Junos® OS SNMP MIBs and Traps Monitoring and Troubleshooting
Contents
1. BGP4 V2 MIB jnxBgpM2Established 1 3 6 1 4 1 2636 5 1 1 1 0 1 All devices running Junos jnx bgpmib2 OS mib jnxBgpM2BackwardTransition 1 3 6 1 41 2636 5 1 1 1 0 2 All devices running Junos os DHCP MIB jnxJdhcpLocalServer 13 614126363 61 611 31 All devices running Junos jnx dhcp mib DuplicateClient OSs jnxJdhcpLocalServer 13 614126363 616113 2 All devices running Junos InterfaceLimitExceeded Os jnxJdhcpLocalServer 13 614126363 61 61133 All devices running Junos InterfaceLimitAbated Os jnxJdhcpLocalServer Health 13 614 126363 61 61134 All devices running Junos os jnxJdhcpRelayInterface 13 6141 26363 6161231 All devices running Junos LimitExceeded OS jnxJdhcpRelaylnterface 13 614126363 6161232 All devices running Junos LimitAbated OS DHCPV6MIB jnxJdhcpv6LocalServer 13 614126363 626223 All devices running Junos jnx dhcpv6 InterfaceLimitExceeded Os mib jnxJdhcpv6LocalServer 13 614126363 6262232 All devices running Junos InterfaceLimitAbated OS jnxJdhcpv6LocalServer Health 136 41263636262233 All devices running Junos Os LDP MIB jnxLdpLspUp 1 3 6 1 4 1 2636 4 4 0 1 M T and MX Series jnx ldp mib routers jnxLdpLspDown 1 3 6 1 4 1 2636 4 4 0 2 M T and MX Series routers jnxLdpSesUp 1 3 6 1 4 1 2636 4 4 0 3 M T and MX Series routers jnxLdpSesDown 1 3 6 1 4 1 2636 4 4 0 4 M T and MX Series routers 92 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS T2. Informational note Indicates important features or instructions 1 Caution Indicates a situation that might result in loss of data or hardware damage f Warning Alerts you to the risk of personal injury or death Laser warning Alerts you to the risk of personal injury from a laser Q Tip Indicates helpful information Best practice Alerts you to a recommended use or implementation Ww Table 2 on page xviii defines the text and syntax conventions used in this guide Copyright 2015 Juniper Networks Inc xvii SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 2 Text and Syntax Conventions Convention Bold text like this Description Represents text that you type Examples To enter configuration mode type the configure command user host gt configure Fixed width text like this Represents output that appears on the terminal screen user host gt show chassis alarms No alarms currently active Italic text like this e Introduces or emphasizes important e A policy term is a named structure new terms that defines match conditions and Identifies guide names actions Identifies RFC and Internet draft titles U705 OS CLI User Guide e RFC 1997 BGP Communities Attribute Italic text like this Represents variables options for which Configure the machine s domain name you substitute a value in commands or configuration statements edit root
3. edit snmp v3 vacm access Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Statement introduced in Junos OS Release 14 1X53 D20 for the OCX Series Assign the security name to a group and specify the SNMPv3 context applicable to the group The default context prefix statement when included adds all the contexts configured on the device to the group whereas the context prefix context prefix statement enables you to specify a context and to add that particular context to the group Not applicable to the QFX Series and OCX Series When the context prefix is specified as default for example context prefix default the context associated with the master routing instance is added to the group To specify a routing instance that is part of a logical system specify it as logical system routing instance For example to specify routing instance ril in logical system Ls include context prefix ls1 ril The remaining statements under this hierarchy are explained separately group name SNMPVv3 group name created for the SNMPv3 group snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Group on page 150 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements group Defining Access Privileges
4. 0 186 Example Setting Trap Notification for Remote Operations 187 Using Variable Length String Indexes 0 0 ee 187 Example Set Variable Length String Indexes 000000 187 Enabling LOSSiNg 6 ee eee eee nee 188 Using the Ping MIB for Remote Monitoring Devices Running JunosOS 188 Starine a PINA WSU 2 ote es rendas eidar save aay h drei cane E Myo Reuse eu e 188 Using Multiple Set Protocol Data Units PDUs 0 000005 189 Using a Single Set PDU 1 ene nne 189 MOnItorine 2 RUAKING PINE TESE oc cnn Pas acces core dv hae areas e caw bee ee Gad 190 pingResultsTable 0 eee eee eens 190 pingProbeHistoryTable 2 ee eee eens 191 Generating TrapS aau uuaa eee ee eens 192 Gathering Ping Test ResultS 0 ce eee nena 192 Stopping a Ping Test 0 0 ee eee e eens 194 Interpreting Ping Variables 0 0 0c eee eee eae 194 Using the Traceroute MIB for Remote Monitoring Devices Running Junos OS 195 Tracing SNMP ACtiVity cs cccca dence vine io tert sumed ewe Ean E 197 Tracing SNMP Activity on a Device Running JUnos OS 000 197 Configuring the Number and Size of SNMP Log Files 198 Configuring Access to the Log File 1 6 eee 198 Configuring a Regular Expression for Lines to Be Logged 199 Configuring the Trace Operations 0 0c ee ee 199 Example Tracing SNMP Activity 0 ee eee 200 Configuring Vi
5. notify name is the name assigned to the notification Each notify entry name must be unique tag tag name defines the target addresses that are sent this notification The notification is sent to all target addresses that have this tag in their tag list The tag name is not Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 included in the notification For information about how to configure the tag list see Configuring the Trap Target Address on page 162 type inform is the type of notification target address target address name identifies the target address The target address defines a management application s address and parameters that are used to respond to informs timeout seconds is the number of seconds to wait for an acknowledgment If no acknowledgment is received within the timeout period the inform is retransmitted The default timeout is 15 seconds retry count number is the maximum number of times an inform is transmitted if no acknowledgment is received The default is 3 If no acknowledgment is received after the inform is transmitted the maximum number of times the inform message is discarded message processing model defines which version of SNMP to use when SNMP notifications are generated Informs require a v3 message processing model security model defines the security model to use when SNMP notifications are generated Informs require a usm security model security mo
6. isisSequenceNumberSkip Generated when an LSP is received with a system ID and different contents indicating the LSP might require a higher sequence number isisAuthenticationTypeFailure Generated when a PDU with the wrong authentication type field is received isisAuthenticationFailure Generated when a PDU with an incorrect authentication information field is received isisVersionSkew Generated when a hello PDU from an IS running a different version of the protocol is received isisAreaMismatch Generated when a hello PDU from an IS which does not share any area address is received isisRejectedAdjacency Generated when a hello PDU from an IS is received but no adjacency is established because of a lack of resources isisLSPTooLargeToPropagate Generated when a link state PDU that is larger than the dataLinkBlockSize for a circuit is attempted but not propagated isisOriginating_SPBufferSizeMismatch Copyright 2015 Juniper Networks Inc 107 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 16 Unsupported Standard SNMP Traps continued MIB Trap Name Description Generated when a Level 1 link state PDU or Level 2 link state PDU is received that is larger than the local value for originating LILSPBufferSize or originating L2LSPBufferSize respectively or when a Level 1 link state PDU or Level 2 link state PDU is received containing th
7. ospfNbrStateChange 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfVirtNbrStateChange 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospflfConfigError 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfVirtlfConfigError 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospflfAuthFailure 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfVirtlfAuthFailure 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospflfRxBadPacket 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfVirtlfRxBadPacket 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfTxRetransmit 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfVirtlfTxRetransmit 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfMaxAgeLsa 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 14 Standard Supported SNMP Version 1 Traps continued System Generic Logging Trap Severity Definedin Trap Name Enterprise ID Number Level Syslog Tag Supported On ospflfStateChange 1 3 6 1 2 1 14 16 2 6 16 M T MX J EX and SRX for branch devices VRRP Notifications RF
8. All devices ThresholdExceeded running Junos OS jnxPingEgressJitter 1 3 6 1 4 1 263649 6 6 All devices ThresholdExceeded running Junos OS jnxPinglngressThreshold Exceeded 1 3 6 1 4 1 2636 4 9 6 7 All devices running Junos OS jnxPingIngressStddevThreshold 1 3 6 1 4 1 263649 6 8 All devices Exceeded running Junos OS jnxPingIngressJitterThreshold 1 3 6 1 4 1 263649 6 9 All devices Exceeded running Junos OS Routing Notifications BFD bfdSessUp 1 3 6 1 4 1 6 1 All devices Experimental 2636 5 3 1 running Junos MIB jnx bfd OS exp mib bfdSessDown 1 3 6 1 4 1 6 2 All devices 2636 5 3 1 running Junos OS LDP MIB jnxLdpLspUp 1 3 6 1 4 1 263644 6 1 M T and MX jnx ldp mib Series routers jnxLdpLspDown 1 3 6 1 4 1 263644 6 2 M T and MX Series routers jnxLdpSesUp 1 3 6 1 4 1 263644 6 3 M T and MX Series routers jnxLdpSesDown 1 3 6 1 4 1 263644 6 4 M T and MX Series routers 86 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 12 Juniper Networks Enterprise Specific Supported SNMP Version 1 Traps continued System Generic Specific Logging Trap Trap Severity Supported Defined in Trap Name Enterprise ID Number Level a MPLS MIB mplsLspUp Deprecated jnx mpls mib 1 3 61 4 1 26363 24 mplsLspDown Deprecated 1 3 61 4 1 26363 24 mplsLspChange Deprecated 1 3 61 4 1 2636 3 24 mplsLspPathDown Deprecated
9. Each probe result is recorded in pingProbeHistoryTable For more information about pingProbeHistoryTable see pingProbeHistoryTable on page 191 When a response is received from the target host acknowledging the current probe pingResultsProbeResponses increases by 1 The following variables are updated pingResultsMinRtt Minimum round trip time pingResultsMaxRtt Maximum round trip time pingResultsAverageRtt Average round trip time pingResultsRttSumOfSquares Sum of squares of round trip times e pingResultsLastGoodProbe Timestamp of the last response NOTE Only probes that result in a response from the target host contribute to the calculation of the round trip time RTT variables When a response to the last probe is received or the last probe has timed out the test is complete pingProbeHistoryTable An entry in pingProbeHistoryTable pingProbeHistoryEntry represents a probe result and is indexed by three variables The first two variables pingCtLOwnerIndex and pingCtlTestName are the same ones used for pingCtlTable which identifies the test The third variable pingProbeHistorylndex is a counter to uniquely identify each probe result Copyright 2015 Juniper Networks Inc 19 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Generating Traps The maximum number of pingProbeHistoryTable entries created for a given test is limited by pingCtlMaxRo
10. c cccseseeeees 41 46 52 FMONM StatemMenteissienweshnniwids heen denn 306 usage SUICGELINGS ceeeccsessesessesesessescssesescessstseseeesseeeees 232 Copyright 2015 Juniper Networks Inc routing instances access lists CONPMBSUIING ccna iesiieannioneay 183 SNMP enabling access ID ONtIFYING ec cseecesceesesseseseesestssessseessesseesesenestsnees SPCC UY INS is eseese cess sspears aa 180 routing instance statement SINR astern ate a cetera rote teense 309 SNMPV3B vessessesssssssecsessssscssssessssssseesecsessesucsesseesesneseeseeneenes 310 usage BUIGELINGS cc esesseseesesesseseseseseseesesensees 162 FOUTING INSTANCE ACCESS eceseesssseseesssssseseseseseseeeeseseseaees 310 S sample type StATEMEN t u ecscescscssesesessesessesesseseseseeseeeeseeeees 31 usage guidelines for ALALIMNS eeesescesteseseesecsessestesessessestesesseesesneseeaeenes 227 for OVENS irsiscasscesssacsisaecsettaacheadicenieeccneninaness 228 Security Interface Extension Objects IA aod o oes ste sees ccsh tenceessste tastes cteneaste ast teet 41 47 52 Security Screening Objects MIB 47 52 security level statement fOr ACCESS privile gESininunnnssninnunnnunnini 312 usage SUICGELINGS ceecesescsseseseesssessesesceseseseeseees 150 for SNMP notifiCations ccccesecsessesssesseeseseseseeees 313 usage guidelines security model statement for ACCESS PLIVILESSS ees ecseesessesceseseseeseseseseeeeseeees usage SUICGELINGS
11. jnx sonetaps mib apsMIBObjects jnx sp mib jnxSpMIB ggsn mib ejnmobileipABmib rfc1907 mib snmpModules snmpModules Examples snmpMIB snmpFrameworkMIB Table 10 on page 73 shows Class 4 MIB objects standard and enterprise specific MIBs supported by Junos OS With Class 4 objects data is not segregated by routing instance All instances are exposed 12 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 10 Class 4 MIB Objects Standard and Juniper MIBs Class MIB Objects Class 4 system Example sysORTable rfc201la mib ip ipDefaultTTL iplnReceives icmp rfc2012a mib tcp tcpConnTable ipv6TcpConnTable rfc2013a mib udp udpTable ipv6UdpTable rfc2790a mib hrSystem rfc2287a mib sysApplOBJ jnx firewall mib jnxFirewalls jnx ipv6 mib jnxlpv6 Related gt Understanding SNMP Support for Routing Instances on page 177 D mentation ocumengato Trap Support for Routing Instances on page 178 SNMP MIB Objects Supported by Junos OS for the Set Operation Supported Platforms LN Series SRX Series Table 11 on page 73 lists the SNMP MIB objects that are supported by Junos OS for the snmp set operation Table 11 SNMP MIB Objects Object Name Object Identifier RFC 1907 sysContact 1 3 6 1 2 1 1 4 sysName 1 3 6 1 2 1 1 5 sysLocation 1 3 6 1 2 1 1 6 Copyright 2015 Juniper Networks Inc 73 SNMP MIBs and Traps Mo
12. jnxOperatingBuffer REO Monitors the amount of memory available on Routing Engines REO and RE1 Because the indexing of this object is identical to that used for jnxOperatingCPU index values are adjusted depending on the indexing scheme used in the Chassis MIB As with jnxOperatingCPU the alarm entry monitoring RE1 is removed if the router or switch has only one Routing Engine jnxOperatingBuffer RE1 sysApplElmtRunCPU Monitors the CPU usage for each Junos OS process also called daemon Multiple instances of the same process are monitored and indexed separately sysApplElmtRunMemory Monitors the memory usage for each Junos OS process Multiple instances of the same process are monitored and indexed separately Copyright 2015 Juniper Networks Inc Chapter 15 Configuring Health Monitoring Minimum Health Monitoring Configuration To enable health monitoring on the router or switch include the health monitor statement at the edit snmp hierarchy level edit snmp health monitor Configuring the Falling Threshold or Rising Threshold The falling threshold is the lower threshold expressed as a percentage of the maximum possible value for the monitored variable When the current sampled value is less than or equal to this threshold and the value at the last sampling interval is greater than this threshold a single event is generated A single event is also generated if the first sample after this ent
13. 352 Copyright 2015 Juniper Networks Inc Chapter 17 Operational Commands Table 27 show snmp health monitor routing engine history Output Fields continued Field Name Field Description Configuration E ffective configuration of a resource interval Configured interval in seconds moderate threshold Percentage of moderate threshold level resource utilization high threshold Percentage of high threshold level resource utilization critical threshold Percentage of critical threshold level resource utilization action Configured action for a resource Usage Trail Displays the previous usage records Top daemon Li ist of processes with high resource utilization Growing daemons ist of processes with high incremental resource utilization from the previous sample Top files rc ist of large files in a partition Growing files ist of files in a partition that have gotten larger since the previous sample Resource name Name of the resource Latest event Displays the latest event associated with the resource The available events are Moderate Rising High Rising Critical Rising Moderate Falling High Falling Critical Falling Time elapsed Displays the time elapsed since the event occurred Action Displays the action associated with the resource The available actions are e Monitor e Prevent e Recover Sample Output show snmp heal
14. Copyright 2015 Juniper Networks Inc 235 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices D NOTE Figure 4 on page 235 does not show the client networks at customer premises but they would be located on either side of the ingress and egress points Although this chapter does not discuss how to measure network services as perceived by these client networks you can use measurements taken for the service provider network as input into such calculations Basic Key Performance Indicators Setting Baselines Related Documentation 236 For example you could monitor a service provider network for three basic key performance indicators KPIs Availability measures the reachability of one measurement point from another measurement point at the network layer for example using ICMP ping The underlying routing and transport infrastructure of the provider network will support the availability measurements with failures highlighted as unavailability Health measures the number and type of errors that are occurring on the provider network and can consist of both router centric and network centric measurements such as hardware failures or packet loss Performance of the provider network measures how well it can support IP services for example in terms of delay or utilization How well is the provider network performing We recommend an initial three month period of monitoring to identif
15. Matches the security name at the target parameters tag hostl Finds the addresses that are allowed to be used with target address tal Associates the target address with the group san francisco address 10 1 1 1 address mask 255 255 255 0 Defines the range of addresses port 162 tag list router target parameters tpl Applies configured target parameters target address ta2 address 10 1 1 2 address mask 255 255 255 0 port 162 tag list host target parameters tp2 target address ta3 address 10 1 1 3 address mask 255 255 255 0 port 162 tag list routerl host1 target parameters tp3 target parameters tpl Defines the target parameters Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 notify filter nfl Specifies which notify filter to apply parameters message processing model vl security model v1 security level none security name john Matches the security name configured at the edit snmp v3 snmp community community index hierarchy level target parameters tp2 notify filter nf2 parameters message processing model vl security model v1 security level none security name john target parameters tp3 notify filter nf3 parameters message processing model vl security model v1 security level none security name john usm local engine Defines authentication and encryption for SNMPv3 users user user authentication
16. Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 272 LN Series M Series MX Series PTX Series SRX Series T Series enterprise oid edit snmp trap options Statement introduced in Junos OS Release 10 0 Add the snmpTrapEnterprise object which shows the association between an enterprise specific trap and the organization that defined the trap to standard SNMP traps By default the snmpTrapEnterprise object is added only to the enterprise specific traps When the enterprise oid statement is included in the configuration snmptTrapEnterprise is added to all the traps generated from the device snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring SNMP Trap Options on page 128 EX Series LN Series M Series MX Series PTX Series T Series event index community community name description description type type edit snmp rmon Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure RMON event entries index l dentifier for a specific event entry The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring an Event Entry and Its Attributes on page 228 alarm SNMP RMON
17. This topic includes the following sections Configuring the Advanced Encryption Standard Algorithm on page 147 Configuring the Data Encryption Algorithm on page 147 e Configuring Triple DES on page 147 Configuring No Encryption on page 148 146 Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 Configuring the Advanced Encryption Standard Algorithm To configure the Advanced Encryption Standard AES algorithm for an SNMPv3 user include the privacy aes128 statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username privacy aes128 privacy password privacy password privacy password is the password used to generate the key used for encryption SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters Configuring the Data Encryption Algorithm To configure the data encryption algorithm DES for an SNMPv3 user include the privacy des statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username privacy des privacy password privacy password privacy password is the password used to generate the key used for encryption SNMPv3 has special requirements
18. default context prefix security model usm Define an SNMPv3 security model security level privacy notify view nv read view rv write view wv 152 Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 context prefix lr1 ril routing instance ril in logical system Ir security model usm security level privacy notify view nv read view rv1 write view wv group group2 default context prefix security model usm Define an SNMPv3 security model security level authentication read view rv2 write view wv2 group group3 default context prefix security model vl Define an SNMPv3 security model security level none read view rv3 write view wv3 Related Configuring the Access Privileges Granted to a Group on page 149 D tati ocumentanon Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Assigning Security Model and Security Name to a Group Supported Platforms ACX Series LN Series M Series MX Series PTX Series SRX Series T Series To assign security names to groups include the following statements at the edit samp v3 vacm security to group hierarchy level edit snmp v3 vacm security to group security model usm v1 v2c security name security name group group name Copyright 2015 Juniper Networks Inc 153 SNMP MIBs and Traps Monitori
19. edit snmp v3 target parameters target parameters name target parameters name is the name assigned to the target parameters Copyright 2015 Juniper Networks Inc 163 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices To configure target parameter properties include the following statements at the edit snmp v3 target parameters target parameter name hierarchy level edit snmp v3 target parameters target parameter name notify filter profile name parameters message processing model v1 v2c V3 security level authentication none privacy security model usm v1 v2c security name security name This topic includes the following sections Applying the Trap Notification Filter on page 164 Configuring the Target Parameters on page 164 Applying the Trap Notification Filter To apply the trap notification filter include the notify filter statement at the edit snmp v3 target parameters target parameter name hierarchy level edit snmp v3 target parameters target parameter name notify filter profile name profile name is the name of a configured notify filter For information about configuring notify filters see Configuring the Trap Notification Filter on page 135 Configuring the Target Parameters To configure target parameter properties include the following statements at the edit snmp v3 target parameters target parameter name parameters hierarch
20. on page 126 Copyright 2015 Juniper Networks Inc 121 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices edit groups global snmp community name user host set authorization authorization This example confines the public community to read only access Any SNMP client for example an SNMP management system that belongs to the public community can read MIB variables but cannot set change them edit groups global snmp community public user host set authorization read only 2 Define alist of clients in the community who are authorized to communicate with the SNMP agent in Junos OS The clients statement lists the IP addresses of the clients community members that are allowed to use this community If no clients statement is present all clients are allowed For address you must specify an IPv4 or IPv6 address not a hostname Include the default restrict option to deny access to all SNMP clients for which access is not explicitly granted We recommend that you always include the default restrict option to limit SNMP client access to the local router D NOTE Community names must be unique You cannot configure the same community name at the edit snmp community and edit snmp v3 snmp community community index hierarchy levels Related Adding a Group of Clients to an SNMP Community on page 166 D tati OPENEN Configuring SNMP on a Device Running Junos OS on page 115 e Configuration St
21. 32806 32807 Copyright 2015 Juniper Networks Inc PFE rel Subscri Subscri Web man Applica IDP pol Shared System Network Wireles Wireles Health jnxFruT Health hrSyste Health jnxHrSy Health jnxFwdd Health jnxFwdd Health jnxFwdd Health jnxFwdd Chapter 17 Operational Commands ay process 8044 active ber management process 17852 active ber management helper process 21076 active agement gatekeeper process 12820 active tion identification process 18328 active icy daemon 30188 active memory routing socket message database process 15672 active Health Management Daemon 15004 active security trace daemon 10400 active s WAN process 15016 active s LAN service process 13936 active Monitor RE Temperature emp 9 1 0 0 51 active Monitor RE Process count usage mProcesses 0 123 moderate threshold Monitor RE Open file Descriptor count stemOpenFiles 0 738 active Monitor FWDD Micro Kernel threads total CPU Utilization MicroKernelCPUUsage 0 11 active Monitor FWDD Real Time threads total CPU Utilization RtThreadsCPUUsage 0 0 active Monitor FWDD DMA Memory utilization DmaMemUsage 0 1 active Monitor FWDD Heap utilization HeapUsage 0 39 active 351 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices show snmp health monitor routing engine history Supported Platforms Syntax Release Information Description Options Required Privilege Level R
22. For more information see P Forward MIB IPsec Generic Flow Monitoring Object MIB Based on jnx ipsec monitor mib this MIB provides support for monitoring IPsec and IPsec VPN management objects This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipsec flow mon txt For more information see Psec Generic Flow Monitoring Object MIB IPsec Monitoring MIB Provides operational and statistical information related to the IPsec and IKE tunnels on Juniper Networks routers For a downloadable version of this Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipsec monitor asp txt For more information see Psec Monitoring MIB IPsec VPN Objects MIB Provides support for monitoring IPsec and IPsec VPN management objects for Juniper security product lines This MIB is an extension of jnx ipsec flow mon mib This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js ipsec vpn txt For more information see Psec VPN Objects MIB IPv4 MIB Provides additional Internet Protocol version 4 IPv4 address information
23. In this example each SNMPVI trap packet sent has its agent address value set to the IP address of the outgoing interface Adding snmpTrapEnterprise Object Identifier to Standard SNMP Traps The snmpTrapEnterprise object helps you identify the enterprise that has defined the trap Typically the snmpTrapEnterprise object appears as the last varbind in enterprise specific SNMP version 2 traps However starting Release 10 0 Junos OS enables you to add the snmpTrapEnterprise object identifier to standard SNMP traps as well To add snmpTrapEnterprise to standard traps include the enterprise oid statement at the edit snmp trap options hierarchy level If the enterprise oid statement is not included in the configuration snmpTrapEnterprise is added only for enterprise specific traps Copyright 2015 Juniper Networks Inc 131 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation edit snmp trap options enterprise oid e Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 128 e Configuring SNMP Trap Groups on page 132 e Configuring SNMP on a Device Running Junos OS on page 115 Configuration Statements at the edit snmp Hierarchy Level on page 248 Configuring SNMP Trap Groups Supported Platforms 132 LN Series SRX Series You can create and name a group of one or more types of SNMP traps and then define which systems receive the group o
24. Related Structure of Management Information MIB Documentation Enterprise Specific MIBs and Supported Devices Supported Platforms ACX Series EX Series M Series MX Series PTX Series SRX Series T Series Copyright 2015 Juniper Networks Inc 53 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 5 on page 54 lists the enterprise specific MIBs that are supported on various devices running the Junos OS NOTE In this table a value of 1in any of the platform columns M MX T EX J and SRX denotes that the corresponding MIB is supported on that particular platform A value of O denotes that the MIB is not supported on the platform NOTE This topic uses the following classification for SRX Series devices Low End SRX100 SRX110 SRX210 SRX220 and SRX240 Mid Range SRX550 and SRX650 and High End SRX1400 SRX3400 SRX3600 SRX5400 SRX5600 and SRX5800 Table 5 Enterprise Specific MIBs and Supported Devices Platforms E te SOON Ee O O O O O AAA Objects MIB Low Mid End Range Access Authentication Objects MIB O 0 O 0 1 0 1 ll 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx user aaa txt http A wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx js auth txt Alarm MIB 1 1 1 1 1 1 1 1 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx chassis alar
25. Required Privilege Level Related Documentation 310 LN Series M Series MX Series PTX Series SRX Series T Series edit snmp routing instance access access list routing instance routing instance restrict edit snmp Statement introduced in Junos OS Release 8 4 Enable SNMP managers in routing instances other than the default routing instance to access SNMP information For information about the access list option see access list snmp To view this statement in the configuration snmp control To add this statement to the configuration e Enabling SNMP Access over Routing Instances on page 180 Copyright 2015 Juniper Networks Inc sample type Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series SRX Series T Series sample type absolute value delta value edit snmp rmon alarm index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Method of sampling the selected variable absolute value Actual value of the selected variable is used when comparing against the thresholds delta value Difference between samples of the selected variable is used when comparing against the thresholds snmp To view this statement in the configuratio
