In the Name of the Most High
SNMPv2
by
Behzad Akbari
Fall 2011
These slides are based in parts upon slides of Prof. Dssouli (Concordia university)
1
Overview



SNMPv1 was developed as an interim solution to an
eventual adoption of OSI.
This never came about: OSI was not as widely adopted
as originally hoped.
SNMPv2, released in 1996, was basically major
revisions added to SNMP.
2
SNMPv1






SNMPv1 Protocol
 RFC 1157 – Simple Network Management Protocol
SMIv1 Data Definition Language
Full Standards:
 RFC 1155 - Structure of Management Information
 RFC 1212 - Concise MIB Definitions
Informational:
 RFC 1215 - A Convention for Defining Traps
SMIv1 MIB Modules
Full Standards:
 RFC 1213 - Management Information Base II
 RFC 1643 - Ethernet-Like Interface Types MIB
3
SNMPv2




SMIv2 Data Definition Language
Full Standards:
 RFC 2578 - Structure of Management Information
 RFC 2579 - Textual Conventions
 RFC 2580 - Conformance Statements
SMIv2 MIB Modules
Full Standards:
 RFC 2819 - Remote Network Monitoring MIB
 RFC 3411 - SNMP Framework MIB
 RFC 3412 - SNMPv3 MPD MIB
 RFC 3413 - SNMP Applications MIBs
 RFC 3414 - SNMPv3 USM MIB
 RFC 3415 - SNMP VACM MIB
 RFC 3418 - SNMP MIB
4
Major Changes





Bulk data transfer
 Request and receive bulk data using the get-bulk message
Manager-to-manager message
 Enhances interoperability and allows for managing large distributed
networks
Enhancements to SMI: SMIv2
 Module definitions: MODULE-IDENTITY macro
 Object definitions: OBJECT-TYPE macro (same as before)
 Trap definitions: NOTIFICATION-TYPE macro
Textual conventions: define new data types
Conformance statements
 Help customers compare features of various products
 Keeps vendors open to their product’s compatibility with SNMP
Major Changes




Row creation and deletion in table
 A table can also be expanded by augmenting another table
MIB enhancements
 Two new subgroups: security and snmpV2
Transport mappings
 UDP remains the preferred transport protocol; however, other
protocols can also be used with SNMPv2
Security features, originally to be in SNMPv2 moved to SNMPv3
 SNMPv2 is community-based administrative framework
Internet
{1 3 6 1}
SNMPv2
directory
(1)
mgmt
(2)
experimental
(3)
private
(4)
SNMPv2 Internet Group
security
(5)
snmpv2
(6)
SNMP
SNMP
PDU
Physical Medium
SNMP
SNMP
PDU
Physical Medium
SNMP
UDP
UDP
UDP
IP
IP
IP
DLC
DLC
DLC
PHY
PHY
PHY
snmpV2-trap
response
set-request
Application
PDU
get-bulk-request
SNMP Manager
get-next-request
SNMP Manager
Application
get-request
snmpV2-trap
response
set-request
Application
PDU
get-bulk-request
SNMP Manager
get-next-request
get-request
SNMP Manager
Application
inform-request
snmpV2-trap
response
set-request
get-bulk-request
get-next-request
get-request
inform-request
SNMPv2 System Architecture
SNMP Agent
SNMP Agent
Application
Additional Messages

inform-request




get-bulk-request


manager-to-manager message
The receiving manager responds with a response
message
Enhances interoperability
transfer of large data, e.g. retrieval of table data
SNMPv2-trap

