Scribd
Upload
41 views41 pages

Chapter 3 Snmpv1 Communication and Functional Models

The document discusses SNMPv1 communication and functional models. It describes the read-only and read-write access modes for SNMP management stations and how they map to MIB access. It also covers SNMP PDU formats, operations like get and set requests, and basic SNMP message security issues.

Uploaded by

nidal aldmour
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
41 views41 pages

Chapter 3 Snmpv1 Communication and Functional Models

The document discusses SNMPv1 communication and functional models. It describes the read-only and read-write access modes for SNMP management stations and how they map to MIB access. It also covers SNMP PDU formats, operations like get and set requests, and basic SNMP message security issues.

Uploaded by

nidal aldmour
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 41

Chapter 4

Chapter 3 SNMPv1
Part 2
Communication and Functional Models

1 1
2
3
ACCESS

Read-only— Gives read access to authorized management stations to all


objects in the MIB

Read-write—Gives read and write access to authorized management stations


to all objects in the MIB

4
5
6
7
Status The value current (mandatory) means
that the definition is current and valid. The
value ‘obsolete’ means the definition is
obsolete and should not be implemented
and/or can be removed if previously
implemented. While the value ‘deprecated’
also indicates an obsolete definition, it
permits new/continued implementation in
order to foster interoperability with
older/existing implementations.
8
Address Translation Group (in MIB-II)
atTable OBJECT-TYPE
SYNTAX SEQUENCE OF AtEntry atIfIndex OBJECT-TYPE
ACCESS not-accessible SYNTAX INTEGER
STATUS current ACCESS read-write
DESCRIPTION “..." STATUS current
::= { at 1 } DESCRIPTION “…”
::= { atEntry 1 }
atEntry OBJECT-TYPE
SYNTAX AtEntry atPhysAddress OBJECT-TYPE
ACCESS not-accessible SYNTAX PhysAddress
STATUS current ACCESS read-write
DESCRIPTION “..." STATUS current
INDEX { atIfIndex, atNetAddress } DESCRIPTION “…"
::= { atTable 1 } ::= { atEntry 2 }

AtEntry ::= atNetAddress OBJECT-TYPE


SEQUENCE { SYNTAX NetworkAddress
atIfIndex INTEGER, ACCESS read-write
atPhysAddress PhysAddress, STATUS current
atNetAddress NetworkAddress DESCRIPTION “…"
} ::= { atEntry 3 }

9
10
11
12
13
14
15
16
17
SNMPv1

18
Protocol context of SNMP
MIB

162 161

19
SNMPv1 Packet
• SNMPv1 packet has the form

VERSION Community PDU


name

 Version  SNMPv1 is “0” in version field


 Community name  like a password
o Agent can limit who can see what
o Sent “in the clear”, so not very secure
 PDU is Protocol data unit which is the body of
SNMP operations

20
PDU

Request ID Error Error Binding variable list


status index

 Request ID  like a sequence number


 Error status  error in Get-Response
 Error index  first variable in VarBindList that caused error
 VarBindList  list of pairs of the form [varID, varValue]

21
SNMP PDU format

22
Error status:

23
• VarBindList  list of pairs of the form

varBind1 Value 1 varBind2 Value 2 varBind3 Value 3 varBindN Value N


Name Name Name Name

Variable

Name Value

IPAddr, string, counter, integer,


OID etc..

24
25
Format of SNMP Packets
• SNMPv1 Get/Set messages:

Version Community SNMP PDU

Cleartext string that is


used as a password
PDU Type Request ID
PDU type, e.g.:
32: SNMPv1 Get Error Status Error Index
64: SNMPv2 Get
Object 1, Value 1

Unique ID to match Object 2, Value 2


requests with replies
...
Sequence of name-value
pairs
26
27
SNMP Commands

Operation Description
get-request Retrieves a value from a specific variable.

get-next-request Retrieves a value from a variable within a table.

set-request Stores a value in a specific variable.

get-response Replies to a get-request, get-next-request, and set-


request sent by an NMS.

trap An alarm message sent by an SNMP agent to an


SNMP manager when some event has occurred.

28
SNMP Operations

GetRequest
UDP port 161
GetResponse

GetNextRequest UDP port 161


GetResponse

SetRequest UDP port 161


GetResponse

UDP port 162 Trap

SNMP Manager SNMP Agent


29
SNMP PDU Dialog
Manager Agent
Manager Agent
GetNex
GetRequ tReques
est PDU t PDU

s e PDU
e P DU s pon
s po n s GetRe
GetRe

(a) Get values (b) Get next values

Manager Agent Manager Agent

SetRequ PDU
est PDU Trap

ns e PDU
sp o
GetRe

(d) Send trap


(c) Set values

30
SNMP Operations
GetRequest (sysDescr.0) Agent
Manager Process
Process GetResponse (sysDescr .0= "SunOS" )
GetRequest (sysObjectID.0)
GetResponse ( sysObjectID.0=enterprises.11.2.3.10.1.2 )
GetRequest (sysUpTime.0)
GetResponse (sysUpTime.0=2247349530)
GetRequest (sysContact.0)
GetResponse (sysContact.0=" ")
GetRequest (sysName.0)
GetResponse (sysName.0="noc1 ")
GetRequest (sysLocation.0)
GetResponse (sysLocation.0=" ")
GetRequest (sysServices.0)
GetResponse (sysServices.0=72)

Figure 5.10 Get-Request Operation for System Group 31


32
SNMP message

33
Ethernet
Frame IP
Packet
UDP
SNMP Message CRC

Datagram

34
35
36
Security
• We mentioned previously the SNMP method of
authentication
– A community name acts like a password
– More than one mgmt station may have access

• Authorization is also a concern


– Assuming that you have access…
– …then what are you allowed to do?

37
Security
• SNMP Access Mode  MIB Access

• Mapping between these given below

SNMP Access Mode MIB Access Resolution


Read-Only Read-Only Object available for Get and Trap operations
Read-Write Object available for Get and Trap operations
Write-Only Object available for Get and Trap operations but
the value is implementation dependent
Not-accessible Object is unavailable
Read-Write Read-Only Object available for Get and Trap operations
Read-Write Object available for Get, Set and Trap
operations
Write-Only Object available for Get, Set and Trap
operations but the value is implementation
dependent for Get and Trap operations
Not-Accessible Object is unavailable

38
Proxy
• SNMP agent can act as a proxy
– To collect mgmt values

• Device might not support SNMP

• Might be used to improve performance

39
Comparison of SNMPv1 and SNMPv2
SNMPv1 PDU SNMPv2 PDU Direction Description
GetRequest GetRequest Manager to agent Request value for each
listed object

GetNextRequest GetNextRequest Manager to agent Request next value for


each listed object

------ GetBulkRequest Manager to agent Request multiple


values
SetRequest SetRequest Manager to agent Set value for each
listed object
------ InformRequest Manager to manager Transmit unsolicited
information

GetResponse Response Agent to manager or Respond to manager


Manage to request
manager(SNMPv2)

Trap SNMPv2-Trap Agent to manager

40
Comparisons between three SNMP Versions
Version Descriptions and improvements
SNMPv1 1. Define the SMI (RFC1155)
2. A more concise MIB definition (RFC 1212)
3. SNMP framework and its related operations (RFC 1157)
4. Concept of security (authentication) is proposed
SNMPv2 1. Improved SMI
2. Inclusion of ‘GetBulkRequest’’ to improve the efficiency for retrieving large
Chapter 5 blocks of data
3. ‘InformRequest’ for communication between management stations
SNMPv3 1. Security and administration add-on’s (RFC2571)
2. Multi-version SNMP message processing and dispatch capability (RFC 2572)
Chapter 6 3. The five type of applications within an SNMP engine (RFC 2573)
4. User-based security model (RFC 2575)
5. View-based access control (RFC 2575)

41

You might also like