draft-ietf-snmpv3-appl-v2-00.txt   draft-ietf-snmpv3-appl-v2-01.txt 
INTERNET-DRAFT David B. Levi INTERNET-DRAFT David B. Levi
SNMP Research, Inc. SNMP Research, Inc.
Paul Meyer Paul Meyer
Secure Computing Corporation Secure Computing Corporation
Bob Stewart Bob Stewart
Cisco Systems Cisco Systems
07 August 1998 30 September 1998
SNMPv3 Applications SNMP Applications
<draft-ietf-snmpv3-appl-v2-00.txt> <draft-ietf-snmpv3-appl-v2-01.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.'' material or to cite them other than as ``work in progress.''
To learn the current status of any Internet-Draft, please check the To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
Directories on ftp.ietf.org (US East Coast), nic.nordu.net Directories on ds.internic.net (US East Coast), nic.nordu.net
(Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
Rim). Rim).
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (date). All Rights Reserved. Copyright (C) The Internet Society (date). All Rights Reserved.
Abstract Abstract
This memo describes five types of SNMP applications which make use of This memo describes five types of SNMP applications which make use of
an SNMP engine as described in [SNMP-ARCH]. The types of application an SNMP engine as described in [SNMP-ARCH]. The types of application
described are Command Generators, Command Responders, Notification described are Command Generators, Command Responders, Notification
Originators, Notification Receivers, and Proxy Forwarders. Originators, Notification Receivers, and Proxy Forwarders.
This memo also defines MIB modules for specifying targets of This memo also defines MIB modules for specifying targets of
management operations, for notification filtering, and for proxy management operations, for notification filtering, and for proxy
forwarding. forwarding.
This memo will obsolete RFC2273.
Table Of Contents Table Of Contents
1 Overview ..................................................... 3 1 Overview ..................................................... 4
1.1 Command Generator Applications ............................. 3 1.1 Command Generator Applications ............................. 4
1.2 Command Responder Applications ............................. 3 1.2 Command Responder Applications ............................. 4
1.3 Notification Originator Applications ....................... 4 1.3 Notification Originator Applications ....................... 5
1.4 Notification Receiver Applications ......................... 4 1.4 Notification Receiver Applications ......................... 5
1.5 Proxy Forwarder Applications ............................... 4 1.5 Proxy Forwarder Applications ............................... 5
2 Management Targets ........................................... 6 2 Management Targets ........................................... 7
3 Elements Of Procedure ........................................ 6 3 Elements Of Procedure ........................................ 7
3.1 Command Generator Applications ............................. 6 3.1 Command Generator Applications ............................. 7
3.2 Command Responder Applications ............................. 10 3.2 Command Responder Applications ............................. 11
3.3 Notification Originator Applications ....................... 16 3.3 Notification Originator Applications ....................... 17
3.4 Notification Receiver Applications ......................... 19 3.4 Notification Receiver Applications ......................... 21
3.5 Proxy Forwarder Applications ............................... 21 3.5 Proxy Forwarder Applications ............................... 23
3.5.1 Request Forwarding ....................................... 22 3.5.1 Request Forwarding ....................................... 24
3.5.1.1 Processing an Incoming Request ......................... 22 3.5.1.1 Processing an Incoming Request ......................... 24
3.5.1.2 Processing an Incoming Response ........................ 25 3.5.1.2 Processing an Incoming Response ........................ 27
3.5.1.3 Processing an Incoming Report Indication ............... 26 3.5.1.3 Processing an Incoming Report Indication ............... 28
3.5.2 Notification Forwarding .................................. 27 3.5.2 Notification Forwarding .................................. 29
4 The Structure of the MIB Modules ............................. 31 4 The Structure of the MIB Modules ............................. 33
4.1 The Management Target MIB Module ........................... 31 4.1 The Management Target MIB Module ........................... 33
4.1.1 Tag Lists ................................................ 31 4.1.1 Tag Lists ................................................ 34
4.1.2 Definitions .............................................. 32 4.1.2 Definitions .............................................. 34
4.2 The Notification MIB Module ................................ 46 4.2 The Notification MIB Module ................................ 49
4.2.1 Definitions .............................................. 46 4.2.1 Definitions .............................................. 49
4.3 The Proxy MIB Module ....................................... 59 4.3 The Proxy MIB Module ....................................... 62
4.3.1 Definitions .............................................. 59 4.3.1 Definitions .............................................. 62
5 Identification of Management Targets in Notification Origi- 5 Identification of Management Targets in Notification Origi-
nators .................................................... 66 nators .................................................... 69
6 Notification Filtering ....................................... 67 6 Notification Filtering ....................................... 70
7 Management Target Translation in Proxy Forwarder Applica- 7 Management Target Translation in Proxy Forwarder Applica-
tions ..................................................... 69 tions ..................................................... 72
7.1 Management Target Translation for Request Forwarding ....... 69 7.1 Management Target Translation for Request Forwarding ....... 72
7.2 Management Target Translation for Notification Forwarding 7.2 Management Target Translation for Notification Forwarding
........................................................... 70 ........................................................... 73
8 Intellectual Property ........................................ 71 8 Intellectual Property ........................................ 74
9 Acknowledgments .............................................. 71 9 Acknowledgments .............................................. 74
10 Security Considerations ..................................... 72 10 Security Considerations ..................................... 75
11 References .................................................. 74 11 References .................................................. 77
12 Editor's Address ............................................ 76 12 Editor's Address ............................................ 79
A. Trap Configuration Example .................................. 77 A. Trap Configuration Example .................................. 80
B. Full Copyright Statement .................................... 79 B. Full Copyright Statement .................................... 82
1. Overview 1. Overview
This document describes five types of SNMP applications: This document describes five types of SNMP applications:
- Applications which initiate SNMP Get, GetNext, GetBulk, and/or - Applications which initiate SNMP Get, GetNext, GetBulk, and/or
Set requests, called 'command generators.' Set requests, called 'command generators.'
