--- 1/draft-ietf-netmod-snmp-cfg-04.txt 2014-05-19 08:14:27.814995098 -0700 +++ 2/draft-ietf-netmod-snmp-cfg-05.txt 2014-05-19 08:14:27.942998241 -0700 @@ -1,19 +1,19 @@ Network Working Group M. Bjorklund Internet-Draft Tail-f Systems Intended status: Standards Track J. Schoenwaelder -Expires: August 14, 2014 Jacobs University - February 10, 2014 +Expires: November 20, 2014 Jacobs University + May 19, 2014 A YANG Data Model for SNMP Configuration - draft-ietf-netmod-snmp-cfg-04 + draft-ietf-netmod-snmp-cfg-05 Abstract This document defines a collection of YANG definitions for configuring SNMP engines. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. @@ -21,21 +21,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on August 14, 2014. + This Internet-Draft will expire on November 20, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -64,44 +64,44 @@ 2.13. Secure Shell Transport Model Configuration . . . . . . . . 13 3. Implementation Guidelines . . . . . . . . . . . . . . . . . . 15 3.1. Supporting read-only SNMP Access . . . . . . . . . . . . . 15 3.2. Supporting read-write SNMP access . . . . . . . . . . . . 16 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.1. Module 'ietf-x509-cert-to-name' . . . . . . . . . . . . . 17 4.2. Module 'ietf-snmp' . . . . . . . . . . . . . . . . . . . . 22 4.3. Submodule 'ietf-snmp-common' . . . . . . . . . . . . . . . 25 4.4. Submodule 'ietf-snmp-engine' . . . . . . . . . . . . . . . 29 4.5. Submodule 'ietf-snmp-target' . . . . . . . . . . . . . . . 32 - 4.6. Submodule 'ietf-snmp-notification' . . . . . . . . . . . . 35 - 4.7. Submodule 'ietf-snmp-proxy' . . . . . . . . . . . . . . . 39 + 4.6. Submodule 'ietf-snmp-notification' . . . . . . . . . . . . 36 + 4.7. Submodule 'ietf-snmp-proxy' . . . . . . . . . . . . . . . 40 4.8. Submodule 'ietf-snmp-community' . . . . . . . . . . . . . 42 - 4.9. Submodule 'ietf-snmp-vacm' . . . . . . . . . . . . . . . . 46 + 4.9. Submodule 'ietf-snmp-vacm' . . . . . . . . . . . . . . . . 47 4.10. Submodule 'ietf-snmp-usm' . . . . . . . . . . . . . . . . 52 4.11. Submodule 'ietf-snmp-tsm' . . . . . . . . . . . . . . . . 56 4.12. Submodule 'ietf-snmp-tls' . . . . . . . . . . . . . . . . 59 4.13. Submodule 'ietf-snmp-ssh' . . . . . . . . . . . . . . . . 63 - 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 66 - 6. Security Considerations . . . . . . . . . . . . . . . . . . . 68 - 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 71 - 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 72 - 8.1. Normative References . . . . . . . . . . . . . . . . . . . 72 - 8.2. Informative References . . . . . . . . . . . . . . . . . . 72 - Appendix A. Example configurations . . . . . . . . . . . . . . . 74 - A.1. Engine Configuration Example . . . . . . . . . . . . . . . 74 - A.2. Community Configuration Example . . . . . . . . . . . . . 74 - A.3. User-based Security Model Configuration Example . . . . . 75 - A.4. Target and Notification Configuration Example . . . . . . 77 - A.5. Proxy Configuration Example . . . . . . . . . . . . . . . 78 - A.6. View-based Access Control Model Configuration Example . . 81 + 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 67 + 6. Security Considerations . . . . . . . . . . . . . . . . . . . 69 + 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 72 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 73 + 8.1. Normative References . . . . . . . . . . . . . . . . . . . 73 + 8.2. Informative References . . . . . . . . . . . . . . . . . . 73 + Appendix A. Example configurations . . . . . . . . . . . . . . . 75 + A.1. Engine Configuration Example . . . . . . . . . . . . . . . 75 + A.2. Community Configuration Example . . . . . . . . . . . . . 75 + A.3. User-based Security Model Configuration Example . . . . . 76 + A.4. Target and Notification Configuration Example . . . . . . 78 + A.5. Proxy Configuration Example . . . . . . . . . . . . . . . 79 + A.6. View-based Access Control Model Configuration Example . . 82 A.7. Transport Layer Security Transport Model Configuration - Example . . . . . . . . . . . . . . . . . . . . . . . . . 83 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 85 + Example . . . . . . . . . . . . . . . . . . . . . . . . . 