Network Working Group J. Case Request for Comments: 1450 SNMP Research, Inc. K. McCloghrie Hughes LAN Systems M. Rose Dover Beach Consulting, Inc. S. Waldbusser Carnegie Mellon University April 1993
Status of this Memo
This RFC specifes an IAB standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "IAB Official Protocol Standards" for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Table of Contents
1 Introduction
1.1 A Note on Terminology
2 Definitions
3.1 The SNMPv2 Statistics Group
3.2 The SNMPv1 Statistics Group
3.3 The Object Resource Group
3.4 The Traps Group
3.4.1 Well-known Traps
3.5 The Set Group
3.6 Conformance Information
3.6.1 Compliance Statements
3.6.2 Units of Conformance
3 Acknowledgements
4 References
5 Security Considerations
6 Authors' Addresses
Case, McCloghrie, Rose & Waldbusser [Page 1]
A network management system contains: several (potentially many) nodes, each with a processing entity, termed an agent, which has access to management instrumentation; at least one management station; and, a management protocol, used to convey management information between the agents and management stations. Operations of the protocol are carried out under an administrative framework which defines both authentication and authorization policies.
Network management stations execute management applications which monitor and control network elements. Network elements are devices such as hosts, routers, terminal servers, etc., which are monitored and controlled through access to their management information.
Management information is viewed as a collection of managed objects, residing in a virtual information store, termed the Management Information Base (MIB). Collections of related objects are defined in MIB modules. These modules are written using a subset of OSI's Abstract Syntax Notation One (ASN.1) [1], termed the Structure of Management Information (SMI) [2].
The management protocol, SNMPv2 [3], provides for the exchange of messages which convey management information between the agents and the management stations. It is the purpose of this document to define managed objects which describe the behavior of a SNMPv2 entity.
For the purpose of exposition, the original Internet-standard Network Management Framework, as described in RFCs 1155, 1157, and 1212, is termed the SNMP version 1 framework (SNMPv1). The current framework is termed the SNMP version 2 framework (SNMPv2).
Case, McCloghrie, Rose & Waldbusser [Page 2]
SNMPv2-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
ObjectName, Integer32, Counter32, snmpModules
FROM SNMPv2-SMI
TruthValue, DisplayString, TestAndIncr, TimeStamp
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF
system, ifIndex, egpNeighAddr
FROM RFC1213-MIB
partyEntry
FROM SNMPv2-PARTY-MIB;
snmpMIB MODULE-IDENTITY
LAST-UPDATED "9304010000Z"
ORGANIZATION "IETF SNMPv2 Working Group"
CONTACT-INFO
" Marshall T. Rose
Postal: Dover Beach Consulting, Inc.
420 Whisman Court
Mountain View, CA 94043-2186
US
Tel: +1 415 968 1052
Fax: +1 415 968 2510
E-mail: mrose@dbc.mtview.ca.us"
DESCRIPTION
"The MIB module for SNMPv2 entities."
::= { snmpModules 1 } snmpMIBObjects OBJECT IDENTIFIER ::= { snmpMIB 1 } Case, McCloghrie, Rose & Waldbusser [Page 3]
-- the SNMPv2 statistics group -- -- a collection of objects providing basic instrumentation of -- the SNMPv2 entity. -- A Case diagram[4] relating these objects is: -- -- \v/ transport service -- | -- ==+== snmpStatsPackets -- | -- +==> snmpStats30Something -- | -- +==> snmpStatsEncodingErrors -- | -- +==> snmpStatsUnknownDstParties -- | -- +==> snmpStatsDstPartyMismatches -- | -- +==> snmpStatsUnknownSrcParties -- | -- +==> snmpStatsBadAuths -- | -- +==> snmpStatsNotInLifetimes -- | -- +==> snmpStatsWrongDigestValues -- | -- +==> snmpStatsUnknownContexts -- | -- +==> snmpStatsBadOperations -- | -- +==> snmpStatsSilentDrops -- | -- ===== sink snmpStats OBJECT IDENTIFIER ::= { snmpMIBObjects 1 } Case, McCloghrie, Rose & Waldbusser [Page 4]
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by the SNMPv2 entity from the transport service." REFERENCE "Derived from RFC1213-MIB.snmpInPkts." ::= { snmpStats 1 }
snmpStats30Something OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets which had an initial octet with a value of 30 hexadecimal received by a SNMPv2 entity which does not support SNMPv1. (Such packets are possibly misdirected SNMPv1 Messages.)" REFERENCE "Derived from RFC1213-MIB.snmpInASNParseErrs." ::= { snmpStats 2 }
snmpStatsEncodingErrors OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by the SNMPv2 entity which were improperly encoded or had invalid syntax." REFERENCE "Derived from RFC1213-MIB.snmpInASNParseErrs." ::= { snmpStats 3 } Case, McCloghrie, Rose & Waldbusser [Page 5]
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SnmpPrivMsgs delivered to the SNMPv2 entity for which the privDst field was not a known local party." ::= { snmpStats 4 }
snmpStatsDstPartyMismatches OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SnmpPrivMsgs delivered to the SNMPv2 entity which contained a SnmpAuthMsg for which the authData.dstParty field did not match the privDst field in the SnmpPrivMsg." ::= { snmpStats 5 }
snmpStatsUnknownSrcParties OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SnmpAuthMsgs delivered to the SNMPv2 entity for which the authData.srcParty field was not a known remote party." ::= { snmpStats 6 }
snmpStatsBadAuths OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SnmpAuthMsgs delivered to the SNMPv2 entity which contained an authInfo field which was inconsistent with the authentication protocol associated with the source party." ::= { snmpStats 7 } Case, McCloghrie, Rose & Waldbusser [Page 6]
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SnmpAuthMsgs delivered to the SNMPv2 entity which were deemed unauthentic due to their authInfo.authSrcTimestamp field being less than the source party's clock plus lifetime." ::= { snmpStats 8 }
snmpStatsWrongDigestValues OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SnmpAuthMsgs delivered to the SNMPv2 entity which were deemed unauthentic due to their authInfo.authDigest field being unequal to the expected digest value." ::= { snmpStats 9 }
snmpStatsUnknownContexts OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SnmpMgmtComs delivered to the SNMPv2 entity for which the context field was not a known SNMPv2 context." ::= { snmpStats 10 }
snmpStatsBadOperations OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of messages delivered to the SNMPv2 entity which were silently dropped because the PDU type referred to an operation not allowed in the aclTable[5]." ::= { snmpStats 11 } Case, McCloghrie, Rose & Waldbusser [Page 7]
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of GetRequest-PDUs, GetNextRequest-PDUs, GetBulkRequest-PDUs, SetRequest-PDUs, and InformRequest-PDUs delivered to the SNMPv2 entity which were silently dropped because the size of an reply containing an alternate Response-PDU with an empty variable- bindings field was greater than either a local constraint or the maximum message size of the request's source party." ::= { snmpStats 12 } Case, McCloghrie, Rose & Waldbusser [Page 8]
-- the SNMPv1 statistics group -- -- a collection of objects providing basic instrumentation of -- a SNMPv2 entity which also implements SNMPv1. -- A Case diagram[4] relating these objects -- (and those applicable objects in the snmpStats group) -- is: -- -- \v/ transport service -- | -- ==+== snmpStatsPackets -- | -- +==> snmpStatsEncodingErrors -- | -- +==> snmpV1BadCommunityNames -- | -- +==> snmpV1BadCommunityUses -- | -- ===== sink snmpV1 OBJECT IDENTIFIER ::= { snmpMIBObjects 2 }
snmpV1BadCommunityNames OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SNMPv1 Messages delivered to the SNMPv2 entity which used a community name not known to the SNMPv2 entity." REFERENCE "Derived from RFC1213- MIB.snmpInBadCommunityNames." ::= { snmpV1 1 } Case, McCloghrie, Rose & Waldbusser [Page 9]
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SNMPv1 Messages delivered to SNMPv2 entity containing an operation which was not allowed for the community named in the Message." REFERENCE "Derived from RFC1213-MIB.snmpInBadCommunityUses." ::= { snmpV1 2 } Case, McCloghrie, Rose & Waldbusser [Page 10]
-- the object resource group -- -- a collection of objects allowing a SNMPv2 entity acting in -- an agent role to describe its dynamically-configurable -- object resources. snmpOR OBJECT IDENTIFIER ::= { snmpMIBObjects 3 }
snmpORLastChange OBJECT-TYPE
SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime at the time of the most recent change in state or value of any instance of snmpORID." ::= { snmpOR 1 }
snmpORTable OBJECT-TYPE
SYNTAX SEQUENCE OF SnmpOREntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table listing the dynamically- configurable object resources in a SNMPv2 entity acting in an agent role. SNMPv2 entities which do not support dynamically-configurable object resources will never have any instances of the columnar objects in this table." ::= { snmpOR 2 }
snmpOREntry OBJECT-TYPE
SYNTAX SnmpOREntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the snmpORTable." INDEX { snmpORIndex } ::= { snmpORTable 1 } Case, McCloghrie, Rose & Waldbusser [Page 11]
SnmpOREntry ::= SEQUENCE { snmpORIndex Integer32, snmpORID OBJECT IDENTIFIER, snmpORDescr DisplayString }
snmpORIndex OBJECT-TYPE
SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The auxiliary variable used for identifying instances of the columnar objects in the snmpORTable." ::= { snmpOREntry 1 }
snmpORID OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-only STATUS current DESCRIPTION "An authoritative identification of one of the dynamically-configurable object resources in a SNMPv2 entity acting in an agent role. This is analogous to the sysObjectID object in MIB-II." ::= { snmpOREntry 2 }
snmpORDescr OBJECT-TYPE
SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "A textual description of one of the dynamically- configurable object resources in a SNMPv2 entity acting in an agent role. This is analogous to the sysDescr object in MIB-II." ::= { snmpOREntry 3 } Case, McCloghrie, Rose & Waldbusser [Page 12]
-- the traps group -- -- a collection of objects which allow the SNMPv2 entity, when -- acting in an agent role, to be configured to generate -- SNMPv2-Trap-PDUs. snmpTrap OBJECT IDENTIFIER ::= { snmpMIBObjects 4 }
snmpTrapOID OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The authoritative identification of the trap currently being sent. This variable occurs as the second varbind of a SNMPv2-Trap-PDU." ::= { snmpTrap 1 }
snmpTrapTable OBJECT-TYPE
SYNTAX SEQUENCE OF SnmpTrapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table which keeps track of how many traps have been sent to each SNMPv2 entity." ::= { snmpTrap 2 }
snmpTrapEntry OBJECT-TYPE
SYNTAX SnmpTrapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry which keeps track of how many traps have been sent to a particular SNMPv2 entity." AUGMENTS { partyEntry } ::= { snmpTrapTable 1 } SnmpTrapEntry ::= SEQUENCE { snmpTrapNumbers Counter32 } Case, McCloghrie, Rose & Waldbusser [Page 13]
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of traps which have been sent to a particular SNMPv2 party, since the last initialization of the SNMPv2 entity, or the creation of the SNMPv2 party, whichever occurred most recently." ::= { snmpTrapEntry 1 }
snmpTrapEnterprise OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The authoritative identification of the enterprise associated with the trap currently being sent. When a SNMPv2 proxy agent is mapping an RFC1157 Trap-PDU into a SNMPv2-Trap-PDU, this variable occurs as the last varbind." ::= { snmpTrap 3 } Case, McCloghrie, Rose & Waldbusser [Page 14]
SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether the SNMPv2 entity, when acting in an agent role, is permitted to generate authenticationFailure traps. The value of this object overrides any configuration information; as such, it provides a means whereby all authenticationFailure traps may be disabled.
Note that it is strongly recommended that this
object be stored in non-volatile memory so that it
remains constant between re-initializations of the
network management system."
REFERENCE
"Derived from RFC1213-MIB.snmpEnableAuthenTraps."
::= { snmpTrap 4 } Case, McCloghrie, Rose & Waldbusser [Page 15]
-- well-known traps snmpTraps OBJECT IDENTIFIER ::= { snmpMIBObjects 5 }
coldStart NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"A coldStart trap signifies that the SNMPv2
entity, acting in an agent role, is reinitializing
itself such that its configuration may be
altered."