- Applications which respond to SNMP Get, GetNext, GetBulk, - Applications which respond to SNMP Get, GetNext, GetBulk,
and/or Set requests, called 'command responders.' and/or Set requests, called 'command responders.'
skipping to change at page 3, line 29 skipping to change at page 4, line 29
receivers.' receivers.'
- Applications which forward SNMP Get, GetNext, GetBulk, and/or - Applications which forward SNMP Get, GetNext, GetBulk, and/or
Set requests or notifications, called 'proxy forwarder.' Set requests or notifications, called 'proxy forwarder.'
Note that there are no restrictions on which types of applications Note that there are no restrictions on which types of applications
may be associated with a particular SNMP engine. For example, a may be associated with a particular SNMP engine. For example, a
single SNMP engine may, in fact, be associated with both command single SNMP engine may, in fact, be associated with both command
generator and command responder applications. generator and command responder applications.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
1.1. Command Generator Applications 1.1. Command Generator Applications
A command generator application initiates SNMP Get, GetNext, GetBulk, A command generator application initiates SNMP Get, GetNext, GetBulk,
and/or Set requests, as well as processing the response to a request and/or Set requests, as well as processing the response to a request
which it generated. which it generated.
1.2. Command Responder Applications 1.2. Command Responder Applications
A command responder application receives SNMP Get, GetNext, GetBulk, A command responder application receives SNMP Get, GetNext, GetBulk,
and/or Set requests destined for the local system as indicated by the and/or Set requests destined for the local system as indicated by the
skipping to change at page 17, line 5 skipping to change at page 18, line 5
MIB instrumentation within the relevant MIB view. The relevant MIB MIB instrumentation within the relevant MIB view. The relevant MIB
view is determined by the securityLevel, securityModel, view is determined by the securityLevel, securityModel,
contextName, and securityName of the management target. To contextName, and securityName of the management target. To
determine whether a particular object instance is within the determine whether a particular object instance is within the
relevant MIB view, the isAccessAllowed abstract service interface relevant MIB view, the isAccessAllowed abstract service interface
is used, in the same manner as described in the preceding section. is used, in the same manner as described in the preceding section.
If the statusInformation returned by isAccessAllowed does not If the statusInformation returned by isAccessAllowed does not
indicate accessAllowed, the notification is not sent to the indicate accessAllowed, the notification is not sent to the
management target. management target.
(3) A PDU is constructed using a locally unique request-id value, an (3) The NOTIFICATION-TYPE OBJECT IDENTIFIER of the notification (this
is the value of the element of the variable bindings whose name is
snmpTrapOID.0, i.e., the second variable binding) is checked using
the isAccessAllowed abstract service interface, using the same
parameters used in the preceding step. If the statusInformation
returned by isAccessAllowed does not indicate accessAllowed, the
notification is not sent to the management target.
(4) A PDU is constructed using a locally unique request-id value, an
operation type of SNMPv2-Trap or Inform, an error-status and operation type of SNMPv2-Trap or Inform, an error-status and
error-index value of 0, and the variable-bindings supplied error-index value of 0, and the variable-bindings supplied
previously in step (2). previously in step (2).
(4) If the notification contains an SNMPv2-Trap PDU, the Dispatcher is (5) If the notification contains an SNMPv2-Trap PDU, the Dispatcher is
called using the following abstract service interface: called using the following abstract service interface:
statusInformation = -- sendPduHandle if success statusInformation = -- sendPduHandle if success
-- errorIndication if failure -- errorIndication if failure
sendPdu( sendPdu(
IN transportDomain -- transport domain to be used IN transportDomain -- transport domain to be used
IN transportAddress -- destination network address IN transportAddress -- destination network address
IN messageProcessingModel -- typically, SNMP version IN messageProcessingModel -- typically, SNMP version
IN securityModel -- Security Model to use IN securityModel -- Security Model to use
IN securityName -- on behalf of this principal IN securityName -- on behalf of this principal
skipping to change at page 18, line 12 skipping to change at page 19, line 20
- The pduVersion is the version of the PDU to be sent. - The pduVersion is the version of the PDU to be sent.
- The PDU is the value constructed in step (3) above. - The PDU is the value constructed in step (3) above.
- The expectResponse argument indicates that no response is - The expectResponse argument indicates that no response is
expected. expected.
