Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SNMP
Simple Network Management Protocol
SNMP History
SNMP version 1
CSCE 815 Sp 03
SNMP v3
Introduction and Applicability Statements for Internet Standard Management Framework, RFC 3410, Informational, December 2002 An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks, RFC 3411, STD 62, December 2002 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) RFC 3412, STD 62, December 2002 Simple Network Management Protocol (SNMP) Applications RFC 3413, STD 62, December 2002 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) RFC 3414, STD 62, December 2002 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) RFC 3415, STD 62, December 2002
CSCE 815 Sp 03
Management station typically a stand alone device; an interface for human net manager Management agent Management information base Network Management protocol
Get, Set and Notify
CSCE 815 Sp 03
SNMP GOALS
UBIQUITY
NEW MIBs
CONNECTIONLESS TRANSPORT
http://www.simpleweb.org/tutorials/slides-ppt.html
CSCE 815 Sp 03
Copyright 2001 by Aiko Pras These sheets may be used for educational purposes
SNMP OPERATION
MANAGER
POLLING TRAPS
AGENTS
MIB
CSCE 815 Sp 03
SNMP
MANAGER
MIB
CSCE 815 Sp 03
SNMP OPERATION
MANAGER
AGENTS
TABLES VARIABLES
CSCE 815 Sp 03
Single operator interface Minimal amount of separate equipment. Software and network communications capability built into the existing equipment.
10
CSCE 815 Sp 03
11
CSCE 815 Sp 03
SNMP management agent is a program that communicates with the SNMP management station
1. 2. 3.
Responds to requests for information on network status Responds to requests for management actions May asynchronously provide the management station with unsolicited alert information
12
CSCE 815 Sp 03
SNMP Management
Information Base
Management Information Base (MIB) is the collection of objects that an agent maintains
Objects in MIB are standardized across the type of agent such as routers, bridges, etc. A management station monitors the network by requesting values from the MIBs A management station controls the network by setting values in the MIBs of the various agents
13
CSCE 815 Sp 03
14
CSCE 815 Sp 03
15
CSCE 815 Sp 03
SNMP messages
1. 2. 3.
4.
5.
SNMP Proxies
Note all are capable of implementing SNMP(UDP,IP) e.g., bridges, modems etc.
SNMPv2 added the capability of running on the OSI as well as the TCP/IP protocol suite
17
CSCE 815 Sp 03
Proxy Configuration
18
CSCE 815 Sp 03
SNMPv2
The strength of SNMPv1 was simplicity implying it was easy to implement and configure.
19
CSCE 815 Sp 03
20
CSCE 815 Sp 03
SNMP v1 and v2
Trap an unsolicited message (reporting an alarm condition)
SNMPv1 is connectionless since it utilizes UDP (rather than TCP) as the transport layer protocol.
SNMPv2 allows the use of TCP for reliable, connectionoriented service.
21
CSCE 815 Sp 03
SNMPv2 PDU
GetRequest GetRequest GetBulkRequest SetRequest InformRequest Response
Direction
Manager to agent Manager to agent Manager to agent Manager to agent Manager to manager Agent to manager or Manage to manager(SNMPv2) Agent to manager
Description
Request value for each listed object Request next value for each listed object Request multiple values Set value for each listed object Transmit unsolicited information Respond to manager request Transmit unsolicited information
Trap
SNMPv2-Trap
22
CSCE 815 Sp 03
Maintain locally on the agent List of managers with associated access privalidges Authentication service which manager can access/control Access policy Proxy service this may involve implementing authentication service for other devices
23
CSCE 815 Sp 03
25
CSCE 815 Sp 03
SNMPv3
SNMPv3 defines a security capability to be used in conjunction with SNMPv2 preferably or possibly v1
26
CSCE 815 Sp 03
SNMPv3 Archttecture
Consists of a distributed collection of SNMP entities
SNMP ENTITY
SNMP APPLICATIONS
COMMAND GENERATOR COMMAND RESPONDER NOTIFICATION ORIGINATOR NOTIFICATION RECEIVER PROXY FORWARDER
OTHER OTHER
SNMP ENGINE
MESSAGE PROCESSING SUBSYSTEM SECURITY SUBSYSTEM ACCESS CONTROL SUBSYSTEM
DISPATCHER
27
CSCE 815 Sp 03
SNMP Manager
COMMAND GENERATOR NOTIFICATION RECEIVER
PDU DISPATCHER
SECURITY SUBSYSTEM COMMUNITY BASED SECURITY MODEL USER BASED SECURITY MODEL OTHER SECURITY MODEL
MESSAGE DISPATCHER
SNMPv2C
OTHER
28
CSCE 815 Sp 03
SNMP Agent
MANAGEMENT INFORMATION BASE
ACCESS CONTROL SUBSYSTEM
COMMAND RESPONDER
NOTIFICATION ORIGINATOR
PDU DISPATCHER
SECURITY SUBSYSTEM COMMUNITY BASED SECURITY MODEL USER BASED SECURITY MODEL OTHER SECURITY MODEL
MESSAGE DISPATCHER
SNMPv2C
OTHER
29
CSCE 815 Sp 03
SNMPv3 Flow
30
CSCE 815 Sp 03
APPLICATIONS
APPLICATIONS
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
31
CSCE 815 Sp 03
sendPdu
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
sendPdu
ACCESS CONTROL SUBSYSTEM ACCESS CONTROL SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
32
CSCE 815 Sp 03
prepareOutgoingMessage
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
prepareOutgoingMessage
33
CSCE 815 Sp 03
generateRequestMsg
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
generateRequestMsg
34
CSCE 815 Sp 03
send / receive
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
CSCE 815 Sp 03
prepareDataElements
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
prepareDataElements
36
CSCE 815 Sp 03
processIncomingMsg
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
processIncomingMsg
37
CSCE 815 Sp 03
processPd
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
processPdu
ACCESS CONTROL SUBSYSTEM ACCESS CONTROL SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
38
CSCE 815 Sp 03
isAccessAllowed
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
isAccessAllowed
ACCESS CONTROL SUBSYSTEM ACCESS CONTROL SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
39
CSCE 815 Sp 03
returnResponsePdu
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
returnResponsePdu
ACCESS CONTROL SUBSYSTEM ACCESS CONTROL SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
40
CSCE 815 Sp 03
prepareResponseMessage
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
prepareResponseMessage
41
CSCE 815 Sp 03
generateResponseMsg
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
generateResponseMsg
42
CSCE 815 Sp 03
send / receive
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
CSCE 815 Sp 03
prepareDataElements
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
prepareDataElements
44
CSCE 815 Sp 03
processIncomingMsg
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
processIncomingMsg
45
CSCE 815 Sp 03
processResponsePdu
Parameters
contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength
APPLICATIONS
APPLICATIONS
processResponsePdu
ACCESS CONTROL SUBSYSTEM ACCESS CONTROL SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
DISPATCHER
SECURITY SUBSYSTEM
46
CSCE 815 Sp 03
47
CSCE 815 Sp 03
48
CSCE 815 Sp 03
49
CSCE 815 Sp 03
Determines wheter access to a managed object should be allowed. Make use of an MIB that:
Defines the access control policy for this agent. Makes it possible for remote configuration to be used.
50
CSCE 815 Sp 03
51
CSCE 815 Sp 03
http://www.ietf.org/html.charters/snmpv3-charter.html
SNMPv3 Web sites http://www.simpleweb.org/tutorials/slides-ppt.html
http://www.sans.org/rr/netdevices/SNMP_sec.php
52
CSCE 815 Sp 03