Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 2273

SNMPv3 Applications

Pages: 70
Obsoletes:  2263
Obsoleted by:  2573
Part 2 of 3 – Pages 18 to 41
First   Prev   Next

ToP   noToC   RFC2273 - Page 18   prevText
3.5.  Proxy Forwarder Applications

   A proxy forwarder application deals with forwarding SNMP messages.
   There are four basic types of messages which a proxy forwarder
   application may need to forward.  These are grouped according to the
   PDU type contained in a message, or according to whether a report
   indication is contained in the message.  The four basic types of
   messages are:

       -  Those containing PDU types which were generated by a command
          generator application (for example, Get, GetNext, GetBulk, and
          Set PDU types).  These deal with requesting or modifying
          information located within a particular context.

       -  Those containing PDU types which were generated by a
          notification originator application (for example, SNMPv2-Trap
          and Inform PDU types).  These deal with notifications
          concerning information located within a particular context.

       -  Those containing a Response PDU type.  Forwarding of Response
          PDUs always occurs as a result of receiving a response to a
          previously forwarded message.

       -  Those containing a report indication.  Forwarding of report
          indications always occurs as a result of receiving a report
          indication for a previously forwarded message.

   For the first type, the proxy forwarder's role is to deliver a
   request for management information to an SNMP engine which is
   "closer" or "downstream in the path" to the SNMP engine which has
   access to that information, and to deliver the response containing
   the information back to the SNMP engine from which the request was
   received.  The context information in a request is used to determine
   which SNMP engine has access to the requested information, and this
   is used to determine where and how to forward the request.
ToP   noToC   RFC2273 - Page 19
   For the second type, the proxy forwarder's role is to determine which
   SNMP engines should receive notifications about management
   information from a particular location.  The context information in a
   notification message determines the location to which the information
   contained in the notification applies.  This is used to determine
   which SNMP engines should receive notification about this
   information.

   For the third type, the proxy forwarder's role is to determine which
   previously forwarded request or notification (if any) the response
   matches, and to forward the response back to the initiator of the
   request or notification.

   For the fourth type, the proxy forwarder's role is to determine which
   previously forwarded request or notification (if any) the report
   indication matches, and to forward the report indication back to the
   initiator of the request or notification.

   When forwarding messages, a proxy forwarder application must perform
   a translation of incoming management target information into outgoing
   management target information.  How this translation is performed is
   implementation specific.  In many cases, this will be driven by a
   preconfigured translation table.  If a proxy forwarder application
   makes the contents of this table SNMP manageable, it MUST use the
   SNMP-PROXY-MIB module defined in this document.

3.5.1.  Request Forwarding

   There are two phases for request forwarding.  First, the incoming
   request needs to be passed through the proxy application.  Then, the
   resulting response needs to be passed back.  These phases are
   described in the following two sections.

3.5.1.1.  Processing an Incoming Request

   A proxy forwarder application that wishes to forward request messages
   must first register with the Dispatcher using the
   registerContextEngineID abstract service interface.  The proxy
   forwarder must register each contextEngineID for which it wishes to
   forward messages, as well as for each pduType.  Note that as the
   configuration of a proxy forwarder is changed, the particular
   contextEngineID values for which it is forwarding may change.  The
   proxy forwarder should call the registerContextEngineID and
   unregisterContextEngineID abstract service interfaces as needed to
   reflect its current configuration.
ToP   noToC   RFC2273 - Page 20
   A proxy forwarder application should never attempt to register a
   value of contextEngineID which is equal to the snmpEngineID of the
   SNMP engine to which the proxy forwarder is associated.

   Once the proxy forwarder has registered for the appropriate
   contextEngineId values, it can start processing messages.  The
   following procedure is used:

(1)  A message is received using the processPdu abstract service
     interface.  The incoming management target information received
     from the processPdu interface is translated into outgoing
     management target information.  Note that this translation may vary
     for different values of contextEngineID and/or contextName.  The
     translation should result in a single management target.

(2)  If appropriate outgoing management target information cannot be
     found, the proxy forwarder increments the snmpProxyDrops counter
     [RFC1907], and then calls the Dispatcher using the
     returnResponsePdu abstract service interface.  Parameters are:

       -  The messageProcessingModel is the value from the processPdu
          call.

       -  The securityModel is the value from the processPdu call.

       -  The securityName is the value from the processPdu call.

       -  The securityLevel is the value from the processPdu call.

       -  The contextEngineID is the value from the processPdu call.

       -  The contextName is the value from the processPdu call.

       -  The pduVersion is the value from the processPdu call.