Similar to trap messages in SNMPv1
SMIv2- Modules Definitions


Defines and describe semantics of an information module (info.
related to network management)
 added to provide administrative information regarding the
informational module and the revision history
MODULE-IDENTITY macro defines the module definitions
MODULE-IDENTITY MACRO ::=
BEGIN
TYPE NOTATION ::=
"LAST-UPDATED" value (Update UTCTime)
"ORGANIZATION" Text
"CONTACT-INFO" Text
"DESCRIPTION" Text
RevisionPart
VALUE NOTATION ::=
value (VALUE OBJECT IDENTIFIER)
RevisionPart ::=
Revisions | empty
Revisions ::= Revision | Revisions Revision
Revision ::=
"REVISION" value (UTCTime)
"DESCRIPTION" Text
-- uses the NVT ASCII character set
Text ::= """" string """"
END
isiMIBModule
MODULE-IDENTITY
LAST-UPDATED "9802101100Z"
ORGANIZATION "InfoTech Services Inc."
CONTACT-INFO
"John P Smith
Tele: 770-111-1111
Fax: 770-111-2222
email: smithj@domainname.net"
DESCRIPTION
" Version 1.1 of the InfoTech
Services MIB module"
Revision
"9709021500Z"
DESCRIPTION
"Revision 1.0 on September 2, 1997
was a draft version"
:: {enterprises.isi 1}
MODULE-IDENTITY Macro
Example of MODULE-IDENTITY Macro
SMIv2- Object Definitions

OBJECT IDENTIFIER, OBJECT-IDENTITY, OBJECT-TYPE

OBJECT IDENTIFIER defines the administrative identification of a
node in the MIB

OBJECT-IDENTITY macro (defines info. about OID) assigns an object
identifier to a class of managed objects in the MIB (e.g., defining a
class of routers!)
•

OBJECT-TYPE macro defines the type of a managed object (e.g., a
specific router type)
•

The object itself is not managed
Focuses on the details of implementation
NOTE:
•
OBJECT-IDENTITY is high level description
•
OBJECT-TYPE details description needed for implementation
OBJECT-TYPE
OBJECT-TYPE MACRO ::=
BEGIN
TYPE NOTATION ::=
"SYNTAX" Syntax
UnitsPart
"MAX-ACCESS" Access
"STATUS" Status
"DESCRIPTION" Text
ReferPart
IndexPart
DefValPart
VALUE NOTATION ::=
value(VALUE ObjectName)
11
"SYNTAX" Syntax
Syntax ::=
-- Must be one of the following:
-- a base type (or its refinement),
-- a textual convention (or its refinement), or
-- a BITS pseudo-type
type
| "BITS" "{" NamedBits "}“
NamedBits ::= NamedBit
| NamedBits "," NamedBit
NamedBit ::= identifier "(" number ")“
-- number is nonnegative
12
(Example) SYNTAX BITS
protocolDirType OBJECT-TYPE
SYNTAX BITS {
extensible(0),
addressRecognitionCapable(1)
}
MAX-ACCESS read-only
STATUS
current
DESCRIPTION “…”
::= { protocolDirEntry 5 }
13
UnitsPart: UNITS
UnitsPart ::=
"UNITS" Text
| empty
hrDiskStorageCapacity OBJECT-TYPE
SYNTAX KBytes
UNITS
"KBytes"
MAX-ACCESS
read-only
STATUS
current
DESCRIPTION "The total size for this long-term storage
device. If the media is removable and is
currently removed, this value should be zero."
::= { hrDiskStorageEntry 4 }
Back to OBJECT-TYPE
14
"MAX-ACCESS" Access
Access ::=
"not-accessible"
| "accessible-for-notify"
| "read-only"
| "read-write"
| "read-create"
ordered from least to greatest:
"not-accessible":
indicates an auxiliary object
"accessible-for-notify": accessible only via a notification
"read-only":
read only
"read-write":
read and write, but create does not.
"read-create":
read, write and create
15
"STATUS" Status
Status ::=
"current"
| "deprecated"
| "obsolete"
“current”: the definition is current and valid.
“deprecated”: indicates an obsolete definition, it permits
new/continued implementation.
“obsolete”: the definition is obsolete and should not be
implemented.
16
ReferPart
ReferPart ::=
"REFERENCE" Text
| empty
ipForwardTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpForwardEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"This entity's IP Routing table."
REFERENCE
"RFC 1213 Section 6.6, The IP Group“
::= { ipForward 2 }
17
Object Definitions, example
isiRouter OBJECT-IDENTIFIER ::= {private.entreprises.isi 2}
isiRouter OBJECT-IDENTITY
STATUS
current
DESCRIPTION
"An 8-slot IP router in the IP router
family."
REFERENCE "ISI Memorandum No. ISI-R123 dated
January. 20, 1997"
::= {private.enterprises.isi 2}
Example of OBJECT-IDENTITY Macro
routerIsi123 OBJECT-TYPE
SYNTAX
DisplayString
MAX-ACCESS read-only
STATUS
current
DESCRIPTION
"An 8-slot IP router that can
switch up to 100 million packets
per second."
::= {isiRouter 1}
Example of OBJECT-IDENTITY Macro
NOTE: A specific instance of
routerIsi123 could be identified by
its IP address 10.1.2.3
Table Definition

