Tag Archives: snmpwalk

SNMP Polling over a Routing Instance

Reading Time: 3 minutes

Polling SNMP over a Routing Instance is quite straightforward once you understand the syntax necessary to specify that you want to poll the routing-instance. But when I tried this the first time, I didn’t have a clue why it didn’t work!

For a bit of background, we had a request from another team who’s network we manage, asking if they could SNMP details so they could poll an edge pair of SRX240’s. We use a routing instance to keep the management traffic separate from production traffic, so configured a SMNPv2 community and asked them to test it, but and they said it wasn’t working… BALLS :S

I set this up in the lab for testing; I used a Juniper SRX220 with Routing-Instance that had a Ubuntu 14.04LTS host directly connected to poll SNMP

I had configured SNMPv2 and enabled it to allow the relevant routing-instance to have access under the community stanza and enabled routing instance access under the overall stanza as well, thinking that this would be enough:

[edit]
[email protected]# show snmp 
community test {
    authorization read-only;
    routing-instance test {
        clients {
            192.168.1.0/24;
        }
    }
}
routing-instance-access;

However, when I did a snmpwalk….. I got nothing :/

[email protected]:~$ snmpwalk -v2c -ctest 192.168.1.1
^C

Not Good 🙁

I messed about with the configuration and asked a few colleagues and a senior, but none of them could see the issue. So, as you do when you don’t have a clue…. Time to Google! From my searches managed to find Juniper KB page that explained the different variations of syntax when polling SNMPv1/v2c with Routing Instances

There are 3 variations:

  • community string – which works if the user polls directly from inet.0
  • [email protected] string – which polls information for specific routing instance
  • [email protected] string – which allows polling information about inet.0 only

In essence when I was tried to SNMP poll the SRX with the syntax snmpwalk -v2c -ctest 192.168.1.1, it wasn’t referencing the routing instance because snmpwalk was trying to poll the master instance, which routing-instance had no access to.

For the syntax, I should have been using was snmpwalk -v2c [email protected] 192.168.1.1. By referencing the routing instance I was able to SNMP poll the SRX and all the interfaces that were within the routing-instance:

[email protected]:~$ snmpwalk -v2c [email protected] 192.168.1.1
\iso.3.6.1.2.1.1.1.0 = STRING: "Juniper Networks, Inc. srx220h2 internet router, kernel JUNOS 12.1X47-D30.4 #0: 2015-11-13 14:16:02 UTC     [email protected]:/volume/build/junos/12.1/service/12.1X47-D30.4/obj-octeon/junos/bsd/kernels/JSRXNLE/kernel Build date: 2015-11-13 15:4"

SNMPv3 Polling

For SNMPv3 when configuring your user, under snmp v3 access group stanza, the context-prefix HAS to be the same name as the Routing-Instance

[email protected]# show snmp 
v3 {
    usm {
        local-engine {
            user keeran {
                authentication-sha {
                    authentication-key "$9$WS8LdbYgojk.aJDkqmF3Ap01cyevWXNdleZUDjq.hSyKLx-VwoaUbwgJGU.m1RESrvXxdsYohSvLxNY2z3n/p0REylvW1IxN-VY2JGDk5Q/Ct01RUjqfzFAt8XxdYgDikf5FGU69CA0OLx7NdsUjHTFniHmTznCA8Xx7s2aJDmPQjiCt0ORE-VbsYo"; ## SECRET-DATA
                }
                privacy-des {
                    privacy-key "$9$qmz3/CtIhSpu1hcyW8-Vw2JGjHqPTzDj0B1IcSaZGimfQFntpB3nCuOBSy24oZUHPfz6/taZHmfT/9M8LxVw4oGDHq2gfTQF/9uO1hevxNdw24BIclMW-d.Pfz/C1RhleWOBX7N-wsmf5Tz6BIEKWLREyKMLN-.Pf569pu1yrvIRNdws4oQF36/t"; ## SECRET-DATA
                }
            }
        }
    }
    vacm {
        security-to-group {
            security-model usm {
                security-name keeran {
                    group view-all;
                }
            }
        }
        access {                        
            group view-all {
                context-prefix test {
                    security-model usm {
                        security-level privacy {
                            read-view view-all;
                            notify-view view-all;
                        }
                    }
                }
            }
        }
    }
}
view view-all {
    oid .1 include;
}
routing-instance-access;

