Compliance Testing is done on v2c Agents for checking whether the agent is compliant with v2c standards and on v3 Agents to check whether v3 Agents are compliant with v3 standards.
SNMPv2 Compliance Groups
For the agent to be compliant with v2c standards, certain objects have to be implemented in the agent. To explain in detail, an SNMPv2c Agent does a lot of processing, such as authentication, processing requests, sending notifications, etc. as defined in the standards. You may encounter errors when doing the above functions. In such a case, the management stations require the details of the errors. They might also need some common (standard) information, such as sysName, sysUpTime, sysObjectId, etc. from the agents to define uniform management.
The above information is provided to the agent from the following groups:
SNMP Group Counters
SNMP Community Group.
The SNMP Agent Tester checks if these objects are properly implemented.
SNMP Group Counters (Compliant with v1 Standards)
SNMP Group Counters are defined in SNMPv2 MIB to count the number of packets received in each category, such as valid PDU, invalid PDU, bad authentication, GET, GET-NEXT, SET, etc. of an SNMP entity. The SNMP Agent Tester checks if the agent has implemented these counters as per the RFC1213 MIB specification.
System Group Support
The SNMP Agent Tester checks if the agent has implemented the system group of SNMPv2 MIB. This group is a collection of objects common to all managed systems. The objects that are defined in this group are as follows:
sysDescr: Description of the managed node.
sysObjectID: Object identifier of the node.
sysUpTime: Time (in hundredth of a second) since the network management portion of the system was reinitialized.
sysContact: Contact person of the managed node.
sysName: Name of the managed node.
sysLocation: Physical location of the node.
sysServices: Value that indicates the set of services offered by this node.
sysORLastChange: The value of sysUpTime at the time of the most recent change in state or value of any instance of sysORID.
SNMP SET Group Support
The SNMP Agent Tester checks if the agent has implemented the SnmpSet Group of the SNMPV2 MIB. The objects defined in this group provide a locking mechanism for the managers for providing SNMP SET requests. The object defined in this group is snmpSetSerialNo.
SNMPv3 Compliance Groups
Some of the object implementations tested for SNMPv3 Compliance are
RFC 2571 - SNMP Framework MIB supporting snmpEngineID, snmpEngineBoots, snmpEngineTime, andsnmpEngineMaxMessageSize of 'SnmpEngineGroup'.
RFC 2572 - SNMP Message Processing and Dispatching (MPD) MIB supporting snmpUnknownSecrityModels, snmpInvalidMsgs, andsnmpUnknownPDUHandlers of 'SnmpMPDStats group'.
RFC 2573 - SNMP Target MIB and SNMP Notification MIB supporting snmpTargetSpinLock, snmpUnavailableContexts, andsnmpUnknownContexts of 'SnmpTarget Objects Group'. The 'Snmp Target Tables' and 'Snmp Notify Tables' are implemented for notification filtering and coexistence support.
RFC 2574 - SNMP User-based Security Model (USM) MIB supporting usmStatsUnsupportedSecLevels, usmStatsNotInTimeWindows, usmStatsUnknownUserNames, usmStatsUnknownEngineIDs, usmStatsWrongDigests, usmStatsDecryptionErrors of 'USMStats Group', and USM User Tables implemented for 'User-based Security Model'.
RFC 2575 - SNMP View-based Access Control Model (VACM) MIB supporting 'VACM Tables' implemented for View-based Access Control Model.
RFC 2576 - SNMP Coexistence between Version 1, Version 2, and Version 3 MIB supporting 'Snmp Community Tables' for Coexistence support.
Steps Involved in Compliance Validation
Compliance Validation involves the following steps:
Create a project.
Provide the agent information.
Expand the Compliance project tree node and select V2_COMPLIANCE. Select the SNMPv2 Compliance groups.
For validating V3 Compliance, you should have specified a user name in V3 Security. To add user name, click V3Security node and click Add. Click the V3 Compliance node and choose the user from the combo box. Select the SNMPv3 Compliance groups.
Right-click the Compliance node and select Compliance Validation to perform both V2 and V3 Compliance validation. You can also validate V2 and V3 Compliance validation separately by right-clicking the respective node and selecting Validation.
Viewing the Validation Reports
The result of the validation can be viewed by clicking the V2_COMPLIANCE or V3_COMPLIANCE node and then selecting the Report Viewer tab. You have the following options to view the report:
You can view the reports based on the result status by selecting the required option from the Select a view combo box.
You van view the details of a specific test case by selecting a row from the report. You can view the SNMP PDU Dump by clicking the Decode button from the test case summary report.
You have an option to view the graphical representation of the reports by clicking the bar graph or pie chart icon.
The report summary and the summary of the failed test cases are displayed at the bottom of the report viewer based on the node selected in the project tree.
You can also generate HTML reports of the performed validation.
Clearing the Validation Reports
To clear the validation reports, select Compliance node from the project tree and then select Reports --> Clear Reports --> Clear Compliance Reports from the menu bar.