Otherwise, Otherwise,
(5) If the notification contains an Inform PDU, then: (6) If the notification contains an Inform PDU, then:
a) The Dispatcher is called using the sendPdu abstract service a) The Dispatcher is called using the sendPdu abstract service
interface as described in step (4) above, except that the interface as described in step (4) above, except that the
expectResponse argument indicates that a response is expected. expectResponse argument indicates that a response is expected.
b) The application caches information about the management b) The application caches information about the management
target. target.
c) If a response is received within an appropriate time interval c) If a response is received within an appropriate time interval
from the transport endpoint of the management target, the from the transport endpoint of the management target, the
skipping to change at page 23, line 45 skipping to change at page 25, line 45
- The statusInformation indicates that an error occurred and - The statusInformation indicates that an error occurred and
includes the OID and value of the snmpProxyDrops object. includes the OID and value of the snmpProxyDrops object.
Processing of the message stops at this point. Otherwise, Processing of the message stops at this point. Otherwise,
(3) A new PDU is constructed. A unique value of request-id should be (3) A new PDU is constructed. A unique value of request-id should be
used in the new PDU (this value will enable a subsequent response used in the new PDU (this value will enable a subsequent response
message to be correlated with this request). The remainder of the message to be correlated with this request). The remainder of the
new PDU is identical to the received PDU, unless the incoming SNMP new PDU is identical to the received PDU, unless the incoming SNMP
version is SNMPv2 or SNMPv3 and the outgoing SNMP version is version and the outgoing SNMP version support different PDU
SNMPv1, in which case the proxy forwarder must apply the versions, in which case the proxy forwarder may need to perform a
translation rules as documented in [RFC1908]. translation on the PDU (A method for performing such a translation
is described in [COEX].)
(4) The proxy forwarder calls the Dispatcher to generate the forwarded (4) The proxy forwarder calls the Dispatcher to generate the forwarded
message, using the sendPdu abstract service interface. The message, using the sendPdu abstract service interface. The
parameters are: parameters are:
- The transportDomain is that of the outgoing management target. - The transportDomain is that of the outgoing management target.
- The transportAddress is that of the outgoing management - The transportAddress is that of the outgoing management
target. target.
skipping to change at page 25, line 35 skipping to change at page 27, line 37
of sendPduHandle, contextEngineID, contextName, outgoing management of sendPduHandle, contextEngineID, contextName, outgoing management
target information, and the request-id contained in the received target information, and the request-id contained in the received
PDU (the proxy forwarder must extract the request-id for this PDU (the proxy forwarder must extract the request-id for this
purpose). If an appropriate cache entry cannot be found, purpose). If an appropriate cache entry cannot be found,
processing of the response is halted. Otherwise: processing of the response is halted. Otherwise:
(2) The cache information is extracted, and removed from the cache. (2) The cache information is extracted, and removed from the cache.
(3) A new Response PDU is constructed, using the request-id value from (3) A new Response PDU is constructed, using the request-id value from
the original forwarded request (as extracted from the cache). All the original forwarded request (as extracted from the cache). All
other values are identical to those in the received Response PDU. other values are identical to those in the received Response PDU,
unless the incoming SNMP version and the outgoing SNMP version
(4) If the incoming SNMP version is SNMPv1 and the outgoing SNMP support different PDU versions, in which case the proxy forwarder
version is SNMPv2 or SNMPv3, the proxy forwarder must apply the may need to perform a translation on the PDU. (A method for
translation rules documented in [RFC1908]. performing such a translation is described in [COEX].)
(5) The proxy forwarder calls the Dispatcher using the (4) The proxy forwarder calls the Dispatcher using the
returnResponsePdu abstract service interface. Parameters are: returnResponsePdu abstract service interface. Parameters are:
- The messageProcessingModel indicates the Message Processing - The messageProcessingModel indicates the Message Processing
Model by which the original incoming message was processed. Model by which the original incoming message was processed.
- The securityModel is that of the original incoming management - The securityModel is that of the original incoming management
target extracted from the cache. target extracted from the cache.
- The securityName is that of the original incoming management - The securityName is that of the original incoming management
target extracted from the cache. target extracted from the cache.
skipping to change at page 26, line 43 skipping to change at page 28, line 46
(1) The incoming report indication is received using the (1) The incoming report indication is received using the
processResponsePdu interface. The proxy forwarder uses the processResponsePdu interface. The proxy forwarder uses the
received parameters to locate an entry in its cache of pending received parameters to locate an entry in its cache of pending
forwarded requests. This is done by matching the received forwarded requests. This is done by matching the received
parameters with the cached values of sendPduHandle. If an parameters with the cached values of sendPduHandle. If an
appropriate cache entry cannot be found, processing of the report appropriate cache entry cannot be found, processing of the report
indication is halted. Otherwise: indication is halted. Otherwise:
(2) The cache information is extracted, and removed from the cache. (2) The cache information is extracted, and removed from the cache.
(3) If the original incoming management target information indicates (3) If the original incoming management target information indicates an
SNMPv1, processing of the report indication is halted. SNMP version which does not support Report PDUs, processing of the
report indication is halted.