Static Tables
o
o

Dynamic Table
o
o
o

Tables completely controlled by the agent. Access is read-only, and readwrite
These are useful when the number of rows corresponds to a fixed
attribute (e.g., # physical interfaces) or a quantity controlled only by agent
Allows row creation/deletion by a manager
Access includes also read, write and create privileges
A table can be initialized with no rows and expanded as needed
SNMPv2: Augmentation of a table (dependent table)
o
Adds additional columns to an existing table (base table)
Number of rows is not affected
INDEX of the second table is the same as the first table
o
One to one correspondence between rows of two tables
o
o
Augmentation of Tables
Base table
Table 2
Table 1
table1
(T1)
table 2
(T2)
table1Entry
(E1)
table2Entry
(E2)
Augmented table
T1.E1.C1.1
T1.E1.C2.1
T1.E1.C3.1
T2.E2.C4.1
T2.E2.C5.1
T1.E1.C1.2
T1.E1.C2.2
T1.E1.C3.2
T2.E2.C4.2
T2.E2.C5.2
T1.E1.C1.3
T1.E1.C2.3
T1.E1.C3.3
T2.E2.C4.3
T2.E2.C5.3
T1.E1.C1.4
T1.E1.C2.4
T.E1.C3.4
T2.E2.C4.4
T2.E2.C5.4
Index:
First columnar object in Table 1
Conceptual rows:
1. T1.E1.C1.1
2. T1.E1.C1.2
3. T1.E1.C1.3
4. T1.E1.C1.4
Example
Columnar object:T2.E2.C4
Index: T1.E1.C1.2
Value: T2.E2.C4.2
Augmentation of Tables
table1 OBJECT-TYPE
SYNTAX
SEQUENCE OF table1Entry
MAX-ACCESS not-accessible
STATUS
current
DESCRIPTION “Table 1 under T”
::= {table 1}
table2 OBJECT-TYPE
SYNTAX
SEQUENCE OF table2Entry
MAX-ACCESS not-accessible
STATUS
current
DESCRIPTION “Table 2 under T”
::= {table 2}
table1Entry OBJECT-TYPE
SYNTAX
Table1Entry
MAX-ACCESS not-accessible
STATUS
current
DESCRIPTION “An entry (conceptual row) in
Table 1”
INDEX {T1.E1.C1}
::= {table1 1}
table2Entry OBJECT-TYPE --Conceptual row extension
SYNTAX
Table2Entry
MAX-ACCESS not-accessible
STATUS
current
DESCRIPTION “An entry (conceptual row)
in Table 2”
AUGMENTS {table1Entry}
::= {table2 1}
Example: a vendor can easily specify
vendor-specific objects as
extensions to standard MIB table. It
should be easier for applications to
access these objects than if they
were defined as new, separate
table
A clause used to increase the number of
columns in a table w/out rewriting the
table definition
The resulting table is therefore treated the same way
as if it was defined in a single table definition
Row Creation


A new feature in SMIv2
2 methods
 Create a row and make it active (or available)
 Create a row and make it available at a later time
  definition of the status of a row
RowStatus Textual Convention
State
EnumerDescription
ation
active
1
Row exists and is operational
notInService
2
Operation on the row is suspended
notReady
3
Row does not have all the columnar objects
needed
createAndGo
4
This is a one-step process of creation of a
row; immediately goes into active state
createAndWait
5
Row is under creation and should not be
commissioned into service
destroy
6
Same as Invalid in EntryStatus. Row should
be deleted
Used by manager for
row creation/deletion
Used by agent to send
responses to a manager
Row Creation
table1
entry1
status.1
index.1
data.1
status.2
index.2
data.2
status.3
index.3
data.3
Row to be created/deleted
2 states for RowStatus: createAndGo, createAndWait
Create and Go
Manager
Process
Agent
Process
SetRequest (
status.3 = 4,
index.3 = 3,
data.3 = DefData )
Response (
status.3 = 1,
index.3 = 3,
data.3 = DefData )

Create Instance
Instance Created
Manager initiates a SetRequest-PDU to create a new row


Managed
Entity
status = 4, i.e., create and go
Agent interacts with the management entity and successfully
create an instance; subsequently a response is transmitted to the
manager

status = 1, indicates that the row is active
Create and Wait
Manager
Process
Agent responds with “notReady”
(no default value)
Agent
Process
SetRequest (
status.3 = 5,
index.3 = 3 )
Response (
status.3 = 3,
index.3 = 3 )
GetRequest (
data.3 )
Data value is missing
Value of data is sent
Response (
status.3 = 2
data.3 = DefData )
SetRequest (
status.3 = 1 )
Row activated
Get the data for the row
Response (
data.3 = noSuchInstance)
SetRequest (
data.3 = DefData )
Agent responds with
notInServcie
Create and wait, no default
data specified
Response (
status.3 = 1 )
Manager requests to activate
the row
Row Deletion
Manager
Process
Agent
Process
SetRequest (
status.3 = 6 )
Response (
status.3 = 6 )
Managed
Entity
Delete Instance
Instance Deleted
Textual Conventions




Enables defining new data types
Makes semantics of data types consistent and human readable
Creates new data types using existing ones and applies
restrictions to them
An important textual convention in SNMPv2, RowStatus creates
and deletes rows
DisplayString ::= OCTET STRING
-- This data type is used to model textual information
taken from the NVT
-- ASCII character set. By convention, objects with this
syntax are
SNMPv2
-- declared as having
-- SIZE (0..255)
DisplayString ::= TEXTUAL-CONVENTION
DISPLAY-HINT
"255a"
SNMPv1
STATUS
current
DESCRIPTION
"Represents textual
information taken from the NVT
ASCII character set, as defined in
A string of up to 255 characters
pages 4, 10-11 of RFC 854. …."
OCTET STRING (SIZE (0..255) )
(refer to table 6.2 for more rules) SYNTAX
Textual Conventions-Macro
TEXTUAL-CONVENTION MACRO ::=
BEGIN
TYPE NOTATION ::=
DisplayPart
"STATUS" Status
"DESCRIPTION" Text
ReferPart
"SYNTAX" Syntax
VALUE NOTATION ::= value(VALUE Syntax)
DisplayPart ::= "DISPLAY-HINT" Text | empty
Status ::= "current" | "deprecated" | "obsolete“
ReferPart ::= "REFERENCE" Text | empty
………………………..
END
Example:
Hundredths ::= TEXTUAL-CONVENTION
DISPLAY-HINT “d-2”
...
SYNTAX INTEGER (0..10000)
suggests that a Hundredths value of 1234 be rendered as "12.34"
Textual Conventions- example
RowStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "The RowStatus textual convention is used to
manage the …”
SYNTAX INTEGER {
-- the following two values are states:
-- these values may be read or written
active(1),
notInService(2),
-- the following value is a state:
-- this value may be read, but not written
notReady(3),
-- the following three values are
-- actions: these values may be written,
-- but are never read
createAndGo(4),
createAndWait(5),
destroy(6) }
SNMPv2 Protocol

Overall, 8 messages with almost common message format to
improve the efficiency and performance

Significant improvement is that trap message has the same format
PDU
Type
RequestID
Error
Error
Status
Index
VarBind 1 VarBind 1
name
value
...
VarBind n VarBind n
name
value
SNMPv2 PDU
Indicate the type of PDU
(e.g., Request-PDU, etc)
Indicate the status of the error
(e.g., noError, tooBig, etc.)
identifies the first variable binding
in the variable-binding list that
caused the error
NOTE:
•
SNMPv1 operations (e.g., GET-REQUEST) are atomic:
•
either all values are returned or none!
•
In SNMPv2: a binding list (with corresponding values) is prepared even
if one variable cannot be returned  an (error-status), (error-index)
are returned in the case of anomaly.
SNMPv2 Protocol
Values for Types of PDU and Error-status Fields
in SNMPv2 PDU
Field
PDU
Error Status
Type
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Value
Get-Request-PDU
GetNextRequest-PDU
Response-PDU
Set-Request- PDU
obsolete
GetBulkRequest-- PDU
InformRequest- PDU
SNMPv2 - Trap- PDU
noError
tooBig
noSuchName
badValue
readOnly
genErr
noAccess
wrongType
wrongLength
wrongEncoding
wrongValue
noCreation
inconsistentValue
resourceUnavailable
commitFailed
undoFailed
authorizationError
notWritable
inconsistentName
Error index is set to “0” if there is
no error; otherwise, it identifies
the first variable binding in the
variable binding list that caused
the error
SNMPv2 Protocol
PDU
Type
RequestID
Non-
Max
Repeaters Repetitions
VarBind 1 VarBind 1
name
value
...
VarBind n VarBind n
name
value
SNMPv2 GetBulkRequest PDU

GetBulkRequest enables the retrieval of data in bulk



Error status field replaced by Non-repeaters


Uses the same selection principle as GetNexRequest (i.e., next object instance)
Retrieval of multiple rows of data from table (constrained by the max. message size)
Non-repeaters indicates the number of non repetitive (scalar) field values
requested
Error index field replaced by Max repetitions

Max repetitions designates the maximum number of table rows requested to
be returned in the response message


NOTE 1: value depends on the size of the SNMP message and buffer size in implementation
NOTE 2: no one to one relationship between the VarBindList of request and response
messages
GetBulkRequest-PDU Operation
A
A
B
T
B
Z
T
E
E
1.1
2.1
3.1
1.2
2.2
3.2
1.3
1.4
2.3
2.4
T.E.1.1
T.E.2.1
T.E.3.1
T.E.1.2
T.E.2.2
T.E.3.2
T.E.1.3
T.E.2.3
T.E.3.3
T.E.1.4
T.E.2.4
T.E.3.4
3.3
3.4
Z
GetBulkRequest-PDU Operation
Manager
Process
GetRequest ( A,B )
GetResponse (A,B)
GetNextRequest (T.E.1,T.E.2,T.E.3)
GetResponse (T.E.1.1,T.E.2.1,T.E.3.1)
GetNextRequest (T.E.1.1,T.E.2.1,T.E.3.1)
GetResponse (T.E.1.2,T.E.2.2,T.E.3.2)
GetNextRequest (T.E.1.2,T.E.2.2,T.E.3.2)
GetResponse (T.E.1.3,T.E.2.3,T.E.3.3)
GetNextRequest (T.E.1.3,T.E.2.3,T.E.3.3)
GetResponse (T.E.1.4,T.E.2.4,T.E.3.4)
GetNextRequest (T.E.1.4,T.E.2.4,T.E.3.4)
GetResponse (T.E.2.1,T.E.3.1,Z)
Agent
Process
GetBulkRequest-PDU Operation
A
2 non repetitive objects (A, B)
Manager
Process
3 repetitive instances
Of the columnar object
T.E.1, T.E.2, T.E.3
B
Agent
Process
T
GetBulkRequest ( 2,3,
A,B,T.E.1, T.E.2, T.E.3 )
Response ( A, B,
T.E.1.1, T.E.2.1, T.E.3.1
T.E.1.2, T.E.2.2, T.E.3.2
T.E.1.3, T.E.2.3, T.E.3.3 )
E
3 more rows
GetBulkRequest ( 0,3,
T.E.1.3, T.E.2.3, T.E.3.3 )
Response ( T.E.1.4, T.E.2.4, T.E.3.4, Z , " endOfMibView")
Z is next in the lexicographic order
T.E.1.1
T.E.2.1
T.E.3.1
T.E.1.2
T.E.2.2
T.E.3.2
T.E.1.3
T.E.2.3
T.E.3.3
T.E.1.4
T.E.2.4
T.E.3.4
Z
GetBulkRequest-PDU Operation
Manager
Process
Agent
Process
GetBulkRequest ( 1,3,
sysUpTime,
atPhysAddress )
Response( (sysUpTime.0 = "315131795"),
(atPhysAddress.13.172.46.46.1 = "0000000C3920AC")
(atPhysAddress.16.172.46.49.1 = "0000000C3920AF")
(atPhysAddress.23.172.17.3.1 = "0000000C3920B4") )
GetBulkRequest ( 1,3,
sysUpTime,
atPhysAddress.23.192.168.3.1 )
atIfIndex
23
13
16
Response( (sysUpTime.0 = "315131800"),
(ipForwarding.0 = "1") )
Figure 6.42 Get-Bulk-Request Example
atPhysAddress
0000000C3920B4
0000000C3920AC
0000000C3920AF
atNetAddress
192.68.3.1
172.46.46.1
172.46.49.1
SNMPv2 Trap PDU
PDU
Type
RequestID
Error
Status
VarBind1 VarBind1 VarBind2 VarBind 2
...
Index sysUpTime value snmpTrapOID value
Error
linkUp NOTIFICATION-TYPE
OBJECTS { ifIndex}
STATUS current
DESCRIPTION "A linkUp trap signifies that the SNMPv2 entity,
acting in an agent role, recognizes that one of the communication
links has come up.“
::= { snmpTraps 4 }



