Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] How to pull SNMPv3 information from non-default routing-instance

0

0

Article ID: KB27284 KB Last Updated: 27 Feb 2020Version: 4.0
Summary:

This article provides a solution on how to poll information from a SNMPv3 server which is located in a non-default routing-instance.

Solution:

Topology:

DUT(RI:test1)--------SNMP server

  • DUT (router) is connecting to the SNMP server via a routing-instance named test.
  • SNMPv3 is configured on the DUT.
  • SNMP server is using snmpwalk -v3 command to poll information from the DUT.

In addition to the normal SNMPv3 configuration,, another context-prefix in [snmp v3 access group] hierarchy must be added:

access {
    group snmpgroup {
        context-prefix test1 { >>> set context-prefix to RI’s name
            security-model usm {
                security-level authentication {
                    read-view allmibs;
                }
            }
        }
    }
}

Example - SNMP server polling command:

When polling from the SNMPv3 server, the add -n option must be added.with the context of routing-instance's name:

snmpwalk -v3 -u nnmsnmpuser -l AuthNoPriv -a MD5 -A site1 -n test1 15.15.15.1 system


Example - Full Configuration and Output:

SNMPv3 Router configuration:

[edit]
test1@router-re0# show snmp
v3 {
    usm {
        local-engine {
            user nnmsnmpuser {
                authentication-md5 {
                    authentication-key "$ABC123"; ## SECRET-DATA
                }
            }
        }
    }
    vacm {
        security-to-group {
            security-model usm {
                security-name nnmsnmpuser {
                    group snmpgroup;
                }
            }
        }
        access {
            group snmpgroup {
                context-prefix test1 {  
                    security-model usm {
                        security-level authentication {
                            read-view allmibs;
                        }
                    }
                }
            }
        }
    }
}
engine-id {
    use-default-ip-address;
}
view allmibs {
    oid .1.3.6.1 include;
}
routing-instance-access;


Example - SNMP server polling command:

user$ snmpwalk -v3 -u nnmsnmpuser -l AuthNoPriv -a MD5 -A herndon1 -n test1 15.15.15.1 system

SNMPv2-MIB::sysDescr.0 = STRING: Juniper Networks, Inc. mx480 internet router, kernel JUNOS 11.4R2.14 #0: 2012-03-17 16:57:48 UTC user@host1.example.com:/volume/build/junos/11.4/release/11.4R2.14/obj-i386/bsd/kernels/JUNIPER/kernel Build date: 2012-03-17 18:22:46 UTC Copyright
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.2636.1.1.1.2.25
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (26109399) 3 days, 0:31:33.99
SNMPv2-MIB::sysContact.0 = STRING:
SNMPv2-MIB::sysName.0 = STRING: test1@router-re0
SNMPv2-MIB::sysLocation.0 = STRING:
SNMPv2-MIB::sysServices.0 = INTEGER: 6


 
Modification History:
2019-04-13: Fixed formatting.
2020-02-26: minor non-technical edits.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search