(4) The proxy forwarder calls the Dispatcher using the (4) The proxy forwarder calls the Dispatcher using the
returnResponsePdu abstract service interface. Parameters are: returnResponsePdu abstract service interface. Parameters are:
- The messageProcessingModel indicates the Message Processing - The messageProcessingModel indicates the Message Processing
Model by which the original incoming message was processed. Model by which the original incoming message was processed.
- The securityModel is that of the original incoming management - The securityModel is that of the original incoming management
target extracted from the cache. target extracted from the cache.
skipping to change at page 28, line 50 skipping to change at page 31, line 10
- The outgoing management targets previously determined are - The outgoing management targets previously determined are
used. used.
- No filtering mechanisms are applied. - No filtering mechanisms are applied.
- The variable-bindings from the original received notification - The variable-bindings from the original received notification
are used, rather than retrieving variable-bindings from local are used, rather than retrieving variable-bindings from local
MIB instrumentation. In particular, no access-control is MIB instrumentation. In particular, no access-control is
applied to these variable-bindings. applied to these variable-bindings.
- If for any of the outgoing management targets, the incoming - If the original notification contains an InformRequest PDU,
SNMP version is SNMPv1 and the outgoing SNMP version is SNMPv2 then any outgoing management targets, for which the outgoing
or SNMPv3, the proxy forwarder must apply the translation SNMP version does not support InformRequest PDUs, will not be
rules as documented in [RFC1908]. used when generating the forwarded notifications.
- If for any of the outgoing management targets, the incoming - If, for any of the outgoing management targets, the incoming
SNMP version is SNMPv2 or SNMPv3, and the outgoing SNMP SNMP version and the outgoing SNMP version support different
version is SNMPv1, this outgoing management target is not used PDU versions, the proxy forwarder may need to perform a
when generating the forwarded notifications. translation on the PDU. (A method for performing such a
translation is described in [COEX].)
(4) If the original received notification contains an SNMPv2-Trap PDU, (4) If the original received notification contains an SNMPv2-Trap PDU,
processing of the notification is now completed. Otherwise, the processing of the notification is now completed. Otherwise, the
original received notification must contain an Inform PDU, and original received notification must contain an Inform PDU, and
processing continues. processing continues.
(5) If the forwarded notifications included any Inform PDUs, processing (5) If the forwarded notifications included any Inform PDUs, processing
continues when the procedures described in the section for continues when the procedures described in the section for
Notification Originators determine that either: Notification Originators determine that either:
skipping to change at page 31, line 40 skipping to change at page 33, line 40
The first table, the snmpTargetAddrTable, contains information about The first table, the snmpTargetAddrTable, contains information about
transport domains and addresses. It also contains an object, transport domains and addresses. It also contains an object,
snmpTargetAddrTagList, which provides a mechanism for grouping snmpTargetAddrTagList, which provides a mechanism for grouping
entries. entries.
The second table, the snmpTargetParamsTable, contains information The second table, the snmpTargetParamsTable, contains information
about SNMP version and security information to be used when sending about SNMP version and security information to be used when sending
messages to particular transport domains and addresses. messages to particular transport domains and addresses.
The Management Target MIB is intended to provide a general-purpose
mechanism for specifying transport address, and for specifying
parameters of SNMP messages generated by an SNMP entity. It is used
within this document for generation of notifications and for proxy
forwarding. However, it may be used for other purposes. If another
document makes use of this MIB, that document is responsible for
specifying how it is used. For example, [COEX] uses this MIB for
source address validation of SNMPv1 messages.
4.1.1. Tag Lists 4.1.1. Tag Lists
The snmpTargetAddrTagList object is used for grouping entries in the The snmpTargetAddrTagList object is used for grouping entries in the
snmpTargetAddrTable. The value of this object contains a list of tag snmpTargetAddrTable. The value of this object contains a list of tag
values which are used to select target addresses to be used for a values which are used to select target addresses to be used for a
particular operation. particular operation.
A tag value, which may also be used in MIB objects other than A tag value, which may also be used in MIB objects other than
snmpTargetAddrTagList, is an arbitrary string of octets, but may not snmpTargetAddrTagList, is an arbitrary string of octets, but may not
contain a delimiter character. Delimiter characters are defined to contain a delimiter character. Delimiter characters are defined to
skipping to change at page 33, line 17 skipping to change at page 35, line 26
SnmpMessageProcessingModel, SnmpMessageProcessingModel,
SnmpSecurityLevel, SnmpSecurityLevel,
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB FROM SNMP-FRAMEWORK-MIB
MODULE-COMPLIANCE, MODULE-COMPLIANCE,
OBJECT-GROUP OBJECT-GROUP
FROM SNMPv2-CONF; FROM SNMPv2-CONF;
snmpTargetMIB MODULE-IDENTITY snmpTargetMIB MODULE-IDENTITY
LAST-UPDATED "9711210000Z" LAST-UPDATED "9808040000Z"
ORGANIZATION "IETF SNMPv3 Working Group" ORGANIZATION "IETF SNMPv3 Working Group"
CONTACT-INFO CONTACT-INFO
"WG-email: snmpv3@tis.com "WG-email: snmpv3@tis.com
Subscribe: majordomo@tis.com Subscribe: majordomo@tis.com
In message body: subscribe snmpv3 In message body: subscribe snmpv3
Chair: Russ Mundy Chair: Russ Mundy
Trusted Information Systems Trusted Information Systems
Postal: 3060 Washington Rd Postal: 3060 Washington Rd
Glenwood MD 21738 Glenwood MD 21738
skipping to change at page 34, line 4 skipping to change at page 36, line 13
Postal: 2675 Long Lake Road Postal: 2675 Long Lake Road
Roseville, MN 55113 Roseville, MN 55113
E-mail: paul_meyer@securecomputing.com E-mail: paul_meyer@securecomputing.com
Phone: +1 612 628 1592 Phone: +1 612 628 1592
Co-editor: Bob Stewart Co-editor: Bob Stewart
Cisco Systems, Inc. Cisco Systems, Inc.
Postal: 170 West Tasman Drive Postal: 170 West Tasman Drive
San Jose, CA 95134-1706 San Jose, CA 95134-1706
E-mail: bstewart@cisco.com E-mail: bstewart@cisco.com
Phone: +1 603 654 6923" Phone: +1 603 654 2686"
DESCRIPTION DESCRIPTION
"This MIB module defines MIB objects which provide "This MIB module defines MIB objects which provide
mechanisms to remotely configure the parameters used mechanisms to remotely configure the parameters used
by an SNMP entity for the generation of SNMP messages." by an SNMP entity for the generation of SNMP messages."
REVISION "9808070000Z" REVISION "9808040000Z"
DESCRIPTION "Clarifications, published as RFCxxxx." DESCRIPTION "Clarifications, published as
draft-ietf-snmpv3-appl-v2-01.txt."
REVISION "9707140000Z" REVISION "9707140000Z"
DESCRIPTION "The initial revision, published as RFC2273." DESCRIPTION "The initial revision, published as RFC2273."
::= { snmpModules 12 } ::= { snmpModules 12 }
snmpTargetObjects OBJECT IDENTIFIER ::= { snmpTargetMIB 1 } snmpTargetObjects OBJECT IDENTIFIER ::= { snmpTargetMIB 1 }
snmpTargetConformance OBJECT IDENTIFIER ::= { snmpTargetMIB 3 } snmpTargetConformance OBJECT IDENTIFIER ::= { snmpTargetMIB 3 }
SnmpTagValue ::= TEXTUAL-CONVENTION SnmpTagValue ::= TEXTUAL-CONVENTION
DISPLAY-HINT "255a" DISPLAY-HINT "255a"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An octet string containing a tag value. "An octet string containing a tag value.
Tag values are preferably in human-readable form. Tag values are preferably in human-readable form.
To facilitate internationalization, this information To facilitate internationalization, this information
is represented using the ISO/IEC IS 10646-1 character is represented using the ISO/IEC IS 10646-1 character
set, encoded as an octet string using the UTF-8 set, encoded as an octet string using the UTF-8
character encoding scheme described in RFC 2044. character encoding scheme described in RFC 2279.
Since additional code points are added by amendments Since additional code points are added by amendments
to the 10646 standard from time to time, to the 10646 standard from time to time,
implementations must be prepared to encounter any code implementations must be prepared to encounter any code
point from 0x00000000 to 0x7fffffff. point from 0x00000000 to 0x7fffffff.
The use of control codes should be avoided, and certain The use of control codes should be avoided, and certain
control codes are not allowed as described below. control codes are not allowed as described below.
For code points not directly supported by user For code points not directly supported by user
skipping to change at page 35, line 47 skipping to change at page 38, line 10
SnmpTagList ::= TEXTUAL-CONVENTION SnmpTagList ::= TEXTUAL-CONVENTION
DISPLAY-HINT "255a" DISPLAY-HINT "255a"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An octet string containing a list of tag values. "An octet string containing a list of tag values.
Tag values are preferably in human-readable form. Tag values are preferably in human-readable form.
To facilitate internationalization, this information To facilitate internationalization, this information
is represented using the ISO/IEC IS 10646-1 character is represented using the ISO/IEC IS 10646-1 character
set, encoded as an octet string using the UTF-8 set, encoded as an octet string using the UTF-8
character encoding scheme described in RFC 2044. character encoding scheme described in RFC 2279.
Since additional code points are added by amendments Since additional code points are added by amendments
to the 10646 standard from time to time, to the 10646 standard from time to time,
implementations must be prepared to encounter any code implementations must be prepared to encounter any code
point from 0x00000000 to 0x7fffffff. point from 0x00000000 to 0x7fffffff.
The use of control codes should be avoided, except as The use of control codes should be avoided, except as
described below. described below.
For code points not directly supported by user For code points not directly supported by user
skipping to change at page 46, line 49 skipping to change at page 49, line 49
SnmpTagValue, SnmpTagValue,
snmpTargetParamsName snmpTargetParamsName
FROM SNMP-TARGET-MIB FROM SNMP-TARGET-MIB
MODULE-COMPLIANCE, MODULE-COMPLIANCE,
OBJECT-GROUP OBJECT-GROUP
FROM SNMPv2-CONF; FROM SNMPv2-CONF;
snmpNotificationMIB MODULE-IDENTITY snmpNotificationMIB MODULE-IDENTITY
LAST-UPDATED "9711210000Z" LAST-UPDATED "9808040000Z"
ORGANIZATION "IETF SNMPv3 Working Group" ORGANIZATION "IETF SNMPv3 Working Group"
CONTACT-INFO CONTACT-INFO
"WG-email: snmpv3@tis.com "WG-email: snmpv3@tis.com
Subscribe: majordomo@tis.com Subscribe: majordomo@tis.com
In message body: subscribe snmpv3 In message body: subscribe snmpv3
Chair: Russ Mundy Chair: Russ Mundy
Trusted Information Systems Trusted Information Systems
Postal: 3060 Washington Rd Postal: 3060 Washington Rd
Glenwood MD 21738 Glenwood MD 21738
skipping to change at page 47, line 36 skipping to change at page 50, line 36
Postal: 2675 Long Lake Road Postal: 2675 Long Lake Road
Roseville, MN 55113 Roseville, MN 55113
E-mail: paul_meyer@securecomputing.com E-mail: paul_meyer@securecomputing.com
Phone: +1 612 628 1592 Phone: +1 612 628 1592
Co-editor: Bob Stewart Co-editor: Bob Stewart
Cisco Systems, Inc. Cisco Systems, Inc.
Postal: 170 West Tasman Drive Postal: 170 West Tasman Drive
San Jose, CA 95134-1706 San Jose, CA 95134-1706
E-mail: bstewart@cisco.com E-mail: bstewart@cisco.com
Phone: +1 603 654 6923" Phone: +1 603 654 2686"
DESCRIPTION DESCRIPTION
"This MIB module defines MIB objects which provide "This MIB module defines MIB objects which provide
mechanisms to remotely configure the parameters mechanisms to remotely configure the parameters
used by an SNMP entity for the generation of used by an SNMP entity for the generation of
notifications." notifications."
REVISION "9808070000Z" REVISION "9808040000Z"
DESCRIPTION "Clarifications, published as RFCxxxx." DESCRIPTION "Clarifications, published as
draft-ietf-snmpv3-appl-v2-01.txt."
REVISION "9707140000Z" REVISION "9707140000Z"
DESCRIPTION "The initial revision, published as RFC2273." DESCRIPTION "The initial revision, published as RFC2273."
::= { snmpModules 13 } ::= { snmpModules 13 }
snmpNotifyObjects OBJECT IDENTIFIER ::= snmpNotifyObjects OBJECT IDENTIFIER ::=
{ snmpNotificationMIB 1 } { snmpNotificationMIB 1 }
snmpNotifyConformance OBJECT IDENTIFIER ::= snmpNotifyConformance OBJECT IDENTIFIER ::=
{ snmpNotificationMIB 3 } { snmpNotificationMIB 3 }
-- --
skipping to change at page 59, line 39 skipping to change at page 62, line 39
FROM SNMP-FRAMEWORK-MIB FROM SNMP-FRAMEWORK-MIB
SnmpTagValue SnmpTagValue
FROM SNMP-TARGET-MIB FROM SNMP-TARGET-MIB
MODULE-COMPLIANCE, MODULE-COMPLIANCE,
OBJECT-GROUP OBJECT-GROUP
FROM SNMPv2-CONF; FROM SNMPv2-CONF;
snmpProxyMIB MODULE-IDENTITY snmpProxyMIB MODULE-IDENTITY
LAST-UPDATED "9711210000Z" LAST-UPDATED "9808040000Z"
ORGANIZATION "IETF SNMPv3 Working Group" ORGANIZATION "IETF SNMPv3 Working Group"
CONTACT-INFO CONTACT-INFO
"WG-email: snmpv3@tis.com "WG-email: snmpv3@tis.com
Subscribe: majordomo@tis.com Subscribe: majordomo@tis.com
In message body: subscribe snmpv3 In message body: subscribe snmpv3
Chair: Russ Mundy Chair: Russ Mundy
Trusted Information Systems Trusted Information Systems
Postal: 3060 Washington Rd Postal: 3060 Washington Rd
Glenwood MD 21738 Glenwood MD 21738
skipping to change at page 60, line 26 skipping to change at page 63, line 26
Postal: 2675 Long Lake Road Postal: 2675 Long Lake Road
Roseville, MN 55113 Roseville, MN 55113
E-mail: paul_meyer@securecomputing.com E-mail: paul_meyer@securecomputing.com
Phone: +1 612 628 1592 Phone: +1 612 628 1592
Co-editor: Bob Stewart Co-editor: Bob Stewart
Cisco Systems, Inc. Cisco Systems, Inc.
Postal: 170 West Tasman Drive Postal: 170 West Tasman Drive
San Jose, CA 95134-1706 San Jose, CA 95134-1706
E-mail: bstewart@cisco.com E-mail: bstewart@cisco.com
Phone: +1 603 654 6923" Phone: +1 603 654 2686"
DESCRIPTION DESCRIPTION
"This MIB module defines MIB objects which provide "This MIB module defines MIB objects which provide
mechanisms to remotely configure the parameters mechanisms to remotely configure the parameters
used by a proxy forwarding application." used by a proxy forwarding application."
