📄 rfc1445.txt
字号:
transport address and transport domain for the receiving SNMPv2 party. Note that the above procedure does not include any application of any SNMPv2 access control policy (see section 2.13). 3.2. Processing a Received Communication This section describes the procedure followed by a SNMPv2 entity whenever a management communication is received. (1) The snmpStatsPackets counter [7] is incremented. If the received message is not the serialization (according to the conventions of [5]) of an SnmpPrivMsg value, then that message is discarded without further processing. (If the first octet of the packet has the value hexadecimal 30, then the snmpStats30Something counter [7] is incremented prior to discarding the message; otherwise the snmpStatsEncodingErrors counter [7] is incremented.) (2) The local database of party information is consulted for information about the receiving SNMPv2 party identified by the privDst component of the SnmpPrivMsg value. Galvin & McCloghrie [Page 18]
RFC 1445 Administrative Model for SNMPv2 April 1993 (3) If information about the receiving SNMPv2 party is absent from the local database of party information, or indicates that the receiving party's operation is not realized by the local SNMPv2 entity, then the received message is discarded without further processing, after the snmpStatsUnknownDstParties counter [7] is incremented. (4) An ASN.1 OCTET STRING value is constructed (possibly by decryption, according to the privacy protocol in use) from the privData component of said SnmpPrivMsg value. In particular, if the privacy protocol recorded for the party is noPriv, then the OCTET STRING value corresponds exactly to the privData component of the SnmpPrivMsg value. (5) If the OCTET STRING value is not the serialization (according to the conventions of [5]) of an SnmpAuthMsg value, then the received message is discarded without further processing, after the snmpStatsEncodingErrors counter [7] is incremented. (6) If the dstParty component of the authData component of the obtained SnmpAuthMsg value is not the same as the privDst component of the SnmpPrivMsg value, then the received message is discarded without further processing, after the snmpStatsDstPartyMismatches counter [7] is incremented. (7) The local database of party information is consulted for information about the originating SNMPv2 party identified by the srcParty component of the authData component of the SnmpAuthMsg value. (8) If information about the originating SNMPv2 party is absent from the local database of party information, then the received message is discarded without further processing, after the snmpStatsUnknownSrcParties counter [7] is incremented. (9) The obtained SnmpAuthMsg value is evaluated according to the authentication protocol and other relevant information associated with the originating and receiving SNMPv2 parties in the local database of party Galvin & McCloghrie [Page 19]
RFC 1445 Administrative Model for SNMPv2 April 1993 information. In particular, if the authentication protocol is identified as noAuth, then the SnmpAuthMsg value is always evaluated as authentic. (10) If the SnmpAuthMsg value is evaluated as unauthentic, then the received message is discarded without further processing, and if the snmpV2EnableAuthenTraps object [7] is enabled, then the SNMPv2 entity sends authorizationFailure traps [7] according to its configuration (Section 4.2.6 of[2]). (11) The SnmpMgmtCom value is extracted from the authData component of the SnmpAuthMsg value. (12) The local database of context information is consulted for information about the SNMPv2 context identified by the context component of the SnmpMgmtCom value. (13) If information about the SNMPv2 context is absent from the local database of context information, then the received message is discarded without further processing, after the snmpStatsUnknownContexts counter [7] is incremented. (14) The local database of access policy information is consulted for access privileges permitted by the local access policy to the originating SNMPv2 party with respect to the receiving SNMPv2 party and the indicated SNMPv2 context. (15) The management communication class is determined from the ASN.1 tag value associated with the PDUs component of the SnmpMgmtCom value. If the management information class of the received message is either 32, 8, 2, or 1 (i.e., GetBulk, Set, GetNext or Get) and the SNMPv2 context is not realized by the local SNMPv2 entity, then the received message is discarded without further processing, after the snmpStatsUnknownContexts counter [7] is incremented. (16) If the management communication class of the received message is either 128, 64 or 4 (i.e., SNMPv2-Trap, Inform, or Response) and this class is not among the Galvin & McCloghrie [Page 20]
RFC 1445 Administrative Model for SNMPv2 April 1993 access privileges, then the received message is discarded without further processing, after the snmpStatsBadOperations counter [7] is incremented. (17) If the management communication class of the received message is not among the access privileges, then the received message is discarded without further processing after generation and transmission of a response message. This response message is directed to the originating SNMPv2 party on behalf of the receiving SNMPv2 party. Its context, var-bind-list and request-id components are identical to those of the received request. Its error- index component is zero and its error-status component is authorizationError [2]. (18) If the SNMPv2 context refers to local object resources, then the management operation represented by the SnmpMgmtCom value is performed by the receiving SNMPv2 entity with respect to the MIB view identified by the SNMPv2 context according to the procedures set forth in [2]. (19) If the SNMPv2 context refers to remote object resources, then the management operation represented by the SnmpMgmtCom value is performed through the appropriate proxy relationship. 3.3. Generating a Response The procedure for generating a response to a SNMPv2 management request is identical to the procedure for transmitting a request (see Section 3.1), with these exceptions: (1) In Step 1, the dstParty component of the responding SnmpMgmtCom value is taken from the srcParty component of the original SnmpMgmtCom value; the srcParty component of the responding SnmpMgmtCom value is taken from the dstParty component of the original SnmpMgmtCom value; the context component of the responding SnmpMgmtCom value is taken from the context component of the original SnmpMgmtCom value; and, the pdu component of the responding SnmpMgmtCom value is the response which results from applying the operation specified in the original SnmpMgmtCom value. Galvin & McCloghrie [Page 21]
RFC 1445 Administrative Model for SNMPv2 April 1993 (2) In Step 7, the serialized SnmpPrivMsg value is transmitted using the transport address and transport domain from which its corresponding request originated - even if that is different from the transport information recorded in the local database of party information. Galvin & McCloghrie [Page 22]
RFC 1445 Administrative Model for SNMPv2 April 1993 4. Application of the Model This section describes how the administrative model set forth above is applied to realize effective network management in a variety of configurations and environments. Several types of administrative configurations are identified, and an example of each is presented. 4.1. Non-Secure Minimal Agent Configuration This section presents an example configuration for a minimal, non-secure SNMPv2 agent that interacts with one or more SNMPv2 management stations. Table 2 presents information about SNMPv2 parties that is known both to the minimal agent and to the manager, while Table 3 presents similarly common information about the local access policy. As represented in Table 2, the example agent party operates at UDP port 161 at IP address 1.2.3.4 using the party identity gracie; the example manager operates at UDP port 2001 at IP address 1.2.3.5 using the identity george. At minimum, a non-secure SNMPv2 agent implementation must provide for administrative configuration (and non-volatile storage) of the identities and transport addresses of two SNMPv2 parties: itself and a remote peer. Strictly speaking, other information about these two parties (including access policy information) need not be configurable. Galvin & McCloghrie [Page 23]
RFC 1445 Administrative Model for SNMPv2 April 1993 Identity gracie george (agent) (manager) Domain snmpUDPDomain snmpUDPDomain Address 1.2.3.4, 161 1.2.3.5, 2001 Auth Prot noAuth noAuth Auth Priv Key "" "" Auth Pub Key "" "" Auth Clock 0 0 Auth Lifetime 0 0 Priv Prot noPriv noPriv Priv Priv Key "" "" Priv Pub Key "" "" Table 2: Party Information for Minimal Agent Target Subject Context Privileges gracie george local 35 (Get, GetNext & GetBulk) george gracie local 132 (Response & SNMPv2-Trap) Table 3: Access Information for Minimal Agent Suppose that the managing party george wishes to interrogate⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -