idnits 2.17.1 draft-ietf-snmpv3-appl-v2-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([SNMP-ARCH]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 5 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 636: '...P manageable, it MUST use the SNMP-TAR...' RFC 2119 keyword, line 916: '...table SNMP manageable, it MUST use the...' Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 3318 has weird spacing: '...tyLevel auth...' == Line 3319 has weird spacing: '...tDomain snmp...' == Line 3325 has weird spacing: '...tyLevel auth...' == Line 3328 has weird spacing: '...tDomain snmp...' == Line 3341 has weird spacing: '...for the purpo...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (07 August 1998) is 9394 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC1157' is defined on line 3147, but no explicit reference was found in the text == Unused Reference: 'RFC1213' is defined on line 3153, but no explicit reference was found in the text == Unused Reference: 'RFC1902' is defined on line 3159, but no explicit reference was found in the text == Unused Reference: 'RFC1903' is defined on line 3166, but no explicit reference was found in the text == Unused Reference: 'SNMP-MPD' is defined on line 3199, but no explicit reference was found in the text == Unused Reference: 'SNMP-ACM' is defined on line 3205, but no explicit reference was found in the text ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Obsolete normative reference: RFC 1902 (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1905 (Obsoleted by RFC 3416) -- Duplicate reference: RFC1905, mentioned in 'RFC1907', was also mentioned in 'RFC1905'. ** Obsolete normative reference: RFC 1905 (ref. 'RFC1907') (Obsoleted by RFC 3416) -- Duplicate reference: RFC1905, mentioned in 'RFC1908', was also mentioned in 'RFC1907'. ** Obsolete normative reference: RFC 1905 (ref. 'RFC1908') (Obsoleted by RFC 3416) == Outdated reference: A later version (-05) exists of draft-ietf-snmpv3-arch-00 -- Unexpected draft version: The latest known version of draft-ietf-snmpv3-v3mpc-model is -06, but you're referring to -07. == Outdated reference: A later version (-04) exists of draft-ietf-snmpv3-vacm-00 Summary: 16 errors (**), 0 flaws (~~), 15 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Draft SNMPv3 Applications 07 August 1998 4 INTERNET-DRAFT David B. Levi 5 SNMP Research, Inc. 6 Paul Meyer 7 Secure Computing Corporation 8 Bob Stewart 9 Cisco Systems 10 07 August 1998 12 SNMPv3 Applications 13 15 Status of this Memo 17 This document is an Internet-Draft. Internet-Drafts are working 18 documents of the Internet Engineering Task Force (IETF), its areas, 19 and its working groups. Note that other groups may also distribute 20 working documents as Internet-Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as ``work in progress.'' 27 To learn the current status of any Internet-Draft, please check the 28 ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow 29 Directories on ftp.ietf.org (US East Coast), nic.nordu.net 30 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 31 Rim). 33 Copyright Notice 35 Copyright (C) The Internet Society (date). All Rights Reserved. 37 Abstract 39 This memo describes five types of SNMP applications which make use of 40 an SNMP engine as described in [SNMP-ARCH]. The types of application 41 described are Command Generators, Command Responders, Notification 42 Originators, Notification Receivers, and Proxy Forwarders. 44 This memo also defines MIB modules for specifying targets of 45 management operations, for notification filtering, and for proxy 46 forwarding. 48 Table Of Contents 50 1 Overview ..................................................... 3 51 1.1 Command Generator Applications ............................. 3 52 1.2 Command Responder Applications ............................. 3 53 1.3 Notification Originator Applications ....................... 4 54 1.4 Notification Receiver Applications ......................... 4 55 1.5 Proxy Forwarder Applications ............................... 4 56 2 Management Targets ........................................... 6 57 3 Elements Of Procedure ........................................ 6 58 3.1 Command Generator Applications ............................. 6 59 3.2 Command Responder Applications ............................. 10 60 3.3 Notification Originator Applications ....................... 16 61 3.4 Notification Receiver Applications ......................... 19 62 3.5 Proxy Forwarder Applications ............................... 21 63 3.5.1 Request Forwarding ....................................... 22 64 3.5.1.1 Processing an Incoming Request ......................... 22 65 3.5.1.2 Processing an Incoming Response ........................ 25 66 3.5.1.3 Processing an Incoming Report Indication ............... 26 67 3.5.2 Notification Forwarding .................................. 27 68 4 The Structure of the MIB Modules ............................. 31 69 4.1 The Management Target MIB Module ........................... 31 70 4.1.1 Tag Lists ................................................ 31 71 4.1.2 Definitions .............................................. 32 72 4.2 The Notification MIB Module ................................ 46 73 4.2.1 Definitions .............................................. 46 74 4.3 The Proxy MIB Module ....................................... 59 75 4.3.1 Definitions .............................................. 59 76 5 Identification of Management Targets in Notification Origi- 77 nators .................................................... 66 78 6 Notification Filtering ....................................... 67 79 7 Management Target Translation in Proxy Forwarder Applica- 80 tions ..................................................... 69 81 7.1 Management Target Translation for Request Forwarding ....... 69 82 7.2 Management Target Translation for Notification Forwarding 83 ........................................................... 70 84 8 Intellectual Property ........................................ 71 85 9 Acknowledgments .............................................. 71 86 10 Security Considerations ..................................... 72 87 11 References .................................................. 74 88 12 Editor's Address ............................................ 76 89 A. Trap Configuration Example .................................. 77 90 B. Full Copyright Statement .................................... 79 92 1. Overview 94 This document describes five types of SNMP applications: 96 - Applications which initiate SNMP Get, GetNext, GetBulk, and/or 97 Set requests, called 'command generators.' 99 - Applications which respond to SNMP Get, GetNext, GetBulk, 100 and/or Set requests, called 'command responders.' 102 - Applications which generate notifications, called 103 'notification originators.' 105 - Applications which receive notifications, called 'notification 106 receivers.' 108 - Applications which forward SNMP Get, GetNext, GetBulk, and/or 109 Set requests or notifications, called 'proxy forwarder.' 111 Note that there are no restrictions on which types of applications 112 may be associated with a particular SNMP engine. For example, a 113 single SNMP engine may, in fact, be associated with both command 114 generator and command responder applications. 116 1.1. Command Generator Applications 118 A command generator application initiates SNMP Get, GetNext, GetBulk, 119 and/or Set requests, as well as processing the response to a request 120 which it generated. 122 1.2. Command Responder Applications 124 A command responder application receives SNMP Get, GetNext, GetBulk, 125 and/or Set requests destined for the local system as indicated by the 126 fact that the contextEngineID in the received request is equal to 127 that of the local engine through which the request was received. The 128 command responder application will perform the appropriate protocol 129 operation, using access control, and will generate a response message 130 to be sent to the request's originator. 132 1.3. Notification Originator Applications 134 A notification originator application conceptually monitors a system 135 for particular events or conditions, and generates Trap and/or Inform 136 messages based on these events or conditions. A notification 137 originator must have a mechanism for determining where to send 138 messages, and what SNMP version and security parameters to use when 139 sending messages. A mechanism and MIB module for this purpose is 140 provided in this document. 142 1.4. Notification Receiver Applications 144 A notification receiver application listens for notification 145 messages, and generates response messages when a message containing 146 an Inform PDU is received. 148 1.5. Proxy Forwarder Applications 150 A proxy forwarder application forwards SNMP messages. Note that 151 implementation of a proxy forwarder application is optional. The 152 sections describing proxy (4.5, 5.3, and 8) may be skipped for 153 implementations that do not include a proxy forwarder application. 155 The term "proxy" has historically been used very loosely, with 156 multiple different meanings. These different meanings include (among 157 others): 159 (1) the forwarding of SNMP requests to other SNMP entities without 160 regard for what managed object types are being accessed; for 161 example, in order to forward an SNMP request from one transport 162 domain to another, or to translate SNMP requests of one version 163 into SNMP requests of another version; 165 (2) the translation of SNMP requests into operations of some non-SNMP 166 management protocol; and 168 (3) support for aggregated managed objects where the value of one 169 managed object instance depends upon the values of multiple other 170 (remote) items of management information. 172 Each of these scenarios can be advantageous; for example, support for 173 aggregation of management information can significantly reduce the 174 bandwidth requirements of large-scale management activities. 175 However, using a single term to cover multiple different scenarios 176 causes confusion. 178 To avoid such confusion, this document uses the term "proxy" with a 179 much more tightly defined meaning. The term "proxy" is used in this 180 document to refer to a proxy forwarder application which forwards 181 either SNMP requests, notifications, and responses without regard for 182 what managed objects are contained within requests or notifications. 183 This definition is most closely related to the first definition 184 above. Note, however, that in the SNMP architecture [SNMP-ARCH], a 185 proxy forwarder is actually an application, and need not be 186 associated with what is traditionally thought of as an SNMP agent. 188 Specifically, the distinction between a traditional SNMP agent and a 189 proxy forwarder application is simple: 191 - a proxy forwarder application forwards requests and/or 192 notifications to other SNMP engines according to the context, 193 and irrespective of the specific managed object types being 194 accessed, and forwards the response to such previously 195 forwarded messages back to the SNMP engine from which the 196 original message was received; 198 - in contrast, the command responder application that is part of 199 what is traditionally thought of as an SNMP agent, and which 200 processes SNMP requests according to the (names of the) 201 individual managed object types and instances being accessed, 202 is NOT a proxy forwarder application from the perspective of 203 this document. 205 Thus, when a proxy forwarder application forwards a request or 206 notification for a particular contextEngineID / contextName pair, not 207 only is the information on how to forward the request specifically 208 associated with that context, but the proxy forwarder application has 209 no need of a detailed definition of a MIB view (since the proxy 210 forwarder application forwards the request irrespective of the 211 managed object types). 213 In contrast, a command responder application must have the detailed 214 definition of the MIB view, and even if it needs to issue requests to 215 other entities, via SNMP or otherwise, that need is dependent on the 216 individual managed object instances being accessed (i.e., not only on 217 the context). 219 Note that it is a design goal of a proxy forwarder application to act 220 as an intermediary between the endpoints of a transaction. In 221 particular, when forwarding Inform requests, the associated response 222 is forwarded when it is received from the target to which the Inform 223 request was forwarded, rather than generating a response immediately 224 when an Inform request is received. 226 2. Management Targets 228 Some types of applications (notification generators and proxy 229 forwarders in particular) require a mechanism for determining where 230 and how to send generated messages. This document provides a 231 mechanism and MIB module for this purpose. The set of information 232 that describes where and how to send a message is called a 233 'Management Target', and consists of two kinds of information: 235 - Destination information, consisting of a transport domain and 236 a transport address. This is also termed a transport 237 endpoint. 239 - SNMP parameters, consisting of message processing model, 240 security model, security level, and security name information. 242 The SNMP-TARGET-MIB module described later in this document contains 243 one table for each of these types of information. There can be a 244 many-to-many relationship in the MIB between these two types of 245 information. That is, there may be multiple transport endpoints 246 associated with a particular set of SNMP parameters, or a particular 247 transport endpoint may be associated with several sets of SNMP 248 parameters. 250 3. Elements Of Procedure 252 The following sections describe the procedures followed by each type 253 of application when generating messages for transmission or when 254 processing received messages. Applications communicate with the 255 Dispatcher using the abstract service interfaces defined in [SNMP- 256 ARCH]. 258 3.1. Command Generator Applications 260 A command generator initiates an SNMP request by calling the 261 Dispatcher using the following abstract service interface: 263 statusInformation = -- sendPduHandle if success 264 -- errorIndication if failure 265 sendPdu( 266 IN transportDomain -- transport domain to be used 267 IN transportAddress -- destination network address 268 IN messageProcessingModel -- typically, SNMP version 269 IN securityModel -- Security Model to use 270 IN securityName -- on behalf of this principal 271 IN securityLevel -- Level of Security requested 272 IN contextEngineID -- data from/at this entity 273 IN contextName -- data from/in this context 274 IN pduVersion -- the version of the PDU 275 IN PDU -- SNMP Protocol Data Unit 276 IN expectResponse -- TRUE or FALSE 277 ) 279 Where: 281 - The transportDomain is that of the destination of the message. 283 - The transportAddress is that of the destination of the 284 message. 286 - The messageProcessingModel indicates which Message Processing 287 Model the application wishes to use. 289 - The securityModel is the security model that the application 290 wishes to use. 292 - The securityName is the security model independent name for 293 the principal on whose behalf the application wishes the 294 message is to be generated. 296 - The securityLevel is the security level that the application 297 wishes to use. 299 - The contextEngineID is provided by the command generator if it 300 wishes to explicitly specify the location of the management 301 information it is requesting. 303 - The contextName is provided by the command generator if it 304 wishes to explicitly specify the local context name for the 305 management information it is requesting. 307 - The pduVersion indicates the version of the PDU to be sent. 309 - The PDU is a value constructed by the command generator 310 containing the management operation that the command generator 311 wishes to perform. 313 - The expectResponse argument indicates that a response is 314 expected. 316 The result of the sendPdu interface indicates whether the PDU was 317 successfully sent. If it was successfully sent, the returned value 318 will be a sendPduHandle. The command generator should store the 319 sendPduHandle so that it can correlate a response to the original 320 request. 322 The Dispatcher is responsible for delivering the response to a 323 particular request to the correct command generator application. The 324 abstract service interface used is: 326 processResponsePdu( -- process Response PDU 327 IN messageProcessingModel -- typically, SNMP version 328 IN securityModel -- Security Model in use 329 IN securityName -- on behalf of this principal 330 IN securityLevel -- Level of Security 331 IN contextEngineID -- data from/at this SNMP entity 332 IN contextName -- data from/in this context 333 IN pduVersion -- the version of the PDU 334 IN PDU -- SNMP Protocol Data Unit 335 IN statusInformation -- success or errorIndication 336 IN sendPduHandle -- handle from sendPDU 337 ) 339 Where: 341 - The messageProcessingModel is the value from the received 342 response. 344 - The securityModel is the value from the received response. 346 - The securityName is the value from the received response. 348 - The securityLevel is the value from the received response. 350 - The contextEngineID is the value from the received response. 352 - The contextName is the value from the received response. 354 - The pduVersion indicates the version of the PDU in the 355 received response. 357 - The PDU is the value from the received response. 359 - The statusInformation indicates success or failure in 360 receiving the response. 362 - The sendPduHandle is the value returned by the sendPdu call 363 which generated the original request to which this is a 364 response. 366 The procedure when a command generator receives a message is as 367 follows: 369 (1) If the received values of messageProcessingModel, securityModel, 370 securityName, contextEngineID, contextName, and pduVersion are not 371 all equal to the values used in the original request, the response 372 is discarded. 374 (2) The operation type, request-id, error-status, error-index, and 375 variable-bindings are extracted from the PDU and saved. If the 376 request-id is not equal to the value used in the original request, 377 the response is discarded. 379 (3) At this point, it is up to the application to take an appropriate 380 action. The specific action is implementation dependent. If the 381 statusInformation indicates that the request failed, an appropriate 382 action might be to attempt to transmit the request again, or to 383 notify the person operating the application that a failure 384 occurred. 386 3.2. Command Responder Applications 388 Before a command responder application can process messages, it must 389 first associate itself with an SNMP engine. The abstract service 390 interface used for this purpose is: 392 statusInformation = -- success or errorIndication 393 registerContextEngineID( 394 IN contextEngineID -- take responsibility for this one 395 IN pduType -- the pduType(s) to be registered 396 ) 398 Where: 400 - The statusInformation indicates success or failure of the 401 registration attempt. 403 - The contextEngineID is equal to the snmpEngineID of the SNMP 404 engine with which the command responder is registering. 406 - The pduType indicates a Get, GetNext, GetBulk, or Set pdu. 408 Note that if another command responder application is already 409 registered with an SNMP engine, any further attempts to register with 410 the same contextEngineID and pduType will be denied. This implies 411 that separate command responder applications could register 412 separately for the various pdu types. However, in practice this is 413 undesirable, and only a single command responder application should 414 be registered with an SNMP engine at any given time. 416 A command responder application can disassociate with an SNMP engine 417 using the following abstract service interface: 419 unregisterContextEngineID( 420 IN contextEngineID -- give up responsibility for this one 421 IN pduType -- the pduType(s) to be unregistered 422 ) 424 Where: 426 - The contextEngineID is equal to the snmpEngineID of the SNMP 427 engine with which the command responder is cancelling the 428 registration. 430 - The pduType indicates a Get, GetNext, GetBulk, or Set pdu. 432 Once the command responder has registered with the SNMP engine, it 433 waits to receive SNMP messages. The abstract service interface used 434 for receiving messages is: 436 processPdu( -- process Request/Notification PDU 437 IN messageProcessingModel -- typically, SNMP version 438 IN securityModel -- Security Model in use 439 IN securityName -- on behalf of this principal 440 IN securityLevel -- Level of Security 441 IN contextEngineID -- data from/at this SNMP entity 442 IN contextName -- data from/in this context 443 IN pduVersion -- the version of the PDU 444 IN PDU -- SNMP Protocol Data Unit 445 IN maxSizeResponseScopedPDU -- maximum size of the Response PDU 446 IN stateReference -- reference to state information 447 ) -- needed when sending a response 449 Where: 451 - The messageProcessingModel indicates which Message Processing 452 Model received and processed the message. 454 - The securityModel is the value from the received message. 456 - The securityName is the value from the received message. 458 - The securityLevel is the value from the received message. 460 - The contextEngineID is the value from the received message. 462 - The contextName is the value from the received message. 464 - The pduVersion indicates the version of the PDU in the 465 received message. 467 - The PDU is the value from the received message. 469 - The maxSizeResponseScopedPDU is the maximum allowable size of 470 a ScopedPDU containing a Response PDU (based on the maximum 471 message size that the originator of the message can accept). 473 - The stateReference is a value which references cached 474 information about each received request message. This value 475 must be returned to the Dispatcher in order to generate a 476 response. 478 The procedure when a message is received is as follows. 480 (1) The operation type is determined from the ASN.1 tag value 481 associated with the PDU parameter. The operation type should 482 always be one of the types previously registered by the 483 application. 485 (2) The request-id is extracted from the PDU and saved. 487 (3) If the SNMPv2 operation type is GetBulk, the non-repeaters and 488 max-repetitions values are extracted from the PDU and saved. 490 (4) The variable-bindings are extracted from the PDU and saved. 492 (5) The management operation represented by the SNMPv2 operation type 493 is performed with respect to the relevant MIB view within the 494 context named by the contextName, according to the procedures set 495 forth in [RFC1905]. The relevant MIB view is determined by the 496 securityLevel, securityModel, contextName, securityName, and SNMPv2 497 operation type. To determine whether a particular object instance 498 is within the relevant MIB view, the following abstract service 499 interface is called: 501 statusInformation = -- success or errorIndication 502 isAccessAllowed( 503 IN securityModel -- Security Model in use 504 IN securityName -- principal who wants to access 505 IN securityLevel -- Level of Security 506 IN viewType -- read, write, or notify view 507 IN contextName -- context containing variableName 508 IN variableName -- OID for the managed object 509 ) 511 Where: 513 - The securityModel is the value from the received message. 515 - The securityName is the value from the received message. 517 - The securityLevel is the value from the received message. 519 - The viewType indicates whether the PDU type is a read or write 520 operation. 522 - The contextName is the value from the received message. 524 - The variableName is the object instance of the variable for 525 which access rights are to be checked. 527 Normally, the result of the management operation will be a new PDU 528 value, and processing will continue in step (6) below. However, at 529 any time during the processing of the management operation: 531 - If the isAccessAllowed ASI returns a noSuchView, 532 noAccessEntry, or noGroupName error, processing of the 533 management operation is halted, a PDU value is contructed 534 using the values from the originally received PDU, but 535 replacing the error_status with an authorizationError code, 536 and error_index value of 0, and control is passed to step (6) 537 below. 539 - If the isAccessAllowed ASI returns an otherError, processing 540 of the management operation is halted, a different PDU value 541 is contructed using the values from the originally received 542 PDU, but replacing the error_status with a genError code, and 543 control is passed to step (6) below. 545 - If the isAccessAllowed ASI returns a noSuchContext error, 546 processing of the management operation is halted, no result 547 PDU is generated, the snmpUnknownContexts counter is 548 incremented, and control is passed to step (6) below. 550 - If the context named by the contextName parameter is 551 unavailable, processing of the management operation is halted, 552 no result PDU is generated, the snmpUnavailableContexts 553 counter is incremented, and control is passed to step (6) 554 below. 556 (6) The Dispatcher is called to generate a response or report message. 557 The abstract service interface is: 559 returnResponsePdu( 560 IN messageProcessingModel -- typically, SNMP version 561 IN securityModel -- Security Model in use 562 IN securityName -- on behalf of this principal 563 IN securityLevel -- same as on incoming request 564 IN contextEngineID -- data from/at this SNMP entity 565 IN contextName -- data from/in this context 566 IN pduVersion -- the version of the PDU 567 IN PDU -- SNMP Protocol Data Unit 568 IN maxSizeResponseScopedPDU -- maximum size of the Response PDU 569 IN stateReference -- reference to state information 570 -- as presented with the request 571 IN statusInformation -- success or errorIndication 572 ) -- error counter OID/value if error 574 Where: 576 - The messageProcessingModel is the value from the processPdu 577 call. 579 - The securityModel is the value from the processPdu call. 581 - The securityName is the value from the processPdu call. 583 - The securityLevel is the value from the processPdu call. 585 - The contextEngineID is the value from the processPdu call. 587 - The contextName is the value from the processPdu call. 589 - The pduVersion indicates the version of the PDU to be 590 returned. If no result PDU was generated, the pduVersion is 591 an undefined value. 593 - The PDU is the result generated in step (5) above. If no 594 result PDU was generated, the PDU is an undefined value. 596 - The maxSizeResponseScopedPDU is a local value indicating the 597 maximum size of a ScopedPDU that the application can accept. 599 - The stateReference is the value from the processPdu call. 601 - The statusInformation either contains an indication that no 602 error occurred and that a response should be generated, or 603 contains an indication that an error occurred along with the 604 OID and counter value of the appropriate error counter object. 606 Note that a command responder application should always call the 607 returnResponsePdu abstract service interface, even in the event of an 608 error such as a resource allocation error. In the event of such an 609 error, the PDU value passed to returnResponsePdu should contain 610 appropriate values for errorStatus and errorIndex. 612 Note that the text above describes situations where the 613 snmpUnknownContexts counter is incremented, and where the 614 snmpUnavailableContexts counter is incremented. The difference 615 between these is that the snmpUnknownContexts counter is incremented 616 when a request is received for a context which unknown to the SNMP 617 entity. The snmpUnavailableContexts counter is incremented when a 618 request is received for a context which is known to the SNMP entity, 619 but is currently unavailable. Determining when a context is 620 unavailable is implementation specific, and some implementations may 621 never encounter this situation, and so may never increment the 622 snmpUnavailableContexts counter. 624 3.3. Notification Originator Applications 626 A notification originator application generates SNMP notification 627 messages. A notification message may, for example, contain an 628 SNMPv2-Trap PDU or an Inform PDU. However, a particular 629 implementation is not required to be capable of generating both types 630 of messages. 632 Notification originator applications require a mechanism for 633 identifying the management targets to which notifications should be 634 sent. The particular mechanism used is implementation dependent. 635 However, if an implementation makes the configuration of management 636 targets SNMP manageable, it MUST use the SNMP-TARGET-MIB module 637 described in this document. 639 When a notification originator wishes to generate a notification, it 640 must first determine in which context the information to be conveyed 641 in the notification exists, i.e., it must determine the 642 contextEngineID and contextName. It must then determine the set of 643 management targets to which the notification should be sent. The 644 application must also determine, for each management target, whether 645 the notification message should contain an SNMPv2-Trap PDU or Inform 646 PDU, and if it is to contain an Inform PDU, the number of retries and 647 retransmission algorithm. 649 The mechanism by which a notification originator determines this 650 information is implementation dependent. Once the application has 651 determined this information, the following procedure is performed for 652 each management target: 654 (1) Any appropriate filtering mechanisms are applied to determine 655 whether the notification should be sent to the management target. 656 If such filtering mechanisms determine that the notification should 657 not be sent, processing continues with the next management target. 658 Otherwise, 660 (2) The appropriate set of variable-bindings is retrieved from local 661 MIB instrumentation within the relevant MIB view. The relevant MIB 662 view is determined by the securityLevel, securityModel, 663 contextName, and securityName of the management target. To 664 determine whether a particular object instance is within the 665 relevant MIB view, the isAccessAllowed abstract service interface 666 is used, in the same manner as described in the preceding section. 667 If the statusInformation returned by isAccessAllowed does not 668 indicate accessAllowed, the notification is not sent to the 669 management target. 671 (3) A PDU is constructed using a locally unique request-id value, an 672 operation type of SNMPv2-Trap or Inform, an error-status and 673 error-index value of 0, and the variable-bindings supplied 674 previously in step (2). 676 (4) If the notification contains an SNMPv2-Trap PDU, the Dispatcher is 677 called using the following abstract service interface: 679 statusInformation = -- sendPduHandle if success 680 -- errorIndication if failure 681 sendPdu( 682 IN transportDomain -- transport domain to be used 683 IN transportAddress -- destination network address 684 IN messageProcessingModel -- typically, SNMP version 685 IN securityModel -- Security Model to use 686 IN securityName -- on behalf of this principal 687 IN securityLevel -- Level of Security requested 688 IN contextEngineID -- data from/at this entity 689 IN contextName -- data from/in this context 690 IN pduVersion -- the version of the PDU 691 IN PDU -- SNMP Protocol Data Unit 692 IN expectResponse -- TRUE or FALSE 693 ) 695 Where: 697 - The transportDomain is that of the management target. 699 - The transportAddress is that of the management target. 701 - The messageProcessingModel is that of the management target. 703 - The securityModel is that of the management target. 705 - The securityName is that of the management target. 707 - The securityLevel is that of the management target. 709 - The contextEngineID is the value originally determined for the 710 notification. 712 - The contextName is the value originally determined for the 713 notification. 715 - The pduVersion is the version of the PDU to be sent. 717 - The PDU is the value constructed in step (3) above. 719 - The expectResponse argument indicates that no response is 720 expected. 722 Otherwise, 724 (5) If the notification contains an Inform PDU, then: 726 a) The Dispatcher is called using the sendPdu abstract service 727 interface as described in step (4) above, except that the 728 expectResponse argument indicates that a response is expected. 730 b) The application caches information about the management 731 target. 733 c) If a response is received within an appropriate time interval 734 from the transport endpoint of the management target, the 735 notification is considered acknowledged and the cached 736 information is deleted. Otherwise, 738 d) If a response is not received within an appropriate time 739 period, or if a report indication is received, information 740 about the management target is retrieved from the cache, and 741 steps a) through d) are repeated. The number of times these 742 steps are repeated is equal to the previously determined retry 743 count. If this retry count is exceeded, the acknowledgement 744 of the notification is considered to have failed, and 745 processing of the notification for this management target is 746 halted. Note that some report indications might be considered 747 a failure. Such report indications should be interpreted to 748 mean that the acknowledgement of the notification has failed. 750 Responses to Inform PDU notifications will be received via the 751 processResponsePDU abstract service interface. 753 To summarize, the steps that a notification originator follows when 754 determing where to send a notification are: 756 - Determine the targets to which the notification should be 757 sent. 759 - Apply any required filtering to the list of targets. 761 - Determine which targets are authorized to receive the 762 notification. 764 3.4. Notification Receiver Applications 766 Notification receiver applications receive SNMP Notification messages 767 from the Dispatcher. Before any messages can be received, the 768 notification receiver must register with the Dispatcher using the 769 registerContextEngineID abstract service interface. The parameters 770 used are: 772 - The contextEngineID is an undefined 'wildcard' value. 773 Notifications are delivered to a registered notification 774 receiver regardless of the contextEngineID contained in the 775 notification message. 777 - The pduType indicates the type of notifications that the 778 application wishes to receive (for example, SNMPv2-Trap PDUs 779 or Inform PDUs). 781 Once the notification receiver has registered with the Dispatcher, 782 messages are received using the processPdu abstract service 783 interface. Parameters are: 785 - The messageProcessingModel indicates which Message Processing 786 Model received and processed the message. 788 - The securityModel is the value from the received message. 790 - The securityName is the value from the received message. 792 - The securityLevel is the value from the received message. 794 - The contextEngineID is the value from the received message. 796 - The contextName is the value from the received message. 798 - The pduVersion indicates the version of the PDU in the 799 received message. 801 - The PDU is the value from the received message. 803 - The maxSizeResponseScopedPDU is the maximum allowable size of 804 a ScopedPDU containing a Response PDU (based on the maximum 805 message size that the originator of the message can accept). 807 - If the message contains an SNMPv2-Trap PDU, the stateReference 808 is undefined and unused. Otherwise, the stateReference is a 809 value which references cached information about the 810 notification. This value must be returned to the Dispatcher 811 in order to generate a response. 813 When an SNMPv2-Trap PDU is delivered to a notification receiver 814 application, it first extracts the SNMP operation type, request-id, 815 error-status, error-index, and variable-bindings from the PDU. After 816 this, processing depends on the particular implementation. 818 When an Inform PDU is received, the notification receiver application 819 follows the following procedure: 821 (1) The SNMPv2 operation type, request-id, error-status, error-index, 822 and variable-bindings are extracted from the PDU. 824 (2) A Response PDU is constructed using the extracted request-id and 825 variable-bindings, and with error-status and error-index both set 826 to 0. 828 (3) The Dispatcher is called to generate a response message using the 829 returnResponsePdu abstract service interface. Parameters are: 831 - The messageProcessingModel is the value from the processPdu 832 call. 834 - The securityModel is the value from the processPdu call. 836 - The securityName is the value from the processPdu call. 838 - The securityLevel is the value from the processPdu call. 840 - The contextEngineID is the value from the processPdu call. 842 - The contextName is the value from the processPdu call. 844 - The pduVersion indicates the version of the PDU to be 845 returned. 847 - The PDU is the result generated in step (2) above. 849 - The maxSizeResponseScopedPDU is a local value indicating the 850 maximum size of a ScopedPDU that the application can accept. 852 - The stateReference is the value from the processPdu call. 854 - The statusInformation indicates that no error occurred and 855 that a response should be generated. 857 3.5. Proxy Forwarder Applications 859 A proxy forwarder application deals with forwarding SNMP messages. 860 There are four basic types of messages which a proxy forwarder 861 application may need to forward. These are grouped according to the 862 PDU type contained in a message, or according to whether a report 863 indication is contained in the message. The four basic types of 864 messages are: 866 - Those containing PDU types which were generated by a command 867 generator application (for example, Get, GetNext, GetBulk, and 868 Set PDU types). These deal with requesting or modifying 869 information located within a particular context. 871 - Those containing PDU types which were generated by a 872 notification originator application (for example, SNMPv2-Trap 873 and Inform PDU types). These deal with notifications 874 concerning information located within a particular context. 876 - Those containing a Response PDU type. Forwarding of Response 877 PDUs always occurs as a result of receiving a response to a 878 previously forwarded message. 880 - Those containing a report indication. Forwarding of report 881 indications always occurs as a result of receiving a report 882 indication for a previously forwarded message. 884 For the first type, the proxy forwarder's role is to deliver a 885 request for management information to an SNMP engine which is 886 "closer" or "downstream in the path" to the SNMP engine which has 887 access to that information, and to deliver the response containing 888 the information back to the SNMP engine from which the request was 889 received. The context information in a request is used to determine 890 which SNMP engine has access to the requested information, and this 891 is used to determine where and how to forward the request. 893 For the second type, the proxy forwarder's role is to determine which 894 SNMP engines should receive notifications about management 895 information from a particular location. The context information in a 896 notification message determines the location to which the information 897 contained in the notification applies. This is used to determine 898 which SNMP engines should receive notification about this 899 information. 901 For the third type, the proxy forwarder's role is to determine which 902 previously forwarded request or notification (if any) the response 903 matches, and to forward the response back to the initiator of the 904 request or notification. 906 For the fourth type, the proxy forwarder's role is to determine which 907 previously forwarded request or notification (if any) the report 908 indication matches, and to forward the report indication back to the 909 initiator of the request or notification. 911 When forwarding messages, a proxy forwarder application must perform 912 a translation of incoming management target information into outgoing 913 management target information. How this translation is performed is 914 implementation specific. In many cases, this will be driven by a 915 preconfigured translation table. If a proxy forwarder application 916 makes the contents of this table SNMP manageable, it MUST use the 917 SNMP-PROXY-MIB module defined in this document. 919 3.5.1. Request Forwarding 921 There are two phases for request forwarding. First, the incoming 922 request needs to be passed through the proxy application. Then, the 923 resulting response needs to be passed back. These phases are 924 described in the following two sections. 926 3.5.1.1. Processing an Incoming Request 928 A proxy forwarder application that wishes to forward request messages 929 must first register with the Dispatcher using the 930 registerContextEngineID abstract service interface. The proxy 931 forwarder must register each contextEngineID for which it wishes to 932 forward messages, as well as for each pduType. Note that as the 933 configuration of a proxy forwarder is changed, the particular 934 contextEngineID values for which it is forwarding may change. The 935 proxy forwarder should call the registerContextEngineID and 936 unregisterContextEngineID abstract service interfaces as needed to 937 reflect its current configuration. 939 A proxy forwarder application should never attempt to register a 940 value of contextEngineID which is equal to the snmpEngineID of the 941 SNMP engine to which the proxy forwarder is associated. 943 Once the proxy forwarder has registered for the appropriate 944 contextEngineID values, it can start processing messages. The 945 following procedure is used: 947 (1) A message is received using the processPdu abstract service 948 interface. The incoming management target information received 949 from the processPdu interface is translated into outgoing 950 management target information. Note that this translation may vary 951 for different values of contextEngineID and/or contextName. The 952 translation should result in a single management target. 954 (2) If appropriate outgoing management target information cannot be 955 found, the proxy forwarder increments the snmpProxyDrops counter 956 [RFC1907], and then calls the Dispatcher using the 957 returnResponsePdu abstract service interface. Parameters are: 959 - The messageProcessingModel is the value from the processPdu 960 call. 962 - The securityModel is the value from the processPdu call. 964 - The securityName is the value from the processPdu call. 966 - The securityLevel is the value from the processPdu call. 968 - The contextEngineID is the value from the processPdu call. 970 - The contextName is the value from the processPdu call. 972 - The pduVersion is the value from the processPdu call. 974 - The PDU is an undefined value. 976 - The maxSizeResponseScopedPDU is a local value indicating the 977 maximum size of a ScopedPDU that the application can accept. 979 - The stateReference is the value from the processPdu call. 981 - The statusInformation indicates that an error occurred and 982 includes the OID and value of the snmpProxyDrops object. 984 Processing of the message stops at this point. Otherwise, 986 (3) A new PDU is constructed. A unique value of request-id should be 987 used in the new PDU (this value will enable a subsequent response 988 message to be correlated with this request). The remainder of the 989 new PDU is identical to the received PDU, unless the incoming SNMP 990 version is SNMPv2 or SNMPv3 and the outgoing SNMP version is 991 SNMPv1, in which case the proxy forwarder must apply the 992 translation rules as documented in [RFC1908]. 994 (4) The proxy forwarder calls the Dispatcher to generate the forwarded 995 message, using the sendPdu abstract service interface. The 996 parameters are: 998 - The transportDomain is that of the outgoing management target. 1000 - The transportAddress is that of the outgoing management 1001 target. 1003 - The messageProcessingModel is that of the outgoing management 1004 target. 1006 - The securityModel is that of the outgoing management target. 1008 - The securityName is that of the outgoing management target. 1010 - The securityLevel is that of the outgoing management target. 1012 - The contextEngineID is the value originally received. 1014 - The contextName is the value originally received. 1016 - The pduVersion is the version of the PDU to be sent. 1018 - The PDU is the value constructed in step (3) above. 1020 - The expectResponse argument indicates that a response is 1021 expected. If the sendPdu call is unsuccessful, the proxy 1022 forwarder performs the steps described in (2) above. 1023 Otherwise: 1025 (5) The proxy forwarder caches the following information in order to 1026 match an incoming response to the forwarded request: 1028 - The sendPduHandle returned from the call to sendPdu, 1030 - The request-id from the received PDU. 1032 - the contextEngineID, 1034 - the contextName, 1036 - the stateReference, 1038 - the incoming management target information, 1040 - the outgoing management information, 1041 - any other information needed to match an incoming response to 1042 the forwarded request. 1044 If this information cannot be cached (possibly due to a lack of 1045 resources), the proxy forwarder performs the steps described in (2) 1046 above. Otherwise: 1048 (6) Processing of the request stops until a response to the forwarded 1049 request is received, or until an appropriate time interval has 1050 expired. If this time interval expires before a response has been 1051 received, the cached information about this request is removed. 1053 3.5.1.2. Processing an Incoming Response 1055 A proxy forwarder follows the following procedure when an incoming 1056 response is received: 1058 (1) The incoming response is received using the processResponsePdu 1059 interface. The proxy forwarder uses the received parameters to 1060 locate an entry in its cache of pending forwarded requests. This 1061 is done by matching the received parameters with the cached values 1062 of sendPduHandle, contextEngineID, contextName, outgoing management 1063 target information, and the request-id contained in the received 1064 PDU (the proxy forwarder must extract the request-id for this 1065 purpose). If an appropriate cache entry cannot be found, 1066 processing of the response is halted. Otherwise: 1068 (2) The cache information is extracted, and removed from the cache. 