As per Relevance of the word component, we have this rfc below:
Network Working Group J.
Request for Comments: 1445 Trusted Information
K.
Hughes LAN
April 1993
Administrative
for version 2 of
Simple Network Management Protocol (SNMPv2)
Status of this
This RFC specifes an IAB standards track protocol for
Internet community, and requests discussion and
for improvements. Please refer to the current edition of
"IAB Official Protocol Standards" for the
state and status of this protocol. Distribution of this
is unlimited
Table of
1 Introduction .......................................... 2
1.1 A Note on Terminology ............................... 2
2 Elements of the Model ................................. 3
2.1 SNMPv2 Party ........................................ 3
2.2 SNMPv2 Entity ....................................... 6
2.3 SNMPv2 Management Station ........................... 7
2.4 SNMPv2 Agent ........................................ 7
2.5 View Subtree ........................................ 7
2.6 MIB View ............................................ 8
2.7 Proxy Relationship .................................. 8
2.8 SNMPv2 Context ...................................... 10
2.9 SNMPv2 Management Communication ..................... 10
2.10 SNMPv2 Authenticated Management Communication ...... 12
2.11 SNMPv2 Private Management Communication ............ 13
2.12 SNMPv2 Management Communication Class .............. 14
2.13 SNMPv2 Access Control Policy ....................... 14
3 Elements of Procedure ................................. 17
3.1 Generating a Request ................................ 17
3.2 Processing a Received Communication ................. 18
3.3 Generating a Response ............................... 21
Galvin & McCloghrie [Page i
RFC 1445 Administrative Model for SNMPv2 April 1993
4 Application of the Model .............................. 23
4.1 Non-Secure Minimal Agent Configuration .............. 23
4.2 Secure Minimal Agent Configuration .................. 26
4.3 MIB View Configurations ............................. 28
4.4 Proxy Configuration ................................. 32
4.4.1 Foreign Proxy Configuration ....................... 33
4.4.2 Native Proxy Configuration ........................ 37
4.5 Public Key Configuration ............................ 41
5 Security Considerations ............................... 44
6 Acknowledgements ...................................... 45
7 References ............................................ 46
8 Authors' Addresses .................................... 47
Galvin & McCloghrie [Page 1]
RFC 1445 Administrative Model for SNMPv2 April 1993
1.
A network management system contains: several (
many) nodes, each with a processing entity, termed an agent
which has access to management instrumentation; at least
management station; and, a management protocol, used to
management information between the agents and
stations. Operations of the protocol are carried out under
administrative framework which defines both authentication
authorization policies
Network management stations execute management
which monitor and control network elements. Network
are devices such as hosts, routers, terminal servers, etc.,
which are monitored and controlled through access to
management information
It is the purpose of this document, the Administrative
for SNMPv2, to define how the administrative framework
applied to realize effective network management in a
of configurations and environments
The model described here entails the use of
identities for peers that exchange SNMPv2 messages. Thus,
represents a departure from the community-based
model of the original SNMP [1]. By unambiguously
the source and intended recipient of each SNMPv2 message,
new strategy improves upon the historical community
both by supporting a more convenient access control model
allowing for effective use of asymmetric (public key)
protocols in the future
1.1. A Note on
For the purpose of exposition, the original Internet-
Network Management Framework, as described in RFCs 1155, 1157,
and 1212, is termed the SNMP version 1 framework (SNMPv1).
The current framework is termed the SNMP version 2
(SNMPv2).
Galvin & McCloghrie [Page 2]
RFC 1445 Administrative Model for SNMPv2 April 1993
2. Elements of the
2.1. SNMPv2
A SNMPv2 party is a conceptual, virtual execution
whose operation is restricted (for security or other purposes
to an administratively defined subset of all
operations of a particular SNMPv2 entity (see Section 2.2).
Whenever a SNMPv2 entity processes a SNMPv2 message, it
so by acting as a SNMPv2 party and is thereby restricted
the set of operations defined for that party. The set
possible operations specified for a SNMPv2 party may
overlapping or disjoint with respect to the sets of
SNMPv2 parties; it may also be a proper or improper subset
all possible operations of the SNMPv2 entity
Architecturally, each SNMPv2 party
o a single, unique party identity
o a logical network location at which the party executes
characterized by a transport protocol domain
transport addressing information
o a single authentication protocol and
parameters by which all protocol messages originated
the party are authenticated as to origin and integrity
o a single privacy protocol and associated parameters
which all protocol messages received by the party
protected from disclosure
Galvin & McCloghrie [Page 3]
RFC 1445 Administrative Model for SNMPv2 April 1993
Conceptually, each SNMPv2 party may be represented by an ASN.1
value with the following syntax
SnmpParty ::= SEQUENCE {
OBJECT IDENTIFIER
OBJECT IDENTIFIER
OCTET STRING
INTEGER
OBJECT IDENTIFIER
INTEGER
OCTET STRING
OCTET STRING
INTEGER
OBJECT IDENTIFIER
OCTET STRING
OCTET
}
For each SnmpParty value that represents a SNMPv2 party,
following statements are true
o Its partyIdentity component is the party identity
o Its partyTDomain component is called the transport
and indicates the kind of transport service by which
party receives network management traffic. An example
a transport domain is snmpUDPDomain (SNMPv2 over UDP
using SNMPv2 parties).
o Its partyTAddress component is called the
addressing information and represents a transport
address by which the party receives network
traffic
Galvin & McCloghrie [Page 4]
RFC 1445 Administrative Model for SNMPv2 April 1993
o Its partyMaxMessageSize component is called the
message size and represents the length in octets of
largest SNMPv2 message this party is prepared to accept
o Its partyAuthProtocol component is called
authentication protocol and identifies a protocol and
mechanism by which all messages generated by the
are authenticated as to integrity and origin. In
context, the value noAuth signifies that
generated by the party are not authenticated as
integrity and origin
o Its partyAuthClock component is called the
clock and represents a notion of the current time that
specific to the party. The significance of
component is specific to the authentication protocol
o Its partyAuthPrivate component is called the
authentication key and represents any secret value
to support the authentication protocol. The
of this component is specific to the
protocol
o Its partyAuthPublic component is called the
authentication key and represents any public value
may be needed to support the authentication protocol
The significance of this component is specific to
authentication protocol
o Its partyAuthLifetime component is called the
and represents an administrative upper bound
acceptable delivery delay for protocol messages
by the party. The significance of this component
specific to the authentication protocol
o Its partyPrivProtocol component is called the
protocol and identifies a protocol and a mechanism
which all protocol messages received by the party
protected from disclosure. In this context, the
noPriv signifies that messages received by the party
not protected from disclosure
o Its partyPrivPrivate component is called the
privacy key and represents any secret value needed
support the privacy protocol. The significance of
Galvin & McCloghrie [Page 5]
RFC 1445 Administrative Model for SNMPv2 April 1993
component is specific to the privacy protocol
o Its partyPrivPublic component is called the
privacy key and represents any public value that may
needed to support the privacy protocol. The
of this component is specific to the privacy protocol
If, for all SNMPv2 parties realized by a SNMPv2 entity,
authentication protocol is noAuth and the privacy protocol
noPriv, then that entity is called non-secure
2.2. SNMPv2
A SNMPv2 entity is an actual process which performs
management operations by generating and/or responding
SNMPv2 protocol messages in the manner specified in [2].
a SNMPv2 entity is acting as a particular SNMPv2 party (
Section 2.1), the operation of that entity must be
to the subset of all possible operations that
administratively defined for that party
By definition, the operation of a SNMPv2 entity requires
concurrency between processing of any single protocol
(by a particular SNMPv2 party) and processing of any
protocol message (by a potentially different SNMPv2 party).
Accordingly, implementation of a SNMPv2 entity to support
than one party need not be multi-threaded. However, there
be situations where implementors may choose to use multi
threading
Architecturally, every SNMPv2 entity maintains a
database that represents all SNMPv2 parties known to it -
those whose operation is realized locally, those
operation is realized by proxy interactions with
parties or devices, and those whose operation is realized
remote entities. In addition, every SNMPv2 entity maintains
local database that represents all managed object
(see Section 2.8) which are known to the SNMPv2 entity
Finally, every SNMPv2 entity maintains a local database
represents an access control policy (see Section 2.11)
defines the access privileges accorded to known SNMPv
parties
Galvin & McCloghrie [Page 6]
RFC 1445 Administrative Model for SNMPv2 April 1993
2.3. SNMPv2 Management
A SNMPv2 management station is the operational role assumed
a SNMPv2 party when it initiates SNMPv2 management
by the generation of appropriate SNMPv2 protocol messages
when it receives and processes trap notifications
Sometimes, the term SNMPv2 management station is applied
partial implementations of the SNMPv2 (in
workstations, for example) that focus upon this
role. Such partial implementations may provide
convenient, local invocation of management services, but
may provide little or no support for performing SNMPv
management operations on behalf of remote protocol users
2.4. SNMPv2
A SNMPv2 agent is the operational role assumed by a SNMPv
party when it performs SNMPv2 management operations
response to received SNMPv2 protocol messages such as
generated by a SNMPv2 management station (see Section 2.3).
Sometimes, the term SNMPv2 agent is applied to
implementations of the SNMPv2 (in embedded systems,
example) that focus upon this operational role. Such
implementations provide for realization of SNMPv2
operations on behalf of remote users of management services
but they may provide little or no support for local
of such services
2.5. View
A view subtree is the set of all MIB object instances
have a common ASN.1 OBJECT IDENTIFIER prefix to their names
A view subtree is identified by the OBJECT IDENTIFIER
which is the longest OBJECT IDENTIFIER prefix common to
(potential) MIB object instances in that subtree
When the OBJECT IDENTIFIER prefix identifying a view
is longer than the OBJECT IDENTIFIER of an object type
according to the SMI [3], then the use of such a view
for access control has granularity at the object
level. Such granularity is considered beyond the scope of
Galvin & McCloghrie [Page 7]
RFC 1445 Administrative Model for SNMPv2 April 1993
SNMPv2 entity acting in an agent role. As such,
implementation of a SNMPv2 entity acting in an agent role
required to support values of viewSubtree [6] which have
sub-identifiers than is necessary to identify a
leaf object type. However, access control information is
used in determining which SNMPv2 entities acting in a
role should receive trap notifications (Section 4.2.6 of [2]).
As such, agent implementors might wish to provide instance
level granularity in order to allow a management station
use fine-grain configuration of trap notifications
2.6. MIB
A MIB view is a subset of the set of all instances of
object types defined according to the SMI [3] (i.e., of
universal set of all instances of all MIB objects), subject
the following constraints
o Each element of a MIB view is uniquely named by an ASN.1
OBJECT IDENTIFIER value. As such, identically
instances of a particular object type (e.g., in
agents) must be contained within different MIB views
That is, a particular object instance name
within a particular MIB view to at most one
instance
o Every MIB view is defined as a collection of
subtrees
2.7. Proxy
A proxy relationship exists when, in order to process
received management request, a SNMPv2 entity must
with another, logically remote, entity. A SNMPv2 entity
processes management requests using a proxy relationship
termed a SNMPv2 proxy agent
When communication between a logically remote party and
SNMPv2 entity is via the SNMPv2 (over any transport protocol),
then the proxy party is called a SNMPv2 native
relationship. Deployment of SNMPv2 native proxy
is a means whereby the processing or bandwidth costs
management may be amortized or shifted - thereby
Galvin & McCloghrie [Page 8]
RFC 1445 Administrative Model for SNMPv2 April 1993
the construction of large management systems
When communication between a logically remote party and
SNMPv2 entity party is not via the SNMPv2, then the
party is called a SNMPv2 foreign proxy relationship
Deployment of foreign proxy relationships is a means
otherwise unmanageable devices or portions of an internet
be managed via the SNMPv2.
The transparency principle that defines the behavior of
SNMPv2 entity in general applies in particular to a SNMPv
proxy relationship
The manner in which one SNMPv2 entity processes SNMPv
protocol messages received from another SNMPv2 entity
entirely transparent to the latter
The transparency principle derives directly from
historical SNMP philosophy of divorcing architecture
implementation. To this dichotomy are attributable many
the most valuable benefits in both the information
distribution models of the Internet-standard
Management Framework, and it is the architectural
upon which large management systems may be built.
with this philosophy, although the implementation of SNMPv
proxy agents in certain environments may resemble that of
transport-layer bridge, this particular
strategy (or any other!) does not merit special
either in the SNMPv2 management architecture or in
mechanisms for proxy administration
Implicit in the transparency principle is the requirement
the semantics of SNMPv2 management operations are
between any two SNMPv2 peers. In particular, the "as
simultaneous" semantics of a Set operation are
difficult to guarantee if its scope extends to
information resident at multiple network locations. For
reason, proxy configurations that admit Set operations
apply to information at multiple locations are discouraged
although such operations are not explicitly precluded by
architecture in those rare cases where they might be
in a conformant way
Also implicit in the transparency principle is the
that, throughout its interaction with a proxy agent,
Galvin & McCloghrie [Page 9]
RFC 1445 Administrative Model for SNMPv2 April 1993
management station is supplied with no information about
nature or progress of the proxy mechanisms by which
requests are realized. That is, it should seem to
management station - except for any distinction in
transport address - as if it were interacting via SNMPv
directly with the proxied device. Thus, a timeout in
communication between a proxy agent and its proxied
should be represented as a timeout in the
between the management station and the proxy agent
Similarly, an error response from a proxied device should -
much as possible - be represented by the corresponding
response in the interaction between the proxy agent
management station
2.8. SNMPv2
A SNMPv2 context is a collection of managed object
accessible by a SNMPv2 entity. The object
identified by a context are either local or remote
A SNMPv2 context referring to local object resources
identified as a MIB view. In this case, a SNMPv2 entity
local mechanisms to access the management
identified by the SNMPv2 context
A remote SNMPv2 context referring to remote object
is identified as a proxy relationship. In this case, a SNMPv
entity acts as a proxy agent to access the
information identified by the SNMPv2 context
2.9. SNMPv2 Management
A SNMPv2 management communication is a communication from
specified SNMPv2 party to a second specified SNMPv2
about management information that is contained in a SNMPv
context accessible by the appropriate SNMPv2 entity.
particular, a SNMPv2 management communication may
o a query by the originating party about
accessible to the addressed party (e.g., getRequest
getNextRequest, or getBulkRequest),
Galvin & McCloghrie [Page 10]
RFC 1445 Administrative Model for SNMPv2 April 1993
o an indicative assertion to the addressed party
information accessible to the originating party (e.g.,
Response, InformRequest, or SNMPv2-Trap),
o an imperative assertion by the originating party
information accessible to the addressed party (e.g.,
setRequest),
o a confirmation to the addressed party about
received by the originating party (e.g., a
confirming an InformRequest).
