📄 rfc1447.txt
字号:
Network Working Group K. McCloghrie Request for Comments: 1447 Hughes LAN Systems J. Galvin Trusted Information Systems April 1993 Party MIB for version 2 of the Simple Network Management Protocol (SNMPv2) Status of this Memo This RFC specifes an IAB standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "IAB Official Protocol Standards" for the standardization state and status of this protocol. Distribution of this memo is unlimited. Table of Contents 1 Introduction .......................................... 2 1.1 A Note on Terminology ............................... 2 2 Definitions ........................................... 3 3.1 Textual Conventions ................................. 4 3.2 Administrative Assignments .......................... 7 3.2.1 Initial Party and Context Identifiers ............. 8 3.3 Object Assignments .................................. 16 3.4 The SNMPv2 Party Database Group ..................... 16 3.5 The SNMPv2 Contexts Database Group .................. 29 3.5 The SNMPv2 Access Privileges Database Group ......... 36 3.6 The MIB View Database Group ......................... 40 3.7 Conformance Information ............................. 45 3.7.1 Compliance Statements ............................. 45 3.7.2 Units of Conformance .............................. 47 3 Acknowledgments ....................................... 48 4 References ............................................ 49 5 Security Considerations ............................... 50 6 Authors' Addresses .................................... 50 Galvin & McCloghrie [Page 1]
RFC 1447 Party MIB for SNMPv2 April 1993 1. Introduction A network management system contains: several (potentially many) nodes, each with a processing entity, termed an agent, which has access to management instrumentation; at least one management station; and, a management protocol, used to convey management information between the agents and management stations. Operations of the protocol are carried out under an administrative framework which defines both authentication and authorization policies. Network management stations execute management applications which monitor and control network elements. Network elements are devices such as hosts, routers, terminal servers, etc., which are monitored and controlled through access to their management information. Management information is viewed as a collection of managed objects, residing in a virtual information store, termed the Management Information Base (MIB). Collections of related objects are defined in MIB modules. These modules are written using a subset of OSI's Abstract Syntax Notation One (ASN.1) [1], termed the Structure of Management Information (SMI) [2]. The Administrative Model for SNMPv2 document [3] defines the properties associated with SNMPv2 parties, SNMPv2 contexts, and access control policies. It is the purpose of this document, the Party MIB for SNMPv2, to define managed objects which correspond to these properties. 1.1. A Note on Terminology For the purpose of exposition, the original Internet-standard Network Management Framework, as described in RFCs 1155, 1157, and 1212, is termed the SNMP version 1 framework (SNMPv1). The current framework is termed the SNMP version 2 framework (SNMPv2). Galvin & McCloghrie [Page 2]
RFC 1447 Party MIB for SNMPv2 April 1993 2. Definitions SNMPv2-PARTY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, snmpModules, UInteger32 FROM SNMPv2-SMI TEXTUAL-CONVENTION, RowStatus, TruthValue FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; partyMIB MODULE-IDENTITY LAST-UPDATED "9304010000Z" ORGANIZATION "IETF SNMP Security Working Group" CONTACT-INFO " Keith McCloghrie Postal: Hughes LAN Systems 1225 Charleston Road Mountain View, CA 94043 US Tel: +1 415 966 7934 Fax: +1 415 960 3738 E-mail: kzm@hls.com" DESCRIPTION "The MIB module describing SNMPv2 parties." ::= { snmpModules 3 } Galvin & McCloghrie [Page 3]
RFC 1447 Party MIB for SNMPv2 April 1993 -- textual conventions Party ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Denotes a SNMPv2 party identifier. Note that agents may impose implementation limitations on the length of OIDs used to identify Parties. As such, management stations creating new parties should be aware that using an excessively long OID may result in the agent refusing to perform the set operation and instead returning the appropriate error response, e.g., noCreation." SYNTAX OBJECT IDENTIFIER TAddress ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Denotes a transport service address. For snmpUDPDomain, a TAddress is 6 octets long, the initial 4 octets containing the IP-address in network-byte order and the last 2 containing the UDP port in network-byte order. Consult [5] for further information on snmpUDPDomain." SYNTAX OCTET STRING Galvin & McCloghrie [Page 4]