::= { snmpTraps 1 }
warmStart NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"A warmStart trap signifies that the SNMPv2
entity, acting in an agent role, is reinitializing
itself such that its configuration is unaltered."
::= { snmpTraps 2 }
linkDown NOTIFICATION-TYPE
OBJECTS { ifIndex }
STATUS current
DESCRIPTION
"A linkDown trap signifies that the SNMPv2 entity,
acting in an agent role, recognizes a failure in
one of the communication links represented in its
configuration."
::= { snmpTraps 3 }
linkUp NOTIFICATION-TYPE
OBJECTS { ifIndex }
STATUS current
DESCRIPTION
"A linkUp trap signifies that the SNMPv2 entity,
acting in an agent role, recognizes that one of
the communication links represented in its
configuration has come up."
::= { snmpTraps 4 } Case, McCloghrie, Rose & Waldbusser [Page 16]
::= { snmpTraps 5 }
egpNeighborLoss NOTIFICATION-TYPE
OBJECTS { egpNeighAddr }
STATUS current
DESCRIPTION
"An egpNeighborLoss trap signifies that an EGP
neighbor has been marked down and the EGP peer
relationship no longer obtains."
::= { snmpTraps 6 } Case, McCloghrie, Rose & Waldbusser [Page 17]
-- the set group -- -- a collection of objects which allow several cooperating -- SNMPv2 entities, all acting in a manager role, to -- coordinate their use of the SNMPv2 set operation. snmpSet OBJECT IDENTIFIER ::= { snmpMIBObjects 6 }
snmpSetSerialNo OBJECT-TYPE
SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "An advisory lock used to allow several cooperating SNMPv2 entities, all acting in a manager role, to coordinate their use of the SNMPv2 set operation.
This object is used for coarse-grain coordination. To achieve fine-grain coordination, one or more similar objects might be defined within each MIB group, as appropriate."
::= { snmpSet 1 } Case, McCloghrie, Rose & Waldbusser [Page 18]
-- conformance information
snmpMIBConformance
OBJECT IDENTIFIER ::= { snmpMIB 2 }
snmpMIBCompliances
OBJECT IDENTIFIER ::= { snmpMIBConformance 1 } snmpMIBGroups OBJECT IDENTIFIER ::= { snmpMIBConformance 2 } -- compliance statements
snmpMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMPv2 entities
which implement the SNMPv2 MIB."
MODULE RFC1213-MIB
MANDATORY-GROUPS { system }
MODULE -- this module
MANDATORY-GROUPS { snmpStatsGroup, snmpORGroup,
snmpTrapGroup, snmpSetGroup }
GROUP snmpV1Group DESCRIPTION "The snmpV1 group is mandatory only for those SNMPv2 entities which also implement SNMPv1." ::= { snmpMIBCompliances 1 } Case, McCloghrie, Rose & Waldbusser [Page 19]
-- units of conformance
snmpStatsGroup OBJECT-GROUP
OBJECTS { snmpStatsPackets, snmpStats30Something,
snmpStatsEncodingErrors,
snmpStatsUnknownDstParties,
snmpStatsDstPartyMismatches,
snmpStatsUnknownSrcParties, snmpStatsBadAuths,
snmpStatsNotInLifetimes,
snmpStatsWrongDigestValues,
snmpStatsUnknownContexts,
snmpStatsBadOperations,
snmpStatsSilentDrops }
STATUS current
DESCRIPTION
"A collection of objects providing basic
instrumentation of the SNMPv2 entity."
::= { snmpMIBGroups 1 }
snmpV1Group OBJECT-GROUP
OBJECTS { snmpV1BadCommunityNames, snmpV1BadCommunityUses }
STATUS current
DESCRIPTION
"A collection of objects providing basic
instrumentation of a SNMPv2 entity which also
implements SNMPv1."
::= { snmpMIBGroups 2 }
snmpORGroup OBJECT-GROUP
OBJECTS { snmpORLastChange, snmpORID, snmpORDescr }
STATUS current
DESCRIPTION
"A collection of objects allowing a SNMPv2 entity
acting in an agent role to describe its
dynamically-configurable object resources."
::= { snmpMIBGroups 3 } Case, McCloghrie, Rose & Waldbusser [Page 20]
::= { snmpMIBGroups 4 }
snmpSetGroup OBJECT-GROUP
OBJECTS { snmpSetSerialNo }
STATUS current
DESCRIPTION
"A collection of objects which allow several
cooperating SNMPv2 entities, all acting in a
manager role, to coordinate their use of the
SNMPv2 set operation."
::= { snmpMIBGroups 5 }
END
Case, McCloghrie, Rose & Waldbusser [Page 21]
The objects in the snmpStats and snmpV1 groups are based, in part, on RFC 1213.
Finally, the comments of the SNMP version 2 working group are gratefully acknowledged:
Beth Adams, Network Management Forum
Steve Alexander, INTERACTIVE Systems Corporation
David Arneson, Cabletron Systems
Toshiya Asaba
Fred Baker, ACC
Jim Barnes, Xylogics, Inc.
Brian Bataille
Andy Bierman, SynOptics Communications, Inc.
Uri Blumenthal, IBM Corporation
Fred Bohle, Interlink
Jack Brown
Theodore Brunner, Bellcore
Stephen F. Bush, GE Information Services
Jeffrey D. Case, University of Tennessee, Knoxville
John Chang, IBM Corporation
Szusin Chen, Sun Microsystems
Robert Ching
Chris Chiotasso, Ungermann-Bass
Bobby A. Clay, NASA/Boeing
John Cooke, Chipcom
Tracy Cox, Bellcore
Juan Cruz, Datability, Inc.
David Cullerot, Cabletron Systems
Cathy Cunningham, Microcom
James R. (Chuck) Davin, Bellcore
Michael Davis, Clearpoint
Mike Davison, FiberCom
Cynthia DellaTorre, MITRE
Taso N. Devetzis, Bellcore
Manual Diaz, DAVID Systems, Inc.
Jon Dreyer, Sun Microsystems
David Engel, Optical Data Systems
Mike Erlinger, Lexcel
Roger Fajman, NIH
Daniel Fauvarque, Sun Microsystems
Karen Frisa, CMU
Shari Galitzer, MITRE
Case, McCloghrie, Rose & Waldbusser [Page 22]
Case, McCloghrie, Rose & Waldbusser [Page 23]
Case, McCloghrie, Rose & Waldbusser [Page 24]
Case, McCloghrie, Rose & Waldbusser [Page 25]
[1] Information processing systems - Open Systems Interconnection - Specification of Abstract Syntax Notation One (ASN.1), International Organization for Standardization. International Standard 8824, (December, 1987).
[2] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Structure of Management Information for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1442, SNMP Research, Inc., Hughes LAN Systems, Dover Beach Consulting, Inc., Carnegie Mellon University, April 1993.
[3] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., "Protocol Operations for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1448, SNMP Research, Inc., Hughes LAN Systems, Dover Beach Consulting, Inc., Carnegie Mellon University, April 1993.
[4] J.D. Case, C. Partridge, Case Diagrams: A First Step to Diagramed Management Information Bases. Computer Communications Review, Volume 19, Number 1, (January, 1989).
[5] McCloghrie, K., and Galvin, J., "Party MIB for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1447, Hughes LAN Systems, Trusted Information Systems, April 1993.
Case, McCloghrie, Rose & Waldbusser [Page 26]
Security issues are not discussed in this memo.
Jeffrey D. Case
SNMP Research, Inc.
3001 Kimberlin Heights Rd.
Knoxville, TN 37920-9716
US
Phone: +1 615 573 1434
Email: case@snmp.com
Keith McCloghrie
Hughes LAN Systems
1225 Charleston Road
Mountain View, CA 94043
US
Phone: +1 415 966 7934
Email: kzm@hls.com
Marshall T. Rose
Dover Beach Consulting, Inc.
420 Whisman Court
Mountain View, CA 94043-2186
US
Phone: +1 415 968 1052
Email: mrose@dbc.mtview.ca.us
Steven Waldbusser
Carnegie Mellon University
4910 Forbes Ave
Pittsburgh, PA 15213
US
Phone: +1 412 268 6628
Email: waldbusser@cmu.edu
Case, McCloghrie, Rose & Waldbusser [Page 27]