This article explains how to configure a J/SRX device to allow SNMP polling of an interface that is part of a non-default routing instance or a logical system.
For SNMPv3, the configuration and polling method is different and is covered in KB27284 - How to pull SNMP v3 information from non-default routing-instance.
What is the configuration required to perform an SNMPv1 or v2c poll on an interface that is part of a routing instance or logical system?
To poll an interface that is part of a routing instance, refer to the following example configuration:
[edit]
root@B8_42# show interfaces
ge-0/0/2 {
unit 0 {
family inet {
address 172.19.46.70/24;
}
}
}
[edit]
root@B8_42# show routing-instances
INTERNET {
instance-type virtual-router;
interface ge-0/0/2.0;
routing-options {
static {
route 172.19.47.0/24 next-hop 172.19.46.1;
}
}
}
[edit snmp]
root@B8_42# show
community public {
authorization read-only;
routing-instances INTERNET {
clients {
172.19.47.2/32;
}
}
}
routing-instance-access;
To poll an interface that is part of a logical system, refer to the following example configuration:
community public {
logical-system test {
routing-instance default; << This will depend on whether you configure the interface within a routing-instance in the logical system.
}
}
routing-instance-access
If the device is running in flow mode, then the SNMP protocol must be added under the [host-inbound-filter system-services]
stanza in the appropriate security zone:
[edit security zones]
root@B8_42# show
security-zone INTERNET {
interfaces {
ge-0/0/2.0 {
host-inbound-traffic {
system-services {
ping;
snmp;
}
}
}
}
}
In the example, the ge-0/0/2 interface is part of the INTERNET
routing instance. The SNMP server should be reachable from the interface that is being polled. To access MIB objects and perform SNMP operations for the routing instances, the SNMPv1 and v2c clients must encode the routing-instance name in the community string in their SNMP requests.
In the above example, the community string for SNMPv1 and v2c requests should look like the following:
INTERNET@public
To access MIB objects and perform SNMP operations on a default routing instance via an interface that is part of a routing instance, the community string for SNMPv1 and v2c requests should be defined as default@public
in the SNMP server.
The same applies for an interface that is configured within a logical system, wherein the community will be similar to the following:
Logical-systemname/routing-instance name@community
For example: test/default@public
>>> I used default since it is the default table for the logical system. The same is explained above.
If the community that is used in SNMP requests does not specify the routing-instance name (just the community string public
), no MIB objects specific to the routing instance will be read/written.
Note: If the device is running in high availability (HA) mode and configured to send SNMP packets from an interface belonging to a custom routing instance, snmp routing-instance-access
and snmp community <community-name> routing-instance <routing-instance-name>
must be configured.
For SNMPv3, the configuration and polling method is different and is covered in KB27284 - How to pull SNMP v3 information from non-default routing-instance.