RFC 1447 Party MIB for SNMPv2 April 1993 Clock ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A party's authentication clock - a non-negative integer which is incremented as specified/allowed by the party's Authentication Protocol. For noAuth, a party's authentication clock is unused and its value is undefined. For v2md5AuthProtocol, a party's authentication clock is a relative clock with 1-second granularity." SYNTAX UInteger32 Context ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Denotes a SNMPv2 context identifier. Note that agents may impose implementation limitations on the length of OIDs used to identify Contexts. As such, management stations creating new contexts should be aware that using an excessively long OID may result in the agent refusing to perform the set operation and instead returning the appropriate error response, e.g., noCreation." SYNTAX OBJECT IDENTIFIER Galvin & McCloghrie [Page 5]
RFC 1447 Party MIB for SNMPv2 April 1993 StorageType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Describes the memory realization of a conceptual row. A row which is volatile(2) is lost upon reboot. A row which is nonVolatile(3) is backed up by stable storage. A row which is permanent(4) cannot be changed nor deleted." SYNTAX INTEGER { other(1), -- eh? volatile(2), -- e.g., in RAM nonVolatile(3), -- e.g., in NVRAM permanent(4) -- e.g., in ROM } Galvin & McCloghrie [Page 6]
RFC 1447 Party MIB for SNMPv2 April 1993 -- administrative assignments partyAdmin OBJECT IDENTIFIER ::= { partyMIB 1 } -- definitions of security protocols partyProtocols OBJECT IDENTIFIER ::= { partyAdmin 1 } -- the protocol without authentication noAuth OBJECT IDENTIFIER ::= { partyProtocols 1 } -- the protocol without privacy noPriv OBJECT IDENTIFIER ::= { partyProtocols 2 } -- the DES Privacy Protocol [4] desPrivProtocol OBJECT IDENTIFIER ::= { partyProtocols 3 } -- the MD5 Authentication Protocol [4] v2md5AuthProtocol OBJECT IDENTIFIER ::= { partyProtocols 4 } -- definitions of temporal domains temporalDomains OBJECT IDENTIFIER ::= { partyAdmin 2 } -- this temporal domain refers to management information -- at the current time currentTime OBJECT IDENTIFIER ::= { temporalDomains 1 } -- this temporal domain refers to management information -- upon the next re-initialization of the managed device restartTime OBJECT IDENTIFIER ::= { temporalDomains 2 } -- the temporal domain { cacheTime N } refers to management -- information that is cached and guaranteed to be at most -- N seconds old cacheTime OBJECT IDENTIFIER ::= { temporalDomains 3 } Galvin & McCloghrie [Page 7]
RFC 1447 Party MIB for SNMPv2 April 1993 -- Definition of Initial Party and Context Identifiers -- When devices are installed, they need to be configured -- with an initial set of SNMPv2 parties and contexts. The -- configuration of SNMPv2 parties and contexts requires (among -- other things) the assignment of several OBJECT IDENTIFIERs. -- Any local network administration can obtain the delegated -- authority necessary to assign its own OBJECT IDENTIFIERs. -- However, to provide for those administrations who have not -- obtained the necessary authority, this document allocates a -- branch of the naming tree for use with the following -- conventions. initialPartyId OBJECT IDENTIFIER ::= { partyAdmin 3 } initialContextId OBJECT IDENTIFIER ::= { partyAdmin 4 } -- Note these are identified as "initial" party and context -- identifiers since these allow secure SNMPv2 communication -- to proceed, thereby allowing further SNMPv2 parties to be -- configured through use of the SNMPv2 itself. -- The following definitions identify a party identifier, and -- specify the initial values of various object instances -- indexed by that identifier. In addition, the SNMPv2 -- context, access control policy, and MIB view information -- assigned, by convention, are identified. Galvin & McCloghrie [Page 8]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -