rfc1351.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 1,542 行 · 第 1/5 页
TXT
1,542 行
By definition, the operation of a SNMP protocol entity requires no
concurrency between processing of any single protocol message (by a
particular SNMP party) and processing of any other protocol message
(by a potentially different SNMP party). Accordingly, implementation
of a SNMP protocol entity to support more than one party need not be
multi-threaded. However, there may be situations where implementors
may choose to use multi-threading.
Architecturally, every SNMP entity maintains a local database that
represents all SNMP parties known to it -- those whose operation is
realized locally, those whose operation is realized by proxy
interactions with remote parties or devices, and those whose
operation is realized by remote entities. In addition, every SNMP
protocol entity maintains a local database that represents an access
control policy (see Section 3.11) that defines the access privileges
accorded to known SNMP parties.
3.3 SNMP Management Station
A SNMP management station is the operational role assumed by a SNMP
party when it initiates SNMP management operations by the generation
of appropriate SNMP protocol messages or when it receives and
processes trap notifications.
Sometimes, the term SNMP management station is applied to partial
Davin, Galvin, & McCloghrie [Page 6]
RFC 1351 SNMP Administrative Model July 1992
implementations of the SNMP (in graphics workstations, for example)
that focus upon this operational role. Such partial implementations
may provide for convenient, local invocation of management services,
but they may provide little or no support for performing SNMP
management operations on behalf of remote protocol users.
3.4 SNMP Agent
A SNMP agent is the operational role assumed by a SNMP party when it
performs SNMP management operations in response to received SNMP
protocol messages such as those generated by a SNMP management
station (see Section 3.3).
Sometimes, the term SNMP agent is applied to partial implementations
of the SNMP (in embedded systems, for example) that focus upon this
operational role. Such partial implementations provide for
realization of SNMP management operations on behalf of remote users
of management services, but they may provide little or no support for
local invocation of such services.
3.5 View Subtree
A view subtree is the set of all MIB object instances which have a
common ASN.1 OBJECT IDENTIFIER prefix to their names. A view subtree
is identified by the OBJECT IDENTIFIER value which is the longest
OBJECT IDENTIFIER prefix common to all (potential) MIB object
instances in that subtree.
3.6 MIB View
A MIB view is a subset of the set of all instances of all object
types defined according to the Internet-standard SMI [2] (i.e., of
the universal set of all instances of all MIB objects), subject to
the following constraints:
o Each element of a MIB view is uniquely named by an
ASN.1 OBJECT IDENTIFIER value. As such,
identically named instances of a particular object type
(e.g., in different agents) must be contained within
different MIB views. That is, a particular object
instance name resolves within a particular MIB view to
at most one object instance.
o Every MIB view is defined as a collection of view
subtrees.
Davin, Galvin, & McCloghrie [Page 7]
RFC 1351 SNMP Administrative Model July 1992
3.7 SNMP Management Communication
A SNMP management communication is a communication from one specified
SNMP party to a second specified SNMP party about management
information that is represented in the MIB view of the appropriate
party. In particular, a SNMP management communication may be
o a query by the originating party about information in
the MIB view of the addressed party (e.g., getRequest
and getNextRequest),
o an indicative assertion to the addressed party about
information in the MIB view of the originating party
(e.g., getResponse or trapNotification), or
o an imperative assertion by the originating party about
information in the MIB view of the addressed party
(e.g., setRequest).
A management communication is represented by an ASN.1 value with the
syntax
SnmpMgmtCom ::= [1] IMPLICIT SEQUENCE {
dstParty
OBJECT IDENTIFIER,
srcParty
OBJECT IDENTIFIER,
pdu
PDUs
}
For each SnmpMgmtCom value that represents a SNMP management
communication, the following statements are true:
o Its dstParty component is called the destination and
identifies the SNMP party to which the communication
is directed.
o Its srcParty component is called the source and
identifies the SNMP party from which the
communication is originated.
o Its pdu component has the form and significance
attributed to it in [1].
Davin, Galvin, & McCloghrie [Page 8]
RFC 1351 SNMP Administrative Model July 1992
3.8 SNMP Authenticated Management Communication
A SNMP authenticated management communication is a SNMP management
communication (see Section 3.7) for which the originating SNMP party
is (possibly) reliably identified and for which the integrity of the
transmission of the communication is (possibly) protected. An
authenticated management communication is represented by an ASN.1
value with the syntax
SnmpAuthMsg ::= [1] IMPLICIT SEQUENCE {
authInfo
ANY, - defined by authentication protocol
authData
SnmpMgmtCom
}
For each SnmpAuthMsg value that represents a SNMP authenticated
management communication, the following statements are true:
o Its authInfo component is called the authentication
information and represents information required in
support of the authentication protocol used by the
SNMP party originating the message. The detailed
significance of the authentication information is specific
to the authentication protocol in use; it has no effect on
the application semantics of the communication other
than its use by the authentication protocol in
determining whether the communication is authentic or
not.
o Its authData component is called the authentication
data and represents a SNMP management
communication.
3.9 SNMP Private Management Communication
A SNMP private management communication is a SNMP authenticated
management communication (see Section 3.8) that is (possibly)
protected from disclosure. A private management communication is
represented by an ASN.1 value with the syntax
Davin, Galvin, & McCloghrie [Page 9]
RFC 1351 SNMP Administrative Model July 1992
SnmpPrivMsg ::= [1] IMPLICIT SEQUENCE {
privDst
OBJECT IDENTIFIER,
privData
[1] IMPLICIT OCTET STRING
}
For each SnmpPrivMsg value that represents a SNMP private management
communication, the following statements are true:
o Its privDst component is called the privacy destination
and identifies the SNMP party to which the
communication is directed.
o Its privData component is called the privacy data and
represents the (possibly encrypted) serialization
(according to the conventions of [3] and [1]) of a SNMP
authenticated management communication (see
Section 3.8).
3.10 SNMP Management Communication Class
A SNMP management communication class corresponds to a specific SNMP
PDU type defined in [1]. A management communication class is
represented by an ASN.1 INTEGER value according to the type of the
identifying PDU (see Table 1).
Get 1
GetNext 2
GetResponse 4
Set 8
Trap 16
Table 1: Management Communication Classes
The value by which a communication class is represented is computed
as 2 raised to the value of the ASN.1 context-specific tag for the
appropriate SNMP PDU.
A set of management communication classes is represented by the ASN.1
INTEGER value that is the sum of the representations of the
communication classes in that set. The null set is represented by the
value zero.
Davin, Galvin, & McCloghrie [Page 10]
RFC 1351 SNMP Administrative Model July 1992
3.11 SNMP Access Control Policy
A SNMP access control policy is a specification of a local access
policy in terms of the network management communication classes which
are authorized between pairs of SNMP parties. Architecturally, such a
specification comprises three parts:
o the targets of SNMP access control - the SNMP parties
that may perform management operations as requested
by management communications received from other
parties,
o the subjects of SNMP access control - the SNMP parties
that may request, by sending management
communications to other parties, that management
operations be performed, and
o the policy that specifies the classes of SNMP
management communications that a particular target is
authorized to accept from a particular subject.
Access to individual MIB object instances is determined implicitly
since by definition each (target) SNMP party performs operations on
exactly one MIB view. Thus, defining the permitted access of a
(reliably) identified subject party to a particular target party
effectively defines the access permitted by that subject to that
target's MIB view and, accordingly, to particular MIB object
instances.
Conceptually, a SNMP access policy is represented by a collection of
ASN.1 values with the following syntax:
AclEntry ::= SEQUENCE {
aclTarget
OBJECT IDENTIFIER,
aclSubject
OBJECT IDENTIFIER,
aclPrivileges
INTEGER
}
For each such value that represents one part of a SNMP access policy,
the following statements are true:
Davin, Galvin, & McCloghrie [Page 11]
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?