Routing

last person joined: 3 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  SNMP packet is sent out with another IP

    Posted 02-09-2015 04:47

    I've got a problem receiving snmp responses from a EX-4550 which act as a router in my network.

    Looking at tcpdump I found that it replies to snmp requests from another IP:

     

     

    13:28:15.659521  In IP source.37935 > target1.snmp:  GetNextRequest(25)
    13:28:15.660374 Out IP target2.snmp > source.37935:  GetResponse(187) system.sysDescr.0="Juniper Networks, Inc. ex4550-32f Ethernet Switch, kernel JUNOS 12.3R7.7, Build date: 2014-06-12 15:58:41 UTC Copyright (c) 1996-2014 Juniper Networks, Inc."



    This creates of course some problems with a firewall which  between source and destination machines.

     

    I cannot understand why this doesn't happend if I ping same interface:

     

    13:29:52.944968  In IP source > target1: ICMP echo request, id 19286, seq 1, length 64
    13:29:52.944999 Out IP taregt1 > source: ICMP echo reply, id 19286, seq 1, length 64

     

     

    target1 has a separated routing table.

     

     

     

    Sorry I am not so able with this subject so I could miss something...

     



  • 2.  RE: SNMP packet is sent out with another IP

     
    Posted 02-09-2015 05:48

    Do you have any source address/interface selection configured?

     

    How is your snmp configuration looks loke?




    =====

    If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.



  • 3.  RE: SNMP packet is sent out with another IP
    Best Answer

    Posted 02-10-2015 14:20
    Could you provide the configuration?. For some services, as syslog, snmp traps, there is a "source-address" and "routing-instance" option that will set the source address and routing instance.
    For snmp this is not mandatory to reply from the same destination address, so for sure will be using the address of the outgoing interface back to the snmp management station. Icmp is mandatory to use the same destination/source ip.

    Options, for snmp queries use the ip you saw is using as source. Add this ip on your firewall filters for snmp reply traffic.
    Configure an static route to destination the snmp management station, using as next hop interface the interface with ip address you want to see as source in the replies.


    Br
    Alex.


  • 4.  RE: SNMP packet is sent out with another IP

    Posted 02-10-2015 23:13

    Thank You Acecanal you got the point!

    I solved the problem.

    I had to tell the snmp to use the right routing instance.

    I had to modify the community string which is used to pool snmp MIB too using <routing instance name>@<community> otherwise I cannot read MIBs.

     

    Thank You again