84 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 86 1. Introduction This document defines a YANG [RFC6020] data model for the configuration of SNMP engines. The configuration model is consistent with the MIB modules defined in [RFC3411], [RFC3412], [RFC3413], [RFC3414], [RFC3415], [RFC3418], [RFC3584], [RFC5591], [RFC5592], and [RFC6353] but takes advantage of YANG's ability to define hierarchical configuration data models. @@ -181,40 +181,43 @@ 2.4. Engine Configuration The submodule "ietf-snmp-engine", which defines configuration parameters that are specific to SNMP engines, has the following structure: +--rw snmp +--rw engine +--rw enabled? boolean - +--rw listen - | +--rw udp* [ip port] + +--rw listen* [name] + | +--rw name snmp:identifier + | +--rw (transport) + | +--:(udp) + | +--rw udp | +--rw ip inet:ip-address - | +--rw port inet:port-number + | +--rw port? inet:port-number +--rw version | +--rw v1? empty | +--rw v2c? empty | +--rw v3? empty +--rw engine-id? snmp:engine-id +--rw enable-authen-traps? boolean The leaf "/snmp/engine/enabled" can be used to enable/disable an SNMP engine. - The container "/snmp/engine/listen" provides configuration of the + The list "/snmp/engine/listen" provides configuration of the transport endpoints the engine is listening to. In this submodule, - SNMP over UDP is defined. TLS and Datagram Transport Layer Security - (DTLS) are also supported, defined in "ietf-snmp-tls" (Section 2.12). - The "listen" container is expected to be augmented for other - transports. + SNMP over UDP is defined. SSH, TLS and Datagram Transport Layer + Security (DTLS) are also supported, defined in "ietf-snmp-ssh" + (Section 2.13) and "ietf-snmp-tls" (Section 2.12), respectively. The + "transport" choice is expected to be augmented for other transports. The "/snmp/engine/version" container can be used to enable/disable the different message processing models. 2.5. Target Configuration The submodule "ietf-snmp-target", which defines configuration parameters that correspond to the objects in SNMP-TARGET-MIB, has the following structure: @@ -257,22 +260,22 @@ parameters that correspond to the objects in SNMP-NOTIFICATION-MIB, has the following structure: +--rw snmp +--rw notify* [name] | +--rw name snmp:identifier | +--rw tag snmp:identifier | +--rw type? enumeration +--rw notify-filter-profile* [name] +--rw name snmp:identifier - +--rw include* wildcard-object-identifier - +--rw exclude* wildcard-object-identifier + +--rw include* snmp:wildcard-object-identifier + +--rw exclude* snmp:wildcard-object-identifier It also augments the "target-params" list defined in the "ietf-snmp-target" submodule (Section 2.5) with one leaf: +--rw snmp +--rw target-params* [name] ... +--rw notify-filter-profile? leafref An entry in the list "/snmp/notify" corresponds to an @@ -331,28 +334,29 @@ +--rw security-name snmp:security-name +--rw engine-id? snmp:engine-id +--rw context? snmp:context-name +--rw target-tag? snmp:identifier It also augments the "/snmp/target-params/params" choice with nodes for the Community-Based Security Model used by SNMPv1 and SNMPv2c: +--rw snmp +--rw target-params* [name] - ... - +--rw (params)? + | ... + | +--rw (params)? | +--:(v1) | | +--rw v1 | | +--rw security-name snmp:security-name | +--:(v2c) | +--rw v2c | +--rw security-name snmp:security-name + +--rw target* [name] +--rw mms? union An entry in the list "/snmp/community" corresponds to an "snmpCommunityEntry". When a case "v1" or "v2c" is chosen, it implies a snmpTargetParamsMPModel 0 (SNMPv1) or 1 (SNMPv2), and a snmpTargetParamsSecurityModel 1 (SNMPv1) or 2 (SNMPv2), respectively. Both cases implies a snmpTargetParamsSecurityLevel of noAuthNoPriv. @@ -409,32 +413,32 @@ +--rw user* [name] +-- {common user params} The "{common user params}" are: +--rw name snmp:identifier +--rw auth! | +--rw (protocol) | +--:(md5) | | +--rw md5 - | | +-- rw key string + | | +-- rw key yang:hex-string | +--:(sha) | +--rw sha - | +-- rw key string + | +-- rw key yang:hex-string +--rw priv! +--rw (protocol) +--:(des) | +--rw des - | +-- rw key string + | +-- rw key