SNMP Research International, Inc.

Secure Your Network

For More Information


Access Restriction
Access to the SNMP agents configured with a community string can be restricted based upon the source address of requests. If address restriction is selected, only managers included in the list of IP addresses will be able to query the agent using the new community string.
Access View
The access level determines the MIB objects that members (users/communities) of a security group can retrieve with SNMP Get requests or set with SNMP Set requests. There are two types of access views, read and write:
  • The read access view determines objects that can be retrieved using SNMP Get requests.
  • The write access view determines objects that can be set using SNMP Set requests.
Application Programming Interface.
Abstract Syntax Notation One. A description language used to describe SNMP data types in machine architecture-independent format.
Authentication within the context of SNMP means that the SNMP entity can assert with certainty that the purported sender of a message is in fact the sender of that message.
Basic Encoding Rules. The Basic Encoding Rules describe how SNMP data should be encoded "on the wire" in such a way that machines with potentially very different architectures can understand it.
The ISO-OSI network management protocol. The Common Management Information Protocol.
This is an informal reference to RFC 3584, "Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework."
The term community refers to the SNMPv1 or SNMPv2c configured request name. A community is used when making SNMPv1 or SNMPv2c requests to an SNMP agent.
Configuration Policy
A configuration policy consists of one or more security groups and the users or communities assigned to those groups. When a security group is included in policy, all the users or communities assigned to that group will be configured on the SNMP agent. Note: SNMP agents that will be configured using the new policy should support the security models and security levels defined for the security groups selected. For example, a policy containing an SNMPv3 user configuration should not be configured on an agent that supports only SNMPv1 and/or SNMPv2c.
Connectionless Protocols
Connectionless protocols allow packets between network correspondents to be routed individually rather than through a pre-established "connection." IP is an example of a connectionless protocol.
Connection-oriented Protocols
Connection-oriented protocols transmit packets between network correspondents along predetermined routes which are established at connection setup.
Contexts are generally used when an SNMP agent has multiple subagents that support the same MIB. By making a request with context the agent can correctly forward the request to the subagent that has registered for the context. Typically most MIB objects will be supported under the default SNMP context. A non-default context should only be specified if you know the SNMP agent being configured has MIB objects supported under a different context.
The Domain Name System. A networked database primarily used to identify mail handlers and to resolve IP addresses from symbolic names.
The Internet Engineering Steering Group. A standards body responsible for approving technology as Internet Standards.
The Internet Engineering Task Force. A standards body that forms Working Groups to develop technology for the Internet community. When protocol is deemed ready to move forward in the standards process, the IETF sends its recommendations to the IESG.
Instrumentation refers to the system-dependent program code written by an agent developer to gather the information that can be accessed using SNMP. In order to retrieve information, the number of packets in and out of an interface must be counted. The instrumentation does the counting.
Internet Protocol. IP is a connectionless network-layer protocol.
International Standards Organization. A standards body responsible for many different kinds of standards. The networking branch of standards is usually referred to as the OSI.
ISODE is a freely available development environment created as a research tool and represents an effort to promote the use of the International Organization for Standardization (ISO) interpretation of open systems interconnection (OSI), particularly in the Internet and RARE research communities. For more information, see How to Manage Your Network Using SNMP: The Network Management Practicum by Marshall Rose and Keith McCloghrie.
Master Agent
The EMANATE Master Agent. The EMANATE architecture includes the Master Agent and zero-to-many Subagents. The Master Agent includes packet receipt and sending, BER processing, Subagent management, and so forth.
Management Information Base. Each SNMP agent implements a set of "managed objects" described in MIB documents written in the ASN.1 data description language.
MIB family
For the purpose of writing method routines, SNMP variables are separated into families. A family consists of all of the leaf MIB variables with the same immediate parent node, or root (the Object Identifier without the instance information). For example, in MIB-II the following variables form a single family since they are all children of ifEntry (
...skipping entries between...
Note that ifNumber ( is also a member of the interfaces group, but it is not a member of the same family since it is not a child of ifEntry.
MIB view
A MIB view is a set of MIB objects that are accessible in a given user/group configuration. The read and write view is defined by the group to which the user is assigned.
Monolithic Agent
A compile-time extensible SNMP agent. In contrast to a run-time extensible agent, a monolithic agent requires that new MIB objects be incorporated into the agent through recompilation and relinking. EMANATE/Lite is an example of a monolithic agent.
Notification Targets
Notification targets are managers or agents that are selected to receive information from SNMP events. Notifications can be sent as either traps or Informs. A trap is a one-way communication from an agent to manager. An inform contains the same information as a trap, however, with an Inform the manager sends a verification response back to the agent. The user sending the notification must be assigned to a security group that has access to the notification OID and OID of other objects within the notification.
Network Virtual Terminal ASCII. A subset of the ASCII code defined by RFC 854 for use with the telnet protocol. NVT ASCII consists of printable ASCII characters and selected control characters such s carriage-return.
Object Identifier. Each object in an SNMP MIB has an associated Object Identifier which uniquely identifies the object in a global tree of objects.
Open Systems Interconnect. A set of networking standards endorsed by the ISO.
Revision Control System. A system of managing multiple revisions of files. RCS is useful for text that is revised frequently, for example C programs, documentation, graphics, papers, and form letters.
Request for Comment. Documents maintained by the IETF standards body containing standards in various stages of completion. RFC documents are available via the Internet for no fee and in printed form for a nominal printing charge.
Security Group
The security group defines:
  • the security model that will be supported (SNMPv1, SNMPv2c, or SNMPv3).
  • the security level that will be supported (if SNMPv3 is the security model).
  • the access level or views (read, write, and notify permissions).
Users assigned to a security group take on the access limitations defined for the group. It is often useful to name a security group to indicate the access level. It is also helpful to create a security group for specific level of access. Multiple users can be assigned to the same security group, however, each user can only be assigned to one security group.
Security Level
SNMPv3 users can be configured to use one of the following security levels:
  • No authentication and no privacy
  • Authentication and no privacy
  • Authentication and privacy
Simple Network Management Protocol. The specification for this historic protocol is published in RFC 1157.
Community-based SNMPv2. An historic protocol published in RFC 1901 which combines SNMPv2c operations (such s GetBulk) with SNMPv1 trivial authentication.
Simple Network Management Protocol version 2 "star." An historic proposed protocol (published as Internet Drafts) which predates SNMPv3 and should no longer be used.
Simple Network Management Protocol version 3. The specification for this Full Standard protocol is published in RFCs 3410 and 3418. SNMPv3 provides a Full Standard administrative framework (authorization, access control, etc.) and a remote configuration/administration MIB.
An EMANATE Subagent. (See "Master Agent" for description of the EMANATE architecture.) A Subagent traditionally implements a single MIB document, such as the FDDI-MIB or the Host Resources MIB.
The Transmission Control Protocol is a connection-oriented transport-layer protocol. It attempts to achieve reliability through retransmission.
The User Datagram Protocol is a connectionless end-to-end transport-layer protocol.
The term "user" refers to the SNMPv3 USM users configured on an SNMP agent. The user is used when making an SNMPv3 request to an agent that supports SNMPv3.
An SNMP variable binding. A VarBind includes an OBJECT IDENTIFIER and value (which may be NULL).