network protocols handbook.pdf

42Protocols GuideTCP/IP - Application Layer ProtocolsProtocol NameSNMPv3: Simple NetworkManagement Protocol versionthreeProtocol DescriptionSNMP is the protocol developed to manage nodes (servers,workstations, routers, switches and hubs etc.) on an IP network.SNMP enables network administrators to manage network performance,find and solve network problems and plan for networkgrowth. Network management systems learn of problems byreceiving traps or change notices from network devices implementingSNMP. Currently, there are three versions of SNMP defined:SNMP v1, SNMP v2 and SNMP v3. In this document, weprovide information primarily for SNMPv3.SNMP Version 3 (SNMPv3) adds security and remote configurationcapabilities to the previous versions. The SNMPv3 architectureintroduces the User-based Security Model (USM) formessage security and the View-based Access Control Model(VACM) for access control. The architecture supports the concurrentuse of different security, access control and messageprocessing models. More specifically:Securityauthentication and privacyauthorization and access controlAdministrative Frameworknaming of entitiespeople and policiesusernames and key managementnotification destinationsproxy relationshipsremotely configurable via SNMP operationsSNMPv3 also introduces the ability to dynamically configure theSNMP agent using SNMP SET commands against the MIB objectsthat represent the agent’s configuration. This dynamic configurationsupport enables addition, deletion, and modification ofconfiguration entries either locally or remotely.For information on SNMP, SNMPv1 and SNMPv2, please checkthe corresponding pages.Protocol StructureSNMPv3 message format:Msg Processed by MPM (Msg Processing Model)Version ID Msg Size Msg Flag Security ModelMsg Processed by USM (User Security Module)AuthoritativeEngin IDContextengine IDAuthoritativeBootsContextnameAuthoritativeEngineTimeUsernameScoped PDUPDUAuthenticationparametersPrivacyParameter• Version -- snmv3(3).• ID -- A unique identifier used between two SNMP entitiesto coordinate request and response messages• Msg Size -- Maximum size of a message in octetssupported by the sender of the message• Msg Flags -- An octet string containing three flags inthe least significant three bits: reportableFlag, priv-Flag, authFlag.• Security Model -- An identifier to indicate which securitymodel was used by the sender and thereforewhich security model must be used by the receiver toprocess this message.• AuthoritativeEngineID -- The snmpEngineID of theauthoritative SNMP engine involved in the exchangeof this message. Thus, this value refers to the sourcefor a Trap, Response, or Report, and to the destinationfor a Get, GetNext, GetBulk, Set, or Inform.• AuthoritativeEngineBoots -- The snmpEngineBootsvalue of the authoritative SNMP engine involved inthe exchange of this message.• AuthoritativeEngineTime -- The snmpEngineTimevalue of the authoritative SNMP engine involved inthe exchange of this message.• User Name --The user (principal) on whose behalfthe message is being exchanged.• AuthenticationParameters -- Null if authentication isnot being used for this exchange. Otherwise, this isan authentication parameter.• PrivacyParameters -- Null if privacy is not being usedfor this exchange. Otherwise, this is a privacy parameter.• PDU (Protocol Data Unit) -- The PDU types forSNMPv3 are the same as for SNMPv2.Related protocolsSNMPv1, SNMPv2, SNMPv3, UDP, RMON, SMI, OIDsSponsor SourceSNMPv3 is defined by IETF (http://www.ietf.org) in RFC 3411plus a group of supporting RFCs shown in the reference links.