       -  The PDU is an undefined value.

       -  The maxSizeResponseScopedPDU is a local value indicating the
          maximum size of a ScopedPDU that the application can accept.

       -  The stateReference is the value from the processPdu call.

       -  The statusInformation indicates that an error occurred and
          includes the OID and value of the snmpProxyDrops object.

     Processing of the message stops at this point.  Otherwise,
ToP   noToC   RFC2273 - Page 21
(3)  A new PDU is constructed.  A unique value of request-id should be
     used in the new PDU (this value will enable a subsequent response
     message to be correlated with this request).  The remainder of the
     new PDU is identical to the received PDU, unless the incoming SNMP
     version is SNMPv2 or SNMPv3 and the outgoing SNMP version is
     SNMPv1, in which case the proxy forwarder must apply the
     translation rules as documented in [RFC1908].

(4)  The proxy forwarder calls the Dispatcher to generate the forwarded
     message, using the sendPdu abstract service interface.  The
     parameters are:

       -  The transportDomain is that of the outgoing management target.

       -  The transportAddress is that of the outgoing management
          target.

       -  The messageProcessingModel is that of the outgoing management
          target.

       -  The securityModel is that of the outgoing management target.

       -  The securityName is that of the outgoing management target.

       -  The securityLevel is that of the outgoing management target.

       -  The contextEngineID is the value originally received.

       -  The contextName is the value originally received.

       -  The pduVersion is the version of the PDU to be sent.

       -  The PDU is the value constructed in step (3) above.

       -  The expectResponse argument indicates that a response is
          expected.  If the sendPdu call is unsuccessful, the proxy
          forwarder performs the steps described in (2) above.
          Otherwise:

(5)  The proxy forwarder caches the following information in order to
     match an incoming response to the forwarded request:

       -  The sendPduHandle returned from the call to sendPdu,

       -  The request-id from the received PDU.

       -  the contextEngineID,
ToP   noToC   RFC2273 - Page 22
       -  the contextName,

       -  the stateReference,

       -  the incoming management target information,

       -  the outgoing management information,

       -  any other information needed to match an incoming response to
          the forwarded request.

     If this information cannot be cached (possibly due to a lack of
     resources), the proxy forwarder performs the steps described in (2)
     above.  Otherwise:

(6)  Processing of the request stops until a response to the forwarded
     request is received, or until an appropriate time interval has
     expired.  If this time interval expires before a response has been
     received, the cached information about this request is removed.

3.5.1.2.  Processing an Incoming Response

   A proxy forwarder follows the following procedure when an incoming
   response is received:

(1)  The incoming response is received using the processResponsePdu
     interface.  The proxy forwarder uses the received parameters to
     locate an entry in its cache of pending forwarded requests.  This
     is done by matching the received parameters with the cached values
     of sendPduHandle, contextEngineID, contextName, outgoing management
     target information, and the request-id contained in the received
     PDU (the proxy forwarder must extract the request-id for this
     purpose).  If an appropriate cache entry cannot be found,
     processing of the response is halted.  Otherwise:

(2)  The cache information is extracted, and removed from the cache.

(3)  A new Response PDU is constructed, using the request-id value from
     the original forwarded request (as extracted from the cache).  All
     other values are identical to those in the received Response PDU.

(4)  If the incoming SNMP version is SNMPv1 and the outgoing SNMP
     version is SNMPv2 or SNMPv3, the proxy forwarder must apply the
     translation rules documented in [RFC1908].

(5)  The proxy forwarder calls the Dispatcher using the
     returnResponsePdu abstract service interface.  Parameters are:
ToP   noToC   RFC2273 - Page 23
       -  The messageProcessingModel indicates the Message Processing
          Model by which the original incoming message was processed.

       -  The securityModel is that of the original incoming management
          target extracted from the cache.

       -  The securityName is that of the original incoming management
          target extracted from the cache.

       -  The securityLevel is that of the original incoming management
          target extracted from the cache.

       -  The contextEngineID is the value extracted from the cache.

       -  The contextName is the value extracted from the cache.

       -  The pduVersion indicates the version of the PDU to be
          returned.

       -  The PDU is the (possibly translated) Response PDU.

       -  The maxSizeResponseScopedPDU is a local value indicating the
          maximum size of a ScopedPDU that the application can accept.

       -  The stateReference is the value extracted from the cache.

       -  The statusInformation indicates that no error occurred and
          that a Response PDU message should be generated.