Addition of NOTIFICATION-TYPE macro
Positions 1 and 2 in VarBindList are sysUpTime and snmpTrapOID
Inform-Request behaves as trap in that the message goes from
one manager to another unsolicited
o
The receiving manager sends response to the sending manager
Conformance Statements for SMIv2
(RFC 2580)
38

I
E
MI
TCs
OIs
OTs
NTs
OGs
NGs
MCs
MIB MODULE
IMPORTS
 EXPORTS
 MODULE-IDENTITY
 TEXTUAL-CONVENTION
 OBJECT IDENTIFIER
 Application Data Types
 OBJECT-TYPE
 NOTIFICATION-TYPE
 OBJECT-GROUP
 NOTIFICATION-GROUP
 MODULE-COMPLIANCE

39
OI
MI
I
datatypes
types
data
OI
TC
TC
NG
OG
OG
E
NT
OT
OT
OT
OT
OT
OT
NT
OT
NG
NT
OG
OG
NG
NG
NT
NT
MC
MC
40
Four Macros in SNMPv2-CONF




OBJECT-GROUP macro
NOTIFICATION-GROUP macro
MODULE-COMPLIANCE macro
AGENT-CAPABILITIES macro
41
Conformance: OBJECT-GROUP
• Conformance defined by
• OBJECT-GROUP macro
• NOTIFICATION-GROUP macro
• OBJECT-GROUP
• Compiled during implementation, not at run time
• OBJECTS clause names each object
• Every object belongs to an OBJECT-GROUP
• Access defined by MAX-ACCESS, the maximum
access privilege for the object
42
OBJECT-GROUP
OBJECT-GROUP MACRO ::= BEGIN
TYPE NOTATION ::=
ObjectsPart
"STATUS" Status
"DESCRIPTION" Text
ReferPart
VALUE NOTATION ::=
value(VALUE OBJECT IDENTIFIER)
ObjectsPart ::= "OBJECTS" "{" Objects "}"
Objects ::= Object | Objects "," Object
Object ::= value(ObjectName)
Status ::= "current" | "deprecated" | "obsolete"
ReferPart ::= "REFERENCE" Text | empty
Text ::= value(IA5String)
END
43
OBJECT-GROUP Example
hrSWRunGroup OBJECT-GROUP
OBJECTS {
hrSWOSIndex, hrSWRunIndex, hrSWRunName,
hrSWRunID, hrSWRunPath, hrSWRunParameters,
hrSWRunType, hrSWRunStatus
}
STATUS current
DESCRIPTION
"The Host Resources Running Software Group."
::= { hrMIBGroups 4 }
44
Conformance: NOTIFICATION-GROUP
• NOTIFICATION-GROUP
• Contains trap entities defined in SMIv1
• NOTIFICATIONS clause identifies the
notifications in the group
• NOTIFICATIONS-GROUP macro compiled
during implementation, not at run time
45
NOTIFICATION-GROUP
NOTIFICATION-GROUP MACRO ::= BEGIN
TYPE NOTATION ::=
NotificationsPart
"STATUS" Status
"DESCRIPTION" Text
ReferPart
VALUE NOTATION ::=
value(VALUE OBJECT IDENTIFIER)
NotificationsPart ::= "NOTIFICATIONS" "{" Notifications "}"
Notifications ::= Notification | Notifications "," Notification
Notification ::= value(NotificationName)
Status ::= "current" | "deprecated" | "obsolete"
ReferPart ::= "REFERENCE" Text | empty
Text ::= value(IA5String)
END
46
NOTIFICATION-GROUP Example
linkUpDownNotificationsGroup NOTIFICATION-GROUP
NOTIFICATIONS { linkUp, linkDown }
STATUS current
DESCRIPTION
"The notifications which indicate specific changes in the
value of ifOperStatus."
::= { ifGroups 14 }
47
Compliance
• Compliance has two classes of groups
• MANDATORY-GROUPS ... Required
• GROUP
…Optional
48
MODULE-COMPLIANCE
MODULE-COMPLIANCE MACRO ::= BEGIN
TYPE NOTATION ::=
"STATUS" Status
"DESCRIPTION" Text
ReferPart
ModulePart
VALUE NOTATION ::=
value(VALUE OBJECT IDENTIFIER)
49
ModulePart
ModulePart ::= Modules
Modules ::= Module | Modules Module
Module ::=
"MODULE" ModuleName
MandatoryPart
CompliancePart
ModuleName ::= identifier ModuleIdentifier | empty
ModuleIdentifier ::= value(OBJECT IDENTIFIER) | empty
MandatoryPart ::= "MANDATORY-GROUPS" "{" Groups "}“ | empty
Groups ::= Group | Groups "," Group
