Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[J/SRX/Junos] How to permit SNMPv1 and SNMPv2c polling for an interface in a routing instance/logical system

0

0

Article ID: KB13080 KB Last Updated: 10 Jun 2020Version: 10.0
Summary:

This article explains how to configure a J/SRX device to allow SNMP polling of an interface that is part of a non-default routing instance or a logical system.

For SNMPv3, the configuration and polling method is different and is covered in KB27284 - How to pull SNMP v3 information from non-default routing-instance.

 

Symptoms:

What is the configuration required to perform an SNMPv1 or v2c poll on an interface that is part of a routing instance or logical system?

 

Solution:

To poll an interface that is part of a routing instance, refer to the following example configuration:

[edit]
root@B8_42# show interfaces 
ge-0/0/2 {
    unit 0 {
        family inet {
            address 172.19.46.70/24;
        }
    }
}

[edit]
root@B8_42# show routing-instances 
INTERNET {
    instance-type virtual-router;
    interface ge-0/0/2.0;
    routing-options {
        static {
            route 172.19.47.0/24 next-hop 172.19.46.1;
        }
    }
}


[edit snmp]
root@B8_42# show 
community public {
    authorization read-only;
    routing-instances INTERNET {         clients {
            172.19.47.2/32;
        }
    }
}
routing-instance-access; 

To poll an interface that is part of a logical system, refer to the following example configuration:

community public  {
    logical-system test {
        routing-instance default; << This will depend on whether you configure the interface within a routing-instance in the logical system.
    }
}
routing-instance-access

If the device is running in flow mode, then the SNMP protocol must be added under the [host-inbound-filter system-services] stanza in the appropriate security zone:

[edit security zones]
root@B8_42# show
security-zone INTERNET {
    interfaces {
        ge-0/0/2.0 {
            host-inbound-traffic {
                system-services {
                    ping;
                    snmp;
                }
            }
        }
    }
}

In the example, the ge-0/0/2 interface is part of the INTERNET routing instance. The SNMP server should be reachable from the interface that is being polled. To access MIB objects and perform SNMP operations for the routing instances, the SNMPv1 and v2c clients must encode the routing-instance name in the community string in their SNMP requests.

In the above example, the community string for SNMPv1 and v2c requests should look like the following:

INTERNET@public

To access MIB objects and perform SNMP operations on a default routing instance via an interface that is part of a routing instance, the community string for SNMPv1 and v2c requests should be defined as default@public in the SNMP server.

The same applies for an interface that is configured within a logical system, wherein the community will be similar to the following:

Logical-systemname/routing-instance name@community

For example: test/default@public  >>> I used default since it is the default table for the logical system. The same is explained above.

If the community that is used in SNMP requests does not specify the routing-instance name (just the community string public), no MIB objects specific to the routing instance will be read/written.

Note: If the device is running in high availability (HA) mode and configured to send SNMP packets from an interface belonging to a custom routing instance, snmp routing-instance-access and snmp community <community-name> routing-instance <routing-instance-name> must be configured.

For SNMPv3, the configuration and polling method is different and is covered in KB27284 - How to pull SNMP v3 information from non-default routing-instance.

 

Modification History:
  • 2020-06-10: Added information about polling interfaces in a logical system

  • 2018-12-10: Added a sentence in the solution to clarify accessing MIB objects and performing SNMP operations on default routing instance via an interface on routing instance

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search