Knowledge Center Search


 

SRX Getting Started - Configure SNMP Agent

  [KB16545] Show KB Properties

  [KB16545] Hide KB Properties

Categories:
Knowledge Base ID: KB16545
Last Updated: 03 Jun 2014
Version: 6.0

Summary:

This article describes how to configure an SRX Series device as an SNMP agent and how to verify and troubleshoot your configuration.            

For other topics, go to the SRX Getting Started main page.

Problem or Goal:

Configure SNMP.

Cause:

Solution:

This section contains the following:

 

J-Web Configuration

The following example configures an SRX Series device as an SNMP agent, which allows the device to be managed using SNMP:

  1. Select Configure>Services>SNMP.
  2. In the System Location box, type lab.
  3. In the Contact Information box, type labguy@juniper.net.
  4. Under Communities, click Add. The Add an SNMP community window appears.
  5. In the Community Name box, type public.
  6. In the Authorization list, select read-write.
  7. Click OK.
  8. Click Apply.
  9. Select Configure>Security>Zones.
  10. Select the security zone named trust. The Edit Security Zone: trust window appears.
  11. In the Interfaces Configuration list, click the ge-0/0/0.0 interface, and click Edit.
  12. For Host Inbound Traffic, under System Services, click Allow All or Allow Selected Services.
  13. If you selected Allow Selected Services, select snmp, and click Add
    1. Select http, and click Add
    2. Select https, and click Add
  14. Important: Make sure you added http and/or https; otherwise, you will lose J-Web connectivity to the SRX Series device.
  15. Click OK.
  16. Click Apply.
  17. Make sure that you have added http or https in step 13, and then select Commit.

 

CLI Configuration

The following example configures an SRX Series device as an SNMP agent, which allows the device to be managed using SNMP:

  1. Set the system identification and community.

  2. Note: This example does not use every option available for SNMP configuration. For information about additional SNMP configuration options, see Technical Documentation.

    user@host# set snmp location lab
    user@host#
    set snmp contact "labguy@juniper.net"

  3. One or more communities must be configured to authorize network management system access to the SRX Series device. Each community has a community name, an authorization, which determines the kind of access the network management system has to the device, and, when applicable, a list of valid clients that can access the device.

  4. user@host# set snmp community public authorization read-write

  5. Enable SNMP access on an interface.

  6. user@host# set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services snmp


  7. (Optional) Restrict SNMP access to certain sources.
  8. user@host# set snmp community public clients 172.26.0.0/16
    user@host#
    set snmp community public clients 0.0.0.0/0 restrict

For SNMPv3 configuration, refer to KB22048 - How to configure SNMPv3 on SRX.


SNMP Monitoring

The following are examples of querying an SRX Series device using SNMP.

Example 1

This example shows how to walk the jnxMibs MIB on the SRX Series device from a remote host using snmpwalk:

  • MIB walk on the SRX (OID for the jnxMibs is 1.3.6.4.1.2636.3):                 

    root@SRX3600> show snmp mib walk jnxMibs
    or
    root@SRX240> show snmp mib walk 1.3.6.1.4.1.2636.3

    jnxBoxClass.0 = jnxProductLineSRX240.0
    jnxBoxDescr.0 = Juniper SRX240-poe Internet Router
    jnxBoxSerialNo.0 = AH2709AA0096
    jnxBoxRevision.0
    jnxBoxInstalled.0 = 14339200
    jnxContainersIndex.1 = 1
    jnxContainersIndex.4 = 4
    jnxContainersIndex.7 = 7
    jnxContainersIndex.8 = 8
    jnxContainersIndex.9 = 9
    jnxContainersView.1 = 1
    jnxContainersView.4 = 2
    jnxContainersView.7 = 1
    jnxContainersView.8 = 1
    jnxContainersView.9 = 1
    jnxContainersLevel.1 = 0
    jnxContainersLevel.4 = 1
    jnxContainersLevel.7 = 1
    jnxContainersLevel.8 = 2
    jnxContainersLevel.9 = 1
    jnxContainersWithin.1 = 0
    jnxContainersWithin.4 = 1
    jnxContainersWithin.7 = 1
    jnxContainersWithin.8 = 7
    jnxContainersWithin.9 = 1
    <snip>
  • snmpwalk of the SRX Series device from remote host: (srx240hostname resolves to the interface IP address used for snmp polling in the following example)

  • [root@Svr3]# snmpwalk -v 2c -Ob -c public srx240hostname 1.3.6.1.4.1.2636.3

    SNMPv2-SMI::enterprises.2636.3.1.1.0 = OID: SNMPv2-SMI::enterprises.2636.1.1.1.1.39.0
    SNMPv2-SMI::enterprises.2636.3.1.2.0 = STRING: "Juniper SRX240-poe Internet Router"
    SNMPv2-SMI::enterprises.2636.3.1.3.0 = STRING: "AH2709AA0096"
    SNMPv2-SMI::enterprises.2636.3.1.4.0 = ""
    SNMPv2-SMI::enterprises.2636.3.1.5.0 = Timeticks: (14329200) 1 day, 15:48:12.00
    SNMPv2-SMI::enterprises.2636.3.1.6.1.1.1 = INTEGER: 1
    SNMPv2-SMI::enterprises.2636.3.1.6.1.1.4 = INTEGER: 4
    SNMPv2-SMI::enterprises.2636.3.1.6.1.1.7 = INTEGER: 7
    SNMPv2-SMI::enterprises.2636.3.1.6.1.1.8 = INTEGER: 8
    SNMPv2-SMI::enterprises.2636.3.1.6.1.1.9 = INTEGER: 9
    SNMPv2-SMI::enterprises.2636.3.1.6.1.2.1 = INTEGER: 1
    SNMPv2-SMI::enterprises.2636.3.1.6.1.2.4 = INTEGER: 2
    SNMPv2-SMI::enterprises.2636.3.1.6.1.2.7 = INTEGER: 1
    SNMPv2-SMI::enterprises.2636.3.1.6.1.2.8 = INTEGER: 1
    SNMPv2-SMI::enterprises.2636.3.1.6.1.2.9 = INTEGER: 1
    SNMPv2-SMI::enterprises.2636.3.1.6.1.3.1 = INTEGER: 0
    SNMPv2-SMI::enterprises.2636.3.1.6.1.3.4 = INTEGER: 1
    SNMPv2-SMI::enterprises.2636.3.1.6.1.3.7 = INTEGER: 1
    SNMPv2-SMI::enterprises.2636.3.1.6.1.3.8 = INTEGER: 2
    SNMPv2-SMI::enterprises.2636.3.1.6.1.3.9 = INTEGER: 1
    SNMPv2-SMI::enterprises.2636.3.1.6.1.4.1 = INTEGER: 0
    SNMPv2-SMI::enterprises.2636.3.1.6.1.4.4 = INTEGER: 1
    SNMPv2-SMI::enterprises.2636.3.1.6.1.4.7 = INTEGER: 1
    SNMPv2-SMI::enterprises.2636.3.1.6.1.4.8 = INTEGER: 7
    SNMPv2-SMI::enterprises.2636.3.1.6.1.4.9 = INTEGER: 1
    <snip>

Example 2

This example shows how to walk the jnxMibs MIB from the SRX Series device.

root@SRX240> show snmp mib walk jnxOperatingDescr
jnxOperatingDescr.1.1.0.0 = midplane
jnxOperatingDescr.4.1.0.0 = SRX240 PowerSupply fan 1
jnxOperatingDescr.4.2.0.0 = SRX240 PowerSupply fan 2
jnxOperatingDescr.4.3.0.0 = SRX240 CPU fan 1
jnxOperatingDescr.4.4.0.0 = SRX240 CPU fan 2
jnxOperatingDescr.7.1.0.0 = FPC: FPC @ 0/*/*
jnxOperatingDescr.8.1.1.0 = PIC: 16x GE Base PIC @ 0/0/*
jnxOperatingDescr.9.1.0.0 = Routing Engine
jnxOperatingDescr.9.1.1.0 = USB Hub


Juniper MIBs

The following links provide information about interpreting the Juniper MIBs. The SNMP OID for Juniper is 1.3.6.1.4.1.2636.


Technical Documentation

SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices

 

Verification

To verify the SNMP configuration, use the following operational commands:

  • show configuration snmp
  • show snmp statistics

For more information about verifying SNMP configuration, see Verifying SNMP Configuration.

Purpose:
Configuration

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.