4. The Structure of the MIB Modules
There are three separate MIB modules described in this document:
- SNMP-TARGET-MIB: The management target MIB
- SNMP-NOTIFICATION-MIB: The notification MIB
- SNMP-PROXY-MIB: The proxy MIB
The use of these MIBs by particular types of applications is described later in this document:
- The use of the management target MIB and the notification MIB in notification originator applications is described in section 5.
- The use of the notification MIB for filtering notifications in notification originator applications is described in section 6.
- The use of the management target MIB and the proxy MIB in proxy forwarding applications is described in section 7.
4.1. The Management Target MIB Module
The SNMP-TARGET-MIB module contains objects for defining management targets. It consists of two tables and conformance/compliance statements.
4.1.1. Structure Overview
The SNMP-TARGET-MIB provides:
-
snmpTargetAddrTable: Contains information about transport domains and addresses. It includes snmpTargetAddrTagList, which provides a mechanism for grouping entries.
-
snmpTargetParamsTable: Contains information about SNMP version and security information to be used when sending messages to particular transport domains and addresses.
The Management Target MIB is intended to provide a general-purpose mechanism for specifying transport addresses and for specifying parameters of SNMP messages generated by an SNMP entity. It is used within this document for generation of notifications and for proxy forwarding. However, it may be used for other purposes.
4.1.2. Tag Lists
The snmpTargetAddrTagList object is used for grouping entries in the snmpTargetAddrTable. The value of this object contains a list of tag values which are used to select target addresses to be used for a particular operation.
A tag value is an arbitrary string of octets, but may not contain a delimiter character. Delimiter characters are defined to be one of the following characters:
- An ASCII space character (0x20)
- An ASCII TAB character (0x09)
- An ASCII carriage return (CR) character (0x0D)
- An ASCII line feed (LF) character (0x0A)
Delimiter characters are used to separate tag values in a tag list. An object of this type may contain:
- A zero-length octet string representing an empty list, or
- A single tag value (no delimiter characters allowed), or
- A list of tag values, separated by single delimiter characters
For a list of tag values, these constraints imply:
- There cannot be a leading or trailing delimiter character
- There cannot be multiple adjacent delimiter characters
4.1.3. Key Objects in SNMP-TARGET-MIB
snmpTargetSpinLock
This object is used to facilitate modification of table entries in the SNMP-TARGET-MIB module by multiple managers, particularly when modifying the snmpTargetAddrTagList object.
snmpTargetAddrTable
A table of transport addresses to be used in the generation of SNMP messages. Each entry contains:
- snmpTargetAddrName: Locally unique identifier for this entry
- snmpTargetAddrTDomain: Transport type (e.g., snmpUDPDomain)
- snmpTargetAddrTAddress: Transport address
- snmpTargetAddrTimeout: Expected maximum round trip time
- snmpTargetAddrRetryCount: Number of retries for undelivered messages
- snmpTargetAddrTagList: List of tag values for grouping entries
- snmpTargetAddrParams: Reference to snmpTargetParamsTable entry
- snmpTargetAddrStorageType: Storage type for this entry
- snmpTargetAddrRowStatus: Row status for creating/deleting entries
snmpTargetParamsTable
Contains SNMP parameters to be used when generating SNMP messages to particular targets. Each entry contains:
- snmpTargetParamsName: Locally unique identifier
- snmpTargetParamsMPModel: Message Processing Model (0=SNMPv1, 1=SNMPv2c, 3=SNMPv3)
- snmpTargetParamsSecurityModel: Security Model (1=SNMPv1, 2=SNMPv2c, 3=USM)
- snmpTargetParamsSecurityName: Security name (community or user name)
- snmpTargetParamsSecurityLevel: Security level (noAuthNoPriv, authNoPriv, authPriv)
- snmpTargetParamsStorageType: Storage type for this entry
- snmpTargetParamsRowStatus: Row status for creating/deleting entries
4.2. The Notification MIB Module
The SNMP-NOTIFICATION-MIB module contains objects for configuring the generation of notifications. It contains three tables.
4.2.1. Structure Overview
The SNMP-NOTIFICATION-MIB provides:
- snmpNotifyTable: Selects management targets to receive notifications based on tag values.
- snmpNotifyFilterProfileTable: Associates filter profiles with target parameter names.
- snmpNotifyFilterTable: Defines filter rules for selective notification delivery.
4.2.2. Key Objects in SNMP-NOTIFICATION-MIB
snmpNotifyTable
Selects management targets which should receive notifications, as well as the type of notification (trap or inform) to generate. Each entry contains:
- snmpNotifyName: Locally unique identifier
- snmpNotifyTag: Tag value to match against snmpTargetAddrTagList
- snmpNotifyType: trap(1) or inform(2)
- snmpNotifyStorageType: Storage type for this entry
- snmpNotifyRowStatus: Row status for creating/deleting entries
snmpNotifyFilterProfileTable
Associates filter profile names with target parameters names. Each entry contains:
- snmpTargetParamsName: Index, references snmpTargetParamsTable
- snmpNotifyFilterProfileName: Name of filter profile
- snmpNotifyFilterProfileStorType: Storage type
- snmpNotifyFilterProfileRowStatus: Row status
snmpNotifyFilterTable
Defines filter rules used to determine which notifications should be sent to which management targets. Each entry contains:
- snmpNotifyFilterProfileName: Index, references filter profile
- snmpNotifyFilterSubtree: Index, object identifier of subtree
- snmpNotifyFilterMask: Bit mask for OID matching
- snmpNotifyFilterType: included(1) or excluded(2)
- snmpNotifyFilterStorageType: Storage type
- snmpNotifyFilterRowStatus: Row status
4.3. The Proxy MIB Module
The SNMP-PROXY-MIB module contains objects for defining translations used by proxy forwarder applications. It consists of a single table.
