Академический Документы
Профессиональный Документы
Культура Документы
Network
Management
Security
Ola Flygt
Vxj University, Sweden
http://w3.msi.vxu.se/users/ofl/
Ola.Flygt@vxu.se
+46 470 70 86 49
1
Outline
Basic Concepts of SNMP
SNMPv1 Community Facility
SNMPv3
09-09-23
09-09-23
Management Information
Bases (MIB)
SNMP agent is software that runs on a piece
Management Information
Bases (MIB)
The MIB is a text file that describes managed
09-09-23
Managed Objects
Each managed object is assigned an object
identifier (OID)
The OID is specified in a MIB file.
An OID can be represented as a sequence of
integers separated by decimal points or by a
text string. Example:
1.3.6.1.2.1.4.6.
iso.org.dod.internet.mgmt.mib-2.ip.ipForwData
MIB Example
ipForwDatagrams OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of input datagrams for which this
entity was not their final IP destination, as a
result of which an attempt was made to find a
route to forward them to that final destination.
In entities which do not act as IP Gateways, this
counter will include only those packets which were
Source-Routed via this entity, and the SourceRoute option processing was successful."
::= { ip 6 }
09-09-23
Proxy Configuration
10
09-09-23
11
SNMP v1 and v2
Trap an unsolicited message
09-09-23
SNMPv2 PDU
Direction
Description
GetRequest
GetRequest
Manager to agent
GetNextRequest
GetNextRequest
Manager to agent
------
GetBulkRequest
Manager to agent
Request multiple
values
SetRequest
SetRequest
Manager to agent
------
InformRequest
Manager to manager
Transmit unsolicited
information
GetResponse
Response
Agent to manager or
Manage to
manager(SNMPv2)
Respond to manager
request
Trap
SNMPv2-Trap
Agent to manager
Transmit unsolicited
information 13
09-09-23
SNMPv1 Administrative
Concepts
15
SNMPv3
16
09-09-23
SNMPv3 Flow
17
18
09-09-23
19
10
09-09-23
21
USM Encryption
Authentication (using authKey)
HMAC-MD5-96
HMAC-SHA1-96
Encryption (using privKey)
DES CBC
Uses first 64 bits of the 16-octet privKey
Last 64 bits used as IV to DES CBC
Key values not accessible from SNMP
22
11
09-09-23
Authoritative Engine
SNMP messages with payloads that
Key Localization
Allows single user to own keys stored in
multiple engines
Key localized to each authoritative engine
12
09-09-23
Key Localization
25
Timeliness
Determined by a clock kept at the
authoritative engine
When authoritative engine sends a message, it
timeliness
26
13
09-09-23
agent.
Makes it possible for remote configuration to
be used.
27
28
14
09-09-23
SNMPv3 Security
SNMPv3 solves SNMP security problems, right?
NOT!
29
15