This topic shows all possible configuration statements at the [edit] snmp { community public; }05 hierarchy level and their level in the configuration hierarchy. When you are configuring Junos OS, your current hierarchy level is shown in the banner on the line preceding the [edit] snmp { community public; }06 prompt. Show
[edit] snmp { alarm-management { alarm-list-name list-name { alarm-id id { alarm-state state { description alarm-description; notification-id notification-id-of-alarm; resource-prefix alarm-resource-prefix; varbind-index varbind-index-in-alarm-varbind-list; varbind-subtree alarm-varbind-subtree; varbind-value alarm-varbind-value; } } } } client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address <restrict>; } logical-system logical-system-name { routing-instance routing-instance-name; clients { address <restrict>; } } routing-instance routing-instance-name { clients { address <restrict>; } } view view-name; } contact contact; description description; engine-id { (local engine-id | use-default-ip-address | use-mac-address); } filter-duplicates; interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type (get-next-request | get-request | walk-request); rising-event-index index; rising-threshold integer; sample-type type; startup-alarm alarm; syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; memory-trace; no-remote-trace; no-default-memory-trace; } trap-group group-name { categories { category; } destination-port port-number; routing-instance instance; logical-system logical-system-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; enterprise-oid; logical-system logical-system-name { routing-instance routing-instance-name { source-address address; } } routing-instance routing-instance-name { source-address address; } } v3 { notify name { tag tag-name; type (trap | inform); } notify-filter profile-name { oid oid (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance instance; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | v3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-md5 { authentication-password authentication-password; } authentication-none; authentication-sha { authentication-password authentication-password; } privacy-3des { privacy-password privacy-password; } privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-none; } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefiix){ security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } } SNMP is implemented in the Junos OS Software running on the QFX Series and OCX Series products. By default, SNMP is not enabled. To enable SNMP, you must include the SNMP configuration statements at the [edit] snmp { community public; }07 hierarchy level. To configure the minimum requirements for SNMP, include the following statements at the [edit] snmp { community public; }07 hierarchy level of the configuration: [edit] snmp { community public; } To configure complete SNMP features, include the following statements at the [edit] snmp { community public; }07 hierarchy level of the configuration: snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } } An interface that is slow in responding to SNMP requests for interface statistics can delay kernel responses to SNMP requests. You can review the mib2d log file to find out how long the kernel takes to respond to various SNMP requests. For more information about reviewing the log file for kernel response data, see “Checking Kernel and Packet Forwarding Engine Response” under . If you notice that a particular interface is slow in responding, and think that it is slowing down the kernel from responding to SNMP requests, exclude that interface from the SNMP queries to the device. You can exclude an interface from the SNMP queries either by configuring the [edit] snmp { community public; }10 statement or by modifying the SNMP view settings. The following example shows a sample configuration for excluding interfaces from the SNMP [edit] snmp { community public; }11, [edit] snmp { community public; }12, and [edit] snmp { community public; }13 operations: [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } } The following example shows the SNMP view configuration for excluding the interface with an interface index (ifIndex) value of 312 from a request for information related to the ifTable and ifXtable objects: [edit snmp] view test { oid .1 include; oid ifTable.1.*.312 exclude; oid ifXTable.1.*.312 exclude } Alternatively, you can take the interface that is slow in responding offline. The following example shows the minimum SNMPv3 configuration for enabling [edit] snmp { community public; }11, [edit] snmp { community public; }12, and [edit] snmp { community public; }13 operations on a device (note that the configuration has authentication set to [edit] snmp { community public; }17 and privacy to [edit] snmp { community public; }18): Enabling SNMPv3 Get, GetNext, and Set Operations [edit snmp] v3 { usm { local-engine { user jnpruser { authentication-md5 { authentication-key "$9$guaDiQFnAuOQzevMWx7ikqP"; ## SECRET-DATA } privacy-none; } } } vacm { security-to-group { security-model usm { security-name jnpruser { group grpnm; } } } access { group grpnm { default-context-prefix { security-model any { security-level authentication { read-view all; write-view all; } } } } } } } view all { oid .1; } The following example shows the basic configuration for SNMPv3 informs on a device (the configuration has authentication and privacy set to [edit] snmp { community public; }18): Configuring SNMPv3 Informs [edit snmp] v3 { usm { remote-engine 00000063200133a2c0a845c3 { user RU2_v3_sha_none { authentication-none; privacy-none; } } } vacm { security-to-group { security-model usm { security-name RU2_v3_sha_none { group g1_usm_auth; } } } access { group g1_usm_auth { default-context-prefix { security-model usm { security-level authentication { read-view all; write-view all; notify-view all; } } } } } } target-address TA2_v3_sha_none { address 192.168.69.179; tag-list tl1; address-mask 255.255.252.0; target-parameters TP2_v3_sha_none; } target-parameters TP2_v3_sha_none { parameters { message-processing-model v3; security-model usm; security-level none; security-name RU2_v3_sha_none; } notify-filter nf1; } notify N1_all_tl1_informs { type inform; # Replace inform with trap to convert informs to traps. tag tl1; } notify-filter nf1 { oid .1 include; } } view all { oid .1 include; } You can convert the SNMPv3 informs to traps by setting the value of the [edit] snmp { community public; }20 statement at the [edit] snmp { community public; }21 hierarchy level to [edit] snmp { community public; }22 as shown in the following example: Converting Informs to Traps user@host# set snmp v3 notify N1_all_tl1_informs type trap By default, SNMP is disabled on devices running Junos OS. To enable SNMP on a router or switch, you must include the SNMP configuration statements at the [edit] snmp { community public; }05 hierarchy level. To configure the minimum requirements for SNMP, include the following statements at the [edit] snmp { community public; }05 hierarchy level of the configuration: [edit] snmp { community public; } The community defined here as [edit] snmp { community public; }25 grants read access to all MIB data to any client. To configure complete SNMP features, include the following statements at the [edit] snmp { community public; }05 hierarchy level: snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } routing-instance routing-instance-name { clients { addresses; } } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } view view-name; } contact contact; description description; engine-id { (local engine-id | use-mac-address | use-default-ip-address); } filter-duplicates; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description text-description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type (get-next-request | get-request | walk-request); rising-event-index index; sample-type type; startup-alarm alarm; syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description text-description; type type; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance instance; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } view view-name { oid object-identifier (include | exclude); } } You can use SNMP to store basic administrative details, such as a contact name and the location of the device. Your management system can then retrieve this information remotely, when you are troubleshooting an issue or performing an audit. In SNMP terminology, these are the sysContact, sysDescription, and sysLocation objects found within the system group of MIB-2 (as defined in RFC 1213, Management Information Base for Network Management of TCP/IP-based internets: MIB-II). You can set initial values directly in the Junos OS configuration for each system being managed by SNMP. To set the system contact details:
When a router or switch first receives an SNMP nonvolatile [edit] snmp { community public; }13 request, a Junos OS XML protocol session opens and prevents other users or applications from changing the candidate configuration (equivalent to the command-line interface [CLI] [edit] snmp { community public; }32 command). If the router does not receive new SNMP [edit] snmp { community public; }13 requests within 5 seconds (the default value), the candidate configuration is committed and the Junos OS XML protocol session closes (the configuration lock is released). If the router receives new SNMP [edit] snmp { community public; }13 requests while the candidate configuration is being committed, the SNMP [edit] snmp { community public; }13 request is rejected and an error is generated. If the router receives new SNMP [edit] snmp { community public; }13 requests before 5 seconds have elapsed, the commit-delay timer (the length of time between when the last SNMP request is received and the commit is requested) resets to 5 seconds. By default, the timer is set to 5 seconds. To configure the timer for the SNMP [edit] snmp { community public; }13 reply and start of the commit, include the [edit] snmp { community public; }38 statement at the [edit] snmp { community public; }39 hierarchy level: snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }0 [edit] snmp { community public; }40 is the length of the time between when the SNMP request is received and the commit is requested for the candidate configuration. For more information about the [edit] snmp { community public; }41 command and locking the configuration, see the Junos OS CLI User Guide . Configuring the SNMP agent in Junos OS is a straightforward task that shares many familiar settings common to other managed devices in your network. For example, you need to configure Junos OS with an SNMP community string and a destination for traps. Community strings are administrative names that group collections of devices and the agents that are running on them together into common management domains. If a manager and an agent share the same community, they can communicate with each other. An SNMP community defines the level of authorization granted to its members, such as which MIB objects are available, which operations (read-only or read-write) are valid for those objects, and which SNMP clients are authorized, based on their source IP addresses. The SNMP community string defines the relationship between an SNMP server system and the client systems. This string acts like a password to control the clients’ access to the server. To create a read-only SNMP community:
