I have played with various configurations on the Juniper platform as well as Solarwinds and I can't seem to get SNMPv3 auth working.
Anyone have a working config on Juniper and a screenshot of how that maps to Solarwinds?
Update:
The configuration I provided in fact works for JUNOS on Solarwinds if you don't fill out the second authentication section when managing a node. Only fill out the top section title "SNMPV3 Credentials" and not the bottom "Read/Write SNMPv3 Credentials".
With config like this:
set snmp v3 usm local-engine user user1 authentication-sha authentication-password <password goes here>
set snmp v3 usm local-engine user user1 privacy-aes128 privacy-password <password goes here>
set snmp v3 vacm security-to-group security-model usm security-name user1 group group1
set snmp v3 vacm access group group1 default-context-prefix security-model usm security-level privacy read-view view-all
set snmp v3 target-address allow-1 address x.x.x.x
set snmp v3 target-address allow-1 address-mask x.x.x.x
set snmp v3 target-address allow-1 target-parameters tp1
set snmp v3 target-address allow-2 address x.x.x.x
set snmp v3 target-address allow-2 address-mask x.x.x.x
set snmp v3 target-address allow-2 target-parameters tp1
set snmp v3 target-parameters tp1 parameters message-processing-model v3
set snmp v3 target-parameters tp1 parameters security-model usm
set snmp v3 target-parameters tp1 parameters security-level privacy
set snmp v3 target-parameters tp1 parameters security-name user1
set snmp engine-id local 62
set snmp view view-all oid 1 include
Username is "user1" and replace the target address sections with your SNMP polling ips/ranges. When filling out Solarwinds use "user1" as the user and choose the proper authentication method (above is sha for auth and aes128 for privacy).
Type in your passwords you set above and you will have a working SNMPv3 node.
Hi Brian,
Here is some useful links:
Example: SNMPv3 Configuration - Technical Documentation - Support - Juniper Networks
Minimum SNMPv3 Configuration on a Device Running Junos OS - Technical Documentation - Support - Juniper Networks
4.13. Configuring SNMPv3 - JUNOS Cookbook [Book]
http://ethancbanks.com/2014/02/14/junos-snmpv3-config-baseline-for-all-oid-access-using-usm-with-authorization-privacy/
Regards.
Salah
Thanks Salah.
I found those exact articles and followed them exactly and still couldn't get Solarwinds to authenticate.
What I need to understand is why does Solarwinds have you type the authentication for SNMPv3 in twice? What is difference between SNMPv3 auth and read/write SNMPv3 auth? I tried filling out one section at time and both with the username "user1" and group/context "group1" with no luck.
That is why I asked if someone could provide a known working JUNOS config and a screenshot to show how the information maps to what Solarwinds is asking would be great. Obviously passwords/sensitive information can be greyed out but I just need to see one example that works and I can run with it.
Unfortunotly I never integrate Juniper using snmp v3 on Orion, but I'll try to find the correct way.
I sugess to focus on each part deeply, so make sure the way you set parameters is the corrcet one, then focus on Junos configuration side.
I thought I was going crazy so I used another snmp scanning tool against my SNMPv3 configuration on JUNOS and that works fine so now it is something with the Solarwinds platform.
Here is my JUNOS configuration:
set snmp v3 usm local-engine user user1 authentication-sha authentication-key <key>
set snmp v3 usm local-engine user user1 privacy-aes128 privacy-key <key>
If I use this configuration I am able to poll with SNMP using the user1 credentials as desired. If I try to update Solarwinds to use SNMPv3 and hit test it fails using the same information. In the other tool it doesn't require I fill out the context field. If I try to it breaks in that tool as well. So I decided to leave the context fields blank in Solarwinds but it still doesn't work.
I will ask again why does Solarwinds have two authentication sections to fill out when choosing SNMPv3??? Other tools only require you enter the user, contect, auth password, and privacy password. Why enter two times? Is there something I am doing wrong there?
If anyone can assist that would be great.
Do you have VRFs? -> with snmpv2 the community name is prefixed by the VRF-name to give the VRF-view of the data (e.g. the ARP subtree is per-VRF instead of per-router)
do you know how that changes for the snmpV3?
answer: use the context: Identifying a Routing Instance - Technical Documentation - Support - Juniper Networks
Works for me:
set snmp v3 usm local-engine user JOHNNY authentication-sha authentication-password MACK&JACK
set snmp v3 usm local-engine user JOHNNY privacy-aes128 privacy-password JACK&MACK
set snmp v3 vacm security-to-group security-model usm security-name JOHNNY group SOLARWINDS
set snmp v3 vacm access group SOLARWINDS default-context-prefix security-model usm security-level privacy read-view GLOBAL
set snmp v3 vacm access group SOLARWINDS default-context-prefix security-model usm security-level privacy write-view GLOBAL
set snmp v3 vacm access group SOLARWINDS default-context-prefix security-model usm security-level privacy notify-view GLOBAL
set snmp engine-id use-default-ip-address
set snmp view GLOBAL oid internet include