4.3.1. Structure Overview
The SNMP-PROXY-MIB provides:
- snmpProxyTable: Defines translation rules for proxy forwarding of SNMP messages.
4.3.2. Key Objects in SNMP-PROXY-MIB
snmpProxyTable
Defines translation parameters used by proxy forwarders. Each entry contains:
- snmpProxyName: Locally unique identifier
- snmpProxyType: Type of proxy operation:
- read(1): Forward read-class PDUs
- write(2): Forward write-class PDUs
- trap(3): Forward trap notifications
- inform(4): Forward inform notifications
- snmpProxyContextEngineID: Incoming context engine ID to match
- snmpProxyContextName: Incoming context name to match
- snmpProxyTargetParamsIn: Reference to snmpTargetParamsTable for incoming message parameters
- snmpProxySingleTargetOut: For single target forwarding, specifies target address name
- snmpProxyMultipleTargetOut: For multiple target forwarding, specifies tag value
- snmpProxyStorageType: Storage type for this entry
- snmpProxyRowStatus: Row status for creating/deleting entries
4.4. Conformance and Compliance
Each MIB module includes:
- Object Groups: Logical groupings of related objects
- Compliance Statements: Define which objects must be implemented for conformance
- Module Compliance: Specifies minimum implementation requirements
SNMP-TARGET-MIB Compliance
Implementations must support:
- snmpTargetBasicGroup: Basic target address and parameters objects
- snmpTargetResponseGroup: Objects for response/retry handling (for command generators and notification originators)
SNMP-NOTIFICATION-MIB Compliance
Implementations must support:
- snmpNotifyGroup: Basic notification selection objects
- snmpNotifyFilterGroup: Notification filtering objects (optional but recommended)
SNMP-PROXY-MIB Compliance
Implementations must support:
- snmpProxyGroup: All proxy translation objects
4.5. Usage Patterns
Pattern 1: Simple Notification Configuration
To send trap notifications to a management station:
- Create an entry in snmpTargetAddrTable specifying the management station's address
- Create an entry in snmpTargetParamsTable specifying the SNMP version and security parameters
- Create an entry in snmpNotifyTable with a tag that matches the snmpTargetAddrTagList
Pattern 2: Filtered Notifications
To send only specific notifications to a management station:
- Configure Pattern 1 (Simple Notification Configuration)
- Create an entry in snmpNotifyFilterProfileTable associating a filter profile with the target parameters
- Create entries in snmpNotifyFilterTable defining which OID subtrees to include/exclude
Pattern 3: Proxy Forwarding
To forward requests through a proxy:
- Create entries in snmpTargetAddrTable and snmpTargetParamsTable for the target SNMP engine
- Create an entry in snmpProxyTable specifying:
- The incoming context and security parameters to match
- The outgoing target address (via snmpProxySingleTargetOut)
- The proxy type (read, write, trap, or inform)
4.6. Security and Access Control
The MIB modules defined in this document contain objects that have a MAX-ACCESS of read-write and/or read-create. Setting these objects can:
- Redirect SNMP traffic to unauthorized destinations
- Modify security parameters, potentially weakening security
- Change filtering rules, potentially disclosing sensitive information
It is RECOMMENDED that:
- Access to these MIB objects be restricted using VACM (View-based Access Control Model) as defined in RFC 3415
- Only authorized security administrators have write access to these objects
- SNMPv3 with authentication and encryption (authPriv) be used when modifying these objects
- Changes to these objects be logged for audit purposes
4.7. Implementation Notes
Storage Types
The *StorageType objects in each table allow implementations to control the persistence of configuration:
- volatile: Configuration lost on restart (default)
- nonVolatile: Configuration persists across restarts
- permanent: Configuration cannot be deleted
- readOnly: Configuration is read-only (cannot be modified via SNMP)
- other: Implementation-specific storage
Row Status
The *RowStatus objects follow the standard RowStatus textual convention (RFC 2579):
- Use createAndGo to create and activate an entry in one step
- Use createAndWait to create an entry and set other columns before activation
- Use active to indicate an entry is operational
- Use notInService to temporarily deactivate an entry
- Use notReady (read-only) to indicate an entry cannot be made active yet
- Use destroy to delete an entry
Index Considerations
The IMPLIED keyword is used in several table indices (e.g., snmpTargetAddrName). This means:
- The index length is not encoded separately in the OID
- The index string is variable-length and consumes the rest of the OID
- Only one IMPLIED index can appear per table, and it must be last
This design choice allows for longer, more descriptive names without the overhead of separate length encoding.