yang:hex-string +--:(aes) +--rw aes - +-- rw key string + +-- rw key yang:hex-string It also augments the "/snmp/target-params/params" choice with nodes for the SNMP User-based Security Model. +--rw snmp +--rw target-params* [name] ... +--rw (params)? +--:(usm) +--rw usm @@ -502,34 +506,38 @@ +--rw name string The "{common (d)tls transport params}" are: +--rw ip? inet:host +--rw port? inet:port-number +--rw client-fingerprint? x509c2n:tls-fingerprint +--rw server-fingerprint? x509c2n:tls-fingerprint +--rw server-identity? snmp:admin-string - It also augments the "/snmp/engine/listen" container with objects for - the D(TLS) transport endpoints: + It also augments the "/snmp/engine/listen/transport" choice with + objects for the D(TLS) transport endpoints: +--rw snmp +--rw engine ... - +--rw listen + +--rw listen* [name] ... - +--rw tls* [ip port] + +--rw (transport) + ... + +--:(tls) + | +--rw tls | +--rw ip inet:ip-address - | +--rw port inet:port-number - +--rw dtls* [ip port] + | +--rw port? inet:port-number + +--:(dtls) + +--rw dtls +--rw ip inet:ip-address - +--rw port inet:port-number + +--rw port? inet:port-number This submodule defines the feature "tlstm". A server implements this feature if it supports the Transport Layer Security (TLS) Transport Model (tlstm) [RFC6353]. 2.13. Secure Shell Transport Model Configuration The submodule "ietf-snmp-ssh", which defines configuration parameters that correspond to the objects in SNMP-SSH-TM-MIB, has the following structure: @@ -539,29 +547,35 @@ +--rw target* [name] ... +--rw (transport) ... +--:(ssh) +--rw ssh +--rw ip inet:host +--rw port? inet:port-number +--rw username? string - It also augments the "/snmp/engine/listen" container with objects for - the SSH transport endpoints: + It also augments the "/snmp/engine/listen/transport" choice with + objects for the SSH transport endpoints: +--rw snmp +--rw engine ... - +--rw listen + +--rw listen* [name] ... - +--rw ssh* [ip port] + +--rw (transport) + ... + +--:(ssh) + +--rw ssh + +--rw ip inet:host + +--rw port? inet:port-number + +--rw username? string This submodule defines the feature "sshtm". A server implements this feature if it supports the Secure Shell (SSH) Transport Model (sshtm) [RFC5592]. 3. Implementation Guidelines This section describes some challenges for implementations that support both the YANG models defined in this document, and either read-write or read-only SNMP access to the same data, using the @@ -701,21 +715,21 @@ // RFC Ed.: replace XXXX with actual RFC number and remove this // note. reference "RFC6353: Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)"; // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } typedef tls-fingerprint { type yang:hex-string { pattern '([0-9a-fA-F]){2}(:([0-9a-fA-F]){2}){0,254}'; @@ -930,51 +944,51 @@ file "ietf-snmp.yang" module ietf-snmp { namespace "urn:ietf:params:xml:ns:yang:ietf-snmp"; prefix snmp; // RFC Ed.: update the dates below with the date of RFC publication // and remove this note. include ietf-snmp-common { - revision-date 2014-02-09; + revision-date 2014-05-06; } include ietf-snmp-engine { - revision-date 2014-02-09; + revision-date 2014-05-06; } include ietf-snmp-target { - revision-date 2014-02-09; + revision-date 2014-05-06; } include ietf-snmp-notification { - revision-date 2014-02-09; + revision-date 2014-05-06; } include ietf-snmp-proxy { - revision-date 2014-02-09; + revision-date 2014-05-06; } include ietf-snmp-community { - revision-date 2014-02-09; + revision-date 2014-05-06; } include ietf-snmp-usm { - revision-date 2014-02-09; + revision-date 2014-05-06; } include ietf-snmp-tsm { - revision-date 2014-02-09; + revision-date 2014-05-06; } include ietf-snmp-vacm { - revision-date 2014-02-09; + revision-date 2014-05-06; } include ietf-snmp-tls { - revision-date 2014-02-09; + revision-date 2014-05-06; } include ietf-snmp-ssh { - revision-date 2014-02-09; + revision-date 2014-05-06; } organization "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; contact "WG Web: WG List: WG Chair: Thomas Nadeau @@ -1005,21 +1019,21 @@ This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; // RFC Ed.: replace XXXX with actual RFC number and remove this // note. // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } } @@ -1072,21 +1086,21 @@ This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; // RFC Ed.: replace XXXX with actual RFC number and remove this // note. // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } /* Collection of SNMP specific data types */ typedef admin-string { type string { @@ -1262,65 +1276,80 @@ (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; // RFC Ed.: replace XXXX with actual RFC number and remove this // note. // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } augment /snmp:snmp { container engine { description "Configuration of the SNMP engine."; leaf enabled { type boolean; default "false"; description "Enables the SNMP engine."; } - container listen { + list listen { + key "name"; description "Configuration of the transport endpoints on which the - engine listens. Submodules providing configuration for - additional transports are expected to augment this - container."; + engine listens."; - list udp { - key "ip port"; + leaf name { + type snmp:identifier; description - "A list of IPv4 and IPv6 addresses and ports to which the - engine listens."; + "An arbitrary name for the list entry."; + } + choice transport { + mandatory true; + description + "The transport protocol specific parameters for this + endpoint. Submodules providing configuration for + additional transports are expected to augment this + choice."; + case udp { + container udp { leaf ip { type inet:ip-address; + mandatory true; description "The IPv4 or IPv6 address on which the engine listens."; - } leaf port { type inet:port-number; description - "The UDP port on which the engine listens."; + "The UDP port on which the engine listens. + + If the port is not configured, an engine that + acts as a Command Responder uses port 161, and + an engine that acts as a Notification Receiver + uses port 162."; + } + } } } } container version { description "SNMP version used by the engine"; leaf v1 { type empty; } @@ -1412,21 +1442,21 @@ // RFC Ed.: replace XXXX with actual RFC number and remove this // note. reference "RFC3413: Simple Network Management Protocol (SNMP) Applications"; // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } augment /snmp:snmp { list target { key name; @@ -1591,21 +1624,21 @@ // RFC Ed.: replace XXXX with actual RFC number and remove this // note. reference "RFC3413: Simple Network Management Protocol (SNMP) Applications"; // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } feature notification-filter { description "A server implements this feature if it supports SNMP notification filtering."; @@ -1775,21 +1808,21 @@ // RFC Ed.: replace XXXX with actual RFC number and remove this // note. reference "RFC3413: Simple Network Management Protocol (SNMP) Applications"; // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } feature proxy { description "A server implements this feature if it can act as an SNMP Proxy"; @@ -1918,21 +1950,21 @@ // RFC Ed.: replace XXXX with actual RFC number and remove this // note. reference "RFC3584: Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework"; // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } augment /snmp:snmp { list community { key index; @@ -2125,21 +2159,21 @@ // RFC Ed.: replace XXXX with actual RFC number and remove this // note. reference "RFC3415: View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)"; // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } typedef view-name { type snmp:identifier; description "The view-name type represents an SNMP VACM view name."; @@ -2398,21 +2433,21 @@ // RFC Ed.: replace XXXX with actual RFC number and remove this // note. reference "RFC3414: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)."; // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } grouping key { leaf key { type yang:hex-string; mandatory true; @@ -2584,21 +2618,21 @@ // RFC Ed.: replace XXXX with actual RFC number and remove this // note. reference "RFC5591: Transport Security Model for the Simple Network Management Protocol (SNMP)"; // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } feature tsm { description "A server implements this feature if it supports the Transport Security Model for SNMP."; @@ -2716,74 +2750,88 @@ // RFC Ed.: replace XXXX with actual RFC number and remove this // note. reference "RFC6353: Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)"; // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } feature tlstm { description "A server implements this feature if it supports the Transport Layer Security Transport Model for SNMP."; reference "RFC6353: Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)"; } - augment /snmp:snmp/snmp:engine/snmp:listen { + augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport { if-feature tlstm; - list tls { - key "ip port"; + case tls { + container tls { description "A list of IPv4 and IPv6 addresses and ports to which the engine listens for SNMP messages over TLS."; leaf ip { type inet:ip-address; + mandatory true; description "The IPv4 or IPv6 address on which the engine listens for SNMP messages over TLS."; } leaf port { type inet:port-number; description "The TCP port on which the engine listens for SNMP - messages over TLS."; + messages over TLS. + + If the port is not configured, an engine that + acts as a Command Responder uses port 10161, and + an engine that acts as a Notification Receiver + uses port 10162."; } } - list dtls { - key "ip port"; + } + case dtls { + container dtls { description "A list of IPv4 and IPv6 addresses and ports to which the engine listens for SNMP messages over DTLS."; leaf ip { type inet:ip-address; + mandatory true; description "The IPv4 or IPv6 address on which the engine listens for SNMP messages over DTLS."; } leaf port { type inet:port-number; description - "The UDP port on which the engine listens for SNMP messages - over DTLS."; + "The UDP port on which the engine listens for SNMP + messages over DTLS. + + If the port is not configured, an engine that + acts as a Command Responder uses port 10161, and + an engine that acts as a Notification Receiver + uses port 10162."; + } } } } augment /snmp:snmp { if-feature tlstm; container tlstm { uses x509c2n:cert-to-name { description "Defines how certificates are mapped to names. The @@ -2911,59 +2957,65 @@ // RFC Ed.: replace XXXX with actual RFC number and remove this // note. reference "RFC5592: Secure Shell Transport Model for the Simple Network Management Protocol (SNMP)"; // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision 2014-02-09 { + revision 2014-05-06 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for SNMP Configuration"; } feature sshtm { description "A server implements this feature if it supports the Secure Shell Transport Model for SNMP."; reference "RFC5592: Secure Shell Transport Model for the Simple Network Management Protocol (SNMP)"; } - augment /snmp:snmp/snmp:engine/snmp:listen { + augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport { if-feature sshtm; - list ssh { - key "ip port"; + case ssh { + container ssh { description - "A list of IPv4 and IPv6 addresses and ports to which the + "The IPv4 or IPv6 address and port to which the engine listens for SNMP messages over SSH."; leaf ip { type inet:ip-address; + mandatory true; description "The IPv4 or IPv6 address on which the engine listens for SNMP messages over SSH."; } leaf port { type inet:port-number; description "The TCP port on which the engine listens for SNMP - messages over SSH."; + messages over SSH. + + If the port is not configured, an engine that + acts as a Command Responder uses port 5161, and + an engine that acts as a Notification Receiver + uses port 5162."; + } } } } - augment /snmp:snmp/snmp:target/snmp:transport { if-feature sshtm; case ssh { reference "SNMP-SSH-TM-MIB.snmpSSHDomain"; container ssh { leaf ip { type inet:host; mandatory true; reference "SNMP-TARGET-MIB.snmpTargetAddrTAddress SNMP-SSH-TM-MIB.SnmpSSHAddress"; @@ -3246,24 +3298,28 @@ A.1. Engine Configuration Example Below is an XML instance document showing a configuration of an SNMP engine listening on UDP port 161 on IPv4 and IPv6 endpoints and accepting SNMPv2c and SNMPv3 messages. true + all-ipv4-udp 0.0.0.0 161 + + + all-ipv6-udp :: 161 80:00:02:b8:04:61:62:63