Group ::= value(OBJECT IDENTIFIER)
50
CompliancePart (1/2)
CompliancePart ::= Compliances | empty
Compliances ::= Compliance | Compliances Compliance
Compliance ::= ComplianceGroup | Object
ComplianceGroup ::=
"GROUP" value(OBJECT IDENTIFIER)
"DESCRIPTION" Text
Object ::=
"OBJECT" value(ObjectName)
SyntaxPart
WriteSyntaxPart
AccessPart
"DESCRIPTION" Text
51
CompliancePart (2/2)
SyntaxPart ::= "SYNTAX" Syntax | empty
-- must be a refinement for object's SYNTAX clause
WriteSyntaxPart ::= "WRITE-SYNTAX" Syntax | empty
Syntax ::= type | "BITS" "{" NamedBits "}"
NamedBits ::= NamedBit | NamedBits "," NamedBit
NamedBit ::= identifier "(" number ")"
AccessPart ::= "MIN-ACCESS" Access | empty
Access ::=
"not-accessible" | "accessible-for-notify"
| "read-only" | "read-write" | "read-create"
52
MODULE-COMPLIANCE Example
hrMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The requirements for conformance to the Host Resources MIB."
MODULE -- this module
MANDATORY-GROUPS { hrSystemGroup, hrStorageGroup, hrDeviceGroup }
OBJECT hrSystemDate
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.“
GROUP hrSWRunGroup
DESCRIPTION
"The Running Software Group. Implementation of this group is mandatory
only when the hrSWRunPerfGroup is implemented."
…
::= { hrMIBCompliances 1 }
53
OBJECT
ifAdminStatus
SYNTAX
INTEGER { up(1), down(2) }
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required, nor is support for the value
testing(3)."
54
OBJECT-GROUP
systemGroup
OBJECTS
OBJECT-GROUP
{sysDescr, sysObjectID, sysUpTime, sysContact, sysName,
sysLocation, sysServices, sysORLastChange, sysORID,
sysORUptime, sysORDesc}
STATUS
current
DESCRIPTION
"The system group defines objects which are common
to all managed systems."
::= {snmpMIBGroups 6}
Figure 6.25 Example of OBJECT-GROUP Macro
55
Agent Capabilities
• AGENT-CAPABILITIES macro
• SUPPORTS modules and includes groups
• VARIATION identifies additional features
56
AGENT-CAPABILITIES
routerIsi123 AGENT-CAPABILITIES
PRODUCT-RELEASE
"InfoTech Router isiRouter123 release 1.0"
STATUS
current
DESCRIPTION
"InfoTech High Speed Router"
SUPPORTS
snmpMIB
INCLUDES
{systemGroup, snmpGroup, snmpSetGroup,
snmpBasicNotificationsGroup }
VARIATION
coldStart
DESCRIPTION
"A coldStart trap is generated on all
reboots."
SUPPORTS
IF-MIB
INCLUDES
{ifGeneralGroup, ifPacketGroup}
SUPPORTS
IP MIB
INCLUDES
{ipGroup, icmpGroup}
SUPPORTS
TCP-MIB
INCLUDES
{tcpGroup}
SUPPORTS
UDP-MIB
INCLUDES
{udpGroup}
SUPPORTS
EGP-MIB
INCLUDES
{egpGroup}
::= { isiRouter 1 }
Figure 6.30 Example of AGENT-CAPABILITIES Macro
57
SNMPv2 Internet Group
Internet
{1 3 6 1}
SNMPv2
directory
(1)
mgmt
(2)
experimental
(3)
private
(4)
security
(5)
snmpv2
(6)
Figure 6.1 SNMPv2 Internet Group
58
NOTIFICATION-TYPE
59
Object Types for SNMPv2 Traps
60
Inform-Request
PDU
Type
RequestID
Error
Status
Error
Index
VarBind 1
sysUpTime
VarBind 1
value
VarBind 2
snmpTrapOID
VarBind 2
value
• Inform-Request behaves as trap in that the
message goes from one manager to another
unsolicited
• The receiving manager sends response to the
sending manager
61
..
.
SNMPv2- Decentralized management
Agent
Element manager
Management server
SNMPv2
agent
MIB
SNMPv2
agent
MIB
SNMPv2
agent
MIB
SNMPv2
Manager/agent
MIB
Management Applications
SNMPv2
manager
MIB
SNMPv2
Manager/agent
MIB
SNMPv2 Configuration
Compatibility with SNMPv1



SNMPv2 MIB is not backward compatible with SNMPv1
Compatibility with SNMPv1  2 evolution paths:
o
Bilingual Manager
o
Proxy Server
Bilingual Manager expensive in resource and operation
Agent
Profile
Bilingual Manager
SNMPv1
Interpreter
SNMPv1
Agents
SNMPv2
Interpreter
SNMPv2
Agents
SNMP Bilingual Manager
Both interpreters are required!
SNMP Proxy Server
SNMPv2 Manager
Proxy
Server
SNMPv1
Agents
SNMPv2 Manager
GetRequest
GetNextRequest
SetRequest
GetBulkRequest
SNMPv2
Agents
SNMP v2-v1 Proxy Server
SNMPv1 Agent
Pass-Through
GetRequest
Pass-Through
GetNextRequest
Pass-Through
Set: 1. non-repeaters = 0
2. max-repetitions = 0
SetRequest
GetNextRequest
Pass-Through
Response
SNMPv2-Trap
Exception: For 'tooBig' error, contents of variable-bindings
field removed .
Prepend VarBind: 1. sysUpTime.0
2. snmpTrapOID.0
SNMP v2-v1 Proxy Server
GetResponse
Trap
SNMPv2 MIB
directory
(1)
mgmt
(2
Internet
{1 3 6 1}
experimental
(3)
private
(4)
snmpdomains
(1)
mib-2
(1)
system
(1)
security
(5)
snmpProxys
(2)
snmpv2
(6)
snmpModules
(3)
snmpMIB
(1)
snmp
(11)
snmpMIBObjects
(1)
snmpMIBConformance
(2)
65