Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SRX Getting Started - Configure SNMP Agent

0

0

Article ID: KB16545 KB Last Updated: 24 Jun 2020Version: 7.0
Summary:

This article describes how to configure an SRX Series device as an SNMP agent and how to verify and troubleshoot your configuration.            

For other topics, go to the SRX Getting Started main page.

Solution:

This section contains the following:

 

J-Web Configuration

The following example configures an SRX Series device as an SNMP agent, which allows the device to be managed using SNMP:

  1. Select Configure>Services>SNMP.
  2. In the System Location box, type lab.
  3. In the Contact Information box, type labguy@juniper.net.
  4. Under Communities, click Add. The Add an SNMP community window appears.
  5. In the Community Name box, type public.
  6. In the Authorization list, select read-write.
  7. Click OK.
  8. Click Apply.
  9. Select Configure>Security>Zones.
  10. Select the security zone named trust. The Edit Security Zone: trust window appears.
  11. In the Interfaces Configuration list, click the ge-0/0/0.0 interface, and click Edit.
  12. For Host Inbound Traffic, under System Services, click Allow All or Allow Selected Services.
  13. If you selected Allow Selected Services, select snmp, and click Add
    1. Select http, and click Add
    2. Select https, and click Add
  14. Important: Make sure you added http and/or https; otherwise, you will lose J-Web connectivity to the SRX Series device.
  15. Click OK.
  16. Click Apply.
  17. Make sure that you have added http or https in step 13, and then select Commit.
     

CLI Configuration

The following example configures an SRX Series device as an SNMP agent, which allows the device to be managed using SNMP:

  1. Set the system identification and community.

    Note: This example does not use every option available for SNMP configuration. For information about additional SNMP configuration options, see Technical Documentation.

    user@host# set snmp location lab
    user@host# set snmp contact "labguy@juniper.net"
  2. One or more communities must be configured to authorize network management system access to the SRX Series device. Each community has a community name, an authorization, which determines the kind of access the network management system has to the device, and, when applicable, a list of valid clients that can access the device.

    user@host# set snmp community public authorization read-write
  3. Enable SNMP access on an interface.

    user@host# set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services snmp
  4. (Optional) Restrict SNMP access to certain sources.

    user@host# set snmp community public clients 172.26.0.0/16
    user@host#
    set snmp community public clients 0.0.0.0/0 restrict

For SNMPv3 configuration, refer to KB22048 - How to configure SNMPv3 on SRX.

 

SNMP Monitoring

The following are examples of querying an SRX Series device using SNMP.

Example 1

This example shows how to walk the jnxMibs MIB on the SRX Series device from a remote host using snmpwalk:

MIB walk on the SRX (OID for the jnxMibs is 1.3.6.4.1.2636.3):                 

root@SRX3600> show snmp mib walk jnxMibs
OR
root@SRX240> show snmp mib walk 1.3.6.1.4.1.2636.3
jnxBoxClass.0 = jnxProductLineSRX240.0
jnxBoxDescr.0 = Juniper SRX240-poe Internet Router
jnxBoxSerialNo.0 = AH2709AA0096
jnxBoxRevision.0
jnxBoxInstalled.0 = 14339200
jnxContainersIndex.1 = 1
jnxContainersIndex.4 = 4
jnxContainersIndex.7 = 7
jnxContainersIndex.8 = 8
jnxContainersIndex.9 = 9
jnxContainersView.1 = 1
jnxContainersView.4 = 2
jnxContainersView.7 = 1
jnxContainersView.8 = 1
jnxContainersView.9 = 1
jnxContainersLevel.1 = 0
jnxContainersLevel.4 = 1
jnxContainersLevel.7 = 1
jnxContainersLevel.8 = 2
jnxContainersLevel.9 = 1
jnxContainersWithin.1 = 0
jnxContainersWithin.4 = 1
jnxContainersWithin.7 = 1
jnxContainersWithin.8 = 7
jnxContainersWithin.9 = 1
<snip>

snmpwalk of the SRX Series device from remote host: (srx240hostname resolves to the interface IP address used for snmp polling in the following example)

