0 Replies Latest reply on Mar 21, 2011 9:18 AM by nick77

    Configuring snmp v3 on Juniper EX3200-48T switches

    nick77

      Hello, I am trying to configure some Juniper EX3200-48T switches (and also some EX4500-40F switches) so that I can monitor them using snmp v3, and I am having some trouble.

      I have to admit this is the first time I have tried to configure snmp v3 so I could well be making a simple mistake, but any help would be greatly appreciated! :-)

       

      I have a config like this on the switch ( sensitive information replaced by UPPCASE markers)

       

      > show configuration snmp
      location LOCATION;
      contact ADMIN@DOMAIN;
      v3 {
          usm {
              local-engine {
                  user USER {
                      authentication-sha {
                          authentication-key ## SECRET-DATA
                      }
                      privacy-aes128 {
                          privacy-key ## SECRET-DATA
                      }
                  }
              }
          }
          vacm {
              security-to-group {
                  security-model usm {
                      security-name USER {
                          group GROUP;
                      }
                  }
              }
              access {
                  group GROUP {
                      default-context-prefix {
                          security-model usm {
                              security-level privacy {
                                  read-view internet;
                              }
                          }
                      }
                  }
              }
          }
      }
      view internet {
          oid 1.3.6.1 include;
      }
      view system {
          oid 1.3.6.1.2.1.1 include;
      }
      view interfaces {
          oid 1.3.6.1.2.1.2 include;
      }
      view chassis {
          oid 1.3.1.6.1.2628.2.2 include;
      }

       

      I am trying to add it using Admin -> Manage Nodes -> Add Node via the Orion web GUI, but the Validate SNMP check is failing. The switches are showing error "snmpd[854]: LIBJSNMP_NS_LOG_WARNING: WARNING: Authentication failed for USER" when I try this.

      I think my problem is that I am not putting the right information for the node, especially the "Context" entry. And also do I need to fill in both the "SNMPv3 Credentials" and "Read / Write SNMPv3 Credentials" sections?

      Here what I am using:
      SNMP Version:    v3
      SNMP Port:    161         
      SNMPv3 Credentials      
      SNMPv3 Username:    USER    
      SNMPv3 Context:    GROUP (I have also tried "USER" and "default-context-prefix")
      SNMPv3 Authentication      
      Method:    SHA1
      Password:    <password from authentication-key config>
      SNMPv3 Privacy / Encryption      
      Method:    AES128
      Password:    <password from privacy-key config>
         

      Read / Write SNMPv3 Credentials      
      SNMPv3 Username:    USER
      SNMPv3 Context:    GROUP (I have also tried "USER" and "default-context-prefix")    
      SNMPv3 Authentication      
      Method:     SHA1  
      Password:    <password from authentication-key config>
      SNMPv3 Privacy / Encryption      
      Method:    AES128
      Password:    <password from privacy-key config>

      I have the feeling that I need to either put something different in the "Context" field(s) in Orion, or maybe I need an extra line of config to allow snmp queries from the Orion server?

      Any ideas would be greatly appreciated!

       

      Thanks in advance.

       

      nick