1070 (3) A new Response PDU is constructed, using the request-id value from 1071 the original forwarded request (as extracted from the cache). All 1072 other values are identical to those in the received Response PDU. 1074 (4) If the incoming SNMP version is SNMPv1 and the outgoing SNMP 1075 version is SNMPv2 or SNMPv3, the proxy forwarder must apply the 1076 translation rules documented in [RFC1908]. 1078 (5) The proxy forwarder calls the Dispatcher using the 1079 returnResponsePdu abstract service interface. Parameters are: 1081 - The messageProcessingModel indicates the Message Processing 1082 Model by which the original incoming message was processed. 1084 - The securityModel is that of the original incoming management 1085 target extracted from the cache. 1087 - The securityName is that of the original incoming management 1088 target extracted from the cache. 1090 - The securityLevel is that of the original incoming management 1091 target extracted from the cache. 1093 - The contextEngineID is the value extracted from the cache. 1095 - The contextName is the value extracted from the cache. 1097 - The pduVersion indicates the version of the PDU to be 1098 returned. 1100 - The PDU is the (possibly translated) Response PDU. 1102 - The maxSizeResponseScopedPDU is a local value indicating the 1103 maximum size of a ScopedPDU that the application can accept. 1105 - The stateReference is the value extracted from the cache. 1107 - The statusInformation indicates that no error occurred and 1108 that a Response PDU message should be generated. 1110 3.5.1.3. Processing an Incoming Report Indication 1112 A proxy forwarder follows the following procedure when an incoming 1113 report indication is received: 1115 (1) The incoming report indication is received using the 1116 processResponsePdu interface. The proxy forwarder uses the 1117 received parameters to locate an entry in its cache of pending 1118 forwarded requests. This is done by matching the received 1119 parameters with the cached values of sendPduHandle. If an 1120 appropriate cache entry cannot be found, processing of the report 1121 indication is halted. Otherwise: 1123 (2) The cache information is extracted, and removed from the cache. 1125 (3) If the original incoming management target information indicates 1126 SNMPv1, processing of the report indication is halted. 1128 (4) The proxy forwarder calls the Dispatcher using the 1129 returnResponsePdu abstract service interface. Parameters are: 1131 - The messageProcessingModel indicates the Message Processing 1132 Model by which the original incoming message was processed. 1134 - The securityModel is that of the original incoming management 1135 target extracted from the cache. 1137 - The securityName is that of the original incoming management 1138 target extracted from the cache. 1140 - The securityLevel is that of the original incoming management 1141 target extracted from the cache. 1143 - The contextEngineID is the value extracted from the cache. 1145 - The contextName is the value extracted from the cache. 1147 - The pduVersion indicates the version of the PDU to be 1148 returned. 1150 - The PDU is unused. 1152 - The maxSizeResponseScopedPDU is a local value indicating the 1153 maximum size of a ScopedPDU that the application can accept. 1155 - The stateReference is the value extracted from the cache. 1157 - The statusInformation contain the contextEngineID, 1158 contextName, counter OID, and counter value received in the 1159 report indication. 1161 3.5.2. Notification Forwarding 1163 A proxy forwarder receives notifications in the same manner as a 1164 notification receiver application, using the processPdu abstract 1165 service interface. The following procedure is used when a 1166 notification is received: 1168 (1) The incoming management target information received from the 1169 processPdu interface is translated into outgoing management target 1170 information. Note that this translation may vary for different 1171 values of contextEngineID and/or contextName. The translation may 1172 result in multiple management targets. 1174 (2) If appropriate outgoing management target information cannot be 1175 found and the notification was a Trap, processing of the 1176 notification is halted. If appropriate outgoing management target 1177 information cannot be found and the notification was an Inform, the 1178 proxy forwarder increments the snmpProxyDrops object, and calls the 1179 Dispatcher using the returnResponsePdu abstract service interface. 1181 The parameters are: 1183 - The messageProcessingModel is the received value. 1185 - The securityModel is the received value. 1187 - The securityName is the received value. 1189 - The securityLevel is the received value. 1191 - The contextEngineID is the received value. 1193 - The contextName is the received value. 1195 - The pduVersion is the received value. 1197 - The PDU is an undefined and unused value. 1199 - The maxSizeResponseScopedPDU is a local value indicating the 1200 maximum size of a ScopedPDU that the application can accept. 1202 - The stateReference is the received value. 1204 - The statusInformation indicates that an error occurred and 1205 that a Report message should be generated. 1207 Processing of the message stops at this point. Otherwise, 1209 (3) The proxy forwarder generates a notification using the procedures 1210 described in the preceding section on Notification Originators, 1211 with the following exceptions: 1213 - The contextEngineID and contextName values from the original 1214 received notification are used. 1216 - The outgoing management targets previously determined are 1217 used. 1219 - No filtering mechanisms are applied. 1221 - The variable-bindings from the original received notification 1222 are used, rather than retrieving variable-bindings from local 1223 MIB instrumentation. In particular, no access-control is 1224 applied to these variable-bindings. 1226 - If for any of the outgoing management targets, the incoming 1227 SNMP version is SNMPv1 and the outgoing SNMP version is SNMPv2 1228 or SNMPv3, the proxy forwarder must apply the translation 1229 rules as documented in [RFC1908]. 1231 - If for any of the outgoing management targets, the incoming 1232 SNMP version is SNMPv2 or SNMPv3, and the outgoing SNMP 1233 version is SNMPv1, this outgoing management target is not used 1234 when generating the forwarded notifications. 1236 (4) If the original received notification contains an SNMPv2-Trap PDU, 1237 processing of the notification is now completed. Otherwise, the 1238 original received notification must contain an Inform PDU, and 1239 processing continues. 1241 (5) If the forwarded notifications included any Inform PDUs, processing 1242 continues when the procedures described in the section for 1243 Notification Originators determine that either: 1245 - None of the generated notifications containing Inform PDUs 1246 have been successfully acknowledged within the longest of the 1247 time intervals, in which case processing of the original 1248 notification is halted, or, 1250 - At least one of the generated notifications containing Inform 1251 PDUs is successfully acknowledged, in which case a response to 1252 the original received notification containing an Inform PDU is 1253 generated as described in the following steps. 1255 (6) A Response PDU is constructed, using the values of request-id and 1256 variable-bindings from the original received Inform PDU, and 1257 error-status and error-index values of 0. 1259 (7) The Dispatcher is called using the returnResponsePdu abstract 1260 service interface. Parameters are: 1262 - The messageProcessingModel is the originally received value. 1264 - The securityModel is the originally received value. 1266 - The securityName is the originally received value. 1268 - The securityLevel is the originally received value. 1270 - The contextEngineID is the originally received value. 1272 - The contextName is the originally received value. 1274 - The pduVersion indicates the version of the PDU constructed in 1275 step (6) above. 1277 - The PDU is the value constructed in step (6) above. 1279 - The maxSizeResponseScopedPDU is a local value indicating the 1280 maximum size of a ScopedPDU that the application can accept. 1282 - The stateReference is the originally received value. 1284 - The statusInformation indicates that no error occurred and 1285 that a Response PDU message should be generated. 1287 4. The Structure of the MIB Modules 1289 There are three separate MIB modules described in this document, the 1290 management target MIB, the notification MIB, and the proxy MIB. The 1291 following sections describe the structure of these three MIB modules. 1293 The use of these MIBs by particular types of applications is 1294 described later in this document: 1296 - The use of the management target MIB and the notification MIB 1297 in notification originator applications is described in 1298 section 6. 1300 - The use of the notification MIB for filtering notifications in 1301 notification originator applications is described in section 1302 7. 1304 - The use of the management target MIB and the proxy MIB in 1305 proxy forwarding applications is described in section 8. 1307 4.1. The Management Target MIB Module 1309 The SNMP-TARGET-MIB module contains objects for defining management 1310 targets. It consists of two tables and conformance/compliance 1311 statements. 1313 The first table, the snmpTargetAddrTable, contains information about 1314 transport domains and addresses. It also contains an object, 1315 snmpTargetAddrTagList, which provides a mechanism for grouping 1316 entries. 1318 The second table, the snmpTargetParamsTable, contains information 1319 about SNMP version and security information to be used when sending 1320 messages to particular transport domains and addresses. 1322 4.1.1. Tag Lists 1324 The snmpTargetAddrTagList object is used for grouping entries in the 1325 snmpTargetAddrTable. The value of this object contains a list of tag 1326 values which are used to select target addresses to be used for a 1327 particular operation. 1329 A tag value, which may also be used in MIB objects other than 1330 snmpTargetAddrTagList, is an arbitrary string of octets, but may not 1331 contain a delimiter character. Delimiter characters are defined to 1332 be one of the following characters: 1334 - An ASCII space character (0x20). 1336 - An ASCII TAB character (0x09). 1338 - An ASCII carriage return (CR) character (0x0D). 1340 - An ASCII line feed (LF) character (0x0B). 1342 In addition, a tag value may not have a zero length. Generally, a 1343 particular MIB object may contain either 1345 - a single tag value, in which case the value of the MIB object 1346 may not contain a delimiter character, or: 1348 - a MIB object may contain a list of tag values, separated by 1349 single delimiter characters. 1351 For a list of tag values, these constraints imply certain 1352 restrictions on the value of a MIB object: 1354 - There cannot be a leading or trailing delimiter character. 1356 - There cannot be multiple adjacent delimiter characters. 1358 4.1.2. Definitions 1360 SNMP-TARGET-MIB DEFINITIONS ::= BEGIN 1362 IMPORTS 1363 MODULE-IDENTITY, 1364 OBJECT-TYPE, 1365 snmpModules, 1366 Counter32, 1367 Integer32 1368 FROM SNMPv2-SMI 1370 TEXTUAL-CONVENTION, 1371 TDomain, 1372 TAddress, 1373 TimeInterval, 1374 RowStatus, 1375 StorageType, 1376 TestAndIncr 1377 FROM SNMPv2-TC 1379 SnmpSecurityModel, 1380 SnmpMessageProcessingModel, 1381 SnmpSecurityLevel, 1382 SnmpAdminString 1383 FROM SNMP-FRAMEWORK-MIB 1385 MODULE-COMPLIANCE, 1386 OBJECT-GROUP 1387 FROM SNMPv2-CONF; 1389 snmpTargetMIB MODULE-IDENTITY 1390 LAST-UPDATED "9711210000Z" 1391 ORGANIZATION "IETF SNMPv3 Working Group" 1392 CONTACT-INFO 1393 "WG-email: snmpv3@tis.com 1394 Subscribe: majordomo@tis.com 1395 In message body: subscribe snmpv3 1397 Chair: Russ Mundy 1398 Trusted Information Systems 1399 Postal: 3060 Washington Rd 1400 Glenwood MD 21738 1401 USA 1402 Email: mundy@tis.com 1403 Phone: +1-301-854-6889 1405 Co-editor: David B. Levi 1406 SNMP Research, Inc. 1407 Postal: 3001 Kimberlin Heights Road 1408 Knoxville, TN 37920-9716 1409 E-mail: levi@snmp.com 1410 Phone: +1 423 573 1434 1412 Co-editor: Paul Meyer 1413 Secure Computing Corporation 1414 Postal: 2675 Long Lake Road 1415 Roseville, MN 55113 1416 E-mail: paul_meyer@securecomputing.com 1417 Phone: +1 612 628 1592 1419 Co-editor: Bob Stewart 1420 Cisco Systems, Inc. 1421 Postal: 170 West Tasman Drive 1422 San Jose, CA 95134-1706 1423 E-mail: bstewart@cisco.com 1424 Phone: +1 603 654 6923" 1425 DESCRIPTION 1426 "This MIB module defines MIB objects which provide 1427 mechanisms to remotely configure the parameters used 1428 by an SNMP entity for the generation of SNMP messages." 1429 REVISION "9808070000Z" 1430 DESCRIPTION "Clarifications, published as RFCxxxx." 1431 REVISION "9707140000Z" 1432 DESCRIPTION "The initial revision, published as RFC2273." 1433 ::= { snmpModules 12 } 1435 snmpTargetObjects OBJECT IDENTIFIER ::= { snmpTargetMIB 1 } 1436 snmpTargetConformance OBJECT IDENTIFIER ::= { snmpTargetMIB 3 } 1438 SnmpTagValue ::= TEXTUAL-CONVENTION 1439 DISPLAY-HINT "255a" 1440 STATUS current 1441 DESCRIPTION 1442 "An octet string containing a tag value. 1443 Tag values are preferably in human-readable form. 1445 To facilitate internationalization, this information 1446 is represented using the ISO/IEC IS 10646-1 character 1447 set, encoded as an octet string using the UTF-8 1448 character encoding scheme described in RFC 2044. 1450 Since additional code points are added by amendments 1451 to the 10646 standard from time to time, 1452 implementations must be prepared to encounter any code 1453 point from 0x00000000 to 0x7fffffff. 1455 The use of control codes should be avoided, and certain 1456 control codes are not allowed as described below. 1458 For code points not directly supported by user 1459 interface hardware or software, an alternative means 1460 of entry and display, such as hexadecimal, may be 1461 provided. 1463 For information encoded in 7-bit US-ASCII, the UTF-8 1464 representation is identical to the US-ASCII encoding. 1466 Note that when this TC is used for an object that 1467 is used or envisioned to be used as an index, then a 1468 SIZE restriction must be specified so that the number 1469 of sub-identifiers for any object instance does not 1470 exceed the limit of 128, as defined by [RFC1905]. 1472 An object of this type contains a single tag value 1473 which is used to select a set of entries in a table. 1475 A tag value is an arbitrary string of octets, but 1476 may not contain a delimiter character. Delimiter 1477 characters are defined to be one of the following: 1479 - An ASCII space character (0x20). 1481 - An ASCII TAB character (0x09). 1483 - An ASCII carriage return (CR) character (0x0D). 1485 - An ASCII line feed (LF) character (0x0B). 1487 Delimiter characters are used to separate tag values 1488 in a tag list. An object of this type may only 1489 contain a single tag value, and so delimiter 1490 characters are not allowed in a value of this type. 1492 Some examples of valid tag values are: 1494 - 'acme' 1496 - 'router' 1498 - 'host' 1500 The use of a tag value to select table entries is 1501 application and MIB specific." 1502 SYNTAX OCTET STRING (SIZE (0..255)) 1504 SnmpTagList ::= TEXTUAL-CONVENTION 1505 DISPLAY-HINT "255a" 1506 STATUS current 1507 DESCRIPTION 1508 "An octet string containing a list of tag values. 1509 Tag values are preferably in human-readable form. 1511 To facilitate internationalization, this information 1512 is represented using the ISO/IEC IS 10646-1 character 1513 set, encoded as an octet string using the UTF-8 1514 character encoding scheme described in RFC 2044. 1516 Since additional code points are added by amendments 1517 to the 10646 standard from time to time, 1518 implementations must be prepared to encounter any code 1519 point from 0x00000000 to 0x7fffffff. 