REVISION "9808070000Z" REVISION "9808040000Z"
DESCRIPTION "Clarifications, published as RFCxxxx." DESCRIPTION "Clarifications, published as
draft-ietf-snmpv3-appl-v2-01.txt."
REVISION "9707140000Z" REVISION "9707140000Z"
DESCRIPTION "The initial revision, published as RFC2273." DESCRIPTION "The initial revision, published as RFC2273."
::= { snmpModules 14 } ::= { snmpModules 14 }
snmpProxyObjects OBJECT IDENTIFIER ::= { snmpProxyMIB 1 } snmpProxyObjects OBJECT IDENTIFIER ::= { snmpProxyMIB 1 }
snmpProxyConformance OBJECT IDENTIFIER ::= { snmpProxyMIB 3 } snmpProxyConformance OBJECT IDENTIFIER ::= { snmpProxyMIB 3 }
-- --
-- --
-- The snmpProxyObjects group -- The snmpProxyObjects group
skipping to change at page 66, line 37 skipping to change at page 69, line 37
management target is not used to generate notifications. management target is not used to generate notifications.
The decision as to whether a notification should contain an SNMPv2- The decision as to whether a notification should contain an SNMPv2-
Trap or Inform PDU is determined by the value of the snmpNotifyType Trap or Inform PDU is determined by the value of the snmpNotifyType
object. If the value of this object is trap(1), the notification object. If the value of this object is trap(1), the notification
should contain an SNMPv2-Trap PDU. If the value of this object is should contain an SNMPv2-Trap PDU. If the value of this object is
inform(2), then the notification should contain an Inform PDU, and inform(2), then the notification should contain an Inform PDU, and
the timeout time and number of retries for the Inform are the value the timeout time and number of retries for the Inform are the value
of snmpTargetAddrTimeout and snmpTargetAddrRetryCount. Note that the of snmpTargetAddrTimeout and snmpTargetAddrRetryCount. Note that the
exception to these rules is when the snmpTargetParamsMPModel object exception to these rules is when the snmpTargetParamsMPModel object
indicates SNMPv1. In this case, the notification is sent as a Trap indicates an SNMP version which supports a different PDU version. In
if the value of snmpNotifyTargetType is either trap(1) or inform(2). this case, the notification may be sent using a different PDU type
([COEX] defines the PDU type in the case where the outgoing SNMP
version is SNMPv1).
6. Notification Filtering 6. Notification Filtering
This section describes the mechanisms used by a notification This section describes the mechanisms used by a notification
originator application when using the MIB module described in this originator application when using the MIB module described in this
document to filter generation of notifications. document to filter generation of notifications.
A notification originator uses the snmpNotifyFilterTable to filter A notification originator uses the snmpNotifyFilterTable to filter
notifications. A notification filter profile may be associated with notifications. A notification filter profile may be associated with
a particular entry in the snmpTargetParamsTable. The associated a particular entry in the snmpTargetParamsTable. The associated
skipping to change at page 71, line 37 skipping to change at page 74, line 37
9. Acknowledgments 9. Acknowledgments
This document is the result of the efforts of the SNMPv3 Working This document is the result of the efforts of the SNMPv3 Working
Group. Some special thanks are in order to the following SNMPv3 WG Group. Some special thanks are in order to the following SNMPv3 WG
members: members:
Dave Battle (SNMP Research, Inc.) Dave Battle (SNMP Research, Inc.)
Uri Blumenthal (IBM T.J. Watson Research Center) Uri Blumenthal (IBM T.J. Watson Research Center)
Jeff Case (SNMP Research, Inc.) Jeff Case (SNMP Research, Inc.)
John Curran (BBN) John Curran (BBN)
T. Max Devlin (Hi-TECH Connections) T. Max Devlin (Eltrax Systems)
John Flick (Hewlett Packard) John Flick (Hewlett Packard)
David Harrington (Cabletron Systems Inc.) David Harrington (Cabletron Systems Inc.)
N.C. Hien (IBM T.J. Watson Research Center) N.C. Hien (IBM T.J. Watson Research Center)
Dave Levi (SNMP Research, Inc.) Dave Levi (SNMP Research, Inc.)
Louis A Mamakos (UUNET Technologies Inc.) Louis A Mamakos (UUNET Technologies Inc.)
Paul Meyer (Secure Computing Corporation) Paul Meyer (Secure Computing Corporation)
Keith McCloghrie (Cisco Systems) Keith McCloghrie (Cisco Systems)
Russ Mundy (Trusted Information Systems, Inc.) Russ Mundy (Trusted Information Systems, Inc.)
Bob Natale (ACE*COMM Corporation) Bob Natale (ACE*COMM Corporation)
Mike O'Dell (UUNET Technologies Inc.) Mike O'Dell (UUNET Technologies Inc.)
skipping to change at page 74, line 5 skipping to change at page 76, line 8
that these applications be strict in their application of access that these applications be strict in their application of access
control as described in this document. control as described in this document.
In addition, there may be some types of notification generator In addition, there may be some types of notification generator
applications which, rather than accessing MIB instrumentation using applications which, rather than accessing MIB instrumentation using
access control, will obtain MIB information through other means (such access control, will obtain MIB information through other means (such
as from a command line). The implementors and users of such as from a command line). The implementors and users of such
applications must be responsible for not divulging MIB information applications must be responsible for not divulging MIB information
that normally would be inaccessible due to access control. that normally would be inaccessible due to access control.
