Junos
Highlighted
Junos

SNMPv3 Authentication Traps

‎11-24-2015 09:13 AM

I have an EX4200 with JunOS v12.3, and I have SNMPv3 informs setup and working.  When I first set this up, I remember getting informs/traps for both valid and invalid logons, as well as logoffs.  I no longer receive these.  I do get informs/traps for invalid SNMP community attempts.  Did something change in recent revisions, or is there a configuration options for authentication type informs/traps under SNMPv3, other than the oid view, which I have setup to include everything (.1).

 

Thanks.

4 REPLIES 4
Highlighted
Junos

Re: SNMPv3 Authentication Traps

‎11-24-2015 01:51 PM
Hi,

What version R do you run ? I mean >> 12.3R(?) .
Did you made any change in the configuration ? Did you upgrade the EX switch ? Since when do you have this issue ?
Regards,
A'bed AL-R.
[JNCSP-SEC JNCDA JNCIS-ENT Ingenious Champion|Sec]
https://srxtech.wordpress.com
Highlighted
Junos

Re: SNMPv3 Authentication Traps

‎11-25-2015 04:36 AM

I am currently running JunOS v12.3r9.4.  I have been working for a while with support on some SNMP issues, and do not remember exactly when the logon/logoff traps stopped.  Since I was not actively trying to disable them, my guess is that they stopped during one of the upgrades I performed, probably to r9.4, although it may have been during the r8.7 upgrade.   I first wanted to ensure that I remembered correctly that JunOS does trap for SSH and Telnet logons and logoffs?

 

Thanks.

Highlighted
Junos

Re: SNMPv3 Authentication Traps

‎11-25-2015 09:35 AM
Hi,

Could you provide the show log messages | match snmp
Regards,
A'bed AL-R.
[JNCSP-SEC JNCDA JNCIS-ENT Ingenious Champion|Sec]
https://srxtech.wordpress.com
Highlighted
Junos

Re: SNMPv3 Authentication Traps

‎11-30-2015 08:44 AM

jacobsc@pok-052-vct> show log messages|match snmp
Nov 27 12:53:49  pok-052-vct snmpd[1479]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from 9.43.69.16 to 9.57.254.12 (public)
Nov 27 12:53:51  pok-052-vct snmpd[1479]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from 9.43.69.16 to 9.57.254.12 (public)

 

I searched through the Juniper MIBs, but could not find any logon/logoff authentication traps.  Does JunOS not report when a user logs on or off successfully or with a failure?

Feedback