This article explains why an SNMP configuration may not work after an older version of Junos (pre 9.0) is upgraded.

When an older version of Junos (pre 9.0) is upgraded, SNMP polling may fail even though it was working before the upgrade. Along with that, the following message may be seen in the logs:

snmpd[1551]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from x.x.x.x to x.x.x.x

This problem is typically a configuration issue: the community string is not formatted properly.

In the SNMP configuration, the routing-instance name is required under the community stanza and routing-instance-access. In order to access MIB objects and perform SNMP operations for the routing-instances, SNMP v1 and v2c clients must encode the routing-instance name in the community string in their SNMP requests.

The format is:

routing-instance name@community string

The examples below show an incorrect and a correct community string.

Incorrect Community String

community "Nam3" { <----- Incorrect Community String
    authorization read-write;
    routing-instances TEST { ## Warning: 'routing-instances' is deprecated
        clients {
            0.0.0.0/0;
        }
     }
  }

This configuration will cause SNMP polling to fail and generate the log message referenced above.

Correct Community String

The proper configuration is:

community "TEST@Nam3" { <----- Correct Community String
    authorization read-write;
    routing-instances TEST { ## Warning: 'routing-instances' is deprecated
        clients {
            0.0.0.0/0;
        }
    }
}