Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What is the minimum configuration required for SNMP V3 on EX Switches?

0

0

Article ID: KB16611 KB Last Updated: 24 Feb 2010Version: 1.0
Summary:
This article provides the minimum configuration required on EX Switches for SNMP (Simple Network Management Protocol) version 3 (V3)
Symptoms:
Unable to authenticate using SNMP V3 configuration on EX Switches.
Solution:
Simple Network Management Protocol (SNMP) is used to fetch software and hardware information from network devices. The SNMP agent running on a networking device will send traps to an SNMP management station whenever a request is made from the SNMP management station.

In contrast to SNMP version 1 (SNMP V1), and SNMP version 2 (SNMP V2), SNMP version 3 (SNMPv3) supports authentication and encryption. SNMPv3 uses the user-based security model (USM) for message security and the view-based access control model (VACM) for access control. USM specifies authentication and encryption. VACM specifies access-control rules.

EX Switches support the following authentication methods:

1. SHA
2. MD5

EX Switches support the following encryptions methods:

1. DES
2. 3DES
3. AES128

The following configuration is used to create a user for authentication under SNMP V3 configuration

set snmp v3 usm local-engine user <name of the user> authentication-<method of authentication> authentication-password <password>

NOTE:  "authentication-password" in the above command will automatically create "authentication-key" for the user when the configuration is committed. There is no need to specify authentication-key in the command.

You can also specify the encryption method to carry messages by doing the following:

set snmp v3 usm local-engine user <name of the user> privacy-<encryption method> privacy-key <name of the key>

The following is an example of the minimum configuration required for SNMP V3 operation on the EX Switch:


set snmp view <name of the view> oid <value of OID>
set snmp v3 usm local-engine user <name of the user> authentication-<method> authentication-password <alpha numeric password>
set snmp v3 usm local-engine user <name of the user> privacy-<method> privacy-password <alpha numerica password>
set snmp v3 vacm access group <name of the group> default-context-prefix security-model usm security-level <level> read-view <same name of the view above>
set snmp v3 vacm security-to-group security-model usm security-name nsmuser group <name of the group as specified above>
commit

You can quickly verify the SNMP V3 configuration on EX Switches by sending an SNMP query from any Linux OS as follows:

snmpwalk -v3 -u <user name> -l authPriv -a <authentication-method> -A <authentication password> -x <method of encryption> -X <encryption key> <ip address of the Ex switch> <OID value>






Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search