idnits 2.17.1 draft-ietf-snmpv3-appl-v2-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([SNMP-ARCH]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 5 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 3364 has weird spacing: '...tyLevel auth...' == Line 3365 has weird spacing: '...tDomain snmp...' == Line 3371 has weird spacing: '...tyLevel auth...' == Line 3374 has weird spacing: '...tDomain snmp...' == Line 3387 has weird spacing: '...for the purpo...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (30 September 1998) is 9340 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC1157' is defined on line 3189, but no explicit reference was found in the text == Unused Reference: 'RFC1213' is defined on line 3195, but no explicit reference was found in the text == Unused Reference: 'RFC1902' is defined on line 3201, but no explicit reference was found in the text == Unused Reference: 'RFC1903' is defined on line 3208, but no explicit reference was found in the text == Unused Reference: 'RFC1908' is defined on line 3229, but no explicit reference was found in the text == Unused Reference: 'SNMP-MPD' is defined on line 3245, but no explicit reference was found in the text == Unused Reference: 'SNMP-ACM' is defined on line 3251, but no explicit reference was found in the text == Outdated reference: A later version (-07) exists of draft-ietf-snmpv3-coex-01 ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Obsolete normative reference: RFC 1902 (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1905 (Obsoleted by RFC 3416) -- Duplicate reference: RFC1905, mentioned in 'RFC1907', was also mentioned in 'RFC1905'. ** Obsolete normative reference: RFC 1905 (ref. 'RFC1907') (Obsoleted by RFC 3416) -- Duplicate reference: RFC1905, mentioned in 'RFC1908', was also mentioned in 'RFC1907'. ** Obsolete normative reference: RFC 1905 (ref. 'RFC1908') (Obsoleted by RFC 3416) == Outdated reference: A later version (-05) exists of draft-ietf-snmpv3-arch-01 == Outdated reference: A later version (-05) exists of draft-ietf-snmpv3-mpc-01 == Outdated reference: A later version (-04) exists of draft-ietf-snmpv3-vacm-01 Summary: 15 errors (**), 0 flaws (~~), 18 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Draft SNMP Applications 30 September 1998 3 INTERNET-DRAFT David B. Levi 4 SNMP Research, Inc. 5 Paul Meyer 6 Secure Computing Corporation 7 Bob Stewart 8 Cisco Systems 9 30 September 1998 11 SNMP Applications 12 14 Status of this Memo 16 This document is an Internet-Draft. Internet-Drafts are working 17 documents of the Internet Engineering Task Force (IETF), its areas, 18 and its working groups. Note that other groups may also distribute 19 working documents as Internet-Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or to cite them other than as ``work in progress.'' 26 To learn the current status of any Internet-Draft, please check the 27 ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow 28 Directories on ds.internic.net (US East Coast), nic.nordu.net 29 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 30 Rim). 32 Copyright Notice 34 Copyright (C) The Internet Society (date). All Rights Reserved. 36 Abstract 38 This memo describes five types of SNMP applications which make use of 39 an SNMP engine as described in [SNMP-ARCH]. The types of application 40 described are Command Generators, Command Responders, Notification 41 Originators, Notification Receivers, and Proxy Forwarders. 43 This memo also defines MIB modules for specifying targets of 44 management operations, for notification filtering, and for proxy 45 forwarding. 47 This memo will obsolete RFC2273. 49 Table Of Contents 51 1 Overview ..................................................... 4 52 1.1 Command Generator Applications ............................. 4 53 1.2 Command Responder Applications ............................. 4 54 1.3 Notification Originator Applications ....................... 5 55 1.4 Notification Receiver Applications ......................... 5 56 1.5 Proxy Forwarder Applications ............................... 5 57 2 Management Targets ........................................... 7 58 3 Elements Of Procedure ........................................ 7 59 3.1 Command Generator Applications ............................. 7 60 3.2 Command Responder Applications ............................. 11 61 3.3 Notification Originator Applications ....................... 17 62 3.4 Notification Receiver Applications ......................... 21 63 3.5 Proxy Forwarder Applications ............................... 23 64 3.5.1 Request Forwarding ....................................... 24 65 3.5.1.1 Processing an Incoming Request ......................... 24 66 3.5.1.2 Processing an Incoming Response ........................ 27 67 3.5.1.3 Processing an Incoming Report Indication ............... 28 68 3.5.2 Notification Forwarding .................................. 29 69 4 The Structure of the MIB Modules ............................. 33 70 4.1 The Management Target MIB Module ........................... 33 71 4.1.1 Tag Lists ................................................ 34 72 4.1.2 Definitions .............................................. 34 73 4.2 The Notification MIB Module ................................ 49 74 4.2.1 Definitions .............................................. 49 75 4.3 The Proxy MIB Module ....................................... 62 76 4.3.1 Definitions .............................................. 62 77 5 Identification of Management Targets in Notification Origi- 78 nators .................................................... 69 79 6 Notification Filtering ....................................... 70 80 7 Management Target Translation in Proxy Forwarder Applica- 81 tions ..................................................... 72 82 7.1 Management Target Translation for Request Forwarding ....... 72 83 7.2 Management Target Translation for Notification Forwarding 84 ........................................................... 73 85 8 Intellectual Property ........................................ 74 86 9 Acknowledgments .............................................. 74 87 10 Security Considerations ..................................... 75 88 11 References .................................................. 77 89 12 Editor's Address ............................................ 79 90 A. Trap Configuration Example .................................. 80 91 B. Full Copyright Statement .................................... 82 93 1. Overview 95 This document describes five types of SNMP applications: 97 - Applications which initiate SNMP Get, GetNext, GetBulk, and/or 98 Set requests, called 'command generators.' 100 - Applications which respond to SNMP Get, GetNext, GetBulk, 101 and/or Set requests, called 'command responders.' 103 - Applications which generate notifications, called 104 'notification originators.' 106 - Applications which receive notifications, called 'notification 107 receivers.' 109 - Applications which forward SNMP Get, GetNext, GetBulk, and/or 110 Set requests or notifications, called 'proxy forwarder.' 112 Note that there are no restrictions on which types of applications 113 may be associated with a particular SNMP engine. For example, a 114 single SNMP engine may, in fact, be associated with both command 115 generator and command responder applications. 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 118 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 119 document are to be interpreted as described in [RFC2119]. 121 1.1. Command Generator Applications 123 A command generator application initiates SNMP Get, GetNext, GetBulk, 124 and/or Set requests, as well as processing the response to a request 125 which it generated. 127 1.2. Command Responder Applications 129 A command responder application receives SNMP Get, GetNext, GetBulk, 130 and/or Set requests destined for the local system as indicated by the 131 fact that the contextEngineID in the received request is equal to 132 that of the local engine through which the request was received. The 133 command responder application will perform the appropriate protocol 134 operation, using access control, and will generate a response message 135 to be sent to the request's originator. 137 1.3. Notification Originator Applications 139 A notification originator application conceptually monitors a system 140 for particular events or conditions, and generates Trap and/or Inform 141 messages based on these events or conditions. A notification 142 originator must have a mechanism for determining where to send 143 messages, and what SNMP version and security parameters to use when 144 sending messages. A mechanism and MIB module for this purpose is 145 provided in this document. 147 1.4. Notification Receiver Applications 149 A notification receiver application listens for notification 150 messages, and generates response messages when a message containing 151 an Inform PDU is received. 153 1.5. Proxy Forwarder Applications 155 A proxy forwarder application forwards SNMP messages. Note that 156 implementation of a proxy forwarder application is optional. The 157 sections describing proxy (4.5, 5.3, and 8) may be skipped for 158 implementations that do not include a proxy forwarder application. 160 The term "proxy" has historically been used very loosely, with 161 multiple different meanings. These different meanings include (among 162 others): 164 (1) the forwarding of SNMP requests to other SNMP entities without 165 regard for what managed object types are being accessed; for 166 example, in order to forward an SNMP request from one transport 167 domain to another, or to translate SNMP requests of one version 168 into SNMP requests of another version; 170 (2) the translation of SNMP requests into operations of some non-SNMP 171 management protocol; and 173 (3) support for aggregated managed objects where the value of one 174 managed object instance depends upon the values of multiple other 175 (remote) items of management information. 177 Each of these scenarios can be advantageous; for example, support for 178 aggregation of management information can significantly reduce the 179 bandwidth requirements of large-scale management activities. 180 However, using a single term to cover multiple different scenarios 181 causes confusion. 183 To avoid such confusion, this document uses the term "proxy" with a 184 much more tightly defined meaning. The term "proxy" is used in this 185 document to refer to a proxy forwarder application which forwards 186 either SNMP requests, notifications, and responses without regard for 187 what managed objects are contained within requests or notifications. 188 This definition is most closely related to the first definition 189 above. Note, however, that in the SNMP architecture [SNMP-ARCH], a 190 proxy forwarder is actually an application, and need not be 191 associated with what is traditionally thought of as an SNMP agent. 193 Specifically, the distinction between a traditional SNMP agent and a 194 proxy forwarder application is simple: 196 - a proxy forwarder application forwards requests and/or 197 notifications to other SNMP engines according to the context, 198 and irrespective of the specific managed object types being 199 accessed, and forwards the response to such previously 200 forwarded messages back to the SNMP engine from which the 201 original message was received; 203 - in contrast, the command responder application that is part of 204 what is traditionally thought of as an SNMP agent, and which 205 processes SNMP requests according to the (names of the) 206 individual managed object types and instances being accessed, 207 is NOT a proxy forwarder application from the perspective of 208 this document. 210 Thus, when a proxy forwarder application forwards a request or 211 notification for a particular contextEngineID / contextName pair, not 212 only is the information on how to forward the request specifically 213 associated with that context, but the proxy forwarder application has 214 no need of a detailed definition of a MIB view (since the proxy 215 forwarder application forwards the request irrespective of the 216 managed object types). 218 In contrast, a command responder application must have the detailed 219 definition of the MIB view, and even if it needs to issue requests to 220 other entities, via SNMP or otherwise, that need is dependent on the 221 individual managed object instances being accessed (i.e., not only on 222 the context). 224 Note that it is a design goal of a proxy forwarder application to act 225 as an intermediary between the endpoints of a transaction. In 226 particular, when forwarding Inform requests, the associated response 227 is forwarded when it is received from the target to which the Inform 228 request was forwarded, rather than generating a response immediately 229 when an Inform request is received. 231 2. Management Targets 233 Some types of applications (notification generators and proxy 234 forwarders in particular) require a mechanism for determining where 235 and how to send generated messages. This document provides a 236 mechanism and MIB module for this purpose. The set of information 237 that describes where and how to send a message is called a 238 'Management Target', and consists of two kinds of information: 240 - Destination information, consisting of a transport domain and 241 a transport address. This is also termed a transport 242 endpoint. 244 - SNMP parameters, consisting of message processing model, 245 security model, security level, and security name information. 247 The SNMP-TARGET-MIB module described later in this document contains 248 one table for each of these types of information. There can be a 249 many-to-many relationship in the MIB between these two types of 250 information. That is, there may be multiple transport endpoints 251 associated with a particular set of SNMP parameters, or a particular 252 transport endpoint may be associated with several sets of SNMP 253 parameters. 255 3. Elements Of Procedure 257 The following sections describe the procedures followed by each type 258 of application when generating messages for transmission or when 259 processing received messages. Applications communicate with the 260 Dispatcher using the abstract service interfaces defined in [SNMP- 261 ARCH]. 263 3.1. Command Generator Applications 265 A command generator initiates an SNMP request by calling the 266 Dispatcher using the following abstract service interface: 268 statusInformation = -- sendPduHandle if success 269 -- errorIndication if failure 270 sendPdu( 271 IN transportDomain -- transport domain to be used 272 IN transportAddress -- destination network address 273 IN messageProcessingModel -- typically, SNMP version 274 IN securityModel -- Security Model to use 275 IN securityName -- on behalf of this principal 276 IN securityLevel -- Level of Security requested 277 IN contextEngineID -- data from/at this entity 278 IN contextName -- data from/in this context 279 IN pduVersion -- the version of the PDU 280 IN PDU -- SNMP Protocol Data Unit 281 IN expectResponse -- TRUE or FALSE 282 ) 284 Where: 286 - The transportDomain is that of the destination of the message. 288 - The transportAddress is that of the destination of the 289 message. 291 - The messageProcessingModel indicates which Message Processing 292 Model the application wishes to use. 294 - The securityModel is the security model that the application 295 wishes to use. 297 - The securityName is the security model independent name for 298 the principal on whose behalf the application wishes the 299 message is to be generated. 301 - The securityLevel is the security level that the application 302 wishes to use. 304 - The contextEngineID is provided by the command generator if it 305 wishes to explicitly specify the location of the management 306 information it is requesting. 308 - The contextName is provided by the command generator if it 309 wishes to explicitly specify the local context name for the 310 management information it is requesting. 312 - The pduVersion indicates the version of the PDU to be sent. 314 - The PDU is a value constructed by the command generator 315 containing the management operation that the command generator 316 wishes to perform. 318 - The expectResponse argument indicates that a response is 319 expected. 321 The result of the sendPdu interface indicates whether the PDU was 322 successfully sent. If it was successfully sent, the returned value 323 will be a sendPduHandle. The command generator should store the 324 sendPduHandle so that it can correlate a response to the original 325 request. 327 The Dispatcher is responsible for delivering the response to a 328 particular request to the correct command generator application. The 329 abstract service interface used is: 331 processResponsePdu( -- process Response PDU 332 IN messageProcessingModel -- typically, SNMP version 333 IN securityModel -- Security Model in use 334 IN securityName -- on behalf of this principal 335 IN securityLevel -- Level of Security 336 IN contextEngineID -- data from/at this SNMP entity 337 IN contextName -- data from/in this context 338 IN pduVersion -- the version of the PDU 339 IN PDU -- SNMP Protocol Data Unit 340 IN statusInformation -- success or errorIndication 341 IN sendPduHandle -- handle from sendPDU 342 ) 344 Where: 346 - The messageProcessingModel is the value from the received 347 response. 349 - The securityModel is the value from the received response. 351 - The securityName is the value from the received response. 353 - The securityLevel is the value from the received response. 355 - The contextEngineID is the value from the received response. 357 - The contextName is the value from the received response. 359 - The pduVersion indicates the version of the PDU in the 360 received response. 362 - The PDU is the value from the received response. 364 - The statusInformation indicates success or failure in 365 receiving the response. 367 - The sendPduHandle is the value returned by the sendPdu call 368 which generated the original request to which this is a 369 response. 371 The procedure when a command generator receives a message is as 372 follows: 374 (1) If the received values of messageProcessingModel, securityModel, 375 securityName, contextEngineID, contextName, and pduVersion are not 376 all equal to the values used in the original request, the response 377 is discarded. 379 (2) The operation type, request-id, error-status, error-index, and 380 variable-bindings are extracted from the PDU and saved. If the 381 request-id is not equal to the value used in the original request, 382 the response is discarded. 384 (3) At this point, it is up to the application to take an appropriate 385 action. The specific action is implementation dependent. If the 386 statusInformation indicates that the request failed, an appropriate 387 action might be to attempt to transmit the request again, or to 388 notify the person operating the application that a failure 389 occurred. 391 3.2. Command Responder Applications 393 Before a command responder application can process messages, it must 394 first associate itself with an SNMP engine. The abstract service 395 interface used for this purpose is: 397 statusInformation = -- success or errorIndication 398 registerContextEngineID( 399 IN contextEngineID -- take responsibility for this one 400 IN pduType -- the pduType(s) to be registered 401 ) 403 Where: 405 - The statusInformation indicates success or failure of the 406 registration attempt. 408 - The contextEngineID is equal to the snmpEngineID of the SNMP 409 engine with which the command responder is registering. 411 - The pduType indicates a Get, GetNext, GetBulk, or Set pdu. 413 Note that if another command responder application is already 414 registered with an SNMP engine, any further attempts to register with 415 the same contextEngineID and pduType will be denied. This implies 416 that separate command responder applications could register 417 separately for the various pdu types. However, in practice this is 418 undesirable, and only a single command responder application should 419 be registered with an SNMP engine at any given time. 421 A command responder application can disassociate with an SNMP engine 422 using the following abstract service interface: 424 unregisterContextEngineID( 425 IN contextEngineID -- give up responsibility for this one 426 IN pduType -- the pduType(s) to be unregistered 427 ) 429 Where: 431 - The contextEngineID is equal to the snmpEngineID of the SNMP 432 engine with which the command responder is cancelling the 433 registration. 435 - The pduType indicates a Get, GetNext, GetBulk, or Set pdu. 437 Once the command responder has registered with the SNMP engine, it 438 waits to receive SNMP messages. The abstract service interface used 439 for receiving messages is: 441 processPdu( -- process Request/Notification PDU 442 IN messageProcessingModel -- typically, SNMP version 443 IN securityModel -- Security Model in use 444 IN securityName -- on behalf of this principal 445 IN securityLevel -- Level of Security 446 IN contextEngineID -- data from/at this SNMP entity 447 IN contextName -- data from/in this context 448 IN pduVersion -- the version of the PDU 449 IN PDU -- SNMP Protocol Data Unit 450 IN maxSizeResponseScopedPDU -- maximum size of the Response PDU 451 IN stateReference -- reference to state information 452 ) -- needed when sending a response 454 Where: 456 - The messageProcessingModel indicates which Message Processing 457 Model received and processed the message. 459 - The securityModel is the value from the received message. 461 - The securityName is the value from the received message. 463 - The securityLevel is the value from the received message. 465 - The contextEngineID is the value from the received message. 467 - The contextName is the value from the received message. 469 - The pduVersion indicates the version of the PDU in the 470 received message. 472 - The PDU is the value from the received message. 474 - The maxSizeResponseScopedPDU is the maximum allowable size of 475 a ScopedPDU containing a Response PDU (based on the maximum 476 message size that the originator of the message can accept). 478 - The stateReference is a value which references cached 479 information about each received request message. This value 480 must be returned to the Dispatcher in order to generate a 481 response. 483 The procedure when a message is received is as follows. 485 (1) The operation type is determined from the ASN.1 tag value 486 associated with the PDU parameter. The operation type should 487 always be one of the types previously registered by the 488 application. 490 (2) The request-id is extracted from the PDU and saved. 492 (3) If the SNMPv2 operation type is GetBulk, the non-repeaters and 493 max-repetitions values are extracted from the PDU and saved. 495 (4) The variable-bindings are extracted from the PDU and saved. 497 (5) The management operation represented by the SNMPv2 operation type 498 is performed with respect to the relevant MIB view within the 499 context named by the contextName, according to the procedures set 500 forth in [RFC1905]. The relevant MIB view is determined by the 501 securityLevel, securityModel, contextName, securityName, and SNMPv2 502 operation type. To determine whether a particular object instance 503 is within the relevant MIB view, the following abstract service 504 interface is called: 506 statusInformation = -- success or errorIndication 507 isAccessAllowed( 508 IN securityModel -- Security Model in use 509 IN securityName -- principal who wants to access 510 IN securityLevel -- Level of Security 511 IN viewType -- read, write, or notify view 512 IN contextName -- context containing variableName 513 IN variableName -- OID for the managed object 514 ) 516 Where: 518 - The securityModel is the value from the received message. 520 - The securityName is the value from the received message. 522 - The securityLevel is the value from the received message. 524 - The viewType indicates whether the PDU type is a read or write 525 operation. 527 - The contextName is the value from the received message. 529 - The variableName is the object instance of the variable for 530 which access rights are to be checked. 532 Normally, the result of the management operation will be a new PDU 533 value, and processing will continue in step (6) below. However, at 534 any time during the processing of the management operation: 536 - If the isAccessAllowed ASI returns a noSuchView, 537 noAccessEntry, or noGroupName error, processing of the 538 management operation is halted, a PDU value is contructed 539 using the values from the originally received PDU, but 540 replacing the error_status with an authorizationError code, 541 and error_index value of 0, and control is passed to step (6) 542 below. 544 - If the isAccessAllowed ASI returns an otherError, processing 545 of the management operation is halted, a different PDU value 546 is contructed using the values from the originally received 547 PDU, but replacing the error_status with a genError code, and 548 control is passed to step (6) below. 550 - If the isAccessAllowed ASI returns a noSuchContext error, 551 processing of the management operation is halted, no result 552 PDU is generated, the snmpUnknownContexts counter is 553 incremented, and control is passed to step (6) below. 555 - If the context named by the contextName parameter is 556 unavailable, processing of the management operation is halted, 557 no result PDU is generated, the snmpUnavailableContexts 558 counter is incremented, and control is passed to step (6) 559 below. 561 (6) The Dispatcher is called to generate a response or report message. 562 The abstract service interface is: 564 returnResponsePdu( 565 IN messageProcessingModel -- typically, SNMP version 566 IN securityModel -- Security Model in use 567 IN securityName -- on behalf of this principal 568 IN securityLevel -- same as on incoming request 569 IN contextEngineID -- data from/at this SNMP entity 570 IN contextName -- data from/in this context 571 IN pduVersion -- the version of the PDU 572 IN PDU -- SNMP Protocol Data Unit 573 IN maxSizeResponseScopedPDU -- maximum size of the Response PDU 574 IN stateReference -- reference to state information 575 -- as presented with the request 576 IN statusInformation -- success or errorIndication 577 ) -- error counter OID/value if error 579 Where: 581 - The messageProcessingModel is the value from the processPdu 582 call. 584 - The securityModel is the value from the processPdu call. 586 - The securityName is the value from the processPdu call. 588 - The securityLevel is the value from the processPdu call. 590 - The contextEngineID is the value from the processPdu call. 592 - The contextName is the value from the processPdu call. 594 - The pduVersion indicates the version of the PDU to be 595 returned. If no result PDU was generated, the pduVersion is 596 an undefined value. 598 - The PDU is the result generated in step (5) above. If no 599 result PDU was generated, the PDU is an undefined value. 601 - The maxSizeResponseScopedPDU is a local value indicating the 602 maximum size of a ScopedPDU that the application can accept. 604 - The stateReference is the value from the processPdu call. 606 - The statusInformation either contains an indication that no 607 error occurred and that a response should be generated, or 608 contains an indication that an error occurred along with the 609 OID and counter value of the appropriate error counter object. 611 Note that a command responder application should always call the 612 returnResponsePdu abstract service interface, even in the event of an 613 error such as a resource allocation error. In the event of such an 614 error, the PDU value passed to returnResponsePdu should contain 615 appropriate values for errorStatus and errorIndex. 617 Note that the text above describes situations where the 618 snmpUnknownContexts counter is incremented, and where the 619 snmpUnavailableContexts counter is incremented. The difference 620 between these is that the snmpUnknownContexts counter is incremented 621 when a request is received for a context which unknown to the SNMP 622 entity. The snmpUnavailableContexts counter is incremented when a 623 request is received for a context which is known to the SNMP entity, 624 but is currently unavailable. Determining when a context is 625 unavailable is implementation specific, and some implementations may 626 never encounter this situation, and so may never increment the 627 snmpUnavailableContexts counter. 629 3.3. Notification Originator Applications 631 A notification originator application generates SNMP notification 632 messages. A notification message may, for example, contain an 633 SNMPv2-Trap PDU or an Inform PDU. However, a particular 634 implementation is not required to be capable of generating both types 635 of messages. 637 Notification originator applications require a mechanism for 638 identifying the management targets to which notifications should be 639 sent. The particular mechanism used is implementation dependent. 640 However, if an implementation makes the configuration of management 641 targets SNMP manageable, it MUST use the SNMP-TARGET-MIB module 642 described in this document. 644 When a notification originator wishes to generate a notification, it 645 must first determine in which context the information to be conveyed 646 in the notification exists, i.e., it must determine the 647 contextEngineID and contextName. It must then determine the set of 648 management targets to which the notification should be sent. The 649 application must also determine, for each management target, whether 650 the notification message should contain an SNMPv2-Trap PDU or Inform 651 PDU, and if it is to contain an Inform PDU, the number of retries and 652 retransmission algorithm. 654 The mechanism by which a notification originator determines this 655 information is implementation dependent. Once the application has 656 determined this information, the following procedure is performed for 657 each management target: 659 (1) Any appropriate filtering mechanisms are applied to determine 660 whether the notification should be sent to the management target. 661 If such filtering mechanisms determine that the notification should 662 not be sent, processing continues with the next management target. 663 Otherwise, 665 (2) The appropriate set of variable-bindings is retrieved from local 666 MIB instrumentation within the relevant MIB view. The relevant MIB 667 view is determined by the securityLevel, securityModel, 668 contextName, and securityName of the management target. To 669 determine whether a particular object instance is within the 670 relevant MIB view, the isAccessAllowed abstract service interface 671 is used, in the same manner as described in the preceding section. 672 If the statusInformation returned by isAccessAllowed does not 673 indicate accessAllowed, the notification is not sent to the 674 management target. 676 (3) The NOTIFICATION-TYPE OBJECT IDENTIFIER of the notification (this 677 is the value of the element of the variable bindings whose name is 678 snmpTrapOID.0, i.e., the second variable binding) is checked using 679 the isAccessAllowed abstract service interface, using the same 680 parameters used in the preceding step. If the statusInformation 681 returned by isAccessAllowed does not indicate accessAllowed, the 682 notification is not sent to the management target. 684 (4) A PDU is constructed using a locally unique request-id value, an 685 operation type of SNMPv2-Trap or Inform, an error-status and 686 error-index value of 0, and the variable-bindings supplied 687 previously in step (2). 