1521 The use of control codes should be avoided, except as 1522 described below. 1524 For code points not directly supported by user 1525 interface hardware or software, an alternative means 1526 of entry and display, such as hexadecimal, may be 1527 provided. 1529 For information encoded in 7-bit US-ASCII, the UTF-8 1530 representation is identical to the US-ASCII encoding. 1532 An object of this type contains a list of tag values 1533 which are used to select a set of entries in a table. 1535 A tag value is an arbitrary string of octets, but 1536 may not contain a delimiter character. Delimiter 1537 characters are defined to be one of the following: 1539 - An ASCII space character (0x20). 1541 - An ASCII TAB character (0x09). 1543 - An ASCII carriage return (CR) character (0x0D). 1545 - An ASCII line feed (LF) character (0x0B). 1547 Delimiter characters are used to separate tag values 1548 in a tag list. Only a single delimiter character may 1549 occur between two tag values. A tag value may not 1550 have a zero length. These constraints imply certain 1551 restrictions on the contents of this object: 1553 - There cannot be a leading or trailing delimiter 1554 character. 1556 - There cannot be multiple adjacent delimiter 1557 characters. 1559 Some examples of valid tag lists are: 1561 - An empty string 1563 - 'acme router' 1565 - 'host managerStation' 1567 Note that although a tag value may not have a length of 1568 zero, an empty string is still valid. This indicates 1569 an empty list (i.e. there are no tag values in the list). 1571 The use of the tag list to select table entries is 1572 application and MIB specific. Typically, an application 1573 will provide one or more tag values, and any entry 1574 which contains some combination of these tag values 1575 will be selected." 1576 SYNTAX OCTET STRING (SIZE (0..255)) 1578 -- 1579 -- 1580 -- The snmpTargetObjects group 1581 -- 1582 -- 1584 snmpTargetSpinLock OBJECT-TYPE 1585 SYNTAX TestAndIncr 1586 MAX-ACCESS read-write 1587 STATUS current 1588 DESCRIPTION 1589 "This object is used to facilitate modification of table 1590 entries in the SNMP-TARGET-MIB module by multiple 1591 managers. In particular, it is useful when modifying 1592 the value of the snmpTargetAddrTagList object. 1594 The procedure for modifying the snmpTargetAddrTagList 1595 object is as follows: 1597 1. Retrieve the value of snmpTargetSpinLock and 1598 of snmpTargetAddrTagList. 1600 2. Generate a new value for snmpTargetAddrTagList. 1602 3. Set the value of snmpTargetSpinLock to the 1603 retrieved value, and the value of 1604 snmpTargetAddrTagList to the new value. If 1605 the set fails for the snmpTargetSpinLock 1606 object, go back to step 1." 1607 ::= { snmpTargetObjects 1 } 1609 snmpTargetAddrTable OBJECT-TYPE 1610 SYNTAX SEQUENCE OF SnmpTargetAddrEntry 1611 MAX-ACCESS not-accessible 1612 STATUS current 1613 DESCRIPTION 1614 "A table of transport addresses to be used in the generation 1615 of SNMP messages." 1616 ::= { snmpTargetObjects 2 } 1618 snmpTargetAddrEntry OBJECT-TYPE 1619 SYNTAX SnmpTargetAddrEntry 1620 MAX-ACCESS not-accessible 1621 STATUS current 1622 DESCRIPTION 1623 "A transport address to be used in the generation 1624 of SNMP operations. 1626 Entries in the snmpTargetAddrTable are created and 1627 deleted using the snmpTargetAddrRowStatus object." 1628 INDEX { IMPLIED snmpTargetAddrName } 1629 ::= { snmpTargetAddrTable 1 } 1631 SnmpTargetAddrEntry ::= SEQUENCE { 1632 snmpTargetAddrName SnmpAdminString, 1633 snmpTargetAddrTDomain TDomain, 1634 snmpTargetAddrTAddress TAddress, 1635 snmpTargetAddrTimeout TimeInterval, 1636 snmpTargetAddrRetryCount Integer32, 1637 snmpTargetAddrTagList SnmpTagList, 1638 snmpTargetAddrParams SnmpAdminString, 1639 snmpTargetAddrStorageType StorageType, 1640 snmpTargetAddrRowStatus RowStatus 1641 } 1643 snmpTargetAddrName OBJECT-TYPE 1644 SYNTAX SnmpAdminString (SIZE(1..32)) 1645 MAX-ACCESS not-accessible 1646 STATUS current 1647 DESCRIPTION 1648 "The locally arbitrary, but unique identifier associated 1649 with this snmpTargetAddrEntry." 1650 ::= { snmpTargetAddrEntry 1 } 1652 snmpTargetAddrTDomain OBJECT-TYPE 1653 SYNTAX TDomain 1654 MAX-ACCESS read-create 1655 STATUS current 1656 DESCRIPTION 1657 "This object indicates the transport type of the address 1658 contained in the snmpTargetAddrTAddress object." 1659 ::= { snmpTargetAddrEntry 2 } 1661 snmpTargetAddrTAddress OBJECT-TYPE 1662 SYNTAX TAddress 1663 MAX-ACCESS read-create 1664 STATUS current 1665 DESCRIPTION 1666 "This object contains a transport address. The format of 1667 this address depends on the value of the 1668 snmpTargetAddrTDomain object." 1669 ::= { snmpTargetAddrEntry 3 } 1671 snmpTargetAddrTimeout OBJECT-TYPE 1672 SYNTAX TimeInterval 1673 MAX-ACCESS read-create 1674 STATUS current 1675 DESCRIPTION 1676 "This object should reflect the expected maximum round 1677 trip time for communicating with the transport address 1678 defined by this row. When a message is sent to this 1679 address, and a response (if one is expected) is not 1680 received within this time period, an implementation 1681 may assume that the response will not be delivered. 1683 Note that the time interval that an application waits 1684 for a response may actually be derived from the value 1685 of this object. The method for deriving the actual time 1686 interval is implementation dependent. One such method 1687 is to derive the expected round trip time based on a 1688 particular retransmission algorithm and on the number 1689 of timeouts which have occurred. The type of message may 1690 also be considered when deriving expected round trip 1691 times for retransmissions. For example, if a message is 1692 being sent with a securityLevel that indicates both 1693 authentication and privacy, the derived value may be 1694 increased to compensate for extra processing time spent 1695 during authentication and encryption processing." 1696 DEFVAL { 1500 } 1697 ::= { snmpTargetAddrEntry 4 } 1699 snmpTargetAddrRetryCount OBJECT-TYPE 1700 SYNTAX Integer32 (0..255) 1701 MAX-ACCESS read-create 1702 STATUS current 1703 DESCRIPTION 1704 "This object specifies a default number of retries to be 1705 attempted when a response is not received for a generated 1706 message. An application may provide its own retry count, 1707 in which case the value of this object is ignored." 1709 DEFVAL { 3 } 1710 ::= { snmpTargetAddrEntry 5 } 1712 snmpTargetAddrTagList OBJECT-TYPE 1713 SYNTAX SnmpTagList 1714 MAX-ACCESS read-create 1715 STATUS current 1716 DESCRIPTION 1717 "This object contains a list of tag values which are 1718 used to select target addresses for a particular 1719 operation." 1720 DEFVAL { "" } 1721 ::= { snmpTargetAddrEntry 6 } 1723 snmpTargetAddrParams OBJECT-TYPE 1724 SYNTAX SnmpAdminString (SIZE(1..32)) 1725 MAX-ACCESS read-create 1726 STATUS current 1727 DESCRIPTION 1728 "The value of this object identifies an entry in the 1729 snmpTargetParamsTable. The identified entry 1730 contains SNMP parameters to be used when generating 1731 messages to be sent to this transport address." 1732 ::= { snmpTargetAddrEntry 7 } 1734 snmpTargetAddrStorageType OBJECT-TYPE 1735 SYNTAX StorageType 1736 MAX-ACCESS read-create 1737 STATUS current 1738 DESCRIPTION 1739 "The storage type for this conceptual row." 1740 DEFVAL { nonVolatile } 1741 ::= { snmpTargetAddrEntry 8 } 1743 snmpTargetAddrRowStatus OBJECT-TYPE 1744 SYNTAX RowStatus 1745 MAX-ACCESS read-create 1746 STATUS current 1747 DESCRIPTION 1748 "The status of this conceptual row. 1750 To create a row in this table, a manager must 1751 set this object to either createAndGo(4) or 1752 createAndWait(5). 1754 Until instances of all corresponding columns are 1755 appropriately configured, the value of the 1756 corresponding instance of the snmpTargetAddrRowStatus 1757 column is 'notReady'. 1759 In particular, a newly created row cannot be made 1760 active until the corresponding instances of 1761 snmpTargetAddrTDomain, snmpTargetAddrTAddress, and 1762 snmpTargetAddrParams have all been set. 1764 The following objects may not be modified while the 1765 value of this object is active(1): 1766 - snmpTargetAddrTDomain 1767 - snmpTargetAddrTAddress 1768 An attempt to set these objects while the value of 1769 snmpTargetAddrRowStatus is active(1) will result in 1770 an inconsistentValue error." 1771 ::= { snmpTargetAddrEntry 9 } 1773 snmpTargetParamsTable OBJECT-TYPE 1774 SYNTAX SEQUENCE OF SnmpTargetParamsEntry 1775 MAX-ACCESS not-accessible 1776 STATUS current 1777 DESCRIPTION 1778 "A table of SNMP target information to be used 1779 in the generation of SNMP messages." 1780 ::= { snmpTargetObjects 3 } 1782 snmpTargetParamsEntry OBJECT-TYPE 1783 SYNTAX SnmpTargetParamsEntry 1784 MAX-ACCESS not-accessible 1785 STATUS current 1786 DESCRIPTION 1787 "A set of SNMP target information. 1789 Entries in the snmpTargetParamsTable are created and 1790 deleted using the snmpTargetParamsRowStatus object." 1791 INDEX { IMPLIED snmpTargetParamsName } 1792 ::= { snmpTargetParamsTable 1 } 1794 SnmpTargetParamsEntry ::= SEQUENCE { 1795 snmpTargetParamsName SnmpAdminString, 1796 snmpTargetParamsMPModel SnmpMessageProcessingModel, 1797 snmpTargetParamsSecurityModel SnmpSecurityModel, 1798 snmpTargetParamsSecurityName SnmpAdminString, 1799 snmpTargetParamsSecurityLevel SnmpSecurityLevel, 1800 snmpTargetParamsStorageType StorageType, 1801 snmpTargetParamsRowStatus RowStatus 1802 } 1803 snmpTargetParamsName OBJECT-TYPE 1804 SYNTAX SnmpAdminString (SIZE(1..32)) 1805 MAX-ACCESS not-accessible 1806 STATUS current 1807 DESCRIPTION 1808 "The locally arbitrary, but unique identifier associated 1809 with this snmpTargetParamsEntry." 1810 ::= { snmpTargetParamsEntry 1 } 1812 snmpTargetParamsMPModel OBJECT-TYPE 1813 SYNTAX SnmpMessageProcessingModel 1814 MAX-ACCESS read-create 1815 STATUS current 1816 DESCRIPTION 1817 "The Message Processing Model to be used when generating 1818 SNMP messages using this entry." 1819 ::= { snmpTargetParamsEntry 2 } 1821 snmpTargetParamsSecurityModel OBJECT-TYPE 1822 SYNTAX SnmpSecurityModel (1..2147483647) 1823 MAX-ACCESS read-create 1824 STATUS current 1825 DESCRIPTION 1826 "The Security Model to be used when generating SNMP 1827 messages using this entry. An implementation may 1828 choose to return an inconsistentValue error if an 1829 attempt is made to set this variable to a value 1830 for a security model which the implementation does 1831 not support." 1832 ::= { snmpTargetParamsEntry 3 } 1834 snmpTargetParamsSecurityName OBJECT-TYPE 1835 SYNTAX SnmpAdminString 1836 MAX-ACCESS read-create 1837 STATUS current 1838 DESCRIPTION 1839 "The securityName which identifies the Principal on 1840 whose behalf SNMP messages will be generated using 1841 this entry." 1842 ::= { snmpTargetParamsEntry 4 } 1844 snmpTargetParamsSecurityLevel OBJECT-TYPE 1845 SYNTAX SnmpSecurityLevel 1846 MAX-ACCESS read-create 1847 STATUS current 1848 DESCRIPTION 1849 "The Level of Security to be used when generating 1850 SNMP messages using this entry." 1851 ::= { snmpTargetParamsEntry 5 } 1853 snmpTargetParamsStorageType OBJECT-TYPE 1854 SYNTAX StorageType 1855 MAX-ACCESS read-create 1856 STATUS current 1857 DESCRIPTION 1858 "The storage type for this conceptual row." 1859 DEFVAL { nonVolatile } 1860 ::= { snmpTargetParamsEntry 6 } 1862 snmpTargetParamsRowStatus OBJECT-TYPE 1863 SYNTAX RowStatus 1864 MAX-ACCESS read-create 1865 STATUS current 1866 DESCRIPTION 1867 "The status of this conceptual row. 1869 To create a row in this table, a manager must 1870 set this object to either createAndGo(4) or 1871 createAndWait(5). 1873 Until instances of all corresponding columns are 1874 appropriately configured, the value of the 1875 corresponding instance of the snmpTargetParamsRowStatus 1876 column is 'notReady'. 1878 In particular, a newly created row cannot be made 1879 active until the corresponding 1880 snmpTargetParamsMPModel, 1881 snmpTargetParamsSecurityModel, 1882 snmpTargetParamsSecurityName, 1883 and snmpTargetParamsSecurityLevel have all been set. 1885 The following objects may not be modified while the 1886 value of this object is active(1): 1887 - snmpTargetParamsMPModel 1888 - snmpTargetParamsSecurityModel 1889 - snmpTargetParamsSecurityName 1890 - snmpTargetParamsSecurityLevel 1891 An attempt to set these objects while the value of 1892 snmpTargetParamsRowStatus is active(1) will result in 1893 an inconsistentValue error." 1894 ::= { snmpTargetParamsEntry 7 } 1896 snmpUnavailableContexts OBJECT-TYPE 1897 SYNTAX Counter32 1898 MAX-ACCESS read-only 1899 STATUS current 1900 DESCRIPTION 1901 "The total number of packets received by the SNMP 1902 engine which were dropped because the context 1903 contained in the message was unavailable." 1904 ::= { snmpTargetObjects 4 } 1906 snmpUnknownContexts OBJECT-TYPE 1907 SYNTAX Counter32 1908 MAX-ACCESS read-only 1909 STATUS current 1910 DESCRIPTION 1911 "The total number of packets received by the SNMP 1912 engine which were dropped because the context 1913 contained in the message was unknown." 1914 ::= { snmpTargetObjects 5 } 1916 -- 1917 -- 1918 -- Conformance information 1919 -- 1920 -- 1922 snmpTargetCompliances OBJECT IDENTIFIER ::= 1923 { snmpTargetConformance 1 } 1924 snmpTargetGroups OBJECT IDENTIFIER ::= 1925 { snmpTargetConformance 2 } 1927 -- 1928 -- 1929 -- Compliance statements 1930 -- 1931 -- 1933 snmpTargetCommandResponderCompliance MODULE-COMPLIANCE 1934 STATUS current 1935 DESCRIPTION 1936 "The compliance statement for SNMP entities which include 1937 a command responder application." 1938 MODULE -- This Module 1939 MANDATORY-GROUPS { snmpTargetCommandResponderGroup } 1940 ::= { snmpTargetCompliances 1 } 1942 snmpTargetBasicGroup OBJECT-GROUP 1943 OBJECTS { 1944 snmpTargetSpinLock, 1945 snmpTargetAddrTDomain, 1946 snmpTargetAddrTAddress, 1947 snmpTargetAddrTagList, 1948 snmpTargetAddrParams, 1949 snmpTargetAddrStorageType, 1950 snmpTargetAddrRowStatus, 1951 snmpTargetParamsMPModel, 1952 snmpTargetParamsSecurityModel, 1953 snmpTargetParamsSecurityName, 1954 snmpTargetParamsSecurityLevel, 1955 snmpTargetParamsStorageType, 1956 snmpTargetParamsRowStatus 1957 } 1958 STATUS current 1959 DESCRIPTION 1960 "A collection of objects providing basic remote 1961 configuration of management targets." 1962 ::= { snmpTargetGroups 1 } 1964 snmpTargetResponseGroup OBJECT-GROUP 1965 OBJECTS { 1966 snmpTargetAddrTimeout, 1967 snmpTargetAddrRetryCount 1968 } 1969 STATUS current 1970 DESCRIPTION 1971 "A collection of objects providing remote configuration 1972 of management targets for applications which generate 1973 SNMP messages for which a response message would be 1974 expected." 1975 ::= { snmpTargetGroups 2 } 1977 snmpTargetCommandResponderGroup OBJECT-GROUP 1978 OBJECTS { 1979 snmpUnavailableContexts, 1980 snmpUnknownContexts 1981 } 1982 STATUS current 1983 DESCRIPTION 1984 "A collection of objects required for command responder 1985 applications, used for counting error conditions." 1986 ::= { snmpTargetGroups 3 } 1988 END 1990 4.2. The Notification MIB Module 1992 The SNMP-NOTIFICATION-MIB module contains objects for the remote 1993 configuration of the parameters used by an SNMP entity for the 1994 generation of notifications. It consists of three tables and 1995 conformance/compliance statements. The first table, the 1996 snmpNotifyTable, contains entries which select which entries in the 1997 snmpTargetAddrTable should be used for generating notifications, and 1998 the type of notifications to be generated. 2000 The second table sparsely augments the snmpTargetAddrTable with an 2001 object which is used to associate a set of filters with a particular 2002 management target. 2004 The third table defines filters which are used to limit the number of 2005 notifications which are generated using particular management 2006 targets. 