Hello, I am trying to configure some Juniper EX3200-48T switches (and also some EX4500-40F switches) so that I can monitor them using snmp v3, and I am having some trouble.
I have to admit this is the first time I have tried to configure snmp v3 so I could well be making a simple mistake, but any help would be greatly appreciated! :-)
I have a config like this on the switch ( sensitive information replaced by UPPCASE markers)
> show configuration snmp
location LOCATION;
contact ADMIN@DOMAIN;
v3 {
usm {
local-engine {
user USER {
authentication-sha {
authentication-key ## SECRET-DATA
}
privacy-aes128 {
privacy-key ## SECRET-DATA
}
}
}
}
vacm {
security-to-group {
security-model usm {
security-name USER {
group GROUP;
}
}
}
access {
group GROUP {
default-context-prefix {
security-model usm {
security-level privacy {
read-view internet;
}
}
}
}
}
}
}
view internet {
oid 1.3.6.1 include;
}
view system {
oid 1.3.6.1.2.1.1 include;
}
view interfaces {
oid 1.3.6.1.2.1.2 include;
}
view chassis {
oid 1.3.1.6.1.2628.2.2 include;
}
I am trying to add it using Admin -> Manage Nodes -> Add Node via the Orion web GUI, but the Validate SNMP check is failing. The switches are showing error "snmpd[854]: LIBJSNMP_NS_LOG_WARNING: WARNING: Authentication failed for USER" when I try this.
I think my problem is that I am not putting the right information for the node, especially the "Context" entry. And also do I need to fill in both the "SNMPv3 Credentials" and "Read / Write SNMPv3 Credentials" sections?
Here what I am using:
SNMP Version: v3
SNMP Port: 161
SNMPv3 Credentials
SNMPv3 Username: USER
SNMPv3 Context: GROUP (I have also tried "USER" and "default-context-prefix")
SNMPv3 Authentication
Method: SHA1
Password: <password from authentication-key config>
SNMPv3 Privacy / Encryption
Method: AES128
Password: <password from privacy-key config>
Read / Write SNMPv3 Credentials
SNMPv3 Username: USER
SNMPv3 Context: GROUP (I have also tried "USER" and "default-context-prefix")
SNMPv3 Authentication
Method: SHA1
Password: <password from authentication-key config>
SNMPv3 Privacy / Encryption
Method: AES128
Password: <password from privacy-key config>
I have the feeling that I need to either put something different in the "Context" field(s) in Orion, or maybe I need an extra line of config to allow snmp queries from the Orion server?
Any ideas would be greatly appreciated!
Thanks in advance.
nick