26. Variable name Name of the health monitor object instance being monitored Value Current value of the monitored variable in the most recent sample interval 346 Copyright 2015 Juniper Networks Inc Chapter 17 Operational Commands Table 26 show snmp health monitor Output Fields continued Field Name Field Description State State of the alarm or event entry Alarms e moderate threshold Percentage of moderate threshold level resource utilization e high threshold Percentage of high threshold level resource utilization e critical threshold Percentage of citical threshold level resource utilization e active Entry is fully configured and activated e falling threshold crossed Value of the variable has crossed the lower threshold limit e rising threshold crossed Value of the variable has crossed the upper threshold limit e under creation Entry is being configured and is not yet activated e startup Alarm is waiting for the first sample of the monitored variable e object not available Monitored variable of that type is not available to the health monitor agent e instance not available Monitored variable s instance is not available to the health monitor agent e object type invalid Monitored variable is not a numeric value e object processing errored An error occurred when the monitored variable was processed e unknown State is not one of the above Variable OID Object ID to w
27. cccscsessessessssecssesssssesseessssesneees 39 44 50 Event MIB isteiesteesaciniiei ye dicee danaataeaas 39 44 50 event SLATEM OM rscssectei secede ctcadencaneddeestccn was 272 usage BUIGElINES skin aiieni sania ences 228 F falling event index statement eee 273 usage BUIGELINGS ccceceseesescsseseseesessesestseetseseesteensesees 225 falling threshold statement health MONItONM esessesesseseesessessessssessessessssseseeseeseeseess 274 usage BUIGELINGS ce cceccsessesestesesessesesseseseeseseeeees 241 RMON cesssssssssessessssecseesessssssesssssssessessessssssessesseseeseescenees 275 falling threshold interval statement RAO 276 usage BUICELINGS cc csesesseeseeseseeeseeeseseeeeees 226 filter duplicates StateEMeNnt ccc usage BUIGELINGS ce ccescsessescscessscssesssssesesseseseesssesseerses filter interfaces StAtEMENt ccccescsecsesestesessesesteseesees filtering Set SNMP requests cccsscsescseesesesseseseeseseseseees Firewall MIB Flow Collection Services MIB TONE CONVENON Sasna a 368 G Get requests SNMP ss ss ssssesrsensssrsrinsrnsnrnsrssnesrnnrssnrsrnsrnnrsne 9 group statement SNMPv3 for access PriVil Ges ccseseeseeee 279 usage guidelines SNMPv3 for configuring usage BUICGELINGS ceceesesessesesesesteestsesseseeeeees H health monitor StateMent c cceccscsesesceseeseseseseeseesees 279 usage BUICELINGS ccccecscseseseesesessessssesesesesesseseeesees 24 Host Res
28. community public The community defined here as public grants read access to all MIB data to any client To configure complete SNMP features include the following statements at the edit snmp hierarchy level snmp client list client list name ip addresses community community name authorization authorization client list name client list name clients address restrict routing instance routing instance name clients addresses logical system logical system name routing instance routing instance name clients addresses view view name contact contact description description engine id local engine id use mac address use default ip address filter duplicates health monitor falling threshold integer interval seconds rising threshold integer interface interface names location location name name nonvolatile 116 Copyright 2015 Juniper Networks Inc Chapter 5 Configuring SNMP commit delay seconds rmon alarm index description text description falling event index index falling threshold integer falling threshold interval seconds interval seconds request type get next request get request walk request rising event index index sample type type startup alarm alarm syslog subtag syslog subtag variable oid variable event index community community name description text description type type traceoptions
29. deny access to pingMIB objects oid jnxPingMIB exclude deny access to jnxPingMIB objects community no ping mib authorization read write view ping mib view Configuring SNMP on a Device Running Junos OS on page 115 Configuration Statements at the edit snmp Hierarchy Level on page 248 Configuring MIB Views on page 126 view Configuring a MIB View on page 343 oid on page 293 Copyright 2015 Juniper Networks Inc 127 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Configuring SNMP Trap Options and Groups on a Device Running Junos OS Supported Platforms ACX Series LN Series M Series MX Series PTX Series SRX Series T Series Some carriers have more than one trap receiver that forwards traps to a central NMS This allows for more than one path for SNMP traps from a router to the central NMS through different trap receivers A device running Junos OS can be configured to send the same copy of each SNMP trap to every trap receiver configured in the trap group The source address in the IP header of each SNMP trap packet is set to the address of the outgoing interface by default When a trap receiver forwards the packet to the central NMS the source address is preserved The central NMS looking only at the source address of each SNMP trap packet assumes that each SNMP trap came from a different source In reality the SNMP traps came from the same router but each left the router thro
30. fe80 1 2 3 4 64 Related Configuring the SNMP Community String on page 120 Documentation Filtering Duplicate SNMP Requests Supported Platforms LN Series PTX Series SRX Series By default filtering duplicate get getNext and getBulk SNMP requests is disabled on devices running Junos OS If a network management station retransmits a Get GetNext or GetBulk SNMP request too frequently to the router that request might interfere with the processing of previous requests and slow down the response time of the agent Filtering these duplicate requests improves the response time of the SNMP agent Junos OS uses the following information to determine if an SNMP request is a duplicate Source IP address of the SNMP request Source UDP port of the SNMP request Request ID of the SNMP request To filter duplicate SNMP requests include the filter duplicates statement at the edit snmp hierarchy level edit snmp filter duplicates Related Configuring SNMP ona Device Running Junos OS on page 115 D tati ocumentaton e Configuring the Interfaces on Which SNMP Requests Can Be Accepted on page 124 Filtering Interface Information Out of SNMP Get and GetNext Output on page 125 Copyright 2015 Juniper Networks Inc 123 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Configuration Statements at the edit snmp Hierarchy Level on page 248 Configuring the Interfaces on Which SNMP R
31. file filename lt files number gt lt size size gt lt world readable no world readable gt lt match regular expression gt flag flag trap group group name categories category destination port port number routing instance instance targets address version all vl v2 trap options agent address outgoing interface source address address view view name oid object identifier include exclude Related Understanding the SNMP Implementation in Junos OS on page 9 D tati ocumentanon Configuration Statements at the edit snmp Hierarchy Level on page 248 Complete SNMPv3 Configuration Statements on page 251 Copyright 2015 Juniper Networks Inc 117 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Configuring the System Contact on a Device Running Junos OS Supported Platforms Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series You can specify an administrative contact for each system being managed by SNMP This name is placed into the MIB II sysContact object To configure a contact name include the contact statement at the edit snmp hierarchy level edit snmp contact contact If the name contains spaces enclose it in quotation marks To define a system contact name that contains spaces edit snmp contact Juniper Berry 650 555 1234 e Configuring SNMP on a Device Running
32. get Retrieve and display one or more SNMP object values get next Retrieve and display the next SNMP object values walk Retrieve and display the SNMP object values that are associated with the requested object identifier OID When you use this option the Junos OS displays the objects below the subtree that you specify ascii Display the SNMP object s string indices as an ASCIl key representation decimal Display the SNMP object values in the decimal default format The decimal option is the default option for this command Therefore issuing the show snmp mib get get next walk decimal object id and the show snmp mib get get next walk object id commands display the same output object id The object can be represented by a sequence of dotted integers such as 1 3 6 1 2 1 2 or by its subtree name such as interfaces When entering multiple objects enclose the objects in quotation marks NOTE On all high end SRX Series devices the show snmp mib command will not display the output for security related MIBs We recommend that you use an SNMP client and prefix logical system name to the community name For example if the community is public use default public for default root logical system snmp To view this statement in the configuration SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices show snmp mib walk standalone on page 359 show snmp mib walk HA on page 359
33. set system domain name domain name Text like this Represents names of configuration e To configure a stub area include the statements commands files and directories configuration hierarchy levels or labels on routing platform components stub statement at the edit protocols ospf area area id hierarchy level e The console port is labeled CONSOLE lt gt angle brackets Encloses optional keywords or variables stub lt default metric metric gt pipe symbol Indicates a choice between the mutually exclusive keywords or variables on either side of the symbol The set of choices is often enclosed in parentheses for clarity broadcast multicast string string2 string3 pound sign Indicates a comment specified on the same line as the configuration statement to which it applies rsvp Required for dynamic MPLS only square brackets Encloses a variable for which you can substitute one or more values community name members community ids Indention and braces Identifies a level in the configuration hierarchy semicolon GUI Conventions xviii Identifies a leaf statement at a configuration hierarchy level edit routing options static route default nexthop address retain Copyright 2015 Juniper Networks Inc About the Documentation Table 2 Text and Syntax Conventions continued Convention De
34. supporting the assignment of identical IPv4 addresses to separate interfaces For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipv4 txt For more information see Pv4 MIB IPv6 and ICMPv6 MIB Provides IPv6 and Internet Control Message Protocol version 6 ICMPv6 statistics For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipv6 txt For more information see Pv6 MIB L2ALD MIB Contains information about the Layer 2 Address Learning Daemon L2ALD and related traps such as the routing instance MAC limit trap and the interface MAC limit trap For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x45 topics reference mibs mib jnx 2ald txt For more information see L2ALD MIB e L2CP MIB Provides information about Layer 2 Control Protocols L2CP based features on MX Series 3D Universal Edge Routers Currently Junos OS supports only the jnxDotidStpPortRootProtectEnabled jnxDotldStpPortRootProtectState and jnxPortRootProtectStateChangeTrap objects For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x45 topics reference mibs mib jnx l2cp features txt For more information see L2CP MIB L2TP MIB Provides information about Layer 2 Transport Protocol L2TP tunnels and sessions For
35. vl v2 edit snmp trap group group name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Specify the version number of SNMP traps all Send an SNMPv1 and SNMPvz2 trap for every trap condition all Send an SNMPv1 and SNMPvz2 trap for every trap condition vl Send SNMPvI1 traps only v2 Send SNMPv2 traps only snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring SNMP Trap Groups on page 132 Copyright 2015 Juniper Networks Inc 341 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices view Associating a MIB View with a Community Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 342 EX Series LN Series M Series MX Series PTX Series SRX Series T Series view view name edit snmp community community name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Associate a view with a community A view represents a group of MIB objects view name Name of the view You must use a view name already configured in the view statement at the edit snmp hierarchy level snmp To view this statement in the configuration snmp control To add this statement to the configurat
36. 2015 Juniper Networks Inc Related Documentation Chapter 6 Configuring SNMPv3 authentication key key authentication none authentication sha authentication key key privacy 3des privacy key key privacy aes128 privacy key key privacy des privacy key key privacy none For informs remote engine engine id is the identifier for the SNMP agent on the remote device where the user resides For informs user username is the user on a remote SNMP engine who receives the informs Informs generated can be unauthenticated authenticated or authenticated_and_encrypted depending on the security level of the SNMPv3 user configured on the remote engine the inform receiver The authentication key is used for generating message authentication code MAC The privacy key is used to encrypt the inform PDU part of the message e Configuring SNMPv3 Traps on a Device Running Junos OS on page 158 e Configuring SNMP Informs on page 157 e Configuring the Inform Notification Type and Target Address on page 170 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Example Configuring the Remote Engine ID and Remote Users on page 173 Example Configuring the Remote Engine ID and Remote Users Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series This example shows how to config
37. 2015 Juniper Networks Inc 145 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters Configuring No Authentication To configure no authentication for an SNMPv3 user include the authentication none statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username authentication none Related Configuring the Encryption Type on page 146 Documentation Defining Access Privileges for an SNMP Group on page 148 e Configuring the Access Privileges Granted to a Group on page 149 e Assigning Security Model and Security Name to a Group on page 153 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Configuring the Encryption Type Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series By default encryption is set to none D NOTE Before you configure encryption you must configure MD5 or SHA authentication Before you configure the privacy des privacy 3des and privacy aes128 statements you must install the jcrypto package and either restart the SNMP process or reboot the router
38. 261 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices categories Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation client list Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 262 EX Series LN Series M Series MX Series PTX Series SRX Series T Series categories category edit snmp trap group group name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Define the types of traps that are sent to the targets of the named trap group If you omit the categories statement all trap types are included in trap notifications category Name of a trap type authentication chassis configuration link remote operations rmon alarm routing sonet alarms startup or vrrp events snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring SNMP Trap Groups on page 132 EX Series LN Series M Series MX Series PTX Series SRX Series T Series client list client list name ip addresses edit snmp Statement introduced in Junos OS Release 8 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in
39. Entity entStateOperEnabled 1 3 6 1 2 1 131 0 1 Notice CHASSSOD SNVP TRAPS MX240 MX480 and State MIB MX960 entStateOperDisabled 1 3 6 1 2 1 131 0 2 Notice CHASSSOD SNVP TRAP3 MX240 MX480 and MX960 L3VPN Notifications RFC 4382 mplsL3VpnVrfUp MPLS BGP Layer 3 Virtual Private IsL3VpnVrfD Network vPN Pr Pnvri Down mESAM RuSMhe Bed mS AAU RM Bed nS Nir RVs Cae MRRP Notifications css RFC 2787 vrrpTrapNewMaster 1 3 6 1 2 1 68 0 1 Warning VRRPD_ All devices running Definitions of NEWMASTER_TRAP Junos OS Managed Objects for the Virtual vrrpTrapAuthFailure 1 3 61 21 68 0 2 Warning VRRPD_AUTH_ All devices running mentee FAILURE_ TRAP Junos OS Redundancy Protocol RFC 6527 vrrpv3NewMaster 1 3 6 1 2 1 207 0 1 Warning VRRPD_NEW_MASTER MandMx Definitions of Managed Objects ayaProtoError 1 3 6 1 21 207 0 2 Warning VRRPDV3PROTORRRGQR Mand Mx for the Virtual Router Redundancy Protocol Version 3 VRRPVv3 Copyright 2015 Juniper Networks Inc 103 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 15 Standard Supported SNMP Version 2 Traps continued System Logging Severity Defined in Trap Name snmpTrapOID Level Syslog Tag Supported On The Junos OS also supports the following standard SNMP version 2 traps SNMP Version 2 MPLS Traps on page 104 SNMP Version 2 L3VPN Traps on page 105 SNMP Version 2 MPLS Traps The Junos OS supports the MPLS SNMP version 2 traps defi
40. Management Information Base e etherStatsTable for Ethernet interfaces only alarmTable eventTable and logTable are supported on all devices running Junos OS e historyControlTable and etherHistoryTable except etherHistoryUtilization object are supported only on EX Series switches RFC 2863 The Interfaces Group MIB 1 1 o o 1 NOTE RFC 2863 replaces RFC 2233 However Junos OS supports both RFC 2233 and RFC 2863 RFC 2864 The Inverted Stack Table Extension to O 1 0 1 g o 1 the Interfaces Group MIB RFC 2922 The Physical Topology PTOPO MIB o O 0 O o 1 o 1 Supported objects ptopoConnDiscAlgorithm ptopoConnAgentNetAddrType ptopoConnAgentNetAddr ptopoConnMultiMacSASeen ptopoConnMultiNetSASeen ptopoConnlisStatic ptopoConnLastVerifyTime ptopoConnRowStatus RFC 2925 Definitions of Managed Objects for 1 1 1 1 1 1 0 1 Remote Ping Traceroute and Lookup Operations only the objects pingCtlTable pingResultsTable pingProbeHistoryTable pingMaxConcurrentRequests traceRouteCtlTable traceRouteResultsTable traceRouteProbeHistoryTable and traceRouteHopsTable Copyright 2015 Juniper Networks Inc 21 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 4 Standard MIBs Supported on Devices Running Junos OS continued Platforms 1 1 1 1 1 RFC 2932 IPv4 Multicast Routing MIB RFC 2934 Protocol Independent Multicast MIB 1 1
41. RFC 4444 IS IS MIB 1 i RFC 4668 RADIUS Accounting Client 0 0 Management Information Base MIB for IPv6 read only access RFC 4670 RADIUS Accounting Client 0 0 Management Information Base MIB read only access RFC 4801 Definitions of Textual Conventions for O 1 Generalized Multiprotocol Label Switching GMPLS Management Information Base MIB read only access 28 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 4 Standard MIBs Supported on Devices Running Junos OS continued Platforms RFC 4802 Generalized Multiprotocol Label 0 0 0 Switching GMPLS Traffic Engineering TE Management Information Base MIB read only access gmplsTunnelReversePerfTable gmplsTeScalars gmplsTunnelTable gmplsTunnelARHopTable gmplsTunnelCHopTable and gmplsTunnelErrorTable are not supported RFC 4803 Generalized Multiprotocol Label 0 1 1 1 0 0 0 0 O Switching GMPLS Label Switching Router LSR Management Information Base MIB read only access gmplsLabelTable and gmplsOutsegmentTable are not supported NOTE The tables in GMPLS TE RFC 4802 and LSR RFC 4803 MIBs are extensions of the corresponding tables from the MPLS TE RFC 3812 and LSR RFC 3813 MIBs and use the same index as the MPLS MIB tables Copyright 2015 Juniper Networks Inc 29 SNMP MIBs and Traps Monitoring and Troubleshooting Guide f
42. Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series SRX Series T Series oid object identifier exclude include edit snmp view view name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Specify an object identifier OID used to represent a subtree of MIB objects exclude Exclude the subtree of MIB objects represented by the specified OID include Include the subtree of MIB objects represented by the specified OID object identifier O D used to represent a subtree of MIB objects All MIB objects represented by this statement have the specified OID as a prefix You can specify the OID using either a sequence of dotted integers or a subtree name snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring MIB Views on page 126 Copyright 2015 Juniper Networks Inc 293 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices oid Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 294 EX Series LN Series M Series MX Series PTX Series T Series oid oid include exclude edit snmp v3 notify filter profile name Statement introduced before Junos OS Release 7 4 Sta
43. T Series Trace information about SNMP packets edit snmp traceoptions file size 10k files 5 flag pdu 200 Copyright 2015 Juniper Networks Inc Chapter 9 Tracing SNMP Activity flag protocol timeouts flag varbind error Related Configuring SNMP on a Device Running Junos OS on page 115 D tati eee e Tracing SNMP Activity on a Device Running Junos OS on page 197 e Configuration Statements at the edit snmp Hierarchy Level on page 248 Copyright 2015 Juniper Networks Inc 201 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 202 Copyright 2015 Juniper Networks Inc CHAPTER 10 Configuring Vital MIB Data e Understanding Vital MIB OID Data Collection on page 203 Generating Readable Raw OID Data Collections on page 204 Generating Raw MIB OID from a Policy on page 205 Generating Vital Data from a Predefined Group on page 206 Generating Vital Data from an Interface on page 207 Generating Vital Data from an IPsec VPN on page 208 Generating Vital Data from a NAT Rule on page 209 Generating Vital Data from an Operating Component on page 210 Generating Vital Data from a Screen on page 210 Understanding Vital MIB OID Data Collection Supported Platforms SRX Series MIB object identifier OID data is collected and configured for later use in reports You can configure data collection duration default is 3 days dum
44. T Series By default in a Junos OS configuration the SNMPv3 authentication type is set to none This topic includes the following sections Configuring MD5 Authentication on page 145 Configuring SHA Authentication on page 145 e Configuring No Authentication on page 146 Configuring MD5 Authentication To configure the message digest algorithm MD5 as the authentication type for an SNMPv3 user include the authentication md5 statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username authentication md5 authentication password authentication password authentication password is the password used to generate the key used for authentication SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters Configuring SHA Authentication To configure the secure hash algorithm SHA as the authentication type for an SNMPv3 user include the authentication sha statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username authentication sha authentication password authentication password authentication password is the password used to generate the key used for authentication Copyright
45. Trap Name System Log Tag Supported On AAA MIB jnxAccessAuthAddress 1 3 61 4 1 2636 3 511 0 5 SRX Series devices jnx user PoolHighThreshold aaa mib jnxAccessAuthAddress 1 3 61 4 1 2636 3 511 0 6 SRX Series devices PoolAbateThreshold jnxAccessAuthAddress 1 3 61 4 1 2636 3 51 11 0 7 SRX Series devices PoolOutOfAddresses jnxAccessAuthAddress 1 3 61 4 1 2636 3 51 1 0 8 SRX Series devices PoolOutOfMemory jnxAccessAuthService Up 1 3 6 1 4 1 2636 3 51 SRX Series devices 1 0 1 jnxAccessAuthService Down 1 3 6 1 4 1 2636 3 51 SRX Series devices 1 0 2 jnxAccessAuthServer Disabled 1 3 6 1 4 1 2636 3 51 SRX Series devices 1 0 3 jnxAccessAuthServer Enabled 1 3 6 1 4 1 2636 3 51 SRX Series devices 1 0 4 jnxJsFwAuthFailure 1 3 61 4 1 2636 3 3911 2 SRX Series devices 1 0 1 Access jnxJsFwAuthServiceUp 1 3 61 4 1 2636 3 3911 2 SRX Series devices Authentication 1 0 2 Methods MIB Jnx js auth jnxJsFwAuthServiceDown 13 61 4 1 2636 3 3911 2 SRX Series devices mib 1 03 jnxJsFwAuthCapacityExceeded 1 3 6 1 4 1 2636 3 3911 2 SRX Series devices 1 0 4 jnxJsNatAddrPool 1 3 6 1 4 1 2636 3 39 1 7 SRX Series devices ThresholdStatus 1 0 1 Network jnxNatAddrPoolUtil 1 3 61 4 1 2636 3 591 21 M Series and MX Series Address routers Translation Raus Morioig jnxNatTrapSrcPoolName 1 3 61 41 2636 3 591 2 2 M Series and MX Series MIB routers jnxNatMIB jnxNatAddrPoolThr
46. authentication sha authentication password authentication password privacy 3des privacy password privacy password privacy aes128 privacy password privacy password privacy des privacy password privacy password privacy none vacm access group group name default context prefix context prefix context prefiix security model any usm v1 v2c Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements security level authentication none privacy notify view view name read view view name write view view name security to group security model usm v1 v2c security name security name group group name view view name oid object identifier include exclude Related Understanding the SNMP Implementation in Junos OS on page 9 D tati ocumentaton e Configuring SNMP on a Device Running Junos OS on page 115 Complete SNMPv3 Configuration Statements Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series To configure SNMPv3 include the following statements at the edit snmp v3 and edit snmp hierarchy levels edit snmp engine id local engine id use mac address use default ip address view view name oid object identifier include exclude edit snmp v3 notify name tag tag name type trap inform notify filter profile name oid object identifie
47. chassis Chassis or environment notifications configuration Configuration notifications link Link related notifications up down transitions DS 3 and DS 1 line status change IPv6 interface state change and Passive Monitoring PIC overload QD NOTE To send Passive Monitoring PIC overload interface traps select the link trap category remote operations Remote operation notifications rmon alarm Alarm for RMON events routing Routing protocol notifications sonet alarms SONET SDH alarms NOTE If you omit the SONET SDH subcategories all SONET SDH trap alarm types are included in trap notifications loss of light Loss of light alarm notification pll lock PLL lock alarm notification loss of frame Loss of frame alarm notification loss of signal Loss of signal alarm notification severely errored frame Severely errored frame alarm notification line ais Line alarm indication signal AIS alarm notification path ais Path AIS alarm notification loss of pointer Loss of pointer alarm notification ber defect SONET SDH bit error rate alarm defect notification ber fault SONET SDH error rate alarm fault notification line remote defect indication Line remote defect indication alarm notification path remote defect indication Path remote defect indication alarm notification remote error indication Remote error indication alarm notification unequipped Uneaquipped alarm notification
48. dotlagCfmMepPbbTransmitLbmLtmReversevVid dotlagCfmMepPbbTeMismatchAlarm dotlagCfmMepPbbTeLocalMismatchDefect and dotlagCfmMepPbbTeMismatchSinceReset dotlagCfmLtrTable except dotlagCfmLtrChassisidSubtype dotlagCfmLtrChassisld dotlagCfmLtrManAddressDomain dotlagCfmLtrManAddress dotlagCfmLtringressPortldSubtype dotlagCfmLtringressPortld dotlagCfmLtrEgressPortldSubtype dotlagCfmLtrEgressPortld and dotlagCfmLtrOrganizationSpecificTlv dotlagCfmMepDbTable except dotlagCfmMebDbChassisidSubtype dotlagCfmMebDbChassisld dotlagCfmMebDbManAddressDomain and dotlagCfmMebDbManAddress Platforms HEGE O O 8 1 O Copyright 2015 Juniper Networks Inc SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 4 Standard MIBs Supported on Devices Running Junos OS continued Platforms MIB RFC IEEE 802 lap Management Information Base 0 o 0 1 0 0 MIB definitions for VLAN Bridges Supported tables and objects e ieee8021CfmStackTable e jeee8021CfmVlanTable e ieee8021CfmDefaultMdTable except ieee8021CfmDefaultMdidPermission e ieee8021CfmMaCompTable except ieee8021CfmMaCompldPermission RFC 1155 Structure and Identification of 1 1 Management Information for TCP IP based Internets RFC 1157 A Simple Network Management Protocol 1 1 1 1 1 1 SNMP RFC 1195 Use of OSI IS IS for Routing in TCP IP 1 1 1 1 and Dual Environme
49. edit snmp traceoptions hierarchy level edit snmp traceoptions file world readable Copyright 2015 Juniper Networks Inc Chapter 9 Tracing SNMP Activity To explicitly set the default behavior include the file no world readable statement at the edit snmp traceoptions hierarchy level edit snmp traceoptions file no world readable Configuring a Regular Expression for Lines to Be Logged By default the trace operation output includes all lines relevant to the logged activities You can refine the output by including the match statement at the edit snmp traceoptions file filename hierarchy level and specifying a regular expression regex to be matched edit snmp traceoptions file filename match regular expression Configuring the Trace Operations By default only important activities are logged You can specify which trace operations are to be logged by including the following flag statement with one or more tracing flags at the edit snmp traceoptions hierarchy level edit snmp traceoptions flag all configuration database events general interface stats nonvolatile sets pdu policy protocol timeouts routing socket server subagent timer varbind error Table 21 on page 199 describes the meaning of the SNMP tracing flags Table 21 SNMP Tracing Flags Flag Description Default Setting all Log all operations Off configuration Log reading of the configu
50. juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js if ext txt For more information see Security Interface Extension Objects MIB e Security Screening Objects MIB Defines the MIB for the Juniper Networks Enterprise Firewall screen functionality This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js screening txt For more information see Security Screening Objects MIB Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS e Source Class Usage MIB Counts packets sent to customers by performing a lookup onthe IP source address and the IP destination address The Source Class Usage SCU MIB makes it possible to track traffic originating from specific prefixes on the provider core and destined for specific prefixes on the customer edge For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx scu txt For more information see Source Class Usage MIB SPU Monitoring MIB Provides support for monitoring SPUs on SRX5600 and SRX5800 devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js spu monitoring txt For more information see SPU Monitoring Objects MIB Syste
51. path mismatch Path mismatch alarm notification loss of cell Loss of cell delineation alarm notification vt ais Virtual tributary VT AIS alarm notification vt loss of pointer VT loss of pointer alarm notification nc 133 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation vt remote defect indication VT remote defect indication alarm notification vt unequipped VT Unequipped alarm notification e vt label mismatch VT label mismatch error notification e vt loss of cell VT loss of cell delineation notification startup System warm and cold starts timing events Timing events and defects notification vrrp events Virtual Router Redundancy Protocol VRRP events such as new master or authentication failures startup System warm and cold starts vrrp events Virtual Router Redundancy Protocol VRRP events such as new master or authentication failures If you include SONET SDH subcategories only those SONET SDH trap alarm types are included in trap notifications The version statement allows you to specify the SNMP version of the traps sent to targets of the trap group If you specify v1 only SNMPv1 traps are sent If you specify v2 only SNMPv2 traps are sent If you specify all both an SNMPv1 and an SNMPvz2 trap are sent for every trap condition For more information about the version statement see version e Configuring SNMP Trap Op