689 (5) If the notification contains an SNMPv2-Trap PDU, the Dispatcher is 690 called using the following abstract service interface: 692 statusInformation = -- sendPduHandle if success 693 -- errorIndication if failure 694 sendPdu( 695 IN transportDomain -- transport domain to be used 696 IN transportAddress -- destination network address 697 IN messageProcessingModel -- typically, SNMP version 698 IN securityModel -- Security Model to use 699 IN securityName -- on behalf of this principal 700 IN securityLevel -- Level of Security requested 701 IN contextEngineID -- data from/at this entity 702 IN contextName -- data from/in this context 703 IN pduVersion -- the version of the PDU 704 IN PDU -- SNMP Protocol Data Unit 705 IN expectResponse -- TRUE or FALSE 706 ) 708 Where: 710 - The transportDomain is that of the management target. 712 - The transportAddress is that of the management target. 714 - The messageProcessingModel is that of the management target. 716 - The securityModel is that of the management target. 718 - The securityName is that of the management target. 720 - The securityLevel is that of the management target. 722 - The contextEngineID is the value originally determined for the 723 notification. 725 - The contextName is the value originally determined for the 726 notification. 728 - The pduVersion is the version of the PDU to be sent. 730 - The PDU is the value constructed in step (3) above. 732 - The expectResponse argument indicates that no response is 733 expected. 735 Otherwise, 737 (6) If the notification contains an Inform PDU, then: 739 a) The Dispatcher is called using the sendPdu abstract service 740 interface as described in step (4) above, except that the 741 expectResponse argument indicates that a response is expected. 743 b) The application caches information about the management 744 target. 746 c) If a response is received within an appropriate time interval 747 from the transport endpoint of the management target, the 748 notification is considered acknowledged and the cached 749 information is deleted. Otherwise, 751 d) If a response is not received within an appropriate time 752 period, or if a report indication is received, information 753 about the management target is retrieved from the cache, and 754 steps a) through d) are repeated. The number of times these 755 steps are repeated is equal to the previously determined retry 756 count. If this retry count is exceeded, the acknowledgement 757 of the notification is considered to have failed, and 758 processing of the notification for this management target is 759 halted. Note that some report indications might be considered 760 a failure. Such report indications should be interpreted to 761 mean that the acknowledgement of the notification has failed. 763 Responses to Inform PDU notifications will be received via the 764 processResponsePDU abstract service interface. 766 To summarize, the steps that a notification originator follows when 767 determing where to send a notification are: 769 - Determine the targets to which the notification should be 770 sent. 772 - Apply any required filtering to the list of targets. 774 - Determine which targets are authorized to receive the 775 notification. 777 3.4. Notification Receiver Applications 779 Notification receiver applications receive SNMP Notification messages 780 from the Dispatcher. Before any messages can be received, the 781 notification receiver must register with the Dispatcher using the 782 registerContextEngineID abstract service interface. The parameters 783 used are: 785 - The contextEngineID is an undefined 'wildcard' value. 786 Notifications are delivered to a registered notification 787 receiver regardless of the contextEngineID contained in the 788 notification message. 790 - The pduType indicates the type of notifications that the 791 application wishes to receive (for example, SNMPv2-Trap PDUs 792 or Inform PDUs). 794 Once the notification receiver has registered with the Dispatcher, 795 messages are received using the processPdu abstract service 796 interface. Parameters are: 798 - The messageProcessingModel indicates which Message Processing 799 Model received and processed the message. 801 - The securityModel is the value from the received message. 803 - The securityName is the value from the received message. 805 - The securityLevel is the value from the received message. 807 - The contextEngineID is the value from the received message. 809 - The contextName is the value from the received message. 811 - The pduVersion indicates the version of the PDU in the 812 received message. 814 - The PDU is the value from the received message. 816 - The maxSizeResponseScopedPDU is the maximum allowable size of 817 a ScopedPDU containing a Response PDU (based on the maximum 818 message size that the originator of the message can accept). 820 - If the message contains an SNMPv2-Trap PDU, the stateReference 821 is undefined and unused. Otherwise, the stateReference is a 822 value which references cached information about the 823 notification. This value must be returned to the Dispatcher 824 in order to generate a response. 826 When an SNMPv2-Trap PDU is delivered to a notification receiver 827 application, it first extracts the SNMP operation type, request-id, 828 error-status, error-index, and variable-bindings from the PDU. After 829 this, processing depends on the particular implementation. 831 When an Inform PDU is received, the notification receiver application 832 follows the following procedure: 834 (1) The SNMPv2 operation type, request-id, error-status, error-index, 835 and variable-bindings are extracted from the PDU. 837 (2) A Response PDU is constructed using the extracted request-id and 838 variable-bindings, and with error-status and error-index both set 839 to 0. 841 (3) The Dispatcher is called to generate a response message using the 842 returnResponsePdu abstract service interface. Parameters are: 844 - The messageProcessingModel is the value from the processPdu 845 call. 847 - The securityModel is the value from the processPdu call. 849 - The securityName is the value from the processPdu call. 851 - The securityLevel is the value from the processPdu call. 853 - The contextEngineID is the value from the processPdu call. 855 - The contextName is the value from the processPdu call. 857 - The pduVersion indicates the version of the PDU to be 858 returned. 860 - The PDU is the result generated in step (2) above. 862 - The maxSizeResponseScopedPDU is a local value indicating the 863 maximum size of a ScopedPDU that the application can accept. 865 - The stateReference is the value from the processPdu call. 867 - The statusInformation indicates that no error occurred and 868 that a response should be generated. 870 3.5. Proxy Forwarder Applications 872 A proxy forwarder application deals with forwarding SNMP messages. 873 There are four basic types of messages which a proxy forwarder 874 application may need to forward. These are grouped according to the 875 PDU type contained in a message, or according to whether a report 876 indication is contained in the message. The four basic types of 877 messages are: 879 - Those containing PDU types which were generated by a command 880 generator application (for example, Get, GetNext, GetBulk, and 881 Set PDU types). These deal with requesting or modifying 882 information located within a particular context. 884 - Those containing PDU types which were generated by a 885 notification originator application (for example, SNMPv2-Trap 886 and Inform PDU types). These deal with notifications 887 concerning information located within a particular context. 889 - Those containing a Response PDU type. Forwarding of Response 890 PDUs always occurs as a result of receiving a response to a 891 previously forwarded message. 893 - Those containing a report indication. Forwarding of report 894 indications always occurs as a result of receiving a report 895 indication for a previously forwarded message. 897 For the first type, the proxy forwarder's role is to deliver a 898 request for management information to an SNMP engine which is 899 "closer" or "downstream in the path" to the SNMP engine which has 900 access to that information, and to deliver the response containing 901 the information back to the SNMP engine from which the request was 902 received. The context information in a request is used to determine 903 which SNMP engine has access to the requested information, and this 904 is used to determine where and how to forward the request. 906 For the second type, the proxy forwarder's role is to determine which 907 SNMP engines should receive notifications about management 908 information from a particular location. The context information in a 909 notification message determines the location to which the information 910 contained in the notification applies. This is used to determine 911 which SNMP engines should receive notification about this 912 information. 914 For the third type, the proxy forwarder's role is to determine which 915 previously forwarded request or notification (if any) the response 916 matches, and to forward the response back to the initiator of the 917 request or notification. 919 For the fourth type, the proxy forwarder's role is to determine which 920 previously forwarded request or notification (if any) the report 921 indication matches, and to forward the report indication back to the 922 initiator of the request or notification. 924 When forwarding messages, a proxy forwarder application must perform 925 a translation of incoming management target information into outgoing 926 management target information. How this translation is performed is 927 implementation specific. In many cases, this will be driven by a 928 preconfigured translation table. If a proxy forwarder application 929 makes the contents of this table SNMP manageable, it MUST use the 930 SNMP-PROXY-MIB module defined in this document. 932 3.5.1. Request Forwarding 934 There are two phases for request forwarding. First, the incoming 935 request needs to be passed through the proxy application. Then, the 936 resulting response needs to be passed back. These phases are 937 described in the following two sections. 939 3.5.1.1. Processing an Incoming Request 941 A proxy forwarder application that wishes to forward request messages 942 must first register with the Dispatcher using the 943 registerContextEngineID abstract service interface. The proxy 944 forwarder must register each contextEngineID for which it wishes to 945 forward messages, as well as for each pduType. Note that as the 946 configuration of a proxy forwarder is changed, the particular 947 contextEngineID values for which it is forwarding may change. The 948 proxy forwarder should call the registerContextEngineID and 949 unregisterContextEngineID abstract service interfaces as needed to 950 reflect its current configuration. 952 A proxy forwarder application should never attempt to register a 953 value of contextEngineID which is equal to the snmpEngineID of the 954 SNMP engine to which the proxy forwarder is associated. 956 Once the proxy forwarder has registered for the appropriate 957 contextEngineID values, it can start processing messages. The 958 following procedure is used: 960 (1) A message is received using the processPdu abstract service 961 interface. The incoming management target information received 962 from the processPdu interface is translated into outgoing 963 management target information. Note that this translation may vary 964 for different values of contextEngineID and/or contextName. The 965 translation should result in a single management target. 967 (2) If appropriate outgoing management target information cannot be 968 found, the proxy forwarder increments the snmpProxyDrops counter 969 [RFC1907], and then calls the Dispatcher using the 970 returnResponsePdu abstract service interface. Parameters are: 972 - The messageProcessingModel is the value from the processPdu 973 call. 975 - The securityModel is the value from the processPdu call. 977 - The securityName is the value from the processPdu call. 979 - The securityLevel is the value from the processPdu call. 981 - The contextEngineID is the value from the processPdu call. 983 - The contextName is the value from the processPdu call. 985 - The pduVersion is the value from the processPdu call. 987 - The PDU is an undefined value. 989 - The maxSizeResponseScopedPDU is a local value indicating the 990 maximum size of a ScopedPDU that the application can accept. 992 - The stateReference is the value from the processPdu call. 994 - The statusInformation indicates that an error occurred and 995 includes the OID and value of the snmpProxyDrops object. 997 Processing of the message stops at this point. Otherwise, 999 (3) A new PDU is constructed. A unique value of request-id should be 1000 used in the new PDU (this value will enable a subsequent response 1001 message to be correlated with this request). The remainder of the 1002 new PDU is identical to the received PDU, unless the incoming SNMP 1003 version and the outgoing SNMP version support different PDU 1004 versions, in which case the proxy forwarder may need to perform a 1005 translation on the PDU (A method for performing such a translation 1006 is described in [COEX].) 1008 (4) The proxy forwarder calls the Dispatcher to generate the forwarded 1009 message, using the sendPdu abstract service interface. The 1010 parameters are: 1012 - The transportDomain is that of the outgoing management target. 1014 - The transportAddress is that of the outgoing management 1015 target. 1017 - The messageProcessingModel is that of the outgoing management 1018 target. 1020 - The securityModel is that of the outgoing management target. 1022 - The securityName is that of the outgoing management target. 1024 - The securityLevel is that of the outgoing management target. 1026 - The contextEngineID is the value originally received. 1028 - The contextName is the value originally received. 1030 - The pduVersion is the version of the PDU to be sent. 1032 - The PDU is the value constructed in step (3) above. 1034 - The expectResponse argument indicates that a response is 1035 expected. If the sendPdu call is unsuccessful, the proxy 1036 forwarder performs the steps described in (2) above. 1037 Otherwise: 1039 (5) The proxy forwarder caches the following information in order to 1040 match an incoming response to the forwarded request: 1042 - The sendPduHandle returned from the call to sendPdu, 1044 - The request-id from the received PDU. 1046 - the contextEngineID, 1048 - the contextName, 1050 - the stateReference, 1052 - the incoming management target information, 1053 - the outgoing management information, 1055 - any other information needed to match an incoming response to 1056 the forwarded request. 1058 If this information cannot be cached (possibly due to a lack of 1059 resources), the proxy forwarder performs the steps described in (2) 1060 above. Otherwise: 1062 (6) Processing of the request stops until a response to the forwarded 1063 request is received, or until an appropriate time interval has 1064 expired. If this time interval expires before a response has been 1065 received, the cached information about this request is removed. 1067 3.5.1.2. Processing an Incoming Response 1069 A proxy forwarder follows the following procedure when an incoming 1070 response is received: 1072 (1) The incoming response is received using the processResponsePdu 1073 interface. The proxy forwarder uses the received parameters to 1074 locate an entry in its cache of pending forwarded requests. This 1075 is done by matching the received parameters with the cached values 1076 of sendPduHandle, contextEngineID, contextName, outgoing management 1077 target information, and the request-id contained in the received 1078 PDU (the proxy forwarder must extract the request-id for this 1079 purpose). If an appropriate cache entry cannot be found, 1080 processing of the response is halted. Otherwise: 1082 (2) The cache information is extracted, and removed from the cache. 1084 (3) A new Response PDU is constructed, using the request-id value from 1085 the original forwarded request (as extracted from the cache). All 1086 other values are identical to those in the received Response PDU, 1087 unless the incoming SNMP version and the outgoing SNMP version 1088 support different PDU versions, in which case the proxy forwarder 1089 may need to perform a translation on the PDU. (A method for 1090 performing such a translation is described in [COEX].) 1092 (4) The proxy forwarder calls the Dispatcher using the 1093 returnResponsePdu abstract service interface. Parameters are: 1095 - The messageProcessingModel indicates the Message Processing 1096 Model by which the original incoming message was processed. 1098 - The securityModel is that of the original incoming management 1099 target extracted from the cache. 1101 - The securityName is that of the original incoming management 1102 target extracted from the cache. 1104 - The securityLevel is that of the original incoming management 1105 target extracted from the cache. 1107 - The contextEngineID is the value extracted from the cache. 1109 - The contextName is the value extracted from the cache. 1111 - The pduVersion indicates the version of the PDU to be 1112 returned. 1114 - The PDU is the (possibly translated) Response PDU. 1116 - The maxSizeResponseScopedPDU is a local value indicating the 1117 maximum size of a ScopedPDU that the application can accept. 1119 - The stateReference is the value extracted from the cache. 1121 - The statusInformation indicates that no error occurred and 1122 that a Response PDU message should be generated. 1124 3.5.1.3. Processing an Incoming Report Indication 1126 A proxy forwarder follows the following procedure when an incoming 1127 report indication is received: 1129 (1) The incoming report indication is received using the 1130 processResponsePdu interface. The proxy forwarder uses the 1131 received parameters to locate an entry in its cache of pending 1132 forwarded requests. This is done by matching the received 1133 parameters with the cached values of sendPduHandle. If an 1134 appropriate cache entry cannot be found, processing of the report 1135 indication is halted. Otherwise: 1137 (2) The cache information is extracted, and removed from the cache. 1139 (3) If the original incoming management target information indicates an 1140 SNMP version which does not support Report PDUs, processing of the 1141 report indication is halted. 1143 (4) The proxy forwarder calls the Dispatcher using the 1144 returnResponsePdu abstract service interface. Parameters are: 1146 - The messageProcessingModel indicates the Message Processing 1147 Model by which the original incoming message was processed. 1149 - The securityModel is that of the original incoming management 1150 target extracted from the cache. 1152 - The securityName is that of the original incoming management 1153 target extracted from the cache. 1155 - The securityLevel is that of the original incoming management 1156 target extracted from the cache. 1158 - The contextEngineID is the value extracted from the cache. 1160 - The contextName is the value extracted from the cache. 1162 - The pduVersion indicates the version of the PDU to be 1163 returned. 1165 - The PDU is unused. 1167 - The maxSizeResponseScopedPDU is a local value indicating the 1168 maximum size of a ScopedPDU that the application can accept. 1170 - The stateReference is the value extracted from the cache. 1172 - The statusInformation contain the contextEngineID, 1173 contextName, counter OID, and counter value received in the 1174 report indication. 1176 3.5.2. Notification Forwarding 1178 A proxy forwarder receives notifications in the same manner as a 1179 notification receiver application, using the processPdu abstract 1180 service interface. The following procedure is used when a 1181 notification is received: 1183 (1) The incoming management target information received from the 1184 processPdu interface is translated into outgoing management target 1185 information. Note that this translation may vary for different 1186 values of contextEngineID and/or contextName. The translation may 1187 result in multiple management targets. 1189 (2) If appropriate outgoing management target information cannot be 1190 found and the notification was a Trap, processing of the 1191 notification is halted. If appropriate outgoing management target 1192 information cannot be found and the notification was an Inform, the 1193 proxy forwarder increments the snmpProxyDrops object, and calls the 1194 Dispatcher using the returnResponsePdu abstract service interface. 1195 The parameters are: 1197 - The messageProcessingModel is the received value. 1199 - The securityModel is the received value. 1201 - The securityName is the received value. 1203 - The securityLevel is the received value. 1205 - The contextEngineID is the received value. 1207 - The contextName is the received value. 1209 - The pduVersion is the received value. 1211 - The PDU is an undefined and unused value. 1213 - The maxSizeResponseScopedPDU is a local value indicating the 1214 maximum size of a ScopedPDU that the application can accept. 1216 - The stateReference is the received value. 1218 - The statusInformation indicates that an error occurred and 1219 that a Report message should be generated. 1221 Processing of the message stops at this point. Otherwise, 1223 (3) The proxy forwarder generates a notification using the procedures 1224 described in the preceding section on Notification Originators, 1225 with the following exceptions: 1227 - The contextEngineID and contextName values from the original 1228 received notification are used. 1230 - The outgoing management targets previously determined are 1231 used. 1233 - No filtering mechanisms are applied. 1235 - The variable-bindings from the original received notification 1236 are used, rather than retrieving variable-bindings from local 1237 MIB instrumentation. In particular, no access-control is 1238 applied to these variable-bindings. 1240 - If the original notification contains an InformRequest PDU, 1241 then any outgoing management targets, for which the outgoing 1242 SNMP version does not support InformRequest PDUs, will not be 1243 used when generating the forwarded notifications. 1245 - If, for any of the outgoing management targets, the incoming 1246 SNMP version and the outgoing SNMP version support different 1247 PDU versions, the proxy forwarder may need to perform a 1248 translation on the PDU. (A method for performing such a 1249 translation is described in [COEX].) 1251 (4) If the original received notification contains an SNMPv2-Trap PDU, 1252 processing of the notification is now completed. Otherwise, the 1253 original received notification must contain an Inform PDU, and 1254 processing continues. 1256 (5) If the forwarded notifications included any Inform PDUs, processing 1257 continues when the procedures described in the section for 1258 Notification Originators determine that either: 1260 - None of the generated notifications containing Inform PDUs 1261 have been successfully acknowledged within the longest of the 1262 time intervals, in which case processing of the original 1263 notification is halted, or, 1265 - At least one of the generated notifications containing Inform 1266 PDUs is successfully acknowledged, in which case a response to 1267 the original received notification containing an Inform PDU is 1268 generated as described in the following steps. 1270 (6) A Response PDU is constructed, using the values of request-id and 1271 variable-bindings from the original received Inform PDU, and 1272 error-status and error-index values of 0. 1274 (7) The Dispatcher is called using the returnResponsePdu abstract 1275 service interface. Parameters are: 1277 - The messageProcessingModel is the originally received value. 1279 - The securityModel is the originally received value. 1281 - The securityName is the originally received value. 1283 - The securityLevel is the originally received value. 1285 - The contextEngineID is the originally received value. 1287 - The contextName is the originally received value. 1289 - The pduVersion indicates the version of the PDU constructed in 1290 step (6) above. 1292 - The PDU is the value constructed in step (6) above. 1294 - The maxSizeResponseScopedPDU is a local value indicating the 1295 maximum size of a ScopedPDU that the application can accept. 1297 - The stateReference is the originally received value. 1299 - The statusInformation indicates that no error occurred and 1300 that a Response PDU message should be generated. 1302 4. The Structure of the MIB Modules 1304 There are three separate MIB modules described in this document, the 1305 management target MIB, the notification MIB, and the proxy MIB. The 1306 following sections describe the structure of these three MIB modules. 1308 The use of these MIBs by particular types of applications is 1309 described later in this document: 1311 - The use of the management target MIB and the notification MIB 1312 in notification originator applications is described in 1313 section 6. 1315 - The use of the notification MIB for filtering notifications in 1316 notification originator applications is described in section 1317 7. 1319 - The use of the management target MIB and the proxy MIB in 1320 proxy forwarding applications is described in section 8. 1322 4.1. The Management Target MIB Module 1324 The SNMP-TARGET-MIB module contains objects for defining management 1325 targets. It consists of two tables and conformance/compliance 1326 statements. 1328 The first table, the snmpTargetAddrTable, contains information about 1329 transport domains and addresses. It also contains an object, 1330 snmpTargetAddrTagList, which provides a mechanism for grouping 1331 entries. 1333 The second table, the snmpTargetParamsTable, contains information 1334 about SNMP version and security information to be used when sending 1335 messages to particular transport domains and addresses. 1337 The Management Target MIB is intended to provide a general-purpose 1338 mechanism for specifying transport address, and for specifying 1339 parameters of SNMP messages generated by an SNMP entity. It is used 1340 within this document for generation of notifications and for proxy 1341 forwarding. However, it may be used for other purposes. If another 1342 document makes use of this MIB, that document is responsible for 1343 specifying how it is used. For example, [COEX] uses this MIB for 1344 source address validation of SNMPv1 messages. 1346 4.1.1. Tag Lists 1348 The snmpTargetAddrTagList object is used for grouping entries in the 1349 snmpTargetAddrTable. The value of this object contains a list of tag 1350 values which are used to select target addresses to be used for a 1351 particular operation. 1353 A tag value, which may also be used in MIB objects other than 1354 snmpTargetAddrTagList, is an arbitrary string of octets, but may not 1355 contain a delimiter character. Delimiter characters are defined to 1356 be one of the following characters: 1358 - An ASCII space character (0x20). 1360 - An ASCII TAB character (0x09). 1362 - An ASCII carriage return (CR) character (0x0D). 1364 - An ASCII line feed (LF) character (0x0B). 1366 In addition, a tag value may not have a zero length. Generally, a 1367 particular MIB object may contain either 1369 - a single tag value, in which case the value of the MIB object 1370 may not contain a delimiter character, or: 1372 - a MIB object may contain a list of tag values, separated by 1373 single delimiter characters. 1375 For a list of tag values, these constraints imply certain 1376 restrictions on the value of a MIB object: 1378 - There cannot be a leading or trailing delimiter character. 1380 - There cannot be multiple adjacent delimiter characters. 1382 4.1.2. Definitions 1384 SNMP-TARGET-MIB DEFINITIONS ::= BEGIN 1386 IMPORTS 1387 MODULE-IDENTITY, 1388 OBJECT-TYPE, 1389 snmpModules, 1390 Counter32, 1391 Integer32 1392 FROM SNMPv2-SMI 1394 TEXTUAL-CONVENTION, 1395 TDomain, 1396 TAddress, 1397 TimeInterval, 1398 RowStatus, 1399 StorageType, 1400 TestAndIncr 1401 FROM SNMPv2-TC 1403 SnmpSecurityModel, 1404 SnmpMessageProcessingModel, 1405 SnmpSecurityLevel, 1406 SnmpAdminString 1407 FROM SNMP-FRAMEWORK-MIB 1409 MODULE-COMPLIANCE, 1410 OBJECT-GROUP 1411 FROM SNMPv2-CONF; 1413 snmpTargetMIB MODULE-IDENTITY 1414 LAST-UPDATED "9808040000Z" 1415 ORGANIZATION "IETF SNMPv3 Working Group" 1416 CONTACT-INFO 1417 "WG-email: snmpv3@tis.com 1418 Subscribe: majordomo@tis.com 1419 In message body: subscribe snmpv3 1421 Chair: Russ Mundy 1422 Trusted Information Systems 1423 Postal: 3060 Washington Rd 1424 Glenwood MD 21738 1425 USA 1426 Email: mundy@tis.com 1427 Phone: +1-301-854-6889 1429 Co-editor: David B. Levi 1430 SNMP Research, Inc. 1431 Postal: 3001 Kimberlin Heights Road 1432 Knoxville, TN 37920-9716 1433 E-mail: levi@snmp.com 1434 Phone: +1 423 573 1434 1436 Co-editor: Paul Meyer 1437 Secure Computing Corporation 1438 Postal: 2675 Long Lake Road 1439 Roseville, MN 55113 1440 E-mail: paul_meyer@securecomputing.com 1441 Phone: +1 612 628 1592 1443 Co-editor: Bob Stewart 1444 Cisco Systems, Inc. 1445 Postal: 170 West Tasman Drive 1446 San Jose, CA 95134-1706 1447 E-mail: bstewart@cisco.com 1448 Phone: +1 603 654 2686" 1449 DESCRIPTION 1450 "This MIB module defines MIB objects which provide 1451 mechanisms to remotely configure the parameters used 1452 by an SNMP entity for the generation of SNMP messages." 1453 REVISION "9808040000Z" 1454 DESCRIPTION "Clarifications, published as 1455 draft-ietf-snmpv3-appl-v2-01.txt." 1456 REVISION "9707140000Z" 1457 DESCRIPTION "The initial revision, published as RFC2273." 1458 ::= { snmpModules 12 } 1460 snmpTargetObjects OBJECT IDENTIFIER ::= { snmpTargetMIB 1 } 1461 snmpTargetConformance OBJECT IDENTIFIER ::= { snmpTargetMIB 3 } 1463 SnmpTagValue ::= TEXTUAL-CONVENTION 1464 DISPLAY-HINT "255a" 1465 STATUS current 1466 DESCRIPTION 1467 "An octet string containing a tag value. 1468 Tag values are preferably in human-readable form. 1470 To facilitate internationalization, this information 1471 is represented using the ISO/IEC IS 10646-1 character 1472 set, encoded as an octet string using the UTF-8 1473 character encoding scheme described in RFC 2279. 1475 Since additional code points are added by amendments 1476 to the 10646 standard from time to time, 1477 implementations must be prepared to encounter any code 1478 point from 0x00000000 to 0x7fffffff. 1480 The use of control codes should be avoided, and certain 1481 control codes are not allowed as described below. 1483 For code points not directly supported by user 1484 interface hardware or software, an alternative means 1485 of entry and display, such as hexadecimal, may be 1486 provided. 1488 For information encoded in 7-bit US-ASCII, the UTF-8 1489 representation is identical to the US-ASCII encoding. 1491 Note that when this TC is used for an object that 1492 is used or envisioned to be used as an index, then a 1493 SIZE restriction must be specified so that the number 1494 of sub-identifiers for any object instance does not 1495 exceed the limit of 128, as defined by [RFC1905]. 1497 An object of this type contains a single tag value 1498 which is used to select a set of entries in a table. 1500 A tag value is an arbitrary string of octets, but 1501 may not contain a delimiter character. Delimiter 1502 characters are defined to be one of the following: 1504 - An ASCII space character (0x20). 1506 - An ASCII TAB character (0x09). 1508 - An ASCII carriage return (CR) character (0x0D). 1510 - An ASCII line feed (LF) character (0x0B). 1512 Delimiter characters are used to separate tag values 1513 in a tag list. An object of this type may only 1514 contain a single tag value, and so delimiter 1515 characters are not allowed in a value of this type. 1517 Some examples of valid tag values are: 1519 - 'acme' 1521 - 'router' 1523 - 'host' 1525 The use of a tag value to select table entries is 1526 application and MIB specific." 1527 SYNTAX OCTET STRING (SIZE (0..255)) 1529 SnmpTagList ::= TEXTUAL-CONVENTION 1530 DISPLAY-HINT "255a" 1531 STATUS current 1532 DESCRIPTION 1533 "An octet string containing a list of tag values. 