++ My Network Bio ++: SNMPv2c and SNMPv3 Polling and Traps Configuration in Juniper

SNMPv2c

community: snmpcomm123

management IP address: 192.168.10.100

SNMP Polling Server: 192.168.20.199

SNMP Trap Server: 192.168.20.200

Configuration:

set snmp name JUNIPER-SNMP
set snmp description "Juniper SNMP"
set snmp location Datacentre
set snmp community snmp routing-instance mgmt_junos
set snmp community snmpcomm123 clients 192.168.10.100/32

Traps Configuration:

set snmp trap-options source-address 192.168.10.100
set snmp trap-options agent-address outgoing-interface
set snmp trap-group JUNOS_GROUP version v2
set snmp trap-group JUNOS_GROUP destination-port 162
set snmp trap-group JUNOS_GROUP categories authentication
set snmp trap-group JUNOS_GROUP categories chassis
set snmp trap-group JUNOS_GROUP categories link
set snmp trap-group JUNOS_GROUP categories remote-operations
set snmp trap-group JUNOS_GROUP categories routing
set snmp trap-group JUNOS_GROUP categories startup
set snmp trap-group JUNOS_GROUP categories rmon-alarm
set snmp trap-group JUNOS_GROUP categories configuration
set snmp trap-group JUNOS_GROUP targets 192.168.20.200
set snmp trap-group JUNOS_GROUP routing-instance mgmt_junos
set snmp routing-instance-access

Verify:
snmpwalk -M /usr/local/snmp/mibs -v2c -c snmpcomm123 192.168.10.100:161 sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Juniper SNMP

SNMPv3

user: snmpuser

Security Level: Authpriv with SHA authentication and AES 128bit Privacy

management IP address: 192.168.10.100

AuthPass: authpass123!

PrivPass: privpass123!

View Name: ALLVIEW

Grou Name: SNMPGROUP

SNMP Polling Server: 192.168.20.199

SNMP Trap Server: 192.168.20.200

Important config:

set groups SNMPv3-GROUP snmp v3 usm local-engine user snmpuser authentication-sha authentication-key authpass123!
set groups SNMPv3-GROUP snmp v3 usm local-engine user snmpuser privacy-aes128 privacy-key

Full config (auth and privacy key output will be encrypted)

set groups SNMPv3-GROUP snmp location CHANGI
set groups SNMPv3-GROUP snmp stats-cache-lifetime 30
set groups SNMPv3-GROUP snmp filter-duplicates
set groups SNMPv3-GROUP snmp v3 usm local-engine user snmpuser authentication-sha authentication-key "$9$safsafasflvLx7sApORESreKxNwYgJUjbw4ZGUHkTz39CuSreghdhddghAtOF3vWXxdVqmPQ/C0BIcgh"
set groups SNMPv3-GROUP snmp v3 usm local-engine user snmpuser privacy-aes128 privacy-key "$9$Hk342df3d.mTGUtu0BEhdbwg4ZiHmzF/wYoGDjq.1REcevXxdsgoRhyKv34343t3i5QF6/tTQxz"
set groups SNMPv3-GROUP snmp v3 vacm security-to-group security-model usm security-name snmpuser group SNMPGROUP
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP default-context-prefix security-model any security-level privacy read-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP default-context-prefix security-model any security-level privacy write-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP default-context-prefix security-model any security-level privacy notify-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP context-prefix CEN security-model any security-level privacy read-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP context-prefix CEN security-model any security-level privacy write-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP context-prefix CEN security-model any security-level privacy notify-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 target-address SNMPGROUP tag-list SNMPGROUP-TAG
set groups SNMPv3-GROUP snmp v3 target-address SNMPGROUP address-mask 255.255.255.255
set groups SNMPv3-GROUP snmp v3 target-address SNMPGROUP routing-instance mgmt_junos
set groups SNMPv3-GROUP snmp v3 target-address SNMPGROUP target-parameters SNMPGROUP-parameters
set groups SNMPv3-GROUP snmp v3 target-parameters SNMPGROUP-parameters parameters message-processing-model v3
set groups SNMPv3-GROUP snmp v3 target-parameters SNMPGROUP-parameters parameters security-model usm
set groups SNMPv3-GROUP snmp v3 target-parameters SNMPGROUP-parameters parameters security-level privacy
set groups SNMPv3-GROUP snmp v3 target-parameters SNMPGROUP-parameters parameters security-name SNMPGROUP
set groups SNMPv3-GROUP snmp v3 notify SNMPGROUP type inform
set groups SNMPv3-GROUP snmp v3 notify SNMPGROUP tag SNMPGROUP-TAG
set groups SNMPv3-GROUP snmp engine-id local snmpuser
set groups SNMPv3-GROUP snmp view ALLVIEW oid .1.3.6.1 include
set groups SNMPv3-GROUP routing-instances mgmt_junos description SNMP-Management
set apply-groups SNMPv3-GROUP

Optional:

Firewall Configuration (to protect RE)
set firewall family inet filter FIREWALL term SNMP-ALLOW from source-prefix-list SNMP-PREFIXES
set firewall family inet filter FIREWALL term SNMP-ALLOW from protocol udp
set firewall family inet filter FIREWALL term SNMP-ALLOW from destination-port snmp
set firewall family inet filter FIREWALL term SNMP-ALLOW then count SNMP-ALLOW
set firewall family inet filter FIREWALL term SNMP-ALLOW then accept

set policy-options prefix-list SNMP-PREFIXES 192.168.20.199/32

Here's the Cisco version for SNMPv2c and SNMPv3 configuration --> SNMP Configuration in Cisco IOS-XR

++ My Network Bio ++

Saturday 30 May 2020

SNMPv2c and SNMPv3 Polling and Traps Configuration in Juniper

1 comment:

Report Abuse

Network Peering

Total Show Run