52. show snmp mib walk jnxJsPolicySystemStats on page 360 show snmp mib walk jnxJsPolicySystemStatsIPv4 on page 360 show snmp mib walk jnxJsPolicySystemStatsTotalAllowIPv4Packets on page 360 Copyright 2015 Juniper Networks Inc Chapter 17 Operational Commands Output Fields Table 29 on page 359 describes the output fields for the show snmp mib command Output fields are listed in the approximate order in which they appear Table 2 9 show snmp mib Output Fields Field Name Field Description name Object name and numeric instance value object value Object value The Junos OS translates OIDs into the corresponding object names Sample Output show snmp mib walk standalone user host gt show snmp mib walk jnxJsSPUMonitoringObjectsTable jnxJsSPUMonitoringFPCIndex 5 5 jnxJsSPUMonitoringSPUIndex 5 0 jnxJsSPUMonitoringCPUUsage 5 0 jnxJsSPUMonitoringMemoryUsage 5 61 jnxJsSPUMonitoringCurrentFlowSession 5 0 jnxJsSPUMonitoringMaxFlowSession 5 524288 jnxJsSPUMonitoringCurrentCPSession 5 0 jnxJsSPUMonitoringMaxCPSession 5 2359296 jnxJsSPUMonitoringNodeIndex 5 0 jnxJsSPU show snmp mib walk HA user swi jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU Copyright 2015 J
53. 1 3 61 4 1 2636 3 24 VPN MIB jnxVpnifUp 1 3 6 1 4 1 2636 M T and MX jnx vpn mib 3 26 Series routers jnxVpnifDown 1 3 6 1 4 1 2636 M T and MX 3 26 Series routers jnxVpnPwUp 1 3 6 1 4 1 2636 M T and MX 3 26 Series routers jnxVpnPwDown 1 3 6 1 4 1 2636 M T and MX 3 26 Series routers RMON Alarms RMON MIB jnxRmonAlarmGetFailure 1 3 6 1 4 1 2636 4 3 All devices jnx rmon running Junos mib Os jnxRmonGetOk 1 3 6 1 4 1 2636 4 3 All devices running Junos os SONET Alarms sss ee i SONET MIB jnxSonetAlarmSet 1 3 6 1 4 1 2636 4 6 Devices that jnx sonet run Junos OS mib and have SONET PICs installed jnxSonetAlarmCleared 1 3 6 1 4 1 2636 4 6 Devices that run Junos OS and have SONET PICs installed Related Juniper Networks Enterprise Specific SNMP Traps on page 80 Documentation Standard SNMP Traps Supported on Devices Running Junos OS on page 95 Juniper Networks Enterprise Specific MIBs on page 32 Copyright 2015 Juniper Networks Inc 87 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices e Standard SNMP MIBs Supported by Junos OS on page 13 Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 128 Managing Traps and Informs on page 213 Juniper Networks Enterprise Specific SNMP Version 2 Traps Supported Platforms vSRX The Junos OS supports the enterprise specific SNMP version 2 traps shown in Table 13 on page 88 T
54. 116 4 116 101 115 116 untrust Copyright 2015 Juniper Networks Inc 205 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices user host gt show snmp mib get jnxJsPolicyToZone 7 117 110 116 114 117 115 116 5 116 114 117 115 116 4 116 101 115 116 jnxJsPolicyToZone 7 117 110 116 114 117 115 116 5 116 114 117 115 116 4 116 101 115 116 trust 3 Perform a mandatory from zone and to zone match check to avoid a scenario where there is a policy with the same name but the from zone or the to zone is different 4 After performing both the from zone and the to zone match checks ensure that 7 117110 116 114 117 115 116 5 116 114 117 115 116 4 116 101 115 116 is the index of the policy called test in various policy MIB tables 5 Monitor the session number using the following command edit user host set system log vital add jmdsPolicyStatsNumSessions 7 117 110 116 114 117 115 116 5 116 114 117 115 116 4 116 101 115 116 comment sess num of policy test The output of the configuration is sess num of policy test 100 To monitor other policy MIB tables 1 Combine a MIB table s name with the index 2 Monitor the session setup rate for the test policy using the command edit set system log vital add jnxJsPolicyStatsSessionRate 7 117 110 116 114 117 115 116 5 116 114 117 115 116 4 116 101 115 116 comment sess setup rate of policy test The output of the configuration is sess se
55. 14 Warning CHASSISD All devices SNMP_ running Junos TRAP OS jnxHardDiskMissing 1 3 6 1 4 1 2636 4 1 15 Warning CHASSISD All devices SNMP_ running Junos TRAP OS 82 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 12 Juniper Networks Enterprise Specific Supported SNMP Version 1 Traps continued System Generic Specific Logging Trap Trap Severity System Supported Defined in Trap Name Enterprise ID Number Number Level a jnxPowerSupplyOk 1 3 6 1 4 12636 4 2 6 1 Critical CHASSISD_ All devices SNMP_ running Junos TRAP OS jnxFanOK 1 3 6 1 4 1 2636 4 2 6 2 Critical CHASSISD_ All devices SNMP_ running Junos TRAP OS jnxTemperatureOK 1 3 6 1 4 1 2636 4 2 6 3 Alert CHASSISD_ All devices SNMP_ running Junos TRAP os Configuration Notifications net E re Configuration jnxCmCfgChange 1 3 6 1 4 1 26364 5 6 1 All devices Management running Junos MIB jnx Os configmgmt mib jnxCmRescueChange 1 3 6 1 4 1 26364 5 6 2 All devices running Junos OSs Copyright 2015 Juniper Networks Inc 83 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 12 Juniper Networks Enterprise Specific Supported SNMP Version 1 Traps continued System Generic Specific Logging Trap Trap Severity System Supported Defined in Trap Name Enterprise ID Number Number Level Log Tag On _Link Notifications Flow jnxCol
56. 2 1 9 pingCtlFrequency 1 3 6 1 2 1 80 1 2 1 10 pingCtlMaxRows 1 3 6 1 2 1 80 1 2 1 11 pingCtlStorageType 1 3 6 1 2 1 80 1 2 1 12 pingCtlTrapGeneration 1 3 6 1 2 1 80 1 2 1 13 pingCtlTrapProbeFailureFilter 1 3 6 1 2 1 80 1 2 1 14 pingCtlTrapTestFailureFilter 1 3 6 1 2 1 80 1 2 1 15 pingCtlType 1 3 6 1 2 1 80 1 2 1 16 pingCtlDescr 1 3 6 1 2 1 80 1 2 1 17 pingCtlSourceAddressType 1 3 6 1 2 1 80 1 2 1 18 pingCtlSourceAddress 1 3 6 1 2 1 80 1 2 1 19 pingCtlifindex 1 3 6 1 2 1 80 1 2 1 20 pingCtlByPassRouteTable 1 3 6 1 2 1 80 1 2 1 21 pingCtlDSField 1 3 6 1 2 1 80 1 2 1 22 pingCtlRowStatus 1 3 6 1 2 1 80 1 2 1 23 RFC 2925B traceRouteMaxConcurrentRequests 1 3 6 1 2 1 81 1 1 traceRouteCtlTargetAddressType 1 3 6 1 2 1 81 1 2 1 3 traceRouteCtlTargetAddress 1 3 6 1 2 1 81 1 2 1 4 traceRouteCtlByPassRouteTable 1 3 6 1 2 1 81 1 2 1 5 traceRouteCtlDataSize 1 3 6 1 2 1 81 1 2 1 6 traceRouteCtlTimeOut 1 3 6 1 2 1 81 1 2 1 7 traceRouteCtlProbesPerHop 1 3 6 1 2 1 81 1 2 1 8 Copyright 2015 Juniper Networks Inc 75 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 11 SNMP MIB Objects continued Object Name Object Identifier traceRouteCtlPort 1 3 6 1 2 1 81 1 2 1 9 traceRouteCtlMaxTtl 1
57. 219 e Understanding RMON Events on page 221 Understanding RMON Alarms Supported Platforms alarmTable ACX Series LN Series M Series MX Series PTX Series T Series An RMON alarm identifies A specific MIB object that is monitored The frequency of sampling The method of sampling The thresholds against which the monitored values are compared An RMON alarm can also identify a specific eventTable entry to be triggered when a threshold is crossed Configuration and operational values are defined in alarmTable in RFC 2819 Additional operational values are defined in Juniper Networks enterprise specific extensions to alarmTable jnxRmonAlarmTable This topic covers the following sections e alarmTable on page 219 e jnxRmonAlarmTable on page 220 alarmTable in the RMON MIB allows you to monitor and poll the following alarmlndex The index value for alarmTable that identifies a specific entry alarminterval The interval in seconds over which data is sampled and compared with the rising and falling thresholds alarmVariable The MIB variable that is monitored by the alarm entry alarmSampleType The method of sampling the selected variable and calculating the value to be compared against the thresholds Copyright 2015 Juniper Networks Inc 219 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices alarmValue The value of the variable during the las
58. 4 1 2636 41 6 3 Alert CHASSISD_ All devices SNMP_ running Junos TRAP OS Copyright 2015 Juniper Networks Inc 81 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 12 Juniper Networks Enterprise Specific Supported SNMP Version 1 Traps continued Defined in Trap Name Enterprise ID Specific Trap System Logging Severity Number Level Supported On jnxRedundancySwitchOver 1 3 6 1 4 1 2636 4 1 4 Critical CHASSISD_ All devices SNMP_ running Junos TRAP OS jnxFruRemoval 1 3 6 1 4 1 2636 4 1 5 Notice CHASSISD_ All devices SNMP_ running Junos TRAP OS jnxFrulnsertion 1 3 6 1 4 1 2636 4 1 6 Notice CHASSISD_ All devices SNMP_ running Junos TRAP OS jnxFruPowerOff 1 3 6 1 4 1 2636 4 1 7 Notice CHASSISD_ All devices SNMP_ running Junos TRAP OS jnxFruPowerOn 1 3 6 1 4 1 2636 4 1 8 Notice CHASSISD_ All devices SNMP_ running Junos TRAP Os jnxFruFailed 1 3 6 1 4 1 2636 4 1 9 Warning CHASSISD All devices SNMP_ running Junos TRAP OS jnxFruOffline 1 3 6 1 4 1 2636 4 1 10 Notice CHASSISD_ All devices SNMP_ running Junos TRAP OS jnxFruOnline 1 3 6 1 4 1 2636 4 1 T Notice CHASSISD_ All devices SNMP_ running Junos TRAP OS jnxFruCheck 1 3 6 1 4 1 2636 4 1 12 Warning CHASSISD All devices SNMP_ running Junos TRAP OS jnxFEBSwitchover 1 3 6 1 4 1 2636 4 1 13 Warning CHASSISD All devices SNMP_ running Junos TRAP OS jnxHardDiskFailed 1 3 6 1 4 1 2636 4 1
59. 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 14 1X53 D20 for OCX Series switches Create a named group of hosts to receive the specified trap notifications The name of the trap group is embedded in SNMP trap notification packets as one variable binding varbind known as the community name At least one trap group must be configured for SNMP traps to be sent group name Name of the trap group If the name includes spaces enclose it in quotation marks The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring SNMP Trap Groups on page 132 Copyright 2015 Juniper Networks Inc 331 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices trap options Supported Platforms Syntax Hierarchy Level Release Information Description Default Required Privilege Level Related Documentation 332 EX Series LN Series M Series MX Series PTX Series SRX Series T Series trap options agent address outgoing interface source address address edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Using SNMP trap options you can set the source address of every SNMP trap packet sent by the router or switch to a single a
60. File on page 198 Configuring a Regular Expression for Lines to Be Logged on page 199 Configuring the Trace Operations on page 199 Configuring the Number and Size of SNMP Log Files By default when the trace file reaches 128 kilobytes KB in size it is renamed filename O then filename 1 and so on until there are three trace files Then the oldest trace file filename 2 is overwritten You can configure the limits on the number and size of trace files by including the following statements at the edit snmp traceoptions hierarchy level edit snmp traceoptions file files number size size For example set the maximum file size to 2 MB and the maximum number of files to 20 When the file that receives the output of the tracing operation filename reaches 2 MB filename is renamed filename O and a new file called filename is created When the new filename reaches 2 MB filename O is renamed filename 1 and filename is renamed filename O This process repeats until there are 20 trace files Then the oldest file filename 19 is overwritten by the newest file filename O The number of files can be from 2 through 1000 files The file size of each file can be from 10 KB through 1 gigabyte GB Configuring Access to the Log File 198 By default log files can be accessed only by the user who configured the tracing operation To specify that any user can read all log files include the file world readable statement at the
61. For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx cfgmgmt txt For more information see Configuration Management MIB Ethernet MAC MIB Monitors media access control MAC statistics on Gigabit Ethernet intelligent queuing IQ interfaces It collects MAC statistics for example inoctets inframes outoctets and outframes on each source MAC address and virtual LAN VLAN ID for each Ethernet port For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx mac txt For more information see Ethernet MAC MIB Event MIB Defines a generic trap that can be generated using an op script or event policy This MIB provides the ability to specify a system log string and raise a trap if that system log string is found For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx event txt For more information see Event MIB Firewall MIB Provides support for monitoring firewall filter counters Routers must have the Internet Processor II ASIC to perform firewall monitoring For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx firewall txt For more information see Firewall MIB Host Resources MIB Extends the hrStorageTable object providing a meas
62. Interface Management MIB 1 0 0 0 0 0 0 http Avwwijuniper net techpubs en US junos121 topics reference mibs mib jnx otn txt Packet Forwarding Engine MIB O 1 1 http Awwwjunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx pfe txt Packet Mirror MIB 0 1 0 l 0 0 0 o 0 http Avwwijuniper net techpubs en US junos121 topics reference mibs mib jnx js packet mirror txt PAE Extension MIB 0 0 0 1 0 0 0 O 0 http Avwwwjunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx pae extension txt Copyright 2015 Juniper Networks Inc 59 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 5 Enterprise Specific MIBs and Supported Devices continued Platforms Mid High Enterprise Specific MIB Range End 0 Passive Monitoring MIB 0 1 il 0 0 0 0 http Avwwijuniper net techpubs en US junosl21 topics reference mibs mib jnx pmon txt Ping MIB 1 1 1 1 1 O 1 1 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx ping txt Policy Objects MIB 0 0 O 0 1 0 1 http Avwwijunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx js policy txt Power Supply Unit MIB 0 o o 1 0 1 0 0 0 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx power supply unittxt PPP MIB O 1 1 O O O O O O htte wwiunipemet tachous
63. Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS e Security Interface Extension Objects MIB Provides support for the security management of interfaces This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js if ext txt For more information see Security Interface Extension Objects MIB e Security Screening Objects MIB Defines the MIB for the Juniper Networks Enterprise Firewall screen functionality This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js screening txt For more information see Security Screening Objects MIB e Source Class Usage MIB Counts packets sent to customers by performing a lookup onthe IP source address and the IP destination address The Source Class Usage SCU MIB makes it possible to track traffic originating from specific prefixes on the provider core and destined for specific prefixes on the customer edge For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx scu txt For more information see Source Class Usage MIB SPU Monitoring MIB Provides support for monitoring SPUs on SRX5600 and SRX5800 devices Fo
64. NAME sec ccneicch is aita OERA a EA See do cig Banded rete dod Sante E Gees 288 PVA OVALS E E A gr a cu A N S pa A IE A E aimteus analingus alata uted ahs 289 AOUN ors cage anem dice Sere ete e aoe ae ea et ee ene cee aie ae eas he ae 290 notify filter Applying to the Management Target n a na aaan c cee ee eee 291 notify filter Configuring the Profile Name 0 0 0 0 eee 291 NOUN VIO create ngina daa a a aid ee asta a geese EAEn a E de g E 292 oera ae a a a a E A A DEA E a Stree E E E 293 ON AEE TAE SSS RSE EAE BAUER AANS A E EOS Rote 294 paramet S c g adchacwd ad s Abari ier aa Aaa a S a A aaa whee 295 DOME aia a peo eo Ee a A a OE ALG e a re Sean eu 295 PRIN ACV S OOS eire cz artewnasspoditndue Er ded dai ds Rada sce dade sett a dea ets we dete deed 296 DHIVACVHACSIZ Orn wow ay sek Pee HOLL OACh RSTO MASA A HY AREER ROR EOI RS 297 PEINACYVSOSS ais wcionind ace Aomaaied hirme A dade Raat meek a a Wane Be 298 DHIVACV HOME 5 ia occa EAA Medina Adee WO ah nes ae GIs 299 PLIVACY PASSWOME eaae aca acetabocnary esra aha tomtnbe palo ede ae aed ee eiaa ays 300 FEAGEVIEW ass cu cwd cu RSH EaS LASSE MESA RS SOR ADSE EAS OMS Ewe Ae E 301 remote engine 2 ee eee eee eens 302 fEQUESTSIV DO nie ac eaicn Ste hed soa ea AE oh beta amp MASAO A Ed RDA RAIDS RE 303 FOTIV COWME je doh a a0k eebure aide AE T EEEN EEN adage end E E EEA 304 riSINS EVENtHINGEX cine dun titer arteta t sears Dee Hote Seersad eos deadaneawe 304 rising
65. Networks Enterprise Specific MIBs on page 32 Standard SNMP MIBs Supported by Junos OS on page 13 Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 128 Managing Traps and Informs on page 213 Juniper Networks Enterprise Specific SNMP Version 1 Traps Supported Platforms vSRX The Junos OS supports enterprise specific SNMP version 1 traps shown in Table 12 on page 81 The traps are organized first by trap category and then by trap name The system logging severity levels are listed for those traps that have them Traps that do not have corresponding system logging severity levels are marked with an en dash For more information about system log messages see the Junos OS System Log Messages Reference To view the Juniper Networks enterprise specific SNMP version 2 traps see Juniper Networks Enterprise Specific SNMP Version 2 Traps on page 88 For more information about chassis traps see Chassis Traps Table 12 Juniper Networks Enterprise Specific Supported SNMP Version 1 Traps System Specific Logging Trap Severity Supported Defined in Trap Name Enterprise ID Number Level On Chassis Notifications Alarm Conditions Chassis MIB jnxPowerSupplyFailure 1 3 6 1 4 1 2636 41 6 1 Warning CHASSISD_ All devices jnx chassis SNMP_ running Junos mib TRAP OS jnxFanFailure 1 3 6 1 4 1 2636 41 6 2 Critical CHASSISD_ All devices SNMP_ running Junos TRAP OS jnxOverTemperature 1 3 6 1
66. Protocol LLDP MIB EX Series implementation of LLDP MIB supports both IPv4 and IPv6 configuration IEEE 802 3ad Aggregation of Multiple Link 0 1 1 1 1 1 1 Segments Supported tables and objects e dot3adAggPortTable dot3adAggPortListTable dot3adAggTable and dot3adAggPortStatsTable NOTE EX Series switches do not support the dot3adAggPortTable and dot3adAggPortStatsTable e dot3adAggPortDebugTable only dot3adAggPortDebugRxState dot3adAggPortDebugMuxState dot3adAggPortDebugActorSyncTransitionCount dot3adAggPortDebugPartnerSyncTransitionCount dot3adAggPortDebugActorChangeCount and dot3adAggPortDebugPartnerChangeCount NOTE EX Series switches do not support the dot3adAggPortDebugTable e dot3adTablesLastChanged 14 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 4 Standard MIBs Supported on Devices Running Junos OS continued MIB RFC IEEE 802 1ag Connectivity Fault Management Supported tables and objects dotlagCfmMdTableNextIndex dotlagCfmMdTable except dotlagCfmMdMhfldPermission dotlagCfmMaNetTable dotlagCfmMaMepListTable dotlagCfmDefaultMdDefLevel dotlagCfmDefaultMdDefMhfCreation dotlagCfmMepTable except dotlagCfmMepLbrBadMsdu dotlagCfmMepTransmitLbmVlanPriority dotlagCfmMepTransmitLbmVlanDropEnable dotlagCfmMepTransmitLtmFlags dotlagCfmMepPbbTeCanReportPbbTePresence dotlagCfmMepPbbTetTrafficMismatchDefect
67. SHA as the authentication type for the SNMPv3 user NOTE You can configure only one authentication type for each SNMPv3 user The remaining statement is explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SHA Authentication on page 145 Copyright 2015 Juniper Networks Inc authorization Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements ACX Series EX Series M Series MX Series PTX Series OFX Series SRX Series T Series authorization authorization edit snmp community community name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Set the access authorization for SNMP Get GetBulk GetNext and Set requests authorization Access authorization level read only Enable Get GetNext and GetBulk requests read write Enable all requests including Set requests You must configure a view to enable Set requests Default read only snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the SNMP Community String on page 120 Copyright 2015 Juniper Networks Inc
68. SNMP informs are supported in SNMPv3 An SNMP manager that receives an inform acknowledges the message with a response For information about SNMP informs see Configuring SNMP Informs on page 157 SNMP Trap Queuing The Junos OS supports trap queuing to ensure that traps are not lost because of temporary unavailability of routes Two types of queues destination queues and a throttle queue are formed to ensure delivery of traps and to control the trap traffic The Junos OS forms a destination queue when a trap to a particular destination is returned because the host is not reachable and adds the subsequent traps to the same destination to the queue The Junos OS checks for availability of routes every 30 seconds and sends the traps from the destination queue in a round robin fashion If the trap delivery fails the trap is added back to the queue and the delivery attempt counter and the next delivery attempt timer for the queue are reset Subsequent attempts occur at progressive intervals of 1 minute 2 minutes 4 minutes and 8 minutes The maximum delay between the attempts is 8 minutes and the maximum number of attempts is 10 After 10 unsuccessful attempts the destination queue and all the traps in the queue are deleted The Junos OS also has a throttle mechanism to control the number of traps throttle threshold default value of 500 traps sent during a particular time period throttle interval default of 5 seconds and to ensure
69. Series MX Series PTX Series OFX Series T Series Syntax local engine user username authentication md5 authentication password authentication password authentication none authentication sha authentication password authentication password privacy aes128 privacy password privacy password privacy des privacy password privacy password privacy 3des privacy password privacy password privacy none privacy password privacy password Hierarchy Level edit snmp v3 usm Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Description Configure local engine information for the user based security model USM The remaining statements are explained separately Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Creating SNMPv3 Users on page 138 Documentation 282 Copyright 2015 Juniper Networks Inc location Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series SRX Series T Series location location edit snmp Statement introduced bef
70. Supported Platforms ACX Series M Series MX Series PTX Series OFX Series SRX Series T Series The SNMP community defines the relationship between an SNMP server system and the client systems This statement is optional To configure the SNMP community include the snmp community statement at the edit snmp v3 hierarchy level edit snmp v3 snmp communitycommunity index community index is the index for the SNMP community Copyright 2015 Juniper Networks Inc 167 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices To configure the SNMP community properties include the following statements at the edit snmp v3 snmp community community index hierarchy level edit snmp v3 snmp community community index community namecommunity name contextcontext name security name security name tag tag name This section includes the following topics Configuring the Community Name on page 168 e Configuring the Context on page 168 e Configuring the Security Names on page 169 Configuring the Tag on page 169 Configuring the Community Name The community name defines the SNMP community The SNMP community authorizes SNMPv1 or SNMPv2c clients The access privileges associated with the configured security name define which MIB objects are available and the operations read write or notify allowed on those objects To configure the SNMP community name include the community name statement at t
71. a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x45 topics reference mibs mib jnx l2tp txt For more information see L2TP MIB LDP MIB Provides LDP statistics and defines LDP label switched path LSP notifications LDP traps support only IPv4 standards For a downloadable version of Copyright 2015 Juniper Networks Inc 35 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 36 this MIB see http www juniper net techpubs en_US junos12 1x45 topics reference mibs mib jnx ldp txt For more information see LDP MIB License MIB Extends SNMP support to licensing information and introduces SNMP traps that alert Users when the licenses are about to expire expire or when the total number of users exceeds the number specified in the license For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx license txt For more information see License MIB Logical Systems MIBs Extend SNMP support to logical systems security profile through various MIBs defined under jnxLsysSecurityProfile For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx lsys securityprofile txt For more information about logical systems MIBs and downloadable versions of the MIBs see Logical Systems MIB NAT Objects MIB Provides support for mo
72. access hierarchy level Applying Target Parameters Related Documentation The target parameters statement at the edit snmp v3 hierarchy level applies the target parameters configured at the edit snmp v3 target parameters target parameters name hierarchy level To reference configured target parameters include the target parameters statement at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name target parameters target parameters name target parameters name is the name associated with the message processing and security parameters that are used in sending notifications to a particular management target Configuring SNMPv3 Traps on a Device Running Junos OS on page 158 e Configuring the SNMPv3 Trap Notification on page 159 e Configuring the Trap Notification Filter on page 135 e Defining and Configuring the Trap Target Parameters on page 163 e Configuring SNMP Informs on page 157 Complete SNMPv3 Configuration Statements on page 251 Defining and Configuring the Trap Target Parameters Supported Platforms ACX Series LN Series M Series MX Series PTX Series SRX Series T Series Target parameters define the message processing and security parameters that are used in sending notifications to a particular management target To define a set of target parameters include the target parameters statement at the edit snmp v3 hierarchy level
73. an SNMP community name in Get GetBulk GetNext and Set SNMP requests If you omit the community statement all SNMP requests are denied community name Community string If the name includes spaces enclose it in quotation marks The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the SNMP Community String on page 120 Copyright 2015 Juniper Networks Inc community Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series community community name edit snmp rmon event index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches The trap group that is Used when generating a trap if eventType is configured to send traps If that trap group has the rmon alarm trap category configured a trap is sent to all the targets configured for that trap group The community string in the trap matches the name of the trap group and hence the value of eventCommunity If nothing is configured traps are sent to each group with the rmon alarm category set community name l dentifies the trap group that is used when generating a trap if the event
74. and Security Name to a Group on page 153 EX Series LN Series M Series MX Series PTX Series SRX Series T Series snmp edit Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure SNMP snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring SNMP on a Device Running Junos OS on page 115 Copyright 2015 Juniper Networks Inc source address Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements ACX Series EX Series LN Series M Series MX Series PTX Series SRX Series T Series source address address edit snmp trap options Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Set the source address of every SNMP trap packet sent by this router to a single address regardless of the outgoing interface If the source address is not specified the default is to use the address of the outgoing interface as the source address address Source address of SNMP traps You can configure the source address of trap packets two ways loO or a valid IPv4 address configured on one of the router interfaces The value loO indicates that the source address of all SNMP trap packets is
75. boew haan s 270 engined wa wi ae wee EE REN STEN EE BS SL ee he dase aneeee pose ere ee nas 27 entem eO amare a e ana als ois E Seale S 272 QVENE oncceesdveeacddede ducddoesheseebareitdibeow Saves perio PASAT aa 272 falling event index isi giani arter eee eee eee eens 273 fallin S CHrESHOUG ose ok ste aise pie ancnghtz de a eee et E E AEA a 1n b ROR GS Beets 274 falling threshold ie esane cc ese ka eg Saw pe Glee Seca Hew be A Ra weld DESEO 275 falling threshold interval 0 0 0 0 276 filter duplicateS 2 eee eee eens 276 AUER CACC Swross excited Teun Seis vance fuse tan seta este dos Beaton aot ap nine Hh eins ake S 277 group Configuring Group Name 6 teens 278 group Defining Access Privileges for an SNMPv3 Group 005 279 health moNnto eenias tn aoten ies ale ed eee Wa Maral alas gob e E ENSS 279 Copyright 2015 Juniper Networks Inc Table of Contents terface 2 cau ccbienedde Bobb e ankaa ee Pedi oo eee eee Se dhe Se deed wed ee 280 INTERVall o22h4 hebhargee ie dad a oeda Piew Mou E Eade See eedad oddd wedhe 280 MEAL ecni nodes eee gaa we ee de Seka ee ook ee EAE ee eee eee 281 localkengiNE ranana aie crates ae AEAEE r AAE eo aE 282 OCaml enone amp e N a heed 283 losicabsyStem nres enean a Sah a ese aa eaa eae 284 logical system trap filter nunana uaaa eee eee eee 285 GESE sate chs cree tle atone pete ate Ree ee aan ate a aa A r a hace a G ane 286 message processing Model 66 eee eee eens 288
76. cccccssescsseseseessseseessscsseseseeseees TOF STOW DSi ornan usage guidelines for SNMP notifications usage SUICELINGS ec cecsessesesseseseesesesteseeeeeeeeees security name statement for COMMUNITY StrING ees eeeseseeeseeseseeteseeeees 317 fOr SCCUIILY SOUP innnan usage BUIGELINGS cc ccceseeesesseseseeseseeseseseeseeees for SNMP notifications usage SUICELINGS ceeceesesessesesceeseeeeseeeeseeeeees security to group statement usage BUIGCLINGS ceecseesssesseseseesesessessseessetssestseeseeees service quality MONTON genis n 235 Set requests SNMP niiasenieiiimiiiaaiiei 9 show snmp mib command 3 358 show system log vital COMMAanNnd s seseseseeserrresrresrrern 361 SNMP Copyright 2015 Juniper Networks Inc Index ARCHITEC CLUE sesiiestecencnisiciiteittedide na 9 commit delay tiMe ln ccs 120 COMMUNILY STNE argi 120 configuration WEISION Joserra tneerteies eres 25 versions 1 ANC 2 sesscssessessestessesessesestesesseesesteseesees 15 enterprise specific traps See SNMP traps filtering duplicate requests 123 limiting interface ACCESS 124 logging enabling s essseerieerrrssrrserrrrrrssrrerrresrreesrresn 188 MAN AS OM xsecteis a omarion 9 master AGE N 1 cccsscessssssccescsssesscseecsesesesecsesessseseseceseeaees 12 MIB object values displaying 358 MIB VIEWS aiarra a R 126 remote OPErAtiONS cccccesesesseeesesesssetscsesessseeeees 185 standard tr
