Configure SNMP in Junos OS
Configure SNMP
You can implement SNMP in the Junos OS Software running on devices. By default, SNMP is
not enabled. To enable SNMP, you must include the SNMP configuration statements at the
[edit] hierarchy level.
To configure the minimum requirements for SNMP, include community public
statement at the [edit snmp] hierarchy level.
To configure complete SNMP features, see snmp.
Configuration Statements at the [edit snmp] Hierarchy Level
This topic shows all configuration statements at the [edit snmp]
hierarchy level and their level in the configuration hierarchy. When you are
configuring Junos OS, your current hierarchy level is shown in the banner on the
line preceding the user@host# prompt.
[edit] snmp { alarm-management { alarm-list-name list-name { alarm-id id { alarm-state state { description alarm-description; notification-id notification-id-of-alarm; resource-prefix alarm-resource-prefix; varbind-index varbind-index-in-alarm-varbind-list; varbind-subtree alarm-varbind-subtree; varbind-value alarm-varbind-value; } } } } client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address <restrict>; } logical-system logical-system-name { routing-instance routing-instance-name; clients { address <restrict>; } } routing-instance routing-instance-name { clients { address <restrict>; } } view view-name; } contact contact; description description; engine-id { (local engine-id | use-default-ip-address | use-mac-address); } filter-duplicates; interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } {rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type (get-next-request | get-request | walk-request); rising-event-index index; rising-threshold integer; sample-type type; startup-alarm alarm; syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; memory-trace; no-remote-trace; no-default-memory-trace; } trap-group group-name { categories { category; } destination-port port-number; routing-instance instance; logical-system logical-system-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; enterprise-oid; logical-system logical-system-name { routing-instance routing-instance-name { source-address address; } } routing-instance routing-instance-name { source-address address; } } v3 { notify name { tag tag-name; type (trap | inform); } notify-filter profile-name { oid oid (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance instance; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | v3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-md5 { authentication-password authentication-password; } authentication-none; authentication-sha { authentication-password authentication-password; } privacy-3des { privacy-password privacy-password; } privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-none; } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefiix){ security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }
Configure Basic Settings for SNMP
The following sections contain information about basic SNMP configuration and a few examples of configuring the basic SNMP operations on devices running Junos OS:
Configure Basic Settings for SNMPv1 and SNMPv2
You cannot enable SNMP on devices running Junos OS by default. To enable SNMP on devices running
Junos OS, include the community public statement at the
[edit snmp] hierarchy level.
Enabling SNMPv1 and SNMPv2 Get and GetNext Operations
[edit]
snmp {
community public;
}
A community that is defined as public grants access to all MIB data to any client.
To enable SNMPv1 and SNMPv2 Set operations on the device, you
must include the following statements at the [edit snmp]
hierarchy level:
Enabling SNMPv1 and SNMPv2 Set Operations
[edit snmp]
view all {
oid .1;
}
community private {
view all;
authorization read-write;
}
The following example shows the basic minimum configuration for SNMPv1 and SNMPv2 traps on a device:
Configuring SNMPv1 and SNMPv2 Traps
[edit snmp]
trap-group jnpr {
targets {
192.168.69.179;
}
}
Configure Basic Settings for SNMPv3
The following example shows the minimum SNMPv3 configuration for enabling
Get, GetNext, and Set
operations on a device (note that the configuration has authentication set to
md5 and privacy to none):
Enabling SNMPv3 Get, GetNext, and Set Operations
[edit snmp]
v3 {
usm {
local-engine {
user jnpruser {
authentication-md5 {
authentication-key "$9$guaDiQFnAuOQzevMWx7ikqP"; ## SECRET-DATA
}
privacy-none;
}
}
}
vacm {
security-to-group {
security-model usm {
security-name jnpruser {
group grpnm;
}
}
}
access {
group grpnm {
default-context-prefix {
security-model any {
security-level authentication {
read-view all;
write-view all;
}
}
}
}
}
}
}
view all {
oid .1;
}
The following example shows the basic configuration for SNMPv3 informs on a
device (the configuration has authentication and privacy settings to
none):
Configuring SNMPv3 Informs
[edit snmp]
v3 {
usm {
remote-engine 00000063200133a2c0a845c3 {
user RU2_v3_sha_none {
authentication-none;
privacy-none;
}
}
}
vacm {
security-to-group {
security-model usm {
security-name RU2_v3_sha_none {
group g1_usm_auth;
}
}
}
access {
group g1_usm_auth {
default-context-prefix {
security-model usm {
security-level authentication {
read-view all;
write-view all;
notify-view all;
}
}
}
}
}
}
target-address TA2_v3_sha_none {
address 192.168.69.179;
tag-list tl1;
address-mask 255.255.252.0;
target-parameters TP2_v3_sha_none;
}
target-parameters TP2_v3_sha_none {
parameters {
message-processing-model v3;
security-model usm;
security-level none;
security-name RU2_v3_sha_none;
}
notify-filter nf1;
}
notify N1_all_tl1_informs {
type inform; # Replace inform with trap to convert informs to traps.
