snmp v2 & v3 w.lilakiatsakun. snmp v2 protocol rfc 3416 3 types of access to management...
TRANSCRIPT
![Page 1: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/1.jpg)
SNMP V2 & V3
W.lilakiatsakun
![Page 2: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/2.jpg)
SNMP V2 Protocol
• RFC 3416• 3 types of access to management information– Manager–agent request-response– Manager-Manager request-response : different
from SNMPV1– Agent-manager unconfirmed
![Page 3: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/3.jpg)
SNMP V2 Message Structure
![Page 4: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/4.jpg)
SNMPV2 PDU Formats
![Page 5: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/5.jpg)
PDU Details (1)
• request-id :unique number to each outstanding request to the same agent
• error-status: a non-zero value indicates that an exception occurred
• error-index: When the error-status field is nonzero, the error-index value identifies the object that caused the error
![Page 6: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/6.jpg)
PDU Details (2)
• variable-bindings: this field enables a single operation to be applied to a group of object instances – First element is an OID (Object Identifier)– Second element can be
• Value – Value associated with each object instances• unSpecified – a NULL values is used in retrieval requests• NoSuchObject – indicates agent does not implement the object refered
this OID • noSuchInstance – indicates that this object instance does not exist for
this operation• endOfMibView – indicates an attempt to reference an OID that is
beyond the end of the MIB at the agent
![Page 7: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/7.jpg)
SNMP V2 Operations
![Page 8: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/8.jpg)
Comparison of SNMPv1 and SNMPv2 PDUs
![Page 9: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/9.jpg)
Error Status Codes in response-PDU
![Page 10: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/10.jpg)
Values in Variable Bindings
![Page 11: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/11.jpg)
GetRequest PDU
• Same as SNMPv1, it is different only the way that responses are handled
• SNMP v1 operation is atomic• SNMP v2 operation prepares variable binding
according to following rules1 OID not match – value is set to noSuchObject2 Otherwise, but not accessible for operation – value
is set to noSuchInstance3 Otherwise, value is set to the value of variable
![Page 12: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/12.jpg)
GetNextRequestPDU
• Same as SNMPv1, it is different only the way that responses are handled
• SNMP v1 operation is atomic• SNMP v2 processes as many as possible by the
following rule1 the next instance can be retrieved, set the name and value
in variable-bindings2 if no lexicographic successor exists, set the value field to
endOfMibView
![Page 13: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/13.jpg)
GetBulkRequest PDU (1)• Its purpose is to minimize the number of protocol
exchanges required to retrieve a large amount of management information
• It uses the same selection principle as the GetNextRequest but multiple lexicographic successor can be selected
• 2 additional fields – Non-repeaters – the number of variables that single
successor value to be returned– Max-repetitions – the number of successor value to be
returned
![Page 14: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/14.jpg)
GetBulkRequest PDU (2)
![Page 15: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/15.jpg)
SetRequest PDU
• The structure is same as SNMPv1• SetRequest PDU for SNMPv1 and SNMPv2 is
both atomic operation
![Page 16: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/16.jpg)
SNMPv2-Trap PDU
• The format is different from SNMPv1• It uses the same format as GetRequestPDU • Using variable bindings field to contain– sysUpTime.0– snmpTrapOID.0- If the OBJECT clause is present in the macro
NOTIFICATION-TYPE, each variable and its value are copied to the variable-binding
![Page 17: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/17.jpg)
InformRequest PDU
• New PDU type for SNMP• Manager to Manager operation• It uses the same format as GetRequestPDU • Using variable bindings field to contain– sysUpTime.0– snmpTrapOID.0- If the OBJECT clause is present in the macro
NOTIFICATION-TYPE, each variable and its value are copied to the variable-binding
• Response by using Response PDU
![Page 18: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/18.jpg)
SNMPv2 MIB (1)
• System Group : include MIB for Object Resources– sysORlast change– sysORTable
![Page 19: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/19.jpg)
SNMPv2 MIB (2)
System Group of SNMPv2
![Page 20: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/20.jpg)
SNMPv2 MIB (3)
![Page 21: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/21.jpg)
Revised SNMP Group
![Page 22: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/22.jpg)
SNMPv2 MIB (4)
• MIB Objects Group– snmpTrap• snmpTrapOID : OID of trap or notification currently
being sent• snmpTrapEnterprise :OID of enterprise associated with
the trap currently being sent
![Page 23: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/23.jpg)
SNMPv2 MIB (5)
– snmpSet• snmpSerialNo : TestAndIncr (INTEGER 0..2147483647)• If the agent receive a set operation for this object with
value K then the value is incremented to K+1 mod 231
• If the agent receive a set operation for this object with value not equal to K then the operation fails with an error of inconsistentValue• To solve multiple managers using an agent
![Page 24: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/24.jpg)
SNMPv2 MIB (6)
• Interfaces Group in RFC1573 : extension of interface Group in MIB-II– ifXTable (Extension Table)– ifStackTable (Stack Table)– ifTestTable (Test Table)– IfRcvAddressTable (Receive Address Table)
![Page 25: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/25.jpg)
SNMPv2 MIB (7)
• ifXTable – This table contains objects that have been added t
o the Interface MIB as a result of the Interface Evolution effort, or replacements for objects of the original, MIB-II, ifTable that were deprecated because the semantics of said objects have significantly changed.
![Page 26: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/26.jpg)
SNMPv2 MIB (8)
• ifStackTable – This table contains objects that define the relationships a
mong the sub-layers of an interface.
• ifTestTable – This table contains objects that are used to perform tests o
n interfaces. – This table is a generic table. – The designers of media-specific MIBs must define exactly h
ow this table applies to their specific MIB.
![Page 27: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/27.jpg)
SNMPv2 MIB (9)
• ifRcvAddressTable – This table contains objects that are used to define
the media-level addresses which this interface will receive.
– This table is a generic table. – The designers of media- specific MIBs must define
exactly how this table applies to their specific MIB.
![Page 28: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/28.jpg)
![Page 29: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/29.jpg)
SNMP V3
W.lilakiatsakun
![Page 30: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/30.jpg)
Related RFC
• RFC 3411 — An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks
• RFC 3412 — Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)
• RFC 3413 — Simple Network Management Protocol (SNMP) Applications
• RFC 3414 — User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
• RFC 3415 — View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)
![Page 31: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/31.jpg)
SNMP v3 Goals (1)
• Use existing materials as much as possible. – It is heavily based on previous work, informally known as
SNMPv2u and SNMPv2*, based in turn on SNMPv2p. • Address the need for secure SET support, which is
considered the most important deficiency in SNMPv1 and SNMPv2c.
• Make it possible to move portions of the architecture forward in the standards track, even if consensus has not been reached on all pieces.
• Define an architecture that allows for longevity of the SNMP Frameworks that have been and will be defined.
![Page 32: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/32.jpg)
SNMP v3 Goals (2)
• Keep SNMP as simple as possible. • Make it relatively inexpensive to deploy a minimal
conforming implementation. • Make it possible to upgrade portions of SNMP as new
approaches become available, without disrupting an entire SNMP framework.
• Make it possible to support features required in large networks, but make the expense of supporting a feature directly related to the support of the feature.
![Page 33: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/33.jpg)
Security Requirement (1)
• Modification of Information – Some unauthorized entity may alter in-transit SNMP
messages generated on behalf of an authorized principal in such a way as to effect unauthorized management operations, including falsifying the value of an object.
• Masquerade – Management operations not authorized for some pri
ncipal may be attempted by assuming the identity of another principal that has the appropriate authorizations.
![Page 34: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/34.jpg)
Security Requirement (2)
• Message Stream Modification – Messages may be maliciously re-ordered, delayed or replay
ed to an extent which is greater than can occur through the natural operation of a subnetwork service, in order to effect unauthorized management operations.
• Disclosure – Eavesdropping on the exchanges between SNMP engines. – Protecting against this threat may be required as a matter o
f local policy.
![Page 35: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/35.jpg)
Not in Security requirement
• Denial of Service – Indeed, such denial-of-service attacks are in many cases ind
istinguishable from the type of network failures with which any viable management protocol must cope as a matter of course.
• Traffic Analysis– Many traffic patterns are predictable - entities may be man
aged on a regular basis by a relatively small number of management stations - and therefore there is no significant advantage afforded by protecting against traffic analysis.
![Page 36: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/36.jpg)
SNMP Entity
![Page 37: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/37.jpg)
SNMP engine
• An SNMP engine provides services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.– a Dispatcher– a Message Processing Subsystem– a Security Subsystem– an Access Control Subsystem.
![Page 38: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/38.jpg)
Dispatcher
• It allows for concurrent support of multiple versions of SNMP messages in the SNMP engine.
• It does so by: – sending and receiving SNMP messages to/from the network, – determining the version of an SNMP message and interactin
g with the corresponding Message Processing Model– providing an abstract interface to SNMP applications for deli
very of a PDU to an application. – providing an abstract interface for SNMP applications that al
lows them to send a PDU to a remote SNMP entity.
![Page 39: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/39.jpg)
Message Processing Subsystem
• The Message Processing Subsystem is responsible for preparing messages for sending, and extracting data from received messages.
![Page 40: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/40.jpg)
Security Subsytem
• The Security Subsystem provides security services such as the authentication and privacy of messages and potentially contains multiple Security Models
* User-Based Security (RFC 3414)
![Page 41: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/41.jpg)
Security Model
• A Security Model specifies the threats against which it protects, the goals of its services, and the security protocols used to provide security services such as authentication and privacy.
• A Security Protocol specifies the mechanisms, procedures, and MIB objects used to provide a security service such as authentication or privacy.
![Page 42: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/42.jpg)
Access Control Subsytem
• The Access Control Subsystem provides authorization services by means of one or more (*) Access Control Models.
* View-Based Access Control (RFC 3415)
![Page 43: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/43.jpg)
Application
• There are several types of applications, including:– Command generators, which monitor and manipulate man
agement data – Command responders, which provide access to manageme
nt data– Notification originators, which initiate asynchronous messa
ges– Notification receivers, which process asynchronous messag
es, and – Proxy forwarders, which forward messages between entiti
es.
![Page 44: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/44.jpg)
SNMP Manager
• An SNMP entity containing one or more command generator and/or notification receiver applications (along with their associated SNMP engine) has traditionally been called an SNMP manager
![Page 45: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/45.jpg)
SNMP Traditional Manager
![Page 46: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/46.jpg)
SNMP Agent
• An SNMP entity containing one or more command responder and/or notification originator applications (along with their associated SNMP engine) has traditionally been called an SNMP agent
![Page 47: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/47.jpg)
SNMP Traditional Agent
![Page 48: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/48.jpg)
SNMP Process
![Page 49: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/49.jpg)
SNMP Security Function (1)
• User-based security (RFC3414)– Encryption : DES (Data Encryption Standard) in
CBC (Cipher Block Chaining) mode– Authentication :Combine the use of a hash
function with a secret key to provide both authentication and protection against tampering :HMAC (Hashed Message Authentication Codes) [RFC2104]• the HMAC-MD5-96 authentication protocol.• the HMAC-SHA-96 authentication protocol.
![Page 50: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/50.jpg)
SNMP Security Function (2)
• Protection against playback– The receiver requires that the sender include a value in each
message that is based on a counter in the receiver.– This counter which functions as a nonce– RFC3414 for details
• Access Control : VBAC (View-Based Access Control) [RFC3415] – It Controls which network management information can be
queried and/or set by which users.– An SNMP entity retains information about access rights and
policies in a Local Configuration Datastore (LCD)
![Page 51: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/51.jpg)
VBAC (View-Based Access Control)
• Access ‘s right will be given by– The read-view represents the set of object
instances authorized for the group when reading objects.
– The write-view represents the set of object instances authorized for the group when writing objects.
– The notify-view represents the set of object instances authorized for the group when sending objects in a notification, such as when sending a notification
![Page 52: SNMP V2 & V3 W.lilakiatsakun. SNMP V2 Protocol RFC 3416 3 types of access to management information – Manager–agent request-response – Manager-Manager](https://reader036.vdocument.in/reader036/viewer/2022062421/56649f4e5503460f94c6f054/html5/thumbnails/52.jpg)
VBAC (View-Based Access Control)