DX NetOps

  • Private Community
 View Only

  • 1.  Juniper Devices in Spectrum using SNMPv3

    Posted Feb 18, 2015 05:58 AM

    Hi All,

     

    I have a customer who is looking to manage Juniper devices in Spectrum using SNMPv3 but as yet has not been successful.

     

    The customer has configured an SNMPv3 profile to match what he believes he has configured on the devices but this has not worked so perhaps the device is not correctly configured.

    Has anyone done this and have experience of configuring the devices and setting up Spectrum to manage them.


    Does anyone have any hints/tips/gotchas that could help my customer?

     

    Kind Regards

    Lesley



  • 2.  Re: Juniper Devices in Spectrum using SNMPv3

    Posted Feb 18, 2015 10:57 AM

    Lesley,

     

    First thing is to check the snmp v3 configuration on device and query it from Mib tools

    Configuring SNMP on Devices Running the Junos OS - Technical Documentation - Support - Juniper Networks

     

    Things to remember:

    SPECTRUM supports the following:

     

    Authentication - SHA, MD5 (MD5 by default)

    Privacy - AES, 3DES, DES (DES by default)

     

    You can override a protocol by specifying the protocol in the auth or priv string as follows:

     

    SHA^<authstring> will use SHA for the auth string instead of the default MD5

    AES^<privstring> will use AES for the priv string instead of the default DES

     

    You can also change the default protocols by overriding them in the SPECTRUM .vnmrc file with the following lines:

     

    snmpv3_default_auth_protocol=***

    snmpv3_default_priv_protocol=***


    HTH


    Kalyan



  • 3.  Re: Juniper Devices in Spectrum using SNMPv3

    Posted Feb 18, 2015 11:03 AM

    Kaylan,

     

    Thanks for the response.

    I had already forwarded the Juniper tech doc link to the customer so I'm waiting for him to confirm his config.

     

    Thank you for the other tips.


    I will report back when I hear from the customer.


    Regards

    Lesley



  • 4.  Re: Juniper Devices in Spectrum using SNMPv3

    Posted Feb 18, 2015 02:08 PM

    I have seen customers have issues with Juniper devices that were shipped to them pre-configured. The root issue is that the SNMP Engine Id is the same on all devices, they need to be unique.

     

     

    Engine IDs have to be unique for every agent across all devices in a domain  – that is required by the SNMPv3 protocol  (RFC3424 and RFC 2574). If two devices have the same engineId but the EngineBoots or engineTime are different, which they would be, then they will get errors like the ones below.

     

     

    ]# tcpdump -r tcpDump.2.txt


    S:snmpUsmMIB.usmMIBObjects.usmStats.usmStatsNotInTimeWindows.0=164