77. collector PICs installed jnxCollMemoryUnavailable 1 3 6 1 4 1 2636 4 8 0 6 Devices that run Junos OS and have collector PICs installed jnxCollMemoryAvailable 1 3 6 1 4 1 2636 4 8 0 7 Devices that run Junos OS and have collector PICs installed jnxCollFtpSwitchover 1 3 6 1 4 1 26364 8 0 8 Devices that run Junos OS and have collector PICs installed PMON MIB jnx pmon mib jnxPMonOverloadSet 1 3 6 1 4 1 2636 4 7 0 1 Devices that run Junos OS and have PICs that support passive monitoring installed jnxPMonOverloadCleared 1 3 6 1 4 1 2636 4 7 0 2 Devices that run Junos OS and have PICs that support passive monitoring installed 90 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 13 Juniper Networks Enterprise Specific Supported SNMP Version 2 Traps continued Source MIB Trap Name snmpTrapOID System Logging Severity Level System Log Tag Supported On SONET APS apsEventChannelMismatch 1 3 6 1 4 1 2636 3 Devices that run Junos OS MIB jnx 24 2 0 3 and have SONET PICs sonetaps mib installed apsEventPSBF 1 3 6 1 4 1 2636 3 Devices that run Junos OS 24 2 0 4 and have SONET PICs installed apsEventFEPLF 1 3 6 1 4 1 2636 3 Devices that run Junos OS 24 2 0 5 and have SONET PICs installed Remote Operations Notificati
78. configuring the SNMPv3 security model USM use the authentication none or privacy security level 150 Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 Associating MIB Views with an SNMP User Group MIB views define access privileges for members of a group Separate views can be applied for each SNMP operation read write and notify within each security model usm v1 and v2c and each security level authentication none and privacy supported by SNMP To associate MIB views with an SNMP user group include the following statements at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy hierarchy level edit snmp v3 vacm accessgroup group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy notify view view name read view view name write view view name D NOTE You must associate at least one view notify read or write at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy hierarchy level You must configure the MIB view at the edit snmp view view name hierarchy level For information about how to configure MIB views see C
79. edit snmp v3 usm local engine user username hierarchy level For SNMPv1 and SNMPv2c the security name is the community string configured at the edit snmp v3 snmp community community index hierarchy level snmp To view this statement in the configuration snmp control To add this statement to the configuration e Assigning Security Names to Groups on page 154 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements security name SNMP Notifications Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series QFX Series T Series security name security name edit snmp v3 target parameters target parameters name parameters Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the security name used when generating SNMP notifications security name f the SNMPv3 USM security model is used identify the user when generating the SNMP notification If the v1 or v2c security models are used identify the SNMP community used when generating the notification NOTE The access privileges for the group associated with this security name must allow this notification to be sent If you are using the v1 or v2 security models the securit
80. en_US junosi2 1 topics reference mibs mib jnx if extensions txt IP Forward MIB 1 1 1 1 1 1 1 http Avwwijuniper net techpubs en US junosl21 topics reference mibs mib jnx ipforward txt IPsec Generic Flow Monitoring Object MIB 0 0 0 8 1 0 0 1 1 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx ipsec flow mon txt IPsec Monitoring MIB l 0 1 0 0 ll 0 http Avwwijuniper net techpubs en US junos121 topics reference mibs mib jnx ipsec monitor aspitxt IPsec VPN Objects MIB O 0 O O 0 O 1 1 0 8 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx js ipsec vpn txt Copyright 2015 Juniper Networks Inc 57 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 5 Enterprise Specific MIBs and Supported Devices continued Platforms Enterprise Specific MIB MX EX PTX End Range End IPv4 MIB 1 1 1 1 http Awwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx ipv4 txt IPv6 and ICMPv6 MIB 1 1 1 1 0 il 1 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx ipv6 txt L2ALD MIB O 0 1 1 0 1 O O O http Avwwijunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx l2ald txt L2CP MIB O O O 1 O O O http Awwwjunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx l2cp features txt L2TP MIB O 1
81. exposed jnxAlarms 4 Class 3 Objects are exposed only for the default logical system jnxFirewalls 5 Class 4 Data is not segregated by routing instance All instances are exposed jnxDCUs 6 Class 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxPingMIB 7 Class 3 Objects are exposed only for the default logical system jnxTraceRouteMIB 8 Class 3 Objects are exposed only for the default logical system jnxATM 10 Class 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxlpv6 11 Class 4 Data is not segregated by routing instance Allinstances are exposed jnxlpv4 12 Class 1 jnxlpv4AddrTable 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxRmon 13 Class 3 jnxRmonAlarmTable 1 Objects are exposed only for the default logical system jnxLdp 14 Class 2 jnxLdpTrapVars 1 All instances within a logical system are exposed Data will not be segregated down to the routing instance level Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 6 MIB Support for Routing Instances Juniper Networks MIBs continued 0 ou Support Class jnxCos 15 Class 3 jnxCoslfqStatsTable 1 jnxCosFcTable 2 jnxCosFcldTable 3 jnxCosQstatTab
82. for Security Devices security model SNMP Notifications Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 316 EX Series LN Series M Series MX Series QFX Series T Series security model usm v1 v2c edit snmp v3 target parameters target parameters name parameters Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the security model for an SNMPv3 group The security model is used for SNMP notifications usm SNMPv3 security model vI SNMPvI1 security model v2c SNMPv2c security model snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Security Model on page 165 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements security name Community String Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation ACX Series EX Series M Series MX Series OFX Series T Series security name security name edit snmp v3 snmp community community index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statemen
83. ieuna Sh Meroe aoa ass MASS eW ASU MORES conor es kone oe 344 Operational CommandS aiviccckiacenistoxnwwiantaneeiansciame on eee 345 show snmp health monitor 2 0 0 te eee eee 346 show snmp health monitor routing engine history 000 352 show snmp health monitor routing engine statuS 0005 356 SHOW SHMPpP MIB VIEW cine ccc edge a encaebonns OPA haw o Goda ata 358 SHOW SVSteMIOS Vitdl s2acwwwtad Bocaw adnan dnodcoessee bobeesiewe aaah 361 Index WGI ONS areia aan austen arenes 2 cio e dS Sones he Sean deine re oes once ah eek 367 Copyright 2015 Juniper Networks Inc List of Figures Part 2 Network Monitoring Using SNMP Chapter 6 Configuring SNMPV3 i sisccsicadadcaditeraieae ends echoes AOA 137 Figure 1 Inform Request and Response 0 0 cee eee eee 158 Chapter 7 Configuring Routing InstanceS 0 0 e cece eee eee eee eee eee 177 Figure 2 SNMP Data for Routing InstanceS 2 eee 178 Part 3 Remote Monitoring RMON with SNMP Chapter 14 Monitoring RMON Alarms and EventsS 0 0c cece cece eee 231 Figure 3 Setting ThresholdS 1 0 0 0 ccc eee eee eee 232 Figure 42 Network Entry POINTS eireas s arrearen deed webGe eouewwose x oe 235 Copyright 2015 Juniper Networks Inc xi SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices xii Copyright 2015 Juniper Networks Inc List of Tables Part 1 Chapter 1 Part 2 Chapter 3
84. interval Monitoring interval in seconds Default 300 seconds moderate threshold Percentage of moderate threshold level resource utilization Default 70 percent high threshold Percentage of high threshold level resource utilization Default 80 percent critical threshold Percentage of critical threshold level resource utilization Default 90 percent action Enable action for all resources Default If action is not enabled the default action is prevent f WARNING If the system health management action for an affected resource is configured to recover then certain instrusive operations necessary for preventing system breakdown are taken Instrusive operations can include restarting or terminating processes deleting files and so on Such action information is logged in the system health management history and system log Required Privilege security To view this statement in the configuration Level security control To add this statement to the configuration Copyright 2015 Juniper Networks Inc 307 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices routing engine SNMP Global Level Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level 308 LN Series SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 vSRX routing engine interval lt interval in secs gt moderate thresho
85. is configured to send traps snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring an Event Entry and Its Attributes on page 228 Copyright 2015 Juniper Networks Inc 267 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices community name Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 268 EX Series LN Series M Series MX Series PTX Series T Series community name community name edit snmp v3 snmp community community index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches The community name defines an SNMP community The SNMP community authorizes SNMPv1 or SNMPv2 clients The access privileges associated with the configured security name define which MIB objects are available and the operations notify read or write allowed on those objects community name Community string for an SNMPv1 or SNMPv2c community If unconfigured it is the same as the community index If the name includes spaces enclose it in quotation marks NOTE Community names must be unique You cannot configure the same community name at the edit snmp community and edit snmp v3 snmp community community index hierarchy levels The community name at the edit snmp v3
86. jnxRmonAlarmGetFailCnt Number of times the internal Get request for the variable failed jnxRmonAlarmGetFailTime Value of sysUpTime when the last failure occurred jnxRmonAlarmGetFailReason Reason why the Get request failed jnxRmonAlarmGetOkTime Value of sysUpTime when the variable moved out of failure state jnxRmonAlarmState Status of this alarm entry Monitoring the extensions in this table provides clues as to why remote alarms may not behave as expected Related Understanding Measurement Points Key Performance Indicators and Baseline Values Documentation on page 235 234 Copyright 2015 Juniper Networks Inc Chapter 14 Monitoring RMON Alarms and Events Understanding Measurement Points Key Performance Indicators and Baseline Values Supported Platforms Measurement Points LN Series M Series MX Series PTX Series T Series This chapter topic provides guidelines for monitoring the service quality of an IP network It describes how service providers and network administrators can use information provided by Juniper Networks routers to monitor network performance and capacity You should have a thorough understanding of the SNMP and the associated MIB supported by Junos OS NOTE For a good introduction to the process of monitoring an IP network see RFC 2330 Framework for IP Performance Metrics This topic contains the following sections e Measurement Points on page 235 Basic Key Perform
87. manager and the agent can have data integrity checking and data origin authentication USM protects against message delays and message replays by using time indicators and request IDs Encryption is also available To complement the USM SNMPv3 uses the VACM a highly granular access control model for SNMPv3 applications Based on the concept of applying security policies to the name of the groups querying the agent the agent decides whether the group is allowed to view or change specific MIB objects VACM defines collections of data called views groups of data users and access statements that define which views a particular group of users can use for reading writing or receiving traps Trap entries in SNMPv3 are created by configuring the notify notify filter target address and target parameters The notify statement specifies the type of notification trap and contains a single tag The tag defines a set of target addresses to receive a trap The notify filter defines access to a collection of trap object identifiers OIDs The target address defines a management application s address and other attributes to be used in sending notifications Target parameters define the message processing and security parameters to be used in sending notifications to a particular management target To configure SNMPv3 perform the following tasks Creating SNMPv3 Users on page 138 e Configuring MIB Views on page 126 Defining Access Privileges
88. name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy notify view view name read view view name write view view name security to group security model usm v1 v2c security name security name group group name Configuring the SNMPv3 Authentication Type on page 145 Configuring the Access Privileges Granted to a Group on page 149 Assigning Security Model and Security Name to a Group on page 153 Complete SNMPv3 Configuration Statements on page 251 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Configuring the Access Privileges Granted to a Group Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series This topic includes the following sections Configuring the Group on page 150 Configuring the Security Model on page 150 Configuring the Security Level on page 150 Associating MIB Views with an SNMP User Group on page 151 Copyright 2015 Juniper Networks Inc 149 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Configuring the Group To configure the access privileges granted to a group include the group statement at the edit snmp v3 vacm access hierarchy level edit snmp v3 vacm access group group name group name is acollection of SNMP users that belong toa common SNMP list that defines an access pol
89. nonvolatile commit delay seconds seconds is the length of the time between when the SNMP request is received and the commit is requested for the candidate configuration For more information about the configure exclusive command and locking the configuration see the CL User Guide e Configuring SNMP on a Device Running Junos OS on page 115 Configuration Statements at the edit snmp Hierarchy Level on page 248 Configuring the SNMP Community String Supported Platforms 120 ACX Series LN Series M Series MX Series PTX Series SRX Series T Series Copyright 2015 Juniper Networks Inc Chapter 5 Configuring SNMP Configuring the SNMP agent in Junos OS is a straightforward task that shares many familiar settings common to other managed devices in your network For example you need to configure Junos OS with an SNMP community string and a destination for traps Community strings are administrative names that group collections of devices and the agents that are running on them together into common management domains If a manager and an agent share the same community they can communicate with each other An SNMP community defines the level of authorization granted to its members such as which MIB objects are available which operations read only or read write are valid for those objects and which SNMP clients are authorized based on their source IP addresses The SNMP community string defines the relationship between
90. number of consecutive probes fail during the test ApingTestFailed trap is generated when the test completes and at least pingCtlTrapTestFailureFilter number of probes fail ApingTestCompleted trap is generated when the test completes and fewer than pingCtlTrapTestFailureFilter probes fail NOTE A probe is considered a failure when pingProbeHistoryStatus of the probe result is anything besides responseReceived For information about how to configure a trap group to receive remote operations see Configuring SNMP Trap Groups on page 132 and Example Setting Trap Notification for Remote Operations on page 187 Gathering Ping Test Results Supported Platforms 192 ACX Series LN Series M Series MX Series PTX Series SRX Series T Series Copyright 2015 Juniper Networks Inc Chapter 8 Configuring Remote Operations You can either poll pingResultsOperStatus to find out when the test is complete or request that a trap be sent when the test is complete For more information about pingResultsOperStatus see pingResults Table on page 190 For more information about Ping MIB traps see Generating Traps on page 192 The statistics calculated and then stored in pingResultsTable include pingResultsMinRtt Minimum round trip time pingResultsMaxRtt Maximum round trip time pingResultsAverageRtt Average round trip time pingResultsProbeResponses Number of responses received pingResul
91. of this variable represents the total size of the payload in bytes of an outgoing probe packet This payload includes the timestamp 8 bytes that is used to time the probe This is consistent with the definition of pingCtlDataSize maximum value of 65 507 and the standard ping application If the value of pingCtlDataSize is between O and 8 inclusive it is ignored and the payload is 8 bytes the timestamp The Ping MIB assumes all probes are timed so the payload must always include the timestamp For example if you wish to add an additional 4 bytes of payload to the packet you must set pingCtlDataSize to 12 pingCtlDataFill The first 8 bytes of the data segment of the packet is for the timestamp After that the pingCtlDataFill pattern is used in repetition The default pattern when pingCtlDataFill is not specified is OO 01 02 03 FF OO 01 02 03 FF pingCtlIMaxRows The maximum value is 255 pingMaxConcurrentRequests The maximum value is 500 pingCtlTrapProbeFailureFilter and pingCtlTrapTestFailureFilter A value of O for pingCtlTrapProbeFailureFilter or pingCtlTrapTestFailureFilter is not well defined by the Ping MIB If pingCtlTrapProbeFailureFilter is O pingProbeFailed traps will not be generated for the test Under any circumstances If pingCtlTrapTestFailureFilter is O pingTestFailed traps will not be generated for the test under any circumstances Using the Traceroute MIB for Remote Monitorin
92. oid object identifier include exclude snmp community community index security name security name target address target address name address address target parameters target parameters name target parameters target parameters name notify filter profile name parameters message processing model v1 v2c v3 security level authentication none privacy security model usm v1 v2c security name security name usm local engine user username vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy notify view view name read view view name write view view name security to group security model usm v1 v2c security name security name group group name Related Creating SNMPv3 Users on page 138 Documentation e Configuring MIB Views on page 126 Defining Access Privileges for an SNMP Group on page 148 144 Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 e Configuring SNMPv3 Traps on a Device Running Junos OS on page 158 e Configuring SNMP Informs on page 157 Complete SNMPv3 Configuration Statements on page 251 Example SNMPv3 Configuration on page 139 Configuring the SNMPv3 Authentication Type Supported Platforms ACX Series LN Series M Series MX Series PTX Series SRX Series
93. on page 266 Copyright 2015 Juniper Networks Inc 343 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices write view Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 344 ACX Series EX Series M Series MX Series OCX1100 PTX Series OFabric System OFX Series standalone switches SRX Series T Series write view view name edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series switches Command introduced in Junos OS Release 14 1X53 D20 for the OCX Series Associate the write view with a community for SNMPv1 or SNMPv2c clients or a group name for SNMPv3 clients view name Name of the view for which the SNMP user group has write permission snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring MIB Views on page 126 e Configuring the Write View on page 152 Copyright 2015 Juniper Networks Inc CHAPTER 17 Operational Commands show snmp health monitor show snmp health monitor routing e
94. operations is placed into log files in the var log directory Each log file is named after the SNMP agent that generates it Currently the following logs are created in the var log directory when the traceoptions statement is used e chassisd e craftd e ilmid mib2d rmopd e serviced snmpd file filename By default the name of the log file that records trace output is the name of the process being traced for example mib2d or snmpd Use this option to specify another name files number Optional Maximum number of trace files per SNMP subagent When a trace file for example snmpd reaches its maximum size it is archived by being renamed to snmpd O The previous snmpd 1 is renamed to snmpd 2 and so on The oldest archived file is deleted Range 2 through 1000 files Default 10 files flag flag Tracing operation to perform To specify more than one tracing operation include multiple flag statements all Log all SNMP events Copyright 2015 Juniper Networks Inc 329 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 330 Required Privilege Level Related Documentation general Log general events interface stats Log physical and logical interface statistics nonvolatile sets Log nonvolatile SNMP set request handling pdu Log SNMP request and response packets protocol timeouts Log SNMP response timeouts routing socket Log routi
95. or falling alarm Copyright 2015 Juniper Networks Inc Chapter 13 Configuring RMON Alarms and Events variable oid variable index is an integer that identifies an alarm or event entry Configuring the Description The description is a text string that identifies the alarm entry To configure the description include the description statement and a description of the alarm entry at the edit snmp rmon alarm index hierarchy level edit snmp rmon alarm index description description Configuring the Falling Event Index or Rising Event Index The falling event index identifies the event entry that is triggered when a falling threshold is crossed The rising event index identifies the event entry that is triggered when a rising threshold is crossed To configure the falling event index or rising event index include the falling event index or rising event index statement and specify an index at the edit snmp rmon alarm index hierarchy level edit snmp rmon alarm index falling event index index rising event index index index can be from O through 65 535 The default for both the falling and rising event index is O Configuring the Falling Threshold or Rising Threshold The falling threshold is the lower threshold for the monitored variable When the current sampled value is less than or equal to this threshold and the value at the last sampling interval is greater than this threshold a single event is generat
96. page 135 oid on page 294 Copyright 2015 Juniper Networks Inc 291 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices notify view Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 292 ACX Series EX Series M Series MX Series OCX1100 PTX Series OFabric System OFX Series standalone switches SRX Series T Series notify view view name edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Statement introduced in Junos OS Release 14 1X53 D20 for the OCX Series Associate the notify view with a community for SNMPv1 or SNMPv2c clients or a group name for SNMPv3 clients view name Name of the view to which the SNMP user group has access snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring MIB Views on page 126 e Configuring the Notify View on page 151 Copyright 2015 Juniper Networks Inc oid Supported Platforms Syntax Hierarchy Level Release Information Description Options
97. pingResultslpTgtAddr and pingResultslpTgtAddrType are set to the value of the resolved destination address when the value of pingCtlTargetAddressType is dns When a test starts successfully and pingResultsOperStatus transitions to enabled pingResultslpTgtAddr is set to null string pingResultslpTgtAddrType is set to unknown pingResultslpTgtAddr and pingResultslpTgtAddrType are not set until pingCtlTargetAddress can be resolved to a numeric address To retrieve these values poll pingResultslpTgtAddrType for any value other than unknown after successfully setting pingCtlAdminStatus to enabled At the start of a test pingResultsSentProbes is initialized to 1 and the first probe is sent pingResultsSentProbes increases by 1 each time a probe is sent As the test runs every pingCtlTimeOut seconds the following occur Copyright 2015 Juniper Networks Inc Chapter 8 Configuring Remote Operations pingProbeHistoryStatus for the corresponding pingProbeHistoryEntry in pingProbeHistoryTable is set to requestTimedOut ApingProbeFailed trap is generated if necessary An attempt is made to send the next probe NOTE No more than one outstanding probe exists for each test For every probe you can receive one of the following results The target host acknowledges the probe with a response The probe times out there is no response from the target host acknowledging the probe The probe could not be sent
98. quotation marks snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Description on page 225 e Configuring an Event Entry and Its Attributes on page 228 EX Series LN Series M Series MX Series PTX Series SRX Series T Series destination port port number edit snmp trap group Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Assign a trap port number other than the default If you omit this statement the default port is 162 port number SNMP trap port number snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring SNMP Trap Groups on page 132 Copyright 2015 Juniper Networks Inc engine id Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series engine id local engine id suffix use default ip address use mac address edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 1 for EX Series switches The local engine ID is defined as the administratively unique identifier of an SNMPv3 engine and is used for identification not f
99. see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ping txt For more information see PING MIB Policy Objects MIB Provides support for monitoring the security policies that control the flow of traffic from one zone to another This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js policy txt For more information see Policy Objects MIB Reverse Path Forwarding MIB Monitors statistics for traffic that is rejected because of reverse path forwarding RPF processing For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx rpf txt i NOTE The enterprise specific RPF MIB is not supported on EX Series Ethernet Switches For more information see Reverse Path Forwarding MIB RMON Events and Alarms MIB Supports the Junos OS extensions to the standard Remote Monitoring RMON Events and Alarms MIB RFC 2819 The extension augments alarmTable with additional information about each alarm Two new traps are also defined to indicate when problems are encountered with an alarm For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx rmon txt For more information see RMON Events and Alarms MIB Copyright 2015
100. state jnxRmonAlarmState The current state of this RMON alarm entry To view the Juniper Networks enterprise specific extensions to the RMON Events and Alarms and Event MIB see http www juniper net techpubs en_US junos10 3 topics reference mibs mib jnx rmon txt For more information about the Juniper Networks enterprise specific extensions to the RMON Events and Alarms MIB see RMON Events and Alarms MIB in the SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Understanding RMON Events on page 221 D tati ocumentaton e Configuring an Alarm Entry and Its Attributes on page 224 Using alarmTable to Monitor MIB Objects 220 Copyright 2015 Juniper Networks Inc Chapter 12 RMON Overview Understanding RMON Events Supported Platforms eventTable Related Documentation ACX Series LN Series M Series MX Series PTX Series T Series An RMON event allows you to log the crossing of thresholds of other MIB objects It is defined in eventTable for the RMON MIB This section covers the following topics e eventTable on page 221 eventTable contains the following objects eventindex An index that uniquely identifies an entry in eventTable Each entry defines one event that is generated when the appropriate conditions occur eventDescription A comment describing the event entry eventType Type of notification that the probe makes about this event ev
101. storage operating show system log vital status user host gt show system log vital status log vital status interval 1 Minutes file days 4 days storage limit 75 percent file size 3 Mbytes state 5 snmp mgmt sock op number 0 current timer counter 1 vs 60 Copyright 2015 Juniper Networks Inc 363 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 364 Copyright 2015 Juniper Networks Inc PART 6 Index Index on page 367 Copyright 2015 Juniper Networks Inc 365 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 366 Copyright 2015 Juniper Networks Inc Index Symbols comments in configuration statements xviii in syntax descriptions WNAI NOS MID2O fileren Nar loS SNMbpd Til wiinciiccndveekinciaiiewien lt gt IN Syntax CESCTIPTIONS cc csecesessesesteseseeseseseeseseeseees xviii in configuration StateMent cccccesecseeseeeseeee xviii in configuration statements xviii pipe IN syntax GESCLIPTIONS cece cee eseeeseeeeees xviii A AAA Objects MIB u cesesestectestestesesessesteses 33 42 48 Access Authentication Objects MIB access statement usage guidelineS sssesssesseriserrrssrreesrresrrrerrresrresrrrerere 148 access list STATEMENK ee ececcesesssessesestestestesessesteseeseesesnees 253 address statement SNMPYy3 soss uena AS 254 usage g
102. such as the MIB object name IDs and data type for the NMS You can download the Junos MIB package from the Enterprise Specific MIBs and Traps section of the Junos OS Technical Publications index page at http www juniper net techpubs software junos index html The Junos MIB package is available in zip and tar packages You can download the appropriate format based on your requirements The Junos MIB package contains two folders StandardMibs and JuniperMibs The StandardMibs folder contains the standard MIBs and RFCs that are supported on devices running the Junos OS whereas the JuniperMibs folder contains the Juniper Networks enterprise specific MIBs To load MIB files that are required for managing and monitoring devices running the Junos OS 1 Goto the Junos OS Technical Publications index page http www juniper net techpubs software junos index html 2 Click the tab that corresponds to the Junos OS Release for which you want to download the MIB files 3 Onthe selected tab click the plus sign that corresponds to the Enterprise Specific MIBs and Traps section to expand the section 4 Click the TAR or ZIP link that corresponds to the Enterprise MIBs link under the Enterprise Specific MIBs and Traps section to download the Junos MIB package 5 Decompress the file tar or zip using an appropriate utility Copyright 2015 Juniper Networks Inc 111 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for
103. table Copyright 2015 Juniper Networks Inc 99 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices For more information about system log messages see System Log Monitoring and Troubleshooting Guide for Security Devices Table 15 Standard Supported SNMP Version 2 Traps Defined in Trap Name Startup Notifications snmpTrapOID System Logging Severity Level Syslog Tag Supported On RFC 1907 coldStart 1 3 6 1 6 3 1 1 5 1 Critical SNMPD_TRAP_ All devices running Management COLD_START Junos OS Information Base fi a aia 2 of warmStart 1 3 6 1 6 3 1 1 5 2 Error SNMPD_TRAP_ All devices running the Simple WARM_START Junos OS Network Management Protocol authenticationFailure 1 3 6 1 6 3 1 1 5 5 Notice SNMPD_TRAP_ All devices running SNMPv2 GEN_FAILURE Junos OS Link Notifications RFC 2863 The linkDown 1 3 6 1 6 3 1 1 5 3 Warning SNMP_TRAP_ All devices running Interfaces Group LINK_DOWN Junos OS MIB linkUp 1 3 6 1 6 3 1 1 5 4 Info SNMP_TRAP_ All devices running LINK_UP Junos OS Remote Operations Notifications RFC 2925 pingProbeFailed 1 3 6 1 2 1 80 0 1 Info SNMP_TRAP_ All devices running Definitions of PING_PROBE_ Junos OS Managed Objects FAILED for Remote Ping He oute and pingTestFailed 1 3 6 1 2 1 80 0 2 Info SNMP_TRAP_PING_ All devices running Loo up TEST_FAILED Junos OS Operations pingTestCompleted 1 3 6 1 2 1 80 0 3 Info SNMP_TRAP_P
