738940
U2.5 SNMPv1
- general
- ISO 7498-2
- network mgt
protocols provide
- configuration
management
- accounting
- event logging
- configuration
management
- defines network mgt
security in general
- network mgt
protocols provide
- SNMP RFCs
- RFC 1155-1157
- RFC 1441-1448
- RFC 2570-2576
- RFC 1155-1157
- ISO 7498-2
- architectural model
- SNMP
protocol
entities
- at least one
management
station
- acts as management role
- acts as management role
- a number of
network
elements
- acts as agent role
- acts as agent role
- at least one
management
station
- all entities have a
management
information base
(MIB)
- SNMP access
MIB on top of
UDP and IP
- connectionless!!
- ports
- 161
- for requests
(GET, SET)
- for requests
(GET, SET)
- 162
- for traps
- for traps
- 161
- connectionless!!
- SNMP access
MIB on top of
UDP and IP
- SNMP
protocol
entities
- 3 operations
- GET
- enables mgt station to retrieve object values from managed entity
- enables mgt station to retrieve object values from managed entity
- SET
- enables the management station to set object values in managed entity
- enables the management station to set object values in managed entity
- TRAP
- enables a managed entity to notify the management station of significant events
- enables a managed entity to notify the management station of significant events
- implemented
with "protocol
data units"
(PDUs)
- 3 parts to a PDU message
- version
- community
- SNMP operation
- version
- 3 parts to a PDU message
- GET
- security services provided
- authentication service
- Assure the destination
device that the SNMP
PDU does come from
the source from which
it claims to be
- Assure the destination
device that the SNMP
PDU does come from
the source from which
it claims to be
- access control service
- Limit the SNMP
operations that a
device can request
according to device's
identity
- Limit the SNMP
operations that a
device can request
according to device's
identity
- authentication service
- security mechanisms
- authentication mechanism
- community name
- All PDUs from
mgt station must
contain the
community name
- All PDUs from
mgt station must
contain the
community name
- community name
- access mode mechanism
- community profile
- Each device stores a
community profile that
specifies which MIB
values and how those
values can be access by
an entity bearing the
associated community
name.
- Each device stores a
community profile that
specifies which MIB
values and how those
values can be access by
an entity bearing the
associated community
name.
- community profile
- authentication mechanism
- threats
- primary
- data modification
- masquerade
- data modification
- secondary
- message stream modification
- eavesdropping
- message stream modification
- primary
- vulnerabilities
- no integrity protection
- no timeliness guarantee
- no replay protection
- weath authentication mechanism
- no confidentiality protection
- no integrity protection
Möchten Sie kostenlos Ihre eigenen Mindmaps mit GoConqr erstellen? Mehr erfahren.