2008 4.2.1. Definitions 2010 SNMP-NOTIFICATION-MIB DEFINITIONS ::= BEGIN 2012 IMPORTS 2013 MODULE-IDENTITY, 2014 OBJECT-TYPE, 2015 snmpModules 2016 FROM SNMPv2-SMI 2018 RowStatus, 2019 StorageType 2020 FROM SNMPv2-TC 2022 SnmpAdminString 2023 FROM SNMP-FRAMEWORK-MIB 2025 SnmpTagValue, 2026 snmpTargetParamsName 2027 FROM SNMP-TARGET-MIB 2029 MODULE-COMPLIANCE, 2030 OBJECT-GROUP 2031 FROM SNMPv2-CONF; 2033 snmpNotificationMIB MODULE-IDENTITY 2034 LAST-UPDATED "9711210000Z" 2035 ORGANIZATION "IETF SNMPv3 Working Group" 2036 CONTACT-INFO 2037 "WG-email: snmpv3@tis.com 2038 Subscribe: majordomo@tis.com 2039 In message body: subscribe snmpv3 2041 Chair: Russ Mundy 2042 Trusted Information Systems 2043 Postal: 3060 Washington Rd 2044 Glenwood MD 21738 2045 USA 2046 Email: mundy@tis.com 2047 Phone: +1-301-854-6889 2049 Co-editor: David B. Levi 2050 SNMP Research, Inc. 2051 Postal: 3001 Kimberlin Heights Road 2052 Knoxville, TN 37920-9716 2053 E-mail: levi@snmp.com 2054 Phone: +1 423 573 1434 2056 Co-editor: Paul Meyer 2057 Secure Computing Corporation 2058 Postal: 2675 Long Lake Road 2059 Roseville, MN 55113 2060 E-mail: paul_meyer@securecomputing.com 2061 Phone: +1 612 628 1592 2063 Co-editor: Bob Stewart 2064 Cisco Systems, Inc. 2065 Postal: 170 West Tasman Drive 2066 San Jose, CA 95134-1706 2067 E-mail: bstewart@cisco.com 2068 Phone: +1 603 654 6923" 2069 DESCRIPTION 2070 "This MIB module defines MIB objects which provide 2071 mechanisms to remotely configure the parameters 2072 used by an SNMP entity for the generation of 2073 notifications." 2074 REVISION "9808070000Z" 2075 DESCRIPTION "Clarifications, published as RFCxxxx." 2076 REVISION "9707140000Z" 2077 DESCRIPTION "The initial revision, published as RFC2273." 2078 ::= { snmpModules 13 } 2080 snmpNotifyObjects OBJECT IDENTIFIER ::= 2081 { snmpNotificationMIB 1 } 2082 snmpNotifyConformance OBJECT IDENTIFIER ::= 2083 { snmpNotificationMIB 3 } 2085 -- 2086 -- 2087 -- The snmpNotifyObjects group 2088 -- 2089 -- 2091 snmpNotifyTable OBJECT-TYPE 2092 SYNTAX SEQUENCE OF SnmpNotifyEntry 2093 MAX-ACCESS not-accessible 2094 STATUS current 2095 DESCRIPTION 2096 "This table is used to select management targets which should 2097 receive notifications, as well as the type of notification 2098 which should be sent to each selected management target." 2099 ::= { snmpNotifyObjects 1 } 2101 snmpNotifyEntry OBJECT-TYPE 2102 SYNTAX SnmpNotifyEntry 2103 MAX-ACCESS not-accessible 2104 STATUS current 2105 DESCRIPTION 2106 "An entry in this table selects a set of management targets 2107 which should receive notifications, as well as the type of 2108 notification which should be sent to each selected 2109 management target. 2111 Entries in the snmpNotifyTable are created and 2112 deleted using the snmpNotifyRowStatus object." 2113 INDEX { IMPLIED snmpNotifyName } 2114 ::= { snmpNotifyTable 1 } 2116 SnmpNotifyEntry ::= SEQUENCE { 2117 snmpNotifyName SnmpAdminString, 2118 snmpNotifyTag SnmpTagValue, 2119 snmpNotifyType INTEGER, 2120 snmpNotifyStorageType StorageType, 2121 snmpNotifyRowStatus RowStatus 2122 } 2124 snmpNotifyName OBJECT-TYPE 2125 SYNTAX SnmpAdminString (SIZE(1..32)) 2126 MAX-ACCESS not-accessible 2127 STATUS current 2128 DESCRIPTION 2129 "The locally arbitrary, but unique identifier associated 2130 with this snmpNotifyEntry." 2131 ::= { snmpNotifyEntry 1 } 2133 snmpNotifyTag OBJECT-TYPE 2134 SYNTAX SnmpTagValue 2135 MAX-ACCESS read-create 2136 STATUS current 2137 DESCRIPTION 2138 "This object contains a single tag value which is used 2139 to select entries in the snmpTargetAddrTable. Any entry 2140 in the snmpTargetAddrTable which contains a tag value 2141 which is equal to the value of an instance of this 2142 object is selected. If this object contains a value 2143 of zero length, no entries are selected." 2144 DEFVAL { "" } 2145 ::= { snmpNotifyEntry 2 } 2147 snmpNotifyType OBJECT-TYPE 2148 SYNTAX INTEGER { 2149 trap(1), 2150 inform(2) 2151 } 2152 MAX-ACCESS read-create 2153 STATUS current 2154 DESCRIPTION 2155 "This object determines the type of notification to 2156 be generated for entries in the snmpTargetAddrTable 2157 selected by the corresponding instance of 2158 snmpNotifyTag. This value is only used when 2159 generating notifications, and is ignored when 2160 using the snmpTargetAddrTable for other purposes. 2162 If the value of this object is trap(1), then any 2163 messages generated for selected rows will contain 2164 SNMPv2-Trap PDUs. 2166 If the value of this object is inform(2), then any 2167 messages generated for selected rows will contain 2168 Inform PDUs. 2170 Note that if an SNMP entity only supports 2171 generation of traps (and not informs), then this 2172 object may be read-only." 2173 DEFVAL { trap } 2174 ::= { snmpNotifyEntry 3 } 2176 snmpNotifyStorageType OBJECT-TYPE 2177 SYNTAX StorageType 2178 MAX-ACCESS read-create 2179 STATUS current 2180 DESCRIPTION 2181 "The storage type for this conceptual row." 2182 DEFVAL { nonVolatile } 2183 ::= { snmpNotifyEntry 4 } 2185 snmpNotifyRowStatus OBJECT-TYPE 2186 SYNTAX RowStatus 2187 MAX-ACCESS read-create 2188 STATUS current 2189 DESCRIPTION 2190 "The status of this conceptual row. 2192 To create a row in this table, a manager must 2193 set this object to either createAndGo(4) or 2194 createAndWait(5)." 2195 ::= { snmpNotifyEntry 5 } 2197 snmpNotifyFilterProfileTable OBJECT-TYPE 2198 SYNTAX SEQUENCE OF SnmpNotifyFilterProfileEntry 2199 MAX-ACCESS not-accessible 2200 STATUS current 2201 DESCRIPTION 2202 "This table is used to associate a notification filter 2203 profile with a particular set of target parameters." 2204 ::= { snmpNotifyObjects 2 } 2206 snmpNotifyFilterProfileEntry OBJECT-TYPE 2207 SYNTAX SnmpNotifyFilterProfileEntry 2208 MAX-ACCESS not-accessible 2209 STATUS current 2210 DESCRIPTION 2211 "An entry in this table indicates the name of the filter 2212 profile to be used when generating notifications using 2213 the corresponding entry in the snmpTargetParamsTable. 2215 Entries in the snmpNotifyFilterProfileTable are created 2216 and deleted using the snmpNotifyFilterProfileRowStatus 2217 object." 2218 INDEX { IMPLIED snmpTargetParamsName } 2219 ::= { snmpNotifyFilterProfileTable 1 } 2221 SnmpNotifyFilterProfileEntry ::= SEQUENCE { 2222 snmpNotifyFilterProfileName SnmpAdminString, 2223 snmpNotifyFilterProfileStorType StorageType, 2224 snmpNotifyFilterProfileRowStatus RowStatus 2225 } 2227 snmpNotifyFilterProfileName OBJECT-TYPE 2228 SYNTAX SnmpAdminString (SIZE(1..32)) 2229 MAX-ACCESS read-create 2230 STATUS current 2231 DESCRIPTION 2232 "The name of the filter profile to be used when generating 2233 notifications using the corresponding entry in the 2234 snmpTargetAddrTable." 2235 ::= { snmpNotifyFilterProfileEntry 1 } 2237 snmpNotifyFilterProfileStorType OBJECT-TYPE 2238 SYNTAX StorageType 2239 MAX-ACCESS read-create 2240 STATUS current 2241 DESCRIPTION 2242 "The storage type of this conceptual row." 2243 DEFVAL { nonVolatile } 2244 ::= { snmpNotifyFilterProfileEntry 2 } 2246 snmpNotifyFilterProfileRowStatus OBJECT-TYPE 2247 SYNTAX RowStatus 2248 MAX-ACCESS read-create 2249 STATUS current 2250 DESCRIPTION 2251 "The status of this conceptual row. 2253 To create a row in this table, a manager must 2254 set this object to either createAndGo(4) or 2255 createAndWait(5). 2257 Until instances of all corresponding columns are 2258 appropriately configured, the value of the 2259 corresponding instance of the 2260 snmpNotifyFilterProfileRowStatus column is 'notReady'. 2262 In particular, a newly created row cannot be made 2263 active until the corresponding instance of 2264 snmpNotifyFilterProfileName has been set." 2265 ::= { snmpNotifyFilterProfileEntry 3 } 2267 snmpNotifyFilterTable OBJECT-TYPE 2268 SYNTAX SEQUENCE OF SnmpNotifyFilterEntry 2269 MAX-ACCESS not-accessible 2270 STATUS current 2271 DESCRIPTION 2272 "The table of filter profiles. Filter profiles are used 2273 to determine whether particular management targets should 2274 receive particular notifications. 2276 When a notification is generated, it must be compared 2277 with the filters associated with each management target 2278 which is configured to receive notifications. If the 2279 notification is matched by a filter, it is not sent to 2280 the management target with which the filter is 2281 associated. 2283 A more complete discussion of notification filtering 2284 can be found in section 6. of this document." 2285 ::= { snmpNotifyObjects 3 } 2287 snmpNotifyFilterEntry OBJECT-TYPE 2288 SYNTAX SnmpNotifyFilterEntry 2289 MAX-ACCESS not-accessible 2290 STATUS current 2291 DESCRIPTION 2292 "An element of a filter profile. 2294 Entries in the snmpNotifyFilterTable are created and 2295 deleted using the snmpNotifyFilterRowStatus object." 2296 INDEX { snmpNotifyFilterProfileName, 2297 IMPLIED snmpNotifyFilterSubtree } 2298 ::= { snmpNotifyFilterTable 1 } 2300 SnmpNotifyFilterEntry ::= SEQUENCE { 2301 snmpNotifyFilterSubtree OBJECT IDENTIFIER, 2302 snmpNotifyFilterMask OCTET STRING, 2303 snmpNotifyFilterType INTEGER, 2304 snmpNotifyFilterStorageType StorageType, 2305 snmpNotifyFilterRowStatus RowStatus 2306 } 2308 snmpNotifyFilterSubtree OBJECT-TYPE 2309 SYNTAX OBJECT IDENTIFIER 2310 MAX-ACCESS not-accessible 2311 STATUS current 2312 DESCRIPTION 2313 "The MIB subtree which, when combined with the corresponding 2314 instance of snmpNotifyFilterMask, defines a family of 2315 subtrees which are included in or excluded from the 2316 filter profile." 2317 ::= { snmpNotifyFilterEntry 1 } 2319 snmpNotifyFilterMask OBJECT-TYPE 2320 SYNTAX OCTET STRING (SIZE(0..16)) 2321 MAX-ACCESS read-create 2322 STATUS current 2323 DESCRIPTION 2324 "The bit mask which, in combination with the corresponding 2325 instance of snmpNotifyFilterSubtree, defines a family of 2326 subtrees which are included in or excluded from the 2327 filter profile. 2329 Each bit of this bit mask corresponds to a 2330 sub-identifier of snmpNotifyFilterSubtree, with the 2331 most significant bit of the i-th octet of this octet 2332 string value (extended if necessary, see below) 2333 corresponding to the (8*i - 7)-th sub-identifier, and 2334 the least significant bit of the i-th octet of this 2335 octet string corresponding to the (8*i)-th 2336 sub-identifier, where i is in the range 1 through 16. 2338 Each bit of this bit mask specifies whether or not 2339 the corresponding sub-identifiers must match when 2340 determining if an OBJECT IDENTIFIER matches this 2341 family of filter subtrees; a '1' indicates that an 2342 exact match must occur; a '0' indicates 'wild card', 2343 i.e., any sub-identifier value matches. 2345 Thus, the OBJECT IDENTIFIER X of an object instance 2346 is contained in a family of filter subtrees if, for 2347 each sub-identifier of the value of 2348 snmpNotifyFilterSubtree, either: 2350 the i-th bit of snmpNotifyFilterMask is 0, or 2352 the i-th sub-identifier of X is equal to the i-th 2353 sub-identifier of the value of 2354 snmpNotifyFilterSubtree. 2356 If the value of this bit mask is M bits long and 2357 there are more than M sub-identifiers in the 2358 corresponding instance of snmpNotifyFilterSubtree, 2359 then the bit mask is extended with 1's to be the 2360 required length. 2362 Note that when the value of this object is the 2363 zero-length string, this extension rule results in 2364 a mask of all-1's being used (i.e., no 'wild card'), 2365 and the family of filter subtrees is the one 2366 subtree uniquely identified by the corresponding 2367 instance of snmpNotifyFilterSubtree." 2368 DEFVAL { ''H } 2369 ::= { snmpNotifyFilterEntry 2 } 2371 snmpNotifyFilterType OBJECT-TYPE 2372 SYNTAX INTEGER { 2373 included(1), 2374 excluded(2) 2375 } 2376 MAX-ACCESS read-create 2377 STATUS current 2378 DESCRIPTION 2379 "This object indicates whether the family of filter subtrees 2380 defined by this entry are included in or excluded from a 2381 filter. A more detailed discussion of the use of this 2382 object can be found in section 6. of this document." 2383 DEFVAL { included } 2384 ::= { snmpNotifyFilterEntry 3 } 2386 snmpNotifyFilterStorageType OBJECT-TYPE 2387 SYNTAX StorageType 2388 MAX-ACCESS read-create 2389 STATUS current 2390 DESCRIPTION 2391 "The storage type of this conceptual row." 2392 DEFVAL { nonVolatile } 2393 ::= { snmpNotifyFilterEntry 4 } 2395 snmpNotifyFilterRowStatus OBJECT-TYPE 2396 SYNTAX RowStatus 2397 MAX-ACCESS read-create 2398 STATUS current 2399 DESCRIPTION 2400 "The status of this conceptual row. 2402 To create a row in this table, a manager must 2403 set this object to either createAndGo(4) or 2404 createAndWait(5)." 2405 ::= { snmpNotifyFilterEntry 5 } 2407 -- 2408 -- 2409 -- Conformance information 2410 -- 2411 -- 2412 snmpNotifyCompliances OBJECT IDENTIFIER ::= 2413 { snmpNotifyConformance 1 } 2414 snmpNotifyGroups OBJECT IDENTIFIER ::= 2415 { snmpNotifyConformance 2 } 2417 -- 2418 -- 2419 -- Compliance statements 2420 -- 2421 -- 2423 snmpNotifyBasicCompliance MODULE-COMPLIANCE 2424 STATUS current 2425 DESCRIPTION 2426 "The compliance statement for minimal SNMP entities which 2427 implement only SNMP Traps and read-create operations on 2428 only the snmpTargetAddrTable." 2429 MODULE SNMP-TARGET-MIB 2430 MANDATORY-GROUPS { snmpTargetBasicGroup } 2432 OBJECT snmpTargetParamsMPModel 2433 MIN-ACCESS read-only 2434 DESCRIPTION 2435 "Create/delete/modify access is not required." 2437 OBJECT snmpTargetParamsSecurityModel 2438 MIN-ACCESS read-only 2439 DESCRIPTION 2440 "Create/delete/modify access is not required." 2442 OBJECT snmpTargetParamsSecurityName 2443 MIN-ACCESS read-only 2444 DESCRIPTION 2445 "Create/delete/modify access is not required." 2447 OBJECT snmpTargetParamsSecurityLevel 2448 MIN-ACCESS read-only 2449 DESCRIPTION 2450 "Create/delete/modify access is not required." 2452 OBJECT snmpTargetParamsStorageType 2453 SYNTAX INTEGER { 2454 readOnly(5) 2455 } 2456 MIN-ACCESS read-only 2457 DESCRIPTION 2458 "Create/delete/modify access is not required. 2460 Support of the values other(1), volatile(2), 2461 nonVolatile(3), and permanent(4) is not required." 2463 OBJECT snmpTargetParamsRowStatus 2464 SYNTAX INTEGER { 2465 active(1) 2466 } 2467 MIN-ACCESS read-only 2468 DESCRIPTION 2469 "Create/delete/modify access to the 2470 snmpTargetParamsTable is not required. 2471 Support of the values notInService(2), notReady(3), 2472 createAndGo(4), createAndWait(5), and destroy(6) is 2473 not required." 2475 MODULE -- This Module 2476 MANDATORY-GROUPS { snmpNotifyGroup } 2478 OBJECT snmpNotifyTag 2479 MIN-ACCESS read-only 2480 DESCRIPTION 2481 "Create/delete/modify access is not required." 2483 OBJECT snmpNotifyType 2484 SYNTAX INTEGER { 2485 trap(1) 2486 } 2487 MIN-ACCESS read-only 2488 DESCRIPTION 2489 "Create/delete/modify access is not required. 2490 Support of the value notify(2) is not required." 2492 OBJECT snmpNotifyStorageType 2493 SYNTAX INTEGER { 2494 readOnly(5) 2495 } 2496 MIN-ACCESS read-only 2497 DESCRIPTION 2498 "Create/delete/modify access is not required. 2499 Support of the values other(1), volatile(2), 2500 nonVolatile(3), and permanent(4) is not required." 2502 OBJECT snmpNotifyRowStatus 2503 SYNTAX INTEGER { 2504 active(1) 2505 } 2506 MIN-ACCESS read-only 2507 DESCRIPTION 2508 "Create/delete/modify access to the 2509 snmpNotifyTable is not required. 2510 Support of the values notInService(2), notReady(3), 2511 createAndGo(4), createAndWait(5), and destroy(6) is 2512 not required." 2514 ::= { snmpNotifyCompliances 1 } 2516 snmpNotifyBasicFiltersCompliance MODULE-COMPLIANCE 2517 STATUS current 2518 DESCRIPTION 2519 "The compliance statement for SNMP entities which implement 2520 SNMP Traps with filtering, and read-create operations on 2521 all related tables." 