104. targets configured for that trap group The community string in the trap matches the name of the trap group If nothing is configured all the trap groups are examined and traps are sent using each group with the rmon alarm category set description is a text string that identifies the entry The type variable of an event entry specifies where the event is to be logged You can specify the type as one of the following log Adds the event entry to the logTable log and trap Sends an SNMP trap and creates a log entry none Sends no notification snmptrap Sends an SNMP trap The default for the event entry type is log and trap e Understanding RMON Alarms and Events Configuration on page 223 e Understanding RMON Alarms on page 219 Copyright 2015 Juniper Networks Inc Chapter 13 Configuring RMON Alarms and Events e Understanding RMON Events on page 221 Configuring an Alarm Entry and Its Attributes on page 224 Example Configuring an RMON Alarm and Event Entry on page 229 Example Configuring an RMON Alarm and Event Entry Supported Platforms LN Series M Series MX Series PTX Series T Series Configure an RMON alarm and event entry edit snmp rmon alarm 100 description input traffic on fxpO falling event index 100 falling threshold 10000 interval 60 rising event index 100 rising threshold 100000 sample type delta value startup alarm rising or falling alarm variable
105. techpubs en_US junos15 1x49 topics reference mibs mib jnx jsrpd txt For more information see Chassis Cluster MIB Configuration Management MIB Provides notification for configuration changes as SNMP traps Each trap contains the time at which the configuration change was committed the name of the user who made the change and the method by which the change was made A history of the last 32 configuration changes is kept in jnxCmChgEventTable For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx cfgmgmt txt For more information see Configuration Management MIB Destination Class Usage MIB Provides support for monitoring packet counts based on the ingress and egress points for traffic transiting your networks Ingress points are identified by input interface Egress points are identified by destination prefixes grouped into one or more sets known as destination classes One counter is managed per interface per destination class up to a maximum of 16 counters per interface Fora downloadable version of this MIB see Copyright 2015 Juniper Networks Inc 49 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 50 http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx dcu txt For more information see Destination Class Usage MIB DNS Objects MIB Provides support for monitoring DNS proxy qu
106. the Fourth Version of BGP BGP 4 Second Version For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx bgpmib2 txt For more information see BGP4 V2 MIB BFD MIB Provides support for monitoring Bidirectional Forwarding Detection BFD sessions For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx bfd txt For more information see Bidirectional Forwarding Detection MIB Chassis MIB Provides support for environmental monitoring power supply state board voltages fans temperatures and air flow and inventory support for the chassis System Control Board SCB System and Switching Board SSB Switching and Forwarding Model SFM Flexible PIC Concentrators FPCs and PICs Fora downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx chassis txt For more information see Chassis MIBs Configuration Management MIB Provides notification for configuration changes as SNMP traps Each trap contains the time at which the configuration change was committed the name of the user who made the change and the method by which the change was made A history of the last 32 configuration changes is kept in Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS jnxCmChgEventTable
107. the Media Access Control MAC address of the management interface on the router Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 The local engine ID is defined as the administratively unique identifier of an SNMPv3 engine and is used for identification not for addressing There are two parts of an engine ID prefix and suffix The prefix is formatted according to the specifications defined in RFC 3411 An Architecture for Describing Simple Network Management Protocol SNMP Management Frameworks You can configure the suffix here D NOTE SNMPv3 authentication and encryption keys are generated based on the associated passwords and the engine ID If you configure or change the engine ID you must commit the new engine ID before you configure SNMPv3 users Otherwise the keys generated from the configured passwords are based on the previous engine ID For the engine ID we recommend using the master IP address of the device if the device has multiple routing engines and has the master IP address configured Alternatively you can use the MAC address of the management port if the device has only one Routing Engine Related Complete SNMPv3 Configuration Statements on page 251 D tati OSUMENEANON e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Example SNMPv3 Configuration on page 139 Configuring SNMP Informs Supported Platforms ACX Series LN Series M Series MX Series PTX Series OFX S
108. when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters Configuring Triple DES To configure triple DES for an SNMPv3 user include the privacy 3des statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username privacy 3des privacy password privacy password privacy password is the password used to generate the key used for encryption SNMPv3 has special requirements when you create plain text passwords on a router or switch Copyright 2015 Juniper Networks Inc 147 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters Configuring No Encryption Related Documentation To configure no encryption for an SNMPv3 user include the privacy none statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username privacy none e Configuring the SNMPv3 Authentication Type on page 145 Defining Access Privileges for an SNMP Group on page 148 e Configuring the Access Privileges Granted to a Group on page 149 Assigning Security M
109. www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx user aaa txt For more information see AAA Objects MIB Access Authentication Objects MIB Provides support for monitoring firewall authentication including data about the users trying to access firewall protected resources and the firewall authentication service itself This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http Avww juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js auth txt For more information see Access Authentication Objects MIB Alarm MIB Provides support for alarms from the router For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx chassis alarm txt For more information see Alarm MIB ATM CoS MIB Provides support for monitoring Asynchronous Transfer Mode version 2 ATM2 virtual circuit VC class of service CoS configurations It also provides Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS CoS queue statistics for all VCs that have CoS configured For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx atm cos txt For more information see ATM Class of Service MIB BGP4 V2 MIB Contains objects Used to monitor BGP peer received pref
110. 0 SRX5600 and SRX5800 Services Gateways Supported Enterprise Specific MIBs on page 48 Enterprise Specific MIBs and Supported Devices on page 53 MIB Support Details on page 63 SNMP MIB Objects Supported by Junos OS for the Set Operation on page 73 Juniper Networks Enterprise Specific SNMP Traps on page 80 Juniper Networks Enterprise Specific SNMP Version 1 Traps on page 81 Juniper Networks Enterprise Specific SNMP Version 2 Traps on page 88 Standard SNMP Traps Supported on Devices Running Junos OS on page 95 Standard SNMP Version 1 Traps on page 96 Standard SNMP Version 2 Traps on page 99 Unsupported Standard SNMP Traps on page 106 Standard SNMP MIBs Supported by Junos OS Supported Platforms ACX Series EX Series M Series MX Series PTX Series SRX Series T Series Table 4 on page 14 contains the list of standard SNMP MIBs and RFCs that are supported on various devices running Junos OS RFCs can be found at http www ietf org Copyright 2015 Juniper Networks Inc 13 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices NOTE In this table a value of 1 in any of the platform columns M T MX EX and SRX denotes that the corresponding MIB is supported on that particular platform and a value of O denotes that the MIB is not supported on the platform Table 4 Standard MIBs Supported on Devices Running Junos OS Platforms IEEE 802 lab section 12 1 Link Layer Discovery 0 0 0 0
111. 015 Juniper Networks Inc Chapter 16 Configuration Statements routing instance Supported Platforms ACX Series EX Series LN Series M Series MX Series PTX Series SRX Series T Series Syntax routing instance routing instance name Hierarchy Level edit snmp community community name edit snmp community community name logical system logical system name edit snmp trap group group Release Information Statement introduced in Junos OS Release 8 3 Added to the edit snmp community community name hierarchy level in Junos OS Release 8 4 Added to the edit snmp community community name logical system logical system name hierarchy level in Junos OS Release 9 1 Statement introduced in Junos OS Release 9 1 for EX Series switches Description Specify a routing instance for SNMPvl and SNMPvz2 trap targets All targets configured in the trap group use this routing instance If the routing instance is defined within a logical system include the logical system logical system name statement at the edit snmp community community name hierarchy level and specify the routing instance statement Under the edit snmp community community name logical system logical system name hierarchy level Options _routing instance name Name of the routing instance Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring SNMP Trap Groups on pag
112. 1 6 O O O O O http Awwwijunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx l2tp txt LDP MIB 1 1 1 O 0 1 0 O 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx ldp txt License MIB i o o 0 http Avwwijunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx license txt Logical Systems MIB 0 o 0 O o 0 o 1 http Awwwjunipernet techpubs en_US junosi2 1 topics reference mibs mib jnxsys securityprofile txt MIMSTP MIB O 0 1 0 0 O O 0 http Avwwijuniper net techpubs en US junos121 topics reference mibs mib jnx mimstp txt 58 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 5 Enterprise Specific MIBs and Supported Devices continued Platforms Enterprise Specific MIB J MX EX PTX End Range End MPLS LDP MIB 1 0 1 0 O O http Avwwwjunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx mpls ldp txt MPLS MIB 1 1 1 1 1 1 0 0 1 http A vwwijuniper net techpubs en US junosl21 topics reference mibs mib jnx mpls txt MVPN MIB 1 1 1 1 1 1 NAT Objects MIB O 0 O 0 1 O 1 1 http Avwwijuniper net techpubs en US junos121 topics reference mibs mib jnx js nat txt NAT Resources Monitoring MIB 1 1 1 0 0 0 0 8 http Awwwjunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx sp nat txt OTN
113. 1 1 1 0 O for IPv4 NOTE In Junos OS RFC 2934 is implemented based on a draft version pimmib mib of the now standard RFC Support for the pimNeighborLoss trap was added in Release 11 4 RFC 2981 Event MIB 1 0 0 0 O RFC 3014 Notification Log MIB 1 1 0 0 0 0 RFC 3019 IP Version 6 Management Information O 1 0 1 0 0 Base for The Multicast Listener Discovery Protocol RFC 3410 Introduction and Applicability 1 1 1 1 0 0 1 Statements for Internet Standard Management Framework RFC 3411 An Architecture for Describing Simple 1 1 1 1 1 1 0 0 1 Network Management Protocol SNMP Management Frameworks NOTE RFC 341 replaces RFC 2571 However Junos OS supports both RFC 3411 and RFC 2571 RFC 3412 Message Processing and Dispatching 1 1 o o 1 for the Simple Network Management Protocol SNMP NOTE RFC 3412 replaces RFC 2572 However Junos OS supports both RFC 3412 and RFC 2572 RFC 3413 Simple Network Management Protocol 1 1 1 1 1 1 1 0 1 SNMP Applications except for the Proxy MIB RFC 3414 User based Security Model USM for 1 1 1 1 1 1 0 0 1 version 3 of the Simple Network Management Protocol SNMPv3 RFC 3415 View based Access Control Model 1 1 1 1 1 1 0 0 1 VACM for the Simple Network Management Protocol SNMP 22 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 4 St
114. 1 2 1 9 jnxPingCtlEgressTimeThreshold 1 3 6 1 4 1 2636 3 7 1 2 1 10 jnxPingCtlEgressStdDevThreshold 1 3 6 1 4 1 2636 3 7 1 2 1 11 jnxPingCtlEgressJitterThreshold 1 3 6 1 4 1 2636 3 7 1 2 1 12 jnxPingCtlIngressTimeThreshold 1 3 6 1 4 1 2636 3 7 1 2 1 13 jnxPingCtlIngressStdDevThreshold 1 3 6 1 4 1 2636 3 7 1 2 1 14 jnxPingCtlingressJitterThreshold 1 3 6 1 4 1 2636 3 7 1 2 1 15 jnxPingTrapGeneration 1 3 6 1 4 1 2636 3 7 1 2 1 16 Enterprise Specific Traceroute MIB jnxTRCtlIfName 1 3 6 1 4 1 2636 3 8 1 2 1 3 jnxTRCtlRoutingInstanceName 1 3 6 1 4 1 2636 3 8 1 2 1 4 RFC 3413 Target MIB snmptTargetSpinLock 1 3 6 1 6 3 12 1 1 snmpTargetAddrTDomain 1 3 6 1 6 3 12 1 2 1 2 snmpTargetAddrTAddress 1 3 6 1 6 3 12 1 2 1 3 snmpTargetAddrTimeout 1 3 6 1 6 3 12 1 2 1 4 snmpTargetAddrRetryCount 1 3 6 1 6 3 12 1 2 1 5 snmpTargetAddrTagList 1 3 6 1 6 3 12 1 2 1 6 snmpTargetAddrParams 1 3 6 1 6 3 12 1 2 1 7 snmpTargetAddrStorageType 1 3 6 1 6 3 12 1 2 1 8 snmpTargetAddrRowStatus 1 3 6 1 6 3 12 1 2 1 9 snmpTargetParamsMPModel 1 3 6 1 6 3 12 1 3 1 2 Copyright 2015 Juniper Networks Inc 77 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 11 SNMP MIB Objects continued Object Name Object Identifier snmpTargetParamsSecurityModel 1 3 6 1 6 3 12 1 3 1 3 snmpTargetParamsSecurityLevel 1 3 6 1 6 3 12 1 3 1 4 snmpTargetParamsSecurityName 1 3 6 1 6 3 12 1 3 1 5 s
115. 1 2636 4 1 5 Notice CHASSISD_SNMP_ All devices running Junos TRAP OS 88 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 13 Juniper Networks Enterprise Specific Supported SNMP Version 2 Traps continued System Logging Severity Source MIB Trap Name snmpTrapOID Level System Log Tag Supported On jnxFrulnsertion 1 3 6 1 4 1 2636 4 1 6 Notice CHASSISD_SNMP_ All devices running Junos TRAP OS jnxFruPowerOff 1 3 6 1 4 1 2636 4 1 7 Notice CHASSISD_SNMP__ All devices running Junos TRAP OS jnxFruPowerOn 1 3 6 1 4 1 2636 4 1 8 Notice CHASSISD_SNMP_ All devices running Junos TRAP Os jnxFruFailed 1 3 6 1 4 1 2636 4 1 9 Warning CHASSISD_SNMP__ All devices running Junos TRAP OS jnxFruOffline 1 3 6 1 4 1 2636 4 1 10 Notice CHASSISD_SNMP__ All devices running Junos TRAP os jnxFruOnline 1 3 6 1 4 1 2636 4 1 11 Notice CHASSISD_SNMP_ All devices running Junos TRAP os jnxFruCheck 1 3 6 1 4 1 2636 4 1 12 Notice CHASSISD_SNMP__ All devices running Junos TRAP os jnxFEBSwitchover 1 3 6 1 4 1 2636 4 1 13 Notice CHASSISD_SNMP__ All devices running Junos TRAP os jnxHardDiskFailed 1 3 6 1 4 1 2636 4 1 14 Notice CHASSISD_SNMP__ All devices running Junos TRAP os jnxHardDiskMissing 1 3 6 1 4 1 2636 4 1 15 Notice CHASSISD_SNMP__ All devices running Junos TRAP os jPowesSuppyOK 1 3 6 1 4 1 2636 4 2 1 Critical CHASSISD_ All devices running SNMP_ Junos OS TRAP j
116. 2 e Configuring the Inform Notification Type and Target Address on page 170 Configuring the SNMPv3 Trap Notification Supported Platforms M Series MX Series PTX Series OFX Series T Series The notify statement specifies the type of notification trap and contains a single tag The tag defines a set of target addresses to receive a trap The tag list contains one or more tags and is configured at the edit snmp v3 target address target address name hierarchy level If the tag list contains this tag Junos OS sends a notification to all the target addresses associated with this tag To configure the trap notifications include the notify statement at the edit snmp v3 hierarchy level edit snmp v3 notify name tag tag name type trap name is the name assigned to the notification Copyright 2015 Juniper Networks Inc 159 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation tag name defines the target addresses to which this notification is sent This notification is sent to all the target addresses that have this tag in their tag list The tag name is not included in the notification trap is the type of notification NOTE Each notify entry name must be unique Junos OS supports two types of notification trap and inform For information about how to configure the tag list see Configuring the Trap Target Address on page 162 e Configuring SNM
117. 2015 Juniper Networks Inc 333 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices type Supported Platforms EX Series LN Series M Series MX Series PTX Series T Series Syntax type type Hierarchy Level edit snmp rmon event index Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Type of notification generated when a threshold is crossed Options type Type of notification log Add an entry to logTable log and trap Send an SNMP trap and make a log entry e none No notifications are sent snmptrap Send an SNMP trap Default log and trap Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring an Event Entry and Its Attributes on page 228 Documentation 334 Copyright 2015 Juniper Networks Inc user Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements LN Series M Series MX Series PTX Series OFX Series T Series user username edit snmp v3 usm local engine edit snmp v3 usm remote engine engine id Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches State
118. 3 6 1 2 1 81 1 2 1 10 traceRouteCtlDSField 1 3 6 1 2 1 81 1 2 1 11 traceRouteCtlSourceAddressType 1 3 6 1 2 1 81 1 2 1 12 traceRouteCtlSourceAddress 1 3 6 1 2 1 81 1 2 1 13 traceRouteCtlifIndex 1 3 6 1 2 1 81 1 2 1 14 traceRouteCtlMiscOptions 1 3 6 1 2 1 81 1 2 1 15 traceRouteCtlMaxFailure 1 3 6 1 2 1 81 1 2 1 16 traceRouteCtlDontFragment 1 3 6 1 2 1 81 1 2 1 17 traceRouteCtlinitialTtl 1 3 6 1 2 1 81 1 2 1 18 traceRouteCtlFrequency 1 3 6 1 2 1 81 1 2 1 19 traceRouteCtlStorageType 1 3 6 1 2 1 81 1 2 1 20 traceRouteCtlAdminStatus 1 3 6 1 2 1 81 1 2 1 21 traceRouteCtlDescr 1 3 6 1 2 1 81 1 2 1 22 traceRouteCtIMaxRows 1 3 6 1 2 1 81 1 2 1 23 traceRouteCtlTrapGeneration 1 3 6 1 2 1 81 1 2 1 24 traceRouteCtlCreateHopEntries 1 3 6 1 2 1 81 1 2 1 25 traceRouteCtlType 1 3 6 1 2 1 81 1 2 1 26 traceRouteCtlRowStatus 1 3 6 1 2 1 81 1 2 1 27 Enterprise Specific PING MIB jnxPingCtlifName 1 3 6 1 4 1 2636 3 7 1 2 1 3 jnxPingCtlRoutinglfindex 1 3 6 1 4 1 2636 3 7 1 2 1 4 jnxPingCtlRoutinglfName 1 3 6 1 4 1 2636 3 7 1 2 1 5 jnxPingCtlRoutingIinstanceName 1 3 6 1 4 1 2636 3 7 1 2 1 6 76 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 11 SNMP MIB Objects continued Object Name Object Identifier jnxPingCtlRttThreshold 1 3 6 1 4 1 2636 3 7 1 2 1 7 jnxPingCtlIRttStdDevThreshold 1 3 6 1 4 1 2636 3 7 1 2 1 8 jnxPingCtlRttJitterThreshold 1 3 6 1 4 1 2636 3 7
119. 313 e security model Access Privileges on page 314 security model Group on page 315 e security model SNMP Notifications on page 316 e security name Community String on page 317 security name Security Group on page 318 e security name SNMP Notifications on page 319 e security to group on page 320 snmp on page 320 e source address on page 321 snmp community on page 322 startup alarm on page 323 e syslog subtag on page 324 tag on page 324 e tag list on page 325 target address on page 326 target parameters on page 327 e targets on page 328 timeout on page 328 traceoptions SNMP on page 329 e trap group on page 331 trap options on page 332 e type on page 333 type on page 334 e user on page 335 usm on page 336 e v3 on page 338 Copyright 2015 Juniper Networks Inc 247 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices e vacm on page 340 e variable on page 341 e version on page 341 e view Associating a MIB View with a Community on page 342 view Configuring a MIB View on page 343 e write view on page 344 Configuration Statements at the edit snmp Hierarchy Level Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series This topic shows all possible configuration statements at the edit snmp hierarchy level and their level in the configuration hierarchy When you are configuring Junos OS you
120. 4 CPS IPv6 CPS current total IPv4 session number and current total IPv6 session number of both node O and node 1 The screen group includes screen statistics of a specified zone The SPU group includes CPU usage memory usage current flow session number current CP session number IPv4 session number IPv6 session number CP IPv4 session number and CP IPv6 session number of the SPU Generating Raw MIB OID from a Policy on page 205 Generating Vital Data from an Interface Supported Platforms SRX Series You can monitor the statistics of interface ge 0 0 0 by first obtaining the SNMP iflndex from the interface userGhost gt show interfaces ge 0 0 0 Physical interface ge 0 0 0 Enabled Physical link is Up Interface index 134 SNMP ifIndex 509 In this output the 509 value is the index of ge 0 0 0 in the interface MIB table By combining this index value with the interface MIB tables the vital data of the interface can be periodically collected For example combine the 509 index with the iflnErrors interface MIB table to collect the In Error data of interface ge 0 0 0 by using the following command Copyright 2015 Juniper Networks Inc 207 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation edit userGhost set system log vital add 7fInErrors 509 comment In Err of ge 0 0 0 The output for the command is In Err of ge 0 0 0 100 The following interfa
121. 44 49 contact STATEMENL ecccsesecsesessssesessssessssssessesessssessesseeeeeeees 269 usage SUICELINGS ce ceeeccssessseessseseseseeseseseseeseseseeseeesens 118 conventions text and SyntaX s sesseeserserrssrrissrrsnrissrrenrrenrrrnrrenrresrn xvii curly braces in configuration statements xviii CUSTOMES SUPPOS ceseseseseseseessssescscssseeeeeessesesseesteesesesees xix GCOMPSACTIMS JIA Ci asidat davies sodesicvearstatscusivcs Warstascscotiuactaaels xix 367 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices D description statement RMON sinnn A 270 usage guidelines Alarms 225 usage guidelines events SNM PE teers totrsaroa eerie a cies usage BUIGELINGS ee ceeccssesesessesesseseseeseseseeeees Destination Class Usage MIB cesses destination port statement SINR enters AAE EE 270 usage BUICGELINGS 0 cesesessesessesesesesesesseseeseseseeseee 132 DHCP MIB ccsssessessessssessssesssseeseenes 232 Digital Optical Monitoring MIB eects 32 DNS Objects MIB ernek 33 44 50 documentation COMMENTS Oisian xix E engine id statement SNM PVJ nirea ein ee ees 271 usage guidelineS ssesssereriresrresrrrerrresrrerrrerrn 156 enterprise oid StatemMent s eeesseresrieereresrrrerrrsrrreerrenenres 272 enterprise specific MIBs listed 37 42 48 enterprise specific traps SNMP VEISION Tircdrap rn iA RR RRR ARGE 81 VEFSION Zirai i a 88 Ethernet MAC MIB
122. 53 V V3 STALEMO NE sccsctstrsctiiicisdecdniese unis 338 usage SUIGSLIMNES x iecccsasiiaieg darts oeaeddadhniiaeaeentels 251 Vac Statenne mt sinsn2ceevuwi nie en 340 WUSASS SUIDE NIMES iciescccesscecacvasens dove seca teeeteh ic inna 148 Copyright 2015 Juniper Networks Inc Var lOs MiIb2 flensan VAL LOG SNIMPA FilC oe escsccssescscssesessesescesescsseseseesestseeseseeseeees Variable statement ciscscundaciiiewdieianien aes usage SUIGELINGS ccc ceescssessseeseseeseseseeseetseseseeseees variable length string indexes version statement SNMP oiean T O ana natin 341 usage guidelineS s ssseseserserrssrrisrrrsrrrerrrrerrrern 132 view statement SNMP associating with community 342 usage guidelineS s ssessserssrrisrrrsrrresrrrerrrerrrrerrn 120 SNMP configuring MIB vi W 343 usage guidelineS eseserieerrrerrrsrrreerrrsrrrserrs 126 views MIB SNMP Siesa 126 186 VPN Certificate Objects MIB seen 42 48 53 W write view statement usage guidelines Copyright 2015 Juniper Networks Inc Index 373 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 374 Copyright 2015 Juniper Networks Inc
123. 8 44 47 JST Configuration 1 30 70 85 Monitor Inter Mod High Crit Action Usage Trail 76 76 76 78 78 78 78 78 78 78 Top and Growing Consumer Top Consumer Usage Growth flowd_octeon_hm 252 2 idle cpud 34 34 av_worker 3 2 Growing Consumer Usage Growth idle cpud 34 34 flowd_octeon_hm 252 2 av_worker 3 2 Load averages 2 01 1 min Resource CPU jnxOperatingCPU 9 1 0 0 Event Critical Rising 85 Configuration 1 70 5 min 2 01 15 min 2013 04 10 18 43 28 JST 1 30 70 85 Monitor Inter Mod High Crit Action Usage Trail 85 85 85 84 84 84 84 84 84 84 Top and Growing Consumer Top Consumer Usage Growth flowd_octeon_hm 250 1 syshmd 14 0 cli 8 0 av_worker 2 0 av_worker 1 0 Load averages 3 26 1 min Resource CPU jnxOperatingCPU 9 1 0 0 Event High Rising 72 Configuration 1 69 5 min 3 26 15 min 2013 04 10 18 43 28 JST 1 30 70 85 Monitor CInter Mod High Crit Action Usage Trail 72 69 69 69 69 69 69 69 69 69 Top and Growing Consumer Top Consumer Flowd_octeon_hm 354 Usage 251 Growth 4 Copyright 2015 Juniper Networks Inc Chapter 17 Operational Commands init 14 14 syshmd 14 14 cli 8 8 av_worker 2 2 Growing Consumer Usage Growth syshmd 14 14 init 14 14 cli 8 8 flowd_octeon_hm 251 4 av_worker 2 2 Load averages 3 26 1 min 1 69 5 min 3 26 15 min Resource Var cf var jnxHrStoragePercentUsed 5 E
124. 96 Table 15 Standard Supported SNMP Version 2 TrapS 000 eee eee 100 Table 16 Unsupported Standard SNMP TrapsS 0 0 00 cee eee eee 107 Configuring SNMPV3 wsiiesseed seis drano taaten s Gheseeaw iuede oe as 137 Table 17 Values to Use in Example nananana annaa ee eae 174 Configuring Remote OperationS 00 c cece eee eens 185 Table 18 Results in pingProbeHistoryTable After the First Ping Test 193 Table 19 Results in pingProbeHistoryTable After the First Probe of the Second T6St occu beta d ddad a ETA dive whedaatebamiaGe ciate eden aatee newes 193 Table 20 Results in pingProbeHistoryTable After the Second Ping Test 194 Tracing SNMP AGCtivity vs veidstadacsweetewerseaerneve cand Ea Ea 197 Table 21 SNMP Tracing Flags 0 eee eae 199 Remote Monitoring RMON with SNMP Monitoring RMON Alarms and EventsS cece cece e eee eee eae 231 Copyright 2015 Juniper Networks Inc xiii SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices xiv Part 4 Chapter 15 Part 5 Chapter 17 Table 22 RMON Event Tale serieren merens anra Eea pra e an eo a eee 233 Table 23 RMON Alarm Ta Dle rres iore 22666 eo ehant eee nE ANE Peed EA 233 Table 24 jnxRmon Alarm Extensions 0000 00 cece eee eae 234 Health Monitoring with SNMP Configuring Health Monitoring 20 cece cece eee eee eee 239 Table 25 Monitored Object Instances 2 0 0 cee 240 Confi
125. AD Esa arcuunctd scane te sak Oe ot ee oe ha to ae BoE eS 221 Chapter 13 Configuring RMON Alarms and EventsS 00cc cece e eee eens 223 Understanding RMON Alarms and Events Configuration 223 Configuring an Alarm Entry and Its Attributes 000 0c eee 224 Configuring the Alarm Entry 0 0 0 ccc eee eee 224 Configuring the Description 0 eee ene 225 Configuring the Falling Event Index or Rising Event Index 225 Configuring the Falling Threshold or Rising Threshold 225 Configuring the Interval 0 eee eens 226 Configuring the Falling Threshold Interval 0 0 0 0 cece 226 Configuring the Request Type rruar rnanan 226 Configuring the Sample Type 0 eee ee eee 227 Configuring the Startup Alarm eee 227 Configuring the System Log Tag eee eee 227 Configuring the Variables sc ac goo ke eed gee deka ae ead a eee eee 228 Configuring an Event Entry and Its Attributes 0 2 2 0 000 00 eee eee 228 Example Configuring an RMON Alarm and Event Entry 0 229 Example Configuring Health Monitoring 0 00 ee eee 229 Chapter 14 Monitoring RMON Alarms and Events 000c cece eee eee 231 Understanding RMON for Monitoring Service Quality n nananana annaa 231 Seting Thresholds ssi erint puede akon E e EE EE E ES 231 RMON Command Line Interface a an uuaa nuanua eee 232 RMON Event Table s ii seaaner
126. B Contains object identifiers OIDs for the security branch of the MIBs used in Junos OS for SRX Series devices product services and traps This MIB is currently supported only by Junos OS for SRX Series devices It also explains how the Juniper Networks enterprise specific MIBs are structured For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js smi txt For more information see Structure of Management Information MIB e Access Authentication Objects MIB Provides support for monitoring firewall authentication including data about the users trying to access firewall protected resources and the firewall authentication service itself This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js auth txt For more information see Access Authentication Objects MIB Alarm MIB Provides support for alarms from the router For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx chassis alarm txt For more information see Alarm MIB BGP4 V2 MIB Contains objects used to monitor BGP peer received prefix counters It is based upon similar objects in the MIB documented in Internet draft draft ietf idr bgp4 mibv2 03 txt Definitions of Managed Objects for
127. C 2787 vrrpTrapNewMaster 1 3 6 1 2 1 68 6 1 Warning VRRPD_NEW All devices running Definitions MASTER_TRAP Junos OS of Managed Objects for WeptrapAuthFailure 1 3 61 21 68 6 2 Warning VRRPD_AUTH_ All devices running the Virtual FAILURE _TRAP Junos OS Router Redundancy Protocol RFC 6527 vrrpv3NewMaster 1 3 6 1 2 1 207 6 Warning VRRPD_NEW_MASTER Mand MX Definitions of Managed vy rrpv3ProtoError 1 3 6 1 2 1 207 6 2 Warning VRRPD V3PROTOERROR Mand MX Objects for the Virtual Router Redundancy Protocol Version 3 VRRPv3 Related Juniper Networks Enterprise Specific SNMP Traps on page 80 Documentation e Standard SNMP Traps Supported on Devices Running Junos OS on page 95 Juniper Networks Enterprise Specific MIBs on page 32 Standard SNMP MIBs Supported by Junos OS on page 13 e Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 128 Managing Traps and Informs on page 213 Standard SNMP Version 2 Traps Supported Platforms ACX Series M Series MX Series PTX Series SRX Series T Series Table 15 on page 100 provides an overview of the standard SNMPv2 traps supported by the Junos OS The traps are organized first by trap category and then by trap name and include their snmpTrapOID The system logging severity levels are listed for those traps that have them with their corresponding system log tag Traps that do not have corresponding system logging severity levels are marked with an en dash in the
128. Chapter 6 Chapter 8 Chapter 9 Part 3 Chapter 14 AbOUT the DOCUMENTALION 6 cui is sinets ansieae siioni ow enws eae eres ews XV Table t NOCe ICONS nts ou cueew ner eaetet needs Daner Gow eKeeadeeadeldewhe xvii Table 2 Text and Syntax Conventions n se saaara raaa reer xviii Overview Introduction to Device Management 0 ce cece eee eee eee eee 3 Table 3 Device Management Features inJUNOS OS 0 eee 4 Network Monitoring Using SNMP SNMP MIBs and Traps Supported by JUNOS OS 0 0c cece eee 13 Table 4 Standard MIBs Supported on Devices Running JunosOS 14 Table 5 Enterprise Specific MIBs and Supported Devices 0 54 Table 6 MIB Support for Routing Instances Juniper Networks MIBs 63 Table 7 Class 1 MIB Objects Standard and Juniper MIBs 05 67 Table 8 Class 2 MIB Objects Standard and Juniper MIBs Zl Table 9 Class 3 MIB Objects Standard and Juniper MIBs 72 Table 10 Class 4 MIB Objects Standard and Juniper MIBs 73 Table 11 SNMP MIB ObjectS 1 0 ccc eee eee eee 73 Table 12 Juniper Networks Enterprise Specific Supported SNMP Version 1 MADS sasra a oe es 5 S E ae S E SS VEE E 81 Table 13 Juniper Networks Enterprise Specific Supported SNMP Version 2 MAPS sic see asttes tor yey d Sag ArT Eno Sis Sm fo REE a IO PRENS ERES 88 Table 14 Standard Supported SNMP Version 1 TrapS 000000s