3.5.1.3.  Processing an Incoming Report Indication

   A proxy forwarder follows the following procedure when an incoming
   report indication is received:

(1)  The incoming report indication is received using the
     processResponsePdu interface.  The proxy forwarder uses the
     received parameters to locate an entry in its cache of pending
     forwarded requests.  This is done by matching the received
     parameters with the cached values of sendPduHandle.  If an
     appropriate cache entry cannot be found, processing of the report
     indication is halted.  Otherwise:

(2)  The cache information is extracted, and removed from the cache.

(3)  If the original incoming management target information indicates
     SNMPv1, processing of the report indication is halted.
ToP   noToC   RFC2273 - Page 24
(4)  The proxy forwarder calls the Dispatcher using the
     returnResponsePdu abstract service interface.  Parameters are:

       -  The messageProcessingModel indicates the Message Processing
          Model by which the original incoming message was processed.

       -  The securityModel is that of the original incoming management
          target extracted from the cache.

       -  The securityName is that of the original incoming management
          target extracted from the cache.

       -  The securityLevel is that of the original incoming management
          target extracted from the cache.

       -  The contextEngineID is the value extracted from the cache.

       -  The contextName is the value extracted from the cache.

       -  The pduVersion indicates the version of the PDU to be
          returned.

       -  The PDU is unused.

       -  The maxSizeResponseScopedPDU is a local value indicating the
          maximum size of a ScopedPDU that the application can accept.

       -  The stateReference is the value extracted from the cache.

       -  The statusInformation contain the contextEngineID,
          contextName, counter OID, and counter value received in the
          report indication.

3.5.2.  Notification Forwarding

   A proxy forwarder receives notifications in the same manner as a
   notification receiver application, using the processPdu abstract
   service interface.  The following procedure is used when a
   notification is received:

(1)  The incoming management target information received from the
     processPdu interface is translated into outgoing management target
     information.  Note that this translation may vary for different
     values of contextEngineId and/or contextName.  The translation may
     result in multiple management targets.
ToP   noToC   RFC2273 - Page 25
(2)  If appropriate outgoing management target information cannot be
     found and the notification was a Trap, processing of the
     notification is halted.  If appropriate outgoing management target
     information cannot be found and the notification was an Inform, the
     proxy forwarder increments the snmpProxyDrops object, and calls the
     Dispatcher using the returnResponsePdu abstract service interface.

     The parameters are:

       -  The messageProcessingModel is the received value.

       -  The securityModel is the received value.

       -  The securityName is the received value.

       -  The securityLevel is the received value.

       -  The contextEngineID is the received value.

       -  The contextName is the received value.

       -  The pduVersion is the received value.

       -  The PDU is an undefined and unused value.

       -  The maxSizeResponseScopedPDU is a local value indicating the
          maximum size of a ScopedPDU that the application can accept.

       -  The stateReference is the received value.

       -  The statusInformation indicates that an error occurred and
          that a Report message should be generated.

     Processing of the message stops at this point.  Otherwise,

(3)  The proxy forwarder generates a notification using the procedures
     described in the preceding section on Notification Originators,
     with the following exceptions:

       -  The contextEngineID and contextName values from the original
          received notification are used.

       -  The outgoing management targets previously determined are
          used.

       -  No filtering mechanisms are applied.
ToP   noToC   RFC2273 - Page 26
       -  The variable-bindings from the original received notification
          are used, rather than retrieving variable-bindings from local
          MIB instrumentation.  In particular, no access-control is
          applied to these variable-bindings.

       -  If for any of the outgoing management targets, the incoming
          SNMP version is SNMPv1 and the outgoing SNMP version is SNMPv2
          or SNMPv3, the proxy forwarder must apply the translation
          rules as documented in [RFC1908].

       -  If for any of the outgoing management targets, the incoming
          SNMP version is SNMPv2 or SNMPv3, and the outgoing SNMP
          version is SNMPv1, this outgoing management target is not used
          when generating the forwarded notifications.

(4)  If the original received notification contains an SNMPv2-Trap PDU,
     processing of the notification is now completed.  Otherwise, the
     original received notification must contain an Inform PDU, and
     processing continues.

(5)  If the forwarded notifications included any Inform PDUs, processing
     continues when the procedures described in the section for
     Notification Originators determine that either:

       -  None of the generated notifications containing Inform PDUs
          have been successfully acknowledged within the longest of the
          time intervals, in which case processing of the original
          notification is halted, or,

       -  At least one of the generated notifications containing Inform
          PDUs is successfully acknowledged, in which case a response to
          the original received notification containing an Inform PDU is
          generated as described in the following steps.

(6)  A Response PDU is constructed, using the values of request-id and
     variable-bindings from the original received Inform PDU, and
     error-status and error-index values of 0.

(7)  The Dispatcher is called using the returnResponsePdu abstract
     service interface.  Parameters are:

       -  The messageProcessingModel is the originally received value.

       -  The securityModel is the originally received value.

       -  The securityName is the originally received value.

       -  The securityLevel is the originally received value.
ToP   noToC   RFC2273 - Page 27
       -  The contextEngineID is the originally received value.

       -  The contextName is the originally received value.

       -  The pduVersion indicates the version of the PDU constructed in
          step (6) above.

       -  The PDU is the value constructed in step (6) above.

       -  The maxSizeResponseScopedPDU is a local value indicating the
          maximum size of a ScopedPDU that the application can accept.

       -  The stateReference is the originally received value.

       -  The statusInformation indicates that no error occurred and
          that a Response PDU message should be generated.

4.  The Structure of the MIB Modules

   There are three separate MIB modules described in this document, the
   management target MIB, the notification MIB, and the proxy MIB.  The
   following sections describe the structure of these three MIB modules.

   The use of these MIBs by particular types of applications is
   described later in this document:

       -  The use of the management target MIB and the notification MIB
          in notification originator applications is described in
          section 6.

       -  The use of the notification MIB for filtering notifications in
          notification originator applications is described in section
          7.

       -  The use of the management target MIB and the proxy MIB in
          proxy forwarding applications is described in section 8.

4.1.  The Management Target MIB Module

   The SNMP-TARGET-MIB module contains objects for defining management
   targets.  It consists of two tables and conformance/compliance
   statements.

   The first table, the snmpTargetAddrTable, contains information about
   transport domains and addresses.  It also contains an object,
   snmpTargetAddrTagList, which provides a mechanism for grouping
   entries.
ToP   noToC   RFC2273 - Page 28
   The second table, the snmpTargetParamsTable, contains information
   about SNMP version and security information to be used when sending
   messages to particular transport domains and addresses.

4.1.1.  Tag Lists

   The snmpTargetAddrTagList object is used for grouping entries in the
   snmpTargetAddrTable.  The value of this object contains a list of tag
   values which are used to select target addresses to be used for a
   particular operation.

   A tag value, which may also be used in MIB objects other than
   snmpTargetAddrTagList, is an arbitrary string of octets, but may not
   contain a delimiter character.  Delimiter characters are defined to
   be one of the following characters:

       -  An ASCII space character (0x20).

       -  An ASCII TAB character (0x09).

       -  An ASCII carriage return (CR) character (0x0D).

       -  An ASCII line feed (LF) character (0x0B).

   In addition, a tag value may not have a zero length.  Generally, a
   particular MIB object may contain either

       -  a single tag value, in which case the value of the MIB object
          may not contain a delimiter character, or:

       -  a MIB object may contain a list of tag values, separated by
          single delimiter characters.

   For a list of tag values, these constraints imply certain
   restrictions on the value of a MIB object:

       -  There cannot be a leading or trailing delimiter character.

       -  There cannot be multiple adjacent delimiter charaters.

4.1.2.  Definitions

   SNMP-TARGET-MIB DEFINITIONS ::= BEGIN

   IMPORTS
       TEXTUAL-CONVENTION,
       MODULE-IDENTITY,
       OBJECT-TYPE,
ToP   noToC   RFC2273 - Page 29
       snmpModules,
       Integer32
           FROM SNMPv2-SMI

       TDomain,
       TAddress,
       TimeInterval,
       RowStatus,
       StorageType,
       TestAndIncr
           FROM SNMPv2-TC
       SnmpSecurityModel,
       SnmpMessageProcessingModel,
       SnmpSecurityLevel,
       SnmpAdminString
           FROM SNMP-FRAMEWORK-MIB

       OBJECT-GROUP
           FROM SNMPv2-CONF;

   snmpTargetMIB MODULE-IDENTITY
       LAST-UPDATED "9711210000Z"
       ORGANIZATION "IETF SNMPv3 Working Group"
       CONTACT-INFO
           "WG-email:   snmpv3@tis.com
            Subscribe:  majordomo@tis.com
                        In message body:  subscribe snmpv3

            Chair:      Russ Mundy
                        Trusted Information Systems
            Postal:     3060 Washington Rd
                        Glenwood MD 21738
                        USA
            Email:      mundy@tis.com
            Phone:      +1-301-854-6889

