Juniper NetScreen SNMP Information

By default, devices listen for SNMP queires on port 161 and send SNMP traps to port 162. You can check that the default ports are in use with get config | include snmp, which can be shortened to get config | i snmp.

ns5xp-> get config | i snmp
set snmp port listen 161
set snmp port trap 162

Or you can use get snmp commands.

ns5xp-> get snmp ?
>                    redirect output
|                    match output
<return>
auth-trap            Get information about the SNMP AuthTraps
community            Get information about a community
settings             Get information about the SNMP settings

You can see the current SNMP settings with get snmp settings

ns5xp-> get snmp settings
Location:
Contact :
Sysname :ns5xp
Listening Port: 161  Trap Port: 162

You can configure values, such as location, contact, etc. with set snmp commands.

ns5xp-> set snmp ?
auth-trap            set SNMP AuthTrap
community            snmp community configuration
contact              set system contact
host                 snmp host configuration
location             set system location
name                 set system name
port                 set SNMP listen & trap port

E.g., the contact can be set as shown below:

ns5xp-> set snmp contact ?
<string>             contact person
ns5xp-> set snmp contact "John Doe"
ns5xp->

If you wish to set a community string for SNMP queries, you can do so as shown below where a read-only community string is set to "SomeSecret1234".

ns5xp-> set snmp community "SomeSecret1234" Read-Only
ns5xp-> get snmp community "SomeSecret1234"
SomeSecret1234                       Read: Yes   Write: No   Traps: Yes  Traffic: No Version: v1
        No Hosts for community.
ns5xp->

I can specify which IP addresses are permitted to submit SNMP queries to the device using the community string with a command such as the following one.

ns5xp-> set snmp host "SomeSecret1234" 192.168.0.5 255.255.255.255
ns5xp-> get config | i "snmp"
set snmp community "SomeSecret1234" Read-Only Trap-on  version v1
set snmp host "SomeSecret1234" 192.168.0.45 255.255.255.255 trap v1
set snmp location "Acme Inc."
set snmp contact "John Doe"
set snmp port listen 161
set snmp port trap 162
ns5xp->

The format is set snmp host community_string ip_address subnet_mask where the parameters are as follows:

You can also add an optional src-interface parameter. E.g., src-interface could be trust or untrust, specifying that a query would only be responded to if it came in on the specified interface.

ns5xp-> set snmp host "SomeSecret1234" 192.168.0.45 255.255.255.255 src-interface trust
ns5xp->

You can see the list of addresses that are allowed to submit SNMP queries with a get snmp community command.

ns5xp-> get snmp community SomeSecret1234 
SomeSecret1234                       Read: Yes   Write: No   Traps: Yes  Traffic: No Version: v1
   Hosts:
        192.168.0.45/255.255.255.255  src-interface trust  trap v1
        192.168.1.26/255.255.255.255  src-interface Null  trap v1
ns5xp->

You can remove SNMP settings with unset snmp commands.

ns5xp-> unset snmp ?
auth-trap            set SNMP AuthTrap
community            snmp community configuration
contact              set system contact
host                 snmp host configuration
location             set system location
name                 set system name
port                 set SNMP listen & trap port

E.g., to remove an IP address from the list of those permitted to issue SNMP queries to the NetScreen device:

ns5xp-> unset snmp host SomeSecret1234 192.168.1.26
ns5xp-> get snmp community SomeSecret1234
SomeSecret1234                       Read: Yes   Write: No   Traps: Yes  Traffic: No Version: v1
   Hosts:
        192.168.0.45/255.255.255.255  src-interface trust  trap v1
ns5xp->

To have the SNMP configuration changes you've made persist after a reboot, issue the command save config.

 

Justdeals Daily Electronics Deals

Created: Sunday July 5, 2015