to be used for generating notifications. Each 2948 active entry in this table identifies zero or more entries in the 2949 snmpTargetAddrTable. Any entry in the snmpTargetAddrTable whose 2950 snmpTargetAddrTagList object contains a tag value which is equal to a 2951 value of snmpNotifyTag is selected by the snmpNotifyEntry which 2952 contains that instance of snmpNotifyTag. Note that a particular 2953 snmpTargetAddrEntry may be selected by multiple entries in the 2954 snmpNotifyTable, resulting in multiple notifications being generated 2955 using that snmpTargetAddrEntry. 2957 Each snmpTargetAddrEntry contains a pointer to the 2958 snmpTargetParamsTable (snmpTargetAddrParams). This pointer selects a 2959 set of SNMP parameters to be used for generating notifications. If 2960 the selected entry in the snmpTargetParamsTable does not exist, the 2961 management target is not used to generate notifications. 2963 The decision as to whether a notification should contain an SNMPv2- 2964 Trap or Inform PDU is determined by the value of the snmpNotifyType 2965 object. If the value of this object is trap(1), the notification 2966 should contain an SNMPv2-Trap PDU. If the value of this object is 2967 inform(2), then the notification should contain an Inform PDU, and 2968 the timeout time and number of retries for the Inform are the value 2969 of snmpTargetAddrTimeout and snmpTargetAddrRetryCount. Note that the 2970 exception to these rules is when the snmpTargetParamsMPModel object 2971 indicates SNMPv1. In this case, the notification is sent as a Trap 2972 if the value of snmpNotifyTargetType is either trap(1) or inform(2). 2974 Draft SNMPv3 Applications October 1997 2976 7. Notification Filtering 2978 This section describes the mechanisms used by a notification 2979 originator application when using the MIB module described in this 2980 document to filter generation of notifications. 2982 A notification originator uses the snmpNotifyFilterTable to filter 2983 notifications. A notification filter profile may be associated with 2984 a management target identified by a particular entry in the 2985 snmpTargetAddrTable. The associated filter profile is identified by 2986 an entry in the snmpNotifyFilterProfileTable whose index is equal to 2987 the index of the entry in the snmpTargetAddrTable. If no such entry 2988 exists in the snmpNotifyFilterProfileTable, no filtering is performed 2989 for that management target. 2991 If such an entry does exist, the value of snmpNotifyFilterProfileName 2992 of the entry is compared with the corresponding portion of the index 2993 of all active entries in the snmpNotifyFilterTable. All such entries 2994 for which this comparison results in an exact match are used for 2995 filtering the notification. If no such entries exist, no filtering 2996 is performed, and the notification may be sent to the management 2997 target. 2999 Otherwise, if matching entries do exist, the notification may be sent 3000 if the NOTIFICATION-TYPE OBJECT IDENTIFIER of the notification (this 3001 is the value of the element of the variable bindings whose name is 3002 snmpTrapOID.0, i.e., the second variable binding), and all of the 3003 object instances to be included in the variable-bindings of the 3004 notification, are not specifically excluded by the matching entries. 3006 Each set of snmpNotifyFilterTable entries is divided into two 3007 collections of filter subtrees: the included filter subtrees, and 3008 the excluded filter subtrees. The snmpNotifyFilterType object 3009 defines the collection to which each matching entry belongs. 3011 To determine whether a particular notification name or object 3012 instance is excluded by the set of matching entries, compare the 3013 notification name's or object instance's OBJECT IDENTIFIER with each 3014 of the matching entries. If none match, then the notification name 3015 or object instance is considered excluded, and the notification 3016 should not be sent to this management target. If one or more match, 3017 then the notification name or object instance is included or 3018 excluded, according to the value of snmpNotifyFilterType in the entry 3019 whose value of snmpNotifyFilterSubtree has the most sub-identifiers. 3020 If multiple entries match and have the same number of sub- 3021 identifiers, then the lexicographically greatest instance of 3022 snmpNotifyFilterType among those which match determines the inclusion 3024 Draft SNMPv3 Applications October 1997 3026 or exclusion. 3028 A notification name's or object instance's OBJECT IDENTIFIER X 3029 matches an entry in the snmpNotifyFilterTable when the number of 3030 sub-identifiers in X is at least as many as in the value of 3031 snmpNotifyFilterSubtree for the entry, and each sub-identifier in the 3032 value of snmpNotifyFilterSubtree matches its corresponding sub- 3033 identifier in X. Two sub-identifiers match either if the 3034 corresponding bit of snmpNotifyFilterMask is zero (the 'wild card' 3035 value), or if the two sub-identifiers are equal. 3037 Draft SNMPv3 Applications October 1997 3039 8. Management Target Translation in Proxy Forwarder Applications 3041 This section describes the mechanisms used by a proxy forwarder 3042 application when using the MIB module described in this document to 3043 translate incoming management target information into outgoing 3044 management target information for the purpose of forwarding messages. 3045 There are actually two mechanisms a proxy forwarder may use, one for 3046 forwarding request messages, and one for forwarding notification 3047 messages. 3049 8.1. Management Target Translation for Request Forwarding 3051 When forwarding request messages, the proxy forwarder will select a 3052 single entry in the snmpProxyTable. To select this entry, it will 3053 perform the following comparisons: 3055 - The snmpProxyType must be read(1) if the request is a Get, 3056 GetNext, or GetBulk request. The snmpProxyType must be 3057 write(2) if the request is a Set request. 3059 - The contextEngineId must equal the snmpProxyContextEngineID 3060 object. 3062 - If the snmpProxyContextName object is supported, it must equal 3063 the contextName. 3065 - The snmpProxyTargetParamsIn object identifies an entry in the 3066 snmpTargetParamsTable. The messageProcessingModel, 3067 securityLevel, security model, and securityName must match the 3068 values of snmpTargetParamsMPModel, 3069 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, 3070 and snmpTargetParamsSecurityLevel of the identified entry in 3071 the snmpTargetParamsTable. 3073 There may be multiple entries in the snmpProxyTable for which these 3074 comparisons succeed. The entry whose snmpProxyName has the 3075 lexicographically smallest value and for which the comparisons 3076 succeed will be selected by the proxy forwarder. 3078 The outgoing management target information is identified by the value 3079 of the snmpProxySingleTargetOut object of the selected entry. This 3080 object identifies an entry in the snmpTargetAddrTable. The 3081 identified entry in the snmpTargetAddrTable also contains a reference 3082 to the snmpTargetParamsTable (snmpTargetAddrParams). If either the 3083 identified entry in the snmpTargetAddrTable does not exist, or the 3084 identified entry in the snmpTargetParamsTable does not exist, then 3086 Draft SNMPv3 Applications October 1997 3088 this snmpProxyEntry does not identify valid forwarding information, 3089 and the proxy forwarder should attempt to identify another row. 3091 If there is no entry in the snmpProxyTable for which all of the 3092 conditions above may be met, then there is no appropriate forwarding 3093 information, and the proxy forwarder should take appropriate actions. 3095 Otherwise, The snmpTargetAddrTDomain, snmpTargetAddrTAddress, 3096 snmpTargetAddrTimeout, and snmpTargetRetryCount of the identified 3097 snmpTargetAddrEntry, and the snmpTargetParamsMPModel, 3098 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, and 3099 snmpTargetParamsSecurityLevel of the identified snmpTargetParamsEntry 3100 are used as the destination management target. 3102 8.2. Management Target Translation for Notification Forwarding 3104 When forwarding notification messages, the proxy forwarder will 3105 select multiple entries in the snmpProxyTable. To select these 3106 entries, it will perform the following comparisons: 3108 - The snmpProxyType must be trap(3) if the notification is a 3109 Trap. The snmpProxyType must be inform(4) if the request is 3110 an Inform. 3112 - The contextEngineId must equal the snmpProxyContextEngineID 3113 object. 3115 - If the snmpProxyContextName object is supported, it must equal 3116 the contextName. 3118 - The snmpProxyTargetParamsIn object identifies an entry in the 3119 snmpTargetParamsTable. The messageProcessingModel, 3120 securityLevel, security model, and securityName must match the 3121 values of snmpTargetParamsMPModel, 3122 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, 3123 and snmpTargetParamsSecurityLevel of the identified entry in 3124 the snmpTargetParamsTable. 