rfc1351.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

   Architecturally, every SNMP entity maintains a local database that
   represents all SNMP parties known to it -- those whose operation is
   realized locally, those whose operation is realized by proxy
   interactions with remote parties or devices, and those whose
   operation is realized by remote entities. In addition, every SNMP
   protocol entity maintains a local database that represents an access
   control policy (see Section 3.11) that defines the access privileges
   accorded to known SNMP parties.

3.3   SNMP Management Station

   A SNMP management station is the operational role assumed by a SNMP
   party when it initiates SNMP management operations by the generation
   of appropriate SNMP protocol messages or when it receives and
   processes trap notifications.

   Sometimes, the term SNMP management station is applied to partial



Davin, Galvin, & McCloghrie                                     [Page 6]

RFC 1351               SNMP Administrative Model               July 1992


   implementations of the SNMP (in graphics workstations, for example)
   that focus upon this operational role. Such partial implementations
   may provide for convenient, local invocation of management services,
   but they may provide little or no support for performing SNMP
   management operations on behalf of remote protocol users.

3.4   SNMP Agent

   A SNMP agent is the operational role assumed by a SNMP party when it
   performs SNMP management operations in response to received SNMP
   protocol messages such as those generated by a SNMP management
   station (see Section 3.3).

   Sometimes, the term SNMP agent is applied to partial implementations
   of the SNMP (in embedded systems, for example) that focus upon this
   operational role. Such partial implementations provide for
   realization of SNMP management operations on behalf of remote users
   of management services, but they may provide little or no support for
   local invocation of such services.

3.5   View Subtree

   A view subtree is the set of all MIB object instances which have a
   common ASN.1 OBJECT IDENTIFIER prefix to their names. A view subtree
   is identified by the OBJECT IDENTIFIER value which is the longest
   OBJECT IDENTIFIER prefix common to all (potential) MIB object
   instances in that subtree.

3.6   MIB View

   A MIB view is a subset of the set of all instances of all object
   types defined according to the Internet-standard SMI [2] (i.e., of
   the universal set of all instances of all MIB objects), subject to
   the following constraints:

     o Each element of a MIB view is uniquely named by an
       ASN.1 OBJECT IDENTIFIER value. As such,
       identically named instances of a particular object type
       (e.g., in different agents) must be contained within
       different MIB views. That is, a particular object
       instance name resolves within a particular MIB view to
       at most one object instance.

     o Every MIB view is defined as a collection of view
       subtrees.






Davin, Galvin, & McCloghrie                                     [Page 7]

RFC 1351               SNMP Administrative Model               July 1992


3.7   SNMP Management Communication

   A SNMP management communication is a communication from one specified
   SNMP party to a second specified SNMP party about management
   information that is represented in the MIB view of the appropriate
   party. In particular, a SNMP management communication may be

     o a query by the originating party about information in
       the MIB view of the addressed party (e.g., getRequest
       and getNextRequest),

     o an indicative assertion to the addressed party about
       information in the MIB view of the originating party
       (e.g., getResponse or trapNotification), or

     o an imperative assertion by the originating party about
       information in the MIB view of the addressed party
       (e.g., setRequest).

   A management communication is represented by an ASN.1 value with the
   syntax


      SnmpMgmtCom ::= [1] IMPLICIT SEQUENCE {
        dstParty
           OBJECT IDENTIFIER,
        srcParty
           OBJECT IDENTIFIER,
        pdu
           PDUs
      }


   For each SnmpMgmtCom value that represents a SNMP management
   communication, the following statements are true:

     o Its dstParty component is called the destination and
       identifies the SNMP party to which the communication
       is directed.

     o Its srcParty component is called the source and
       identifies the SNMP party from which the
       communication is originated.

     o Its pdu component has the form and significance
       attributed to it in [1].





