2011年8月4日 星期四

SNMPv3 engine-id discovery

節錄自 RFC3414

4. Discovery
   The User-based Security Model requires that a discovery process
   obtains sufficient information about other SNMP engines in order to
   communicate with them.  Discovery requires an non-authoritative SNMP
   engine to learn the authoritative SNMP engine’s snmpEngineID value
   before communication may proceed.  This may be accomplished by
   generating a Request message with a securityLevel of noAuthNoPriv, a
   msgUserName of zero-length, a msgAuthoritativeEngineID value of zero
   length, and the varBindList left empty.  The response to this message
   will be a Report message containing the snmpEngineID of the
   authoritative SNMP engine as the value of the
   msgAuthoritativeEngineID field within the msgSecurityParameters field.  It contains a Report PDU with the usmStatsUnknownEngineIDs
   counter in the varBindList.
   If authenticated communication is required, then the discovery
   process should also establish time synchronization with the
   authoritative SNMP engine.  This may be accomplished by sending an
   authenticated Request message with the value of
   msgAuthoritativeEngineID set to the newly learned snmpEngineID and
   with the values of msgAuthoritativeEngineBoots and
   msgAuthoritativeEngineTime set to zero.  For an authenticated Request
   message, a valid userName must be used in the msgUserName field.  The
   response to this authenticated message will be a Report message
   containing the up to date values of the authoritative SNMP engine’s
   snmpEngineBoots and snmpEngineTime as the value of the
   msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime fields
   respectively.  It also contains the usmStatsNotInTimeWindows counter
   in the varBindList of the Report PDU.  The time synchronization then
   happens automatically as part of the procedures in section 3.2 step
   7b.  See also section 2.3.

沒有留言:

張貼留言