Saturday, 30 May 2020

SNMPv2c and SNMPv3 Polling and Traps Configuration in Juniper


SNMPv2c
community: snmpcomm123
management IP address: 192.168.10.100
SNMP Polling Server: 192.168.20.199
SNMP Trap Server: 192.168.20.200

Configuration:
set snmp name JUNIPER-SNMP
set snmp description "Juniper SNMP"
set snmp location Datacentre
set snmp community snmp routing-instance mgmt_junos
set snmp community snmpcomm123  clients 192.168.10.100/32


Traps Configuration:
set snmp trap-options source-address 192.168.10.100
set snmp trap-options agent-address outgoing-interface
set snmp trap-group JUNOS_GROUP version v2
set snmp trap-group JUNOS_GROUP destination-port 162
set snmp trap-group JUNOS_GROUP categories authentication
set snmp trap-group JUNOS_GROUP categories chassis
set snmp trap-group JUNOS_GROUP categories link
set snmp trap-group JUNOS_GROUP categories remote-operations
set snmp trap-group JUNOS_GROUP categories routing
set snmp trap-group JUNOS_GROUP categories startup
set snmp trap-group JUNOS_GROUP categories rmon-alarm
set snmp trap-group JUNOS_GROUP categories configuration
set snmp trap-group JUNOS_GROUP targets 192.168.20.200
set snmp trap-group JUNOS_GROUP routing-instance mgmt_junos
set snmp routing-instance-access


Verify:
snmpwalk -M /usr/local/snmp/mibs -v2c -c snmpcomm123 192.168.10.100:161 sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Juniper SNMP

SNMPv3
user: snmpuser
Security Level: Authpriv with SHA authentication and AES 128bit Privacy
management IP address: 192.168.10.100
AuthPass: authpass123!
PrivPass: privpass123!
View Name: ALLVIEW
Grou Name: SNMPGROUP
SNMP Polling Server: 192.168.20.199
SNMP Trap Server: 192.168.20.200

Important config:
set groups SNMPv3-GROUP snmp v3 usm local-engine user snmpuser authentication-sha authentication-key authpass123!
set groups SNMPv3-GROUP snmp v3 usm local-engine user snmpuser privacy-aes128 privacy-key


Full config (auth and privacy key output will be encrypted)
set groups SNMPv3-GROUP snmp location CHANGI
set groups SNMPv3-GROUP snmp stats-cache-lifetime 30
set groups SNMPv3-GROUP snmp filter-duplicates
set groups SNMPv3-GROUP snmp v3 usm local-engine user snmpuser authentication-sha authentication-key "$9$safsafasflvLx7sApORESreKxNwYgJUjbw4ZGUHkTz39CuSreghdhddghAtOF3vWXxdVqmPQ/C0BIcgh"
set groups SNMPv3-GROUP snmp v3 usm local-engine user snmpuser privacy-aes128 privacy-key "$9$Hk342df3d.mTGUtu0BEhdbwg4ZiHmzF/wYoGDjq.1REcevXxdsgoRhyKv34343t3i5QF6/tTQxz"
set groups SNMPv3-GROUP snmp v3 vacm security-to-group security-model usm security-name snmpuser group SNMPGROUP
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP default-context-prefix security-model any security-level privacy read-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP default-context-prefix security-model any security-level privacy write-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP default-context-prefix security-model any security-level privacy notify-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP context-prefix CEN security-model any security-level privacy read-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP context-prefix CEN security-model any security-level privacy write-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP context-prefix CEN security-model any security-level privacy notify-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 target-address SNMPGROUP tag-list SNMPGROUP-TAG
set groups SNMPv3-GROUP snmp v3 target-address SNMPGROUP address-mask 255.255.255.255
set groups SNMPv3-GROUP snmp v3 target-address SNMPGROUP routing-instance mgmt_junos
set groups SNMPv3-GROUP snmp v3 target-address SNMPGROUP target-parameters SNMPGROUP-parameters
set groups SNMPv3-GROUP snmp v3 target-parameters SNMPGROUP-parameters parameters message-processing-model v3
set groups SNMPv3-GROUP snmp v3 target-parameters SNMPGROUP-parameters parameters security-model usm
set groups SNMPv3-GROUP snmp v3 target-parameters SNMPGROUP-parameters parameters security-level privacy
set groups SNMPv3-GROUP snmp v3 target-parameters SNMPGROUP-parameters parameters security-name SNMPGROUP
set groups SNMPv3-GROUP snmp v3 notify SNMPGROUP type inform
set groups SNMPv3-GROUP snmp v3 notify SNMPGROUP tag SNMPGROUP-TAG
set groups SNMPv3-GROUP snmp engine-id local snmpuser
set groups SNMPv3-GROUP snmp view ALLVIEW oid .1.3.6.1 include
set groups SNMPv3-GROUP routing-instances mgmt_junos description SNMP-Management
set apply-groups SNMPv3-GROUP


Optional:
Firewall Configuration (to protect RE)
set firewall family inet filter FIREWALL term SNMP-ALLOW from source-prefix-list SNMP-PREFIXES
set firewall family inet filter FIREWALL term SNMP-ALLOW from protocol udp
set firewall family inet filter FIREWALL term SNMP-ALLOW from destination-port snmp
set firewall family inet filter FIREWALL term SNMP-ALLOW then count SNMP-ALLOW
set firewall family inet filter FIREWALL term SNMP-ALLOW then accept

set policy-options prefix-list SNMP-PREFIXES 192.168.20.199/32



Here's the Cisco version for SNMPv2c and SNMPv3 configuration --> SNMP Configuration in Cisco IOS-XR

1 comment:

  1. hi thanks for the configuration , can i know how to do snmpwalk from spectrum which is using routing instance, do we need to specify routing instance name .

    ReplyDelete