Then when you run the snmpwalk you’ll need to add the flag -n to specify the context name, which will be the routing-instance. If you’ve used the same authentication and privacy types as me, your syntax should look something like this: snmpwalk -v 3 -u keeran -l authPriv -a SHA -A test1234 -x DES -X test1234 -n test 192.168.1.1

snmpwalk -v 3 -u keeran -l authPriv -a SHA -A test1234 -x DES -X test1234 -n test 192.168.1.1
iso.3.6.1.2.1.1.1.0 = STRING: "Juniper Networks, Inc. srx220h2 internet router, kernel JUNOS 12.1X47-D30.4 #0: 2015-11-13 14:16:02 UTC     [email protected]:/volume/build/junos/12.1/service/12.1X47-D30.4/obj-octeon/junos/bsd/kernels/JSRXNLE/kernel Build date: 2015-11-13 15:4"

This was pretty frustrating as there was no clear reason why it wasn’t working, and something that should have taken a few moments took days! So I’m hoping this will help you so that you don’t end up in a bit of a rage like I was lol

References

Juniper Knowledge Base: SNMP Polling SNMPv1/v2c via Routing Instance
Juniper Knowledge: SNMP Polling SNMPv3 via Routing Instance
Snmpwalk Man Page
snmpwalk -h

Share this:
Share

How to Snmpwalk on Ubuntu 14.04LTS

Reading Time: 2 minutes

You will need to sudo or root privileges to install the following packages

snmpd 
snmp

Once these have been installed you will get following command available to you:

[email protected]:~$ snmp
snmp-bridge-mib  snmpconf         snmpget          snmpset          snmptranslate    snmpvacm
snmpbulkget      snmpd            snmpgetnext      snmpstatus       snmptrap         snmpwalk
snmpbulkwalk     snmpdelta        snmpinform       snmptable        snmptrapd        
snmpcheck        snmpdf           snmpnetstat      snmptest         snmpusm

Snmpwalk is useful command to collect information from network device with SNMP agents. Depending on what version of SNMP, you will need to use one of the following commands

SNMPv1

snmpwalk -v1 -c{ community-name } ip_address

snmpwalk -v 1 -ctest-lab 10.1.0.201
SNMPv2-MIB::sysDescr.0 = STRING: Juniper Networks, Inc. srx220h2 internet router, kernel JUNOS 12.1X44-D45.2 #0: 2015-01-12 14:20:16 UTC     [email protected]:/volume/build/junos/12.1/service/12.1X44-D45.2/obj-octeon/junos/bsd/kernels/JSRXNLE/kernel Build date: 2015-01-12 15:4
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.2636.1.1.1.2.58
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (458062064) 53 days, 0:23:40.64
SNMPv2-MIB::sysContact.0 = STRING: Write a comment 😀
SNMPv2-MIB::sysName.0 = STRING: This a test for snmpwalk example :p
SNMPv2-MIB::sysLocation.0 = STRING: The Lab in Space
SNMPv2-MIB::sysServices.0 = INTEGER: 4

SNMPv2

snmpwalk -v2c -c{ community-name } ip_address

snmpwalk -v2c -ctest-lab 10.1.0.201
SNMPv2-MIB::sysDescr.0 = STRING: Juniper Networks, Inc. srx220h2 internet router, kernel JUNOS 12.1X44-D45.2 #0: 2015-01-12 14:20:16 UTC     [email protected]:/volume/build/junos/12.1/service/12.1X44-D45.2/obj-octeon/junos/bsd/kernels/JSRXNLE/kernel Build date: 2015-01-12 15:4
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.2636.1.1.1.2.58
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (458070509) 53 days, 0:25:05.09
SNMPv2-MIB::sysContact.0 = STRING: Write a comment 😀
SNMPv2-MIB::sysName.0 = STRING: This a test for snmpwalk example :p
SNMPv2-MIB::sysLocation.0 = STRING: The Lab in Space
SNMPv2-MIB::sysServices.0 = INTEGER: 4

SNMPv3

snmpwalk -v 3 -u { username } -l { noAuthNoPriv|authNoPriv|authPriv } -a { MD5|SHA } -A { authentication-password } -x { DES|AES } -X { privary-password } ip_address

snmpwalk -v3 -u test -l authPriv -a SHA -A test-lab -x AES -X test-lab 10.1.0.201
SNMPv2-MIB::sysDescr.0 = STRING: Juniper Networks, Inc. srx220h2 internet router, kernel JUNOS 12.1X44-D45.2 #0: 2015-01-12 14:20:16 UTC     [email protected]:/volume/build/junos/12.1/service/12.1X44-D45.2/obj-octeon/junos/bsd/kernels/JSRXNLE/kernel Build date: 2015-01-12 15:4
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.2636.1.1.1.2.58
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (458338855) 53 days, 1:09:48.55
SNMPv2-MIB::sysContact.0 = STRING: Write a comment 😀
SNMPv2-MIB::sysName.0 = STRING: This a test for snmpwalk example :p
SNMPv2-MIB::sysLocation.0 = STRING: The Lab in Space
SNMPv2-MIB::sysServices.0 = INTEGER: 4
Share this:
Share