            Co-editor:  David B. Levi
                        SNMP Research, Inc.
            Postal:     3001 Kimberlin Heights Road
                        Knoxville, TN 37920-9716
            E-mail:     levi@snmp.com
            Phone:      +1 423 573 1434

            Co-editor:  Paul Meyer
                        Secure Computing Corporation
            Postal:     2675 Long Lake Road
                        Roseville, MN 55113
            E-mail:     paul_meyer@securecomputing.com
ToP   noToC   RFC2273 - Page 30
            Phone:      +1 612 628 1592

            Co-editor:  Bob Stewart
                        Cisco Systems, Inc.
            Postal:     170 West Tasman Drive
                        San Jose, CA 95134-1706
            E-mail:     bstewart@cisco.com
            Phone:      +1 603 654 6923"
       DESCRIPTION
           "This MIB module defines MIB objects which provide
            mechanisms to remotely configure the parameters used
            by an SNMP entity for the generation of SNMP messages."
       REVISION        "9707140000Z"
       DESCRIPTION
           "The initial revision."
       ::= { snmpModules 12 }

   snmpTargetObjects       OBJECT IDENTIFIER ::= { snmpTargetMIB 1 }
   snmpTargetConformance   OBJECT IDENTIFIER ::= { snmpTargetMIB 3 }

   SnmpTagValue ::= TEXTUAL-CONVENTION
       DISPLAY-HINT "255a"
       STATUS       current
       DESCRIPTION
           "An octet string containing a tag value.
            Tag values are preferably in human-readable form.

            To facilitate internationalization, this information
            is represented using the ISO/IEC IS 10646-1 character
            set, encoded as an octet string using the UTF-8
            character encoding scheme described in RFC 2044.

            Since additional code points are added by amendments
            to the 10646 standard from time to time,
            implementations must be prepared to encounter any code
            point from 0x00000000 to 0x7fffffff.

            The use of control codes should be avoided, and certain
            control codes are not allowed as described below.

            For code points not directly supported by user
            interface hardware or software, an alternative means
            of entry and display, such as hexadecimal, may be
            provided.

            For information encoded in 7-bit US-ASCII, the UTF-8
            representation is identical to the US-ASCII encoding.
ToP   noToC   RFC2273 - Page 31
            Note that when this TC is used for an object that
            is used or envisioned to be used as an index, then a
            SIZE restriction must be specified so that the number
            sub-identifiers for any object instance do not exceed
            the limit of 128, as defined by [RFC1905].

            An object of this type contains a single tag value
            which is used to select a set of entries in a table.
            A tag value is an arbitrary string of octets, but
            may not contain a delimiter character.  Delimiter
            characters are defined to be one of the following:

                -  An ASCII space character (0x20).

                -  An ASCII TAB character (0x09).

                -  An ASCII carriage return (CR) character (0x0D).

                -  An ASCII line feed (LF) character (0x0B).

            Delimiter characters are used to separate tag values
            in a tag list.  An object of this type may only
            contain a single tag value, and so delimiter
            characters are not allowed in a value of this type.

            Some examples of valid tag values are:

                - 'acme'

                - 'router'

                - 'host'

            The use of a tag value to select table entries is
            application and MIB specific."
       SYNTAX       OCTET STRING (SIZE (0..255))

   SnmpTagList ::= TEXTUAL-CONVENTION
       DISPLAY-HINT "255a"
       STATUS       current
       DESCRIPTION
           "An octet string containing a list of tag values.
            Tag values are preferably in human-readable form.

            To facilitate internationalization, this information
            is represented using the ISO/IEC IS 10646-1 character
            set, encoded as an octet string using the UTF-8
            character encoding scheme described in RFC 2044.
ToP   noToC   RFC2273 - Page 32
            Since additional code points are added by amendments
            to the 10646 standard from time to time,
            implementations must be prepared to encounter any code
            point from 0x00000000 to 0x7fffffff.

            The use of control codes should be avoided, except as
            described below.

            For code points not directly supported by user
            interface hardware or software, an alternative means
            of entry and display, such as hexadecimal, may be
            provided.

            For information encoded in 7-bit US-ASCII, the UTF-8
            representation is identical to the US-ASCII encoding.

            An object of this type contains a list of tag values
            which are used to select a set of entries in a table.

            A tag value is an arbitrary string of octets, but
            may not contain a delimiter character.  Delimiter
            characters are defined to be one of the following:

                -  An ASCII space character (0x20).

                -  An ASCII TAB character (0x09).

                -  An ASCII carriage return (CR) character (0x0D).

                -  An ASCII line feed (LF) character (0x0B).

