SRX

Hi,

I have SNMP v3 working fine with PRTG on the MX240-Core and the MX240-LNS but I am having problems on the SRX1500. I expect this is due to having routing-instances etc....

Can anyone suggest the best way to configure SNMP v3 on an SRX with multiple routing-instances please?

Thanks

I have configured the following under SNMP but it doesn't work.....

set snmp routing-instance-access access-list Customer-VR
set snmp routing-instance-access access-list DNS-BTB-Replication
set snmp routing-instance-access access-list NineGroupBTB-VR
set snmp routing-instance-access access-list netopstest2
set snmp routing-instance-access access-list ninegroup-dns
set snmp routing-instance-access access-list ninegroup-eve
set snmp routing-instance-access access-list ninegroup-radius
set snmp routing-instance-access access-list restapivpn

Does the SNMP config reside in the default route and hence the PRTG Proble address needs leaking to the default and then point it to the loopback rather than an instance address?

Hope this helps:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB27284&actp=search

https://blog.marquis.co/snmp-polling-over-a-routing-instance/

Hi Nellikka,

Thanks. That has pointed me in the right direction. I will have a play around and get it working and then post the results here....

Thanks

I had to play around with the snmpwalk parameters as the examples are all from Linux and we are using windows based probe....

Suffice to say, with the following config:

set snmp v3 usm local-engine user ng-sh-engineer authentication-md5 authentication-key <key>
set snmp v3 usm local-engine user ng-sh-engineer privacy-aes128 privacy-key <key>
set snmp v3 vacm security-to-group security-model usm security-name ng-sh-engineer group snmpgroup
set snmp v3 vacm access group snmpgroup context-prefix Customer-VR security-model usm security-level authentication read-view allmibs
set snmp engine-id use-default-ip-address
set snmp view allmibs oid .1.3.6.1 include
set snmp view allmibs oid .1 include
set snmp routing-instance-access

It worked, but gave us a few thousand in the output, which is probably every MIB going..... will have to work on that

Because of the 30,000+ OIDs it gave us, I have no idea which ones to use.... anyone got any ideas please?

You may try SNMP MIB Explorer: https://apps.juniper.net/mib-explorer/

The problem does not seem to be the Context or the RI or the Mibs....

All of that is configured correctly within the SRX as per the links you provided (thanks), but when then completing the autodiscovery within prtg we get nothing back.

If we complete the walkthrough, as I mentioned, we get the 30,000+ OIDs, but that is really just saying "Hey, SNMP works"....

I don't want to monitor anything attached to the SRX as that is already being monitored, I want to be able to monitor the SRX itself, but we have no default "inet.0" table.... only routing-instances. All the other devices are working really well from an SNMP perspective.... Here is what I configured (I've added a second context to test with same results):

set snmp v3 usm local-engine user ng-sh-engineer authentication-md5 authentication-key <key>
set snmp v3 usm local-engine user ng-sh-engineer privacy-aes128 privacy-key <key>
set snmp v3 vacm security-to-group security-model usm security-name ng-sh-engineer group snmpgroup
set snmp v3 vacm access group snmpgroup context-prefix Customer-VR security-model usm security-level authentication read-view allmibs
set snmp v3 vacm access group snmpgroup context-prefix ninegroup-radius security-model usm security-level authentication read-view allmibs
set snmp engine-id use-default-ip-address
set snmp view allmibs oid .1.3.6.1 include
set snmp view allmibs oid .1 include
set snmp routing-instance-access