129. Collections on page 204 Documentation Generating Vital Data from an Operating Component Supported Platforms SRX Series You can monitor the vital data of an operating component For example to monitor the temperature of the SPC component located at slot 3 of node O enter the following command user host gt show snmp mib walk jnxOperatingDescr match SPC 3 jnxOperatingDescr 7 4 0 0 nodeO FPC SRX5k SPC 3 jnxOperatingDescr 7 10 0 0 nodel FPC SRX5k SPC 3 In the output the SPC index at slot 3 of node O in the operating MIB table is 7 4 0 0 By combining the 7 4 0 0 index with operating MIB table jnxOperatingTemp the temperature of SPC at slot 3 of node O can be monitored by using the following command edit user host set system log vital add jnxOperating Temp 7 4 0 0 comment Temperature of nodeO SPC 3 Related Generating Vital Data from a Screen on page 210 Documentation Generating Vital Data from a Screen Supported Platforms SRX Series The screen group collects all screen statistics of a specified zone However it can only collect some of the statistics rather than all statistics For example consider the following screen configuration where the number of UDP flood attacks in the untrust zone is to be monitored user host gt show configuration security screen ids option zone syn flood tcp syn flood timeout 20 210 Copyright 2015 Juniper Networks Inc Chapt
130. D NOTE To query a routing instance or a logical system Configuring the Security Names To assign a community string to a security name include the security name statement at the edit snmp v3 snmp community community index hierarchy level edit snmp v3 snmp community community index security name security name security name is used when access control is set up The security to group configuration at the edit snmp v3 vacm hierarchy level identifies the group D NOTE This security name must match the security name configured at the edit snmp v3 target parameters target parameters name parameters hierarchy level when you configure traps Configuring the Tag To configure the tag include the tag statement at the edit snmp v3 snmp community community index hierarchy level edit snmp v3 snmp community community index tagtag name tag name identifies the address of managers that are allowed to use a community string Related Creating SNMPv3 Users on page 138 D tati Ocumentanon Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Example SNMPv3 Community Configuration on page 169 Example SNMPv3 Community Configuration Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Define an SNMP community edit snmp v3 snmp community index community name 9 JOZi OF AtOz3 SECRET DATA security name j
131. Guide for Security Devices Monitoring a Running Ping Test Supported Platforms pingResults Table 190 LN Series SRX Series When pingCtlAdminStatus is successfully set to enabled the following is done before the acknowledgment of the SNMP Set request is sent back to the client pingResultsEntry is created if it does not already exist pingResultsOperStatus transitions to enabled For more information see the following sections pingResultsTable on page 190 e pingProbeHistoryTable on page 191 Generating Traps on page 192 While the test is running pingResultsEntry keeps track of the status of the test The value of pingResultsOperStatus is enabled while the test is running and disabled when it has stopped The value of pingCtLAdminStatus remains enabled until you set it to disabled Thus to get the status of the test you must examine pingResultsOperStatus The pingCtlFrequency variable can be used to schedule many tests for one pingCtlEntry After a test ends normally you did not stop the test and the pingCtlFrequency number of seconds has elapsed the test is started again just as if you had set pingCtLAdminStatus to enabled If you intervene at any time between repeated tests you set pingCtlAdminStatus to disabled or pingCtLRowStatus to notInService the repeat feature is disabled until another test is started and ends normally A value of O for pingCtlFrequency indicates this repeat feature is not active
132. ING_ All devices running TEST_COMPLETED Junos OS traceRoutePathChange _ 1 3 6 1 2 1 81 0 1 Info SNMP_TRAP_TRACE_ All devices running ROUTE_PATH_ Junos OS CHANGE traceRouteTestFailed 1 3 6 1 2 1 81 0 2 Info SNMP_TRAP_TRACE_ All devices running ROUTE_TEST_FAILED Junos OS traceRouteTestCompleted 1 3 6 1 2 1 81 0 3 Info SNMP_TRAP_TRACE_ All devices running ROUTE_TEST_ Junos OS COMPLETED RMON Alarms sss 100 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 15 Standard Supported SNMP Version 2 Traps continued System Logging Severity Defined in Trap Name snmpTrapOID Level Syslog Tag Supported On RFC2819a RMON fallingAlarm 1 3 6 1 2 1 16 0 1 All devices running MIB Junos OS risingAlarm 1 3 6 1 2 1 16 0 2 a All devices running Junos OS Routing Notifications a E E AE E ee BGP 4 MIB bgpEstablished 1 3 6 1 2 1 15 7 1 All devices running Junos OS bgpBackwardTransition 1 3 6 1 2 1 15 7 2 All devices running Junos OS Copyright 2015 Juniper Networks Inc 101 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 15 Standard Supported SNMP Version 2 Traps continued System Logging Severity Defined in Trap Name snmpTrapOID Level Syslog Tag Supported On a a Se ee es OSPF Trap MIB ospfVirtlfStateChange 1 3 6 1 2 1 14 16 2 1 All devices running Junos OS ospfNbrSta
133. Introduction to Device Management Table 3 Device Management Features in Junos OS continued Task Junos OS Feature Security management Assure security in your network in the following ways Control access to the router and authenticate users For more information about access control and user authentication see the Junos OS User Authentication Library for Security Devices e Control access to the router using SNMPv3 and SNMP over IPv6 For more information see Configuring the Local Engine ID on page 156 and Tracing SNMP Activity on a Device Running Junos OS on page 197 Related Understanding the SNMP Implementation in Junos OS on page 9 D mentation ocumentation Accounting Options Overview Understanding the Integrated Local Management Interface Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series The Integrated Local Management Interface ILMI provides a mechanism for Asynchronous Transfer Mode ATM attached devices such as hosts routers and ATM switches to transfer management information ILMI provides bidirectional exchange of management information between two ATM interfaces across a physical connection ILMI information is exchanged over a direct encapsulation of SNMP version 1 RFC 1157 A Simple Network Management Protocol over ATM Adaptation Layer 5 AAL5 using a virtual path identifier virtual channel identifier VPI VCI value VPI 0 VCI 16 Junos OS suppo
134. JUNIP EL NETWORKS Junos OS SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 15 1X49 D10 Modified 2015 06 18 Copyright 2015 Juniper Networks Inc Juniper Networks Inc 1133 Innovation Way Sunnyvale California 94089 USA 408 745 2000 www juniper net Juniper Networks Junos Steel Belted Radius NetScreen and ScreenOS are registered trademarks of Juniper Networks Inc in the United States and other countries The Juniper Networks Logo the Junos logo and JunosE are trademarks of Juniper Networks Inc All other trademarks service marks registered trademarks or registered service marks are the property of their respective owners Juniper Networks assumes no responsibility for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice Junos OS SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 15 1X49 D10 Copyright 2015 Juniper Networks Inc All rights reserved The information in this document is current as of the date on the title page YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant Junos OS has no known time related limitations through the year 2038 However the NTP application is known to have some difficulty in the year 2036 END USER LICENSE AGREEMENT The Juniper Networks product that is the subje
135. Junos OS Release 11 1 for QFX Series switches Define a list of SNMP clients client list name Name of the client list ip addresses P addresses of the SNMP clients to be added to the client list snmp To view this statement in the configuration snmp control To add this statement to the configuration e Adding a Group of Clients to an SNMP Community on page 166 Copyright 2015 Juniper Networks Inc client list name Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements ACX Series EX Series M Series MX Series PTX Series SRX Series T Series client list name client list name edit snmp community community name Statement introduced in Junos OS Release 8 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for FX Series switches Add a client list or prefix list to an SNMP community client list name Name of the client list or prefix list snmp To view this statement in the configuration snmp control To add this statement to the configuration e Adding a Group of Clients to an SNMP Community on page 166 Copyright 2015 Juniper Networks Inc 263 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices clients Supported Platforms Syntax Hierarchy Level Releas
136. Junos OS on page 115 e Configuring the System Location for a Device Running Junos OS on page 118 Configuring the System Description on a Device Running Junos OS on page 119 Configuring the System Name on page 119 Configuration Statements at the edit snmp Hierarchy Level on page 248 Configuring the System Location for a Device Running Junos OS Supported Platforms 18 Related Documentation ACX Series LN Series M Series MX Series PTX Series SRX Series T Series You can specify the location of each system being managed by SNMP This string is placed into the MIB II sysLocation object To configure a system location include the location statement at the edit snmp hierarchy level edit snmp location location If the location contains spaces enclose it in quotation marks To specify the system location edit snmp location Row 11 Rack C e Configuring SNMP on a Device Running Junos OS on page 115 e Configuring the System Contact on a Device Running Junos OS on page 118 Configuring the System Description on a Device Running Junos OS on page 119 e Configuring the System Name on page 119 Copyright 2015 Juniper Networks Inc Chapter 5 Configuring SNMP Configuration Statements at the edit snmp Hierarchy Level on page 248 Configuring the System Description on a Device Running Junos OS Supported Platforms ACX Series LN Series M Series MX Series PTX Series SRX Series T Seri
137. MIBs Supported on Devices Running Junos OS continued Platforms O 1 1 1 O Internet draft draft ietf atommib sonetaps mib 10 txt Definitions of Managed Objects for SONET Linear APS Architectures as defined under the Juniper Networks enterprise branch jnxExperiment only Internet draft draft ieft bfd mib O2 txt 1 1 O ie o 1 Bidirectional Forwarding Detection Management Information Base Represented by mib jnx bfd exp txt and implemented under the Juniper Networks enterprise branch jnxExperiment Read only Includes bfdSessUp and bfdSessDown traps Does not support bfdSessPerfTable and bfdSessMapTable Internet draft draft ietf lI3vpn mvpn mib O3 txt O 1 1 0 0 0 0 0 MPLS BGP Layer 3 VPN Multicast Management Information Base Implemented under the Juniper Networks enterprise branch jnxExperiment OID for jnxMvpnExperiment is 1 3 6 1 4 1 2636 5 12 Read only Includes jnxMvpnNotifications traps Internet draft draft ietf idmr igmp mib 13 txt 0 1 1 1 1 1 0 0 1 Internet Group Management Protocol IGMP MIB Internet draft 1 1 o o 1 draft reeder snmpv3 usm 3desede 00 txt Extension to the User Based Security Model USM to Support Triple DES EDE in Outside CBC Mode Internet draft draft ietf isis wg mib 07 txt 1 1 1 1 1 1 1 0 O Management Information Base for IS IS only isis SAdjTable isisiSAdjAreaAddrTable isisISAdjlPAddrTable and isisISAdjProtSuppTab
138. MON MIB Event Alarm Log and History Control Tables Monitoring RMON MIB Tables Understanding RMON 256 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements authentication md5 Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation LN Series M Series MX Series PTX Series OFX Series T Series authentication md5 authentication password authentication password edit snmp v3 usm local engine user username edit snmp v3 usm remote engine engine id user username Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure MD5 as the authentication type for the SNMPv3 user D NOTE You can only configure one authentication type for each SNMPv3 user The remaining statement is explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring MD5 Authentication on page 145 Copyright 2015 Juniper Networks Inc 257 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices authentication none Supported Platforms ACX Series M Series MX Series PTX Series OFX Series SRX Series T Series Syntax authentication none Hierarchy Level edit snmp v3 usm local
139. MP MIBS OvervieW Es 5 52500 to dco 50 weed Sian ok mtd ih cealan gd erated bgrdderas be pe 9 Understanding the SNMP Implementation in Junos OS 00008 9 SNMP AtChiteCtUre lt lt cis cloc ag eaiulaied ad aneac eacan aeacaw Gos eed abet ands 9 SNMP MBS s 5 c6 2085 bdtod Red eos RBM MEE AAs SLMS Le RES NS ELS 10 SNMP Traps and Informs 2 0 cee eens 10 Jungs OS SNMP Agent Features cdi natoxa twee waco A Daane aon waa wR 12 SNMP MIBs and Traps Supported by JUNOS OS 0000 eee 13 Standard SNMP MIBs Supported by JUNOS OS 1 cee 13 Juniper Networks Enterprise Specific MIBS 0 0 0 eee 32 List of SRX100 SRX210 SRX220 SRX240 SRX550 and SRX650 Services Gateways Supported Enterprise Specific MIBS 0 0000 Bf List of SRX1400 SRX3400 and SRX3600 Services Gateways Supported Enterprise Specific MIBS 0 0 0 ccc ee eee eee 42 List of SRX5400 SRX5600 and SRX5800 Services Gateways Supported Enterprise Specific MIBS 0 0 0 0 ccc eee eee ee 48 Enterprise Specific MIBs and Supported Devices 000 cee eee 53 MIB Support Details n n annaa anaana 63 SNMP MIB Objects Supported by Junos OS for the Set Operation 73 Juniper Networks Enterprise Specific SNMP TrapsS 0 0000 renun 80 Juniper Networks Enterprise Specific SNMP Version 1 TrapS 0 81 Juniper Networks Enterprise Specific SNMP Version 2 TrapS 0 88 Copyright 2015 Jun
140. NMP community used when the notification is generated Copyright 2015 Juniper Networks Inc 165 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation D NOTE The access privileges for the group associated with a security name must allow this notification to be sent If you are using the v1 or v2 security models the security name at the edit snmp v3 vacm security to group hierarchy level must match the security name at the edit snmp v3 snmp community community index hierarchy level e Configuring SNMPv3 Traps on a Device Running Junos OS on page 158 e Configuring the SNMPv3 Trap Notification on page 159 Configuring the Trap Notification Filter on page 135 e Configuring the Trap Target Address on page 161 e Configuring SNMP Informs on page 157 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Adding a Group of Clients to an SNMP Community Supported Platforms 166 ACX Series M Series MX Series PTX Series OFX Series SRX Series T Series Junos OS enables you to add one or more groups of clients to an SNMP community You can include the client list name name statement at the edit snmp community community name hierarchy level to add all the members of the client list or prefix list to an SNMP community To define a list of clients include the client list statement followed by the I
141. NMP management application and the parameters to be used in sending notifications target address name String that identifies the target address The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Trap Target Address on page 161 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements target parameters Supported Platforms EX Series LN Series M Series MX Series PTX Series OFX Series T Series Syntax At the edit snmp v3 hierarchy level target parameters target parameters name profile name parameters message processing model v1 v2c V3 security level authentication none privacy security model usm v1 v2c security name security name At the edit snmp v3 target address target address name hierarchy level target parameters target parameters name Hierarchy Level edit snmp v3 edit snmp v3 target address target address name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Description Configure the message processing and security parameters for sending notifications to a particular management target The target parameters are configured at the edit snmp v3 hierarchy level The rem
142. NfGNMS s ac cess cee cas ce dacad OSSSE DSRS e BEERRARE OS 157 Configuring SNMPv3 Traps on a Device Running Junos OS 158 Configuring the SNMPv3 Trap Notification 2 0 0 0 aueue 159 Example Configuring SNMPv3 Trap Notification 2000 eee 160 Configuring the Trap Target Address 0 eee 161 Configuring the Address 0 ccc eee eens 161 Configuring the Address Mask 0 0 0 eee eee ee 162 COMPUTA S the POF se sicscicaeecia oe aang od a denied aiea i aot a er wad 162 Configuring the Routing Instance 0 0 ee 162 Configuring the Trap Target Address 0 eee 162 Applying Target Parameters 0 0 0 ccc eee ee 163 Defining and Configuring the Trap Target Parameters 00000ee 163 Applying the Trap Notification Filter 0 0 eee 164 Configuring the Target Parameters 0 eee eee 164 Configuring the Message Processing Model 0000 00 164 Configuring the Security Model 0 000000 ee ee 165 Configuring the Security Level 2 eee 165 Configuring the Security NAMe 1 eee 165 Adding a Group of Clients to an SNMP Community 0000 000s 166 Configuring the SNMPv3 Community 000 cee eee eee 167 Configuring the Community Name 0 0 00 eee eee 168 Configuring the Context 0 2 0 cece eee 168 Configuring the Security NaMe S 1 ene 169 Configuring the Tag ee eee eee eens 169 Example SNMPv3 Community Configu
143. O 1 1 1 1 1 http Awwwjunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx syslog txt Traceroute MIB 0 i 1 1 1 http Awwwijunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx traceroute txt Utility MIB O 1 1 1 1 1 1 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx util txt Virtual Chassis MIB 0 0 0 1 0 0 o 0 http Avwwijuniper net techpubs en US junos121 topics reference mibs mib jnx virtualchassis txt VLAN MIB O 0 O 1 O O o O O http Avwwwijunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx vlan txt 62 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 5 Enterprise Specific MIBs and Supported Devices continued Platforms Low Mid High Enterprise Specific MIB M T J MX EX PTX End Range End 1 1 1 1 0 0 0 6 0 VPLS MIBs htto wwiunipanet techoubs n USAn opic reference mibs mib jnx vpls generic txt e htto Awwwunipanet techpubs en US junosi2Vinpics reference mibs mib jnx vpls ldp txt e htto wwiunipanet techoubs n US unosIZopics reference mibs mib jnx vpls bgp txt VPN Certificate Objects MIB 0 0 0 0 1 0 1 1 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx js cert txt VPN MIB 1 1 1 6 1 O O O O http Avwwiunipernet techpubs en_US junos 2 1 topics referen
144. OS Release 11 1 for the QFX Series Statement introduced in Junos OS Release 14 1X53 D20 for the OCX Series Specify the notify filter to be used by a specific set of target parameters profile name Name of the notify filter to apply to notifications snmp To view this statement in the configuration snmp control To add this statement to the configuration e Applying the Trap Notification Filter on page 164 notify filter Configuring the Profile Name Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series PTX Series OFX Series SRX Series T Series notify filter profile name oid oid include exclude edit snmp v3 Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Statement introduced in Junos OS Release 14 1X53 D20 for the OCX Series Specify a group of MIB objects for which you define access The notify filter limits the type of traps or informs sent to the network management system profile name Name assigned to the notify filter The remaining statement is explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Trap Notification Filter on
145. OS System Log Messages Reference For more information about configuring system logging see the Junos OS System Basics Configuration Guide Table 14 Standard Supported SNMP Version 1 Traps System Generic Specific Logging Trap Trap Severity Definedin Trap Name Enterprise ID Number Number Level Syslog Tag Supported On Startup Notifications RFC 1215 authenticationFailure 1 3 6 1 4 1 2636 4 0 Notice SNMPD_TRAP_ All devices running Conventions GEN_FAILURE Junos OS for Defining Traps fi i coldStart 1 3 6 1 4 1 2636 0 o Critical SNMPD_TRAP_ All devices running Use wit COLD_START Junos OS the SNMP warmStart 1 3 6 1 4 1 2636 1 ie Error SNMPD_TRAP_ All devices running WARM_START Junos OS Link Notifications 96 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 14 Standard Supported SNMP Version 1 Traps continued Definedin Trap Name Enterprise ID Generic Trap Number System Logging Severity Level Syslog Tag Supported On RFC 1215 linkDown 1 3 6 1 4 1 2636 2 Warning SNMP_TRAP_ All devices running Conventions LINK_DOWN Junos OS for Defining o n linkUp 1 3 6 1 4 1 2636 3 Info SNMP_TRAP_ All devices running LINK_UP J the SNMP U unos OS Remote Operations Notifications omnia RFC 2925 pingProbeFailed 1 3 6 1 2 1 80 0 6 Info SNMP_TRAP_PING__ All devices running Definitions PROBE_ FAILED Junos OS
146. P addresses of the clients at the edit snmp hierarchy level edit snmp client list client list name ip addresses You can configure a prefix list at the edit policy options hierarchy level Support for prefix lists in the SNMP community configuration enables you to use a single list to configure the SNMP and routing policies For more information about the prefix list statement see the Routing Policy Configuration Guide To add a client list or prefix list to an SNMP community include the client list name statement at the edit snmp community community name hierarchy level edit snmp community community name client list name client list name CD NOTE The client list and prefix list must not have the same name Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 The following example shows how to define a client list edit snmp client list clentlist 10 1 1 1 32 10 2 2 2 32 The following example shows how to add a client list to an SNMP community edit snmp community community authorization read only client list name clientlist The following example shows how to add a prefix list to an SNMP community edit policy options prefix list prefixlist 10 3 3 3 32 10 5 5 5 32 snmp community community2 client list name prefixlist Related client list Documentation client list name Configuring the SNMPv3 Community
147. Pv3 Traps on a Device Running Junos OS on page 158 Configuring the Trap Notification Filter on page 135 e Configuring the Trap Target Address on page 161 Defining and Configuring the Trap Target Parameters on page 163 e Configuring SNMP Informs on page 157 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Example Configuring SNMPv3 Trap Notification Supported Platforms 160 Related Documentation LN Series M Series MX Series PTX Series T Series Specify three sets of destinations to send traps edit snmp v3 notify nl tag router type trap notify n2 tag router2 type trap notify n3 tag router3 type trap e Configuring SNMPv3 Traps on a Device Running Junos OS on page 158 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 Configuring the Trap Target Address Supported Platforms ACX Series LN Series M Series MX Series PTX Series SRX Series T Series The target address defines a management application s address and parameters that are used in sending notifications It can also identify management stations that are allowed to use specific community strings When you receive a packet with a recognized community string and a tag is associated w
148. Rising 1d 02 25 Monitor RE Temperature Moderate Rising 1d 02 24 Monitor Copyright 2015 Juniper Networks Inc 355 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices show snmp health monitor routing engine status Supported Platforms Syntax Release Information Description Required Privilege Level Related Documentation List of Sample Output Output Fields SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 vSRX show snmp health monitor routing engine status Statement introduced in Junos OS Release 12 1X45 D10 for branch SRX Series devices Display the SNMP health monitoring information for a Routing Engine view show snmp health monitor routing engine history on page 352 show snmp health monitor routing engine status on page 356 Table 28 on page 356 describes the output fields for the show snmp health monitor routing engine status Command Output fields are listed in the approximate order in which they appear Table 28 show snmp health monitor routing engine status Output Fields Field Name Field Description Alarm Index Alarm identifier Resource name Name of the resource Current State Current state of the monitored variable Config Action Displays the configured action Threshold Displays the threshold value for medium high and critical as a percentage Interval Displays the time taken in seconds Sample Output show snmp health monitor routin
149. SNMP managers when significant events occur ona network device most often errors or failures SNMP notifications can be sent as traps or inform requests SNMP traps are unconfirmed notifications SNMP informs are confirmed notifications SNMP traps are defined in either standard or enterprise specific MIBs Standard traps are created by the IETF and documented in various RFCs The standard traps are compiled into the network management software You can also download the standard traps from the IETF website www ietf org For more information about standard traps supported by the Junos OS see Standard SNMP Traps Supported on Devices Running Junos OS on page 95 Enterprise specific traps are developed and supported by a specific equipment manufacturer If your network contains devices that have enterprise specific traps you must obtain them from the manufacturer and compile them into your network management software For more information about enterprise specific traps supported by the Junos OS see Juniper Networks Enterprise Specific SNMP Traps on page 80 For information about Copyright 2015 Juniper Networks Inc Chapter 2 SNMP MIBs Overview system logging severity levels for SNMP traps see System Logging Severity Levels for SNMP Traps on page 11 With traps the receiver does not send any acknowledgment when it receives a trap and the sender cannot determine if the trap was received To increase reliability
150. SYSLOCAatION object MIB Il wccsecsessscssssesessssesseeseseseseeees 118 syslog subtag statemMent e sesressererrresrresrrrerrresrrrerrrn 324 usage guidelineS sessssrssrresrriesrieerrresrrrerrrsrresrrrennres 227 sysName object MIB ll system contact SNMP ccsesesesesessesesssessscesseeseeessaseeseees system description SNMP cscs 119 system location SNMP cesses 118 283 System LOG MIB eccscsesesesssessesesssessscsescseecesesseesracatees 4l 47 53 system logging severity levels SNMP trap T system name SNMP wiisssaisieiiiaissiinaaceacenananiiven 119 T tag statement snicssescisinapune athan 324 SNMPv3 sage SUICGELINGS cceccccescssescseesesessesssceseseseeseees 169 usage SUIDSIINES 2ecichasieceeiciectersseastuewditeldasdecaties 159 372 tag liSt StatemMenbicssiscccaidiicaidaincesiieeteie anes 325 usage SUIGELINGS cece csteesteseseesestseeseseseesesenes 162 target address StateEMeNt u cecsesessese ees 326 usage SUICELINGS cccecescesesessssescssescsteseseeseseesestseesesees 161 target parameters StateEMent ccccccesceseessssecseseeees 327 usage guidelineS s esisserisesirsrrrssrrrsrrssrresrresrrresrresrn 163 targets STATEMENL cc cccccescseesssseesesssesssetsesesssessteeeeees 328 usage BUICELINGS ceeececssesessesssssseseeseseseessecssestseeseseneeaes 132 technical support CONTACTING STAC eccscscsssssssssscsesesesesessessscsescseseseeeeeeees xix timeout STATEMENT ccsc
151. Security Devices 112 6 Load the standard MIB files from the StandardMibs folder in the following order NOTE Some of the MIB compilers that are commonly used have the h standard MIBs preloaded on them If the standard MIBs are already loaded on the MIB compiler that you are using skip this step and proceed to Step 7 mib SNMPv2 SMI txt mib SNMPv2 TC txt mib IANAifType MIB txt mib IANA RTPROTO MIB txt mib rfc1907 txt mib rfc2O1la txt mib rfc2012a txt mib rfc2013a txt mib rfc2863a txt 7 Load the remaining standard MIB files NOTE You must follow the order specified in this procedure and ensure that all standard MIBs are loaded before you load the enterprise specific MIBs There might be dependencies that require a particular MIB to be present on the compiler before loading some other MIB You can find such dependencies listed in the IMPORT section of the MIB file 8 Load the Juniper Networks enterprise specific SMI MIB mib jnx smi txt and the following optional SMI MIBs based on your requirements e mib jnx js smi txt Optional For Juniper Security MIB tree objects mib jnx ex smi txt Optional For EX Series Ethernet Switches mib jnx exp txt Recommended For Juniper Networks experimental MIB objects 9 Load the remaining enterprise specific MIBs from the JuniperMibs folder TIP While loading a MIB file if the compiler returns an error message saying that any of the objects is
152. Series Configure that no encryption be used for the SNMPv3 user snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Encryption Type on page 146 Copyright 2015 Juniper Networks Inc 299 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices privacy password Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 300 LN Series M Series MX Series PTX Series OFX Series T Series privacy password privacy password edit snmp v3 usm local engine user username privacy 3des edit snmp v3 usm local engine user username privacy aes128 edit snmp v3 usm local engine user username privacy des edit snmp v3 usm remote engine engine id user username privacy 3des edit snmp v3 usm remote engine engine id user username privacy aes128 edit snmp v3 usm remote engine engine id user username privacy des Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure a privacy password for the SNMPv3 user privacy password Password that a user enters The password is then converted into a key that is used for encryption SNMPv3 has special requirements when you create plain text passwords on a
153. StatsTable dot3adAggPortDebugTable rfc2863a mib ifTable ifXTable ifStackTable rfc201la mib ipAddrTable ipNetToMediaTable rtmib mib ipForward ipCidrRouteTable rfc2665a mib dot3StatsTable dot3ControlTable dot3PauseTable rfc2495a mib dsxlConfigTable dsxlCurrentTable dsxlIntervalTable dsxlTotalTable dsxlFarEndCurrentTable dsxlFarEndintervalTable dsxlFarEndTotalTable dsxlFracTable rfc2496a mib dsx3 dsx3ConfigTable rfc2115a mib frDlcmiTable and related MIB objects rfc3592 mib sonetMediumTable and related MIB objects Copyright 2015 Juniper Networks Inc 67 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 7 Class 1 MIB Objects Standard and Juniper MIBs continued Class MIB Objects rfc3020 mib mfrMIB mfrBundleTable mfrMibBundleLinkObjects mfrBundlelfIndexMappingTable and related MIB objects ospf2mib mib All objects ospf2trap mib All objects bgpmib mib All objects rfc2819a mib Example etherStatsTable 68 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 7 Class 1 MIB Objects Standard and Juniper MIBs continued Class Class 1 Copyright 2015 Juniper Networks Inc MIB Objects rfc2863a mib Examples ifXtable ifStackTable rfc2665a mib etherMIB rfc2515a mib atmMIB objects Examples atmint