tag tl1;
}
notify-filter nf1 {
oid .1 include;
}
}
view all {
oid .1 include;
}
You can convert the SNMPv3 informs to traps by setting the value of the
type statement at the [edit snmp v3 notify
N1_all_tl1_informs] hierarchy level to trap as
shown in the following example:
Converting Informs to Traps
user@host# set snmp v3 notify N1_all_tl1_informs type trap
See Also
Configure SNMP Details
You can use SNMP to store basic administrative details, such as a contact name and the location of the device. Your management system can then retrieve this information remotely when you are troubleshooting an issue or performing an audit. In SNMP terminology, these are the sysName, sysContact, sysDescription, and sysLocation objects found within the system group of MIB-2 (as defined in RFC 1213, Management Information Base for Network Management of TCP/IP-based internets: MIB-II). You can set initial values directly in the Junos OS configuration for each system being managed by SNMP.
For the devices that are managed by SNMP, always keep the name, location, contact, and description information configured and updated.
To set the SNMP details:
Configure the Commit Delay Timer
When a router or switch first receives an SNMP nonvolatile Set request, a Junos
OS XML protocol session opens and prevents other users or applications from changing
the candidate configuration (equivalent to the command-line interface [CLI]
configure exclusive command). If the router receives new SNMP
Set requests while the candidate configuration is being
committed, the SNMP Set request is rejected and an error is
generated. If the router receives new SNMP Set requests before 5
seconds have elapsed, the commit-delay timer (the length of time between when the
last SNMP request is received and the commit is requested) resets to 5 seconds.
By default, the timer is set to 5 seconds. To configure
the timer for the SNMP Set reply and start
of the commit, include the commit-delay statement at the [edit snmp nonvolatile] hierarchy level:
[edit snmp nonvolatile] commit-delay seconds;
seconds is the length of the
time between when the SNMP request is received and the commit is requested
for the candidate configuration. For more information about the configure exclusive command and locking the configuration,
see the Junos OS CLI User Guide .
Configure SNMP on a Device Running Junos OS
By default, SNMP is disabled on devices running Junos OS. To
enable SNMP on a router or switch, you must include the SNMP configuration
statements at the [edit snmp] hierarchy level.
To configure the minimum requirements for SNMP, include community public
statement at the [edit snmp] hierarchy level.
The community defined here as public grants read
access to all MIB data to any client.
To configure complete SNMP features, include the following
statements at the [edit snmp] hierarchy level:
snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } routing-instance routing-instance-name { clients { addresses; } } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } view view-name; } contact contact; description description; engine-id { (local engine-id | use-mac-address | use-default-ip-address); } filter-duplicates; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description text-description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type (get-next-request | get-request | walk-request); rising-event-index index; sample-type type; startup-alarm alarm; syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description text-description; type type; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance instance; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } view view-name { oid object-identifier (include | exclude); } }
See Also
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
[edit snmp]
hierarchy.