1. NMS Overview 2. SMI or How a MIB is written 3. MIB II 4. SNMP Operations: Get, GetNext, Set.. 5. SNMPv3

Version 1.0


Overview of Network Management Systems

Version 1.0


NMS - Overview

• Communication Networks Vary in Nature, Complexity and Size • In addition, each Equipment vendor brings in his own proprietary implementations • Effective Network Management thus is a critical component for Network operators and Service Providers to run their business • Service providers face a huge challenge in managing the Network and ensuring the availability of Services

Version 1.0


NMS .0 4 .Overview  IETF is standards body for IP networks which use SNMP  Standardization for Telecom Network is driven by ITU which uses TMN  Network Management Proxies are for converging different Network Management Standardizations Version 1.

Preferred Architecture : Hierarchical Manager Agent Model Version 1.0 5 .NMS . Agent provides communication with the manager and executes the instructions received.Overview Manager Agent Model Manager: The entity that does the communicating with the agent management functions by Agent: The entity that represents part of the network being managed.

0 6 .Workbook 1 Version 1.

You can have as many copies of each device as you like.0 7 . Which of them will have agents and which can have managers? Group these devices into categories.     Look at the pictures in the previous slide.. Version 1.Workbook 1 . Arrange in a Network Management heirarchy.

Network Management Style POLLING • • • • Request and get information Overall picture available Non Real time information Higher Bandwidth need Real time information Exceptions reported Interrupt driven process Lower Bandwidth TRAPS • • • • Preferred Solution : Trap directed Polling.0 8 . Version 1.

Workbook 2 Version 1.0 9 .

0 10 .Workbook 2  Look at the diagram in the previous slide  What parameters will you poll and what traps and alarms will you capture Version 1.

0 11 .NMS – Functional Overview Network Management consists of:  Fault Management  Configuration Management  Accounting Management  Performance Management  Security Management Version 1.

0 12 .Fault Management Fault Management :  Alarm Handling  Trouble Detection  Trouble Correction  Test and Acceptance  Network Recovery Version 1.

) Version 1. Performance Monitoring.. Trouble explanation (e.g. element management system.) 2. etc. Date and time alarm condition occurred 5.0 13 . Status of alarm (e.g. facilities. Severity code 4. cleared.Alarms Alarms should contain the following information: 1. Originating resource (network element. active. defined alarm code) 3. Duration of alarm condition 6. acknowledged.. etc.

0 14 .Configuration Management Configuration Management :  System Boot Up Function  Network Provisioning  Auto Discovery  Backup and Restore  Database Handling Version 1.

0 15 .Accounting Management Accounting Management consists of: Track Service Usage Bill For Usage Version 1.

0 16 .Performance Management Performance Management entails: Data Collection Report Generation Data Analysis Version 1.

Security Management Security Management involves: Control Device Access Enable Device functions Access Logs Authentication Authorization Encryption Version 1.0 17 .

Supports Large Data Handling v3: Enhanced Security and Access Control TL 1 .TRANSACTION LANGUAGE 1 CMIP .COMMON MANAGEMENT INFORMATION PROTOCOL TMN SPECIFIED Version 1.0 18 .SIMPLE NETWORK MANAGEMENT PROTOCOL v1: First Version v2: Enhanced.Some Network Management Protocols SNMP .

Broadband. Frame Relay OSS Interfaces Network Call Control Billing Modules Version 1. ATM. Access nodes.0 19 . Transmission Nodes.Functional View of NMS Business Mgmt Layer Service Mgmt Layer Network Mgmt Layer Element Mgmt Layer Adaptation Layer External Interfaces PBX. Switches.

0 20 . Network Management is: o o The monitoring of Managed Resources The controlling of Managed Resources Version 1.NMS .Overview In a nutshell.

. Version 1.NMS .. May be a logical entity • session • connection • software • ..Overview What is a Managed Resource ? – – – A component in your network May be a physical device • workstation • network element • circuit pack • ..0 21 .

Introduction to SMI Version 1.0 22 .

Introduction To SNMP  SNMP stands for Simple Network Management Protocol  Makes use of UDP/IP protocol stack for communication  SNMP models each device for the purpose of managing it Version 1.0 23 .

0 24 .  Specifies the Get.SNMP Components SNMP Protocol  Defines format of messages exchanged by management systems and agents. Set. and Trap operations Structure of Management Information(SMI)  Rules specifying format used to define objects managed on network that SNMP protocol accesses  Uses Abstract Syntax Notation One (ASN.1) Management Information Base(MIB)  Collection of information organized hierarchically Version 1. GetNext.

SNMP – Object Modelling  In order to manage a network it is essential to “Model” the network  One way (the best way) to model the network is by making use of Object oriented methodology  SNMP also defines objects (Not really objects but attributes by making use of ASN.1 Macros) Version 1.0 25 .

a framework is defined  The framework is referred to as SMI (Structure of Management Information)      SMIv1 is defined by IETF (RFC 1155) SNMPv1 in RFC1157 MIB-II is defined in RFC 1213 SNMPv2c RFCs defined in RFC 1902-1908 SNMPv3 RFCs defined in RFC 3411-3418 Version 1.SMI.0 26 . SNMP & MIB  In order to define objects in uniform and consistent fashion.

0 27 .1 type)  The syntax of the object defines abstract data structure Represented as an ASN.SNMP – SMI  Managed objects (network components) are accessed through virtual information store called “Management Information Base” (MIB)  Each object type has name. syntax and encoding  The name of the object is represented by OBJECT IDENTIFIER (ASN.1 data type  The encoding of the object is done by any of the standard encoding techniques – BER (Basic Encoding Rule) Version 1.

SNMP – Object Naming   The Object Identifier is a sequence of numbers that traverse a Tree structure Typically a “label” (textual name) is associated with the number Example: ccitt (0).0 28 . iso (1) internet OBJECT IDENTIFIER ::= {iso org(3) dod(6) 1} directory OBJECT IDENTIFIER ::= {internet 1} mgmt OBJECT IDENTIFIER ::= {internet 2} experimental OBJECT IDENTIFIER ::= {internet 3} Version 1.

ISO OID Tree root ccitt (0) iso (1) joint-iso-ccitt (2) stnd (0) reg-auth (1) mb (2) org (3) dod (6) internet (1) directory (1) mngt (2) mgmt experimental (3) private (4) enterprises (1) security (5) snmpV2 (6) mib-2 (1) Version 1.0 snmpDomains (1) snmpProxys (2) snmpModules (3) 29 .

Workbook 3: MIB tree Version 1.0 30 .

Examine from the root of the ISO OID MIB Tree.0 31 .    Open the AdventNet MIB Browser as shown in the previous slide. What do you observe? Version 1.Workbook 3 . Load RFC1213 MIB..

Primitive ASN.0 32 . OBJECT IDENTIFIER 4. NULL Version 1. INTEGER 2. OCTET STRING 3.1 Data Types The 4 in built or primitive ASN.1 data types are: 1.

that increase or decrease.SMIv1 . Version 1.1 data types. value and resets to zero Gauge – Integer value. but latches at Max (Min) value.1 type TimeTicks – Integer each unit representing 1/100th of sec. SMIv1 defines application wide data types like: • • • • • • Network Address – A choice type to choose from family of addresses IP Address – Octet String of length 4 Counter – A non-negative integer that increases to a Max.Object Types  Apart from the ASN. Opaque – A container type (OCTET STRING) for any ASN.0 33 .

Gauge type object example is …….0 34 . NULL object example is …… OPAQUE object example is …… Time Ticks Object is found in …. Version 1. Table type object example is …… OCTET STRING example is ……..Quick Quiz         IP Address type object will be found in…… Counter type object will be found in …..

SMIv1 and SMIv2 Data Types SM Iv1 S IMP LE T YP E S: INT E GE R O CT ET ST R IN G O BJE CT ID EN T IF IE R A P PLICA T IO N-W ID E T Y P ES : G auge C ounter T im eTicks IpA ddress O paque N etw orkAddress - SM Iv2 IN TE GE R OC TE T S T RING OB JEC T IDE NT IFIER Integer32 Unsigned32 Gauge32 Counter32 Counter64 TimeT icks IpA ddress Opaque BIT S 35 P S EU D O T Y PE S : Version 1.0 .

OBJECT-TYPE Definition OBJECT-TYPE: INTEGER OCTET STRING OBJECT IDENTIFIER BITS IpAddress Integer32 Counter32 Counter64 Gauge32 TimeTicks Opaque New Type read-only read-write read-create accessible-for-notify not-accessible current deprecated obsolete "" 36 SYNTAX MAX-ACCESS STATUS DESCRIPTION Version 1.0 .

OBJECT-TYPE Scalar Definition Example Definition of address address SYNTAX MAX-ACCESS STATUS DESCRIPTION ::= {NEW-MIB 1} OBJECT-TYPE IpAddress read-write current "The Internet address of this system" Version 1.0 37 .

Version 1.0 38 .Workbook 4  Examine the RFC 1213 MIB file and locate an OBJECT –TYPE definition for a scalar  Locate OBJECT IDENTIFIER definitions and look at the definitions.

0 39 .Definition of Non Leaf Objects info OBJECT IDENTIFIER ::= {NEW-MIB 2} ALTERNATIVE CONSTRUCT: OBJECT IDENTITY EXAMPLE: info STATUS DESCRIPTION OBJECT-IDENTITY current "The node under which future scalar objects should be registered " ::= {NEW-MIB 2} Version 1.

Definition of a MIB NEW-MIB DEFINITIONS ::= BEGIN import statement(s) module identity definition definition of all node and leaf objects definition of implementation requirements END Version 1.0 40 .

newMibModule MODULE-IDENTITY LAST-UPDATED "200104041200Z" ORGANIZATION "UT-TMG" CONTACT-INFO " University of Twente The Netherlands Email: " DESCRIPTION "Experimental MIB for demo purposes" ::= { enterprises ut(785) 7 }

Version 1.0


Imports Statement Example

Version 1.0


An Example MIB
WIN-MIB DEFINITIONS ::= BEGIN IMPORTS RowStatus, DisplayString FROM SNMPv2-TC OBJECT-TYPE, MODULE-IDENTITY, enterprises, Integer32 FROM SNMPv2-SMI; winSystem MODULE-IDENTITY LAST-UPDATED "200210110900Z" ORGANIZATION "jay Inc." CONTACT-INFO "jay Inc. Web site: Email:" DESCRIPTION "The MIB module for managing winsys Info" ::= { enterprises jay(5000) 10 }

Version 1.0


0 44 .MIB example(contd) mySysObjects OBJECT IDENTIFIER ::= { winSystem 1 } mySystemName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "System name" ::= { mySysObjects 1 } mySystemDir OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "System directory" ::= { mySysObjects 2 } END Version 1.

 Can you follow how the module is organized?  What do you think is the advantage of this approach? Version 1.0 45 .Workbook 5  Locate a MIB file with a MIB MODULE definitions with IMPORTS and MODULE-IDENTITY.

OBJECT IDENTIFIER. IpAddress Version 1..IndexPart in Object Definition  The INDEX can be a comma separated list of Object Identifiers.MAX).0 46 .  OCTET STRING. IndexSyntax ::= CHOICE { number string object ipAddress } INTEGER (0. one for simple index and many for composite index.

0 47 .SNMP – MIB Example Scalar udpInDatagrams OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION “The total number of UDP datagrams delivered to UDP users “ ::= {udp 1} Version 1.

tcpConnRemoteaddress. tcpConnRemotePort } ::= {tcpConnTable 1} Version 1.SNMP – MIB Example Table Definition tcpConnTable OBJECT-TYPE SYNTAX SEQUENCE OF TcpConnEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION “A table containing TCP connection specific information” ::= {tcp 13} tcpConnEntry SYNTAX MAX-ACCESS STATUS DESCRIPTION INDEX OBJECT-TYPE TcpConnEntry not-accessible current “Information about particular tcp connection” {tcpConnLocaladdress.0 48 . tcpConnLocalPort.

..0 49 . tcpConnLocalAddress IpAddress. tcpConnRemAddress IpAddress.65535). tcpConnRemPort INTEGER (0. tcpConnLocalPort INTEGER (0.MIB Example Table Definition TcpConnEntry ::= SEQUENCE { tcpConnState INTEGER.65535) } Version 1.

0 50 .Workbook 6  Look at the Table Definition of any table object in RFC 1213 MIB like ipRouteTable  What are the various components of a table definition? Version 1.

Examples of Indexes in MIB-II  In MIB-II. the following INDEX clauses are used Objects ifEntry ipRouteEntry tcpConnEntry INDEX { ifIndex } { ipRouteDest } { tcpConnLocalAddress. udpLocalPort } udpEntry Version 1. tcpConnRemotePort } { udpLocalAddress. tcpConnLocalPort. tcpConnRemoteAddress.0 51 .

0 52 . Version 1.  Use a MODULE-IDENTITY definition for your MIB including scalars and table objects.  Load your MIB and debug all errors until success……….Workbook 7: Writing a MIB  Pick your problem for MIB generation  Link in your own organization subtree in the MIB tree under enterprises.  Write your scalars and tables for describing your organization and products.

MIB II Version 1.0 53 .

0 54 .SNMP – Some Object Groups System Group – provides general information about the managed system SYSTEM sysDescr sysObjectId sysUpTime sysContact sysName sysLocation Version 1.

including configuration and statistics of events occurring on the interface ifNumber ifTable ifIndex ifDescr ifType ifSpeed ifMtu Version 1.SNMP – Interface Object Groups Interface Group :- Interfaces contains information about the physical interfaces of the entity.0 55 .

Management Information Base MIB is a standard that specifies the data items that a host or gateway must keep and the operations allowed on each MIB category system interfaces ip icmp tcp.0 56 . egp snmp Includes information about The host/gateway operating system Individual network interfaces Internet protocol software Internet control message protocol Transport and routing Snmp related objects Version 1. udp.

MIB-II Interfaces Group Version 1.0 57 .

MIB-II IP Group Version 1.0 58 .

0 59 .MIB-II TCP Group Version 1.

0 60 .SNMP Operations Version 1.

0 61 .SNMP – Communication Model Host A Host B SNMP MANAGER UDP / IP SNMP AGENT UDP / IP Data Link Data Link Physical Physical Version 1.

0 62 .SNMP – Protocol  The network devices are managed by the management station – Devices run “agent” software and management station run “manager” software The Manager learns about the network device through the agent Hence. both the agent and manager need to share the same “Information model” to work together Agent interact with the Device (back end) to retrieve values    Version 1.

0 63 .SNMP – Protocol     The management station and the network device use “SLEEK” UDP protocol to send and receive messages Management station will not instantiate the MIB. it retrieves the instance from the agent The manager and the agent use simple interaction: Manager sends a request message when it wants to retrieve objects and agent replies Agent on its own reports any trouble it notices on the device or TRAPS to the manager Version 1.

How SNMPv1 Messages Function Version 1.0 64 .

serves retrieving/modifying data  SNMP PDU specifies operation as password for Version 1.specifies the SNMP version number  community is OCTET STRING.SNMP Message Format ------------------------------------------------------| version | community | SNMP PDU | ------------------------------------------------------ version .0 65 .

0 66 . the manager needs to specify object name  The agent responds to GET request by sending to the manager GETRESPONSE message with: A list of requested objects (names) with their values – known as var binding list  In case of error.SNMP – Protocol Interaction Get Operation  The Manager sends GET Request to retrieve objects from the agent. the index indicates object which caused the error Version 1. In order to get the objects.

the object name is suffixed with the index value  If the agent doesn’t find the object with the name supplied by the manager it returns noSuchObject .SNMP – Protocol Interaction Get Operation  In order to retrieve scalar objects from the agent.0  In order to retrieve values from a table. Version 1.0 67 . or noSuchInstance if no instance of object found in the value field of the variable for SNMPv2. manager has to send object name suffixed with value ZERO: eg: sysUpTime.

GET Management Station PDU Type Req id 0 0 Variable Bindings (names) Device Agent Process PDU Type Req id 0 0 Name Variable 1 1 MIB Management process … Name n Variable n Response .0 Request id Error Status ErrorIndex Variable Bindings 68 .Protocol Operation .No Error PDU Format GetRequest/Response PDU Type Version 1.

0 Request id Error Status Error Index Variable Bindings 69 .Protocol Operation – GET (toobig error) Management Station PDU Type Req id 0 0 Variable Bindings (names) Device Agent Process PDU Type Req id MIB Management Process toobig 0 NULL Response – Error too big.message size Exceeds max size PDU Format GetRequest/Response PDU Type Version 1.

Protocol Operation – GET (generror error) Management Station PDU Type Req id 0 0 Variable Bindings (names) PDU Type Req id Device generror Index Of problem object MIB Management Process Agent Process Variable Bindings (names) Response – Error generror.0 70 .processing of Variable name fails PDU Format GetRequest/Response PDU Type Request id Error Status Error Index Variable Bindings Version 1.

0 71 .  Max.Error Status for SNMPv1  Values for error status are:  noError (0) request was successfully processed  tooBig (1) Agent could not fit results of request into single SNMP message.  Min Size :484 bytes. size 1500 bytes for Ethernet Networks Version 1.

 badValue(3) a set value tried to modify an object with invalid or inconsistent value. In reality this isnt used as if you try to set a read-only object noSuchName error status is returned  genErr (5) any other error Version 1. Most common source is reading objects that do not exist.Error Status  noSuchName(2) Object specified which agent did not know based on specified community.0 72 .  readOnly (4) defined in v1 to indicate that a set operation tried to modify a variable that according to community profile cannot be written into.

SNMPv2 to SNMPv1 Error Mapping SNMPv2 Error Status  noError  tooBig  noSuchName  badValue  readOnly  genErr  wrongValue  wrongEncoding  wrongType  wrongLength  Inconsistent Value  noAccess  notWritable  noCreation SNMPv1 Error Status noError tooBig noSuchName badValue readOnly genErr badValue badValue badValue badValue badValue noSuchName noSuchName noSuchName Version 1.0 73 .

 For SNMP SET requests we cannot get back any exceptions.SNMPv2 Exceptions  For SNMP GET requests we can get back noSuchObject and noSuchInstance Exception  For SNMP GETNEXT requests we can get back endOfMibView.0 74 .  For SNMP GETBULK requests we can get back endOfMibView Version 1.

Each table has an Entry which is SEQUENCE Type.0 75 .1 SEQUENCE OF type.SNMP – Protocol Interaction SNMP Table      The SNMP table is represented as ASN. the object name is suffixed with the index value The agent need to create the rows in the table either during start up or when the manager sends a SET request to the agent Version 1. Each column in the table entry is identified by the object identifier Each row is identified by the index value In order to retrieve values from a table.

next lexicographically ordered object Get Next operation allows the manager to search through the table. However.SNMP – Protocol Interaction Get Next Operation  Get Next operation is similar to Get Request. Get Next operation retrieves the . without having to know the index value  Version 1.0 76 .

0 77 .Get Request  Consider following MIB table a subset of ifTable Instance 1 2 3 4 5 6 ifIndex 1 2 3 4 5 6 ifDescr ethernet ethernet serial ppp ethernet ethernet ifType 6 6 22 23 6 6 Version 1.

2 ethernet ifTypes.4) The agent will respond typically with: sysUptime.Get Request Illustration If a mangement station issues a: GetRequest(sysUpTime. rows Version 1.0 78 .ifDescr.4 23 GetRequest can query scalars & objects from diff.0.0 287231 ifIndex. ifIndex.1 1 ifDescr.1.2. ifType.

0 79 .Get Next Request  Consider this table: ifIndex ifInOctets ifInUcastPkts ifInNUcastPkts 1 200123 560 912 2 4587213 8876 1780 3 755943 8761 1020 4 8837722 110211 4390 5 398765321 301392159 3259 6 983141 65211 3251 Version 1.

1 912  GetNestRequest automatically returns the queried columns of the first row.e 1 in example Version 1. ifInNUcastPkts)  Response will be: ifInOctets.1 560 ifInNUcastPkts.1 200123 ifInUcastPkts.0 80 . i.GetNextRequest Illustration  Issue a GetNextRequest(ifInOctets. The response will also have the index of the first row instance. ifInUcastPkts.

1.1.  Response will be fields of next row: ifInOctets. ifInUcastPkts.2 8876 ifInNUcastPkts.2 1780 Version 1.2 4587213 ifInUcastPkts.GetNextRequest Illustration  Issue a GetNextRequest(ifInOctets.1) using index of first row.0 81 . ifInNUcastPkts.

0 Request nonmaxid repeaters repetitions Variable Bindings 82 .Protocol Operation – Getbulk Management Station PDU Type Req id Nonrepeaters Maxrepetitions Variable Bindings Device Agent Process PDU Type Req id Nonrepeaters MIB Maxrepetitions Variable Bindings Management Process PDU Format for getbulk PDU Type Version 1.

0 83 .GetBulkRequest Version 1.

SNMP – Protocol Interaction SET Operation  Manager sends Set Request to set value of objects.0 84 . manager need to specify both the object name and the value  Agent responds to the SET request with same PDU as GET-RESPONSE PDU Version 1. In order to set object values.

Protocol Operation .0 Request id Error Status Error Index Variable Bindings 85 .SET PDU Type Management Station Req 0 0 Name Variable … Name Variable n id 1 1 n Management Process Device Agent Process MIB Name Variable n n PDU Type Req 0 id 0 Name Variable 1 1 •If no Validation error •Phase-2 : •If no updation error •The values are … set PDU Format SetRequest/Response PDU Type Version 1.

0 Request id Error Status Error Index Variable Bindings 86 .Protocol Operation – Trapv2 Management Station PDU type Req Id Device 00 Variable Bind List MIB Management process Agent Process •Trap PDU GeneratedUnusual Event occurrence PDU Format for Trap PDU Type Version 1.

Trap PDU  Format for SNMPv2 Trap PDU ----------------------------------------------------------| 0xA7 | reqid | 0 | 0 | variable bindings | ----------------------------------------------------------PDU format identical to Get.  First variable provides agent’s value of sysUpTime when Trap generated.0 87 . GetNext or Set .0 which identifies what type of trap it is Version 1.Info about trap embedded in variable bindings.  Next variable is snmpTrapOID.

” ::= { snmpTraps 3} Version 1.NOTIFICATION-TYPE  SNMPv2 Traps are defined by this macro. linkDown NOTIFICATION-TYPE OBJECTS { ifIndex.0 88 . ifOperStatus} STATUS current DESCRIPTION “A linkdown trap …. ifAdminStatus .

SNMPv1 Trap PDU  Trap message is sent by agent to manager at UDP port 162 whereas GetRequest and GetResponse goes to UDP port 161. | spec.  Format of SNMPv1 Trap PDU: -----------------------------------------------------------------| 0xA4 | ent.0 89 . | ts | var bind | ------------------------------------------------------------------ Version 1. | addr | gen.

0 90 .Generic Traps  Six Generic Traps are defined:  coldStart (0)  warmStart (1)  linkDown(2)  linkUp (3)  authenticationFailure(4)  egpNeighbourLoss(5) Version 1.

 InformsRequest PDU is: ----------------------------------------------------------| 0xA6 | reqid | 0 | 0 | variable bindings | ----------------------------------------------------------• • Type Value of 0xA6 indicates it is an Informs message. Version 1. This can also be sent from one manager to another.Informs  Informs are like SNMPv2 Traps but they are acknowledged.0 91 .

Workbook 8  Explore the AdventNet Manager and access the agent on Linux machine and see how the manager and agent interact.  Use snmpget. snmpbulkget for accessing MIB objects both scalars and table objects. Version 1. snmpgetnext.  Use snmptrap to generate traps which can be seen on AdventNet Trap Viewer.  Capture in Ethereal the exchange between manager and agent and note the port number used by manager and agent and also the various filelds in the SNMP message.0 92 .

0 93 .SNMP Message BER Encoding Example Version 1.

0 94 .. Version 1.SNMP Message BER Encoding Example.

0 95 . Version 1.Workbook 9  Make an SNMP request to the agent from your manager and trace byte wise the SNMP request and response in Ethereal.

Introduction to SNMP v3

Version 1.0


SNMPv3 Architecture

Version 1.0


SNMP Entity, Applications and Engine
SNMP Entity

SNMP Applications

SNMP Engine Implements functions to provide services to applications

Version 1.0


SNMPv3 Agent Architecture Version 1.0 99 .

Functions of SNMP Engine 1. Accepts incoming PDU’s.0 100 . Does the following • • • Encryption Insert authentication code Encapsulation of PDU’s in messages 2. Accepts outgoing PDU’s. Does the following • • • Authentication Decryption Extraction of PDU’s from messages Version 1.

SNMP v3 Message Structure msgVersion msgID msgMaxSize msgFlags msgSecurityModel msgSecurityParameters contextEngineID contextName PDU Version 1.auth 1.3 Used by security and access control 101 .2.0 snmpv3 Used by message processing subsystem reportable. priv.

works on PDUs Version 1. Operates on SNMP PDU’s. Authorization services to control access to MIBs for reading and setting of managed objects. Security Subsystem: privacy and authentication. works on SNMP messages Access Control: authorized access. 2.Functions of Access Control Subsystem 1.0 102 . So far the only defined model is View Based Access Control Model.

0 103 .SNMPv3 Access Control Version 1.

0 104 .A MIB View Version 1.

notify) Version 1.VACM OID security name vacmSecurityToGroupTable groupName MIB View security model vacmAccessTable vacmViewTree FamilyTable security level context name mess type(read.write .0 105 .

SNMP v3 Message Structure Version 1.0 106 .

0 107 .USM Message Structure Version 1.

msgAuthoritativeEngineID: snmpEngineID of the source for a Trap. msgAuthoritativeEngineBoots: snmpEngineBoots value which represents the number of times SNMP engine has reinitialized itself since its initial configuration 3. msgAuthoritativeEngineTime: snmpEngineTime represents number of seconds since SNMP Engine last incremented the snmpEngineBoots object. 5. Set. msgAuthenticationParameters: HMAC message code 6.USM Message Parameters 1. Informs 2.0 108 . msgUserName: user on whose behalf message is exchanged. GetBulk. GetNext. Response or Report and of the destination for a Get. 4. msgPrivacyParameters: initial value of DES CBC algoritham Version 1.

the organization may not want to incur the overhead of using authentication. This is referred to as noauth/nopriv. Version 1. There may be situations where the users are trusted and/or the data is not sensitive.Authentication There are three goals in authentication: (1) to verify that the user is really who he says he is (2) to verify the user's message was not changed during transport (3) to verify that the message is not being replayed (copy the message and play it over again in the future). Authentication is optional in SNMPv3. In these cases.0 109 .

A message digest is computed of the packet using the secret authentication key for the user specified in msgUserName. and the msgAuthenticationParameters is zeroed out. The computed message digest is inserted in the message. 4. Version 1. The entire packet is created. The algorithm used HMAC (MD5 or SHA )is determined by the authentication protocol specified for the user.Authentication Sending an authenticated SNMPv3 packet: 1. 3. 2. The packet is sent.0 110 . The authentication flag is turned on in the msgFlags.

all traffic between them is encrypted using the Data Encryption Standard (DES). Version 1.Privacy with DES The SNMPv3 USM privacy facility enables managers and agents to encrypt messages to prevent eavesdropping by third parties. When privacy is invoked between a principal and a remote engine. Manager entity and agent entity must share a secret key.0 111 . The cipher-block-chaining (CBC) mode of DES is used by USM.

0 112 .Workbook 10 Observe the demo for configuring an SNMPv3 Agent. Implement View Based Access Control on the v3 Agent in your system and test it out. Version 1.

0 113 .SNMP – V1 and V2 Comparison SNMP V1    The Trap PDU independently was defined  SNMP V2 Trap PDU redefined to be same as that of GetRequest Get Bulk operation was defined Inform Request PDU was defined for an acknowledged trap & to exchange info between mgmt stations The operation Get Bulk was never defined Inform Request was not defined   Version 1.

Sign up to vote on this title
UsefulNot useful