-- Definition of Initial Party and Context Identifiers -- When devices are installed, they need to be configured -- with an initial set of SNMPv2 parties and contexts. The -- configuration of SNMPv2 parties and contexts requires (among -- other things) the assignment of several OBJECT IDENTIFIERs. -- Any local network administration can obtain the delegated -- authority necessary to assign its own OBJECT IDENTIFIERs. -- However, to provide for those administrations who have not -- obtained the necessary authority, this document allocates a -- branch of the naming tree for use with the following -- conventions. initialPartyId OBJECT IDENTIFIER ::= { partyAdmin 3 } initialContextId OBJECT IDENTIFIER ::= { partyAdmin 4 } -- Note these are identified as "initial" party and context -- identifiers since these allow secure SNMPv2 communication -- to proceed, thereby allowing further SNMPv2 parties to be -- configured through use of the SNMPv2 itself. -- The following definitions identify a party identifier, and -- specify the initial values of various object instances -- indexed by that identifier. In addition, the SNMPv2 -- context, access control policy, and MIB view information -- assigned, by convention, are identified. -- Party Identifiers for use as initial SNMPv2 parties -- at IP address a.b.c.d -- Note that for all OBJECT IDENTIFIERs assigned under -- initialPartyId, the four sub-identifiers immediately -- following initialPartyId represent the four octets of -- an IP address. Initial party identifiers for other address -- families are assigned under a different OBJECT IDENTIFIER, -- as defined elsewhere. -- Devices which support SNMPv2 as entities acting in an -- agent role, and accessed via the snmpUDPDomain transport -- domain, are required to be configured with the appropriate -- set of the following as implicit assignments as and when -- they are configured with an IP address. The appropriate -- set is all those applicable to the authentication and -- privacy protocols supported by the device. -- a noAuth/noPriv party which executes at the agent -- partyIdentity = { initialPartyId a b c d 1 } -- partyIndex = 1 -- partyTDomain = snmpUDPDomain -- partyTAddress = a.b.c.d, 161 -- partyLocal = true (in agent's database) -- partyAuthProtocol = noAuth -- partyAuthClock = 0 -- partyAuthPrivate = ''H (the empty string) -- partyAuthPublic = ''H (the empty string) -- partyAuthLifetime = 0 -- partyPrivProtocol = noPriv -- partyPrivPrivate = ''H (the empty string) -- partyPrivPublic = ''H (the empty string) -- a noAuth/noPriv party which executes at a manager -- partyIdentity = { initialPartyId a b c d 2 } -- partyIndex = 2 -- partyTDomain = snmpUDPDomain -- partyTAddress = assigned by local administration -- partyLocal = false (in agent's database) -- partyAuthProtocol = noAuth -- partyAuthClock = 0 -- partyAuthPrivate = ''H (the empty string) -- partyAuthPublic = ''H (the empty string) -- partyAuthLifetime = 0 -- partyPrivProtocol = noPriv -- partyPrivPrivate = ''H (the empty string) -- partyPrivPublic = ''H (the empty string) -- a md5Auth/noPriv party which executes at the agent -- partyIdentity = { initialPartyId a b c d 3 } -- partyIndex = 3 -- partyTDomain = snmpUDPDomain -- partyTAddress = a.b.c.d, 161 -- partyLocal = true (in agent's database) -- partyAuthProtocol = v2md5AuthProtocol -- partyAuthClock = 0 -- partyAuthPrivate = assigned by local administration -- partyAuthPublic = ''H (the empty string) -- partyAuthLifetime = 300 -- partyPrivProtocol = noPriv -- partyPrivPrivate = ''H (the empty string) -- partyPrivPublic = ''H (the empty string) -- a md5Auth/noPriv party which executes at a manager -- partyIdentity = { initialPartyId a b c d 4 } -- partyIndex = 4 -- partyTDomain = snmpUDPDomain -- partyTAddress = assigned by local administration -- partyLocal = false (in agent's database) -- partyAuthProtocol = v2md5AuthProtocol -- partyAuthClock = 0 -- partyAuthPrivate = assigned by local administration -- partyAuthPublic = ''H (the empty string) -- partyAuthLifetime = 300 -- partyPrivProtocol = noPriv -- partyPrivPrivate = ''H (the empty string) -- partyPrivPublic = ''H (the empty string) -- a md5Auth/desPriv party which executes at the agent -- partyIdentity = { initialPartyId a b c d 5 } -- partyIndex = 5 -- partyTDomain = snmpUDPDomain -- partyTAddress = a.b.c.d, 161 -- partyLocal = true (in agent's database) -- partyAuthProtocol = v2md5AuthProtocol -- partyAuthClock = 0 -- partyAuthPrivate = assigned by local administration -- partyAuthPublic = ''H (the empty string) -- partyAuthLifetime = 300 -- partyPrivProtocol = desPrivProtocol -- partyPrivPrivate = assigned by local administration -- partyPrivPublic = ''H (the empty string) -- a md5Auth/desPriv party which executes at a manager -- partyIdentity = { initialPartyId a b c d 6 } -- partyIndex = 6 -- partyTDomain = snmpUDPDomain -- partyTAddress = assigned by local administration -- partyLocal = false (in agent's database) -- partyAuthProtocol = v2md5AuthProtocol -- partyAuthClock = 0 -- partyAuthPrivate = assigned by local administration -- partyAuthPublic = ''H (the empty string) -- partyAuthLifetime = 300 -- partyPrivProtocol = desPrivProtocol -- partyPrivPrivate = assigned by local administration -- partyPrivPublic = ''H (the empty string) -- the initial SNMPv2 contexts assigned, by convention, are: -- contextIdentity = { initialContextId a b c d 1 } -- contextIndex = 1 -- contextLocal = true (in agent's database) -- contextViewIndex = 1 -- contextLocalEntity = ''H (the empty string) -- contextLocalTime = currentTime -- contextProxyDstParty = { 0 0 } -- contextProxySrcParty = { 0 0 } -- contextProxyContext = { 0 0 } -- contextIdentity = { initialContextId a b c d 2 } -- contextIndex = 2 -- contextLocal = true (in agent's database) -- contextViewIndex = 2 -- contextLocalEntity = ''H (the empty string) -- contextLocalTime = currentTime -- contextProxyDstParty = { 0 0 } -- contextProxySrcParty = { 0 0 } -- contextProxyContext = { 0 0 } -- The initial access control policy assigned, by -- convention, is: -- aclTarget = 1 -- aclSubject = 2 -- aclResources = 1 -- aclPrivileges = 35 (Get, Get-Next & Get-Bulk) -- aclTarget = 2 -- aclSubject = 1 -- aclResources = 1 -- aclPrivileges = 132 (Response & SNMPv2-Trap) -- aclTarget = 3 -- aclSubject = 4 -- aclResources = 2 -- aclPrivileges = 43 (Get, Get-Next, Set & Get-Bulk) -- aclTarget = 4 -- aclSubject = 3 -- aclResources = 2 -- aclPrivileges = 4 (Response) -- aclTarget = 5 -- aclSubject = 6 -- aclResources = 2 -- aclPrivileges = 43 (Get, Get-Next, Set & Get-Bulk) -- aclTarget = 6 -- aclSubject = 5 -- aclResources = 2 -- aclPrivileges = 4 (Response) -- Note that the initial context and access control -- information assigned above, by default, to the -- md5Auth/desPriv parties are identical to those assigned to -- the md5Auth/noPriv parties. However, each administration -- may choose to have different authorization policies, -- depending on whether privacy is used. -- The initial MIB views assigned, by convention, are: -- viewIndex = 1 -- viewSubtree = system -- viewMask = ''H -- viewType = included -- viewIndex = 1 -- viewSubtree = snmpStats -- viewMask = ''H -- viewType = included -- viewIndex = 1 -- viewSubtree = snmpParties -- viewMask = ''H -- viewType = included -- viewIndex = 2 -- viewSubtree = internet -- viewMask = ''H -- viewType = included -- Note that full access to the partyTable, contextTable, -- aclTable, and viewTable gives a manager the ability to -- configure any parties with any/all capabilities (the -- equivalent of "root" access). A lesser manager can be -- given access only to the partyTable so that it can -- maintain its own parties, but not increase/decrease -- their capabilities. Such a lesser manager can also -- create new parties but they are of no use to it.