58
OID and subtree
A MIB stores variables called "nodes" or "objects" in a tree hierarchy and identifies each node with a
unique OID. An OID is a dotted numeric string that uniquely identifies the path from the root node to
a leaf node. For example, the object
internet
is uniquely identified by the OID {1.3.6.1}.
A subtree is like a branch in the tree hierarchy. It contains a root node and the lower-level nodes of
the root node. A subtree is identified by the OID of the root node.
MIB view
A MIB view is a subset of a MIB. You can control NMS access to MIB objects by specifying a MIB
view for the username or community name that the NMS uses. For a subtree included in a MIB view,
all nodes in the subtree are accessible to the NMS. For a subtree excluded in a MIB view, all nodes
in the subtree are inaccessible to the NMS.
Subtree mask
A subtree mask is in hexadecimal format. It identifies a MIB view collectively with the subtree OID.
To determine whether an MIB object is in a MIB view, convert the subnet mask to binary bits (0 and 1)
and match each bit with each node number of the object OID from left to right. If the 1-bit
corresponded node numbers of the object OID are the same as those of the subtree OID, the MIB
object is in the MIB view. The 0-bit corresponded node numbers can be different from those of the
subtree OID.
For example, the view determined by the subtree OID 1.3.6.1.6.1.2.1 and the subtree mask 0xDB
(11011011 in binary) includes all the nodes under the subtree OID 1.3.*.1.6.*.2.1, where * represents
any number.
NOTE:
•
If the number of bits in the subtree mask is greater than the number of nodes of the OID, the
excessive bits of the subtree mask will be ignored during subtree mask-OID matching.
•
If the number of bits in the subtree mask is smaller than the number of nodes of the OID, the short
bits of the subtree mask will be set to 1 during subtree mask-OID matching.
•
If no subtree mask is specified, the default subtree mask (all ones) will be used for mask-OID
matching.
SNMP versions
You can enable SNMPv1, SNMPv2c, or SNMPv3 on a device. For an NMS and an agent to
communicate, they must run the same SNMP version.
•
SNMPv1 and SNMPv2c use community name for authentication. An NMS can access a device
only when the NMS and the device use the same community name.
•
SNMPv3 uses username for authentication and allows you to configure an authentication key
and a privacy key to enhance communication security. The authentication key authenticates the
validity of the packet sender. The privacy key is used to encrypt the packets transmitted
between the NMS and the device.
SNMP access control
SNMPv1 and SNMPv2 access control
SNMPv1 and SNMPv2 uses community name for authentication. To control NMS access to MIB
objects, configure one or both of the following settings on the community name that the NMS uses:
•
Specify a MIB view for the community. You can specify only one MIB view for a community.