            Delimiter characters are used to separate tag values
            in a tag list.  Only a single delimiter character may
            occur between two tag values.  A tag value may not
            have a zero length.  These constraints imply certain
            restrictions on the contents of this object:

                - There cannot be a leading or trailing delimiter
                  character.

                - There cannot be multiple adjacent delimiter
                  characters.

            Some examples of valid tag lists are:

                - An empty string

                - 'acme router'
ToP   noToC   RFC2273 - Page 33
                - 'host managerStation'

            Note that although a tag value may not have a length of
            zero, an empty string is still valid.  This indicates
            an empty list (i.e. there are no tag values in the list).

            The use of the tag list to select table entries is
            application and MIB specific.  Typically, an application
            will provide one or more tag values, and any entry
            which contains some combination of these tag values
            will be selected."
       SYNTAX       OCTET STRING (SIZE (0..255))

   --
   --
   -- The snmpTargetObjects group
   --
   --

   snmpTargetSpinLock OBJECT-TYPE
       SYNTAX      TestAndIncr
       MAX-ACCESS  read-write
       STATUS      current
       DESCRIPTION
           "This object is used to facilitate modification of table
            entries in the SNMP-TARGET-MIB module by multiple
            managers.  In particular, it is useful when modifying
            the value of the snmpTargetAddrTagList object.

            The procedure for modifying the snmpTargetAddrTagList
            object is as follows:

                1.  Retrieve the value of snmpTargetSpinLock and
                    of snmpTargetAddrTagList.

                2.  Generate a new value for snmpTargetAddrTagList.

                3.  Set the value of snmpTargetSpinLock to the
                    retrieved value, and the value of
                    snmpTargetAddrTagList to the new value.  If
                    the set fails for the snmpTargetSpinLock
                    object, go back to step 1."
       ::= { snmpTargetObjects 1 }

   snmpTargetAddrTable OBJECT-TYPE
       SYNTAX      SEQUENCE OF SnmpTargetAddrEntry
       MAX-ACCESS  not-accessible
       STATUS      current
ToP   noToC   RFC2273 - Page 34
       DESCRIPTION
           "A table of transport addresses to be used in the generation
            of SNMP messages."

       ::= { snmpTargetObjects 2 }

   snmpTargetAddrEntry OBJECT-TYPE
       SYNTAX      SnmpTargetAddrEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "A transport address to be used in the generation
            of SNMP operations.

            Entries in the snmpTargetAddrTable are created and
            deleted using the snmpTargetAddrRowStatus object."
       INDEX { IMPLIED snmpTargetAddrName }
       ::= { snmpTargetAddrTable 1 }

   SnmpTargetAddrEntry ::= SEQUENCE {
       snmpTargetAddrName         SnmpAdminString,
       snmpTargetAddrTDomain      TDomain,
       snmpTargetAddrTAddress     TAddress,
       snmpTargetAddrTimeout      TimeInterval,
       snmpTargetAddrRetryCount   Integer32,
       snmpTargetAddrTagList      SnmpTagList,
       snmpTargetAddrParams       SnmpAdminString,
       snmpTargetAddrStorageType  StorageType,
       snmpTargetAddrRowStatus    RowStatus
   }

   snmpTargetAddrName OBJECT-TYPE
       SYNTAX      SnmpAdminString (SIZE(1..32))
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "The locally arbitrary, but unique identifier associated
            with this snmpTargetAddrEntry."
       ::= { snmpTargetAddrEntry 1 }

   snmpTargetAddrTDomain OBJECT-TYPE
       SYNTAX      TDomain
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "This object indicates the transport type of the address
            contained in the snmpTargetAddrTAddress object."
       ::= { snmpTargetAddrEntry 2 }
ToP   noToC   RFC2273 - Page 35
   snmpTargetAddrTAddress OBJECT-TYPE
       SYNTAX      TAddress
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "This object contains a transport address.  The format of
            this address depends on the value of the
            snmpTargetAddrTDomain object."
       ::= { snmpTargetAddrEntry 3 }

   snmpTargetAddrTimeout OBJECT-TYPE
       SYNTAX      TimeInterval
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "This object should reflect the expected maximum round
            trip time for communicating with the transport address
            defined by this row.  When a message is sent to this
            address, and a response (if one is expected) is not
            received within this time period, an implementation
            may assume that the response will not be delivered.