2522 MODULE SNMP-TARGET-MIB 2523 MANDATORY-GROUPS { snmpTargetBasicGroup } 2524 MODULE -- This Module 2525 MANDATORY-GROUPS { snmpNotifyGroup, 2526 snmpNotifyFilterGroup } 2527 ::= { snmpNotifyCompliances 2 } 2529 snmpNotifyFullCompliance MODULE-COMPLIANCE 2530 STATUS current 2531 DESCRIPTION 2532 "The compliance statement for SNMP entities which either 2533 implement only SNMP Informs, or both SNMP Traps and SNMP 2534 Informs, plus filtering and read-create operations on 2535 all related tables." 2536 MODULE SNMP-TARGET-MIB 2537 MANDATORY-GROUPS { snmpTargetBasicGroup, 2538 snmpTargetResponseGroup } 2539 MODULE -- This Module 2540 MANDATORY-GROUPS { snmpNotifyGroup, 2541 snmpNotifyFilterGroup } 2542 ::= { snmpNotifyCompliances 3 } 2544 snmpNotifyGroup OBJECT-GROUP 2545 OBJECTS { 2546 snmpNotifyTag, 2547 snmpNotifyType, 2548 snmpNotifyStorageType, 2549 snmpNotifyRowStatus 2550 } 2551 STATUS current 2552 DESCRIPTION 2553 "A collection of objects for selecting which management 2554 targets are used for generating notifications, and the 2555 type of notification to be generated for each selected 2556 management target." 2557 ::= { snmpNotifyGroups 1 } 2559 snmpNotifyFilterGroup OBJECT-GROUP 2560 OBJECTS { 2561 snmpNotifyFilterProfileName, 2562 snmpNotifyFilterProfileStorType, 2563 snmpNotifyFilterProfileRowStatus, 2564 snmpNotifyFilterMask, 2565 snmpNotifyFilterType, 2566 snmpNotifyFilterStorageType, 2567 snmpNotifyFilterRowStatus 2568 } 2569 STATUS current 2570 DESCRIPTION 2571 "A collection of objects providing remote configuration 2572 of notification filters." 2573 ::= { snmpNotifyGroups 2 } 2575 END 2577 4.3. The Proxy MIB Module 2579 The SNMP-PROXY-MIB module, which defines MIB objects that provide 2580 mechanisms to remotely configure the parameters used by an SNMP 2581 entity for proxy forwarding operations, contains a single table. 2582 This table, snmpProxyTable, is used to define translations between 2583 management targets for use when forwarding messages. 2585 4.3.1. Definitions 2587 SNMP-PROXY-MIB DEFINITIONS ::= BEGIN 2589 IMPORTS 2590 MODULE-IDENTITY, 2591 OBJECT-TYPE, 2592 snmpModules 2593 FROM SNMPv2-SMI 2595 RowStatus, 2596 StorageType 2597 FROM SNMPv2-TC 2599 SnmpEngineID, 2600 SnmpAdminString 2601 FROM SNMP-FRAMEWORK-MIB 2603 SnmpTagValue 2604 FROM SNMP-TARGET-MIB 2606 MODULE-COMPLIANCE, 2607 OBJECT-GROUP 2608 FROM SNMPv2-CONF; 2610 snmpProxyMIB MODULE-IDENTITY 2611 LAST-UPDATED "9711210000Z" 2612 ORGANIZATION "IETF SNMPv3 Working Group" 2613 CONTACT-INFO 2614 "WG-email: snmpv3@tis.com 2615 Subscribe: majordomo@tis.com 2616 In message body: subscribe snmpv3 2618 Chair: Russ Mundy 2619 Trusted Information Systems 2620 Postal: 3060 Washington Rd 2621 Glenwood MD 21738 2622 USA 2624 Email: mundy@tis.com 2625 Phone: +1-301-854-6889 2627 Co-editor: David B. Levi 2628 SNMP Research, Inc. 2629 Postal: 3001 Kimberlin Heights Road 2630 Knoxville, TN 37920-9716 2631 E-mail: levi@snmp.com 2632 Phone: +1 423 573 1434 2634 Co-editor: Paul Meyer 2635 Secure Computing Corporation 2636 Postal: 2675 Long Lake Road 2637 Roseville, MN 55113 2638 E-mail: paul_meyer@securecomputing.com 2639 Phone: +1 612 628 1592 2641 Co-editor: Bob Stewart 2642 Cisco Systems, Inc. 2643 Postal: 170 West Tasman Drive 2644 San Jose, CA 95134-1706 2645 E-mail: bstewart@cisco.com 2646 Phone: +1 603 654 6923" 2647 DESCRIPTION 2648 "This MIB module defines MIB objects which provide 2649 mechanisms to remotely configure the parameters 2650 used by a proxy forwarding application." 2651 REVISION "9808070000Z" 2652 DESCRIPTION "Clarifications, published as RFCxxxx." 2653 REVISION "9707140000Z" 2654 DESCRIPTION "The initial revision, published as RFC2273." 2655 ::= { snmpModules 14 } 2657 snmpProxyObjects OBJECT IDENTIFIER ::= { snmpProxyMIB 1 } 2658 snmpProxyConformance OBJECT IDENTIFIER ::= { snmpProxyMIB 3 } 2660 -- 2661 -- 2662 -- The snmpProxyObjects group 2663 -- 2664 -- 2666 snmpProxyTable OBJECT-TYPE 2667 SYNTAX SEQUENCE OF SnmpProxyEntry 2668 MAX-ACCESS not-accessible 2669 STATUS current 2670 DESCRIPTION 2671 "The table of translation parameters used by proxy forwarder 2672 applications for forwarding SNMP messages." 2673 ::= { snmpProxyObjects 2 } 2675 snmpProxyEntry OBJECT-TYPE 2676 SYNTAX SnmpProxyEntry 2677 MAX-ACCESS not-accessible 2678 STATUS current 2679 DESCRIPTION 2680 "A set of translation parameters used by a proxy forwarder 2681 application for forwarding SNMP messages. 2683 Entries in the snmpProxyTable are created and deleted 2684 using the snmpProxyRowStatus object." 2685 INDEX { IMPLIED snmpProxyName } 2686 ::= { snmpProxyTable 1 } 2688 SnmpProxyEntry ::= SEQUENCE { 2689 snmpProxyName SnmpAdminString, 2690 snmpProxyType INTEGER, 2691 snmpProxyContextEngineID SnmpEngineID, 2692 snmpProxyContextName SnmpAdminString, 2693 snmpProxyTargetParamsIn SnmpAdminString, 2694 snmpProxySingleTargetOut SnmpAdminString, 2695 snmpProxyMultipleTargetOut SnmpTagValue, 2696 snmpProxyStorageType StorageType, 2697 snmpProxyRowStatus RowStatus 2698 } 2700 snmpProxyName OBJECT-TYPE 2701 SYNTAX SnmpAdminString (SIZE(1..32)) 2702 MAX-ACCESS not-accessible 2703 STATUS current 2704 DESCRIPTION 2705 "The locally arbitrary, but unique identifier associated 2706 with this snmpProxyEntry." 2707 ::= { snmpProxyEntry 1 } 2709 snmpProxyType OBJECT-TYPE 2710 SYNTAX INTEGER { 2711 read(1), 2712 write(2), 2713 trap(3), 2714 inform(4) 2715 } 2716 MAX-ACCESS read-create 2717 STATUS current 2718 DESCRIPTION 2719 "The type of message that may be forwarded using 2720 the translation parameters defined by this entry." 2721 ::= { snmpProxyEntry 2 } 2723 snmpProxyContextEngineID OBJECT-TYPE 2724 SYNTAX SnmpEngineID 2725 MAX-ACCESS read-create 2726 STATUS current 2727 DESCRIPTION 2728 "The contextEngineID contained in messages that 2729 may be forwarded using the translation parameters 2730 defined by this entry." 2731 ::= { snmpProxyEntry 3 } 2733 snmpProxyContextName OBJECT-TYPE 2734 SYNTAX SnmpAdminString 2735 MAX-ACCESS read-create 2736 STATUS current 2737 DESCRIPTION 2738 "The contextName contained in messages that may be 2739 forwarded using the translation parameters defined 2740 by this entry. 2742 This object is optional, and if not supported, the 2743 contextName contained in a message is ignored when 2744 selecting an entry in the snmpProxyTable." 2745 ::= { snmpProxyEntry 4 } 2747 snmpProxyTargetParamsIn OBJECT-TYPE 2748 SYNTAX SnmpAdminString 2749 MAX-ACCESS read-create 2750 STATUS current 2751 DESCRIPTION 2752 "This object selects an entry in the snmpTargetParamsTable. 2753 The selected entry is used to determine which row of the 2754 snmpProxyTable to use for forwarding received messages." 2755 ::= { snmpProxyEntry 5 } 2757 snmpProxySingleTargetOut OBJECT-TYPE 2758 SYNTAX SnmpAdminString 2759 MAX-ACCESS read-create 2760 STATUS current 2761 DESCRIPTION 2762 "This object selects a management target defined in the 2763 snmpTargetAddrTable (in the SNMP-TARGET-MIB). The 2764 selected target is defined by an entry in the 2765 snmpTargetAddrTable whose index value (snmpTargetAddrName) 2766 is equal to this object. 2768 This object is only used when selection of a single 2769 target is required (i.e. when forwarding an incoming 2770 read or write request)." 2771 ::= { snmpProxyEntry 6 } 2773 snmpProxyMultipleTargetOut OBJECT-TYPE 2774 SYNTAX SnmpTagValue 2775 MAX-ACCESS read-create 2776 STATUS current 2777 DESCRIPTION 2778 "This object selects a set of management targets defined 2779 in the snmpTargetAddrTable (in the SNMP-TARGET-MIB). 2781 This object is only used when selection of multiple 2782 targets is required (i.e. when forwarding an incoming 2783 notification)." 2784 ::= { snmpProxyEntry 7 } 2786 snmpProxyStorageType OBJECT-TYPE 2787 SYNTAX StorageType 2788 MAX-ACCESS read-create 2789 STATUS current 2790 DESCRIPTION 2791 "The storage type of this conceptual row." 2792 DEFVAL { nonVolatile } 2793 ::= { snmpProxyEntry 8 } 2795 snmpProxyRowStatus OBJECT-TYPE 2796 SYNTAX RowStatus 2797 MAX-ACCESS read-create 2798 STATUS current 2799 DESCRIPTION 2800 "The status of this conceptual row. 2802 To create a row in this table, a manager must 2803 set this object to either createAndGo(4) or 2804 createAndWait(5). 2806 The following objects may not be modified while the 2807 value of this object is active(1): 2808 - snmpProxyType 2809 - snmpProxyContextEngineID 2810 - snmpProxyContextName 2811 - snmpProxyTargetParamsIn 2812 - snmpProxySingleTargetOut 2813 - snmpProxyMultipleTargetOut" 2814 ::= { snmpProxyEntry 9 } 2816 -- 2817 -- 2818 -- Conformance information 2819 -- 2820 -- 2822 snmpProxyCompliances OBJECT IDENTIFIER ::= 2823 { snmpProxyConformance 1 } 2824 snmpProxyGroups OBJECT IDENTIFIER ::= 2825 { snmpProxyConformance 2 } 2827 -- 2828 -- 2829 -- Compliance statements 2830 -- 2831 -- 2833 snmpProxyCompliance MODULE-COMPLIANCE 2834 STATUS current 2835 DESCRIPTION 2836 "The compliance statement for SNMP entities which include 2837 a proxy forwarding application." 2838 MODULE SNMP-TARGET-MIB 2839 MANDATORY-GROUPS { snmpTargetBasicGroup, 2840 snmpTargetResponseGroup } 2841 MODULE -- This Module 2842 MANDATORY-GROUPS { snmpProxyGroup } 2843 ::= { snmpProxyCompliances 1 } 2845 snmpProxyGroup OBJECT-GROUP 2846 OBJECTS { 2847 snmpProxyType, 2848 snmpProxyContextEngineID, 2849 snmpProxyContextName, 2850 snmpProxyTargetParamsIn, 2851 snmpProxySingleTargetOut, 2852 snmpProxyMultipleTargetOut, 2853 snmpProxyStorageType, 2854 snmpProxyRowStatus 2855 } 2856 STATUS current 2857 DESCRIPTION 2858 "A collection of objects providing remote configuration of 2859 management target translation parameters for use by 2860 proxy forwarder applications." 2861 ::= { snmpProxyGroups 3 } 2863 END 2865 5. Identification of Management Targets in Notification Originators 2867 This section describes the mechanisms used by a notification 2868 originator application when using the MIB module described in this 2869 document to determine the set of management targets to be used when 2870 generating a notification. 2872 A notification originator uses each entry in the snmpNotifyTable to 2873 find the management targets to be used for generating notifications. 2874 Each active entry in this table identifies zero or more entries in 2875 the snmpTargetAddrTable. Any entry in the snmpTargetAddrTable whose 2876 snmpTargetAddrTagList object contains a tag value which is equal to a 2877 value of snmpNotifyTag is selected by the snmpNotifyEntry which 2878 contains that instance of snmpNotifyTag. Note that a particular 2879 snmpTargetAddrEntry may be selected by multiple entries in the 2880 snmpNotifyTable, resulting in multiple notifications being generated 2881 using that snmpTargetAddrEntry. 2883 Each snmpTargetAddrEntry contains a pointer to the 2884 snmpTargetParamsTable (snmpTargetAddrParams). This pointer selects a 2885 set of SNMP parameters to be used for generating notifications. If 2886 the selected entry in the snmpTargetParamsTable does not exist, the 2887 management target is not used to generate notifications. 2889 The decision as to whether a notification should contain an SNMPv2- 2890 Trap or Inform PDU is determined by the value of the snmpNotifyType 2891 object. If the value of this object is trap(1), the notification 2892 should contain an SNMPv2-Trap PDU. If the value of this object is 2893 inform(2), then the notification should contain an Inform PDU, and 2894 the timeout time and number of retries for the Inform are the value 2895 of snmpTargetAddrTimeout and snmpTargetAddrRetryCount. Note that the 2896 exception to these rules is when the snmpTargetParamsMPModel object 2897 indicates SNMPv1. In this case, the notification is sent as a Trap 2898 if the value of snmpNotifyTargetType is either trap(1) or inform(2). 2900 6. Notification Filtering 2902 This section describes the mechanisms used by a notification 2903 originator application when using the MIB module described in this 2904 document to filter generation of notifications. 2906 A notification originator uses the snmpNotifyFilterTable to filter 2907 notifications. A notification filter profile may be associated with 2908 a particular entry in the snmpTargetParamsTable. The associated 2909 filter profile is identified by an entry in the 2910 snmpNotifyFilterProfileTable whose index is equal to the index of the 2911 entry in the snmpTargetParamsTable. If no such entry exists in the 2912 snmpNotifyFilterProfileTable, no filtering is performed for that 2913 management target. 2915 If such an entry does exist, the value of snmpNotifyFilterProfileName 2916 of the entry is compared with the corresponding portion of the index 2917 of all active entries in the snmpNotifyFilterTable. All such entries 2918 for which this comparison results in an exact match are used for 2919 filtering a notification generated using the associated 2920 snmpTargetParamsEntry. If no such entries exist, no filtering is 2921 performed, and a notification may be sent to the management target. 2923 Otherwise, if matching entries do exist, a notification may be sent 2924 if the NOTIFICATION-TYPE OBJECT IDENTIFIER of the notification (this 2925 is the value of the element of the variable bindings whose name is 2926 snmpTrapOID.0, i.e., the second variable binding), and all of the 2927 object instances to be included in the variable-bindings of the 2928 notification, are not specifically excluded by the matching entries. 2930 Each set of snmpNotifyFilterTable entries is divided into two 2931 collections of filter subtrees: the included filter subtrees, and 2932 the excluded filter subtrees. The snmpNotifyFilterType object 2933 defines the collection to which each matching entry belongs. 2935 To determine whether a particular notification name or object 2936 instance is excluded by the set of matching entries, compare the 2937 notification name's or object instance's OBJECT IDENTIFIER with each 2938 of the matching entries. If none match, then the notification name 2939 or object instance is considered excluded, and the notification 2940 should not be sent to this management target. If one or more match, 2941 then the notification name or object instance is included or 2942 excluded, according to the value of snmpNotifyFilterType in the entry 2943 whose value of snmpNotifyFilterSubtree has the most sub-identifiers. 2944 If multiple entries match and have the same number of sub- 2945 identifiers, then the lexicographically greatest instance of 2946 snmpNotifyFilterType among those which match determines the inclusion 2947 or exclusion. 2949 A notification name's or object instance's OBJECT IDENTIFIER X 2950 matches an entry in the snmpNotifyFilterTable when the number of 2951 sub-identifiers in X is at least as many as in the value of 2952 snmpNotifyFilterSubtree for the entry, and each sub-identifier in the 2953 value of snmpNotifyFilterSubtree matches its corresponding sub- 2954 identifier in X. Two sub-identifiers match either if the 2955 corresponding bit of snmpNotifyFilterMask is zero (the 'wild card' 2956 value), or if the two sub-identifiers are equal. 2958 7. Management Target Translation in Proxy Forwarder Applications 2960 This section describes the mechanisms used by a proxy forwarder 2961 application when using the MIB module described in this document to 2962 translate incoming management target information into outgoing 2963 management target information for the purpose of forwarding messages. 2964 There are actually two mechanisms a proxy forwarder may use, one for 2965 forwarding request messages, and one for forwarding notification 2966 messages. 2968 7.1. Management Target Translation for Request Forwarding 2970 When forwarding request messages, the proxy forwarder will select a 2971 single entry in the snmpProxyTable. To select this entry, it will 2972 perform the following comparisons: 2974 - The snmpProxyType must be read(1) if the request is a Get, 2975 GetNext, or GetBulk request. The snmpProxyType must be 2976 write(2) if the request is a Set request. 2978 - The contextEngineID must equal the snmpProxyContextEngineID 2979 object. 2981 - If the snmpProxyContextName object is supported, it must equal 2982 the contextName. 2984 - The snmpProxyTargetParamsIn object identifies an entry in the 2985 snmpTargetParamsTable. The messageProcessingModel, 2986 securityLevel, security model, and securityName must match the 2987 values of snmpTargetParamsMPModel, 2988 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, 2989 and snmpTargetParamsSecurityLevel of the identified entry in 2990 the snmpTargetParamsTable. 2992 There may be multiple entries in the snmpProxyTable for which these 2993 comparisons succeed. The entry whose snmpProxyName has the 2994 lexicographically smallest value and for which the comparisons 2995 succeed will be selected by the proxy forwarder. 2997 The outgoing management target information is identified by the value 2998 of the snmpProxySingleTargetOut object of the selected entry. This 2999 object identifies an entry in the snmpTargetAddrTable. The 3000 identified entry in the snmpTargetAddrTable also contains a reference 3001 to the snmpTargetParamsTable (snmpTargetAddrParams). If either the 3002 identified entry in the snmpTargetAddrTable does not exist, or the 3003 identified entry in the snmpTargetParamsTable does not exist, then 3004 this snmpProxyEntry does not identify valid forwarding information, 3005 and the proxy forwarder should attempt to identify another row. 3007 If there is no entry in the snmpProxyTable for which all of the 3008 conditions above may be met, then there is no appropriate forwarding 3009 information, and the proxy forwarder should take appropriate actions. 3011 Otherwise, The snmpTargetAddrTDomain, snmpTargetAddrTAddress, 3012 snmpTargetAddrTimeout, and snmpTargetRetryCount of the identified 3013 snmpTargetAddrEntry, and the snmpTargetParamsMPModel, 3014 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, and 3015 snmpTargetParamsSecurityLevel of the identified snmpTargetParamsEntry 3016 are used as the destination management target. 3018 7.2. Management Target Translation for Notification Forwarding 3020 When forwarding notification messages, the proxy forwarder will 3021 select multiple entries in the snmpProxyTable. To select these 3022 entries, it will perform the following comparisons: 3024 - The snmpProxyType must be trap(3) if the notification is a 3025 Trap. The snmpProxyType must be inform(4) if the request is 3026 an Inform. 3028 - The contextEngineID must equal the snmpProxyContextEngineID 3029 object. 3031 - If the snmpProxyContextName object is supported, it must equal 3032 the contextName. 3034 - The snmpProxyTargetParamsIn object identifies an entry in the 3035 snmpTargetParamsTable. The messageProcessingModel, 3036 securityLevel, security model, and securityName must match the 3037 values of snmpTargetParamsMPModel, 3038 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, 3039 and snmpTargetParamsSecurityLevel of the identified entry in 3040 the snmpTargetParamsTable. 3042 All entries for which these conditions are met are selected. The 3043 snmpProxyMultipleTargetOut object of each such entry is used to 3044 select a set of entries in the snmpTargetAddrTable. Any 3045 snmpTargetAddrEntry whose snmpTargetAddrTagList object contains a tag 3046 value equal to the value of snmpProxyMultipleTargetOut, and whose 3047 snmpTargetAddrParams object references an existing entry in the 3048 snmpTargetParamsTable, is selected as a destination for the forwarded 3049 notification. 3051 8. Intellectual Property 3053 The IETF takes no position regarding the validity or scope of any 3054 intellectual property or other rights that might be claimed to 3055 pertain to the implementation or use of the technology described in 3056 this document or the extent to which any license under such rights 3057 might or might not be available; neither does it represent that it 3058 has made any effort to identify any such rights. Information on the 3059 IETF's procedures with respect to rights in standards-track and 3060 standards-related documentation can be found in BCP-11. Copies of 3061 claims of rights made available for publication and any assurances of 3062 licenses to be made available, or the result of an attempt made to 3063 obtain a general license or permission for the use of such 3064 proprietary rights by implementors or users of this specification can 3065 be obtained from the IETF Secretariat. 3067 The IETF invites any interested party to bring to its attention any 3068 copyrights, patents or patent applications, or other proprietary 3069 rights which may cover technology that may be required to practice 3070 this standard. Please address the information to the IETF Executive 3071 Director. 3073 9. Acknowledgments 3075 This document is the result of the efforts of the SNMPv3 Working 3076 Group. Some special thanks are in order to the following SNMPv3 WG 3077 members: 3079 Dave Battle (SNMP Research, Inc.) 3080 Uri Blumenthal (IBM T.J. Watson Research Center) 3081 Jeff Case (SNMP Research, Inc.) 3082 John Curran (BBN) 3083 T. Max Devlin (Hi-TECH Connections) 3084 John Flick (Hewlett Packard) 3085 David Harrington (Cabletron Systems Inc.) 3086 N.C. Hien (IBM T.J. Watson Research Center) 3087 Dave Levi (SNMP Research, Inc.) 3088 Louis A Mamakos (UUNET Technologies Inc.) 3089 Paul Meyer (Secure Computing Corporation) 3090 Keith McCloghrie (Cisco Systems) 3091 Russ Mundy (Trusted Information Systems, Inc.) 3092 Bob Natale (ACE*COMM Corporation) 3093 Mike O'Dell (UUNET Technologies Inc.) 3094 Dave Perkins (DeskTalk) 3095 Peter Polkinghorne (Brunel University) 3096 Randy Presuhn (BMC Software, Inc.) 3097 David Reid (SNMP Research, Inc.) 3098 Shawn Routhier (Epilogue) 3099 Juergen Schoenwaelder (TU Braunschweig) 3100 Bob Stewart (Cisco Systems) 3101 Bert Wijnen (IBM T.J. Watson Research Center) 3103 The document is based on recommendations of the IETF Security and 3104 Administrative Framework Evolution for SNMP Advisory Team. Members of 3105 that Advisory Team were: 3107 David Harrington (Cabletron Systems Inc.) 3108 Jeff Johnson (Cisco Systems) 3109 David Levi (SNMP Research Inc.) 3110 John Linn (Openvision) 3111 Russ Mundy (Trusted Information Systems) chair 3112 Shawn Routhier (Epilogue) 3113 Glenn Waters (Nortel) 3114 Bert Wijnen (IBM T. J. Watson Research Center) 3116 As recommended by the Advisory Team and the SNMPv3 Working Group 3117 Charter, the design incorporates as much as practical from previous 3118 RFCs and drafts. As a result, special thanks are due to the authors 3119 of previous designs known as SNMPv2u and SNMPv2*: 3121 Jeff Case (SNMP Research, Inc.) 3122 David Harrington (Cabletron Systems Inc.) 3123 David Levi (SNMP Research, Inc.) 3124 Keith McCloghrie (Cisco Systems) 3125 Brian O'Keefe (Hewlett Packard) 3126 Marshall T. Rose (Dover Beach Consulting) 3127 Jon Saperia (BGS Systems Inc.) 3128 Steve Waldbusser (International Network Services) 3129 Glenn W. Waters (Bell-Northern Research Ltd.) 3131 10. Security Considerations 3133 The SNMP applications described in this document typically have 3134 direct access to MIB instrumentation. Thus, it is very important 3135 that these applications be strict in their application of access 3136 control as described in this document. 3138 In addition, there may be some types of notification generator 3139 applications which, rather than accessing MIB instrumentation using 3140 access control, will obtain MIB information through other means (such 3141 as from a command line). The implementors and users of such 3142 applications must be responsible for not divulging MIB information 3143 that normally would be inaccessible due to access control. 3145 11. References 3147 [RFC1157] 3148 Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network 3149 Management Protocol", RFC 1157, SNMP Research, Performance Systems 3150 International, Performance Systems International, MIT Laboratory 3151 for Computer Science, May 1990. 3153 [RFC1213] 3154 McCloghrie, K., and M. Rose, Editors, "Management Information Base 3155 for Network Management of TCP/IP-based internets: MIB-II", STD 17, 3156 RFC 1213, Hughes LAN Systems, Performance Systems International, 3157 March 1991. 3159 [RFC1902] 3160 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3161 Waldbusser, "Structure of Management Information for Version 2 of 3162 the Simple Network Management Protocol (SNMPv2)", RFC1902, SNMP 3163 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3164 International Network Services, January 1996. 3166 [RFC1903] 3167 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3168 Waldbusser, "Textual Conventions for Version 2 of the Simple 3169 Network Management Protocol (SNMPv2)", RFC1903, SNMP Research,Inc., 3170 Cisco Systems, Inc., Dover Beach Consulting, Inc., International 3171 Network Services, January 1996. 3173 [RFC1905] 3174 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3175 Waldbusser, "Protocol Operations for Version 2 of the Simple 3176 Network Management Protocol (SNMPv2)", RFC1905, SNMP Research,Inc., 3177 Cisco Systems, Inc., Dover Beach Consulting, Inc., International 3178 Network Services, January 1996. 3180 [RFC1907] 3181 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3182 Waldbusser, "Management Information Base for Version 2 of the 3183 Simple Network Management Protocol (SNMPv2)", RFC1905, SNMP 3184 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3185 International Network Services, January 1996. 3187 [RFC1908] 3188 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3189 Waldbusser, "Coexistence between Version 1 and Version 2 of the 3190 Internet-standard Network Management Framework", RFC1905, SNMP 3191 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3192 International Network Services, January 1996. 3194 [SNMP-ARCH] 3195 The SNMPv3 Working Group, Harrington, D., Wijnen, B., "An 3196 Architecture for Describing SNMP Management Frameworks", 3197 draft-ietf-snmpv3-arch-00.txt, November 1997. 3199 [SNMP-MPD] 3200 The SNMPv3 Working Group, Case, J., Harrington, D., Wijnen, B., 3201 "Message Processing and Dispatching for the Simple Network 3202 Management Protocol (SNMP)", draft-ietf-snmpv3-v3mpc-model-07.txt, 3203 November 1997. 3205 [SNMP-ACM] 3206 The SNMPv3 Working Group, Wijnen, B., Presuhn, R., McCloghrie, K., 3207 "View-based Access Control Model for the Simple Network Management 3208 Protocol (SNMP)", draft-ietf-snmpv3-vacm-00.txt, November 1997. 3210 12. Editor's Address 3212 David B. Levi 3213 SNMP Research, Inc. 3214 3001 Kimberlin Heights Road 3215 Knoxville, TN 37920-9716 3216 U.S.A. 3217 Phone: +1 423 573 1434 3218 EMail: levi@snmp.com 3220 Paul Meyer 3221 Secure Computing Corporation 3222 2675 Long Lake Road 3223 Roseville, MN 55113 3224 U.S.A. 3225 Phone: +1 612 628 1592 3226 EMail: paul_meyer@securecomputing.com 3228 Bob Stewart 3229 Cisco Systems, Inc. 3230 170 West Tasman Drive 3231 San Jose, CA 95134-1706 3232 U.S.A. 3233 Phone: +1 603 654 6923 3234 EMail: bstewart@cisco.com 3236 APPENDIX A - Trap Configuration Example 3238 This section describes an example configuration for a Notification 3239 Generator application which implements the snmpNotifyBasicCompliance 3240 level. The example configuration specifies that the Notification 3241 Generator should send notifications to 3 separate managers, using 3242 authentication and no privacy for the first 2 managers, and using 3243 both authentication and privacy for the third manager. 3245 The configuration consists of three rows in the snmpTargetAddrTable, 3246 and two rows in the snmpTargetTable. 3248 snmpTargetAddrName SnmpAdminString, 3249 snmpTargetAddrTDomain TDomain, 3250 snmpTargetAddrTAddress TAddress, 3251 snmpTargetAddrTimeout TimeInterval, 3252 snmpTargetAddrRetryCount Integer32, 3253 snmpTargetAddrTagList SnmpAdminString, 3254 snmpTargetAddrParams SnmpAdminString, 3255 snmpTargetAddrStorageType StorageType, 3256 snmpTargetAddrRowStatus RowStatus 3258 * snmpTargetAddrName = "addr1" 3259 snmpTargetAddrTDomain = snmpUDPDomain 3260 snmpTargetAddrTAddress = 128.1.2.3/162 3261 snmpTargetAddrTagList = "group1" 3262 snmpTargetAddrParams = "AuthNoPriv joe" 3263 snmpTargetAddrStorageType = readOnly(5) 3264 snmpTargetAddrRowStatus = active(1) 3266 * snmpTargetAddrName = "addr2" 3267 snmpTargetAddrTDomain = snmpUDPDomain 3268 snmpTargetAddrTAddress = 128.2.4.6/162 3269 snmpTargetAddrTagList = "group1" 3270 snmpTargetAddrParams = "AuthNoPriv-joe" 3271 snmpTargetAddrStorageType = readOnly(5) 3272 snmpTargetAddrRowStatus = active(1) 3274 * snmpTargetAddrName = "addr3" 3275 snmpTargetAddrTDomain = snmpUDPDomain 3276 snmpTargetAddrTAddress = 128.1.2.3/162 3277 snmpTargetAddrTagList = "group2" 3278 snmpTargetAddrParams = "AuthPriv-bob" 3279 snmpTargetAddrStorageType = readOnly(5) 3280 snmpTargetAddrRowStatus = active(1) 3282 * snmpTargetParamsName = "AuthNoPriv-joe" 3283 snmpTargetParamsMPModel = 3 3284 snmpTargetParamsSecurityModel = 3 (USM) 3285 snmpTargetParamsSecurityName = "joe" 3286 snmpTargetParamsSecurityLevel = authNoPriv(2) 3287 snmpTargetParamsStorageType = readOnly(5) 3288 snmpTargetParamsRowStatus = active(1) 3290 * snmpTargetParamsName = "AuthPriv-bob" 3291 snmpTargetParamsMPModel = 3 3292 snmpTargetParamsSecurityModel = 3 (USM) 3293 snmpTargetParamsSecurityName = "bob" 3294 snmpTargetParamsSecurityLevel = authPriv(3) 3295 snmpTargetParamsStorageType = readOnly(5) 3296 snmpTargetParamsRowStatus = active(1) 3298 * snmpNotifyName = "group1" 3299 snmpNotifyTag = "group1" 3300 snmpNotifyType = trap(1) 3301 snmpNotifyStorageType = readOnly(5) 3302 snmpNotifyRowStatus = active(1) 3304 * snmpNotifyName = "group2" 3305 snmpNotifyTag = "group2" 3306 snmpNotifyType = trap(1) 3307 snmpNotifyStorageType = readOnly(5) 3308 snmpNotifyRowStatus = active(1) 3310 These entries define two groups of management targets. The first 3311 group contains two management targets: 3313 first target second target 3314 ------------ ------------- 3315 messageProcessingModel SNMPv3 SNMPv3 3316 securityModel 3 (USM) 3 (USM) 3317 securityName "joe" "joe" 3318 securityLevel authNoPriv(2) authNoPriv(2) 3319 transportDomain snmpUDPDomain snmpUDPDomain 3320 transportAddress 128.1.2.3/162 128.2.4.6/162 3322 And the second group contains a single management target: 3324 messageProcessingModel SNMPv3 3325 securityLevel authPriv(3) 3326 securityModel 3 (USM) 3327 securityName "bob" 3328 transportDomain snmpUDPDomain 3329 transportAddress 128.1.5.9/162 3331 B. Full Copyright Statement 3333 This document and translations of it may be copied and furnished to 3334 others, and derivative works that comment on or otherwise explain it 3335 or assist in its implementation may be prepared, copied, published 3336 and distributed, in whole or in part, without restriction of any 3337 kind, provided that the above copyright notice and this paragraph are 3338 included on all such copies and derivative works. However, this 3339 document itself may not be modified in any way, such as by removing 3340 the copyright notice or references to the Internet Society or other 3341 Internet organizations, except as needed for the purpose of 3342 developing Internet standards in which case the procedures for 3343 copyrights defined in the Internet Standards process must be 3344 followed, or as required to translate it into languages other than 3345 English. 3347 The limited permissions granted above are perpetual and will not be 3348 revoked by the Internet Society or its successors or assigns. 3350 This document and the information contained herein is provided on an 3351 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 3352 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 3353 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 3354 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 3355 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.