[root@Svr3]# snmpwalk -v 2c -Ob -c public srx240hostname 1.3.6.1.4.1.2636.3

SNMPv2-SMI::enterprises.2636.3.1.1.0 = OID: SNMPv2-SMI::enterprises.2636.1.1.1.1.39.0
SNMPv2-SMI::enterprises.2636.3.1.2.0 = STRING: "Juniper SRX240-poe Internet Router"
SNMPv2-SMI::enterprises.2636.3.1.3.0 = STRING: "AH2709AA0096"
SNMPv2-SMI::enterprises.2636.3.1.4.0 = ""
SNMPv2-SMI::enterprises.2636.3.1.5.0 = Timeticks: (14329200) 1 day, 15:48:12.00
SNMPv2-SMI::enterprises.2636.3.1.6.1.1.1 = INTEGER: 1
SNMPv2-SMI::enterprises.2636.3.1.6.1.1.4 = INTEGER: 4
SNMPv2-SMI::enterprises.2636.3.1.6.1.1.7 = INTEGER: 7
SNMPv2-SMI::enterprises.2636.3.1.6.1.1.8 = INTEGER: 8
SNMPv2-SMI::enterprises.2636.3.1.6.1.1.9 = INTEGER: 9
SNMPv2-SMI::enterprises.2636.3.1.6.1.2.1 = INTEGER: 1
SNMPv2-SMI::enterprises.2636.3.1.6.1.2.4 = INTEGER: 2
SNMPv2-SMI::enterprises.2636.3.1.6.1.2.7 = INTEGER: 1
SNMPv2-SMI::enterprises.2636.3.1.6.1.2.8 = INTEGER: 1
SNMPv2-SMI::enterprises.2636.3.1.6.1.2.9 = INTEGER: 1
SNMPv2-SMI::enterprises.2636.3.1.6.1.3.1 = INTEGER: 0
SNMPv2-SMI::enterprises.2636.3.1.6.1.3.4 = INTEGER: 1
SNMPv2-SMI::enterprises.2636.3.1.6.1.3.7 = INTEGER: 1
SNMPv2-SMI::enterprises.2636.3.1.6.1.3.8 = INTEGER: 2
SNMPv2-SMI::enterprises.2636.3.1.6.1.3.9 = INTEGER: 1
SNMPv2-SMI::enterprises.2636.3.1.6.1.4.1 = INTEGER: 0
SNMPv2-SMI::enterprises.2636.3.1.6.1.4.4 = INTEGER: 1
SNMPv2-SMI::enterprises.2636.3.1.6.1.4.7 = INTEGER: 1
SNMPv2-SMI::enterprises.2636.3.1.6.1.4.8 = INTEGER: 7
SNMPv2-SMI::enterprises.2636.3.1.6.1.4.9 = INTEGER: 1
<snip>
 

Example 2

This example shows how to walk the jnxMibs MIB from the SRX Series device.

root@SRX240> show snmp mib walk jnxOperatingDescr
jnxOperatingDescr.1.1.0.0 = midplane
jnxOperatingDescr.4.1.0.0 = SRX240 PowerSupply fan 1
jnxOperatingDescr.4.2.0.0 = SRX240 PowerSupply fan 2
jnxOperatingDescr.4.3.0.0 = SRX240 CPU fan 1
jnxOperatingDescr.4.4.0.0 = SRX240 CPU fan 2
jnxOperatingDescr.7.1.0.0 = FPC: FPC @ 0/*/*
jnxOperatingDescr.8.1.1.0 = PIC: 16x GE Base PIC @ 0/0/*
jnxOperatingDescr.9.1.0.0 = Routing Engine
jnxOperatingDescr.9.1.1.0 = USB Hub

 

Juniper MIBs

The following links provide information about interpreting the Juniper MIBs. The SNMP OID for Juniper is 1.3.6.1.4.1.2636.

Technical Documentation

SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices

 

Verification

To verify the SNMP configuration, use the following operational commands:

  • show configuration snmp
  • show snmp statistics

For more information about verifying SNMP configuration, see Verifying SNMP Configuration.

Modification History:
2020-06-18: Article reviewed for accuracy.  Added SNMP MIB Explorer reference from pathfinder.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search