1534 Tag values are preferably in human-readable form. 1536 To facilitate internationalization, this information 1537 is represented using the ISO/IEC IS 10646-1 character 1538 set, encoded as an octet string using the UTF-8 1539 character encoding scheme described in RFC 2279. 1541 Since additional code points are added by amendments 1542 to the 10646 standard from time to time, 1543 implementations must be prepared to encounter any code 1544 point from 0x00000000 to 0x7fffffff. 1546 The use of control codes should be avoided, except as 1547 described below. 1549 For code points not directly supported by user 1550 interface hardware or software, an alternative means 1551 of entry and display, such as hexadecimal, may be 1552 provided. 1554 For information encoded in 7-bit US-ASCII, the UTF-8 1555 representation is identical to the US-ASCII encoding. 1557 An object of this type contains a list of tag values 1558 which are used to select a set of entries in a table. 1560 A tag value is an arbitrary string of octets, but 1561 may not contain a delimiter character. Delimiter 1562 characters are defined to be one of the following: 1564 - An ASCII space character (0x20). 1566 - An ASCII TAB character (0x09). 1568 - An ASCII carriage return (CR) character (0x0D). 1570 - An ASCII line feed (LF) character (0x0B). 1572 Delimiter characters are used to separate tag values 1573 in a tag list. Only a single delimiter character may 1574 occur between two tag values. A tag value may not 1575 have a zero length. These constraints imply certain 1576 restrictions on the contents of this object: 1578 - There cannot be a leading or trailing delimiter 1579 character. 1581 - There cannot be multiple adjacent delimiter 1582 characters. 1584 Some examples of valid tag lists are: 1586 - An empty string 1588 - 'acme router' 1590 - 'host managerStation' 1592 Note that although a tag value may not have a length of 1593 zero, an empty string is still valid. This indicates 1594 an empty list (i.e. there are no tag values in the list). 1596 The use of the tag list to select table entries is 1597 application and MIB specific. Typically, an application 1598 will provide one or more tag values, and any entry 1599 which contains some combination of these tag values 1600 will be selected." 1601 SYNTAX OCTET STRING (SIZE (0..255)) 1603 -- 1604 -- 1605 -- The snmpTargetObjects group 1606 -- 1607 -- 1609 snmpTargetSpinLock OBJECT-TYPE 1610 SYNTAX TestAndIncr 1611 MAX-ACCESS read-write 1612 STATUS current 1613 DESCRIPTION 1614 "This object is used to facilitate modification of table 1615 entries in the SNMP-TARGET-MIB module by multiple 1616 managers. In particular, it is useful when modifying 1617 the value of the snmpTargetAddrTagList object. 1619 The procedure for modifying the snmpTargetAddrTagList 1620 object is as follows: 1622 1. Retrieve the value of snmpTargetSpinLock and 1623 of snmpTargetAddrTagList. 1625 2. Generate a new value for snmpTargetAddrTagList. 1627 3. Set the value of snmpTargetSpinLock to the 1628 retrieved value, and the value of 1629 snmpTargetAddrTagList to the new value. If 1630 the set fails for the snmpTargetSpinLock 1631 object, go back to step 1." 1632 ::= { snmpTargetObjects 1 } 1634 snmpTargetAddrTable OBJECT-TYPE 1635 SYNTAX SEQUENCE OF SnmpTargetAddrEntry 1636 MAX-ACCESS not-accessible 1637 STATUS current 1638 DESCRIPTION 1639 "A table of transport addresses to be used in the generation 1640 of SNMP messages." 1641 ::= { snmpTargetObjects 2 } 1643 snmpTargetAddrEntry OBJECT-TYPE 1644 SYNTAX SnmpTargetAddrEntry 1645 MAX-ACCESS not-accessible 1646 STATUS current 1647 DESCRIPTION 1648 "A transport address to be used in the generation 1649 of SNMP operations. 1651 Entries in the snmpTargetAddrTable are created and 1652 deleted using the snmpTargetAddrRowStatus object." 1653 INDEX { IMPLIED snmpTargetAddrName } 1654 ::= { snmpTargetAddrTable 1 } 1656 SnmpTargetAddrEntry ::= SEQUENCE { 1657 snmpTargetAddrName SnmpAdminString, 1658 snmpTargetAddrTDomain TDomain, 1659 snmpTargetAddrTAddress TAddress, 1660 snmpTargetAddrTimeout TimeInterval, 1661 snmpTargetAddrRetryCount Integer32, 1662 snmpTargetAddrTagList SnmpTagList, 1663 snmpTargetAddrParams SnmpAdminString, 1664 snmpTargetAddrStorageType StorageType, 1665 snmpTargetAddrRowStatus RowStatus 1666 } 1668 snmpTargetAddrName OBJECT-TYPE 1669 SYNTAX SnmpAdminString (SIZE(1..32)) 1670 MAX-ACCESS not-accessible 1671 STATUS current 1672 DESCRIPTION 1673 "The locally arbitrary, but unique identifier associated 1674 with this snmpTargetAddrEntry." 1676 ::= { snmpTargetAddrEntry 1 } 1678 snmpTargetAddrTDomain OBJECT-TYPE 1679 SYNTAX TDomain 1680 MAX-ACCESS read-create 1681 STATUS current 1682 DESCRIPTION 1683 "This object indicates the transport type of the address 1684 contained in the snmpTargetAddrTAddress object." 1685 ::= { snmpTargetAddrEntry 2 } 1687 snmpTargetAddrTAddress OBJECT-TYPE 1688 SYNTAX TAddress 1689 MAX-ACCESS read-create 1690 STATUS current 1691 DESCRIPTION 1692 "This object contains a transport address. The format of 1693 this address depends on the value of the 1694 snmpTargetAddrTDomain object." 1695 ::= { snmpTargetAddrEntry 3 } 1697 snmpTargetAddrTimeout OBJECT-TYPE 1698 SYNTAX TimeInterval 1699 MAX-ACCESS read-create 1700 STATUS current 1701 DESCRIPTION 1702 "This object should reflect the expected maximum round 1703 trip time for communicating with the transport address 1704 defined by this row. When a message is sent to this 1705 address, and a response (if one is expected) is not 1706 received within this time period, an implementation 1707 may assume that the response will not be delivered. 1709 Note that the time interval that an application waits 1710 for a response may actually be derived from the value 1711 of this object. The method for deriving the actual time 1712 interval is implementation dependent. One such method 1713 is to derive the expected round trip time based on a 1714 particular retransmission algorithm and on the number 1715 of timeouts which have occurred. The type of message may 1716 also be considered when deriving expected round trip 1717 times for retransmissions. For example, if a message is 1718 being sent with a securityLevel that indicates both 1719 authentication and privacy, the derived value may be 1720 increased to compensate for extra processing time spent 1721 during authentication and encryption processing." 1722 DEFVAL { 1500 } 1723 ::= { snmpTargetAddrEntry 4 } 1725 snmpTargetAddrRetryCount OBJECT-TYPE 1726 SYNTAX Integer32 (0..255) 1727 MAX-ACCESS read-create 1728 STATUS current 1729 DESCRIPTION 1730 "This object specifies a default number of retries to be 1731 attempted when a response is not received for a generated 1732 message. An application may provide its own retry count, 1733 in which case the value of this object is ignored." 1734 DEFVAL { 3 } 1735 ::= { snmpTargetAddrEntry 5 } 1737 snmpTargetAddrTagList OBJECT-TYPE 1738 SYNTAX SnmpTagList 1739 MAX-ACCESS read-create 1740 STATUS current 1741 DESCRIPTION 1742 "This object contains a list of tag values which are 1743 used to select target addresses for a particular 1744 operation." 1745 DEFVAL { "" } 1746 ::= { snmpTargetAddrEntry 6 } 1748 snmpTargetAddrParams OBJECT-TYPE 1749 SYNTAX SnmpAdminString (SIZE(1..32)) 1750 MAX-ACCESS read-create 1751 STATUS current 1752 DESCRIPTION 1753 "The value of this object identifies an entry in the 1754 snmpTargetParamsTable. The identified entry 1755 contains SNMP parameters to be used when generating 1756 messages to be sent to this transport address." 1757 ::= { snmpTargetAddrEntry 7 } 1759 snmpTargetAddrStorageType OBJECT-TYPE 1760 SYNTAX StorageType 1761 MAX-ACCESS read-create 1762 STATUS current 1763 DESCRIPTION 1764 "The storage type for this conceptual row." 1765 DEFVAL { nonVolatile } 1766 ::= { snmpTargetAddrEntry 8 } 1768 snmpTargetAddrRowStatus OBJECT-TYPE 1769 SYNTAX RowStatus 1770 MAX-ACCESS read-create 1771 STATUS current 1772 DESCRIPTION 1773 "The status of this conceptual row. 1775 To create a row in this table, a manager must 1776 set this object to either createAndGo(4) or 1777 createAndWait(5). 1779 Until instances of all corresponding columns are 1780 appropriately configured, the value of the 1781 corresponding instance of the snmpTargetAddrRowStatus 1782 column is 'notReady'. 1784 In particular, a newly created row cannot be made 1785 active until the corresponding instances of 1786 snmpTargetAddrTDomain, snmpTargetAddrTAddress, and 1787 snmpTargetAddrParams have all been set. 1789 The following objects may not be modified while the 1790 value of this object is active(1): 1791 - snmpTargetAddrTDomain 1792 - snmpTargetAddrTAddress 1793 An attempt to set these objects while the value of 1794 snmpTargetAddrRowStatus is active(1) will result in 1795 an inconsistentValue error." 1796 ::= { snmpTargetAddrEntry 9 } 1798 snmpTargetParamsTable OBJECT-TYPE 1799 SYNTAX SEQUENCE OF SnmpTargetParamsEntry 1800 MAX-ACCESS not-accessible 1801 STATUS current 1802 DESCRIPTION 1803 "A table of SNMP target information to be used 1804 in the generation of SNMP messages." 1805 ::= { snmpTargetObjects 3 } 1807 snmpTargetParamsEntry OBJECT-TYPE 1808 SYNTAX SnmpTargetParamsEntry 1809 MAX-ACCESS not-accessible 1810 STATUS current 1811 DESCRIPTION 1812 "A set of SNMP target information. 1814 Entries in the snmpTargetParamsTable are created and 1815 deleted using the snmpTargetParamsRowStatus object." 1816 INDEX { IMPLIED snmpTargetParamsName } 1817 ::= { snmpTargetParamsTable 1 } 1819 SnmpTargetParamsEntry ::= SEQUENCE { 1820 snmpTargetParamsName SnmpAdminString, 1821 snmpTargetParamsMPModel SnmpMessageProcessingModel, 1822 snmpTargetParamsSecurityModel SnmpSecurityModel, 1823 snmpTargetParamsSecurityName SnmpAdminString, 1824 snmpTargetParamsSecurityLevel SnmpSecurityLevel, 1825 snmpTargetParamsStorageType StorageType, 1826 snmpTargetParamsRowStatus RowStatus 1827 } 1829 snmpTargetParamsName OBJECT-TYPE 1830 SYNTAX SnmpAdminString (SIZE(1..32)) 1831 MAX-ACCESS not-accessible 1832 STATUS current 1833 DESCRIPTION 1834 "The locally arbitrary, but unique identifier associated 1835 with this snmpTargetParamsEntry." 1836 ::= { snmpTargetParamsEntry 1 } 1838 snmpTargetParamsMPModel OBJECT-TYPE 1839 SYNTAX SnmpMessageProcessingModel 1840 MAX-ACCESS read-create 1841 STATUS current 1842 DESCRIPTION 1843 "The Message Processing Model to be used when generating 1844 SNMP messages using this entry." 1845 ::= { snmpTargetParamsEntry 2 } 1847 snmpTargetParamsSecurityModel OBJECT-TYPE 1848 SYNTAX SnmpSecurityModel (1..2147483647) 1849 MAX-ACCESS read-create 1850 STATUS current 1851 DESCRIPTION 1852 "The Security Model to be used when generating SNMP 1853 messages using this entry. An implementation may 1854 choose to return an inconsistentValue error if an 1855 attempt is made to set this variable to a value 1856 for a security model which the implementation does 1857 not support." 1858 ::= { snmpTargetParamsEntry 3 } 1860 snmpTargetParamsSecurityName OBJECT-TYPE 1861 SYNTAX SnmpAdminString 1862 MAX-ACCESS read-create 1863 STATUS current 1864 DESCRIPTION 1865 "The securityName which identifies the Principal on 1866 whose behalf SNMP messages will be generated using 1867 this entry." 1868 ::= { snmpTargetParamsEntry 4 } 1870 snmpTargetParamsSecurityLevel OBJECT-TYPE 1871 SYNTAX SnmpSecurityLevel 1872 MAX-ACCESS read-create 1873 STATUS current 1874 DESCRIPTION 1875 "The Level of Security to be used when generating 1876 SNMP messages using this entry." 1877 ::= { snmpTargetParamsEntry 5 } 1879 snmpTargetParamsStorageType OBJECT-TYPE 1880 SYNTAX StorageType 1881 MAX-ACCESS read-create 1882 STATUS current 1883 DESCRIPTION 1884 "The storage type for this conceptual row." 1885 DEFVAL { nonVolatile } 1886 ::= { snmpTargetParamsEntry 6 } 1888 snmpTargetParamsRowStatus OBJECT-TYPE 1889 SYNTAX RowStatus 1890 MAX-ACCESS read-create 1891 STATUS current 1892 DESCRIPTION 1893 "The status of this conceptual row. 1895 To create a row in this table, a manager must 1896 set this object to either createAndGo(4) or 1897 createAndWait(5). 1899 Until instances of all corresponding columns are 1900 appropriately configured, the value of the 1901 corresponding instance of the snmpTargetParamsRowStatus 1902 column is 'notReady'. 1904 In particular, a newly created row cannot be made 1905 active until the corresponding 1906 snmpTargetParamsMPModel, 1907 snmpTargetParamsSecurityModel, 1908 snmpTargetParamsSecurityName, 1909 and snmpTargetParamsSecurityLevel have all been set. 1911 The following objects may not be modified while the 1912 value of this object is active(1): 1913 - snmpTargetParamsMPModel 1914 - snmpTargetParamsSecurityModel 1915 - snmpTargetParamsSecurityName 1916 - snmpTargetParamsSecurityLevel 1917 An attempt to set these objects while the value of 1918 snmpTargetParamsRowStatus is active(1) will result in 1919 an inconsistentValue error." 1920 ::= { snmpTargetParamsEntry 7 } 1922 snmpUnavailableContexts OBJECT-TYPE 1923 SYNTAX Counter32 1924 MAX-ACCESS read-only 1925 STATUS current 1926 DESCRIPTION 1927 "The total number of packets received by the SNMP 1928 engine which were dropped because the context 1929 contained in the message was unavailable." 1930 ::= { snmpTargetObjects 4 } 1932 snmpUnknownContexts OBJECT-TYPE 1933 SYNTAX Counter32 1934 MAX-ACCESS read-only 1935 STATUS current 1936 DESCRIPTION 1937 "The total number of packets received by the SNMP 1938 engine which were dropped because the context 1939 contained in the message was unknown." 1940 ::= { snmpTargetObjects 5 } 1942 -- 1943 -- 1944 -- Conformance information 1945 -- 1946 -- 1948 snmpTargetCompliances OBJECT IDENTIFIER ::= 1949 { snmpTargetConformance 1 } 1950 snmpTargetGroups OBJECT IDENTIFIER ::= 1951 { snmpTargetConformance 2 } 1953 -- 1954 -- 1955 -- Compliance statements 1956 -- 1957 -- 1958 snmpTargetCommandResponderCompliance MODULE-COMPLIANCE 1959 STATUS current 1960 DESCRIPTION 1961 "The compliance statement for SNMP entities which include 1962 a command responder application." 1963 MODULE -- This Module 1964 MANDATORY-GROUPS { snmpTargetCommandResponderGroup } 1965 ::= { snmpTargetCompliances 1 } 1967 snmpTargetBasicGroup OBJECT-GROUP 1968 OBJECTS { 1969 snmpTargetSpinLock, 1970 snmpTargetAddrTDomain, 1971 snmpTargetAddrTAddress, 1972 snmpTargetAddrTagList, 1973 snmpTargetAddrParams, 1974 snmpTargetAddrStorageType, 1975 snmpTargetAddrRowStatus, 1976 snmpTargetParamsMPModel, 1977 snmpTargetParamsSecurityModel, 1978 snmpTargetParamsSecurityName, 1979 snmpTargetParamsSecurityLevel, 1980 snmpTargetParamsStorageType, 1981 snmpTargetParamsRowStatus 1982 } 1983 STATUS current 1984 DESCRIPTION 1985 "A collection of objects providing basic remote 1986 configuration of management targets." 1987 ::= { snmpTargetGroups 1 } 1989 snmpTargetResponseGroup OBJECT-GROUP 1990 OBJECTS { 1991 snmpTargetAddrTimeout, 1992 snmpTargetAddrRetryCount 1993 } 1994 STATUS current 1995 DESCRIPTION 1996 "A collection of objects providing remote configuration 1997 of management targets for applications which generate 1998 SNMP messages for which a response message would be 1999 expected." 2000 ::= { snmpTargetGroups 2 } 2002 snmpTargetCommandResponderGroup OBJECT-GROUP 2003 OBJECTS { 2004 snmpUnavailableContexts, 2005 snmpUnknownContexts 2006 } 2007 STATUS current 2008 DESCRIPTION 2009 "A collection of objects required for command responder 2010 applications, used for counting error conditions." 2011 ::= { snmpTargetGroups 3 } 2013 END 2015 4.2. The Notification MIB Module 2017 The SNMP-NOTIFICATION-MIB module contains objects for the remote 2018 configuration of the parameters used by an SNMP entity for the 2019 generation of notifications. It consists of three tables and 2020 conformance/compliance statements. The first table, the 2021 snmpNotifyTable, contains entries which select which entries in the 2022 snmpTargetAddrTable should be used for generating notifications, and 2023 the type of notifications to be generated. 2025 The second table sparsely augments the snmpTargetAddrTable with an 2026 object which is used to associate a set of filters with a particular 2027 management target. 2029 The third table defines filters which are used to limit the number of 2030 notifications which are generated using particular management 2031 targets. 2033 4.2.1. Definitions 2035 SNMP-NOTIFICATION-MIB DEFINITIONS ::= BEGIN 2037 IMPORTS 2038 MODULE-IDENTITY, 2039 OBJECT-TYPE, 2040 snmpModules 2041 FROM SNMPv2-SMI 2043 RowStatus, 2044 StorageType 2045 FROM SNMPv2-TC 2047 SnmpAdminString 2048 FROM SNMP-FRAMEWORK-MIB 2050 SnmpTagValue, 2051 snmpTargetParamsName 2052 FROM SNMP-TARGET-MIB 2054 MODULE-COMPLIANCE, 2055 OBJECT-GROUP 2056 FROM SNMPv2-CONF; 2058 snmpNotificationMIB MODULE-IDENTITY 2059 LAST-UPDATED "9808040000Z" 2060 ORGANIZATION "IETF SNMPv3 Working Group" 2061 CONTACT-INFO 2062 "WG-email: snmpv3@tis.com 2063 Subscribe: majordomo@tis.com 2064 In message body: subscribe snmpv3 2066 Chair: Russ Mundy 2067 Trusted Information Systems 2068 Postal: 3060 Washington Rd 2069 Glenwood MD 21738 2070 USA 2071 Email: mundy@tis.com 2072 Phone: +1-301-854-6889 2074 Co-editor: David B. Levi 2075 SNMP Research, Inc. 2076 Postal: 3001 Kimberlin Heights Road 2077 Knoxville, TN 37920-9716 2078 E-mail: levi@snmp.com 2079 Phone: +1 423 573 1434 2081 Co-editor: Paul Meyer 2082 Secure Computing Corporation 2083 Postal: 2675 Long Lake Road 2084 Roseville, MN 55113 2085 E-mail: paul_meyer@securecomputing.com 2086 Phone: +1 612 628 1592 2088 Co-editor: Bob Stewart 2089 Cisco Systems, Inc. 2090 Postal: 170 West Tasman Drive 2091 San Jose, CA 95134-1706 2092 E-mail: bstewart@cisco.com 2093 Phone: +1 603 654 2686" 2094 DESCRIPTION 2095 "This MIB module defines MIB objects which provide 2096 mechanisms to remotely configure the parameters 2097 used by an SNMP entity for the generation of 2098 notifications." 2099 REVISION "9808040000Z" 2100 DESCRIPTION "Clarifications, published as 2101 draft-ietf-snmpv3-appl-v2-01.txt." 2102 REVISION "9707140000Z" 2103 DESCRIPTION "The initial revision, published as RFC2273." 2104 ::= { snmpModules 13 } 2106 snmpNotifyObjects OBJECT IDENTIFIER ::= 2107 { snmpNotificationMIB 1 } 2109 snmpNotifyConformance OBJECT IDENTIFIER ::= 2110 { snmpNotificationMIB 3 } 2112 -- 2113 -- 2114 -- The snmpNotifyObjects group 2115 -- 2116 -- 2118 snmpNotifyTable OBJECT-TYPE 2119 SYNTAX SEQUENCE OF SnmpNotifyEntry 2120 MAX-ACCESS not-accessible 2121 STATUS current 2122 DESCRIPTION 2123 "This table is used to select management targets which should 2124 receive notifications, as well as the type of notification 2125 which should be sent to each selected management target." 2126 ::= { snmpNotifyObjects 1 } 2128 snmpNotifyEntry OBJECT-TYPE 2129 SYNTAX SnmpNotifyEntry 2130 MAX-ACCESS not-accessible 2131 STATUS current 2132 DESCRIPTION 2133 "An entry in this table selects a set of management targets 2134 which should receive notifications, as well as the type of 2135 notification which should be sent to each selected 2136 management target. 2138 Entries in the snmpNotifyTable are created and 2139 deleted using the snmpNotifyRowStatus object." 2140 INDEX { IMPLIED snmpNotifyName } 2141 ::= { snmpNotifyTable 1 } 2143 SnmpNotifyEntry ::= SEQUENCE { 2144 snmpNotifyName SnmpAdminString, 2145 snmpNotifyTag SnmpTagValue, 2146 snmpNotifyType INTEGER, 2147 snmpNotifyStorageType StorageType, 2148 snmpNotifyRowStatus RowStatus 2149 } 2151 snmpNotifyName OBJECT-TYPE 2152 SYNTAX SnmpAdminString (SIZE(1..32)) 2153 MAX-ACCESS not-accessible 2154 STATUS current 2155 DESCRIPTION 2156 "The locally arbitrary, but unique identifier associated 2157 with this snmpNotifyEntry." 2158 ::= { snmpNotifyEntry 1 } 2160 snmpNotifyTag OBJECT-TYPE 2161 SYNTAX SnmpTagValue 2162 MAX-ACCESS read-create 2163 STATUS current 2164 DESCRIPTION 2165 "This object contains a single tag value which is used 2166 to select entries in the snmpTargetAddrTable. Any entry 2167 in the snmpTargetAddrTable which contains a tag value 2168 which is equal to the value of an instance of this 2169 object is selected. If this object contains a value 2170 of zero length, no entries are selected." 2171 DEFVAL { "" } 2172 ::= { snmpNotifyEntry 2 } 2174 snmpNotifyType OBJECT-TYPE 2175 SYNTAX INTEGER { 2176 trap(1), 2177 inform(2) 2178 } 2179 MAX-ACCESS read-create 2180 STATUS current 2181 DESCRIPTION 2182 "This object determines the type of notification to 2183 be generated for entries in the snmpTargetAddrTable 2184 selected by the corresponding instance of 2185 snmpNotifyTag. This value is only used when 2186 generating notifications, and is ignored when 2187 using the snmpTargetAddrTable for other purposes. 2189 If the value of this object is trap(1), then any 2190 messages generated for selected rows will contain 2191 SNMPv2-Trap PDUs. 2193 If the value of this object is inform(2), then any 2194 messages generated for selected rows will contain 2195 Inform PDUs. 2197 Note that if an SNMP entity only supports 2198 generation of traps (and not informs), then this 2199 object may be read-only." 2200 DEFVAL { trap } 2201 ::= { snmpNotifyEntry 3 } 2203 snmpNotifyStorageType OBJECT-TYPE 2204 SYNTAX StorageType 2205 MAX-ACCESS read-create 2206 STATUS current 2207 DESCRIPTION 2208 "The storage type for this conceptual row." 2209 DEFVAL { nonVolatile } 2210 ::= { snmpNotifyEntry 4 } 2212 snmpNotifyRowStatus OBJECT-TYPE 2213 SYNTAX RowStatus 2214 MAX-ACCESS read-create 2215 STATUS current 2216 DESCRIPTION 2217 "The status of this conceptual row. 2219 To create a row in this table, a manager must 2220 set this object to either createAndGo(4) or 2221 createAndWait(5)." 2222 ::= { snmpNotifyEntry 5 } 2224 snmpNotifyFilterProfileTable OBJECT-TYPE 2225 SYNTAX SEQUENCE OF SnmpNotifyFilterProfileEntry 2226 MAX-ACCESS not-accessible 2227 STATUS current 2228 DESCRIPTION 2229 "This table is used to associate a notification filter 2230 profile with a particular set of target parameters." 2231 ::= { snmpNotifyObjects 2 } 2233 snmpNotifyFilterProfileEntry OBJECT-TYPE 2234 SYNTAX SnmpNotifyFilterProfileEntry 2235 MAX-ACCESS not-accessible 2236 STATUS current 2237 DESCRIPTION 2238 "An entry in this table indicates the name of the filter 2239 profile to be used when generating notifications using 2240 the corresponding entry in the snmpTargetParamsTable. 2242 Entries in the snmpNotifyFilterProfileTable are created 2243 and deleted using the snmpNotifyFilterProfileRowStatus 2244 object." 2245 INDEX { IMPLIED snmpTargetParamsName } 2246 ::= { snmpNotifyFilterProfileTable 1 } 2248 SnmpNotifyFilterProfileEntry ::= SEQUENCE { 2249 snmpNotifyFilterProfileName SnmpAdminString, 2250 snmpNotifyFilterProfileStorType StorageType, 2251 snmpNotifyFilterProfileRowStatus RowStatus 2252 } 2254 snmpNotifyFilterProfileName OBJECT-TYPE 2255 SYNTAX SnmpAdminString (SIZE(1..32)) 2256 MAX-ACCESS read-create 2257 STATUS current 2258 DESCRIPTION 2259 "The name of the filter profile to be used when generating 2260 notifications using the corresponding entry in the 2261 snmpTargetAddrTable." 2262 ::= { snmpNotifyFilterProfileEntry 1 } 2264 snmpNotifyFilterProfileStorType OBJECT-TYPE 2265 SYNTAX StorageType 2266 MAX-ACCESS read-create 2267 STATUS current 2268 DESCRIPTION 2269 "The storage type of this conceptual row." 2270 DEFVAL { nonVolatile } 2271 ::= { snmpNotifyFilterProfileEntry 2 } 2273 snmpNotifyFilterProfileRowStatus OBJECT-TYPE 2274 SYNTAX RowStatus 2275 MAX-ACCESS read-create 2276 STATUS current 2277 DESCRIPTION 2278 "The status of this conceptual row. 2280 To create a row in this table, a manager must 2281 set this object to either createAndGo(4) or 2282 createAndWait(5). 2284 Until instances of all corresponding columns are 2285 appropriately configured, the value of the 2286 corresponding instance of the 2287 snmpNotifyFilterProfileRowStatus column is 'notReady'. 2289 In particular, a newly created row cannot be made 2290 active until the corresponding instance of 2291 snmpNotifyFilterProfileName has been set." 2292 ::= { snmpNotifyFilterProfileEntry 3 } 2294 snmpNotifyFilterTable OBJECT-TYPE 2295 SYNTAX SEQUENCE OF SnmpNotifyFilterEntry 2296 MAX-ACCESS not-accessible 2297 STATUS current 2298 DESCRIPTION 2299 "The table of filter profiles. Filter profiles are used 2300 to determine whether particular management targets should 2301 receive particular notifications. 2303 When a notification is generated, it must be compared 2304 with the filters associated with each management target 2305 which is configured to receive notifications. If the 2306 notification is matched by a filter, it is not sent to 2307 the management target with which the filter is 2308 associated. 2310 A more complete discussion of notification filtering 2311 can be found in section 6. of this document." 2312 ::= { snmpNotifyObjects 3 } 2314 snmpNotifyFilterEntry OBJECT-TYPE 2315 SYNTAX SnmpNotifyFilterEntry 2316 MAX-ACCESS not-accessible 2317 STATUS current 2318 DESCRIPTION 2319 "An element of a filter profile. 2321 Entries in the snmpNotifyFilterTable are created and 2322 deleted using the snmpNotifyFilterRowStatus object." 2323 INDEX { snmpNotifyFilterProfileName, 2324 IMPLIED snmpNotifyFilterSubtree } 2325 ::= { snmpNotifyFilterTable 1 } 2327 SnmpNotifyFilterEntry ::= SEQUENCE { 2328 snmpNotifyFilterSubtree OBJECT IDENTIFIER, 2329 snmpNotifyFilterMask OCTET STRING, 2330 snmpNotifyFilterType INTEGER, 2331 snmpNotifyFilterStorageType StorageType, 2332 snmpNotifyFilterRowStatus RowStatus 2333 } 2335 snmpNotifyFilterSubtree OBJECT-TYPE 2336 SYNTAX OBJECT IDENTIFIER 2337 MAX-ACCESS not-accessible 2338 STATUS current 2339 DESCRIPTION 2340 "The MIB subtree which, when combined with the corresponding 2341 instance of snmpNotifyFilterMask, defines a family of 2342 subtrees which are included in or excluded from the 2343 filter profile." 2345 ::= { snmpNotifyFilterEntry 1 } 2347 snmpNotifyFilterMask OBJECT-TYPE 2348 SYNTAX OCTET STRING (SIZE(0..16)) 2349 MAX-ACCESS read-create 2350 STATUS current 2351 DESCRIPTION 2352 "The bit mask which, in combination with the corresponding 2353 instance of snmpNotifyFilterSubtree, defines a family of 2354 subtrees which are included in or excluded from the 2355 filter profile. 2357 Each bit of this bit mask corresponds to a 2358 sub-identifier of snmpNotifyFilterSubtree, with the 2359 most significant bit of the i-th octet of this octet 2360 string value (extended if necessary, see below) 2361 corresponding to the (8*i - 7)-th sub-identifier, and 2362 the least significant bit of the i-th octet of this 2363 octet string corresponding to the (8*i)-th 2364 sub-identifier, where i is in the range 1 through 16. 2366 Each bit of this bit mask specifies whether or not 2367 the corresponding sub-identifiers must match when 2368 determining if an OBJECT IDENTIFIER matches this 2369 family of filter subtrees; a '1' indicates that an 2370 exact match must occur; a '0' indicates 'wild card', 2371 i.e., any sub-identifier value matches. 2373 Thus, the OBJECT IDENTIFIER X of an object instance 2374 is contained in a family of filter subtrees if, for 2375 each sub-identifier of the value of 2376 snmpNotifyFilterSubtree, either: 2378 the i-th bit of snmpNotifyFilterMask is 0, or 2380 the i-th sub-identifier of X is equal to the i-th 2381 sub-identifier of the value of 2382 snmpNotifyFilterSubtree. 2384 If the value of this bit mask is M bits long and 2385 there are more than M sub-identifiers in the 2386 corresponding instance of snmpNotifyFilterSubtree, 2387 then the bit mask is extended with 1's to be the 2388 required length. 2390 Note that when the value of this object is the 2391 zero-length string, this extension rule results in 2392 a mask of all-1's being used (i.e., no 'wild card'), 2393 and the family of filter subtrees is the one 2394 subtree uniquely identified by the corresponding 2395 instance of snmpNotifyFilterSubtree." 2396 DEFVAL { ''H } 2397 ::= { snmpNotifyFilterEntry 2 } 2399 snmpNotifyFilterType OBJECT-TYPE 2400 SYNTAX INTEGER { 2401 included(1), 2402 excluded(2) 2403 } 2404 MAX-ACCESS read-create 2405 STATUS current 2406 DESCRIPTION 2407 "This object indicates whether the family of filter subtrees 2408 defined by this entry are included in or excluded from a 2409 filter. A more detailed discussion of the use of this 2410 object can be found in section 6. of this document." 2411 DEFVAL { included } 2412 ::= { snmpNotifyFilterEntry 3 } 2414 snmpNotifyFilterStorageType OBJECT-TYPE 2415 SYNTAX StorageType 2416 MAX-ACCESS read-create 2417 STATUS current 2418 DESCRIPTION 2419 "The storage type of this conceptual row." 2420 DEFVAL { nonVolatile } 2421 ::= { snmpNotifyFilterEntry 4 } 2423 snmpNotifyFilterRowStatus OBJECT-TYPE 2424 SYNTAX RowStatus 2425 MAX-ACCESS read-create 2426 STATUS current 2427 DESCRIPTION 2428 "The status of this conceptual row. 2430 To create a row in this table, a manager must 2431 set this object to either createAndGo(4) or 2432 createAndWait(5)." 2433 ::= { snmpNotifyFilterEntry 5 } 2435 -- 2436 -- 2437 -- Conformance information 2438 -- 2439 -- 2441 snmpNotifyCompliances OBJECT IDENTIFIER ::= 2442 { snmpNotifyConformance 1 } 2443 snmpNotifyGroups OBJECT IDENTIFIER ::= 2444 { snmpNotifyConformance 2 } 2446 -- 2447 -- 2448 -- Compliance statements 2449 -- 2450 -- 2452 snmpNotifyBasicCompliance MODULE-COMPLIANCE 2453 STATUS current 2454 DESCRIPTION 2455 "The compliance statement for minimal SNMP entities which 2456 implement only SNMP Traps and read-create operations on 2457 only the snmpTargetAddrTable." 2458 MODULE SNMP-TARGET-MIB 2459 MANDATORY-GROUPS { snmpTargetBasicGroup } 2461 OBJECT snmpTargetParamsMPModel 2462 MIN-ACCESS read-only 2463 DESCRIPTION 2464 "Create/delete/modify access is not required." 2466 OBJECT snmpTargetParamsSecurityModel 2467 MIN-ACCESS read-only 2468 DESCRIPTION 2469 "Create/delete/modify access is not required." 2471 OBJECT snmpTargetParamsSecurityName 2472 MIN-ACCESS read-only 2473 DESCRIPTION 2474 "Create/delete/modify access is not required." 2476 OBJECT snmpTargetParamsSecurityLevel 2477 MIN-ACCESS read-only 2478 DESCRIPTION 2479 "Create/delete/modify access is not required." 2481 OBJECT snmpTargetParamsStorageType 2482 SYNTAX INTEGER { 2483 readOnly(5) 2484 } 2485 MIN-ACCESS read-only 2486 DESCRIPTION 2487 "Create/delete/modify access is not required. 2488 Support of the values other(1), volatile(2), 2489 nonVolatile(3), and permanent(4) is not required." 2491 OBJECT snmpTargetParamsRowStatus 2492 SYNTAX INTEGER { 2493 active(1) 2494 } 2495 MIN-ACCESS read-only 2496 DESCRIPTION 2497 "Create/delete/modify access to the 2498 snmpTargetParamsTable is not required. 2499 Support of the values notInService(2), notReady(3), 2500 createAndGo(4), createAndWait(5), and destroy(6) is 2501 not required." 2503 MODULE -- This Module 2504 MANDATORY-GROUPS { snmpNotifyGroup } 2506 OBJECT snmpNotifyTag 2507 MIN-ACCESS read-only 2508 DESCRIPTION 2509 "Create/delete/modify access is not required." 2511 OBJECT snmpNotifyType 2512 SYNTAX INTEGER { 2513 trap(1) 2514 } 2515 MIN-ACCESS read-only 2516 DESCRIPTION 2517 "Create/delete/modify access is not required. 2518 Support of the value notify(2) is not required." 2520 OBJECT snmpNotifyStorageType 2521 SYNTAX INTEGER { 2522 readOnly(5) 2523 } 2524 MIN-ACCESS read-only 2525 DESCRIPTION 2526 "Create/delete/modify access is not required. 2527 Support of the values other(1), volatile(2), 2528 nonVolatile(3), and permanent(4) is not required." 2530 OBJECT snmpNotifyRowStatus 2531 SYNTAX INTEGER { 2532 active(1) 2534 } 2535 MIN-ACCESS read-only 2536 DESCRIPTION 2537 "Create/delete/modify access to the 2538 snmpNotifyTable is not required. 2539 Support of the values notInService(2), notReady(3), 2540 createAndGo(4), createAndWait(5), and destroy(6) is 2541 not required." 2543 ::= { snmpNotifyCompliances 1 } 2545 snmpNotifyBasicFiltersCompliance MODULE-COMPLIANCE 2546 STATUS current 2547 DESCRIPTION 2548 "The compliance statement for SNMP entities which implement 2549 SNMP Traps with filtering, and read-create operations on 2550 all related tables." 2551 MODULE SNMP-TARGET-MIB 2552 MANDATORY-GROUPS { snmpTargetBasicGroup } 2553 MODULE -- This Module 2554 MANDATORY-GROUPS { snmpNotifyGroup, 2555 snmpNotifyFilterGroup } 2556 ::= { snmpNotifyCompliances 2 } 2558 snmpNotifyFullCompliance MODULE-COMPLIANCE 2559 STATUS current 2560 DESCRIPTION 2561 "The compliance statement for SNMP entities which either 2562 implement only SNMP Informs, or both SNMP Traps and SNMP 2563 Informs, plus filtering and read-create operations on 2564 all related tables." 