Configuring SNMP on Devices Running Junos OS

The following sections contain information about basic SNMP configuration and a few examples on configuring the basic SNMP operations on devices running Junos OS:

Configuring Basic Settings for SNMP Version 1 and 2

By default, SNMP is not enabled on devices running Junos OS. To enable SNMP on devices running Junos OS, include the community public statement at the [edit  snmp] hierarchy level.

Enabling SNMP Version 1 and 2 Get and GetNext Operations

[edit]snmp {community public;}

A community defined as public grants access to all MIB data to any client.

To enable SNMP version 1 and 2 Set operations on the device, you must include the following statements at the [edit snmp] hierarchy level:

Enabling SNMP Version 1 and 2 Set Operations

[edit snmp]view all {oid .1;}community private {view all;authorization read-write;}

The following example shows the basic minimum configuration for SNMP version 1 and 2 traps on a device:

Configuring SNMP Version 1 and 2 Traps

[edit snmp]trap-group jnpr {targets {192.168.69.179;}}

Configuring Basic Settings for SNMPv3

The following example shows the minimum SNMPv3 configuration for enabling Get, GetNext, and Set operations on a device (note that the following configuration has authentication set to MD5 and privacy to none):

Enabling SNMPv3 Get, GetNext, and Set Operations

[edit snmp]v3 {usm {local-engine {user jnpruser {authentication-md5 {authentication-key "$9$guaDiQFnAuOQzevMWx7ikqP"; ## SECRET-DATA}privacy-none;}}}vacm {security-to-group {security-model usm {security-name jnpruser {group grpnm;}}}access {group grpnm {default-context-prefix {security-model any {security-level authentication {read-view all;write-view all;}}}}}}}view all {oid .1;}

The following example shows the basic configuration for SNMPv3 informs on a device (the following example has authentication and privacy set to none):

Configuring SNMPv3 Informs

[edit snmp]v3 {usm {remote-engine 00000063000100a2c0a845b3 {user RU2_v3_sha_none {authentication-none;privacy-none;}}}vacm {security-to-group {security-model usm {security-name RU2_v3_sha_none {group g1_usm_auth;}}}access {group g1_usm_auth {default-context-prefix {security-model usm {security-level authentication {read-view all;write-view all;notify-view all;}}}}}}target-address TA2_v3_sha_none {address 192.168.69.179;tag-list tl1;address-mask 255.255.252.0;target-parameters TP2_v3_sha_none;}target-parameters TP2_v3_sha_none {parameters {message-processing-model v3;security-model usm;security-level none;security-name RU2_v3_sha_none;}notify-filter nf1;}notify N1_all_tl1_informs {type inform; # Replace inform with trap to convert informs to traps.tag tl1;}notify-filter nf1 {oid .1 include;}}view all {oid .1 include;}

You can convert the SNMPv3 informs to traps by setting the value of the type statement at the [edit snmp v3 notify N1_all_tl1_informs] hierarchy level to trap as shown in the following example:

Converting Informs to Traps

user@host# set snmp v3 notify N1_all_tl1_informs type trap

Configuring System Name, Location, Description, and Contact Information

The Junos OS enables you to include the location of the system, administrative contact information, and a brief description of the system in the SNMP configuration. Always ensure that you keep the name, location, contact, and description information configured and updated for all your devices that are managed by SNMP.

The following example shows a typical system location, description, and contact information configuration:

Tip: Use quotation marks to enclose the system name, contact, location, and description information that contain spaces.

[edit]snmp {name “snmp 001”; # Overrides the system name.contact “Juniper Berry, (650) 555 1234”; # Specifies the name and phone number of the administrator.location “row 11, rack C”; # Specifies the location of the device.description “M40 router with 8 FPCs” # Configures a description for the device.}

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.