3126 All entries for which these conditions are met are selected. The 3127 snmpProxyMultipleTargetOut object of each such entry is used to 3128 select a set of entries in the snmpTargetAddrTable. Any 3129 snmpTargetAddrEntry whose snmpTargetAddrTagList object contains a tag 3130 value equal to the value of snmpProxyMultipleTargetOut, and whose 3131 snmpTargetAddrParams object references an existing entry in the 3132 snmpTargetParamsTable, is selected as a destination for the forwarded 3133 notification. 3135 Draft SNMPv3 Applications October 1997 3137 9. Security Considerations 3139 The SNMP applications described in this document typically have 3140 direct access to MIB instrumentation. Thus, it is very important 3141 that these applications be strict in their application of access 3142 control as described in this document. 3144 In addition, there may be some types of notification generator 3145 applications which, rather than accessing MIB instrumentation using 3146 access control, will obtain MIB information through other means (such 3147 as from a command line). The implementors and users of such 3148 applications must be responsible for not divulging MIB information 3149 that normally would be inaccessible due to access control. 3151 10. Editor's Address 3153 David B. Levi 3154 SNMP Research, Inc. 3155 3001 Kimberlin Heights Road 3156 Knoxville, TN 37920-9716 3157 U.S.A. 3158 Phone: +1 423 573 1434 3159 EMail: levi@snmp.com 3161 Paul Meyer 3162 Secure Computing Corporation 3163 2675 Long Lake Road 3164 Roseville, MN 55113 3165 U.S.A. 3166 Phone: +1 612 628 1592 3167 EMail: paul_meyer@securecomputing.com 3169 Bob Stewart 3170 Cisco Systems, Inc. 3171 170 West Tasman Drive 3172 San Jose, CA 95134-1706 3173 U.S.A. 3174 Phone: +1 603 654 6923 3175 EMail: bstewart@cisco.com 3177 Draft SNMPv3 Applications October 1997 3179 11. Acknowledgments 3181 This document is the result of the efforts of the SNMPv3 Working 3182 Group. Some special thanks are in order to the following SNMPv3 WG 3183 members: 3185 Dave Battle (SNMP Research, Inc.) 3186 Uri Blumenthal (IBM T.J. Watson Research Center) 3187 Jeff Case (SNMP Research, Inc.) 3188 John Curran (BBN) 3189 T. Max Devlin (Hi-TECH Connections) 3190 John Flick (Hewlett Packard) 3191 David Harrington (Cabletron Systems Inc.) 3192 N.C. Hien (IBM T.J. Watson Research Center) 3193 Dave Levi (SNMP Research, Inc.) 3194 Louis A Mamakos (UUNET Technologies Inc.) 3195 Paul Meyer (Secure Computing Corporation) 3196 Keith McCloghrie (Cisco Systems) 3197 Russ Mundy (Trusted Information Systems, Inc.) 3198 Bob Natale (ACE*COMM Corporation) 3199 Mike O'Dell (UUNET Technologies Inc.) 3200 Dave Perkins (DeskTalk) 3201 Peter Polkinghorne (Brunel University) 3202 Randy Presuhn (BMC Software, Inc.) 3203 David Reid (SNMP Research, Inc.) 3204 Shawn Routhier (Epilogue) 3205 Juergen Schoenwaelder (TU Braunschweig) 3206 Bob Stewart (Cisco Systems) 3207 Bert Wijnen (IBM T.J. Watson Research Center) 3209 The document is based on recommendations of the IETF Security and 3210 Administrative Framework Evolution for SNMP Advisory Team. Members of 3211 that Advisory Team were: 3213 David Harrington (Cabletron Systems Inc.) 3214 Jeff Johnson (Cisco Systems) 3215 David Levi (SNMP Research Inc.) 3216 John Linn (Openvision) 3217 Russ Mundy (Trusted Information Systems) chair 3218 Shawn Routhier (Epilogue) 3219 Glenn Waters (Nortel) 3220 Bert Wijnen (IBM T. J. Watson Research Center) 3222 As recommended by the Advisory Team and the SNMPv3 Working Group 3223 Charter, the design incorporates as much as practical from previous 3224 RFCs and drafts. As a result, special thanks are due to the authors 3225 of previous designs known as SNMPv2u and SNMPv2*: 3227 Draft SNMPv3 Applications October 1997 3229 Jeff Case (SNMP Research, Inc.) 3230 David Harrington (Cabletron Systems Inc.) 3231 David Levi (SNMP Research, Inc.) 3232 Keith McCloghrie (Cisco Systems) 3233 Brian O'Keefe (Hewlett Packard) 3234 Marshall T. Rose (Dover Beach Consulting) 3235 Jon Saperia (BGS Systems Inc.) 3236 Steve Waldbusser (International Network Services) 3237 Glenn W. Waters (Bell-Northern Research Ltd.) 3239 Draft SNMPv3 Applications October 1997 3241 12. References 3243 [RFC1157] 3244 Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network 3245 Management Protocol", RFC 1157, SNMP Research, Performance Systems 3246 International, Performance Systems International, MIT Laboratory 3247 for Computer Science, May 1990. 