154. To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Remote Engine and Remote User on page 172 Copyright 2015 Juniper Networks Inc request type Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series request type get next request get request walk request edit snmp rmon alarm index Statement introduced in Junos OS Release 8 3 Statement introduced in Junos OS Release 9 0 for EX Series switches Extend monitoring to a specific SNMP object instance get request or extend monitoring to all object instances belonging to a MIB branch walk request or extend monitoring to the next object instance after the instance specified in the configuration get next request get next request Performs an SNMP get next request get request Performs an SNMP get request walk request Performs an SNMP walk request Default walk request snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Request Type on page 226 variable on page 341 Copyright 2015 Juniper Networks Inc 303 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices retry count Sup
155. Traps Monitoring and Troubleshooting Guide for Security Devices SNMPv3 authentication CONFISUFING sees 145 informs CONTISULING views aienidenicsennns 157 local engine ID CONFISULING eects 156 minimum configuration SNMPv3 context usage SUICELINGS ce ceeesesessesesseesesseseseessseeseeeseeseseeseees 168 SONET APS MIB ucesccsessessessssscsessesssssssesssssssssesecssstsseeseeseesess 36 SONET Automatic Protection Switching MIB 36 SONET SDH Interface Management MIB 37 Source Class Usage MIB cscs 37 47 53 source address StAteEMeANt cccccsecsessssesssssesssseseereeneseees 321 usage SUICELINGS eeccescesesescesescssesssteseseeeseeeeseeeeseees 129 SPU Monitoring MIB scescesccsessessestesessessestestesesseesesees 37 47 SPU monitoring MIB cescsssesessssssesessssssscssseseesessecesseseeeees 53 standard traps SNMP VETSIOM ee version 2 standards documents SNMP and M BS n 14 StartUP alarmM StateEMeNnt cccccccssces esses 323 USAGE SUICGELINGS ceccsesessessssesssessesesessessstessseeeseseees 227 Structure of Management Information TOG setereccctee Atteas eh oes see ae ett csc 38 42 48 SUbasent SNM Pies sicsseennsicinacinaiatanacmin 12 support technical See technical support SYNTAX CONVENTIONS cccccscscsesescsssesecsesssesesesseseaeseseseeseseasens xvii sysContact object MIB Iu ccssssssscssssesesssssseeseeseseseeees 118 sysDescription Object MIB Il 119
156. X Series PTX Series T Series falling threshold interval seconds edit snmp rmon alarm index Statement introduced in Junos OS Release 8 3 Statement introduced in Junos OS Release 9 0 for EX Series switches Interval between samples when the rising threshold is crossed Once the alarm crosses the falling threshold the regular sampling interval is used seconds Time between samples in seconds Range 1 through 2 147 483 647 seconds Default 60 seconds snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Falling Threshold Interval on page 226 e interval on page 280 EX Series LN Series M Series MX Series PTX Series SRX Series T Series filter duplicates edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Filter duplicate Get GetNext or GetBulk SNMP requests snmp To view this statement in the configuration snmp control To add this statement to the configuration e Filtering Duplicate SNMP Requests on page 123 Copyright 2015 Juniper Networks Inc filter interfaces Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series SRX Series T Series filter inter
157. Ygik PTz7 ikmfn6vW8XVw privacy des privacy key 9 gyNCulKvWdwYMWw2gJHkRhcrWx SECRET DATA privacy des privacy key 9 MZZXxdwYgJUjlIKJGIHST69AU0IrlIM7NbeK24 aJDjOINRylIM8Xbwg1R24aJDjHqm5n ApOORhMn6evLXbwmf5T CRhASyKM5QEcleW87 Vbs4JGD mT VwgaZkaqfTznAphSriM8yr Wx7dsY TzF36AtuOIEcpuNdwYoa69CuRhcyleM8rlaZGjqg OllEhr Copyright 2015 Juniper Networks Inc 175 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Verification Purpose Action Meaning Related Documentation 176 After you have confirmed that the configuration is correct enter commit from configuration mode Verifying the Configuration of the Remote Engine ID and Username Verify the status of the engine ID and user information Display information about the SNMPv3 engine ID and user user host gt show snmp v3 Local engine ID 80 00 Oa 4c 01 Oa ff 03 e3 Engine boots 3 Engine time 769187 seconds Max msg size 65507 bytes Engine ID 80 00 07 e5 80 40 89 07 1b c6 d1 Oa 41 User Auth Priv Storage u10 md5 des nonvolatile The output displays the following information Local engine ID and detail about the engine Remote engine ID labeled Engine ID Username Status active Authentication type and encryption privacy type that is configured for the user Type of storage for the username either nonvolatile configuration saved or volatile not saved Status of the n
158. a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx license txt For more information see License MIB Logical Systems MIB Provides support for logical systems security profile For a downloadable version of this MIB see http Awwwijunipernet techpubs en_US junos15 1x49 topics reference mibs mib jnx lsys securityprofile bxt Copyright 2015 Juniper Networks Inc 45 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 46 For more information see Logical Systems MIB NAT Objects MIB Provides support for monitoring network address translation NAT This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js nat txt For more information see NAT Objects MIB Packet Forwarding Engine MIB Provides notification statistics for Packet Forwarding Engines For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx pfe txt For more information see Packet Forwarding Engine MIB Ping MIB Extends the standard Ping MIB control table RFC 2925 Items in this MIB are created when entries are created in pingCtlTable of the Ping MIB Each item is indexed exactly as it is in the Ping MIB For a downloadable version of this MIB
159. able 13 Juniper Networks Enterprise Specific Supported SNMP Version 2 Traps continued System Logging Severity Source MIB Trap Name snmpTrapOID Level System Log Tag Supported On MPLS MIB mplsLspUp Deprecated 1 3 6 1 4 1 2636 3 2 41 jnx mpls mib mplsLsplnfoUp 1 3 6 1 4 1 2636 3 2 0 1 M T and MX Series routers mplsLspDown Deprecated 1 3 6 1 4 1 2636 3 2 4 2 mplsLspInfoDown 1 3 6 1 4 1 2636 3 2 0 2 M T and MX Series routers mplsLspChange Deprecated 1 3 6 1 4 1 2636 3 2 4 3 mplsLspInfoChange 1 3 6 1 4 1 2636 3 2 0 3 M T and MX Series routers mplsLspPathDown 1 3 6 1 4 1 2636 3 244 Deprecated mplsLspInfoPathDown 1 3 6 1 4 1 2636 3 2 004 M T and MX Series routers mopLspinfoPathUp 1 3 6 1 4 1 2636 3 2 0 5 M T and MX Series routers VPN MIB jnxVpnlifUp 1 3 6 1 4 1 2636 3 M T and MX Series jnx vpn mib 26 0 1 routers jnxVpnifDown 1 3 6 1 4 1 2636 3 M T and MX Series 26 0 2 routers jnxVpnPwUp 1 3 6 1 4 1 2636 3 M T and MX Series 26 0 3 routers jnxVpnPwDown 1 3 61 4 1 2636 3 2604 M T and MX Series routers Copyright 2015 Juniper Networks Inc 93 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 13 Juniper Networks Enterprise Specific Supported SNMP Version 2 Traps continued System Logging Severity Source MIB snmpTrapOID Level
160. ack related monitoring and trap support for SRX100 SRX210 SRX220 SRX240 SRX550 and SRX650 Services Gateways This MIB models IDP attributes specific to the appropriate Juniper Networks implementation For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js idp txt For more information see SNMP IDP MIB System Log MIB Enables notification of an SNMP trap based application when an important system log message occurs For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx syslog txt For more information see System Log MIB Copyright 2015 Juniper Networks Inc 4 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation Traceroute MIB Supports the Junos extensions of traceroute and remote operations Items in this MIB are created when entries are created in the traceRouteCtlTable of the Traceroute MIB Each item is indexed exactly the same way as it is in the Traceroute MIB For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx traceroute txt For more information see Traceroute MIB Utility MIB Provides SNMP support for exposing Junos data and has tables that contain information on each type of data such as integer and string For a downloadable vers
161. address address Copyright 2015 Juniper Networks Inc 161 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices address is the SNMP target address Configuring the Address Mask Configuring the Port The address mask specifies a set of addresses that are allowed to Use a community string and verifies the source addresses for a group of target addresses To configure the address mask include the address mask statement at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name address mask address mask address mask combined with the address defines a range of addresses For information about how to configure the community string see Configuring the SNMPv3 Community on page 167 By default the UDP port is set to 162 To configure a different port number include the port statement at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name port port number port number is the SNMP target port number Configuring the Routing Instance Traps are sent over the default routing instance To configure the routing instance for sending traps include the routing instance statement at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name routing instance instance instance is the name of the routing ins
162. agePercentUsed 16 1 3 6 1 4 1 2636 3 31 1 1 1 1 16 absolute value rising alarm Health Monitor md3 jail mfs utilization Health Monitor active seconds jnxHrStoragePercentUsed 15 1 3 6 1 4 1 2636 3 31 1 1 1 1 15 absolute value rising alarm Health Monitor md2 mfs var run utm utilization Health Monitor active seconds sysApp1EImtRunMemory 5 1 3 6 1 2 1 54 1 2 3 1 10 5 absolute value rising alarm Health Monitor usage Health Monitor active seconds jroute daemon memory Instance Name sysApplEImtRunMemory 5 5 1258 Instance Description Routing protocols process Copyright 2015 Juniper Networks Inc 349 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Instance Value 51452 Instance State active Instance Name sysApplElmtRunMemory 5 6 1255 Instance Description Management process Instance Value 38284 Instance State active Instance Name sysApplElmtRunMemory 5 6 3816 Instance Description Management process Instance Value 38352 Instance State active Instance Name sysApplEImtRunMemory 5 8 3815 Instance Description Command line interface Instance Value 49108 Instance State active show snmp health monitor alarms brief user host gt show snmp health monitor alarms brief 32791 Health Monitor RE O memory utilization jnxOperatingBuffer 9 1 0 0 52 active 32792 Health Monitor Max Kernel Memory Used jnxBoxKerne1lMemoryUsedPercent 0 3 active 32793 Healt
163. aining statements at this level are explained separately Then apply the target parameters configured at the edit snmp v3 target parameters target parameters name hierarchy level to the target address configuration at the edit snmp v3 hierarchy level Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Defining and Configuring the Trap Target Parameters on page 163 D tati oan Applying Target Parameters on page 163 Copyright 2015 Juniper Networks Inc 327 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices targets Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation timeout Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 328 EX Series LN Series M Series MX Series PTX Series SRX Series T Series targets address edit snmp trap group group name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure one or more systems to receive SNMP traps address Pv4 or IPv6 address of the system to receive traps You must specify an address not a hostname snmp To view this statement in the configuration snmp c
164. al command Output fields are listed in the approximate order in which they appear Table 30 show system log vital Output fields Field Name Field Description Node Identification number of the node It can be O or 1 SPU Identification of Services Processing Unit CPU CPU usage of SPU in percentage Mem Memory usage of SPU in percentage Flow Sess Number of flow sessions CP SESS Number of central point sessions IPv4 Sess Number of IPv4 sessions IPv6 Sess Number of IPv6 sessions CP IPv4 Number of central point IPv4 sessions Copyright 2015 Juniper Networks Inc 361 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 30 show system log vital Output fields continued Field Name Field Description CP IPv6 Number of central point IPv6 sessions OID list OIDs that are being monitored OID number Number of OIDs that are being monitored Group SPU list SPUs that are being monitored Group SPU number Number of SPUs that are being monitored Group screen list Security zones whose screen stats are being monitored Group screen number Number of security zones whose screen stats are being monitored Group A set of OIDs Once a group is enabled all OIDs in the group are monitored interval Number of minutes used for the data collection interval file days Number of days for the dump file to be stored storage lim
165. an SNMP server system and the client systems This string acts like a password to control the clients access to the server To configure a community string in a Junos OS configuration include the community statement at the edit snmp hierarchy level edit snmp community name authorization authorization clients default restrict address restrict view view name If the community name contains spaces enclose it in quotation marks Community names must be unique NOTE You cannot configure the same community name at the edit snmp community and edit snmp v3 snmp community community index hierarchy levels edit groups global user host set snmp community name This example uses the standard name public to create a community that gives limited read only access edit groups global user host set snmp community public 1 Define the authorization level for the community The default authorization level for a community is read only To allow Set requests within a community you need to define that community as authorization read write For Set requests you also need to include the specific MIB objects that are accessible with read write privileges using the view statement The default view includes all supported MIB objects that are accessible with read only privileges no MIB objects are accessible with read write privileges For more information about the view statement see Configuring MIB Views
166. ance Indicators on page 236 e Setting Baselines on page 236 Defining the measurement points where metrics are measured is equally as important as defining the metrics themselves This section describes measurement points within the context of this chapter and helps identify where measurements can be taken from a service provider network It is important to understand exactly where a measurement point is Measurement points are vital to understanding the implication of what the actual measurement means An IP network consists of a collection of routers connected by physical links that are all running the Internet Protocol You can view the network as a collection of routers with an ingress entry point and an egress exit point See Figure 4 on page 235 Network centric measurements are taken at measurement points that most closely map to the ingress and egress points for the network itself For example to measure delay across the provider network from Site A to Site B the measurement points should be the ingress point to the provider network at Site A and the egress point at Site B Router centric measurements are taken directly from the routers themselves but be careful to ensure that the correct router subcomponents have been identified in advance Figure 4 Network Entry Points Internal interface A Internal interface B Egress point Ingress point gt IP network External interface A External interface B 017042
167. andard MIBs Supported on Devices Running Junos OS continued MIB RFC RFC 3416 Version 2 of the Protocol Operations for the Simple Network Management Protocol SNMP NOTE RFC 3416 replaces RFC 1905 which was supported in earlier versions of Junos OS Platforms 1 i 1 1 1 1 0 0 1 RFC 3477 Transport Mappings for the Simple Network Management Protocol SNMP 1 1 1 1 1 1 1 0 1 RFC 3418 Management Information Base MIB for the Simple Network Management Protocol SNMP NOTE RFC 3418 replaces RFC 1907 which was supported in earlier versions of Junos OS 1 1 1 1 1 1 0 0 1 RFC 3498 Definitions of Managed Objects for Synchronous Optical Network SONET Linear Automatic Protection Switching APS Architectures implemented under the Juniper Networks enterprise branch jnxExperiment RFC 3584 Coexistence between Version 1 Version 2 and Version 3 of the Internet standard Network Management Framework RFC 3591 Managed Objects for the Optical Interface Type optIfOTMnTable except optIfOTMnOpticalReach optlfOTMniInterfaceType and optifOTMnOrder optlfOChConfigTable except optlfOChDirectionality and optlfOChCurrentStatus optlfOTUkConfigTable except optlfOTUkTraceldentifierAccepted optlfOTUkTIMDetMode optilfOTUkTIMActEnabled optlfOTUkTraceldentifierTransmitted optIfOTUkDEGThr optIfOTUkDEGM optifOTUkSinkAdaptActive and optlfOTUkSourceAdaptActive and optlfODUkConfigTable exce
168. aps See SNMP traps standards documents SUD ASNT Seradas nonis iE system CONTACT eecccssssseesescsessessessesesesssesessesesessseseeees SYSTEM CESCIPTION Lu eecscssesesessescesesesessseseseseeseeeees SYSTEM LOCATION ceeeceseesecsseeseeeseeseseseeeseeeeseeeeees system NaM E x sescesssexsetesederetncsscceserssenante E tracing OPELAtiONS cccceccsssssssscsssesssssetecssseseseeeeees trap 1 0 0 eee trap notification for remote operations 186 tap OptONS ssie reer rrercreret ter En 128 V EWS S TtiING 0 ecccesssssscscsesssssesscsssesssesetecesseseseseeees 186 SNMP inform notifications EXAMPLE CONFIBUATION c cece essesesseseseeseseeeeees 173 SNMP iNfOrMS c ccssessessessssssssssessssesseesessssecsessesssseeseeseeseseseess 157 SNMP StAtOMEN ccccscsssssssesesessssssesesesesesssssesceseseseeeeeaces 320 usage guidelines SNMPV1 and SNMPV2 cesessessesestesessessesteseeseenes 15 SNMPV3 cesssssssssecsessesessecsessessssessessssnssscsesseesesssseeseess 251 SNMP treo issecetsadavecervsistavestiverccssatavalidt E iiS 10 enterprise specific Verom eia a E 81 EED E A E E E 88 source address CONFISUrAtTION cece 129 standard VERSION lasinn annaa ee VEFSION Zei aiie a R iina system logging severity levels WMSUPPOME snn aN snmp community StAtEMENt cesses SNMPv2 MPLS tra psina niana 104 Passive Monitoring Traps MIB ccccseeeeeeeees 132 371 SNMP MIBs and
169. arameters name timeout seconds target parameters target parameters name notify filter profile name parameters message processing model v1 v2c V3 security level authentication none privacy security model usm v1 v2c security name security name usm local engine user username authentication md5 authentication password authentication password authentication sha authentication password authentication password authentication none privacy aes128 privacy password privacy password privacy des privacy password privacy password privacy des privacy password privacy password 338 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements privacy none remote engine engine id user username authentication md5 authentication password authentication password authentication sha authentication password authentication password authentication none privacy aes128 privacy password privacy password privacy des privacy password privacy password privacy 3des privacy password privacy password privacy none privacy password privacy password vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy notify view view name read view view name write view view name s
170. ase 8 4 and later this trap is generated only when the path is reoptimized and not when the optimization timer expires 104 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS SNMP Version 2 L3VPN Traps The Junos OS also supports the following L3VPN SNMP version 2 traps defined in RFC 4382 MPLS BGP Layer 3 Virtual Private Network VPN mplsL3VpnVrfUp Generated when e No interface is associated with this VRF and the first and only first interface associated with it has its ifOperStatuschange to up Only one interface is associated with this VRF and the ifOperStatus of this interface changes to up e Multiple interfaces are associated with this VRF and the ifOperStatus of all interfaces is down and the first of those interfaces has its ifOperStatus change to up mplsL3VpnVrfDown Generated when e One interface is associated with this VRF and the ifOperStatus of this interface changes from up to down e Multiple interfaces are associated with this VRF and the ifOperStatus of all except one of these interfaces is equal to up and the ifOperStatus of that interface changes from up to down The last interface with ifOperStatus equal to up is disassociated from a VRF mplsL3VpnVrfRouteMidThreshExceeded Generated when the number of routes contained by the specified VRF exceeds the value indicated by mplsL3VpnVrfMidRouteThreshold You can configure the mplsL3V
171. ass 3 Objects are exposed only for the default logical system Copyright 2015 Juniper Networks Inc 65 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 6 MIB Support for Routing Instances Juniper Networks MIBs continued 0 ou Support Class Description Notes jnxVpnMIB 26 Class 2 All instances within a logical system are exposed Data will not be segregated down to the routing instance level jnxSericesInfoMib 27 Class 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxCollectorMIB 28 Class 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxHistory 29 jnxSpMIB 32 Class 3 Objects are exposed only for the default logical system Table 7 on page 67 shows Class 1 MIB objects standard and enterprise specific MIBs supported by Junos OS With Class 1 objects only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 7 Class 1 MIB Objects Standard and Juniper MIBs Class MIB Class 1 802 3ad mib Objects dot3adAgg MIB objects dot3adAggTable dot3adAggPortListTable dot3adAggPort dot3adAggPortTable dot3adAggPort
172. assword privacy none privacy password privacy password Hierarchy Level edit snmp v3 336 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Description Configure user based security model USM information The remaining statements are explained separately Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Creating SNMPv3 Users on page 138 D tati ocumentaton e Configuring the Remote Engine and Remote User on page 172 Copyright 2015 Juniper Networks Inc 337 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices v3 Supported Platforms EX Series LN Series M Series MX Series PTX Series T Series Syntax v3 notify name tag tag name type trap notify filter profile name oid object identifier include exclude snmp community community index community name community name security name security name tag tag name target address target address name address address address mask address mask logical system logical system port port number retry count number routing instance instance tag list tag list target parameters target p
173. assword authentication password privacy des 142 Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 privacy password password user user2 authentication sha authentication password authentication password privacy none user user3 authentication none privacy none user user4 authentication md5 authentication password authentication password privacy des privacy password authentication password user user5 authentication sha authentication password authentication password privacy aes128 privacy password authentication password Related Complete SNMPv3 Configuration Statements on page 251 D tati ocumentaton e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Minimum SNMPv3 Configuration on a Device Running Junos OS Supported Platforms M Series MX Series PTX Series QFX Series SRX Series T Series To configure the minimum requirements for SNMPv3 include the following statements at the edit snmp v3 and edit snmp hierarchy levels D NOTE You must configure at least one view notify read or write at the edit snmp view name hierarchy level edit snmp view view name oid object identifier include exclude edit snmp v3 Copyright 2015 Juniper Networks Inc 143 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices notify name tag tag name notify filter profile name
174. atement in the configuration snmp control To add this statement to the configuration e Configuring the System Name on page 119 Copyright 2015 Juniper Networks Inc nonvolatile Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series SRX Series T Series nonvolatile commit delay seconds edit snmp Statement introduced before Junos OS Release 7 4 The commit delay statement introduced in Junos OS Release 9 0 for EX Series switches Configure options for SNMP Set requests The statement is explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Commit Delay Timer on page 120 commit delay on page 265 Copyright 2015 Juniper Networks Inc 289 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices notify Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 290 ACX Series EX Series LN Series M Series MX Series PTX Series QFX Series SRX Series T Series notify name tag tag name type trap inform edit snmp v3 Statement introduced before Junos OS Release 7 4 type inform option ad
175. atements at the edit snmp Hierarchy Level on page 248 Examples Configuring the SNMP Community String on page 122 Examples Configuring the SNMP Community String Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Grant read only access to all clients With the following configuration the system responds to SNMP Get GetNext and GetBulk requests that contain the community string public edit snmp community public authorization read only Grant all clients read write access to the ping MIB and jnxPingMIB With the following configuration the system responds to SNMP Get GetNext GetBulk and Set requests that contain the community string private and specify an OID contained in the ping MIB or jnxPingMIB hierarchy edit snmp view ping mib view 122 Copyright 2015 Juniper Networks Inc Chapter 5 Configuring SNMP oid pingMIB include oid jnxPingMIB include community private authorization read write view ping mib view The following configuration allows read only access to clients with IP addresses in the range 1 2 3 4 24 and denies access to systems in the range fe80 1 2 3 4 64 edit snmp community field service authorization read only clients default restrict Restrict access to all SNMP clients not explicitly listed on the following lines 1 2 3 4 24 Allow access by all clients in 1 2 3 4 24 except fe80 1 2 3 4 64 restrict
176. atsTotalAl lowIPv4Bytes 0 94053327 jnxJsPolicySystemStatsTotalAl lowIPv4PacketsRate 0 21 jnxJsPolicySystemStatsTotalAl lowIPv4BytesRate 0O 1012 jnxJsPolicySystemStatsTotalDropIPv4Packets 0 257 jnxJsPolicySystemStatsTotalDropIPv4Bytes 0 40298 jnxJsPolicySystemStatsTotalDropIPv4PacketsRate 0 0 jnxJsPolicySystemStatsTotalDropIPv4BytesRate 0 0 jnxJsPolicySystemStatsTotalAl lowIPv4Flows 0 1 jnxJsPolicySystemStatsTotalAl lowIPv4FlowsRate 0O 0 show snmp mib walk jnxJsPolicySystemStatsTotalAllowIPv4Packets user host gt show snmp mib walk jnxJsPolicySystemStatsTotalAllowlPv4Packets jnxJsPolicySystemStatsTotalAl lowIPv4Packets 0 10347 360 Copyright 2015 Juniper Networks Inc Chapter 17 Operational Commands show system log vital Supported Platforms Syntax Release Information Description Options Required Privilege Level Related Documentation List of Sample Output Output Fields SRX Series show system log vital lt data oid status gt Command introduced in Junos OS Release 12 1X47 D15 Display the vital data of MIB OIDs data Display detailed vital data of the current day oid Display configured OID or group status Display the settings of the vital log view log vital on page 286 show system log vital data on page 362 show system log vital oid on page 363 show system log vital status on page 363 Table 30 on page 361 lists the output fields for the show system log vit
177. behavior is Important activities are logged in files located in the var log directory Each log is named after the SNMP agent that generates it Currently the following log files are created in the var log directory when the traceoptions statement is used chassisd craftd ilmid mib2d rmopd serviced snmpd When a trace file named filename reaches its maximum size it is renamed filename O then filename 1 and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten For more information about how log files are created see the System Log Monitoring and Troubleshooting Guide for Security Devices Log files can be accessed only by the user who configured the tracing operation Copyright 2015 Juniper Networks Inc 197 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices You cannot change the directory var log in which trace files are located However you can customize the other trace file settings by including the following statements at the edit snmp hierarchy level edit snmp traceoptions file lt files number gt lt match regular expression gt lt size size gt lt world readable no world readable gt flag flag memory trace no remote trace no default memory trace These statements are described in the following sections Configuring the Number and Size of SNMP Log Files on page 198 e Configuring Access to the Log
178. ccsesssssssssssssssesssssssescscsesesesessesess 328 usage BUICELINGS ccceccscscssescsesestesscsseseseesescsteseseesene 170 TrACEOPTIONS STATEMEN 1 cceesescsesesetesetsteeseseseteteeeeseees 329 SNMP usage SUICELINGS cccseceseessscsseseseseseseeseseeseseseees 197 Traceroute MIB cccsssssssesesssssssscsssesssssesessesees 42 47 53 195 tracing operations SNIME airnn nE AA 197 trap groups SNMP ccessecesescsesessssssesessssssseseseesessesseseseneees 132 trap notification for SNMP remote operations 186 trap group STATEMEN A cccccessesscsssesssesetsesssessseseseceeseees 331 USAGE SWIDElIMNES nussisaninna nin 132 trap options StAtEMAENt ec cececcssssssscscsesesssesetsesesees 332 usage guidelines MADS aan reer a eerecorrer eer ceereer tee ere reer eer ar eee rol til alte g peeeeereeeeerteerererteteereesrerreeeseeeeteeeseerreseerterereesre t SNMP version 1 traps ENTErPTiISC SPECIFIC eceeseesesseseseeseseeseseeseseseeees 81 standatd csse S 96 SNMP version 2 traps ENTErPLiSC SPECIFIC ee cesessesessesesesseststeeseeeseeees 88 STANCAMC uu eecessessessesecsessestesessessessssessseneessseeseeneeseens 99 WNSUPDOMEO i acc Avia aku nanana naii 106 See also SNMP traps type statement arei aE AR Taai usage guidelines U unsupported standard SNMP trap 106 user statement SINI LnAAS 335 USM STATON MGs ces iesesesccccactvaeedeid secs sxeseiedscisidceseseeecatrnereess 336 UHM B isana in 42 47
179. ce MIB tables can be used to collect vital data ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifinUnknownProtos ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors Generating Raw MIB OID from a Policy on page 205 Generating Readable Raw OID Data Collections on page 204 Generating Vital Data from an IPsec VPN Supported Platforms 208 SRX Series You can monitor the vital data of an IPsec VPN by first obtaining the index of the VPN in the IPsec VPN MIB table For example consider the following below policy based VPN configuration where the name of the policy is test user host gt show configuration security policies from zone untrust to zone trust policy test match source address any destination address any application any then permit tunnel Copyright 2015 Juniper Networks Inc Related Documentation Chapter 10 Configuring Vital MIB Data ipsec vpn ike vpn To monitor the error statistics for the VPN you must first obtain the index of the VPN in the IPsec VPN MIB table You can obtain this value by using the command user host gt show snmp mib walk jnxJslpSecTunPolicyName match test jnxJsIpSecTunPolicyName 1 4 2 2 2 1 2 test In the output 1 4 2 2 2 1 2 is the index of the IPsec SA associated with the policy called test By combining the index with various IPsec VPN MIB tables you can monitor the statistics by using the following c