Finally, the MIBs described in this document contain potentially
sensitive information. A security administrator may wish to limit
access to these MIBs.
11. References 11. References
[COEX]
The SNMPv3 Working Group, Frye, R.,Levi, D., Wijnen, B.,
"Coexistence between Version 1, Version 2, and Version 3 of the
Internet-standard Network Management Framework", draft-ietf-
snmpv3-coex-01.txt, September 1998.
[RFC1157] [RFC1157]
Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network
Management Protocol", RFC 1157, SNMP Research, Performance Systems Management Protocol", RFC 1157, SNMP Research, Performance Systems
International, Performance Systems International, MIT Laboratory International, Performance Systems International, MIT Laboratory
for Computer Science, May 1990. for Computer Science, May 1990.
[RFC1213] [RFC1213]
McCloghrie, K., and M. Rose, Editors, "Management Information Base McCloghrie, K., and M. Rose, Editors, "Management Information Base
for Network Management of TCP/IP-based internets: MIB-II", STD 17, for Network Management of TCP/IP-based internets: MIB-II", STD 17,
RFC 1213, Hughes LAN Systems, Performance Systems International, RFC 1213, Hughes LAN Systems, Performance Systems International,
skipping to change at page 75, line 6 skipping to change at page 78, line 12
Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc.,
International Network Services, January 1996. International Network Services, January 1996.
[RFC1908] [RFC1908]
SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Coexistence between Version 1 and Version 2 of the Waldbusser, "Coexistence between Version 1 and Version 2 of the
Internet-standard Network Management Framework", RFC1905, SNMP Internet-standard Network Management Framework", RFC1905, SNMP
Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc.,
International Network Services, January 1996. International Network Services, January 1996.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC2119, March 1997.
[SNMP-ARCH] [SNMP-ARCH]
The SNMPv3 Working Group, Harrington, D., Wijnen, B., "An The SNMPv3 Working Group, Harrington, D., Wijnen, B., "An
Architecture for Describing SNMP Management Frameworks", Architecture for Describing SNMP Management Frameworks", draft-
draft-ietf-snmpv3-arch-00.txt, November 1997. ietf-snmpv3-arch-01.txt, September 1998.
[SNMP-MPD] [SNMP-MPD]
The SNMPv3 Working Group, Case, J., Harrington, D., Wijnen, B., The SNMPv3 Working Group, Case, J., Harrington, D., Wijnen, B.,
"Message Processing and Dispatching for the Simple Network "Message Processing and Dispatching for the Simple Network
Management Protocol (SNMP)", draft-ietf-snmpv3-v3mpc-model-07.txt, Management Protocol (SNMP)", draft-ietf-snmpv3-mpc-01.txt,
November 1997. September 1998.
[SNMP-ACM] [SNMP-ACM]
The SNMPv3 Working Group, Wijnen, B., Presuhn, R., McCloghrie, K., The SNMPv3 Working Group, Wijnen, B., Presuhn, R., McCloghrie, K.,
"View-based Access Control Model for the Simple Network Management "View-based Access Control Model for the Simple Network Management
Protocol (SNMP)", draft-ietf-snmpv3-vacm-00.txt, November 1997. Protocol (SNMP)", draft-ietf-snmpv3-vacm-01.txt, September 1998.
12. Editor's Address 12. Editor's Address
David B. Levi David B. Levi
SNMP Research, Inc. SNMP Research, Inc.
3001 Kimberlin Heights Road 3001 Kimberlin Heights Road
Knoxville, TN 37920-9716 Knoxville, TN 37920-9716
U.S.A. U.S.A.
Phone: +1 423 573 1434 Phone: +1 423 573 1434
EMail: levi@snmp.com EMail: levi@snmp.com
skipping to change at page 76, line 28 skipping to change at page 79, line 28
Roseville, MN 55113 Roseville, MN 55113
U.S.A. U.S.A.
Phone: +1 612 628 1592 Phone: +1 612 628 1592
EMail: paul_meyer@securecomputing.com EMail: paul_meyer@securecomputing.com
Bob Stewart Bob Stewart
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134-1706 San Jose, CA 95134-1706
U.S.A. U.S.A.
Phone: +1 603 654 6923 Phone: +1 603 654 2686
EMail: bstewart@cisco.com EMail: bstewart@cisco.com
APPENDIX A - Trap Configuration Example APPENDIX A - Trap Configuration Example
This section describes an example configuration for a Notification This section describes an example configuration for a Notification
Generator application which implements the snmpNotifyBasicCompliance Generator application which implements the snmpNotifyBasicCompliance
level. The example configuration specifies that the Notification level. The example configuration specifies that the Notification
Generator should send notifications to 3 separate managers, using Generator should send notifications to 3 separate managers, using
authentication and no privacy for the first 2 managers, and using authentication and no privacy for the first 2 managers, and using
both authentication and privacy for the third manager. both authentication and privacy for the third manager.
 End of changes. 39 change blocks. 
87 lines changed or deleted 132 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/