2565 MODULE SNMP-TARGET-MIB 2566 MANDATORY-GROUPS { snmpTargetBasicGroup, 2567 snmpTargetResponseGroup } 2568 MODULE -- This Module 2569 MANDATORY-GROUPS { snmpNotifyGroup, 2570 snmpNotifyFilterGroup } 2571 ::= { snmpNotifyCompliances 3 } 2573 snmpNotifyGroup OBJECT-GROUP 2574 OBJECTS { 2575 snmpNotifyTag, 2576 snmpNotifyType, 2577 snmpNotifyStorageType, 2578 snmpNotifyRowStatus 2579 } 2580 STATUS current 2581 DESCRIPTION 2582 "A collection of objects for selecting which management 2583 targets are used for generating notifications, and the 2584 type of notification to be generated for each selected 2585 management target." 2586 ::= { snmpNotifyGroups 1 } 2588 snmpNotifyFilterGroup OBJECT-GROUP 2589 OBJECTS { 2590 snmpNotifyFilterProfileName, 2591 snmpNotifyFilterProfileStorType, 2592 snmpNotifyFilterProfileRowStatus, 2593 snmpNotifyFilterMask, 2594 snmpNotifyFilterType, 2595 snmpNotifyFilterStorageType, 2596 snmpNotifyFilterRowStatus 2597 } 2598 STATUS current 2599 DESCRIPTION 2600 "A collection of objects providing remote configuration 2601 of notification filters." 2602 ::= { snmpNotifyGroups 2 } 2604 END 2606 4.3. The Proxy MIB Module 2608 The SNMP-PROXY-MIB module, which defines MIB objects that provide 2609 mechanisms to remotely configure the parameters used by an SNMP 2610 entity for proxy forwarding operations, contains a single table. 2611 This table, snmpProxyTable, is used to define translations between 2612 management targets for use when forwarding messages. 2614 4.3.1. Definitions 2616 SNMP-PROXY-MIB DEFINITIONS ::= BEGIN 2618 IMPORTS 2619 MODULE-IDENTITY, 2620 OBJECT-TYPE, 2621 snmpModules 2622 FROM SNMPv2-SMI 2624 RowStatus, 2625 StorageType 2626 FROM SNMPv2-TC 2628 SnmpEngineID, 2629 SnmpAdminString 2630 FROM SNMP-FRAMEWORK-MIB 2632 SnmpTagValue 2633 FROM SNMP-TARGET-MIB 2635 MODULE-COMPLIANCE, 2636 OBJECT-GROUP 2637 FROM SNMPv2-CONF; 2639 snmpProxyMIB MODULE-IDENTITY 2640 LAST-UPDATED "9808040000Z" 2641 ORGANIZATION "IETF SNMPv3 Working Group" 2642 CONTACT-INFO 2643 "WG-email: snmpv3@tis.com 2644 Subscribe: majordomo@tis.com 2645 In message body: subscribe snmpv3 2647 Chair: Russ Mundy 2648 Trusted Information Systems 2649 Postal: 3060 Washington Rd 2650 Glenwood MD 21738 2651 USA 2653 Email: mundy@tis.com 2654 Phone: +1-301-854-6889 2656 Co-editor: David B. Levi 2657 SNMP Research, Inc. 2658 Postal: 3001 Kimberlin Heights Road 2659 Knoxville, TN 37920-9716 2660 E-mail: levi@snmp.com 2661 Phone: +1 423 573 1434 2663 Co-editor: Paul Meyer 2664 Secure Computing Corporation 2665 Postal: 2675 Long Lake Road 2666 Roseville, MN 55113 2667 E-mail: paul_meyer@securecomputing.com 2668 Phone: +1 612 628 1592 2670 Co-editor: Bob Stewart 2671 Cisco Systems, Inc. 2672 Postal: 170 West Tasman Drive 2673 San Jose, CA 95134-1706 2674 E-mail: bstewart@cisco.com 2675 Phone: +1 603 654 2686" 2676 DESCRIPTION 2677 "This MIB module defines MIB objects which provide 2678 mechanisms to remotely configure the parameters 2679 used by a proxy forwarding application." 2680 REVISION "9808040000Z" 2681 DESCRIPTION "Clarifications, published as 2682 draft-ietf-snmpv3-appl-v2-01.txt." 2683 REVISION "9707140000Z" 2684 DESCRIPTION "The initial revision, published as RFC2273." 2685 ::= { snmpModules 14 } 2687 snmpProxyObjects OBJECT IDENTIFIER ::= { snmpProxyMIB 1 } 2688 snmpProxyConformance OBJECT IDENTIFIER ::= { snmpProxyMIB 3 } 2690 -- 2691 -- 2692 -- The snmpProxyObjects group 2693 -- 2694 -- 2696 snmpProxyTable OBJECT-TYPE 2697 SYNTAX SEQUENCE OF SnmpProxyEntry 2698 MAX-ACCESS not-accessible 2699 STATUS current 2700 DESCRIPTION 2701 "The table of translation parameters used by proxy forwarder 2702 applications for forwarding SNMP messages." 2703 ::= { snmpProxyObjects 2 } 2705 snmpProxyEntry OBJECT-TYPE 2706 SYNTAX SnmpProxyEntry 2707 MAX-ACCESS not-accessible 2708 STATUS current 2709 DESCRIPTION 2710 "A set of translation parameters used by a proxy forwarder 2711 application for forwarding SNMP messages. 2713 Entries in the snmpProxyTable are created and deleted 2714 using the snmpProxyRowStatus object." 2715 INDEX { IMPLIED snmpProxyName } 2716 ::= { snmpProxyTable 1 } 2718 SnmpProxyEntry ::= SEQUENCE { 2719 snmpProxyName SnmpAdminString, 2720 snmpProxyType INTEGER, 2721 snmpProxyContextEngineID SnmpEngineID, 2722 snmpProxyContextName SnmpAdminString, 2723 snmpProxyTargetParamsIn SnmpAdminString, 2724 snmpProxySingleTargetOut SnmpAdminString, 2725 snmpProxyMultipleTargetOut SnmpTagValue, 2726 snmpProxyStorageType StorageType, 2727 snmpProxyRowStatus RowStatus 2728 } 2730 snmpProxyName OBJECT-TYPE 2731 SYNTAX SnmpAdminString (SIZE(1..32)) 2732 MAX-ACCESS not-accessible 2733 STATUS current 2734 DESCRIPTION 2735 "The locally arbitrary, but unique identifier associated 2736 with this snmpProxyEntry." 2737 ::= { snmpProxyEntry 1 } 2739 snmpProxyType OBJECT-TYPE 2740 SYNTAX INTEGER { 2741 read(1), 2742 write(2), 2743 trap(3), 2744 inform(4) 2745 } 2746 MAX-ACCESS read-create 2747 STATUS current 2748 DESCRIPTION 2749 "The type of message that may be forwarded using 2750 the translation parameters defined by this entry." 2751 ::= { snmpProxyEntry 2 } 2753 snmpProxyContextEngineID OBJECT-TYPE 2754 SYNTAX SnmpEngineID 2755 MAX-ACCESS read-create 2756 STATUS current 2757 DESCRIPTION 2758 "The contextEngineID contained in messages that 2759 may be forwarded using the translation parameters 2760 defined by this entry." 2761 ::= { snmpProxyEntry 3 } 2763 snmpProxyContextName OBJECT-TYPE 2764 SYNTAX SnmpAdminString 2765 MAX-ACCESS read-create 2766 STATUS current 2767 DESCRIPTION 2768 "The contextName contained in messages that may be 2769 forwarded using the translation parameters defined 2770 by this entry. 2772 This object is optional, and if not supported, the 2773 contextName contained in a message is ignored when 2774 selecting an entry in the snmpProxyTable." 2775 ::= { snmpProxyEntry 4 } 2777 snmpProxyTargetParamsIn OBJECT-TYPE 2778 SYNTAX SnmpAdminString 2779 MAX-ACCESS read-create 2780 STATUS current 2781 DESCRIPTION 2782 "This object selects an entry in the snmpTargetParamsTable. 2783 The selected entry is used to determine which row of the 2784 snmpProxyTable to use for forwarding received messages." 2785 ::= { snmpProxyEntry 5 } 2787 snmpProxySingleTargetOut OBJECT-TYPE 2788 SYNTAX SnmpAdminString 2789 MAX-ACCESS read-create 2790 STATUS current 2791 DESCRIPTION 2792 "This object selects a management target defined in the 2793 snmpTargetAddrTable (in the SNMP-TARGET-MIB). The 2794 selected target is defined by an entry in the 2795 snmpTargetAddrTable whose index value (snmpTargetAddrName) 2796 is equal to this object. 2798 This object is only used when selection of a single 2799 target is required (i.e. when forwarding an incoming 2800 read or write request)." 2801 ::= { snmpProxyEntry 6 } 2803 snmpProxyMultipleTargetOut OBJECT-TYPE 2804 SYNTAX SnmpTagValue 2805 MAX-ACCESS read-create 2806 STATUS current 2807 DESCRIPTION 2808 "This object selects a set of management targets defined 2809 in the snmpTargetAddrTable (in the SNMP-TARGET-MIB). 2811 This object is only used when selection of multiple 2812 targets is required (i.e. when forwarding an incoming 2813 notification)." 2814 ::= { snmpProxyEntry 7 } 2816 snmpProxyStorageType OBJECT-TYPE 2817 SYNTAX StorageType 2818 MAX-ACCESS read-create 2819 STATUS current 2820 DESCRIPTION 2821 "The storage type of this conceptual row." 2822 DEFVAL { nonVolatile } 2823 ::= { snmpProxyEntry 8 } 2825 snmpProxyRowStatus OBJECT-TYPE 2826 SYNTAX RowStatus 2827 MAX-ACCESS read-create 2828 STATUS current 2829 DESCRIPTION 2830 "The status of this conceptual row. 2832 To create a row in this table, a manager must 2833 set this object to either createAndGo(4) or 2834 createAndWait(5). 2836 The following objects may not be modified while the 2837 value of this object is active(1): 2838 - snmpProxyType 2839 - snmpProxyContextEngineID 2840 - snmpProxyContextName 2841 - snmpProxyTargetParamsIn 2842 - snmpProxySingleTargetOut 2843 - snmpProxyMultipleTargetOut" 2844 ::= { snmpProxyEntry 9 } 2846 -- 2847 -- 2848 -- Conformance information 2849 -- 2850 -- 2852 snmpProxyCompliances OBJECT IDENTIFIER ::= 2853 { snmpProxyConformance 1 } 2854 snmpProxyGroups OBJECT IDENTIFIER ::= 2855 { snmpProxyConformance 2 } 2857 -- 2858 -- 2859 -- Compliance statements 2860 -- 2861 -- 2863 snmpProxyCompliance MODULE-COMPLIANCE 2864 STATUS current 2865 DESCRIPTION 2866 "The compliance statement for SNMP entities which include 2867 a proxy forwarding application." 2868 MODULE SNMP-TARGET-MIB 2869 MANDATORY-GROUPS { snmpTargetBasicGroup, 2870 snmpTargetResponseGroup } 2871 MODULE -- This Module 2872 MANDATORY-GROUPS { snmpProxyGroup } 2873 ::= { snmpProxyCompliances 1 } 2875 snmpProxyGroup OBJECT-GROUP 2876 OBJECTS { 2877 snmpProxyType, 2878 snmpProxyContextEngineID, 2879 snmpProxyContextName, 2880 snmpProxyTargetParamsIn, 2881 snmpProxySingleTargetOut, 2882 snmpProxyMultipleTargetOut, 2883 snmpProxyStorageType, 2884 snmpProxyRowStatus 2885 } 2886 STATUS current 2887 DESCRIPTION 2888 "A collection of objects providing remote configuration of 2889 management target translation parameters for use by 2890 proxy forwarder applications." 2891 ::= { snmpProxyGroups 3 } 2893 END 2895 5. Identification of Management Targets in Notification Originators 2897 This section describes the mechanisms used by a notification 2898 originator application when using the MIB module described in this 2899 document to determine the set of management targets to be used when 2900 generating a notification. 2902 A notification originator uses each entry in the snmpNotifyTable to 2903 find the management targets to be used for generating notifications. 2904 Each active entry in this table identifies zero or more entries in 2905 the snmpTargetAddrTable. Any entry in the snmpTargetAddrTable whose 2906 snmpTargetAddrTagList object contains a tag value which is equal to a 2907 value of snmpNotifyTag is selected by the snmpNotifyEntry which 2908 contains that instance of snmpNotifyTag. Note that a particular 2909 snmpTargetAddrEntry may be selected by multiple entries in the 2910 snmpNotifyTable, resulting in multiple notifications being generated 2911 using that snmpTargetAddrEntry. 2913 Each snmpTargetAddrEntry contains a pointer to the 2914 snmpTargetParamsTable (snmpTargetAddrParams). This pointer selects a 2915 set of SNMP parameters to be used for generating notifications. If 2916 the selected entry in the snmpTargetParamsTable does not exist, the 2917 management target is not used to generate notifications. 2919 The decision as to whether a notification should contain an SNMPv2- 2920 Trap or Inform PDU is determined by the value of the snmpNotifyType 2921 object. If the value of this object is trap(1), the notification 2922 should contain an SNMPv2-Trap PDU. If the value of this object is 2923 inform(2), then the notification should contain an Inform PDU, and 2924 the timeout time and number of retries for the Inform are the value 2925 of snmpTargetAddrTimeout and snmpTargetAddrRetryCount. Note that the 2926 exception to these rules is when the snmpTargetParamsMPModel object 2927 indicates an SNMP version which supports a different PDU version. In 2928 this case, the notification may be sent using a different PDU type 2929 ([COEX] defines the PDU type in the case where the outgoing SNMP 2930 version is SNMPv1). 2932 6. Notification Filtering 2934 This section describes the mechanisms used by a notification 2935 originator application when using the MIB module described in this 2936 document to filter generation of notifications. 2938 A notification originator uses the snmpNotifyFilterTable to filter 2939 notifications. A notification filter profile may be associated with 2940 a particular entry in the snmpTargetParamsTable. The associated 2941 filter profile is identified by an entry in the 2942 snmpNotifyFilterProfileTable whose index is equal to the index of the 2943 entry in the snmpTargetParamsTable. If no such entry exists in the 2944 snmpNotifyFilterProfileTable, no filtering is performed for that 2945 management target. 2947 If such an entry does exist, the value of snmpNotifyFilterProfileName 2948 of the entry is compared with the corresponding portion of the index 2949 of all active entries in the snmpNotifyFilterTable. All such entries 2950 for which this comparison results in an exact match are used for 2951 filtering a notification generated using the associated 2952 snmpTargetParamsEntry. If no such entries exist, no filtering is 2953 performed, and a notification may be sent to the management target. 2955 Otherwise, if matching entries do exist, a notification may be sent 2956 if the NOTIFICATION-TYPE OBJECT IDENTIFIER of the notification (this 2957 is the value of the element of the variable bindings whose name is 2958 snmpTrapOID.0, i.e., the second variable binding), and all of the 2959 object instances to be included in the variable-bindings of the 2960 notification, are not specifically excluded by the matching entries. 2962 Each set of snmpNotifyFilterTable entries is divided into two 2963 collections of filter subtrees: the included filter subtrees, and 2964 the excluded filter subtrees. The snmpNotifyFilterType object 2965 defines the collection to which each matching entry belongs. 2967 To determine whether a particular notification name or object 2968 instance is excluded by the set of matching entries, compare the 2969 notification name's or object instance's OBJECT IDENTIFIER with each 2970 of the matching entries. If none match, then the notification name 2971 or object instance is considered excluded, and the notification 2972 should not be sent to this management target. If one or more match, 2973 then the notification name or object instance is included or 2974 excluded, according to the value of snmpNotifyFilterType in the entry 2975 whose value of snmpNotifyFilterSubtree has the most sub-identifiers. 2976 If multiple entries match and have the same number of sub- 2977 identifiers, then the lexicographically greatest instance of 2978 snmpNotifyFilterType among those which match determines the inclusion 2979 or exclusion. 2981 A notification name's or object instance's OBJECT IDENTIFIER X 2982 matches an entry in the snmpNotifyFilterTable when the number of 2983 sub-identifiers in X is at least as many as in the value of 2984 snmpNotifyFilterSubtree for the entry, and each sub-identifier in the 2985 value of snmpNotifyFilterSubtree matches its corresponding sub- 2986 identifier in X. Two sub-identifiers match either if the 2987 corresponding bit of snmpNotifyFilterMask is zero (the 'wild card' 2988 value), or if the two sub-identifiers are equal. 2990 7. Management Target Translation in Proxy Forwarder Applications 2992 This section describes the mechanisms used by a proxy forwarder 2993 application when using the MIB module described in this document to 2994 translate incoming management target information into outgoing 2995 management target information for the purpose of forwarding messages. 2996 There are actually two mechanisms a proxy forwarder may use, one for 2997 forwarding request messages, and one for forwarding notification 2998 messages. 3000 7.1. Management Target Translation for Request Forwarding 3002 When forwarding request messages, the proxy forwarder will select a 3003 single entry in the snmpProxyTable. To select this entry, it will 3004 perform the following comparisons: 3006 - The snmpProxyType must be read(1) if the request is a Get, 3007 GetNext, or GetBulk request. The snmpProxyType must be 3008 write(2) if the request is a Set request. 3010 - The contextEngineID must equal the snmpProxyContextEngineID 3011 object. 3013 - If the snmpProxyContextName object is supported, it must equal 3014 the contextName. 