A management communication is represented by an ASN.1
with the following syntax
SnmpMgmtCom ::= [2] IMPLICIT SEQUENCE {
OBJECT IDENTIFIER
OBJECT IDENTIFIER
OBJECT IDENTIFIER
}
For each SnmpMgmtCom value that represents a SNMPv2
communication, the following statements are true
o Its dstParty component is called the destination
identifies the SNMPv2 party to which the communication
directed
o Its srcParty component is called the source
identifies the SNMPv2 party from which the
is originated
o Its context component identifies the SNMPv2
containing the management information referenced by
communication
o Its pdu component has the form and
attributed to it in [2].
Galvin & McCloghrie [Page 11]
RFC 1445 Administrative Model for SNMPv2 April 1993
2.10. SNMPv2 Authenticated Management
A SNMPv2 authenticated management communication is a SNMPv
management communication (see Section 2.9) for which
originating SNMPv2 party is (possibly) reliably identified
for which the integrity of the transmission of
communication is (possibly) protected. An
management communication is represented by an ASN.1 value
the following syntax
SnmpAuthMsg ::= [1] IMPLICIT SEQUENCE {
ANY, -- defined by authentication
}
For each SnmpAuthMsg value that represents a SNMPv
authenticated management communication, the
statements are true
o Its authInfo component is called the
information and represents information required
support of the authentication protocol used by the SNMPv
party originating the message. The detailed
of the authentication information is specific to
authentication protocol in use; it has no effect on
application semantics of the communication other than
use by the authentication protocol in determining
the communication is authentic or not
o Its authData component is called the authentication
and represents a SNMPv2 management communication
Galvin & McCloghrie [Page 12]
RFC 1445 Administrative Model for SNMPv2 April 1993
2.11. SNMPv2 Private Management
A SNMPv2 private management communication is a SNMPv
authenticated management communication (see Section 2.10)
is (possibly) protected from disclosure. A private
communication is represented by an ASN.1 value with
following syntax
SnmpPrivMsg ::= [1] IMPLICIT SEQUENCE {
OBJECT IDENTIFIER
[1] IMPLICIT OCTET
}
For each SnmpPrivMsg value that represents a SNMPv2
management communication, the following statements are true
o Its privDst component is called the privacy
and identifies the SNMPv2 party to which
communication is directed
o Its privData component is called the privacy data
represents the (possibly encrypted)
(according to the conventions of [5]) of a SNMPv
authenticated management communication (see
2.10).
Galvin & McCloghrie [Page 13]
RFC 1445 Administrative Model for SNMPv2 April 1993
2.12. SNMPv2 Management Communication
A SNMPv2 management communication class corresponds to
specific SNMPv2 PDU type defined in [2]. A
communication class is represented by an ASN.1 INTEGER
according to the type of the identifying PDU (see Table 1).
Get 1
GetNext 2
Response 4
Set 8
-- unused 16
GetBulk 32
Inform 64
SNMPv2-Trap 128
Table 1: Management Communication
The value by which a communication class is represented
computed as 2 raised to the value of the ASN.1 context
specific tag for the appropriate SNMPv2 PDU
A set of management communication classes is represented
the ASN.1 INTEGER value that is the sum of the
of the communication classes in that set. The null set
represented by the value zero
2.13. SNMPv2 Access Control
A SNMPv2 access control policy is a specification of a
access policy in terms of a SNMPv2 context and the
communication classes which are authorized between a pair
SNMPv2 parties. Architecturally, such a
comprises four parts
o the targets of SNMPv2 access control - the SNMPv2
that may perform management operations as requested
management communications received from other parties
o the subjects of SNMPv2 access control - the SNMPv
parties that may request, by sending
Galvin & McCloghrie [Page 14]
RFC 1445 Administrative Model for SNMPv2 April 1993
communications to other parties, that
operations be performed
o the managed object resources of SNMPv2 access control -
the SNMPv2 contexts which identify the
information on which requested management operations
to be performed,
o the policy that specifies the classes of SNMPv
management communications pertaining to a
SNMPv2 context that a particular target is authorized
accept from a particular subject
Conceptually, a SNMPv2 access policy is represented by
collection of ASN.1 values with the following syntax
AclEntry ::= SEQUENCE {
OBJECT IDENTIFIER
OBJECT IDENTIFIER
OBJECT IDENTIFIER
}
For each such value that represents one part of a SNMPv
access policy, the following statements are true
o Its aclTarget component is called the target
identifies the SNMPv2 party to which the partial
permits access
o Its aclSubject component is called the subject
identifies the SNMPv2 party to which the partial
grants privileges
o Its aclResources component is called the managed
resources and identifies the SNMPv2 context referenced
the partial policy
o Its aclPrivileges component is called the privileges
represents a set of SNMPv2 management
classes which, when they reference the specified SNMPv
Galvin & McCloghrie [Page 15]
RFC 1445 Administrative Model for SNMPv2 April 1993
context, are authorized to be processed by the
target party when received from the specified
party
The application of SNMPv2 access control policy only occurs
receipt of management communications; it is not applied
transmission of management communications. Note, however
that ASN.1 values, having the syntax AclEntry, are also
in determining the destinations of a SNMPv2-Trap [2].