            Note that the time interval that an application waits
            for a response may actually be derived from the value
            of this object.  The method for deriving the actual time
            interval is implementation dependent.  One such method
            is to derive the expected round trip time based on a
            particular retransmission algorithm and on the number
            of timeouts which have occurred.  The type of message may
            also be considered when deriving expected round trip
            times for retransmissions.  For example, if a message is
            being sent with a securityLevel that indicates both
            authentication and privacy, the derived value may be
            increased to compensate for extra processing time spent
            during authentication and encryption processing."
       DEFVAL { 1500 }
       ::= { snmpTargetAddrEntry 4 }

   snmpTargetAddrRetryCount OBJECT-TYPE
       SYNTAX      Integer32 (0..255)
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "This object specifies a default number of retries to be
            attempted when a response is not received for a generated
            message.  An application may provide its own retry count,
            in which case the value of this object is ignored."
       DEFVAL { 3 }
ToP   noToC   RFC2273 - Page 36
       ::= { snmpTargetAddrEntry 5 }

   snmpTargetAddrTagList OBJECT-TYPE
       SYNTAX      SnmpTagList
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "This object contains a list of tag values which are
            used to select target addresses for a particular
            operation."
       ::= { snmpTargetAddrEntry 6 }

   snmpTargetAddrParams OBJECT-TYPE
       SYNTAX      SnmpAdminString (SIZE(1..32))
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The value of this object identifies an entry in the
            snmpTargetParamsTable.  The identified entry
            contains SNMP parameters to be used when generating
            messages to be sent to this transport address."
       ::= { snmpTargetAddrEntry 7 }

   snmpTargetAddrStorageType OBJECT-TYPE
       SYNTAX      StorageType
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The storage type for this conceptual row."
       ::= { snmpTargetAddrEntry 8 }

   snmpTargetAddrRowStatus OBJECT-TYPE
       SYNTAX      RowStatus
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The status of this conceptual row.

            To create a row in this table, a manager must
            set this object to either createAndGo(4) or
            createAndWait(5).

            Until instances of all corresponding columns are
            appropriately configured, the value of the
            corresponding instance of the snmpTargetAddrRowStatus
            column is 'notReady'.

            In particular, a newly created row cannot be made
ToP   noToC   RFC2273 - Page 37
            active until the corresponding snmpTargetAddrTDomain
            and snmpTargetAddrTAddress have both been set.

            The following objects may not be modified while the
            value of this object is active(1):
                - snmpTargetAddrTDomain
                - snmpTargetAddrTAddress"
       ::= { snmpTargetAddrEntry 9 }

   snmpTargetParamsTable OBJECT-TYPE
       SYNTAX      SEQUENCE OF SnmpTargetParamsEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "A table of SNMP target information to be used
            in the generation of SNMP messages."
       ::= { snmpTargetObjects 3 }

   snmpTargetParamsEntry OBJECT-TYPE
       SYNTAX      SnmpTargetParamsEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "A set of SNMP target information.

            Entries in the snmpTargetParamsTable are created and
            deleted using the snmpTargetParamsRowStatus object."
       INDEX { IMPLIED snmpTargetParamsName }
       ::= { snmpTargetParamsTable 1 }

   SnmpTargetParamsEntry ::= SEQUENCE {
       snmpTargetParamsName           SnmpAdminString,
       snmpTargetParamsMPModel        SnmpMessageProcessingModel,
       snmpTargetParamsSecurityModel  SnmpSecurityModel,
       snmpTargetParamsSecurityName   SnmpAdminString,
       snmpTargetParamsSecurityLevel  SnmpSecurityLevel,
       snmpTargetParamsStorageType    StorageType,
       snmpTargetParamsRowStatus      RowStatus
   }

   snmpTargetParamsName OBJECT-TYPE
       SYNTAX      SnmpAdminString (SIZE(1..32))
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "The locally arbitrary, but unique identifier associated
            with this snmpTargetParamsEntry."
       ::= { snmpTargetParamsEntry 1 }
ToP   noToC   RFC2273 - Page 38
   snmpTargetParamsMPModel OBJECT-TYPE
       SYNTAX      SnmpMessageProcessingModel
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The Message Processing Model to be used when generating
            SNMP messages using this entry."
       ::= { snmpTargetParamsEntry 2 }

   snmpTargetParamsSecurityModel OBJECT-TYPE
       SYNTAX      SnmpSecurityModel (0..254 | 256..2147483647)
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The Security Model to be used when generating SNMP
             messages using this entry."
       ::= { snmpTargetParamsEntry 3 }

   snmpTargetParamsSecurityName OBJECT-TYPE
       SYNTAX      SnmpAdminString
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The securityName which identifies the Principal on
            whose behalf SNMP messages will be generated using
            this entry."
       ::= { snmpTargetParamsEntry 4 }

