Knowledge Search


×
 

[J/SRX] How to permit SNMPv1 and SNMPv2c polling for an interface in a routing instance

  [KB13080] Show Article Properties


Summary:

This article explains how to configure a J/SRX device to allow SNMP polling of an interface that belongs in a non-default routing instance.

For SNMPv3, the configuration and polling method is different and is covered in KB27284 - How to pull SNMP v3 information from non-default routing-instance.

Symptoms:

What is the configuration required to perform an SNMPv1 or v2c poll to an interface that is part of a routing instance?

Solution:

To poll an interface that is part of the routing instance, refer to the following example configuration:

[edit]
root@B8_42# show interfaces 
ge-0/0/2 {
    unit 0 {
        family inet {
            address 172.19.46.70/24;
        }
    }
}

[edit]
root@B8_42# show routing-instances 
INTERNET {
    instance-type virtual-router;
    interface ge-0/0/2.0;
    routing-options {
        static {
            route 172.19.47.0/24 next-hop 172.19.46.1;
        }
    }
}


[edit snmp]
root@B8_42# show 
community public {
    authorization read-only;
    routing-instances INTERNET {         clients {
            172.19.47.2/32;
        }
    }
}
routing-instance-access; 

If the device is running in flow mode, then the SNMP protocol must be added under the [host-inbound-filter system-services] stanza in the appropriate security zone:

[edit security zones]
root@B8_42# show
security-zone INTERNET {
    interfaces {
        ge-0/0/2.0 {
            host-inbound-traffic {
                system-services {
                    ping;
                    snmp;
                }
            }
        }
    }
}


In the example, the ge-0/0/2 interface is part of the INTERNET routing instance. The SNMP server should be reachable from the interface that is being polled. To access MIB objects and perform SNMP operations for the routing instances, SNMPv1 and v2c clients must encode the routing-instance name in the community string in their SNMP requests.

As per the above example, the community string for SNMPv1 and v2c requests should look like this:

INTERNET@public


To access MIB objects and perform SNMP operations on default routing instance via an interface on routing instance, the community string for SNMPv1 and v2c requests should be defined as "default@public" in the snmp server.

Otherwise, if the community that is used in SNMP requests does not specify the routing-instance name (just the community string public), no MIB objects specific to the routing instance will be read/written.

Note: If the device is running in high availability (HA) mode and configured to send SNMP packets from an interface belonging to a custom routing instance, snmp routing-instance-access and snmp community <community-name> routing-instance <routing-instance-name> must be configured. 

For SNMPv3, the configuration and polling method is different and is covered in KB27284 - How to pull SNMP v3 information from non-default routing-instance.

Modification History:

2018-12-10: Added a sentence in the solution to clarify accessing MIB objects and performing SNMP operations on default routing instance via an interface on routing instance.

Related Links: