SNMPv2c and SNMPv3 Polling and Traps Configuration in Juniper

SNMPv2c
community: snmpcomm123
management IP address: 192.168.10.100
SNMP Polling Server: 192.168.20.199
SNMP Trap Server: 192.168.20.200
Configuration:
set snmp name JUNIPER-SNMP
set snmp description “Juniper SNMP”
set snmp location Datacentre
set snmp community snmp routing-instance mgmt_junos
set snmp community snmpcomm123  clients 192.168.10.100/32
Traps Configuration:
set snmp trap-options source-address 192.168.10.100
set snmp trap-options agent-address outgoing-interface
set snmp trap-group JUNOS_GROUP version v2
set snmp trap-group JUNOS_GROUP destination-port 162
set snmp trap-group JUNOS_GROUP categories authentication
set snmp trap-group JUNOS_GROUP categories chassis
set snmp trap-group JUNOS_GROUP categories link
set snmp trap-group JUNOS_GROUP categories remote-operations
set snmp trap-group JUNOS_GROUP categories routing
set snmp trap-group JUNOS_GROUP categories startup
set snmp trap-group JUNOS_GROUP categories rmon-alarm
set snmp trap-group JUNOS_GROUP categories configuration
set snmp trap-group JUNOS_GROUP targets 192.168.20.200
set snmp trap-group JUNOS_GROUP routing-instance mgmt_junos
set snmp routing-instance-access
Verify:
snmpwalk -M /usr/local/snmp/mibs -v2c -c snmpcomm123 192.168.10.100:161 sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Juniper SNMP
SNMPv3
user: snmpuser
Security Level: Authpriv with SHA authentication and AES 128bit Privacy
management IP address: 192.168.10.100
AuthPass: authpass123!
PrivPass: privpass123!
View Name: ALLVIEW
Grou Name: SNMPGROUP
SNMP Polling Server: 192.168.20.199
SNMP Trap Server: 192.168.20.200
Important config:
set groups SNMPv3-GROUP snmp v3 usm local-engine user snmpuser authentication-sha authentication-key authpass123!
set groups SNMPv3-GROUP snmp v3 usm local-engine user snmpuser privacy-aes128 privacy-key
Full config (auth and privacy key output will be encrypted)
set groups SNMPv3-GROUP snmp location CHANGI
set groups SNMPv3-GROUP snmp stats-cache-lifetime 30
set groups SNMPv3-GROUP snmp filter-duplicates
set groups SNMPv3-GROUP snmp v3 usm local-engine user snmpuser authentication-sha authentication-key “$9$safsafasflvLx7sApORESreKxNwYgJUjbw4ZGUHkTz39CuSreghdhddghAtOF3vWXxdVqmPQ/C0BIcgh”
set groups SNMPv3-GROUP snmp v3 usm local-engine user snmpuser privacy-aes128 privacy-key “$9$Hk342df3d.mTGUtu0BEhdbwg4ZiHmzF/wYoGDjq.1REcevXxdsgoRhyKv34343t3i5QF6/tTQxz”
set groups SNMPv3-GROUP snmp v3 vacm security-to-group security-model usm security-name snmpuser group SNMPGROUP
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP default-context-prefix security-model any security-level privacy read-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP default-context-prefix security-model any security-level privacy write-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP default-context-prefix security-model any security-level privacy notify-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP context-prefix CEN security-model any security-level privacy read-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP context-prefix CEN security-model any security-level privacy write-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 vacm access group SNMPGROUP context-prefix CEN security-model any security-level privacy notify-view ALLVIEW
set groups SNMPv3-GROUP snmp v3 target-address SNMPGROUP tag-list SNMPGROUP-TAG
set groups SNMPv3-GROUP snmp v3 target-address SNMPGROUP address-mask 255.255.255.255
set groups SNMPv3-GROUP snmp v3 target-address SNMPGROUP routing-instance mgmt_junos
set groups SNMPv3-GROUP snmp v3 target-address SNMPGROUP target-parameters SNMPGROUP-parameters
set groups SNMPv3-GROUP snmp v3 target-parameters SNMPGROUP-parameters parameters message-processing-model v3
set groups SNMPv3-GROUP snmp v3 target-parameters SNMPGROUP-parameters parameters security-model usm
set groups SNMPv3-GROUP snmp v3 target-parameters SNMPGROUP-parameters parameters security-level privacy
set groups SNMPv3-GROUP snmp v3 target-parameters SNMPGROUP-parameters parameters security-name SNMPGROUP
set groups SNMPv3-GROUP snmp v3 notify SNMPGROUP type inform
set groups SNMPv3-GROUP snmp v3 notify SNMPGROUP tag SNMPGROUP-TAG
set groups SNMPv3-GROUP snmp engine-id local snmpuser
set groups SNMPv3-GROUP snmp view ALLVIEW oid .1.3.6.1 include
set groups SNMPv3-GROUP routing-instances mgmt_junos description SNMP-Management
set apply-groups SNMPv3-GROUP
Optional:
Firewall Configuration (to protect RE)
set firewall family inet filter FIREWALL term SNMP-ALLOW from source-prefix-list SNMP-PREFIXES
set firewall family inet filter FIREWALL term SNMP-ALLOW from protocol udp
set firewall family inet filter FIREWALL term SNMP-ALLOW from destination-port snmp
set firewall family inet filter FIREWALL term SNMP-ALLOW then count SNMP-ALLOW
set firewall family inet filter FIREWALL term SNMP-ALLOW then accept
set policy-options prefix-list SNMP-PREFIXES 192.168.20.199/32
Here’s the Cisco version for SNMPv2c and SNMPv3 configuration –> SNMPv2c and SNMPv3 Polling and Traps Configuration in Cisco (IOS-XR)

One Comment

  1. […] /usr/bin/snmpwalk -M /usr/local/snmp/mibs -v2c -c snmpcomm123 192.168.10.100:161 sysDescr.0 SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS XR Software (Cisco ASR9K Series),  Version 6.2.3[Default] Copyright (c) 2018 by Cisco Systems, Inc. SNMPv3 user: snmpuser Security Level: Authpriv with SHA authentication and AES 128bit Privacy management IP address: 192.168.10.100 AuthPass: authpass123! PrivPass: privpass123! View Name: ALLVIEW Username: Group Name: SNMPGROUP SNMP Polling Server: 192.168.20.199 SNMP Trap Server: 192.168.20.200 SNMPv3 Polling Configuration:   ipv4 access-list SNMP-ALLOW  10 permit ipv4 host 192.168.20.199 any snmp-server view ALLVIEW 1.3 included snmp-server group SNMPGROUP  v3 priv notify ALLVIEW read ALLVIEW IPv4 SNMP-ALLOW snmp-server user SNMPUSER SNMPGROUP v3 auth sha authpass123! priv aes 128 privpass123! IPv4 SNMP-ALLOW SNMPv3 Traps Configuration: snmp-server host 192.168.20.200 traps version 3 priv SNMPUSER Additional Tip: (Manual trigger of SNMP traps) #snmp test trap interface link-down #snmp test trap interface link-up Here’s the Juniper version for SNMPv2c and SNMPv3 configuration –> SNMP Configuration in Juniper […]

Leave a Reply