3249 [RFC1213] 3250 McCloghrie, K., and M. Rose, Editors, "Management Information Base 3251 for Network Management of TCP/IP-based internets: MIB-II", STD 17, 3252 RFC 1213, Hughes LAN Systems, Performance Systems International, 3253 March 1991. 3255 [RFC1902] 3256 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3257 Waldbusser, "Structure of Management Information for Version 2 of 3258 the Simple Network Management Protocol (SNMPv2)", RFC1902, SNMP 3259 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3260 International Network Services, January 1996. 3262 [RFC1903] 3263 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3264 Waldbusser, "Textual Conventions for Version 2 of the Simple 3265 Network Management Protocol (SNMPv2)", RFC1903, SNMP Research,Inc., 3266 Cisco Systems, Inc., Dover Beach Consulting, Inc., International 3267 Network Services, January 1996. 3269 [RFC1905] 3270 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3271 Waldbusser, "Protocol Operations for Version 2 of the Simple 3272 Network Management Protocol (SNMPv2)", RFC1905, SNMP Research,Inc., 3273 Cisco Systems, Inc., Dover Beach Consulting, Inc., International 3274 Network Services, January 1996. 3276 [RFC1907] 3277 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3278 Waldbusser, "Management Information Base for Version 2 of the 3279 Simple Network Management Protocol (SNMPv2)", RFC1905, SNMP 3280 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3281 International Network Services, January 1996. 3283 [RFC1908] 3284 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3285 Waldbusser, "Coexistence between Version 1 and Version 2 of the 3286 Internet-standard Network Management Framework", RFC1905, SNMP 3287 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3289 Draft SNMPv3 Applications October 1997 3291 International Network Services, January 1996. 3293 [SNMP-ARCH] 3294 The SNMPv3 Working Group, Harrington, D., Wijnen, B., "An 3295 Architecture for Describing SNMP Management Frameworks", draft- 3296 ietf-snmpv3-next-gen-arch-05.txt, September 1997. 3298 [SNMP-MPD] 3299 The SNMPv3 Working Group, Case, J., Harrington, D., Wijnen, B., 3300 "Message Processing and Dispatching for the Simple Network 3301 Management Protocol (SNMP)", draft-ietf-snmpv3-v3mpc-model-05.txt, 3302 October 1997. 3304 [SNMP-ACM] 3305 The SNMPv3 Working Group, Wijnen, B., Presuhn, R., McCloghrie, K., 3306 "View-based Access Control Model for the Simple Network Management 3307 Protocol (SNMP)", draft-ietf-snmpv3-acm-03.txt, September 1997. 3309 APPENDIX A - Trap Configuration Example 3311 This section describes an example configuration for a Notification 3312 Generator application which implements the snmpNotifyBasicCompliance 3313 level. The example configuration specifies that the Notification 3314 Generator should send notifications to 3 separate managers, using 3315 authentication and no privacy for the first 2 managers, and using 3316 both authentication and privacy for the third manager. 3318 The configuration consists of three rows in the snmpTargetAddrTable, 3319 and two rows in the snmpTargetTable. 3321 snmpTargetAddrName SnmpAdminString, 3322 snmpTargetAddrTDomain TDomain, 3323 snmpTargetAddrTAddress TAddress, 3324 snmpTargetAddrTimeout TimeInterval, 3325 snmpTargetAddrRetryCount Integer32, 3326 snmpTargetAddrTagList SnmpAdminString, 3327 snmpTargetAddrParams SnmpAdminString, 3328 snmpTargetAddrStorageType StorageType, 3329 snmpTargetAddrRowStatus RowStatus 3331 * snmpTargetAddrName = "addr1" 3332 snmpTargetAddrTDomain = snmpUDPDomain 3333 snmpTargetAddrTAddress = 128.1.2.3:162 3334 snmpTargetAddrTagList = "group1" 3335 snmpTargetAddrParams = "AuthNoPriv joe" 3337 Draft SNMPv3 Applications October 1997 3339 snmpTargetAddrStorageType = readOnly(5) 3340 snmpTargetAddrRowStatus = active(1) 3342 * snmpTargetAddrName = "addr2" 3343 snmpTargetAddrTDomain = snmpUDPDomain 3344 snmpTargetAddrTAddress = 128.2.4.6:162 3345 snmpTargetAddrTagList = "group1" 3346 snmpTargetAddrParams = "AuthNoPriv-joe" 3347 snmpTargetAddrStorageType = readOnly(5) 3348 snmpTargetAddrRowStatus = active(1) 3350 * snmpTargetAddrName = "addr3" 3351 snmpTargetAddrTDomain = snmpUDPDomain 3352 snmpTargetAddrTAddress = 128.1.2.3:162 3353 snmpTargetAddrTagList = "group2" 3354 snmpTargetAddrParams = "AuthPriv-bob" 3355 snmpTargetAddrStorageType = readOnly(5) 3356 snmpTargetAddrRowStatus = active(1) 3358 * snmpTargetParamsName = "AuthNoPriv-joe" 3359 snmpTargetParamsMPModel = 3 3360 snmpTargetParamsSecurityModel = 3 (USM) 3361 snmpTargetParamsSecurityName = "joe" 3362 snmpTargetParamsSecurityLevel = authNoPriv(2) 3363 snmpTargetParamsStorageType = readOnly(5) 3364 snmpTargetParamsRowStatus = active(1) 3366 * snmpTargetParamsName = "AuthPriv-bob" 3367 snmpTargetParamsMPModel = 3 3368 snmpTargetParamsSecurityModel = 3 (USM) 3369 snmpTargetParamsSecurityName = "bob" 3370 snmpTargetParamsSecurityLevel = authPriv(3) 3371 snmpTargetParamsStorageType = readOnly(5) 3372 snmpTargetParamsRowStatus = active(1) 3374 * snmpNotifyName = "group1" 3375 snmpNotifyTag = "group1" 3376 snmpNotifyType = trap(1) 3377 snmpNotifyStorageType = readOnly(5) 3378 snmpNotifyRowStatus = active(1) 3380 * snmpNotifyName = "group2" 3381 snmpNotifyTag = "group2" 3382 snmpNotifyType = trap(1) 3383 snmpNotifyStorageType = readOnly(5) 3384 snmpNotifyRowStatus = active(1) 3386 Draft SNMPv3 Applications October 1997 3388 These entries define two groups of management targets. The first 3389 group contains two management targets: 3391 first target second target 3392 ------------ ------------- 3393 messageProcessingModel SNMPv3 SNMPv3 3394 securityModel 3 (USM) 3 (USM) 3395 securityName "joe" "joe" 3396 securityLevel authNoPriv(2) authNoPriv(2) 3397 transportDomain snmpUDPDomain snmpUDPDomain 3398 transportAddress 128.1.2.3:162 128.2.4.6:162 3400 And the second group contains a single management target: 3402 messageProcessingModel SNMPv3 3403 securityLevel authPriv(3) 3404 securityModel 3 (USM) 3405 securityName "bob" 3406 transportDomain snmpUDPDomain 3407 transportAddress 128.1.5.9:162 3409 Draft SNMPv3 Applications October 1997 3411 Table of Contents 3413 1 Abstract ..................................................... 2 3414 2 Overview ..................................................... 3 3415 2.1 Command Generator Applications ............................. 3 3416 2.2 Command Responder Applications ............................. 3 3417 2.3 Notification Originator Applications ....................... 4 3418 2.4 Notification Receiver Applications ......................... 4 3419 2.5 Proxy Forwarder Applications ............................... 4 3420 3 Management Targets ........................................... 6 3421 4 Elements Of Procedure ........................................ 6 3422 4.1 Command Generator Applications ............................. 6 3423 4.2 Command Responder Applications ............................. 10 3424 4.3 Notification Originator Applications ....................... 15 3425 4.4 Notification Receiver Applications ......................... 18 3426 4.5 Proxy Forwarder Applications ............................... 20 3427 4.5.1 Request Forwarding ....................................... 21 3428 4.5.1.1 Processing an Incoming Request ......................... 21 3429 4.5.1.2 Processing an Incoming Response ........................ 24 3430 4.5.1.3 Processing an Incoming Report Indication ............... 25 3431 4.5.2 Notification Forwarding .................................. 26 3432 5 The Structure of the MIB Modules ............................. 30 3433 5.1 The Management Target MIB Module ........................... 30 3434 5.1.1 Tag Lists ................................................ 30 3435 5.1.2 Definitions .............................................. 31 3436 5.2 The Notification MIB Module ................................ 45 3437 5.2.1 Definitions .............................................. 45 3438 5.3 The Proxy MIB Module ....................................... 58 3439 5.3.1 Definitions .............................................. 58 3440 6 Identification of Management Targets in Notification Origi- 3441 nators .................................................... 65 3442 7 Notification Filtering ....................................... 66 3443 8 Management Target Translation in Proxy Forwarder Applica- 3444 tions ..................................................... 68 3445 8.1 Management Target Translation for Request Forwarding ....... 68 3446 8.2 Management Target Translation for Notification Forwarding 3447 ........................................................... 69 3448 9 Security Considerations ...................................... 70 3449 10 Editor's Address ............................................ 70 3450 11 Acknowledgments ............................................. 71 3451 12 References .................................................. 73 3452 Appendix A Trap Configuration Example .......................... 74 3454 Expires April 1998 [Page 77ENDPAGE