Davin, Galvin, & McCloghrie                                     [Page 8]

RFC 1351               SNMP Administrative Model               July 1992


3.8   SNMP Authenticated Management Communication

   A SNMP authenticated management communication is a SNMP management
   communication (see Section 3.7) for which the originating SNMP party
   is (possibly) reliably identified and for which the integrity of the
   transmission of the communication is (possibly) protected. An
   authenticated management communication is represented by an ASN.1
   value with the syntax


      SnmpAuthMsg ::= [1] IMPLICIT SEQUENCE {
        authInfo
           ANY, - defined by authentication protocol
        authData
           SnmpMgmtCom
      }


   For each SnmpAuthMsg value that represents a SNMP authenticated
   management communication, the following statements are true:

     o Its authInfo component is called the authentication
       information and represents information required in
       support of the authentication protocol used by the
       SNMP party originating the message. The detailed
       significance of the authentication information is specific
       to the authentication protocol in use; it has no effect on
       the application semantics of the communication other
       than its use by the authentication protocol in
       determining whether the communication is authentic or
       not.

     o Its authData component is called the authentication
       data and represents a SNMP management
       communication.

3.9   SNMP Private Management Communication

   A SNMP private management communication is a SNMP authenticated
   management communication (see Section 3.8) that is (possibly)
   protected from disclosure. A private management communication is
   represented by an ASN.1 value with the syntax









Davin, Galvin, & McCloghrie                                     [Page 9]

RFC 1351               SNMP Administrative Model               July 1992


      SnmpPrivMsg ::= [1] IMPLICIT SEQUENCE {
        privDst
           OBJECT IDENTIFIER,
        privData
           [1] IMPLICIT OCTET STRING
      }


   For each SnmpPrivMsg value that represents a SNMP private management
   communication, the following statements are true:

     o Its privDst component is called the privacy destination
       and identifies the SNMP party to which the
       communication is directed.

     o Its privData component is called the privacy data and
       represents the (possibly encrypted) serialization
       (according to the conventions of [3] and [1]) of a SNMP
       authenticated management communication (see
       Section 3.8).

3.10   SNMP Management Communication Class

   A SNMP management communication class corresponds to a specific SNMP
   PDU type defined in [1]. A management communication class is
   represented by an ASN.1 INTEGER value according to the type of the
   identifying PDU (see Table 1).

                  Get             1
                  GetNext         2
                  GetResponse     4
                  Set             8
                  Trap           16

         Table 1: Management Communication Classes

   The value by which a communication class is represented is computed
   as 2 raised to the value of the ASN.1 context-specific tag for the
   appropriate SNMP PDU.

   A set of management communication classes is represented by the ASN.1
   INTEGER value that is the sum of the representations of the
   communication classes in that set. The null set is represented by the
   value zero.







Davin, Galvin, & McCloghrie                                    [Page 10]

RFC 1351               SNMP Administrative Model               July 1992


3.11   SNMP Access Control Policy

   A SNMP access control policy is a specification of a local access
   policy in terms of the network management communication classes which
   are authorized between pairs of SNMP parties. Architecturally, such a
   specification comprises three parts:

     o the targets of SNMP access control - the SNMP parties
       that may perform management operations as requested
       by management communications received from other
       parties,

     o the subjects of SNMP access control - the SNMP parties
       that may request, by sending management
       communications to other parties, that management
       operations be performed, and

     o the policy that specifies the classes of SNMP
       management communications that a particular target is
       authorized to accept from a particular subject.

   Access to individual MIB object instances is determined implicitly
   since by definition each (target) SNMP party performs operations on
   exactly one MIB view. Thus, defining the permitted access of a
   (reliably) identified subject party to a particular target party
   effectively defines the access permitted by that subject to that
   target's MIB view and, accordingly, to particular MIB object
   instances.

   Conceptually, a SNMP access policy is represented by a collection of
   ASN.1 values with the following syntax:


      AclEntry ::= SEQUENCE {
        aclTarget
           OBJECT IDENTIFIER,
        aclSubject
           OBJECT IDENTIFIER,
        aclPrivileges
           INTEGER
      }


   For each such value that represents one part of a SNMP access policy,
   the following statements are true:






Davin, Galvin, & McCloghrie                                    [Page 11]

RFC 1351               SNMP Administrative Model               July 1992


     o Its aclTarget component is called the target and
       identifies the SNMP party to which the partial policy
       permits access.

     o Its aclSubject component is called the subject and
       identifies the SNMP party to which the partial policy
       grants privileges.

     o Its aclPrivileges component is called the privileges and
       represents a set of SNMP management communication