Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure SNMP in Junos OS

Configure SNMP

You can implement SNMP in the Junos OS Software running on the QFX Series and OCX Series products. By default, SNMP is not enabled. To enable SNMP, you must include the SNMP configuration statements at the [edit] hierarchy level.

To configure the minimum requirements for SNMP, include community public statement at the [edit  snmp] hierarchy level.

To configure complete SNMP features, see snmp.

Configuration Statements at the [edit snmp] Hierarchy Level

This topic shows all configuration statements at the [edit snmp] hierarchy level and their level in the configuration hierarchy. When you are configuring Junos OS, your current hierarchy level is shown in the banner on the line preceding the user@host# prompt.

Note:

Starting from Junos OS and Junos OS Evolved Release 22.2R1, the packet-size option is enabled in the CLI under [edit snmp] hierarchy.

Configure Basic Settings for SNMP

The following sections contain information about basic SNMP configuration and a few examples of configuring the basic SNMP operations on devices running Junos OS:

Configure Basic Settings for SNMPv1 and SNMPv2

You cannot enable SNMP on devices running Junos OS by default. To enable SNMP on devices running Junos OS, include the community public statement at the [edit  snmp] hierarchy level.

Enabling SNMPv1 and SNMPv2 Get and GetNext Operations

A community that is defined as public grants access to all MIB data to any client.

To enable SNMPv1 and SNMPv2 Set operations on the device, you must include the following statements at the [edit snmp] hierarchy level:

Enabling SNMPv1 and SNMPv2 Set Operations

The following example shows the basic minimum configuration for SNMPv1 and SNMPv2 traps on a device:

Configuring SNMPv1 and SNMPv2 Traps

Configure Basic Settings for SNMPv3

The following example shows the minimum SNMPv3 configuration for enabling Get, GetNext, and Set operations on a device (note that the configuration has authentication set to md5 and privacy to none):

Enabling SNMPv3 Get, GetNext, and Set Operations

The following example shows the basic configuration for SNMPv3 informs on a device (the configuration has authentication and privacy settings to none):

Configuring SNMPv3 Informs

You can convert the SNMPv3 informs to traps by setting the value of the type statement at the [edit snmp v3 notify N1_all_tl1_informs] hierarchy level to trap as shown in the following example:

Converting Informs to Traps

Configure SNMP Details

You can use SNMP to store basic administrative details, such as a contact name and the location of the device. Your management system can then retrieve this information remotely when you are troubleshooting an issue or performing an audit. In SNMP terminology, these are the sysName, sysContact, sysDescription, and sysLocation objects found within the system group of MIB-2 (as defined in RFC 1213, Management Information Base for Network Management of TCP/IP-based internets: MIB-II). You can set initial values directly in the Junos OS configuration for each system being managed by SNMP.

Note:

For the devices that are managed by SNMP, always keep the name, location, contact, and description information configured and updated.

To set the SNMP details:

  1. Configure a system name.
    Set the system name details by including the name statement at the [edit snmp] hierarchy level.

    For example:

  2. Configure a system contact.
    Set the system contact details by including the contact statement at the [edit snmp] hierarchy level, or in an appropriate configuration group as shown here.

    This administrative contact is placed into the MIB II sysContact object.

    If the name contains spaces, enclose it in quotation marks (" ").

    For example:

  3. Configure a system description.

    This string is placed into the MIB II sysDescription object. If the description contains spaces, enclose it in quotation marks (" ").

    For example:

  4. Configure a system location.

    This string is placed into the MIB II sysLocation object. If the location contains spaces, enclose it in quotation marks (" ").

    To specify the system location:

    For example:

  5. Commit the configuration.
  6. To verify the configuration, enter the show snmp mib walk system operational-mode command.

    The show snmp mib walk system command performs a MIB walk through of the system table (from MIB-2 as defined in RFC 1213). The SNMP agent in Junos OS responds by printing each row in the table and its associated value. You can use the same command to perform a MIB walk through any part of the MIB tree supported by the agent.

Configure the Commit Delay Timer

When a router or switch first receives an SNMP nonvolatile Set request, a Junos OS XML protocol session opens and prevents other users or applications from changing the candidate configuration (equivalent to the command-line interface [CLI] configure exclusive command). If the router receives new SNMP Set requests while the candidate configuration is being committed, the SNMP Set request is rejected and an error is generated. If the router receives new SNMP Set requests before 5 seconds have elapsed, the commit-delay timer (the length of time between when the last SNMP request is received and the commit is requested) resets to 5 seconds.

By default, the timer is set to 5 seconds. To configure the timer for the SNMP Set reply and start of the commit, include the commit-delay statement at the [edit snmp nonvolatile] hierarchy level:

seconds is the length of the time between when the SNMP request is received and the commit is requested for the candidate configuration. For more information about the configure exclusive command and locking the configuration, see the Junos OS CLI User Guide .

Configure SNMP on a Device Running Junos OS

By default, SNMP is disabled on devices running Junos OS. To enable SNMP on a router or switch, you must include the SNMP configuration statements at the [edit snmp] hierarchy level.

To configure the minimum requirements for SNMP, include community public statement at the [edit  snmp] hierarchy level.

The community defined here as public grants read access to all MIB data to any client.

To configure complete SNMP features, include the following statements at the [edit snmp] hierarchy level:

Example: Configure SNMP on the QFabric System

By default, SNMP is disabled on devices running Junos OS. This example describes the steps for configuring SNMP on the QFabric system.

Requirements

This example uses the following hardware and software components:

  • Junos OS Release 12.2

  • Network management system (NMS) (running the SNMP manager)

  • QFabric system (running the SNMP agent) with multiple Node devices

Overview

You must enable SNMP on your device by including configuration statements at the [edit snmp] hierarchy level. At a minimum, you must configure the community public statement. The community defined as public grants read-only access to MIB data to any client.

If no clients statement is configured, all clients are allowed. We recommend that you always include the restrict option to limit SNMP client access to the switch.

Topology

The network topology in this example includes an NMS, a QFabric system with four Node devices, and external SNMP servers that are configured for receiving traps.

Configuration

Procedure

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide .

To configure SNMP on the QFabric system:

Note:

If the name, description, location, contact, or community name contains spaces, enclose the text in quotation marks (" ").

  1. Configure the SNMP system name:

    Note:

    You can access the above configured SNMP system name:

    • By doing a query with the SNMPGet on policy object identifier (OID) sysName.0.

    • From the generic jnxSyslogTrap. To send the jnxSyslogTrap, configure the trap events at [edit event-options policy] hierarchy.

  2. Specify a description.

    This string is placed into the MIB II sysDescription object.

  3. Specify the physical location of the QFabric system.

    This string is placed into the MIB II sysLocation object.

  4. Specify an administrative contact for the SNMP system.

    This name is placed into the MIB II sysContact object.

  5. Specify a unique SNMP community name and the read-only authorization level.

    Note:

    The read-write option is not supported on the QFabric system.

  6. Create a client list with a set of IP addresses that can use the SNMP community.

  7. Specify IP addresses of clients that are restricted from using the community.

  8. Configure a trap group, destination port, and a target to receive the SNMP traps in the trap group.

    Note:

    You do not need to include the destination-port statement if you use the default port 162.

    The trap group qf-traps is configured to send traps to 192.168.0.100.

Results

From configuration mode, confirm your configuration by entering the show command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.