Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[CSD] CSD does not use the custom configured SNMP community string

1

0

Article ID: KB34985 KB Last Updated: 26 Sep 2019Version: 1.0
Summary:

When a custom Simple Network Management Protocol (SNMP) community string (for example, Jun10pac31) is used in the Platform menu in the GUI as well as in Connectivity Services Director (CSD), CSD still uses the generic “public” as the SNMP community string as opposed to Jun10pac31. This causes authentication failures.

In this article, you understand what causes this problem and learn how to resolve it.

Symptoms:

When the following configuration is used in a device, for example:

test@DEVICE01> show configuration snmp
community Jun10pac31 {
    authorization read-only;
    clients {
        172.10.7.10/32;
    }
}
trap-options {
    source-address 10.61.10.10;
}

A tcpdump taken from the device will show the SNMP community string being used as “public.”

test@DEVICE01> show log messages | match commu    
Jun 17 03:41:20.164 2018  DEVICE01 snmpd[6443]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from 172.10.7.10 to 10.61.10.10 (public)

Cause:

This is a configuration issue at the device level since the community name should match the trap group name. In the above example, the trap group configuration is missing.

Solution:

To resolve the issue, correct the configuration at the devices level, as shown below:

test@DEVICE01> show configuration snmp 
community Jun10pac31 {
    authorization read-only;
    clients {
        172.10.7.10/32;
    }
}
trap-options {
    source-address 10.61.10.10;
}
trap-group Jun10pac31 {
    version v2;
    categories {
        authentication;
        chassis;
        link;
        routing;
        startup;
        rmon-alarm;
        configuration;
        services;
    }
    targets {
        172.10.7.10;
    }
}

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search