SNMP MIB

This appendix explains the User Registrar application's limited function as an SNMP manager, in that it sends SNMP get and set requests to SNMP agents. There is an SNMP agent in each DOCSIS modem. This SNMP agent answers SNMP get and set requests from SNMP managers, according to the DOCSIS MIBs and other MIBs (Management Information Bases).

A MIB describes the objects that can be managed by SNMP. A typical MIB contains the common name (which must be unique) of each object, the value of the OID (object IDs, which are hierarchical and must be unique), and the textual description of the syntax and semantics of each object.

User Registrar uses SNMP only to set the value of one object: docsDevResetNow. By setting this object value to true, User Registrar resets the modem. Note that this has been erroneously called doing "an SNMP reset of the modem."

The MIB definition of this object is:

docsDevResetNow OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "Setting this object to true(1) causes the device to reset.
             Reading this object always returns false(2)."
        ::= { docsDevBase 3 }

The SNMP OID for this object is .1.3.6.1.3.83.1.1.3. It is constructed by appending the value 3 to the OID for docsDevBase - .1.3.6.1.3.83.1.1.

Applications use the SNMP community strings for access control. The SNMP manager (for example, User Registrar) includes the community string in SNMP messages to the SNMP agent (the DOCSIS modem). The SNMP agent consequently can accept or reject the operation. This is how the DOCSIS modem prevents your neighbor from resetting your modem.

The tricky part is knowing the community string that would allow the DOCSIS modem to be managed (that is, be reset). Some DOCSIS modems are pre-configured to allow SNMP gets with the community string public, and to allow SNMP sets with the community string private. This method is unreliable, and some customers are asking modem vendors not to ship with these defaults.

The most reliable mechanism is to configure the SNMP community strings in the DOCSIS configuration file through Modem Registrar.

The DOCSIS configuration file may optionally include a TLV option, "SNMP MIB Object" (type 11), which can be used to set the values of one or more MIB objects. When the DOCSIS modem processes a configuration file with this option, it sets the MIB object value as if it had received an SNMP set request with the correct community string.

In addition, the DOCSIS modem has MIB objects that control access to its SNMP agent---within a MIB table called docsDevNmAccessTable. Therefore, you can construct a DOCSIS configuration file that contains the community strings that the modem should use to restrict network management access.

In Modem Registrar, you can set up multiple type 11 tuples with the following implied SNMP sets.

docsDevNmAccessIp.1 = <IP address of User Registrar server>
docsDevNmAccessIpMask.1 = 255.255.255.255
docsDevNmAccessCommunity.1 = <User Registrar community string>
docsDevNmAccessControl.1 = readWrite(3)
docsDevNmAccessStatus.1 = active(1)
 
docsDevNmAccessIp.2 = <IP subnet of network management stations>
docsDevNmAccessIpMask.1 = <IP netmask of subnet above>
docsDevNmAccessCommunity.1 = <Network Manager community string>
docsDevNmAccessControl.1 = rwWithTraps(5)
docsDevNmAccessStatus.1 = active(1)

The following is the MIB definition for the Network Management Access table:

--
-- The following table provides one level of security for access
-- to the device by network management stations.
-- Note that access is also constrained by the
-- community strings and any vendor-specific security.
--
 
docsDevNmAccessTable OBJECT-TYPE
        SYNTAX      SEQUENCE OF DocsDevNmAccessEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "This table controls access to SNMP objects by network
             management stations. If the table is empty, access
             to SNMP objects is unrestricted."
        ::= { docsDevMIBObjects 2 }
 
docsDevNmAccessEntry OBJECT-TYPE
        SYNTAX      DocsDevNmAccessEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "Controls access to SNMP objects by a particular network
             management station. For each entry in this table, the
             contents are not readable unless the management station
             has read-write permission."
        INDEX { docsDevNmAccessIndex  }
        ::= {  docsDevNmAccessTable 1 }
 
DocsDevNmAccessEntry ::= SEQUENCE {
            docsDevNmAccessIndex         INTEGER,
            docsDevNmAccessIp            IpAddress,
            docsDevNmAccessIpMask        IpAddress,
            docsDevNmAccessCommunity     DisplayString,
            docsDevNmAccessControl       INTEGER,
            docsDevNmAccessInterfaces    OCTET STRING,
            docsDevNmAccessStatus        RowStatus
        }
 
docsDevNmAccessIndex OBJECT-TYPE
        SYNTAX      INTEGER (1..2147483647)
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "Index used to order the application of access entries."
        ::= { docsDevNmAccessEntry 1 }
 
docsDevNmAccessIp OBJECT-TYPE
        SYNTAX      IpAddress
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The IP address (or subnet) of the network management
             station. The address 255.255.255.255 is defined to mean
             any NMS. If traps are enabled for this entry, then the
             value must be the address of a specific device."
        DEFVAL { 'ffffffff'h }
        ::= { docsDevNmAccessEntry 2 }
 
docsDevNmAccessIpMask OBJECT-TYPE
        SYNTAX      IpAddress
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The IP subnet mask of the network management stations.
             If traps are enabled for this entry, then the value must
             be 255.255.255.255."
        DEFVAL { 'ffffffff'h }
        ::= { docsDevNmAccessEntry 3 }
 
docsDevNmAccessCommunity OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The community string to be matched for access by this
             entry. If set to the null string then any community string
             will match."
        DEFVAL { "public" }
        ::= { docsDevNmAccessEntry 4 }
 
docsDevNmAccessControl OBJECT-TYPE
        SYNTAX         INTEGER {
            none(1),
            read(2),
            readWrite(3),
            roWithTraps(4),
            rwWithTraps(5),
            trapsOnly(6)
        }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the type of access allowed to this NMS. Setting
             this object to none(1) causes the table entry to be
             destroyed. Read(2) allows access by 'get' and 'get-next'
             PDUs. ReadWrite(3) allows access by 'set' as well.
             RoWithtraps(4), rwWithTraps(5), and trapsOnly(6)
             control distribution of Trap PDUs transmitted by this
             device."
        DEFVAL { read }
        ::= { docsDevNmAccessEntry 5 }
 
-- The syntax of the following object was copied from RFC1493,
-- dot1dStaticAllowedToGoTo.
 
docsDevNmAccessInterfaces OBJECT-TYPE
        SYNTAX      OCTET STRING
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the set of interfaces from which requests from
             this NMS will be accepted.
             Each octet within the value of this object specifies a set
             of eight interfaces, with the first octet specifying ports
             1 through 8, the second octet specifying interfaces 9
             through 16, etc.  Within each octet, the most significant
             bit represents the lowest numbered interface, and the least
             significant bit represents the highest numbered interface.
             Thus, each interface is represented by a single bit within
             the value of this object. If that bit has a value of '1'
             then that interface is included in the set.
 
             Note that entries in this table apply only to link-layer
             interfaces (e.g., Ethernet and CATV MAC). Upstream and
             downstream channel interfaces must not be specified."
--         DEFVAL is the bitmask corresponding to all interfaces
        ::= { docsDevNmAccessEntry 6 }
 
docsDevNmAccessStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Controls and reflects the status of rows in this table."
        ::= { docsDevNmAccessEntry 7 }

The following RFCs represent the current specification of SNMPv2. There are many SNMP and network management textbooks available.

RFC 1155 Structure and identification of management information for TCP/IP-based internets. M.T. Rose, K. McCloghrie. May-01-1990.(Format: TXT=40927 bytes) (Obsoletes RFC1065) (Also STD0016) (Status: STANDARD)
RFC 1213 Management Information Base for Network Management of TCP/IP-based internets:MIB-II. K. McCloghrie, M.T. Rose. Mar-01-1991. (Format: TXT=146080 bytes) (Obsoletes RFC1158) (Updated by RFC2011, RFC2012, RFC2013) (Status: STANDARD)
RFC 1902 Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2). SNMPv2 Working Group, J. Case, K. McCloghrie, M. Rose & S. Waldbusser. January 1996. (Format: TXT=77453 bytes) (Obsoletes RFC1442) (Status: DRAFT STANDARD)
RFC 1903 Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2). SNMPv2 Working Group, J. Case, K. McCloghrie, M. Rose & S. Waldbusser. January 1996. (Format: TXT=52652 bytes) (Obsoletes RFC1443) (Status: DRAFT STANDARD)
RFC 1904 Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2). SNMPv2 Working Group, J. Case, K. McCloghrie, M. Rose & S. Waldbusser. January 1996. (Format: TXT=47083 bytes) (Obsoletes RFC1444) (Status: DRAFT STANDARD)
RFC 1905 Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2). SNMPv2 Working Group, J. Case, K. McCloghrie, M. Rose & S. Waldbusser. January 1996. (Format: TXT=55526 bytes) (Obsoletes RFC1448) (Status: DRAFT STANDARD)
RFC 1906 Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2). SNMPv2 Working Group, J. Case, K. McCloghrie, M. Rose & S. Waldbusser. January 1996. (Format: TXT=27465 bytes) (Obsoletes RFC1449) (Status: DRAFT STANDARD)
RFC 1907 Management Information Base for Version 2 of the Simple Network Management Protocol (SNMPv2). SNMPv2 Working Group, J. Case, K. McCloghrie, M. Rose & S. Waldbusser. January 1996. (Format: TXT=34881 bytes) (Obsoletes RFC1450) (Status: DRAFT STANDARD)
RFC 1908 Coexistence between Version 1 and Version 2 of the Internet-standard Network Management Framework. SNMPv2 Working Group, J. Case, K. McCloghrie, M. Rose & S. Waldbusser. January 1996. (Format: TXT=21463 bytes) (Obsoletes RFC1452) (Status: DRAFT STANDARD)

Table of Contents

SNMP MIB

SNMP MIB