SNMP Administrative Model
RFC 1351
Network Working Group J. Davin
Request for Comments: 1351 MIT Laboratory for Computer Science
J. Galvin
Trusted Information Systems, Inc.
K. McCloghrie
Hughes LAN Systems, Inc.
July 1992
SNMP Administrative Model
Status of this Memo
This document specifies an IAB standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "IAB
Official Protocol Standards" for the standardization state and status
of this protocol. Distribution of this memo is unlimited.
Table of Contents
1. Abstract . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . 2
3. Elements of the Model . . . . . . . . . . . . . . . . . . . 2
3.1 SNMP Party . . . . . . . . . . . . . . . . . . . . . . . . 2
3.2 SNMP Protocol Entity . . . . . . . . . . . . . . . . . . . 6
3.3 SNMP Management Station . . . . . . . . . . . . . . . . . . 6
3.4 SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . 7
3.5 View Subtree . . . . . . . . . . . . . . . . . . . . . . . 7
3.6 MIB View . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.7 SNMP Management Communication . . . . . . . . . . . . . . . 8
3.8 SNMP Authenticated Management Communication . . . . . . . . 9
3.9 SNMP Private Management Communication . . . . . . . . . . 9
3.10 SNMP Management Communication Class . . . . . . . . . . . . 10
3.11 SNMP Access Control Policy . . . . . . . . . . . . . . . . 11
3.12 SNMP Proxy Party . . . . . . . . . . . . . . . . . . . . . 12
3.13 Procedures . . . . . . . . . . . . . . . . . . . . . . . . 13
3.13.1 Generating a Request . . . . . . . . . . . . . . . . . . 13
3.13.2 Processing a Received Communication . . . . . . . . . . . 15
3.13.3 Generating a Response . . . . . . . . . . . . . . . . . . 17
4. Application of the Model . . . . . . . . . . . . . . . . . 17
4.1 Non-Secure Minimal Agent Configuration . . . . . . . . . . 17
4.2 Secure Minimal Agent Configuration . . . . . . . . . . . . 20
4.3 Proxy Configuration . . . . . . . . . . . . . . . . . . . 21
4.3.1 Foreign Proxy Configuration . . . . . . . . . . . . . . . 22
4.3.2 Native Proxy Configuration . . . . . . . . . . . . . . . 25
4.4 Public Key Configuration . . . . . . . . . . . . . . . . . 27
4.5 MIB View Configurations . . . . . . . . . . . . . . . . . . 29
Davin, Galvin, & McCloghrie [Page 1]
RFC 1351 SNMP Administrative Model July 1992
5. Compatibility . . . . . . . . . . . . . . . . . . . . . . . 33
6. Security Considerations . . . . . . . . . . . . . . . . . . 33
7. References . . . . . . . . . . . . . . . . . . . . . . . .
8. Authors' Addresses . . . . . . . . . . . . . . . . . . . . 34
1. Abstract
This memo presents an elaboration of the SNMP administrative model
set forth in [1]. This model provides a unified conceptual basis for
administering SNMP protocol entities to support
o authentication and integrity,
o privacy,
o access control, and
o the cooperation of multiple protocol entities.
Please send comments to the SNMP Security Developers mailing list
(snmp-sec-dev@tis.com).
2. Introduction
This memo presents an elaboration of the SNMP administrative model
set forth in [1]. It describes how the elaborated administrative
model is applied to realize effective network management in a variety
of configurations and environments.
The model described here entails the use of distinct identities for
peers that exchange SNMP messages. Thus, it represents a departure
from the community-based administrative model set forth in [1]. By
unambiguously identifying the source and intended recipient of each
SNMP message, this new strategy improves upon the historical
community scheme both by supporting a more convenient access control
model and allowing for effective use of asymmetric (public key)
security protocols in the future.
3. Elements of the Model
3.1 SNMP Party
A SNMP party is a conceptual, virtual execution context whose
operation is restricted (for security or other purposes) to an
administratively defined subset of all possible operations of a
particular SNMP protocol entity (see Section 3.2). Whenever a SNMP
protocol entity processes a SNMP message, it does so by acting as a
SNMP party and is thereby restricted to the set of operations defined
Show full document text