Galvin & McCloghrie [Page 16]
RFC 1445 Administrative Model for SNMPv2 April 1993
3. Elements of
This section describes the procedures followed by a SNMPv
entity in processing SNMPv2 messages. These procedures
independent of the particular authentication and
protocols that may be in use
3.1. Generating a
This section describes the procedure followed by a SNMPv
entity whenever either a management request or a
notification is to be transmitted by a SNMPv2 party
(1) A SnmpMgmtCom value is constructed for which the
component identifies the originating party, for which
dstParty component identifies the receiving party,
which the context component identifies the desired SNMPv
context, and for which the pdu component represents
desired management operation
(2) The local database of party information is consulted
determine the authentication protocol and other
information for the originating and receiving SNMPv
parties
(3) A SnmpAuthMsg value is constructed with the
properties
Its authInfo component is constructed according
the authentication protocol specified for
originating party
In particular, if the authentication protocol
the originating SNMPv2 party is identified
noAuth, then this component corresponds to
OCTET STRING value of zero length
Its authData component is the constructed
value
(4) The local database of party information is consulted
determine the privacy protocol and other
information for the receiving SNMPv2 party
Galvin & McCloghrie [Page 17]
RFC 1445 Administrative Model for SNMPv2 April 1993
(5) A SnmpPrivMsg value is constructed with the
properties
Its privDst component identifies the
SNMPv2 party
Its privData component is the (possibly encrypted
serialization of the SnmpAuthMsg value according
the conventions of [5].
In particular, if the privacy protocol for
receiving SNMPv2 party is identified as noPriv
then the privData component is unencrypted
Otherwise, the privData component is
according to the privacy protocol
(6) The constructed SnmpPrivMsg value is serialized
to the conventions of [5].
(7) The serialized SnmpPrivMsg value is transmitted using
transport address and transport domain for the
SNMPv2 party
Note that the above procedure does not include any
of any SNMPv2 access control policy (see section 2.13).
3.2. Processing a Received
This section describes the procedure followed by a SNMPv
entity whenever a management communication is received
(1) The snmpStatsPackets counter [7] is incremented. If
received message is not the serialization (according
the conventions of [5]) of an SnmpPrivMsg value,
that message is discarded without further processing
(If the first octet of the packet has the
hexadecimal 30, then the snmpStats30Something counter [7]
is incremented prior to discarding the message;
the snmpStatsEncodingErrors counter [7] is incremented.)
(2) The local database of party information is consulted
information about the receiving SNMPv2 party
by the privDst component of the SnmpPrivMsg value
Galvin & McCloghrie [Page 18]
RFC 1445 Administrative Model for SNMPv2 April 1993
(3) If information about the receiving SNMPv2 party is
from the local database of party information,
indicates that the receiving party's operation is
realized by the local SNMPv2 entity, then the
message is discarded without further processing,
the snmpStatsUnknownDstParties counter [7]
incremented
(4) An ASN.1 OCTET STRING value is constructed (possibly
decryption, according to the privacy protocol in use
from the privData component of said SnmpPrivMsg value
In particular, if the privacy protocol recorded for
party is noPriv, then the OCTET STRING value
exactly to the privData component of the
value
(5) If the OCTET STRING value is not the
(according to the conventions of [5]) of an
value, then the received message is discarded
further processing, after the
counter [7] is incremented
(6) If the dstParty component of the authData component
the obtained SnmpAuthMsg value is not the same as
privDst component of the SnmpPrivMsg value, then
received message is discarded without further processing
after the snmpStatsDstPartyMismatches counter [7]
incremented
(7) The local database of party information is consulted
information about the originating SNMPv2 party
by the srcParty component of the authData component
the SnmpAuthMsg value
(8) If information about the originating SNMPv2 party
absent from the local database of party information,
the received message is discarded without
processing, after the snmpStatsUnknownSrcParties
[7] is incremented
(9) The obtained SnmpAuthMsg value is evaluated according
the authentication protocol and other
information associated with the originating and
SNMPv2 parties in the local database of
Galvin & McCloghrie [Page 19]
RFC 1445 Administrative Model for SNMPv2 April 1993
information
In particular, if the authentication protocol
identified as noAuth, then the SnmpAuthMsg value
always evaluated as authentic
(10) If the SnmpAuthMsg value is evaluated as unauthentic
then the received message is discarded without
processing, and if the snmpV2EnableAuthenTraps object [7]
is enabled, then the SNMPv2 entity
authorizationFailure traps [7] according to
configuration (Section 4.2.6 of[2]).
(11) The SnmpMgmtCom value is extracted from the
component of the SnmpAuthMsg value
(12) The local database of context information is
for information about the SNMPv2 context identified
the context component of the SnmpMgmtCom value
(13) If information about the SNMPv2 context is absent
the local database of context information, then
received message is discarded without further processing
after the snmpStatsUnknownContexts counter [7]
incremented
(14) The local database of access policy information
consulted for access privileges permitted by the
access policy to the originating SNMPv2 party
respect to the receiving SNMPv2 party and the
SNMPv2 context
(15) The management communication class is determined from
ASN.1 tag value associated with the PDUs component of
SnmpMgmtCom value. If the management information
of the received message is either 32, 8, 2, or 1 (i.e.,
GetBulk, Set, GetNext or Get) and the SNMPv2 context
not realized by the local SNMPv2 entity, then
received message is discarded without further processing
after the snmpStatsUnknownContexts counter [7]
incremented
(16) If the management communication class of the
message is either 128, 64 or 4 (i.e., SNMPv2-Trap
Inform, or Response) and this class is not among
Galvin & McCloghrie [Page 20]
RFC 1445 Administrative Model for SNMPv2 April 1993
access privileges, then the received message is
without further processing, after
snmpStatsBadOperations counter [7] is incremented
(17) If the management communication class of the
message is not among the access privileges, then
received message is discarded without further
after generation and transmission of a response message
This response message is directed to the
SNMPv2 party on behalf of the receiving SNMPv2 party
Its context, var-bind-list and request-id components
identical to those of the received request. Its error
index component is zero and its error-status component
authorizationError [2].
(18) If the SNMPv2 context refers to local object resources
then the management operation represented by
SnmpMgmtCom value is performed by the receiving SNMPv
entity with respect to the MIB view identified by
SNMPv2 context according to the procedures set forth
[2].
(19) If the SNMPv2 context refers to remote object resources
then the management operation represented by
SnmpMgmtCom value is performed through the
proxy relationship
3.3. Generating a
The procedure for generating a response to a SNMPv2
request is identical to the procedure for transmitting
request (see Section 3.1), with these exceptions
(1) In Step 1, the dstParty component of the
SnmpMgmtCom value is taken from the srcParty component
the original SnmpMgmtCom value; the srcParty component
the responding SnmpMgmtCom value is taken from
dstParty component of the original SnmpMgmtCom value;
context component of the responding SnmpMgmtCom value
taken from the context component of the
SnmpMgmtCom value; and, the pdu component of
responding SnmpMgmtCom value is the response
results from applying the operation specified in
original SnmpMgmtCom value
Galvin & McCloghrie [Page 21]
RFC 1445 Administrative Model for SNMPv2 April 1993
(2) In Step 7, the serialized SnmpPrivMsg value
transmitted using the transport address and
domain from which its corresponding request originated -
even if that is different from the transport
recorded in the local database of party information
Galvin & McCloghrie [Page 22]
RFC 1445 Administrative Model for SNMPv2 April 1993
4. Application of the
This section describes how the administrative model set
above is applied to realize effective network management in
variety of configurations and environments. Several types
administrative configurations are identified, and an
of each is presented
4.1. Non-Secure Minimal Agent
This section presents an example configuration for a minimal
non-secure SNMPv2 agent that interacts with one or more SNMPv
management stations. Table 2 presents information
SNMPv2 parties that is known both to the minimal agent and
the manager, while Table 3 presents similarly
information about the local access policy
As represented in Table 2, the example agent party operates
UDP port 161 at IP address 1.2.3.4 using the party
gracie; the example manager operates at UDP port 2001 at
address 1.2.3.5 using the identity george. At minimum,
non-secure SNMPv2 agent implementation must provide
administrative configuration (and non-volatile storage) of
identities and transport addresses of two SNMPv2 parties
itself and a remote peer. Strictly speaking,
information about these two parties (including access
information) need not be configurable
Galvin & McCloghrie [Page 23]
RFC 1445 Administrative Model for SNMPv2 April 1993
Identity gracie
(agent) (manager
Domain snmpUDPDomain
Address 1.2.3.4, 161 1.2.3.5, 2001
Auth Prot noAuth
Auth Priv Key "" ""
Auth Pub Key "" ""
Auth Clock 0 0
Auth Lifetime 0 0
Priv Prot noPriv
Priv Priv Key "" ""
Priv Pub Key "" ""
Table 2: Party Information for Minimal
Target Subject Context
gracie george local 35 (Get, GetNext & GetBulk
george gracie local 132 (Response & SNMPv2-Trap
Table 3: Access Information for Minimal
Suppose that the managing party george wishes to
management information about the SNMPv2 context named "local
held by the agent named gracie by issuing a SNMPv2
request message. The manager consults its local database
party information. Because the authentication protocol
the party george is recorded as noAuth, the GetNext
message generated by the manager is not authenticated as
origin and integrity. Because, according to the manager'
local database of party information, the privacy protocol
the party gracie is noPriv, the GetNext request message is
protected from disclosure. Rather, it is simply assembled
serialized, and transmitted to the transport address (
address 1.2.3.4, UDP port 161) associated in the manager'
local database of party information with the party gracie
When the GetNext request message is received at the agent,
identity of the party to which it is directed (gracie)
Galvin & McCloghrie [Page 24]
RFC 1445 Administrative Model for SNMPv2 April 1993
extracted from the message, and the receiving entity
its local database of party information. Because the
protocol for the party gracie is recorded as noPriv,
received message is assumed not to be protected
disclosure. Similarly, the identity of the originating
(george) is extracted, and the local database of
information is consulted. Because the authentication
for the party george is recorded as noAuth, the
message is immediately accepted as authentic
The received message is fully processed only if the agent'
local database of access policy information authorizes
request communications by the party george to the agent
gracie with respect to the SNMPv2 context "local".
database of access policy information presented as Table 3
authorizes such communications (as well as Get and
operations).
When the received request is processed, a Response message
generated which references the SNMPv2 context "local"
identifies gracie as the source party and george, the
from which the request originated, as the destination party
Because the authentication protocol for gracie is recorded
the local database of party information as noAuth,
generated Response message is not authenticated as to
or integrity. Because, according to the local database
party information, the privacy protocol for the party
is noPriv, the response message is not protected
disclosure. The response message is transmitted to
transport address from which the corresponding
originated - without regard for the transport
associated with george in the local database of
information
When the generated response is received by the manager,
identity of the party to which it is directed (george)
extracted from the message, and the manager consults its
database of party information. Because the privacy
for the party george is recorded as noPriv, the
response is assumed not to be protected from disclosure
Similarly, the identity of the originating party (gracie)
extracted, and the local database of party information
consulted. Because the authentication protocol for the
gracie is recorded as noAuth, the received response
immediately accepted as authentic
Galvin & McCloghrie [Page 25]
RFC 1445 Administrative Model for SNMPv2 April 1993
The received message is fully processed only if the manager'
local database of access policy information
Response communications from the party gracie to the
party george which reference the SNMPv2 context "local".
database of access policy information presented as Table 3
authorizes such Response messages (as well as SNMPv2-
messages).
4.2. Secure Minimal Agent
This section presents an example configuration for a secure
minimal SNMPv2 agent that interacts with a single SNMPv
management station. Table 4 presents information about SNMPv
parties that is known both to the minimal agent and to
manager, while Table 5 presents similarly common
about the local access policy
The interaction of manager and agent in this configuration
very similar to that sketched above for the non-secure
agent - except that all protocol messages are authenticated
to origin and integrity and protected from disclosure.
example requires encryption in order to support
of secret keys via the SNMPv2 itself. A more
example comprising an additional pair of SNMPv2 parties
support the exchange of non-secret information
authenticated messages without incurring the cost
encryption
An actual secure agent configuration may require SNMPv
parties for which the authentication and privacy protocols
noAuth and noPriv, respectively, in order to support
synchronization (see [6]). For clarity, these
parties are not represented in this example
Galvin & McCloghrie [Page 26]
RFC 1445 Administrative Model for SNMPv2 April 1993
Identity ollie
(agent) (manager
Domain snmpUDPDomain
Address 1.2.3.4, 161 1.2.3.5, 2001
Auth Prot v2md5AuthProtocol v2md5
Auth Priv Key "0123456789ABCDEF" "GHIJKL0123456789"
Auth Pub Key "" ""
Auth Clock 0 0
Auth Lifetime 300 300
Priv Prot desPrivProtocol
Priv Priv Key "MNOPQR0123456789" "STUVWX0123456789"
Priv Pub Key "" ""
Table 4: Party Information for Secure Minimal
Target Subject Context
ollie stan local 35 (Get, GetNext & GetBulk
stan ollie local 132 (Response & SNMPv2-Trap
Table 5: Access Information for Secure Minimal
As represented in Table 4, the example agent party operates
UDP port 161 at IP address 1.2.3.4 using the party
ollie; the example manager operates at UDP port 2001 at
address 1.2.3.5 using the identity stan. At minimum, a
SNMPv2 agent implementation must provide for
configuration (and non-volatile storage) of
information about two SNMPv2 parties: itself and a
peer. Both ollie and stan authenticate all messages that
generate by using the SNMPv2 authentication
v2md5AuthProtocol and their distinct, private
keys. Although these private authentication key
("0123456789ABCDEF" and "GHIJKL0123456789") are presented
for expository purposes, knowledge of private
keys is not normally afforded to human beings and is
to those portions of the protocol implementation that
it
Galvin & McCloghrie [Page 27]
RFC 1445 Administrative Model for SNMPv2 April 1993
When using the v2md5AuthProtocol, the public
key for each SNMPv2 party is never used in authentication
verification of SNMPv2 exchanges. Also, because
v2md5AuthProtocol is symmetric in character, the
authentication key for each party must be known to
SNMPv2 party with which authenticated communication
desired. In contrast, asymmetric (public key)
protocols would not depend upon sharing of a private key
their operation
All protocol messages generated for transmission to the
stan are encrypted using the desPrivProtocol privacy
and the private key "STUVWX0123456789"; they are
upon reception according to the same protocol and key
Similarly, all messages generated for transmission to
party ollie are encrypted using the desPrivProtocol
and private privacy key "MNOPQR0123456789"; they
correspondingly decrypted on reception. As
authentication keys, knowledge of private privacy keys is
normally afforded to human beings and is confined to
portions of the protocol implementation that require it
4.3. MIB View
This section describes a convention for the definition of
views and, using that convention, presents
configurations of MIB views for SNMPv2 contexts that refer
local object resources
A MIB view is defined by a collection of view subtrees (
Section 2.6), and any MIB view may be represented in this way
Because MIB view definitions may, in certain cases, comprise
very large number of view subtrees, a convention
abbreviating MIB view definitions is desirable
The convention adopted in [4] supports abbreviation of
view definitions in terms of families of view subtrees
are either included in or excluded from the definition of
relevant MIB view. By this convention, a table
maintained by each SNMPv2 entity defines the MIB
associated with each SNMPv2 context that refers to
object resources. Each entry in the table represents a
of view subtrees that (according to the type of that entry)
either included in or excluded from the MIB view of
Galvin & McCloghrie [Page 28]
RFC 1445 Administrative Model for SNMPv2 April 1993
SNMPv2 context. Each table entry represents a subtree
as a pairing of an OBJECT IDENTIFIER value (called the
name) together with a bitstring value (called the
mask). The family mask indicates which sub-identifiers of
associated family name are significant to the definition
the represented subtree family. For each possible MIB
instance, that instance belongs to the view subtree
represented by a particular table entry
o the OBJECT IDENTIFIER name of that MIB object
comprises at least as many sub-identifiers as does
family name for said table entry,
o each sub-identifier in the name of said MIB
instance matches the corresponding sub-identifier of
relevant family name whenever the corresponding bit
the associated family mask is non-zero
The appearance of a MIB object instance in the MIB view for
particular SNMPv2 context is related to the membership of
instance in the subtree families associated with that SNMPv
context in local table entries
o If a MIB object instance belongs to none of the
subtree families, then that instance is not in the
view for the relevant SNMPv2 context
o If a MIB object instance belongs to the subtree
represented by exactly one of the relevant table entries
then that instance is included in, or excluded from,
relevant MIB view according to the type of that entry
o If a MIB object instance belongs to the subtree
represented by more than one of the relevant
entries, then that instance is included in, or
from, the relevant MIB view according to the type of
single such table entry for which, first, the
family name comprises the greatest number of sub
identifiers, and, second, the associated family name
lexicographically greatest
The subtree family represented by a table entry for which
associated family mask is all ones corresponds to the
view subtree identified by the family name for that entry
Because the convention of [4] provides for implicit
Galvin & McCloghrie [Page 29]
RFC 1445 Administrative Model for SNMPv2 April 1993
of family mask values with ones, the subtree
represented by a table entry with a family mask of zero
always corresponds to a single view subtree
Context Type Family Name Family
lucy included internet ''
Table 6: View Definition for Minimal
Using this convention for abbreviating MIB view definitions
some of the most common definitions of MIB views may
conveniently expressed. For example, Table 6 illustrates
MIB view definitions required for a minimal SNMPv2 entity
having a single SNMPv2 context for which the associated
view embraces all instances of all MIB objects defined
the SNMPv2 Network Management Framework. The
table has a single entry. The SNMPv2 context (lucy) for
that entry defines the MIB view is identified in the
column. The type of that entry (included) signifies that
MIB object instance belonging to the subtree
represented by that entry may appear in the MIB view for
SNMPv2 context lucy. The family name for that entry
internet, and the zero-length family mask value signifies
the relevant subtree family corresponds to the single
subtree rooted at that node
Another example of MIB view definition (see Table 7) is
of