SNMP Administrative Model
RFC 1351

Document Type RFC - Historic (July 1992; No errata)
Last updated 2013-03-02
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 1351 (Historic)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                          J. Davin
Request for Comments: 1351          MIT Laboratory for Computer Science
                                                              J. Galvin
                                      Trusted Information Systems, Inc.
                                                          K. McCloghrie
                                               Hughes LAN Systems, Inc.
                                                              July 1992

                       SNMP Administrative Model

Status of this Memo

   This document specifies an IAB standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements. Please refer to the current edition of the "IAB
   Official Protocol Standards" for the standardization state and status
   of this protocol. Distribution of this memo is unlimited.

Table of Contents

   1.    Abstract  . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.    Introduction  . . . . . . . . . . . . . . . . . . . . . . .  2
   3.    Elements of the Model . . . . . . . . . . . . . . . . . . .  2
   3.1   SNMP Party  . . . . . . . . . . . . . . . . . . . . . . . .  2
   3.2   SNMP Protocol Entity  . . . . . . . . . . . . . . . . . . .  6
   3.3   SNMP Management Station . . . . . . . . . . . . . . . . . .  6
   3.4   SNMP Agent  . . . . . . . . . . . . . . . . . . . . . . . .  7
   3.5   View Subtree  . . . . . . . . . . . . . . . . . . . . . . .  7
   3.6   MIB View  . . . . . . . . . . . . . . . . . . . . . . . . .  7
   3.7   SNMP Management Communication . . . . . . . . . . . . . . .  8
   3.8   SNMP Authenticated Management Communication . . . . . . . .  9
   3.9   SNMP Private Management Communication   . . . . . . . . . .  9
   3.10  SNMP Management Communication Class . . . . . . . . . . . . 10
   3.11  SNMP Access Control Policy  . . . . . . . . . . . . . . . . 11
   3.12  SNMP Proxy Party  . . . . . . . . . . . . . . . . . . . . . 12
   3.13  Procedures  . . . . . . . . . . . . . . . . . . . . . . . . 13
   3.13.1  Generating a Request  . . . . . . . . . . . . . . . . . . 13
   3.13.2  Processing a Received Communication . . . . . . . . . . . 15
   3.13.3  Generating a Response . . . . . . . . . . . . . . . . . . 17
   4.    Application of the Model  . . . . . . . . . . . . . . . . . 17
   4.1   Non-Secure Minimal Agent Configuration  . . . . . . . . . . 17
   4.2   Secure Minimal Agent Configuration  . . . . . . . . . . . . 20
   4.3   Proxy Configuration   . . . . . . . . . . . . . . . . . . . 21
   4.3.1   Foreign Proxy Configuration . . . . . . . . . . . . . . . 22
   4.3.2   Native Proxy Configuration  . . . . . . . . . . . . . . . 25
   4.4   Public Key Configuration  . . . . . . . . . . . . . . . . . 27
   4.5   MIB View Configurations . . . . . . . . . . . . . . . . . . 29

Davin, Galvin, & McCloghrie                                     [Page 1]
RFC 1351               SNMP Administrative Model               July 1992

   5.    Compatibility . . . . . . . . . . . . . . . . . . . . . . . 33
   6.    Security Considerations . . . . . . . . . . . . . . . . . . 33
   7.    References  . . . . . . . . . . . . . . . . . . . . . . . .
   8.    Authors' Addresses  . . . . . . . . . . . . . . . . . . . . 34

1.  Abstract

   This memo presents an elaboration of the SNMP administrative model
   set forth in [1]. This model provides a unified conceptual basis for
   administering SNMP protocol entities to support

     o authentication and integrity,

     o privacy,

     o access control, and

     o the cooperation of multiple protocol entities.

   Please send comments to the SNMP Security Developers mailing list
   (snmp-sec-dev@tis.com).

2.  Introduction

   This memo presents an elaboration of the SNMP administrative model
   set forth in [1]. It describes how the elaborated administrative
   model is applied to realize effective network management in a variety
   of configurations and environments.

   The model described here entails the use of distinct identities for
   peers that exchange SNMP messages. Thus, it represents a departure
   from the community-based administrative model set forth in [1]. By
   unambiguously identifying the source and intended recipient of each
   SNMP message, this new strategy improves upon the historical
   community scheme both by supporting a more convenient access control
   model and allowing for effective use of asymmetric (public key)
   security protocols in the future.

3.  Elements of the Model

3.1   SNMP Party

   A SNMP party  is a conceptual, virtual execution context whose
   operation is restricted (for security or other purposes) to an
   administratively defined subset of all possible operations of a
   particular SNMP protocol entity (see Section 3.2).  Whenever a SNMP
   protocol entity processes a SNMP message, it does so by acting as a
   SNMP party and is thereby restricted to the set of operations defined
Show full document text