Configuring SNMP with a Configuration Editor

To configure SNMP on a services router, you must perform the following tasks marked (Required). For information about using the J-Web and CLI configuration editors, see User Interface Overview.

Defining System Identification Information (Required)

Basic system identification information for a services router can be configured with SNMP and stored in various MIBs. This information can be accessed through SNMP requests and either queried or reset. Table 31 identifies types of basic system identification and the MIB object into which each type is stored.

Table 31: System Identification Information and Corresponding MIB Objects

System Information

MIB

Contact

sysContact

System location

sysLocation

System description

sysDescr

System name override

sysName

To configure basic system identification for SNMP:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. To configure basic system information using SNMP, perform the configuration tasks described in Table 32.
  3. If you are finished configuring the network, commit the configuration.
  4. To check the configuration, see Verifying the SNMP Configuration.

Table 32: Configuring Basic System Identification

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the SNMP level in the configuration hierarchy.

  1. In the J-Web interface, select CLI Tools>Point and Click CLI.
  2. Next to Snmp, click Configure or Edit.

From the [edit] hierarchy level, enter

edit snmp

Configure the system contact information (such as a name and phone number).

In the Contact box, type the contact information as a free-form text string.

Set the contact information:

set contact “contact-information

Configure the system location information (such as a lab name and a rack name).

In the Location box, type the location information as a free-form text string.

Set the location information:

set location “location-information

Configure the system description (J4350 with 4 PIMs, for example).

In the Description box, type the description information as a free-form text string.

Set the description information:

set description “description-information

Configure a system name to override the system hostname defined in the Getting Started Guide for your device.

In the System Name box, type the system name as a free-form text string.

Set the system name:

set name name

Configure the local engine ID to use the MAC address of Ethernet management port 0 as the engine ID suffix.

  1. Select Engine id.
  2. In the Engine id choice box, select Use mac address from the list.
  3. Click OK.

Set the engine ID to use the MAC address:

set engine-id use-mac-address

Configuring SNMP Agents and Communities (Required)

To configure the SNMP agent, you must enable and authorize the network management system access to the services router, by configuring one or more communities. Each community has a community name, an authorization, which determines the kind of access the network management system has to the device, and, when applicable, a list of valid clients that can access the device.

To configure SNMP communities:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. To configure SNMP communities, perform the configuration tasks described in Table 33.
  3. If you are finished configuring the network, commit the configuration.
  4. To check the configuration, see Verifying the SNMP Configuration.

Table 33: Configuring SNMP Agents and Communities

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the SNMP level in the configuration hierarchy.

  1. In the J-Web interface, select CLI Tools>Point and Click CLI.
  2. Next to Snmp, click Configure or Edit.

From the [edit] hierarchy level, enter

edit snmp

Create and name a community.

  1. Next to Community, click Add new entry.
  2. In the Community box, type the name of the community as a free-form text string.

Create a community:

set community community-name

Grant read-write access to the community.

In the Authorization box, select read-write from the list.

Set the authorization to read-write:

set community community-name authorization read-write

Allow community access to a client at a particular IP address—for example, at IP address 10.10.10.10.

  1. Next to Clients, click Add new entry.
  2. In the Prefix box, type the IP address, in dotted decimal notation.
  3. Click OK.

Configure client access for the IP address 10.10.10.10:

set community community-name clients 10.10.10.10

Allow community access to a group of clients—for example, all addresses within the 10.10.10.0/24 prefix, except those within the 10.10.10.10/29 prefix.

  1. Next to Clients, click Add new entry.
  2. In the Prefix box, type the IP address prefix 10.10.10.0/24, and click OK.
  3. Next to Clients, click Add new entry.
  4. In the Prefix box, type the IP address prefix 10.10.10.10/29.
  5. Select the Restrict check box.
  6. Click OK.
  1. Configure client access for the IP address 10.10.10.0/24:

    set community community-name clients 10.10.10.0/24

  2. Configure client access to restrict the IP addresses 10.10.10.10/29:

    set community community-name clients 10.10.10.10/29 restrict

Managing SNMP Trap Groups (Required)

SNMP traps are unsolicited notifications that are generated by conditions on the services router. When events trigger a trap, a notification is sent to the configured clients for that particular trap group. To manage a trap group, you must create the group, specify the types of traps that are included in the group, and define one or more targets to receive the trap notifications.

To configure SNMP trap groups:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. To configure SNMP trap groups, perform the configuration tasks described in Table 34.
  3. If you are finished configuring the network, commit the configuration.
  4. To check the configuration, see Verifying the SNMP Configuration.

Table 34: Configuring SNMP Trap Groups

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the SNMP level in the configuration hierarchy.

  1. In the J-Web interface, select CLI Tools>Point and Click CLI.
  2. Next to Snmp, click Configure or Edit.

From the [edit] hierarchy level, enter

edit snmp

Create a trap group.

  1. Next to Trap group, click Add new entry.
  2. In the Group name box, type the name of the group as a free-form text string.

Create a community:

set trap-group trap-group-name

Configure the trap group to send all trap notifications to a target IP address—for example, to the IP address 192.174.6.6.

  1. Next to Targets, click Add new entry.
  2. In the Target box, type the IP address 192.174.6.6, and click OK.

Set the trap-group target to 192.174.6.6:

set trap-group trap-group-name targets 192.174.6.6

Configure the trap group to generate SNMP notifications on authentication failures, environment alarms, and changes in link state for any of the interfaces.

  1. Click Categories.
  2. Select the Authentication, Chassis, and Link check boxes.
  3. Click OK.

Configure the trap group categories:

set trap-group trap-group-name categories authentication chassis link

Controlling Access to MIBs (Optional)

By default, an SNMP community is granted access to all MIBs. To control the MIBs to which a particular community has access, configure SNMP views that include the MIBs you want to explicitly grant or deny access to.

To configure SNMP views:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. To configure SNMP views, perform the configuration tasks described in Table 35.
  3. If you are finished configuring the network, commit the configuration.
  4. To check the configuration, see Verifying the SNMP Configuration.

Table 35: Configuring SNMP Views

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the SNMP level in the configuration hierarchy.

  1. In the J-Web interface, select CLI Tools>Point and Click CLI.
  2. Next to Snmp, click Configure or Edit.

From the [edit] hierarchy level, enter

edit snmp

Create a view.

  1. Next to View, click Add new entry.
  2. In the Name box, type the name of the view as a free-form text string.

Create a view:

set view view-name

Configure the view to include a MIB—for example, pingMIB.

  1. Next to Oid, click Add new entry.
  2. In the Name box, type the OID of the pingMIB, in either dotted integer or subtree name format.
  3. In the View action box, select include from the list, and click OK.

Set the pingMIB OID value and mark it for inclusion:

set view view-name oid 1.3.6.1.2.1.80 include

Configure the view to exclude a MIB—for example, jnxPingMIB.

  1. Next to Oid, click Add new entry.
  2. In the Name box, type the OID of the jnxPingMIB, in either dotted integer or subtree name format.
  3. In the View action box, select exclude from the list, and click OK twice.

Set the jnxPingMIB OID value and mark it for exclusion:

set view view-name oid jnxPingMIB exclude

Associate the view with a community.

  1. On the Snmp page, under Community, click the name of the community to which you want to apply the view.
  2. In the View box, type the view name.
  3. Click OK.

Set the community view:

set community community-name view view-name

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.