   snmpTargetParamsSecurityLevel OBJECT-TYPE
       SYNTAX      SnmpSecurityLevel
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The Level of Security to be used when generating
            SNMP messages using this entry."
       ::= { snmpTargetParamsEntry 5 }

   snmpTargetParamsStorageType OBJECT-TYPE
       SYNTAX      StorageType
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The storage type for this conceptual row."
       ::= { snmpTargetParamsEntry 6 }

   snmpTargetParamsRowStatus OBJECT-TYPE
       SYNTAX      RowStatus
       MAX-ACCESS  read-create
ToP   noToC   RFC2273 - Page 39
       STATUS      current
       DESCRIPTION
           "The status of this conceptual row.

            To create a row in this table, a manager must
            set this object to either createAndGo(4) or
            createAndWait(5).

            Until instances of all corresponding columns are
            appropriately configured, the value of the
            corresponding instance of the snmpTargetParamsRowStatus
            column is 'notReady'.

            In particular, a newly created row cannot be made
            active until the corresponding
            snmpTargetParamsMPModel,
            snmpTargetParamsSecurityModel,
            snmpTargetParamsSecurityName,
            and snmpTargetParamsSecurityLevel have all been set.

            The following objects may not be modified while the
            value of this object is active(1):
                - snmpTargetParamsMPModel
                - snmpTargetParamsSecurityModel
                - snmpTargetParamsSecurityName
                - snmpTargetParamsSecurityLevel"
       ::= { snmpTargetParamsEntry 7 }

   snmpUnavailableContexts OBJECT-TYPE
       SYNTAX       Counter32
       MAX-ACCESS   read-only
       STATUS       current
       DESCRIPTION
           "The total number of packets received by the SNMP
            engine which were dropped because the context
            contained in the mesage was unavailable."
       ::= { snmpTargetObjects 4 }

   snmpUnknownContexts OBJECT-TYPE
       SYNTAX       Counter32
       MAX-ACCESS   read-only
       STATUS       current
       DESCRIPTION
           "The total number of packets received by the SNMP
            engine which were dropped because the context
            contained in the mesage was unknown."

       ::= { snmpTargetObjects 5 }
ToP   noToC   RFC2273 - Page 40
   --
   --
   -- Conformance information
   --
   --

   snmpTargetCompliances OBJECT IDENTIFIER ::=
                                           { snmpTargetConformance 1 }
   snmpTargetGroups      OBJECT IDENTIFIER ::=
                                           { snmpTargetConformance 2 }

   --
   --
   -- Compliance statements
   --
   --


   snmpTargetCommandResponderCompliance MODULE-COMPLIANCE
       STATUS      current
       DESCRIPTION
           "The compliance statement for SNMP entities which include
            a command responder application."
       MODULE -- This Module
           MANDATORY-GROUPS { snmpTargetCommandResponderGroup }
       ::= { snmpTargetCompliances 1 }

   snmpTargetBasicGroup OBJECT-GROUP
       OBJECTS {
           snmpTargetSpinLock,
           snmpTargetAddrTDomain,
           snmpTargetAddrTAddress,
           snmpTargetAddrTagList,
           snmpTargetAddrParams,
           snmpTargetAddrStorageType,
           snmpTargetAddrRowStatus,
           snmpTargetParamsMPModel,
           snmpTargetParamsSecurityModel,
           snmpTargetParamsSecurityName,
           snmpTargetParamsSecurityLevel,
           snmpTargetParamsStorageType,
           snmpTargetParamsRowStatus
       }
       STATUS      current
       DESCRIPTION

           "A collection of objects providing basic remote
            configuration of management targets."
ToP   noToC   RFC2273 - Page 41
       ::= { snmpTargetGroups 1 }

   snmpTargetResponseGroup OBJECT-GROUP
       OBJECTS {
           snmpTargetAddrTimeout,
           snmpTargetAddrRetryCount
       }
       STATUS      current
       DESCRIPTION
           "A collection of objects providing remote configuration
            of management targets for applications which generate
            SNMP messages for which a response message would be
            expected."
       ::= { snmpTargetGroups 2 }

   snmpTargetCommandResponderGroup OBJECT-GROUP
       OBJECTS {
           snmpUnavailableContexts,
           snmpUnknownContexts
       }
       STATUS      current
       DESCRIPTION
           "A collection of objects required for command responder
            applications, used for counting error conditions."
       ::= { snmpTargetGroups 3 }

   END



(page 41 continued on part 3)

Next Section