Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Interfaces to Accept SNMP Requests

Configure the Interfaces on Which SNMP Requests Can Be Accepted

By default, all router or switch interfaces have SNMP access privileges. To limit the access through certain interfaces only, include the interface statement at the [edit snmp] hierarchy level.

Specify the names of any logical or physical interfaces that should have SNMP access privileges. Any SNMP requests entering the router or switch from interfaces not listed are discarded.

Configure a Proxy SNMP Agent

Starting with Release 12.3, Junos OS enables you to assign one of the devices in the network as a proxy SNMP agent through which the network management system (NMS) can query other devices in the network. When you configure a proxy, you can specify the names of devices to be managed through the proxy SNMP agent.

When the NMS queries the proxy SNMP agent, the NMS specifies the community name (for SNMPv1 and SNMPv2) or the context and security name (for SNMPv3) associated with the device from which it requires the information.

Note:

If you have configured authentication and privacy methods and passwords for SNMPv3, those parameters are also specified in the query for SNMPv3 information.

To configure a proxy SNMP agent and specify devices to be managed by the proxy SNMP agent, see proxy (snmp).

Note:

Starting with Junos OS Release 15.2, you must configure the interface <interface-name> statement at the [edit snmp] hierarchy level for the proxy SNMP agent.

Note:

The community and security configurations for the proxy should match the corresponding configurations on the device that is to be managed.

Note:

The devices managed by the proxy SNMP agent send the traps directly to the network management system since the proxy SNMP agent does not have trap-forwarding capabilities.

You can use the show snmp proxy operational mode command to view proxy details on a device. The show snmp proxy command returns the proxy names, device names, SNMP version, community/security, and context information.

Example: Configure Secured Access List Checking

SNMP access privileges are granted to only devices on interfaces so-0/0/0 and at-1/0/1. The following example does this by configuring a list of logical interfaces:

The following example grants the same access by configuring a list of physical interfaces:

Filter Interface Information Out of SNMP Get and GetNext Output

Junos OS enables you to filter out information related to specific interfaces from the output of SNMP Get and GetNext requests. You can perform this on interface-related MIBs such as IF MIB, ATM MIB, RMON MIB, and the Juniper Networks enterprise-specific IF MIB.

You can use the following options of the filter-interfaces statement at the [edit snmp] hierarchy level to specify the interfaces that you want to exclude from SNMP Get and GetNext queries:

  • interfaces—Interfaces that match the specified regular expressions.

  • all-internal-interfaces—Internal interfaces.

Starting with Release 12.1, Junos OS provides an except option (! operator) that enables you to filter out all interfaces except those interfaces that match all the regular expressions prefixed with the ! mark.

For example, to filter out all interfaces except the ge interfaces from the SNMP get and get-next results, enter the following command:

When this is configured, Junos OS filters out all interfaces except the ge interfaces from the SNMP get and get-next results.

Note:

The ! mark is supported only as the first character of the regular expression. If it appears anywhere else in a regular expression, Junos OS considers the regular expression invalid, and returns an error.

However, note that these settings are only applicable to SNMP operations. The users can continue to access information related to the interfaces (including those hidden using the filter-interfaces options) using the appropriate Junos OS command-line interface (CLI) commands.