The SNMP server exchanges network management information with SNMP client software running on a network management host. The server responds to requests for information and actions from the client. The server also controls access to the server’s Management Information Base (MIB), the collection of objects that can be viewed or changed by the SNMP client.
The SNMP client collects information on network connectivity, activity, and events by polling network elements. Communication between the SNMP server and client occurs through Protocol Data Unit (PDU) messages in one of the following forms:
A MIB is a hierarchy of information used to define managed objects in a network element. These sets represent a resource, event, or activity that occurs in the network element.
Enterprise-specific MIBs are developed and supported by a specific vendor for proprietary functions and features not addressed by standard MIBs. They provide consistency of management data representation across a vendor’s product line. If your network contains network elements that have enterprise-specific MIBs, you must obtain them from the vendor and compile them into your network management software.
The TIBCO enterprise-specific MIB defines both the environmental and routing data included as MIB objects for TIBCO Messaging Appliance P-7500 systems and their components. Refer to
Appendix A TIBCO Enterprise-specific MIB in
TIBCO Messaging Appliance P-7500 Maintenance and Troubleshooting for details.
SNMP traps are defined in either standard or enterprise-specific MIBs. Standard traps are created by the IETF and documented in various RFCs. The standard traps are compiled into the network management software. You can also download the standard traps from the IETF Web site, at http://www.ietf.org.
Enterprise-specific traps are developed and supported by a specific equipment manufacturer. If your network contains network elements that have enterprise-specific traps, you must obtain them from the manufacturer and compile them into your network management software.
Refer to “Configuring Enterprise-specific Traps” for the traps developed and supported by TIBCO for TIBCO Messaging Appliance P-7500.
SNMPv2c provides only password protection for the name of the groups querying the server, through the community name and IP address. In contrast, SNMPv3 supports both authentication and encryption for the name of the groups querying the server.
With SNMPv3, only authorized users can communicate with each other. Based on the concept of applying security levels to the name of the groups querying the server, the server decides whether the group is allowed to view or change specific MIBs. Consequently, an SNMPv3 client can interact with a network element only if the administrator configured the network element to allow the interaction.
SNMPv3 authenticates users through the HMAC-MD5-96 protocol, while CBC-DES is the encryption protocol (for privacy). TIBCO Messaging Appliance P-7500 recognizes up to 16 groups for SNMP access that can have any of the following predefined SNMPv3 security levels:
SNMPv3 uses the User-based Security Model (USM) for message security. USM specifies authentication and encryption, and uses the concept of a user for which security parameters such as authentication are configured for both the server and the client. Consequently, messages sent using USM are better protected than messages sent with SNMPv2c community strings, where passwords (that is, community names) are sent openly. SNMPv3 can be used to secure the network element from the following threats:
In contrast, when an SNMPv2c server receives a message request, the server extracts the client’s community name. The SNMPv2c community table is searched for a matching community name. If a match is found, the IP address is accepted. An unmatched community name causes an SNMP authentication error. Each entry in the community table identifies: