cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Configuring snmp v3 on Juniper EX3200-48T switches

Hello, I am trying to configure some Juniper EX3200-48T switches (and also some EX4500-40F switches) so that I can monitor them using snmp v3, and I am having some trouble.

I have to admit this is the first time I have tried to configure snmp v3 so I could well be making a simple mistake, but any help would be greatly appreciated! 🙂

 

I have a config like this on the switch ( sensitive information replaced by UPPCASE markers)

 

> show configuration snmp
location LOCATION;
contact ADMIN@DOMAIN;
v3 {
    usm {
        local-engine {
            user USER {
                authentication-sha {
                    authentication-key ## SECRET-DATA
                }
                privacy-aes128 {
                    privacy-key ## SECRET-DATA
                }
            }
        }
    }
    vacm {
        security-to-group {
            security-model usm {
                security-name USER {
                    group GROUP;
                }
            }
        }
        access {
            group GROUP {
                default-context-prefix {
                    security-model usm {
                        security-level privacy {
                            read-view internet;
                        }
                    }
                }
            }
        }
    }
}
view internet {
    oid 1.3.6.1 include;
}
view system {
    oid 1.3.6.1.2.1.1 include;
}
view interfaces {
    oid 1.3.6.1.2.1.2 include;
}
view chassis {
    oid 1.3.1.6.1.2628.2.2 include;
}

 

I am trying to add it using Admin -> Manage Nodes -> Add Node via the Orion web GUI, but the Validate SNMP check is failing. The switches are showing error "snmpd[854]: LIBJSNMP_NS_LOG_WARNING: WARNING: Authentication failed for USER" when I try this.

I think my problem is that I am not putting the right information for the node, especially the "Context" entry. And also do I need to fill in both the "SNMPv3 Credentials" and "Read / Write SNMPv3 Credentials" sections?

Here what I am using:
SNMP Version:    v3
SNMP Port:    161         
SNMPv3 Credentials      
SNMPv3 Username:    USER    
SNMPv3 Context:    GROUP (I have also tried "USER" and "default-context-prefix")
SNMPv3 Authentication      
Method:    SHA1
Password:    <password from authentication-key config>
SNMPv3 Privacy / Encryption      
Method:    AES128
Password:    <password from privacy-key config>
   

Read / Write SNMPv3 Credentials      
SNMPv3 Username:    USER
SNMPv3 Context:    GROUP (I have also tried "USER" and "default-context-prefix")    
SNMPv3 Authentication      
Method:     SHA1  
Password:    <password from authentication-key config>
SNMPv3 Privacy / Encryption      
Method:    AES128
Password:    <password from privacy-key config>

I have the feeling that I need to either put something different in the "Context" field(s) in Orion, or maybe I need an extra line of config to allow snmp queries from the Orion server?

Any ideas would be greatly appreciated!

 

Thanks in advance.

 

nick

0 Kudos
0 Replies