To create a read-write SNMP community:
The SNMP community string defines the relationship between an SNMP server system and the client systems. This string acts like a password to control the clients’ access to the server. To configure a community string in a Junos OS configuration, include the [edit] snmp { community public; }57 statement at the [edit] snmp { community public; }05 hierarchy level: [edit snmp] view test { oid .1 include; oid ifTable.1.*.312 exclude; oid ifXTable.1.*.312 exclude }1 If the community name contains spaces, enclose it in quotation marks (" "). The default authorization level for a community is [edit] snmp { community public; }45. To allow [edit] snmp { community public; }13 requests within a community, you need to define that community as [edit] snmp { community public; }47. For [edit] snmp { community public; }13 requests, you also need to include the specific MIB objects that are accessible with read-write privileges using the [edit] snmp { community public; }49 statement. The default view includes all supported MIB objects that are accessible with read-only privileges; no MIB objects are accessible with read-write privileges. For more information about the [edit] snmp { community public; }49 statement, see . The [edit] snmp { community public; }51 statement lists the IP addresses of the clients (community members) that are allowed to use this community. If no [edit] snmp { community public; }51 statement is present, all clients are allowed. For [edit] snmp { community public; }53, you must specify an IPv4 address, not a hostname. Include the [edit] snmp { community public; }68 option to deny access to all SNMP clients for which access is not explicitly granted. We recommend that you always include the [edit] snmp { community public; }68 option to limit SNMP client access to the local switch. Note: Community names must be unique within each SNMP system. Grant read-only access to all clients. With the following configuration, the system responds to SNMP [edit] snmp { community public; }11, [edit] snmp { community public; }12, and [edit] snmp { community public; }72 requests that contain the community string [edit] snmp { community public; }25: [edit snmp] view test { oid .1 include; oid ifTable.1.*.312 exclude; oid ifXTable.1.*.312 exclude }2 Grant all clients read-write access to the ping MIB and [edit] snmp { community public; }74. With the following configuration, the system responds to SNMP [edit] snmp { community public; }11, [edit] snmp { community public; }12, [edit] snmp { community public; }72, and [edit] snmp { community public; }13 requests that contain the community string [edit] snmp { community public; }55 and specify an OID contained in the ping MIB or [edit] snmp { community public; }74 hierarchy: [edit snmp] view test { oid .1 include; oid ifTable.1.*.312 exclude; oid ifXTable.1.*.312 exclude }3 The following configuration allows read-only access to clients with IP addresses in the range [edit] snmp { community public; }81, and denies access to systems in the range [edit] snmp { community public; }82: [edit snmp] view test { oid .1 include; oid ifTable.1.*.312 exclude; oid ifXTable.1.*.312 exclude }4 Junos OS enables you to add one or more groups of clients to an SNMP community. You can include the [edit] snmp { community public; }83 statement at the [edit] snmp { community public; }84 hierarchy level to add all the members of the client list or prefix list to an SNMP community. To define a list of clients, include the [edit] snmp { community public; }85 statement followed by the IP addresses of the clients at the [edit] snmp { community public; }05 hierarchy level: [edit snmp] view test { oid .1 include; oid ifTable.1.*.312 exclude; oid ifXTable.1.*.312 exclude }5 You can configure a prefix list at the [edit] snmp { community public; }87 hierarchy level. Support for prefix lists in the SNMP community configuration enables you to use a single list to configure the SNMP and routing policies. For more information about the [edit] snmp { community public; }88 statement, see the Routing Policies, Firewall Filters, and Traffic Policers User Guide. To add a client list or prefix list to an SNMP community, include the [edit] snmp { community public; }89 statement at the [edit] snmp { community public; }84 hierarchy level: [edit snmp] view test { oid .1 include; oid ifTable.1.*.312 exclude; oid ifXTable.1.*.312 exclude }6 Note: The client list and prefix list must not have the same name. The following example shows how to define a client list: [edit snmp] view test { oid .1 include; oid ifTable.1.*.312 exclude; oid ifXTable.1.*.312 exclude }7 The following example shows how to add a client list to an SNMP community: [edit snmp] view test { oid .1 include; oid ifTable.1.*.312 exclude; oid ifXTable.1.*.312 exclude }8 The following example shows how to add a prefix list to an SNMP community: [edit snmp] view test { oid .1 include; oid ifTable.1.*.312 exclude; oid ifXTable.1.*.312 exclude }9 Starting with Release 12.3, Junos OS enables you to assign one of the devices in the network as a proxy SNMP agent through which the network management system (NMS) can query other devices in the network. When you configure a proxy, you can specify the names of devices to be managed through the proxy SNMP agent. When the NMS queries the proxy SNMP agent, the NMS specifies the community name (for SNMPv1 and SNMPv2) or the context and security name (for SNMPv3) associated with the device from which it requires the information. Note: If you have configured authentication and privacy methods and passwords for SNMPv3, those parameters are also specified in the query for SNMPv3 information. To configure a proxy SNMP agent and specify devices to be managed by the proxy SNMP agent, you can include the following configuration statements at the [ [edit] snmp { community public; }91] hierarchy level: [edit snmp] v3 { usm { local-engine { user jnpruser { authentication-md5 { authentication-key "$9$guaDiQFnAuOQzevMWx7ikqP"; ## SECRET-DATA } privacy-none; } } } vacm { security-to-group { security-model usm { security-name jnpruser { group grpnm; } } } access { group grpnm { default-context-prefix { security-model any { security-level authentication { read-view all; write-view all; } } } } } } } view all { oid .1; }0
Note: Starting with Junos OS Release 15.2, you must configure snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }06 statement at the [edit] snmp { community public; }05 hierarchy level for the proxy SNMP agent. Note: The community and security configuration for the proxy should match the corresponding configuration on the device that is to be managed. Note: Because the proxy SNMP agent does not have trap forwarding capabilities, the devices that are managed by the proxy SNMP agent send the traps directly to the network management system. You can use the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }08 operational mode command to view proxy details on a device. The snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }08 command returns the proxy names, device names, SNMP version, community/security, and context information. Traps are unsolicited messages sent from an SNMP agent to remote network management systems or trap receivers. Many enterprises use SNMP traps as part of a fault-monitoring solution, in addition to system logging. In Junos OS, SNMP traps are not forwarded by default, so you must configure a trap-group if you wish to use SNMP traps. You can create and name a group of one or more types of SNMP traps and then define which systems receive the group of SNMP traps.. The name of the trap group is embedded in SNMP trap notification packets as one variable binding (varbind) known as the community name. To configure an SNMP trap:
Some carriers have more than one trap receiver that forwards traps to a central NMS. This allows for more than one path for SNMP traps from a router to the central NMS through different trap receivers. A device running Junos OS can be configured to send the same copy of each SNMP trap to every trap receiver configured in the trap group. The source address in the IP header of each SNMP trap packet is set to the address of the outgoing interface by default. When a trap receiver forwards the packet to the central NMS, the source address is preserved. The central NMS, looking only at the source address of each SNMP trap packet, assumes that each SNMP trap came from a different source. In reality, the SNMP traps came from the same router, but each left the router through a different outgoing interface. The statements discussed in the following sections are provided to allow the NMS to recognize the duplicate traps and to distinguish SNMPv1 traps based on the outgoing interface. To configure SNMP trap options and trap groups, include the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }12 and snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }13 statements at the [edit] snmp { community public; }05 hierarchy level: [edit snmp] v3 { usm { remote-engine 00000063200133a2c0a845c3 { user RU2_v3_sha_none { authentication-none; privacy-none; } } } vacm { security-to-group { security-model usm { security-name RU2_v3_sha_none { group g1_usm_auth; } } } access { group g1_usm_auth { default-context-prefix { security-model usm { security-level authentication { read-view all; write-view all; notify-view all; } } } } } } target-address TA2_v3_sha_none { address 192.168.69.179; tag-list tl1; address-mask 255.255.252.0; target-parameters TP2_v3_sha_none; } target-parameters TP2_v3_sha_none { parameters { message-processing-model v3; security-model usm; security-level none; security-name RU2_v3_sha_none; } notify-filter nf1; } notify N1_all_tl1_informs { type inform; # Replace inform with trap to convert informs to traps. tag tl1; } notify-filter nf1 { oid .1 include; } } view all { oid .1 include; }0 You can configure the source address of trap packets in many ways: lo0, a valid IPv4 address or IPv6 address configured on one of the router interfaces, a logical-system address, or the address of a routing-instance. The value lo0 indicates that the source address of the SNMP trap packets is set to the lowest loopback address configured on the interface lo0. Note: If the source address is an invalid IPv4 or IPv6 address or is not configured, SNMP traps are not generated. You can configure the source address of trap packets in one of the following formats:
A Valid IPv4 Address As the Source Address To specify a valid IPv4 interface address as the source address for SNMP traps on one of the router interfaces, include the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }16 statement at the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }17 hierarchy level: [edit snmp] v3 { usm { remote-engine 00000063200133a2c0a845c3 { user RU2_v3_sha_none { authentication-none; privacy-none; } } } vacm { security-to-group { security-model usm { security-name RU2_v3_sha_none { group g1_usm_auth; } } } access { group g1_usm_auth { default-context-prefix { security-model usm { security-level authentication { read-view all; write-view all; notify-view all; } } } } } } target-address TA2_v3_sha_none { address 192.168.69.179; tag-list tl1; address-mask 255.255.252.0; target-parameters TP2_v3_sha_none; } target-parameters TP2_v3_sha_none { parameters { message-processing-model v3; security-model usm; security-level none; security-name RU2_v3_sha_none; } notify-filter nf1; } notify N1_all_tl1_informs { type inform; # Replace inform with trap to convert informs to traps. tag tl1; } notify-filter nf1 { oid .1 include; } } view all { oid .1 include; }1 [edit] snmp { community public; }53 is a valid IPv4 address configured on one of the router interfaces. A Valid IPv6 Address As the Source Address To specify a valid IPv6 interface address as the source address for SNMP traps on one of the router interfaces, include the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }16 statement at the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }17 hierarchy level: [edit snmp] v3 { usm { remote-engine 00000063200133a2c0a845c3 { user RU2_v3_sha_none { authentication-none; privacy-none; } } } vacm { security-to-group { security-model usm { security-name RU2_v3_sha_none { group g1_usm_auth; } } } access { group g1_usm_auth { default-context-prefix { security-model usm { security-level authentication { read-view all; write-view all; notify-view all; } } } } } } target-address TA2_v3_sha_none { address 192.168.69.179; tag-list tl1; address-mask 255.255.252.0; target-parameters TP2_v3_sha_none; } target-parameters TP2_v3_sha_none { parameters { message-processing-model v3; security-model usm; security-level none; security-name RU2_v3_sha_none; } notify-filter nf1; } notify N1_all_tl1_informs { type inform; # Replace inform with trap to convert informs to traps. tag tl1; } notify-filter nf1 { oid .1 include; } } view all { oid .1 include; }1 [edit] snmp { community public; }53 is a valid IPv6 address configured on one of the router interfaces. The Lowest Loopback Address As the Source Address To specify the source address of the SNMP traps so that they use the lowest loopback address configured on the interface lo0 as the source address, include the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }16 statement at the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }17 hierarchy level: [edit snmp] v3 { usm { remote-engine 00000063200133a2c0a845c3 { user RU2_v3_sha_none { authentication-none; privacy-none; } } } vacm { security-to-group { security-model usm { security-name RU2_v3_sha_none { group g1_usm_auth; } } } access { group g1_usm_auth { default-context-prefix { security-model usm { security-level authentication { read-view all; write-view all; notify-view all; } } } } } } target-address TA2_v3_sha_none { address 192.168.69.179; tag-list tl1; address-mask 255.255.252.0; target-parameters TP2_v3_sha_none; } target-parameters TP2_v3_sha_none { parameters { message-processing-model v3; security-model usm; security-level none; security-name RU2_v3_sha_none; } notify-filter nf1; } notify N1_all_tl1_informs { type inform; # Replace inform with trap to convert informs to traps. tag tl1; } notify-filter nf1 { oid .1 include; } } view all { oid .1 include; }3 To enable and configure the loopback address, include the [edit] snmp { community public; }53 statement at the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }25 hierarchy level: [edit snmp] v3 { usm { remote-engine 00000063200133a2c0a845c3 { user RU2_v3_sha_none { authentication-none; privacy-none; } } } vacm { security-to-group { security-model usm { security-name RU2_v3_sha_none { group g1_usm_auth; } } } access { group g1_usm_auth { default-context-prefix { security-model usm { security-level authentication { read-view all; write-view all; notify-view all; } } } } } } target-address TA2_v3_sha_none { address 192.168.69.179; tag-list tl1; address-mask 255.255.252.0; target-parameters TP2_v3_sha_none; } target-parameters TP2_v3_sha_none { parameters { message-processing-model v3; security-model usm; security-level none; security-name RU2_v3_sha_none; } notify-filter nf1; } notify N1_all_tl1_informs { type inform; # Replace inform with trap to convert informs to traps. tag tl1; } notify-filter nf1 { oid .1 include; } } view all { oid .1 include; }4 To configure the loopback address as the source address of trap packets: [edit snmp] v3 { usm { remote-engine 00000063200133a2c0a845c3 { user RU2_v3_sha_none { authentication-none; privacy-none; } } } vacm { security-to-group { security-model usm { security-name RU2_v3_sha_none { group g1_usm_auth; } } } access { group g1_usm_auth { default-context-prefix { security-model usm { security-level authentication { read-view all; write-view all; notify-view all; } } } } } } target-address TA2_v3_sha_none { address 192.168.69.179; tag-list tl1; address-mask 255.255.252.0; target-parameters TP2_v3_sha_none; } target-parameters TP2_v3_sha_none { parameters { message-processing-model v3; security-model usm; security-level none; security-name RU2_v3_sha_none; } notify-filter nf1; } notify N1_all_tl1_informs { type inform; # Replace inform with trap to convert informs to traps. tag tl1; } notify-filter nf1 { oid .1 include; } } view all { oid .1 include; }5 In this example, the IP address 10.0.0.1 is the source address of every trap sent from this router. Logical System Name as the Source Address To specify a logical system name as the source address of SNMP traps, include the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }26 statement at the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }17 hierarchy level. For example, the following configuration sets logical system name snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }28 as the source address of SNMP traps: [edit snmp] v3 { usm { remote-engine 00000063200133a2c0a845c3 { user RU2_v3_sha_none { authentication-none; privacy-none; } } } vacm { security-to-group { security-model usm { security-name RU2_v3_sha_none { group g1_usm_auth; } } } access { group g1_usm_auth { default-context-prefix { security-model usm { security-level authentication { read-view all; write-view all; notify-view all; } } } } } } target-address TA2_v3_sha_none { address 192.168.69.179; tag-list tl1; address-mask 255.255.252.0; target-parameters TP2_v3_sha_none; } target-parameters TP2_v3_sha_none { parameters { message-processing-model v3; security-model usm; security-level none; security-name RU2_v3_sha_none; } notify-filter nf1; } notify N1_all_tl1_informs { type inform; # Replace inform with trap to convert informs to traps. tag tl1; } notify-filter nf1 { oid .1 include; } } view all { oid .1 include; }6 Routing Instance Name as the Source Address To specify a routing instance name as the source address of SNMP traps, include the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }29 statement at the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }17 hierarchy level. For example, the following configuration sets the routing instance name snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }31 as the source address for SNMP traps: [edit snmp] v3 { usm { remote-engine 00000063200133a2c0a845c3 { user RU2_v3_sha_none { authentication-none; privacy-none; } } } vacm { security-to-group { security-model usm { security-name RU2_v3_sha_none { group g1_usm_auth; } } } access { group g1_usm_auth { default-context-prefix { security-model usm { security-level authentication { read-view all; write-view all; notify-view all; } } } } } } target-address TA2_v3_sha_none { address 192.168.69.179; tag-list tl1; address-mask 255.255.252.0; target-parameters TP2_v3_sha_none; } target-parameters TP2_v3_sha_none { parameters { message-processing-model v3; security-model usm; security-level none; security-name RU2_v3_sha_none; } notify-filter nf1; } notify N1_all_tl1_informs { type inform; # Replace inform with trap to convert informs to traps. tag tl1; } notify-filter nf1 { oid .1 include; } } view all { oid .1 include; }7 You can create and name a group of one or more types of SNMP traps and then define which systems receive the group of SNMP traps. The trap group must be configured for SNMP traps to be sent. To create an SNMP trap group, include the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }13 statement at the [edit] snmp { community public; }05 hierarchy level: [edit snmp] v3 { usm { remote-engine 00000063200133a2c0a845c3 { user RU2_v3_sha_none { authentication-none; privacy-none; } } } vacm { security-to-group { security-model usm { security-name RU2_v3_sha_none { group g1_usm_auth; } } } access { group g1_usm_auth { default-context-prefix { security-model usm { security-level authentication { read-view all; write-view all; notify-view all; } } } } } } target-address TA2_v3_sha_none { address 192.168.69.179; tag-list tl1; address-mask 255.255.252.0; target-parameters TP2_v3_sha_none; } target-parameters TP2_v3_sha_none { parameters { message-processing-model v3; security-model usm; security-level none; security-name RU2_v3_sha_none; } notify-filter nf1; } notify N1_all_tl1_informs { type inform; # Replace inform with trap to convert informs to traps. tag tl1; } notify-filter nf1 { oid .1 include; } } view all { oid .1 include; }8 The trap group name can be any string and is embedded in the community name field of the trap. To configure your own trap group port, include the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }34 statement. The default destination port is port 162. For each trap group that you define, you must include the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }35 statement to define at least one system as the recipient of the SNMP traps in the trap group. Specify the IPv4 or IPv6 address of each recipient, not its hostname. Specify the types of traps the trap group can receive in the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }36 statement. For information about the category to which the traps belong, see the and Enterprise-Specific SNMP Traps Supported by Junos OS topics. Specify the routing instance used by the trap group in the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }05 statement. All targets configured in the trap group use this routing instance. A trap group can receive the following categories:
If you include SONET/SDH subcategories, only those SONET/SDH trap alarm types are included in trap notifications. The snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }75 statement allows you to specify the SNMP version of the traps sent to targets of the trap group. If you specify snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }76 only, SNMPv1 traps are sent. If you specify snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }77 only, SNMPv2 traps are sent. If you specify snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }78, both an SNMPv1 and an SNMPv2 trap are sent for every trap condition. For more information about the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }75 statement, see version (SNMP). The QFX Series standalone switches, QFX Series Virtual Chassis, and QFabric systems support standard SNMP traps and Juniper Networks enterprise-specific traps. For more information, see: SNMP Traps Supported on QFX Series Standalone Switches and QFX Series Virtual ChassisQFX Series standalone switches and QFX Series Virtual Chassis support SNMPv1 and v2 traps. For more information, see: SNMPv1 TrapsQFX Series standalone switches and QFX Series Virtual Chassis support both standard SNMPv1 traps and Juniper Networks enterprise-specific SNMPv1 traps. See:
The traps are organized first by trap category and then by trap name. The system logging severity levels are listed for those traps that have them. Traps that do not have corresponding system logging severity levels are marked with an en dash (–). Table 1: Standard SNMP Version 1 Traps Supported on QFX Series Standalone Switches and QFX Series Virtual Chassis Defined in Trap Name Enterprise ID Generic Trap Number Specific Trap Number System Logging Severity Level Syslog Tag Link NotificationsRFC 1215, Conventions for Defining Traps for Use with the SNMP linkDown 1.3.6.1.4.1.2636 2 0 Warning SNMP_ TRAP_ LINK_DOWN linkUp 1.3.6.1.4.1.2636 3 0 Info SNMP_TRAP_ LINK_UP Remote Operations NotificationsRFC 2925, Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations pingProbeFailed 1.3.6.1.2.1.80.0 6 1 Info SNMP_TRAP _PING_ PROBE_ FAILED pingTestFailed 1.3.6.1.2.1.80.0 6 2 Info SNMP_TRAP_ PING_TEST _FAILED pingTestCompleted 1.3.6.1.2.1.80.0 6 3 Info SNMP_TRAP_ PING_TEST_ COMPLETED traceRoutePathChange 1.3.6.1.2.1.81.0 6 1 Info SNMP_TRAP_ TRACE_ROUTE_ PATH_CHANGE traceRouteTestFailed 1.3.6.1.2.1.81.0 6 2 Info SNMP_TRAP_ TRACE_ROUTE_ TEST_FAILED traceRouteTestCompleted 1.3.6.1.2.1.81.0 6 3 Info SNMP_TRAP_ TRACE_ROUTE_ TEST_COMPLETED RMON AlarmsRFC 2819a, RMON MIB fallingAlarm 1.3.6.1.2.1.16 6 2 – – risingAlarm 1.3.6.1.2.1.16 6 1 – – Routing NotificationsBGP 4 MIB bgpEstablished 1.3.6.1.2.1.15.7 6 1 – – bgpBackwardTransition 1.3.6.1.2.1.15.7 6 2 – – OSPF TRAP MIB ospfVirtIfStateChange 1.3.6.1.2.1.14.16.2 6 1 – – ospfNbrStateChange 1.3.6.1.2.1.14.16.2 6 2 – – ospfVirtNbrStateChange 1.3.6.1.2.1.14.16.2 6 3 – – ospfIfConfigError 1.3.6.1.2.1.14.16.2 6 4 – – ospfVirtIfConfigError 1.3.6.1.2.1.14.16.2 6 5 – – ospfIfAuthFailure 1.3.6.1.2.1.14.16.2 6 6 – – ospfVirtIfAuthFailure 1.3.6.1.2.1.14.16.2 6 7 – – ospfIfRxBadPacket 1.3.6.1.2.1.14.16.2 6 8 – – ospfVirtIfRxBadPacket 1.3.6.1.2.1.14.16.2 6 9 – – ospfTxRetransmit 1.3.6.1.2.1.14.16.2 6 10 – – ospfVirtIfTxRetransmit 1.3.6.1.2.1.14.16.2 6 11 – – ospfMaxAgeLsa 1.3.6.1.2.1.14.16.2 6 13 – – ospfIfStateChange 1.3.6.1.2.1.14.16.2 6 16 – – Startup NotificationsRFC 1215, Conventions for Defining Traps for Use with the SNMP authenticationFailure 1.3.6.1.4.1.2636 4 0 Notice SNMPD_ TRAP_ GEN_FAILURE coldStart 1.3.6.1.4.1.2636 0 0 Critical SNMPD_TRAP_ COLD_START warmStart 1.3.6.1.4.1.2636 1 0 Error SNMPD_TRAP_ WARM_START VRRP NotificationsRFC 2787, Definitions of Managed Objects for the Virtual Router Redundancy Protocol vrrpTrapNewMaster 1.3.6.1.2.1.68 6 1 Warning VRRPD_NEW MASTER_TRAP vrrpTrapAuthFailure 1.3.6.1.2.1.68 6 2 Warning VRRPD_AUTH_ FAILURE_TRAP Table 2: Enterprise-Specific SNMPv1 Traps Supported on QFX Series Standalone Switches and QFX Series Virtual Chassis Defined in Trap Name Enterprise ID Generic Trap Number Specific Trap Number System Logging Severity Level System Log Tag Chassis Notifications (Alarm Conditions)Chassis MIB(jnx-chassis. mib) jnxPowerSupplyFailure 1.3.6.1.4.1.2636.4.1 6 1 Warning CHASSISD_ SNMP_ TRAP jnxFanFailure 1.3.6.1.4.1.26361 6 2 Critical CHASSISD_ SNMP_ TRAP jnxOverTemperature 11.4.1.2636.4.1 6 3 Alert CHASSISD_ SNMP_ TRAP jnxFruRemoval 1.3.6.1.4.1.2636.4.1 6 5 Notice CHASSISD_ SNMP_ TRAP jnxFruInsertion 1.3.6.1.4.1.2636.4.1 6 6 Notice CHASSISD_ SNMP_ TRAP jnxFruPowerOff 1.3.6.1.4.1.2636.4.1 6 7 Notice CHASSISD_ SNMP_ TRAP jnxFruPowerOn 1.3.6.1.4.1.2636.4.1 6 8 Notice CHASSISD_ SNMP_ TRAP jnxFruFailed 1.3.6.1.4.1.2636.4.1 6 9 Warning CHASSISD_ SNMP_ TRAP jnxFruOffline 1.3.6.1.4.1.2636.4.1 6 10 Notice CHASSISD_ SNMP_ TRAP jnxFruOnline 1.3.6.1.4.1.2636.4.1 6 11 Notice CHASSISD_ SNMP_ TRAP jnxFruCheck 1.3.6.1.4.1.2636.4.1 6 12 Warning CHASSISD_ SNMP_ TRAP jnxPowerSupplyOk 1.3.6.1.4.1.2636.4.2 6 1 Critical CHASSISD_ SNMP_ TRAP jnxFanOK 1.3.6.1.4.1.2636.4.2 6 2 Critical CHASSISD_ SNMP_ TRAP jnxTemperatureOK 1.3.6.1.4.1.2636.4.2 6 3 Alert CHASSISD_ SNMP_ TRAP Configuration NotificationsConfiguration Management MIB (jnx- configmgmt. mib) jnxCmCfgChange 1.3.6.1.4.1.2636.4.5 6 1 – – jnxCmRescueChange 1.3.6.1.4.1.2636.4.5 6 2 – – Remote OperationsPing MIB(jnx-ping.mib) jnxPingRttThresholdExceeded 1.3.6.1.4.1.2636.4.9 6 1 – – jnxPingRttStdDevThreshold Exceeded 1.3.6.1.4.1.2636.4.9 6 2 – – jnxPingRttJitterThreshold Exceeded 1.3.6.1.4.1.2636.4.9 6 3 – – jnxPingEgressThreshold Exceeded 1.3.6.1.4.1.2636.4.9 6 4 – – jnxPingEgressStdDev ThresholdExceeded 1.3.6.1.4.1.2636.4.9 6 5 – – jnxPingEgressJitterThreshold Exceeded 1.3.6.1.4.1.2636.4.9 6 6 – – jnxPingIngressThreshold Exceeded 1.3.6.1.4.1.2636.4.9 6 7 – – jnxPingIngressStddevThreshold Exceeded 1.3.6.1.4.1.2636.4.9 6 8 – – jnxPingIngressJitterThreshold Exceeded 1.3.6.1.4.1.2636.4.9 6 9 – – RMON AlarmsRMON MIB (jnx-rmon. mib) jnxRmonAlarmGetFailure 1.3.6.1.4.1.2636.4.3 6 1 – – jnxRmonGetOk 1.3.6.1.4.1.2636.4.3 6 2 – – SNMPv2 Traps
Table 3: Standard SNMPv2 Traps Supported on QFX Series Standalone Switches and QFX Series Virtual Chassis Defined in Trap Name SNMP Trap OID System Logging Severity Level Syslog Tag Link NotificationsRFC 2863, The Interfaces Group MIB linkDown 1.3.6.1.6.3.1.1.5.3 Warning SNMP_TRAP_ LINK_DOWN linkUp 1.3.6.1.6.3.1.1.5.4 Info SNMP_TRAP_ LINK_UP Remote Operations NotificationsRFC 2925, Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations pingProbeFailed 1.3.6.1.2.1.80.0.1 Info SNMP_TRAP_ PING_PROBE_ FAILED pingTestFailed 1.3.6.1.2.1.80.0.2 Info SNMP_TRAP_PING_ TEST_FAILED pingTestCompleted 1.3.6.1.2.1.80.0.3 Info SNMP_TRAP_PING_ TEST_COMPLETED traceRoutePathChange 1.3.6.1.2.1.81.0.1 Info SNMP_TRAP_TRACE_ ROUTE_PATH_ CHANGE traceRouteTestFailed 1.3.6.1.2.1.81.0.2 Info SNMP_TRAP_TRACE_ ROUTE_TEST_FAILED traceRouteTestCompleted 1.3.6.1.2.1.81.0.3 Info SNMP_TRAP_TRACE_ ROUTE_TEST_ COMPLETED RMON AlarmsRFC 2819a, RMON MIB fallingAlarm 1.3.6.1.2.1.16.0.1 – – risingAlarm 1.3.6.1.2.1.16.0.2 – – BGP 4 MIB bgpEstablished 1.3.6.1.2.1.15.7.1 – – bgpBackwardTransition 1.3.6.1.2.1.15.7.2 – – OSPF Trap MIB ospfVirtIfStateChange 1.3.6.1.2.1.14.16.2.1 – – ospfNbrStateChange 1.3.6.1.2.1.14.16.2.2 – – ospfVirtNbrStateChange 1.3.6.1.2.1.14.16.2.3 – – ospfIfConfigError 1.3.6.1.2.1.14.16.2.4 – – ospfVirtIfConfigError 1.3.6.1.2.1.14.16.2.5 – – ospfIfAuthFailure 1.3.6.1.2.1.14.16.2.6 – – ospfVirtIfAuthFailure 1.3.6.1.2.1.14.16.2.7 – – ospfIfRxBadPacket 1.3.6.1.2.1.14.16.2.8 – – ospfVirtIfRxBadPacket 1.3.6.1.2.1.14.16.2.9 – – ospfTxRetransmit 1.3.6.1.2.1.14.16.2.10 – – ospfVirtIfTxRetransmit 1.3.6.1.2.1.14.16.2.11 – – ospfMaxAgeLsa 1.3.6.1.2.1.14.16.2.13 – – ospfIfStateChange 1.3.6.1.2.1.14.16.2.16 – – Startup NotificationsRFC 1907, Management Information Base for Version 2 of the Simple Network Management Protocol (SNMPv2) coldStart 1.3.6.1.6.3.1.1.5.1 Critical SNMPD_TRAP_ COLD_START warmStart 1.3.6.1.6.3.1.1.5.2 Error SNMPD_TRAP_ WARM_START authenticationFailure 1.3.6.1.6.3.1.1.5.5 Notice SNMPD_TRAP_ GEN_FAILURE VRRP NotificationsRFC 2787, Definitions of Managed Objects for the Virtual Router Redundancy Protocol vrrpTrapNewMaster 1.3.6.1.2.1.68.0.1 Warning VRRPD_ NEWMASTER_ TRAP vrrpTrapAuthFailure 1.3.6.1.2.1.68.0.2 Warning VRRPD_AUTH_ FAILURE_ TRAP Table 4: Enterprise-Specific SNMPv2 Traps Supported on QFX Series Standalone Switches and QFX Series Virtual Chassis Source MIB Trap Name SNMP Trap OID System Logging Severity Level System Log Tag Chassis (Alarm Conditions) NotificationsChassis MIB (mib-jnx-chassis) jnxPowerSupplyFailure 1.3.6.1.4.1.2636.4.1.1 Alert CHASSISD_ SNMP_ TRAP jnxFanFailure 1.3.6.1.4.1.2636.4.1.2 Critical CHASSISD_ SNMP_ TRAP jnxOverTemperature 1.3.6.1.4.1.2636.4.1.3 Critical CHASSISD_ SNMP_ TRAP jnxFruRemoval 1.3.6.1.4.1.2636.4.1.5 Notice CHASSISD_ SNMP_ TRAP jnxFruInsertion 1.3.6.1.4.1.2636.4.1.6 Notice CHASSISD_ SNMP_ TRAP jnxFruPowerOff 1.3.6.1.4.1.2636.4.1.7 Notice CHASSISD_ SNMP_ TRAP jnxFruPowerOn 1.3.6.1.4.1.2636.4.1.8 Notice CHASSISD_ SNMP_ TRAP jnxFruFailed 1.3.6.1.4.1.2636.4.1.9 Warning CHASSISD_ SNMP_ TRAP jnxFruOffline 1.3.6.1.4.1.2636.4.1.10 Notice CHASSISD_ SNMP_ TRAP jnxFruOnline 1.3.6.1.4.1.2636.4.1.11 Notice CHASSISD_ SNMP_ TRAP jnxFruCheck 1.3.6.1.4.1.2636.4.1.12 Notice CHASSISD_ SNMP_ TRAP jnxPowerSupplyOK 1.3.6.1.4.1.2636.4.2.1 Critical CHASSISD_ SNMP_ TRAP jnxFanOK 1.3.6.1.4.1.2636.4.2.2 Critical CHASSISD_ SNMP_ TRAP jnxTemperatureOK 1.3.6.1.4.1.2636.4.2.3 Alert CHASSISD_ SNMP_ TRAP Configuration NotificationsConfiguration Management MIB (mib-jnx-cfgmgmt) jnxCmCfgChange 1.3.6.1.4.1.2636.4.5.0.1 – – jnxCmRescueChange 1.3.6.1.4.1.2636.4.5.0.2 – – Remote Operations NotificationsPing MIB (mib-jnx-ping) jnxPingRttThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.1 – – jnxPingRttStdDevThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.2 – – jnxPingRttJitterThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.3 – – jnxPingEgressThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.4 – – jnxPingEgressStdDevThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.5 – – jnxPingEgressJitterThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.6 – – jnxPingIngressThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.7 – – jnxPingIngressStddevThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.8 – – jnxPingIngressJitterThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.9 – – RMON AlarmsRMON MIB (mib-jnx-rmon) jnxRmonAlarmGetFailure 1.3.6.1.4.1.2636.4. 3.0.1 – – jnxRmonGetOk 1.3.6.1.4.1.2636.4. 3.0.2 – – SNMP Traps Supported on QFabric SystemsQFabric systems support standard SNMPv2 traps and Juniper Networks enterprise-specific SNMPv2 traps. Note: QFabric systems do not support SNMPv1 traps. For more information, see:
Table 5: Standard SNMPv2 Traps Supported on QFabric Systems Defined in Trap Name SNMP Trap OID System Logging Severity Level Syslog Tag Link NotificationsRFC 2863, The Interfaces Group MIB linkDown 1.3.6.1.6.3.1.1.5.3 Warning SNMP_TRAP_ LINK_DOWN linkUp 1.3.6.1.6.3.1.1.5.4 Info SNMP_TRAP_ LINK_UP Startup NotificationsRFC 1907, Management Information Base for Version 2 of the Simple Network Management Protocol (SNMPv2) coldStart 1.3.6.1.6.3.1.1.5.1 Critical SNMPD_TRAP_ COLD_START warmStart 1.3.6.1.6.3.1.1.5.2 Error SNMPD_TRAP_ WARM_START authenticationFailure 1.3.6.1.6.3.1.1.5.5 Notice SNMPD_TRAP_ GEN_FAILURE Table 6: Enterprise-Specific SNMPv2 Traps Supported on QFabric Systems Source MIB Trap Name SNMP Trap OID System Logging Severity Level System Log Tag Fabric Chassis MIB (mib-jnx-fabric- chassis) Fabric Chassis (Alarm Conditions) NotificationsjnxFabricPowerSupplyFailure 1.3.6.1.4.1.2636.4.19.1 Warning – jnxFabricFanFailure 1.3.6.1.4.1.2636.4.19.2 Critical – jnxFabricOverTemperature 1.3.6.1.4.1.2636.4.19.3 Alert – jnxFabricRedundancySwitchover 1.3.6.1.4.1.2636.4.19.4 Notice – jnxFabricFruRemoval 1.3.6.1.4.1.2636.4.19.5 Notice – jnxFabricFruInsertion 1.3.6.1.4.1.2636.4.19.6 Notice – jnxFabricFruPowerOff 1.3.6.1.4.1.2636.4.19.7 Notice – jnxFabricFruPowerOn 1.3.6.1.4.1.2636.4.19.8 Notice – jnxFabricFruFailed 1.3.6.1.4.1.2636.4.19.9 Warning – jnxFabricFruOffline 1.3.6.1.4.1.2636.4.19.10 Notice – jnxFabricFruOnline 1.3.6.1.4.1.2636.4.19.11 Notice – jnxFabricFruCheck 1.3.6.1.4.1.2636.4.19.12 Warning – jnxFabricFEBSwitchover 1.3.6.1.4.1.2636.4.19.13 Warning – jnxFabricHardDiskFailed 1.3.6.1.4.1.2636.4.19.14 Warning – jnxFabricHardDiskMissing 1.3.6.1.4.1.2636.4.19.15 Warning – jnxFabricBootFromBackup 1.3.6.1.4.1.2636.4.19.16 Warning – Fabric Chassis (Alarm Cleared Conditions) NotificationsjnxFabricPowerSupplyOK 1.3.6.1.4.1.2636.4.20.1 Critical – jnxFabricFanOK 1.3.6.1.4.1.2636.4.20.2 Critical – jnxFabricTemperatureOK 1.3.6.1.4.1.2636.4.20.3 Alert – jnxFabricFruOK 1.3.6.1.4.1.2636.4.20.4 – – QFabric MIB (mib-jnx-qf-smi) QFabric MIB NotificationsjnxQFabricDownloadIssued 1.3.6.1.4.1.2636.3.42.1.0.1 – – jnxQFabricDownloadFailed 1.3.6.1.4.1.2636.3.42.1.0.2 – – jnxQFabricDownloadSucceeded 1.3.6.1.4.1.2636.3.42.1.0.3 – – jnxQFabricUpgradeIssued 1.3.6.1.4.1.2636.3.42.1.0.4 – – jnxQFabricUpgradeFailed 1.3.6.1.4.1.2636.3.42.1.0.5 – – jnxQFabricUpgradeSucceeded 1.3.6.1.4.1.2636.3.42.1.0.6 – – Configuration NotificationsConfiguration Management MIB (mib-jnx-cfgmgmt) jnxCmCfgChange 1.3.6.1.4.1.2636.4.5.0.1 – – jnxCmRescueChange 1.3.6.1.4.1.2636.4.5.0.2 – – Remote Operations NotificationsPing MIB (mib-jnx-ping) jnxPingRttThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.1 – – jnxPingRttStdDevThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.2 – – jnxPingRttJitterThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.3 – – jnxPingEgressThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.4 – – jnxPingEgressStdDevThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.5 – – jnxPingEgressJitterThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.6 – – jnxPingIngressThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.7 – – jnxPingIngressStddevThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.8 – – jnxPingIngressJitterThreshold Exceeded 1.3.6.1.4.1.2636.4.9.0.9 – – Junos OS enables you to filter out information related to specific interfaces from the output of SNMP [edit] snmp { community public; }11 and [edit] snmp { community public; }12 requests performed on interface-related MIBs such as IF MIB, ATM MIB, RMON MIB, and the Juniper Networks enterprise-specific IF MIB. You can use the following options of the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }82 statement at the [edit] snmp { community public; }05 hierarchy level to specify the interfaces that you want to exclude from SNMP [edit] snmp { community public; }11 and [edit] snmp { community public; }12 queries:
[edit snmp] v3 { usm { remote-engine 00000063200133a2c0a845c3 { user RU2_v3_sha_none { authentication-none; privacy-none; } } } vacm { security-to-group { security-model usm { security-name RU2_v3_sha_none { group g1_usm_auth; } } } access { group g1_usm_auth { default-context-prefix { security-model usm { security-level authentication { read-view all; write-view all; notify-view all; } } } } } } target-address TA2_v3_sha_none { address 192.168.69.179; tag-list tl1; address-mask 255.255.252.0; target-parameters TP2_v3_sha_none; } target-parameters TP2_v3_sha_none { parameters { message-processing-model v3; security-model usm; security-level none; security-name RU2_v3_sha_none; } notify-filter nf1; } notify N1_all_tl1_informs { type inform; # Replace inform with trap to convert informs to traps. tag tl1; } notify-filter nf1 { oid .1 include; } } view all { oid .1 include; }9 Starting with Release 12.1, Junos OS provides an except option ( snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }88 operator) that enables you to filter out all interfaces except those interfaces that match all the regular expressions prefixed with the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }88 mark. For example, to filter out all interfaces except the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }90 interfaces from the SNMP snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }91 and snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }92 results, enter the following command: user@host# set snmp v3 notify N1_all_tl1_informs type trap0 When this is configured, Junos OS filters out all interfaces except the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }90 interfaces from the SNMP snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }91 and snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }92 results. Note: The snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }88 mark is supported only as the first character of the regular expression. If it appears anywhere else in a regular expression, Junos OS considers the regular expression invalid, and returns an error. However, note that these settings are limited to SNMP operations, and the users can continue to access information related to the interfaces (including those hidden using the snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }82 options) using the appropriate Junos OS command-line interface (CLI) commands. SNMPv3 defines the concept of MIB views in RFC 3415, View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP). MIB views provide an agent better control over who can access specific branches and objects within its MIB tree. A view consists of a name and a collection of SNMP object identifiers, which are either explicitly included or excluded. Once defined, a view is then assigned to an SNMPv3 group or SNMPv1/v2c community (or multiple communities), automatically masking which parts of the agent’s MIB tree members of the group or community can (or cannot) access. By default, an SNMP community grants read access and denies write access to all supported MIB objects (even communities configured as snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }98). To restrict or grant read or write access to a set of MIB objects, you must configure a MIB view and associate the view with a community. To configure MIB views, include the [edit] snmp { community public; }49 statement at the [edit] snmp { community public; }05 hierarchy level: user@host# set snmp v3 notify N1_all_tl1_informs type trap1 The [edit] snmp { community public; }49 statement defines a MIB view and identifies a group of MIB objects. Each MIB object of a view has a common object identifier (OID) prefix. Each object identifier represents a subtree of the MIB object hierarchy. The subtree can be represented either by a sequence of dotted integers (such as [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }02) or by its subtree name (such as snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } routing-instance routing-instance-name { clients { addresses; } } view view-name; } contact contact; description description; filter-duplicates; filter-interfaces; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type; rising-event-index index; rising-threshold integer; sample-type (absolute-value | delta-value); startup-alarm (falling-alarm | rising-alarm | rising-or-falling alarm); syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description description; type type; } history history-index { bucket-size number; interface interface-name; interval seconds; owner owner-name; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance routing-instance-name; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } v3 { notify name { tag tag-name; type trap; } notify-filter profile-name { oid object-identifier (include | exclude); } snmp-community community-index { community-name community-name; security-name security-name; tag tag-name; } target-address target-address-name { address address; address-mask address-mask; logical-system logical-system; port port-number; retry-count number; routing-instance routing-instance-name; tag-list tag-list; target-parameters target-parameters-name; timeout seconds; } target-parameters target-parameters-name { notify-filter profile-name; parameters { message-processing-model (v1 | v2c | V3); security-level (authentication | none | privacy); security-model (usm | v1 | v2c); security-name security-name; } } usm { local-engine { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none; } } remote-engine engine-id { user username { authentication-sha { authentication-password authentication-password; } authentication-md5 { authentication-password authentication-password; } authentication-none; privacy-aes128 { privacy-password privacy-password; } privacy-des { privacy-password privacy-password; } privacy-3des { privacy-password privacy-password; } privacy-none { privacy-password privacy-password; } } } } vacm { access { group group-name { (default-context-prefix | context-prefix context-prefix) { security-model (any | usm | v1 | v2c) { security-level (authentication | none | privacy) { notify-view view-name; read-view view-name; write-view view-name; } } } } } security-to-group { security-model (usm | v1 | v2c) { security-name security-name { group group-name; } } } } } view view-name { oid object-identifier (include | exclude); } }86). A configuration statement uses a view to specify a group of MIB objects on which to define access. You can also use a wildcard character asterisk (*) to include OIDs that match a particular pattern in the SNMP view. You need to use * for each sub-OIDs to match. For example, use OID interfaces.*.*.*.123 to match OID interfaces.2.1.2.123. Wildcard interfaces.*.123 will not match OID interfaces.2.1.2.123. To enable a view, you must associate the view with a community. To remove an OID completely, use the [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }04 command but omit the [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }05 parameter. user@host# set snmp v3 notify N1_all_tl1_informs type trap2 The following example creates a MIB view called ping-mib-view. The [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }06 statement does not require a dot at the beginning of the object identifier. The [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }07 statement includes the branch under the object identifier .1.3.6.1.2.1.80. This includes the entire DISMAN-PINGMIB subtree (as defined in RFC 2925, Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations), which effectively permits access to any object under that branch. user@host# set snmp v3 notify N1_all_tl1_informs type trap3 The following example adds a second branch in the same MIB view. user@host# set snmp v3 notify N1_all_tl1_informs type trap4 Assign a MIB view to a community that you want to control. To associate MIB views with a community, include the [edit] snmp { community public; }49 statement at the [edit] snmp { community public; }84 hierarchy level: user@host# set snmp v3 notify N1_all_tl1_informs type trap5 For more information about the Ping MIB, see RFC 2925 and PING MIB. The QFX Series standalone switches, QFX Series Virtual Chassis, and QFabric systems support standard MIBs and Juniper Networks enterprise-specific MIBs. Note: For information about enterprise-specific SNMP MIB objects, see the SNMP MIB Explorer. You can use SNMP MIB Explorer to view information about various MIBs, MIB objects, and SNMP notifications supported on Juniper Networks devices For more information, see: MIBs Supported on QFX Series Standalone Switches and QFX Series Virtual ChassisThe QFX Series standalone switches and QFX Series Virtual Chassis support both standard MIBs and Juniper Networks enterprise-specific MIBs. For more information, see:
Table 7: Standard MIBs Supported on QFX Series Standalone Switches and QFX Series Virtual Chassis RFC Additional Information IEEE 802.1ab section 12.1, Link Layer Discovery Protocol (LLDP) MIB Supported tables and objects:
IEEE 802.3ad, Aggregation of Multiple Link Segments The following tables and objects are supported:
RFC 1155, Structure and Identification of Management Information for TCP/IP-based Internets — RFC 1157, A Simple Network Management Protocol (SNMP) — RFC 1212, Concise MIB Definitions — RFC 1213, Management Information Base for Network Management of TCP/IP-Based Internets: MIB-II The following areas are supported:
RFC 1215, A Convention for Defining Traps for use with the SNMP Support is limited to MIB II SNMP version 1 traps and version 2 notifications. RFC 1286, Definitions of Managed Objects for Bridges — RFC 1657, Definitions of Managed Objects for the Fourth Version of the Border Gateway Protocol (BGP-4) using SMIv2 — RFC 1850, OSPF Version 2 Management Information Base The following table, objects, and traps are not supported:
RFC 1901,Introduction to Community-based SNMPv2 — RFC 1905, Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2) — RFC 1907, Management Information Base for Version 2 of the Simple Network Management Protocol (SNMPv2) — RFC 2011, SNMPv2 Management Information Base for the Internet Protocol Using SMIv2 — RFC 2012, SNMPv2 Management Information Base for the Transmission Control Protocol Using SMIv2 — RFC 2013, SNMPv2 Management Information Base for the User Datagram Protocol Using SMIv2 — RFC 2233, The Interfaces Group MIB Using SMIv2 Note: RFC 2233 has been replaced by RFC 2863. However, Junos OS supports both RFC 2233 and RFC 2863. RFC 2287, Definitions of System-Level Managed Objects for Applications The following objects are supported:
RFC 2570, Introduction to Version 3 of the Internet-standard Network Management Framework — RFC 2571, An Architecture for Describing SNMP Management Frameworks (read-only access) Note: RFC 2571 has been replaced by RFC 3411. However, Junos OS supports both RFC 2571 and RFC 3411. RFC 2572, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) (read-only access) Note: RFC 2572 has been replaced by RFC 3412. However, Junos OS supports both RFC 2572 and RFC 3412. RFC 2576, Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework Note: RFC 2576 has been replaced by RFC 3584. However, Junos OS supports both RFC 2576 and RFC 3584. RFC 2578, Structure of Management Information Version 2 (SMIv2) — RFC 2579, Textual Conventions for SMIv2 — RFC 2580, Conformance Statements for SMIv2 — RFC 2665, Definitions of Managed Objects for the Ethernet-like Interface Types — RFC 2787, Definitions of Managed Objects for the Virtual Router Redundancy Protocol Support does not include row creation, the Set operation, and the vrrpStatsPacketLengthErrors object. RFC 2790, Host Resources MIB Support is limited to the following objects:
RFC 2819, Remote Network Monitoring Management Information Base The following objects are supported:
RFC 2863, The Interfaces Group MIB Note: RFC 2233 has been replaced by RFC 2863. However, Junos OS supports both RFC 2233 and RFC 2863. RFC 2932, IPv4 Multicast Routing MIB — RFC 2933, Internet Group Management Protocol (IGMP) MIB — RFC 2934, Protocol Independent Multicast MIB for IPv4 In Junos OS, RFC 2934 is implemented based on a draft version, pimmib.mib, of the now standard RFC. RFC 3410, Introduction and Applicability Statements for Internet Standard Management Framework — RFC 3411, An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks Note: RFC 3411 replaces RFC 2571. However, Junos OS supports both RFC 3411 and RFC 2571. RFC 3412, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) Note: RFC 3412 replaces RFC 2572. However, Junos OS supports both RFC 3412 and RFC 2572. RFC 3413, Simple Network Management Protocol (SNMP) Applications All MIBs are supported except for the Proxy MIB. RFC 3414, User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) — RFC 3415, View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) — RFC 3416, Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) Note: RFC 3416 replaces RFC 1905, which was supported in earlier versions of Junos OS. RFC 3417, Transport Mappings for the Simple Network Management Protocol (SNMP) — RFC 3418, Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) Note: RFC 3418 replaces RFC 1907, which was supported in earlier versions of Junos OS. RFC 3584, Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework — RFC 3826, The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model — RFC 4188, Definitions of Managed Objects for Bridges The QFX3500 and QFX3600 switches support 802.1D STP (1998) and the following subtrees and objects only:
Note: On QFX3500 and QFX3600 switches, the dot1dTpFdbTable table is populated only with MAC addresses learned on the default VLAN. To see the MAC addresses of all VLANs, specify the dot1qTpFdbTable table (RFC 4363b, Q-Bridge VLAN MIB) when you issue the [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }13 command. Not supported on OCX Series devices. RFC 4293, Management Information Base for the Internet Protocol (IP) Supports the ipAddrTable table only. RFC 4318, Definitions of Managed Objects for Bridges with Rapid Spanning Tree Protocol Supports 802.1w and 802.1t extensions for RSTP. Not supported on OCX Series devices. RFC 4363b, Q-Bridge VLAN MIB Note: On QFX3500 and QFX3600 switches, the dot1dTpFdbTable table (RFC 4188, Definitions of Managed Objects for Bridges) is populated only with MAC addresses learned on the default VLAN. To see the MAC addresses of all VLANs, specify the dot1qTpFdbTable table (in this MIB) when you issue the [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }13 command. Not supported on OCX Series devices. RFC 4444, IS-IS MIB — Internet Assigned Numbers Authority, IANAiftype Textual Convention MIB (referenced by RFC 2233) See http://www.iana.org/assignments/ianaiftype-mib . Internet draft draft-reeder-snmpv3-usm-3desede-00.txt, Extension to the User-Based Security Model (USM) to Support Triple-DES EDE in ‘Outside’ CBC Mode — Internet draft draft-ietf-idmr-igmp-mib-13.txt, Internet Group Management Protocol (IGMP) MIB — ESO Consortium MIB Note: The ESO Consortium MIB has been replaced by RFC 3826. See http://www.snmp.com/eso/. Table 8: Juniper Networks Enterprise-Specific MIBs Supported on QFX Series Standalone Switches and QFX Series Virtual Chassis MIB Description Alarm MIB (mib-jnx-chassis-alarm) Provides support for alarms from the switch. Analyzer MIB (mib-jnx-analyzer) Contains analyzer and remote analyzer data related to port mirroring. Not supported on OCX Series devices. Chassis MIB (mib-jnx-chassis) Provides support for environmental monitoring (power supply state, board voltages, fans, temperatures, and airflow) and inventory support for the chassis, Flexible PIC Concentrators (FPCs), and PICs. Note: The jnxLEDTable table has been deprecated. Chassis Definitions for Router Model MIB (mib-jnx-chas-defines) Contains the object identifiers (OIDs) that are used by the Chassis MIB to identify routing and switching platforms and chassis components. The Chassis MIB provides information that changes often, whereas the Chassis Definitions for Router Model MIB provides information that changes less often. Class-of-Service MIB (mib-jnx-cos) Provides support for monitoring interface output queue statistics per interface and per forwarding class. Configuration Management MIB (mib-jnx-cfgmgmt) Provides notification for configuration changes and rescue configuration changes in the form of SNMP traps. Each trap contains the time at which the configuration change was committed, the name of the user who made the change, and the method by which the change was made. A history of the last 32 configuration changes is kept in jnxCmChgEventTable. Ethernet MAC MIB (mib-jnx-mac) Monitors media access control (MAC) statistics on Gigabit Ethernet intelligent queuing (IQ) interfaces. It collects MAC statistics; for example, inoctets, inframes, outoctets, and outframes on each source MAC address and virtual LAN (VLAN) ID for each Ethernet port. Not supported on OCX Series devices. Event MIB (mib-jnx-event) Defines a generic trap that can be generated using an operations script or event policy. This MIB provides the ability to specify a system log string and raise a trap if that system log string is found. In Junos OS release 13.2X51-D10 or later, if you configured an event policy to raise a trap when a new SNMP trap target is added, the SNMPD_TRAP_TARGET_ADD_NOTICE trap is generated with information about the new target. Firewall MIB (mib-jnx-firewall) Provides support for monitoring firewall filter counters. Host Resources MIB (mib-jnx-hostresources) Extends the hrStorageTable object, providing a measure of the usage of each file system on the switch as a percentage. Previously, the objects in the hrStorageTable measured the usage in allocation units—hrStorageUsed and hrStorageAllocationUnits—only. Using the percentage measurement, you can more easily monitor and apply thresholds on usage. Interface MIB (Extensions) (mib-jnx-if-extensions) Extends the standard ifTable (RFC 2863) with additional statistics and Juniper Networks enterprise-specific chassis information in the ifJnxTable and ifChassisTable tables. L2ALD MIB (mib-jnx-l2ald) Provides information about Layer 2 Address Learning and related traps, such as the routing instance MAC limit trap and interface MAC limit trap. This MIB also provides VLAN information in the jnxL2aldVlanTable table for Enhanced Layer 2 Software (ELS) EX Series and QFX Series switches. Note: Non-ELS EX Series switches use the VLAN MIB (jnxExVlanTable) for VLAN information instead of this MIB. MPLS MIB (mib-jnx-mpls) Provides MPLS information and defines MPLS notifications. Note: This MIB is not supported on the QFX5100 switch. MPLS LDP MIB (mib-jnx-mpls-ldp) Contains object definitions as described in RFC 3815, Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP). Note: This MIB is not supported on the QFX5100 switch. Ping MIB (mib-jnx-ping) Extends the standard Ping MIB control table (RFC 2925). Items in this MIB are created when entries are created in pingCtlTable of the Ping MIB. Each item is indexed exactly as it is in the Ping MIB. RMON Events and Alarms MIB (mib-jnx-rmon) Supports Junos OS extensions to the standard Remote Monitoring (RMON) Events and Alarms MIB (RFC 2819). The extension augments the alarmTable object with additional information about each alarm. Two additional traps are also defined to indicate when problems are encountered with an alarm. Structure of Management Information MIB (mib-jnx-smi) Explains how the Juniper Networks enterprise-specific MIBs are structured. System Log MIB (mib-jnx-syslog) Enables notification of an SNMP trap-based application when an important system log message occurs. Utility MIB (mib-jnx-util) Provides you with SNMP MIB container objects of the following types: 32-bit counters, 64-bit counters, signed integers, unsigned integers, and octet strings. You can use these objects to store data that can be retrieved using other SNMP operations. VLAN MIB (mib-jnx-vlan) Contains information about prestandard IEEE 802.10 VLANs and their association with LAN emulation clients. Note: For ELS EX Series switches and QFX Series switches, VLAN information is available in the L2ALD MIB in the jnxL2aldVlanTable table instead of in the VLAN MIB For non-ELS EX Series switches, VLAN information is provided in the VLAN MIB in the jnxExVlanTable table. Not supported on OCX Series devices. MIBs Supported on QFabric SystemsThe QFabric systems support both standard MIBs and Juniper Networks enterprise-specific MIBs. For more information, see:
Table 9: Standard MIBs Supported on QFabric Systems RFC Additional Information RFC 1155, Structure and Identification of Management Information for TCP/IP-based Internets — RFC 1157, A Simple Network Management Protocol (SNMP) — RFC 1212, Concise MIB Definitions — RFC 1213, Management Information Base for Network Management of TCP/IP-Based Internets: MIB-II The following areas are supported:
RFC 1215, A Convention for Defining Traps for use with the SNMP Support is limited to MIB II SNMP version 1 traps and version 2 notifications. RFC 1286, Definitions of Managed Objects for Bridges — RFC 1901,Introduction to Community-based SNMPv2 — RFC 1905, Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2) — RFC 1907, Management Information Base for Version 2 of the Simple Network Management Protocol (SNMPv2) — RFC 2011, SNMPv2 Management Information Base for the Internet Protocol Using SMIv2 Note: On the QFabric system, for the SNMP mibwalk request to work, you must configure the IP address of at least one interface besides the management Ethernet interfaces (me0 and me1) in the Director group. RFC 2012, SNMPv2 Management Information Base for the Transmission Control Protocol Using SMIv2 — RFC 2013, SNMPv2 Management Information Base for the User Datagram Protocol Using SMIv2 — RFC 2233, The Interfaces Group MIB Using SMIv2 Note: RFC 2233 has been replaced by RFC 2863. However, Junos OS supports both RFC 2233 and RFC 2863. Note: The QFabric system supports the following objects only: ifNumber, ifTable, and ifxTable. RFC 2571, An Architecture for Describing SNMP Management Frameworks (read-only access) Note: RFC 2571 has been replaced by RFC 3411. However, Junos OS supports both RFC 2571 and RFC 3411. RFC 2572, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) (read-only access) Note: RFC 2572 has been replaced by RFC 3412. However, Junos OS supports both RFC 2572 and RFC 3412. RFC 2576, Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework Note: RFC 2576 has been replaced by RFC 3584. However, Junos OS supports both RFC 2576 and RFC 3584. RFC 2578, Structure of Management Information Version 2 (SMIv2) — RFC 2579, Textual Conventions for SMIv2 — RFC 2580, Conformance Statements for SMIv2 — RFC 2665, Definitions of Managed Objects for the Ethernet-like Interface Types The QFabric system supports the following tables only:
Note: Scalar variables are not supported on the QFabric system. RFC 2863, The Interfaces Group MIB Note: RFC 2233 has been replaced by RFC 2863. However, Junos OS supports both RFC 2233 and RFC 2863. Note: The QFabric system supports the following objects only: ifNumber, ifTable, and ifxTable. RFC 2933, Internet Group Management Protocol (IGMP) MIB — RFC 3410, Introduction and Applicability Statements for Internet Standard Management Framework — RFC 3411, An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks Note: RFC 3411 replaces RFC 2571. However, Junos OS supports both RFC 3411 and RFC 2571. RFC 3412, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) Note: RFC 3412 replaces RFC 2572. However, Junos OS supports both RFC 3412 and RFC 2572. RFC 3416, Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) Note: RFC 3416 replaces RFC 1905, which was supported in earlier versions of Junos OS. RFC 3417, Transport Mappings for the Simple Network Management Protocol (SNMP) — RFC 3418, Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) Note: RFC 3418 replaces RFC 1907, which was supported in earlier versions of Junos OS. RFC 3584, Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework — RFC 4188, Definitions of Managed Objects for Bridges The QFabric system support is limited to the following objects:
Not supported on OCX Series devices. RFC 4293, Management Information Base for the Internet Protocol (IP) Supports the ipAddrTable table only. On the QFabric system, supported objects in the ipAddrTable table include: ipAdEntAddr, ipAdEntIfIndex, ipAdEntNetMask, ipAdEntBcastAddr, and ipAdEntReasmMaxSize. Note: On the QFabric system, for the SNMP mibwalk request to work, you must configure the IP address of at least one interface besides the management Ethernet interfaces (me0 and me1) in the Director group. RFC 4363b, Q-Bridge VLAN MIB The QFabric system supports the following tables only:
Not supported on OCX Series devices. Note: QFabric-specific MIBs are not supported on OCX Series devices. Table 10: Juniper Networks Enterprise-Specific MIBs Supported on QFabric Systems MIB Description Analyzer MIB (mib-jnx-analyzer) Contains analyzer and remote analyzer data related to port mirroring. The QFabric system supports:
Chassis MIB (mib-jnx-chassis) Note: The Chassis MIB has been deprecated for the QFabric system. We recommend that you use the Fabric Chassis MIB (mib-jnx-fabric-chassis) for information about the QFabric system. Class-of-Service MIB (mib-jnx-cos) Provides support for monitoring interface output queue statistics per interface and per forwarding class. The QFabric system supports the following tables and objects:
The QFabric system does not support any traps for this MIB. Configuration Management MIB (mib-jnx-cfgmgmt) Provides notification for configuration changes and rescue configuration changes in the form of SNMP traps. Each trap contains the time at which the configuration change was committed, the name of the user who made the change, and the method by which the change was made. A history of the last 32 configuration changes is kept in jnxCmChgEventTable. Note: On the QFabric system, these conditions apply:
Fabric Chassis MIB (mib-jnx-fabric-chassis) Provides hardware information about the QFabric system and its component devices. This MIB is based on the Juniper Networks enterprise-specific Chassis MIB but adds another level of indexing that provides information for QFabric system component devices. Interface MIB (Extensions) (mib-jnx-if-extensions) Extends the standard ifTable (RFC 2863) with additional statistics and Juniper Networks enterprise-specific chassis information in the ifJnxTable and ifChassisTable tables. Note: On the QFabric system, scalar variables are not supported. Power Supply Unit MIB (mib-jnx-power-supply-unit) Provides support for environmental monitoring of the power supply unit for the Interconnect device of the QFabric system. Note: On the QFabric system, scalar variables for the jnxPsuObjects 1 object ID in the jnxPsuScalars table are not supported. QFabric MIB (jnx-qf-smi) Explains how the Juniper Networks enterprise-specific QFabric MIBs are structured. Defines the MIB objects that are reported by the QFabric system and the contents of the traps that can be issued by the QFabric system. Utility MIB (mib-jnx-util) Provides you with SNMP MIB container objects of the following types: 32-bit counters, 64-bit counters, signed integers, unsigned integers, and octet strings. You can use these objects to store data that can be retrieved using other SNMP operations. This topic lists the Juniper Networks enterprise-specific SNMP Chassis MIB definition objects for the QFX Series: QFX Series Standalone Switchesuser@host# set snmp v3 notify N1_all_tl1_informs type trap6 QFabric Systemsuser@host# set snmp v3 notify N1_all_tl1_informs type trap7 QFabric System QFX3100 Director Deviceuser@host# set snmp v3 notify N1_all_tl1_informs type trap8 QFabric System QFX3008-I Interconnect Deviceuser@host# set snmp v3 notify N1_all_tl1_informs type trap9 QFabric System QFX3600-I Interconnect Device[edit] snmp { community public; }0 QFabric System Node Devices[edit] snmp { community public; }1 The Juniper Networks enterprise-specific SNMP Fabric Chassis MIB (mib-jnx-fabric-chassis) provides hardware information about the QFabric system and its component devices in a single MIB. The Fabric Chassis MIB is based on the Juniper Networks enterprise-specific Chassis MIB that provides information for individual devices. Unlike the Chassis MIB, the Fabric Chassis MIB represents the QFabric system component devices as part of the QFabric system. Only the information from the Fabric Chassis MIB (and not from individual Chassis MIBs) is available to SNMP management clients of the QFabric system. The Fabric Chassis MIB uses the basic information structure of the Chassis MIB, but adds another level of indexing that provides detailed information about QFabric system devices. Each physical device in a QFabric system (such as a Node device or an Interconnect device) is represented with its hardware components, including the power supply, fans, and front and rear cards. As in other SNMP systems, the SNMP manager resides on the network management system (NMS) of the network to which the QFabric system belongs. The SNMP agent (snmpd) resides in the QFabric system Director software and is responsible for receiving and distributing all traps as well as responding to all queries from the SNMP manager. In addition, there is an SNMP subagent running in the Routing Engine of each Node group and Interconnect device. The SNMP subagent manages the information about the component device, and that information is communicated to the SNMP agent in the Director software as needed. Traps that are generated by a Node device are sent to the SNMP agent in the Director software, which in turn processes and sends them to the target IP addresses that are defined in the SNMP configuration. describes the tables and objects in the Fabric Chassis MIB. Table 11: Fabric Chassis MIB Tables and Objects Table or Object Name Root OID Description Tables with Counterparts in the Chassis MIBjnxFabricContainersTable 1.3.6.1.4.1.2636.3.42.2.2.2 Provides information about different types of containers in QFabric system devices.
jnxFabricContentsTable 1.3.6.1.4.1.2636.3.42.2.2.3 Contains contents that are present across all devices represented in the jnxFabricDeviceTable object. This table includes all field replaceable units (FRUs) and non-FRUs for QFabric system devices.
jnxFabricFilledTable 1.3.6.1.4.1.2636.3.42.2.2.4 Shows the status of containers in QFabric devices. The jnxFabricFilledState object represents the state of the component: (1) unknown, (2) empty, or (3) filled. Note: The jnxFabricFilledTable object does not contain information about the Director group. jnxFabricOperatingTable 1.3.6.1.4.1.2636.3.42.2.2.5 Represents different operating parameters for the contents that are populated in the jnxFabricContentsTable object.
The jnxFabricOperatingState object provides the state of the device: (1) unknown, (2) running, (3) ready, (4) reset, (5) runningAtFullSpeed (for fans only), (6) down, (6) off (for power supply units), or (7) standby. jnxFabricRedundancyTable 1.3.6.1.4.1.2636.3.42.2.2.6 Represents the redundancy information that is available at different subsystem levels across the QFabric system. Information about the Routing Engines in Node devices is included, but there are no corresponding entries for Interconnect devices in this table. The jnxFabricRedundancyState object indicates the state of the subsystem: (1) unknown, (2) primary, (3) backup, or (4) disabled. Note: Information about redundant Director devices, virtual machines (VMs) within Director groups, and Virtual Chassis devices is not available at this time. jnxFabricFruTable 1.3.6.1.4.1.2636.3.42.2.2.7 Contains all FRUs for the QFabric system in the jnxFabricDeviceTable table. The FRUs are listed regardless of whether or not they are installed or online. The jnxFabricFruState object represents the state of the FRU, including online, offline, or empty, and so on. This table also contains information about each FRU, such as name, type, temperature, time last powered on, and time last powered off. Note: The jnxFabricFruTable table does not include network interface cards (NICs) on Director devices. Table Specific to the Fabric Chassis MIBjnxFabricDeviceTable 1.3.6.1.4.1.2636.3.42.2.2.1 Contains information about all devices in the QFabric system. This table organizes scalar variables represented in the Chassis MIB into a table format for the QFabric system component devices. Columns in this table include device information such as model, device alias, and serial number. The jnxFabricDeviceIndex identifies each QFabric system device (Node device, Interconnect device, and Director device). Note: At this time, information about the Virtual Chassis is not available. Note: The following objects are not supported:
The following scalar variables are supported:
1.3.6.1.4.1.2636.3.42.2.1 Describe the QFabric system as a whole. Note: The jnxFabricFirmwareRevision scalar variable is not supported at this time. describes the SNMPv2 traps that are defined in the Fabric Chassis MIB. Note: Only SNMPv2 traps are supported on the QFabric system. Table 12: Fabric Chassis MIB SNMPv2 Traps Trap Group and Name Root OID Description jnxFabricChassisTraps group—Includes the following traps:
1.3.6.1.4.1.2636.4.19 Indicates an alarm condition. Note: Hardware events on the Director group are detected by scanning. As a result, a trap may not be generated until up to 30 seconds after the event has occurred. Note: The software does not distinguish between the fan removal and fan failure events on the Director group. In each case, both the jnxFabricFanFailure and jnxFabricFruFailed traps are generated. jnxFabricChassisOKTraps group—Includes the following traps:
1.3.6.1.4.1.2636.4.20 Indicates an alarm cleared condition. For more information, see the Fabric Chassis MIB at: https://www.juniper.net/documentation/en_US/junos13.1/topics/reference/mibs/mib-jnx-fabric-chassis.txt Even though the Junos OS has built-in performance metrics and monitoring options, you might need to have customized performance metrics. To make it easier for you to monitor such customized data through a standard monitoring system, the Junos OS provides you with an enterprise-specific Utility MIB that can store such data and thus extend SNMP support for managing and monitoring the data of your choice. The enterprise-specific Utility MIB provides you with container objects of the following types: [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }18, [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }19, [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }20, [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }21, and [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }22. You can use these container MIB objects to store the data that are otherwise not supported for SNMP operations. You can populate data for these objects either by using CLI commands or with the help of Op scripts and an RPC API that can invoke the CLI commands. The following CLI commands enable you to set and clear Utility MIB object values:
The [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }25 option of the [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }26 command specifies the name of the data instance and is the main identifier of the data. The [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }27 option enables you specify the object type, and the [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }28 option enables you to set the value of the object. To automate the process of populating Utility MIB data, you can use a combination of an event policy and event script. The following examples show the configuration for an event policy to run [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }29 every hour and to store the [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }29 data in Utility MIB objects by running an event script ( [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }31). Event Policy Configuration To configure an event policy that runs the [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }29 command every hour and invokes [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }31 to store the [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }29 data into Utility MIB objects, include the following statements at the [ [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }35] hierarchy level: [edit] snmp { community public; }2 check-mbufs.slax Script The following example shows the [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }31 script that is stored under [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }37: [edit] snmp { community public; }3 You can run the following command to check the data stored in the Utility MIB as a result of the event policy and script shown in the preceding examples: [edit] snmp { community public; }4 Note: The [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }13 command is not available on the QFabric system, but you can use external SNMP client applications to perform this operation. ProcedureCLI Quick ConfigurationTo quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] snmp { community public; }07 hierarchy level. [edit] snmp { community public; }5 Step-by-Step ProcedureThe following example requires that you navigate various levels in the configuration hierarchy. For instructions on how to do that, see in the Junos OS CLI User Guide . To configure SNMP on the QFabric system: Note: If the name, description, location, contact, or community name contains spaces, enclose the text in quotation marks (" ").
ResultsFrom configuration mode, confirm your configuration by entering the [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }43 command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration. snmp { client-list client-list-name { ip-addresses; } community community-name { authorization authorization; client-list-name client-list-name; clients { address restrict; } routing-instance routing-instance-name { clients { addresses; } } logical-system logical-system-name { routing-instance routing-instance-name { clients { addresses; } } } view view-name; } contact contact; description description; engine-id { (local engine-id | use-mac-address | use-default-ip-address); } filter-duplicates; health-monitor { falling-threshold integer; interval seconds; rising-threshold integer; } interface [ interface-names ]; location location; name name; nonvolatile { commit-delay seconds; } rmon { alarm index { description text-description; falling-event-index index; falling-threshold integer; falling-threshold-interval seconds; interval seconds; request-type (get-next-request | get-request | walk-request); rising-event-index index; sample-type type; startup-alarm alarm; syslog-subtag syslog-subtag; variable oid-variable; } event index { community community-name; description text-description; type type; } } traceoptions { file filename <files number> <size size> <world-readable | no-world-readable> <match regular-expression>; flag flag; } trap-group group-name { categories { category; } destination-port port-number; routing-instance instance; targets { address; } version (all | v1 | v2); } trap-options { agent-address outgoing-interface; source-address address; } view view-name { oid object-identifier (include | exclude); } }4 If you are done configuring the device, enter [edit] snmp { filter-interfaces { interfaces { # exclude the specified interfaces interface1; interface2; } all-internal-interfaces; # exclude all internal interfaces } }44 from configuration mode. To configure SNMP:
To configure an alarm:
|