3016 - The snmpProxyTargetParamsIn object identifies an entry in the 3017 snmpTargetParamsTable. The messageProcessingModel, 3018 securityLevel, security model, and securityName must match the 3019 values of snmpTargetParamsMPModel, 3020 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, 3021 and snmpTargetParamsSecurityLevel of the identified entry in 3022 the snmpTargetParamsTable. 3024 There may be multiple entries in the snmpProxyTable for which these 3025 comparisons succeed. The entry whose snmpProxyName has the 3026 lexicographically smallest value and for which the comparisons 3027 succeed will be selected by the proxy forwarder. 3029 The outgoing management target information is identified by the value 3030 of the snmpProxySingleTargetOut object of the selected entry. This 3031 object identifies an entry in the snmpTargetAddrTable. The 3032 identified entry in the snmpTargetAddrTable also contains a reference 3033 to the snmpTargetParamsTable (snmpTargetAddrParams). If either the 3034 identified entry in the snmpTargetAddrTable does not exist, or the 3035 identified entry in the snmpTargetParamsTable does not exist, then 3036 this snmpProxyEntry does not identify valid forwarding information, 3037 and the proxy forwarder should attempt to identify another row. 3039 If there is no entry in the snmpProxyTable for which all of the 3040 conditions above may be met, then there is no appropriate forwarding 3041 information, and the proxy forwarder should take appropriate actions. 3043 Otherwise, The snmpTargetAddrTDomain, snmpTargetAddrTAddress, 3044 snmpTargetAddrTimeout, and snmpTargetRetryCount of the identified 3045 snmpTargetAddrEntry, and the snmpTargetParamsMPModel, 3046 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, and 3047 snmpTargetParamsSecurityLevel of the identified snmpTargetParamsEntry 3048 are used as the destination management target. 3050 7.2. Management Target Translation for Notification Forwarding 3052 When forwarding notification messages, the proxy forwarder will 3053 select multiple entries in the snmpProxyTable. To select these 3054 entries, it will perform the following comparisons: 3056 - The snmpProxyType must be trap(3) if the notification is a 3057 Trap. The snmpProxyType must be inform(4) if the request is 3058 an Inform. 3060 - The contextEngineID must equal the snmpProxyContextEngineID 3061 object. 3063 - If the snmpProxyContextName object is supported, it must equal 3064 the contextName. 3066 - The snmpProxyTargetParamsIn object identifies an entry in the 3067 snmpTargetParamsTable. The messageProcessingModel, 3068 securityLevel, security model, and securityName must match the 3069 values of snmpTargetParamsMPModel, 3070 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, 3071 and snmpTargetParamsSecurityLevel of the identified entry in 3072 the snmpTargetParamsTable. 3074 All entries for which these conditions are met are selected. The 3075 snmpProxyMultipleTargetOut object of each such entry is used to 3076 select a set of entries in the snmpTargetAddrTable. Any 3077 snmpTargetAddrEntry whose snmpTargetAddrTagList object contains a tag 3078 value equal to the value of snmpProxyMultipleTargetOut, and whose 3079 snmpTargetAddrParams object references an existing entry in the 3080 snmpTargetParamsTable, is selected as a destination for the forwarded 3081 notification. 3083 8. Intellectual Property 3085 The IETF takes no position regarding the validity or scope of any 3086 intellectual property or other rights that might be claimed to 3087 pertain to the implementation or use of the technology described in 3088 this document or the extent to which any license under such rights 3089 might or might not be available; neither does it represent that it 3090 has made any effort to identify any such rights. Information on the 3091 IETF's procedures with respect to rights in standards-track and 3092 standards-related documentation can be found in BCP-11. Copies of 3093 claims of rights made available for publication and any assurances of 3094 licenses to be made available, or the result of an attempt made to 3095 obtain a general license or permission for the use of such 3096 proprietary rights by implementors or users of this specification can 3097 be obtained from the IETF Secretariat. 3099 The IETF invites any interested party to bring to its attention any 3100 copyrights, patents or patent applications, or other proprietary 3101 rights which may cover technology that may be required to practice 3102 this standard. Please address the information to the IETF Executive 3103 Director. 3105 9. Acknowledgments 3107 This document is the result of the efforts of the SNMPv3 Working 3108 Group. Some special thanks are in order to the following SNMPv3 WG 3109 members: 3111 Dave Battle (SNMP Research, Inc.) 3112 Uri Blumenthal (IBM T.J. Watson Research Center) 3113 Jeff Case (SNMP Research, Inc.) 3114 John Curran (BBN) 3115 T. Max Devlin (Eltrax Systems) 3116 John Flick (Hewlett Packard) 3117 David Harrington (Cabletron Systems Inc.) 3118 N.C. Hien (IBM T.J. Watson Research Center) 3119 Dave Levi (SNMP Research, Inc.) 3120 Louis A Mamakos (UUNET Technologies Inc.) 3121 Paul Meyer (Secure Computing Corporation) 3122 Keith McCloghrie (Cisco Systems) 3123 Russ Mundy (Trusted Information Systems, Inc.) 3124 Bob Natale (ACE*COMM Corporation) 3125 Mike O'Dell (UUNET Technologies Inc.) 3126 Dave Perkins (DeskTalk) 3127 Peter Polkinghorne (Brunel University) 3128 Randy Presuhn (BMC Software, Inc.) 3129 David Reid (SNMP Research, Inc.) 3130 Shawn Routhier (Epilogue) 3131 Juergen Schoenwaelder (TU Braunschweig) 3132 Bob Stewart (Cisco Systems) 3133 Bert Wijnen (IBM T.J. Watson Research Center) 3135 The document is based on recommendations of the IETF Security and 3136 Administrative Framework Evolution for SNMP Advisory Team. Members of 3137 that Advisory Team were: 3139 David Harrington (Cabletron Systems Inc.) 3140 Jeff Johnson (Cisco Systems) 3141 David Levi (SNMP Research Inc.) 3142 John Linn (Openvision) 3143 Russ Mundy (Trusted Information Systems) chair 3144 Shawn Routhier (Epilogue) 3145 Glenn Waters (Nortel) 3146 Bert Wijnen (IBM T. J. Watson Research Center) 3148 As recommended by the Advisory Team and the SNMPv3 Working Group 3149 Charter, the design incorporates as much as practical from previous 3150 RFCs and drafts. As a result, special thanks are due to the authors 3151 of previous designs known as SNMPv2u and SNMPv2*: 3153 Jeff Case (SNMP Research, Inc.) 3154 David Harrington (Cabletron Systems Inc.) 3155 David Levi (SNMP Research, Inc.) 3156 Keith McCloghrie (Cisco Systems) 3157 Brian O'Keefe (Hewlett Packard) 3158 Marshall T. Rose (Dover Beach Consulting) 3159 Jon Saperia (BGS Systems Inc.) 3160 Steve Waldbusser (International Network Services) 3161 Glenn W. Waters (Bell-Northern Research Ltd.) 3163 10. Security Considerations 3165 The SNMP applications described in this document typically have 3166 direct access to MIB instrumentation. Thus, it is very important 3167 that these applications be strict in their application of access 3168 control as described in this document. 3170 In addition, there may be some types of notification generator 3171 applications which, rather than accessing MIB instrumentation using 3172 access control, will obtain MIB information through other means (such 3173 as from a command line). The implementors and users of such 3174 applications must be responsible for not divulging MIB information 3175 that normally would be inaccessible due to access control. 3177 Finally, the MIBs described in this document contain potentially 3178 sensitive information. A security administrator may wish to limit 3179 access to these MIBs. 3181 11. References 3183 [COEX] 3184 The SNMPv3 Working Group, Frye, R.,Levi, D., Wijnen, B., 3185 "Coexistence between Version 1, Version 2, and Version 3 of the 3186 Internet-standard Network Management Framework", draft-ietf- 3187 snmpv3-coex-01.txt, September 1998. 3189 [RFC1157] 3190 Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network 3191 Management Protocol", RFC 1157, SNMP Research, Performance Systems 3192 International, Performance Systems International, MIT Laboratory 3193 for Computer Science, May 1990. 3195 [RFC1213] 3196 McCloghrie, K., and M. Rose, Editors, "Management Information Base 3197 for Network Management of TCP/IP-based internets: MIB-II", STD 17, 3198 RFC 1213, Hughes LAN Systems, Performance Systems International, 3199 March 1991. 3201 [RFC1902] 3202 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3203 Waldbusser, "Structure of Management Information for Version 2 of 3204 the Simple Network Management Protocol (SNMPv2)", RFC1902, SNMP 3205 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3206 International Network Services, January 1996. 3208 [RFC1903] 3209 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3210 Waldbusser, "Textual Conventions for Version 2 of the Simple 3211 Network Management Protocol (SNMPv2)", RFC1903, SNMP Research,Inc., 3212 Cisco Systems, Inc., Dover Beach Consulting, Inc., International 3213 Network Services, January 1996. 3215 [RFC1905] 3216 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3217 Waldbusser, "Protocol Operations for Version 2 of the Simple 3218 Network Management Protocol (SNMPv2)", RFC1905, SNMP Research,Inc., 3219 Cisco Systems, Inc., Dover Beach Consulting, Inc., International 3220 Network Services, January 1996. 3222 [RFC1907] 3223 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3224 Waldbusser, "Management Information Base for Version 2 of the 3225 Simple Network Management Protocol (SNMPv2)", RFC1905, SNMP 3226 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3227 International Network Services, January 1996. 3229 [RFC1908] 3230 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3231 Waldbusser, "Coexistence between Version 1 and Version 2 of the 3232 Internet-standard Network Management Framework", RFC1905, SNMP 3233 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3234 International Network Services, January 1996. 3236 [RFC2119] 3237 Bradner, S., "Key words for use in RFCs to Indicate Requirement 3238 Levels", BCP 14, RFC2119, March 1997. 3240 [SNMP-ARCH] 3241 The SNMPv3 Working Group, Harrington, D., Wijnen, B., "An 3242 Architecture for Describing SNMP Management Frameworks", draft- 3243 ietf-snmpv3-arch-01.txt, September 1998. 3245 [SNMP-MPD] 3246 The SNMPv3 Working Group, Case, J., Harrington, D., Wijnen, B., 3247 "Message Processing and Dispatching for the Simple Network 3248 Management Protocol (SNMP)", draft-ietf-snmpv3-mpc-01.txt, 3249 September 1998. 3251 [SNMP-ACM] 3252 The SNMPv3 Working Group, Wijnen, B., Presuhn, R., McCloghrie, K., 3253 "View-based Access Control Model for the Simple Network Management 3254 Protocol (SNMP)", draft-ietf-snmpv3-vacm-01.txt, September 1998. 3256 12. Editor's Address 3258 David B. Levi 3259 SNMP Research, Inc. 3260 3001 Kimberlin Heights Road 3261 Knoxville, TN 37920-9716 3262 U.S.A. 3263 Phone: +1 423 573 1434 3264 EMail: levi@snmp.com 3266 Paul Meyer 3267 Secure Computing Corporation 3268 2675 Long Lake Road 3269 Roseville, MN 55113 3270 U.S.A. 3271 Phone: +1 612 628 1592 3272 EMail: paul_meyer@securecomputing.com 3274 Bob Stewart 3275 Cisco Systems, Inc. 3276 170 West Tasman Drive 3277 San Jose, CA 95134-1706 3278 U.S.A. 3279 Phone: +1 603 654 2686 3280 EMail: bstewart@cisco.com 3282 APPENDIX A - Trap Configuration Example 3284 This section describes an example configuration for a Notification 3285 Generator application which implements the snmpNotifyBasicCompliance 3286 level. The example configuration specifies that the Notification 3287 Generator should send notifications to 3 separate managers, using 3288 authentication and no privacy for the first 2 managers, and using 3289 both authentication and privacy for the third manager. 3291 The configuration consists of three rows in the snmpTargetAddrTable, 3292 and two rows in the snmpTargetTable. 3294 snmpTargetAddrName SnmpAdminString, 3295 snmpTargetAddrTDomain TDomain, 3296 snmpTargetAddrTAddress TAddress, 3297 snmpTargetAddrTimeout TimeInterval, 3298 snmpTargetAddrRetryCount Integer32, 3299 snmpTargetAddrTagList SnmpAdminString, 3300 snmpTargetAddrParams SnmpAdminString, 3301 snmpTargetAddrStorageType StorageType, 3302 snmpTargetAddrRowStatus RowStatus 3304 * snmpTargetAddrName = "addr1" 3305 snmpTargetAddrTDomain = snmpUDPDomain 3306 snmpTargetAddrTAddress = 128.1.2.3/162 3307 snmpTargetAddrTagList = "group1" 3308 snmpTargetAddrParams = "AuthNoPriv joe" 3309 snmpTargetAddrStorageType = readOnly(5) 3310 snmpTargetAddrRowStatus = active(1) 3312 * snmpTargetAddrName = "addr2" 3313 snmpTargetAddrTDomain = snmpUDPDomain 3314 snmpTargetAddrTAddress = 128.2.4.6/162 3315 snmpTargetAddrTagList = "group1" 3316 snmpTargetAddrParams = "AuthNoPriv-joe" 3317 snmpTargetAddrStorageType = readOnly(5) 3318 snmpTargetAddrRowStatus = active(1) 3320 * snmpTargetAddrName = "addr3" 3321 snmpTargetAddrTDomain = snmpUDPDomain 3322 snmpTargetAddrTAddress = 128.1.2.3/162 3323 snmpTargetAddrTagList = "group2" 3324 snmpTargetAddrParams = "AuthPriv-bob" 3325 snmpTargetAddrStorageType = readOnly(5) 3326 snmpTargetAddrRowStatus = active(1) 3328 * snmpTargetParamsName = "AuthNoPriv-joe" 3329 snmpTargetParamsMPModel = 3 3330 snmpTargetParamsSecurityModel = 3 (USM) 3331 snmpTargetParamsSecurityName = "joe" 3332 snmpTargetParamsSecurityLevel = authNoPriv(2) 3333 snmpTargetParamsStorageType = readOnly(5) 3334 snmpTargetParamsRowStatus = active(1) 3336 * snmpTargetParamsName = "AuthPriv-bob" 3337 snmpTargetParamsMPModel = 3 3338 snmpTargetParamsSecurityModel = 3 (USM) 3339 snmpTargetParamsSecurityName = "bob" 3340 snmpTargetParamsSecurityLevel = authPriv(3) 3341 snmpTargetParamsStorageType = readOnly(5) 3342 snmpTargetParamsRowStatus = active(1) 3344 * snmpNotifyName = "group1" 3345 snmpNotifyTag = "group1" 3346 snmpNotifyType = trap(1) 3347 snmpNotifyStorageType = readOnly(5) 3348 snmpNotifyRowStatus = active(1) 3350 * snmpNotifyName = "group2" 3351 snmpNotifyTag = "group2" 3352 snmpNotifyType = trap(1) 3353 snmpNotifyStorageType = readOnly(5) 3354 snmpNotifyRowStatus = active(1) 3356 These entries define two groups of management targets. The first 3357 group contains two management targets: 3359 first target second target 3360 ------------ ------------- 3361 messageProcessingModel SNMPv3 SNMPv3 3362 securityModel 3 (USM) 3 (USM) 3363 securityName "joe" "joe" 3364 securityLevel authNoPriv(2) authNoPriv(2) 3365 transportDomain snmpUDPDomain snmpUDPDomain 3366 transportAddress 128.1.2.3/162 128.2.4.6/162 3368 And the second group contains a single management target: 3370 messageProcessingModel SNMPv3 3371 securityLevel authPriv(3) 3372 securityModel 3 (USM) 3373 securityName "bob" 3374 transportDomain snmpUDPDomain 3375 transportAddress 128.1.5.9/162 3377 B. Full Copyright Statement 3379 This document and translations of it may be copied and furnished to 3380 others, and derivative works that comment on or otherwise explain it 3381 or assist in its implementation may be prepared, copied, published 3382 and distributed, in whole or in part, without restriction of any 3383 kind, provided that the above copyright notice and this paragraph are 3384 included on all such copies and derivative works. However, this 3385 document itself may not be modified in any way, such as by removing 3386 the copyright notice or references to the Internet Society or other 3387 Internet organizations, except as needed for the purpose of 3388 developing Internet standards in which case the procedures for 3389 copyrights defined in the Internet Standards process must be 3390 followed, or as required to translate it into languages other than 3391 English. 3393 The limited permissions granted above are perpetual and will not be 3394 revoked by the Internet Society or its successors or assigns. 3396 This document and the information contained herein is provided on an 3397 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 3398 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 3399 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 3400 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 3401 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.