180. ce mibs mib jnx js screening txt Services PIC MIB 0 0 0 0 0 0 http Awwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx sp txt SNMP IDP MIB O 0 O 0 0 1 1 1 O http Avwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx js idp txt SONET APS MIB O 1 0 O 0 8 O http Awwwjunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx sonetaps txt SONET SDH Interface Management MIB 1 1 il 0 0 0 0 o 0 http Avwwijuniper net techpubs en US junos121 topics reference mibs mib jnx sonet txt Copyright 2015 Juniper Networks Inc 61 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 5 Enterprise Specific MIBs and Supported Devices continued Platforms Enterprise Specific MIB EX PTX End Range End Source Class Usage MIB 1 1 1 0 0 0 0 0 1 http Avwwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx scu txt SPU Monitoring MIB 0 o 0 O o 0 http Avwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx js spu monitoring txt Structure of Management Information MIB 1 1 1 1 0 1 1 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx smi txt Subscriber MIB 1 0 1 0 0 0 0 0 0 http A vwwijuniper net techpubs en US junos121 topics reference mibs mib jnx subscriber txt System Log MIB
181. ce mibs mib jnx vpn txt Related Juniper Networks Enterprise Specific MIBs on page 32 Documentation e Juniper Networks Enterprise Specific SNMP Traps on page 80 Standard SNMP MIBs Supported by Junos OS on page 13 Loading MIB Files to a Network Management System on page 111 MIB Support Details Supported Platforms LN Series M Series MX Series SRX Series T Series Table 6 on page 63 shows enterprise specific MIB objects supported by Junos OS and provides notes detailing how they are handled when a routing instance is specified in an SNMP request An en dash indicates that the item is not applicable Table 6 MIB Support for Routing Instances Juniper Networks MIBs 0 ou Support Class Description Notes jnxProducts 1 Product Object IDs jnxServices 2 Services Copyright 2015 Juniper Networks Inc 63 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 6 MIB Support for Routing Instances Juniper Networks MIBs continued 64 0 ou Support Class Description Notes jnxMibs 3 Class 3 Objects are exposed only for the default logical system jnxBoxAnatomy 1 mpls 2 Class 2 All instances within a logical system are exposed Data will not be segregated down to the routing instance level ifJnx 3 Class 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are
182. consistency in trap traffic especially when a large number of traps are generated because of interface status changes The throttle interval period begins when the first trap arrives at the throttle All traps within the trap threshold are processed and the traps beyond the threshold limit are queued The maximum size of trap queues that is the throttle queue and the destination queue combined is 40 000 traps However on EX Series switches the maximum size of the trap queue is 1000 traps The maximum size of any one queue is 20 000 traps for devices other than EX Series switches On EX Series switches the maximum size of one queue is 500 traps If a trap is sent from a destination queue when the throttle queue has exceeded the maximum size the trap is added back to the top of the destination queue and all subsequent attempts from the destination queue are stopped for a 30 second period after which the destination queue restarts sending the traps NOTE Users cannot configure the Junos OS for trap queuing Users cannot view any information about trap queues except what is available in the syslog System Logging Severity Levels for SNMP Traps For some traps when a trap condition occurs regardless of whether the SNMP agent sends a trap to an NMS the trap is logged if the system logging is configured to log an event with that system logging severity level For more information about system logging severity levels see the System Log Monitor
183. control the flow of traffic from one zone to another This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js policy txt For more information see Policy Objects MIB Reverse Path Forwarding MIB Monitors statistics for traffic that is rejected because of reverse path forwarding RPF processing For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx rpf txt NOTE The enterprise specific RPF MIB is not supported on EX Series Ethernet Switches For more information see Reverse Path Forwarding MIB RMON Events and Alarms MIB Supports the Junos OS extensions to the standard Remote Monitoring RMON Events and Alarms MIB RFC 2819 The extension augments alarmTable with additional information about each alarm Two new traps are also defined to indicate when problems are encountered with an alarm For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx rmon txt For more information see RMON Events and Alarms MIB e Security Interface Extension Objects MIB Provides support for the security management of interfaces This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www
184. ct of this technical documentation consists of or is intended for use with Juniper Networks software Use of such software is subject to the terms and conditions of the End User License Agreement EULA posted at http www juniper net support eula html By downloading installing or using such software you agree to the terms and conditions of that EULA ii Copyright 2015 Juniper Networks Inc Table of Contents Part 1 Chapter 1 Part 2 Chapter 2 Chapter 3 About the Documentations occ i5 0S sawkeate send b 68560 55 E ERN OR RTE RSS XV Documentation and Release NoteS 0 0 00 ccc eee eee XV SUppormed Plavronms jax cts 3 ck cde uae a DEA eae one a eens oe XV Using the Examples in This Manual 0 0 0 0 cece eee XV Mersing a F ll Example sos ove ca vawds cea ca etwassceaaetarbasaeas xvi Merging a SHIDBC c00 cicndecaaca draa tandadeaatwadamnaag d xvi Documentation CONVENTIONS sesssressssrewsre nesin oder ESELS SEEN xvii Documentation Feedback 0 eee eens xix Requesting Technical Support 1 0 ee ee xix Self Help Online Tools and ResourceS 0 eee xix Opening a Case WHhITAG cr ecse recete ds sekunen eceseeuctan as pee XX Overview Introduction to Device Management 0ce cece eee eee eae 3 Understanding Device Management Functions in Junos OS 3 Understanding the Integrated Local Management Interface 5 Network Monitoring Using SNMP SN
185. d for them and the system continues to get their values for every collection In this case the output displayed in the dump file is Related Generating Raw MIB OID from a Policy on page 205 Documentation Generating Raw MIB OID from a Policy Supported Platforms SRX Series You can generate a raw MIB OID from a policy You can also monitor the session number associated with the policy and other policy MIB tables For example consider a policy called test Monitor the session number associated with the policy edit from zone untrust to zone trust policy test match source address any destination address any application any then permit count To monitor a session number associated with a policy 1 Identify the OID of the policy s session number user host gt show snmp mib walk jnxJsPolicyName match test jnxJsPolicyName 7 117 110 116 114 117 115 116 5 116 114 117 115 116 4 116 101 115 116 test In the above output the index of the policy is 7 117110 116 114 117 115 116 5 116 114 117 115 116 4 116 101 115 116 the policy name is test and the MIB table name is jnxJsPolicyName 2 With the index verify that both the from zone and the to zone match the configuration Enter the show snmp mib get command user host gt show snmp mib get jnxJsPolicyFromZone 7 117 110 116 114 117 115 116 5 116 114 117 115 116 4 116 101 115 116 jnxJsPolicyFromZone 7 117 110 116 114 117 115 116 5 116 114 117 115
186. d have PICs that support passive monitoring installed jnxPMonOverloadCleared 1 3 6 1 4 1 2636 4 7 0 2 Devices that run Junos OS and have PICs that support passive monitoring installed SONET APS MIB jnx sonetaps mib apsEventChannelMismatch 1 3 6 1 4 1 2636 3 24 2 Devices that run Junos OS and have SONET PICs installed apsEventPSBF 1 3 6 1 4 1 2636 3 24 2 Devices that run Junos OS and have SONET PICs installed apsEventFEPLF e Remote Operations PING MIB jnx ping mib jnxPingRttThresholdExceeded 1 3 6 1 4 1 2636 3 24 2 1 3 6 1 4 1 2636 4 9 Devices that run Junos OS and have SONET PICs installed All devices running Junos OS jnxPingRttStdDevThreshold Exceeded 1 3 6 1 4 1 2636 4 9 All devices running Junos OS jnxPingRttJitterThreshold Exceeded 1 3 6 1 4 1 2636 4 9 All devices running Junos OS jnxPingEgressThreshold Exceeded 1 3 6 1 4 1 2636 4 9 All devices running Junos OS Copyright 2015 Juniper Networks Inc 85 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 12 Juniper Networks Enterprise Specific Supported SNMP Version 1 Traps continued Defined in Trap Name Generic Trap Enterprise ID Number Specific Trap Number System Logging Severity Level Supported On jnxPingEgressStdDev 1 3 6 1 4 1 263649 6 5
187. d only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js nat txt For more information see NAT Objects MIB Packet Forwarding Engine MIB Provides notification statistics for Packet Forwarding Engines For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx pfe txt For more information see Packet Forwarding Engine MIB Ping MIB Extends the standard Ping MIB control table RFC 2925 Items in this MIB are created when entries are created in pingCtlTable of the Ping MIB Each item is indexed exactly as it is in the Ping MIB For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ping txt For more information see PING MIB Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Policy Objects MIB Provides support for monitoring the security policies that control the flow of traffic from one zone to another This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js policy txt For more information see Policy Objects MIB Reverse Path Forwarding MIB Monitors statistics for traffic tha
188. dTpFdbPort and dotldTpFdbStatus objects from the dotldTpFdbTable of the dotidTp subtree are supported on EX Series Ethernet Switches NOTE dotidTpLearnedEntryDiscards and dotidTpAgingTime objects are supported on M and T Series routers RFC 4268 Entity State M B Junos OS supports O O 0 1 0 ie 0 0 o all objects and tables NOTE Supported only on MX240 MX480 and MX960 routers RFC 4273 Definitions of Managed Objects for 1 1 1 0 0 0 1 BGP 4 only jnxBgpM2PrefixInPrefixes jnxBgpM2PrefixinPrefixesAccepted and jnxBgpM2PrefixInPrefixesRejected objects 26 Copyright 2015 Juniper Networks Inc Table 4 Standard MIBs Supported on Devices Running Junos OS continued MIB RFC RFC 4292 IP Forwarding MIB Describes a table and MIB objects for forwarding IP packets that are version independent e inetCidrRouteTable Provides the ability to display IP version independent multipath CIDR routes and obsoletes the ipCidrRouteTable object e inetCidrRouteNumber Indicates the number of current routes and obsoletes the ipCidrRouteNumber object e inetCidrRouteDiscards Counts the number of valid routes that are discarded from inetCidrRouteTable and obsoletes the ipCidrRouteDiscards object NOTE Junos OS currently supports these MIB objects that will be deprecated in future releases ipCidrRouteTable ipCidrRouteNumber and ipCidrRouteDiscards Chapter 3 SNMP MIBs and Traps Supported by Ju
189. ddress regardless of the outgoing interface In addition you can set the agent address of each SNMPvI trap For more information about the contents of SNMPVvI traps see RFC 1157 The remaining statements are explained separately Disabled snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring SNMP Trap Options on page 128 Copyright 2015 Juniper Networks Inc type Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series OFX Series T Series type inform trap edit snmp v3 notify name Statement introduced before Junos OS Release 7 4 inform option added in Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure the type of SNMP notification inform Defines the type of notification as an inform SNMP informs are confirmed notifications trap Defines the type of notification as a trap SNMP traps are unconfirmed notifications snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring SNMP Informs on page 157 e Configuring the SNMPv3 Trap Notification on page 159 Copyright
190. ded in Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Statement introduced in Junos OS Release 14 1X53 D20 for the OCX Series Select management targets for SNMPv3 notifications as well as the type of notifications Notifications can be either traps or informs name Name assigned to the notification tag name Notifications are sent to all targets configured with this tag type Notification type is trap or inform Traps are unconfirmed notifications Informs are confirmed notifications snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Inform Notification Type and Target Address on page 170 e Configuring the SNMPv3 Trap Notification on page 159 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements notify filter Applying to the Management Target Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation ACX Series EX Series LN Series M Series MX Series PTX Series SRX Series T Series notify filter profile name edit snmp v3 target parameters target parameters name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos
191. del defines the security model to use when SNMP notifications are generated Informs require a usm security model security level specifies whether the inform is authenticated and encrypted before it is sent For the usm security model the security level must be one of the following authentication Provides authentication but no encryption privacy Provides authentication and encryption security name identifies the Username that is used when generating the inform Related Configuring SNMPv3 Traps on a Device Running Junos OS on page 158 Documentation e Configuring SNMP Informs on page 157 e Configuring the Remote Engine and Remote User on page 172 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Example Configuring the Inform Notification Type and Target Address on page 171 Example Configuring the Inform Notification Type and Target Address Supported Platforms ACX Series M Series MX Series PTX Series SRX Series T Series Copyright 2015 Juniper Networks Inc 171 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices In the following example target 172 17 20 184 is configured to respond to informs The inform timeout is 30 seconds and the maximum retransmit count is 3 The inform is sent to all targets in the tll list The security model for the remote user is usm and the remote engine username is ulo e
192. dit snmp v3 notify nl type inform tag tll notify filter nfl oid 1 3 include target address tal address 172 17 20 184 retry count 3 tag list tll address mask 255 255 255 0 target parameters tpl timeout 30 target parameters tpl parameters message processing model v3 security model usm security level privacy security name ul0 notify filter nfl Related Configuring the Inform Notification Type and Target Address on page 170 D tati ocumenkation Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Configuring the Remote Engine and Remote User Supported Platforms ACX Series LN Series M Series MX Series PTX Series SRX Series T Series To send inform messages to an SNMPv3 user on a remote device you must first specify the engine identifier for the SNMP agent on the remote device where the user resides The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host When sending an inform message the agent uses the credentials of the user configured on the remote engine inform target To configure a remote engine and remote user to receive and respond to SNMP informs include the following statements at the edit snmp v3 hierarchy level edit snmp v3 usm remote engine engine id user username authentication md5 172 Copyright
193. dot3adAggActorSystemPriority 59 O dot3adAggActorSystemPriority 65 O dot3adAggActorSystemID 59 0 0 0 0 0 0 dot3adAggActorSystemID 65 0 0 0 0 0 0 dot3adAggAggregateOrIndividual 59 true 1 dot3adAggAggregateOrIndividual 65 true 1 dot3adAggActorAdminKey 59 O dot3adAggActorAdminKey 65 O dot3adAggActorOperkey 59 O dot3adAggActorOperkey 65 O dot3adAggPartnerSystemID 59 0 0 0 0 0 0 dot3adAggPartnerSystemID 65 0 0 0 0 0 0 dot3adAggPartnerSystemPriority 59 O dot3adAggPartnerSystemPriority 65 O dot3adAggPartnerOperKkey 59 O dot3adAggPartnerOperkey 65 O dot3adAggCollectorMaxDelay 59 O Copyright 2015 Juniper Networks Inc Chapter 7 Configuring Routing Instances dot3adAggCollectorMaxDelay 65 O Related Understanding SNMP Support for Routing Instances on page 177 D tati ocumentanon e Specifying a Routing Instance in an SNMPvI or SNMPv2c Community on page 180 Configuring Access Lists for SNMP Access over Routing Instances Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series You can create and maintain access lists to manage access to SNMP information Access list configuration enables you to allow or deny SNMP access to clients of a specific routing instance The following example shows how to create an access list edit snmp routing instance access access list ril restrict ls1 default ls1 ri2 Is1 The configuration given in the example e R
194. e LN Series M Series MX Series PTX Series SRX Series T Series SNMP enables the monitoring of network devices from a central location This topic provides an overview of SNMP and describes how SNMP is implemented in the Junos OS This topic includes the following sections SNMP Architecture on page 9 Junos OS SNMP Agent Features on page 12 The SNMP agent exchanges network management information with SNMP manager software running on a network management system NMS or host The agent responds to requests for information and actions from the manager The agent also controls access to the agent s MIB the collection of objects that can be viewed or changed by the SNMP manager The SNMP manager collects information about network connectivity activity and events by polling managed devices Communication between the agent and the manager occurs in one of the following forms Get GetBulk and GetNext requests The manager requests information from the agent the agent returns the information in a Get response message Set requests The manager changes the value of a MIB object controlled by the agent the agent indicates status in a Set response message Traps notification The agent sends traps to notify the manager of significant events that occur on the network device Copyright 2015 Juniper Networks Inc 9 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices This topic co
195. e 124 EX Series LN Series M Series MX Series PTX Series T Series interval seconds edit snmp rmon alarm index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Interval between samples seconds Time between samples in seconds Range 1 through 2 147 483 647 seconds Default 60 seconds snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Interval on page 226 Copyright 2015 Juniper Networks Inc interval Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series interval seconds edit snmp health monitor Statement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 for EX Series switches Interval between samples seconds Time between samples in seconds Range 1 through 2147483647 seconds Default 300 seconds snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Interval on page 241 Copyright 2015 Juniper Networks Inc 281 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices local engine Supported Platforms LN Series M
196. e 132 D tati a Configuring the Source Address for SNMP Traps on page 129 e Specifying a Routing Instance in an SNMPv1 or SNMPv2c Community on page 180 Copyright 2015 Juniper Networks Inc 309 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices routing instance Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series PTX Series T Series routing instance routing instance name edit snmp v3 target address target address name Statement introduced in Junos OS Release 8 3 Statement introduced in Junos OS Release 9 0 for EX Series switches Specify a routing instance for an SNMPv3 trap target routing instance name Name of the routing instance To configure a routing instance within a logical system specify the logical system name followed by the routing instance name Use a slash to separate the two names for example test ls test ri To configure the default routing instance on a logical system specify the logical system name followed by default for example test ls default snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Trap Target Address on page 161 routing instance access Supported Platforms Syntax Hierarchy Level Release Information Description
197. e Firewall MIB Host Resources MIB Extends the hrStorageTable object providing a measure of the usage of each file system on the router in percentage Previously the objects in the hrStorageTable measured the usage in allocation units hrStorageUsed and hrStorageAllocationUnits only Using the percentage measurement you can more easily monitor and apply thresholds on usage For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx hostresources txt For more information see Host Resources MIB Interface MIB Extends the standard ifTable RFC 2863 with additional statistics and Juniper Networks enterprise specific chassis information For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx if extensions txt For more information see nterface MIB IP Forward MIB Extends the standard IP Forwarding Table MIB RFC 2096 to include CIDR forwarding information For a downloadable version of this MIB see Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipforward txt For more information see P Forward MIB IPsec Generic Flow Monitoring Object MIB Based on jnx ipsec monitor mib this MIB provides support for monitoring IPsec and IPsec VPN management object
198. e Information Description Default Options Required Privilege Level Related Documentation 264 ACX Series EX Series M Series MX Series PTX Series SRX Series T Series clients address lt restrict gt edit snmp community community name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for FX Series switches Specify the IPv4 or IPv6 addresses of the SNMP client hosts that are authorized to use this community If you omit the clients statement all SNMP clients using this community string are authorized to access the router address Address of an SNMP client that is authorized to access this router You must specify an address not a hostname To specify more than one client include multiple address options restrict Optional Do not allow the specified SNMP client to access the router snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the SNMP Community String on page 120 Copyright 2015 Juniper Networks Inc commit delay Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series OFX Series SRX Series T Series c
199. e The following objects in the TunnelResource table are not supported mplsTunnelResourceMeanRate mplsTunnelResourceMaxBurstSize mplsTunnelResourceMeanBurstSize mplsTunnelResourceExBurstSize mplsTunnelResourceWeight mplsTunnelPerfTable and mplsTunnelCRLDPResTable are not supported mplsTunnelCHopTable is supported on ingress routers only NOTE The branch used by the proprietary LDP MIB ldpmib mib conflicts with RFC 3812 ldpmib mib has been deprecated and replaced by jnx mpls ldp mib 24 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 4 Standard MIBs Supported on Devices Running Junos OS continued MIB RFC RFC 3813 Multiprotocol Label Switching MPLS Label Switching Router LSR Management Information Base MIB read only access mplsinterfacePerfTable mplsinSegmentPerfTable mplsOutSegmentPerfTable mplsInSegmentMapTable mplsXCUp and mplsXCDown are not supported Platforms RFC 3826 The Advanced Encryption Standard AES Cipher Algorithm in the SNMP User based Security Model RFC 3877 Alarm Management Information Base except e Junos OS does not support the alarmActiveStatsTable Traps that do not conform to the alarm model are not supported However these traps can be redefined to conform to the alarm model RFC 3896 Definitions of Managed Objects for the DS3 E3 Interface Type except dsx3FarEndConfigTable dsx3Fa
200. e http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx firewall txt For more information see Firewall MIB Flow Collection Services MIB Provides statistics on files records memory FTP and error states of a monitoring services interface It also provides SNMP traps for unavailable destinations unsuccessful file transfers flow overloading and memory overloading For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x45 topics reference mibs mib jnx coll txt Copyright 2015 Juniper Networks Inc 33 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 34 For more information see Flow Collection Services MIB Host Resources MIB Extends the hrStorageTable object providing a measure of the usage of each file system on the router in percentage format Previously the objects in the hrStorageTable measured the usage in allocation units hrStorageUsed and hrStorageAllocationUnits only Using the percentage measurement you can more easily monitor and apply thresholds on usage For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx hostresources txt For more information see Host Resources MIB IDP Objects MIB Provides support for monitoring SNMP IDP queries requests responses and failures This MIB defines the key monitoring and threshold crossing tra
201. e objects only those associated with the default routing instance are exposed D NOTE The actual protocol data units PDUs are still exchanged over the default inet 0 routing instance but the data contents returned are dictated by the routing instance specified in the request PDUs Trap Support for Routing Instances on page 178 e Identifying a Routing Instance on page 179 e Enabling SNMP Access over Routing Instances on page 180 e Specifying a Routing Instance in an SNMPv1 or SNMPv2c Community on page 180 Configuring Access Lists for SNMP Access over Routing Instances on page 183 Trap Support for Routing Instances Supported Platforms 178 LN Series M Series MX Series SRX1400 SRX3400 SRX3600 SRX5400 SRX5600 SRX5800 vSRX T Series You can restrict the trap receivers from receiving traps that are not related to the logical system networks to which they belong To do this include the logical system trap filter statement at the edit snmp hierarchy level edit snmp logical system trap filter If the logical system trap filter statement is not included in the SNMP configuration all traps are forwarded to the configured routing instance destinations However even when this statement is configured the trap receiver associated with the default routing instance will receive all SNMP traps Copyright 2015 Juniper Networks Inc Chapter 7 Configuring Routing Instances When configured under the trap g
202. e originating LSPBufferSize option and the value in the PDU option field does not match the local value for originating LILSPBufferSize or originating L2LSPBufferSize respectively isisProtocolsSupportedMismatch Generated when a nonpseudonode segment O link state PDU is received that has no matching protocols 3vpnmib mib mplsVrfilfUp Generated when the ifOperStatus of an interface associated with a VRF table changes to the up 1 state or when an interface with ifOperStatus up 1 is associated with a VRF table mplsVrflfDown Generated when the ifOperStatus of an interface associated with a VRF table changes to the down 1 state or when an interface with ifOperStatus up 1 state is disassociated from a VRF table mplsNumVrfRouteMidThreshExceeded Generated when the number of routes contained by the specified VRF table exceeds the value indicated by mplsVrfMidRouteThreshold mplsNumVrfRouteMaxThreshExceeded Generated when the number of routes contained by the specified VRF table reaches or attempts to exceed the maximum allowed value as indicated by mplsVrfMaxRouteThreshold mplsNumVrfSecillglLblThrshExcd Generated when the number of illegal label violations on a VRF table as indicated by mplsVpnVrfSeclllegalLblVitns has exceeded mplsVpnvrfSecillegalLblRevThrsh msdpmib mib msdpEstablished Generated when the Multicast Source Discovery Protocol MSDP finite state machine FSM enters
203. e version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx user aaa txt For more information see AAA Objects MIB Access Authentication Objects MIB Provides support for monitoring firewall authentication including data about the users trying to access firewall protected resources and the firewall authentication service itself This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http Avww juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js auth txt For more information see Access Authentication Objects MIB Alarm MIB Provides support for alarms from the router For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx chassis alarm txt For more information see Alarm MIB DNS Objects MIB Provides support for monitoring DNS proxy queries requests responses and failures This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js dns txt For more information see DNS Objects MIB Firewall MIB Provides support for monitoring firewall filter counters Routers must have the Internet Processor II ASIC to perform firewall monitoring For a downloadable version of this MIB se
204. e version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx dcu txt For more information see Destination Class Usage MIB DNS Objects MIB Provides support for monitoring DNS proxy queries requests responses and failures This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js dns txt For more information see DNS Objects MIB Ethernet MAC MIB Monitors media access control MAC statistics on Gigabit Ethernet intelligent queuing IQ interfaces It collects MAC statistics for example inoctets inframes outoctets and outframes on each source MAC address and virtual LAN VLAN ID for each Ethernet port For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx mac txt For more information see Ethernet MAC MIB Event MIB Defines a generic trap that can be generated using an op script or event policy This MIB provides the ability to specify a system log string and raise a trap if that system log string is found For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx event txt For more information see Event MIB Firewall MIB Provides support for monitoring firewall filter counte
205. easonLocal and dlswCircuitDiscReasonRemote tabular objects and the dlswDirMacCacheNextIndex and dlswDirNBCacheNextIndex scalar objects read only access RFC 2096 IP Forwarding Table MIB The 1 1 1 ipCidrRouteTable has been extended to include the tunnel name when the next hop is through an RSVP signaled LSP NOTE RFC 2096 has been replaced by RFC 4292 However Junos OS currently supports both RFC 2096 and RFC 4292 RFC 2115 Management Information Base forFrame O 1 1 1 0 Relay DTEs Using SMIv2 frDlcmiTable only frCircuitTable and frErrTable are not supported Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 4 Standard MIBs Supported on Devices Running Junos OS continued MIB RFC RFC 2233 The Interfaces Group MIB Using SMIv2 NOTE RFC 2233 has been replaced by RFC 2863 IF MIB However Junos OS supports both RFC 2233 and RFC 2863 Platforms RFC 2287 Definitions of System Level Managed Objects for Applications only the objects sysApplinstallPkgTable sysApplinstallElmtTable sysApplElmtRunTable and sysApp MapTable RFC 2465 Management Information Base for IP Version 6 Textual Conventions and General Group except for IPv6 interface statistics RFC 2495 Definitions of Managed Objects for the DSI El DS2 and E2 Interface Types except for dsx1FarEndConfigTable dsx1FarEndCurrentTable dsx1FarEndintervalTable dsx1FarE
206. ecurity to group security model usm v1 v2c security name security name group group name Hierarchy Level edit snmp Copyright 2015 Juniper Networks Inc 339 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Release Information Description Required Privilege Level Related Documentation vacm Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation 340 Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure SNMPv3 The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 EX Series LN Series M Series MX Series PTX Series T Series vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy notify view view name read view view name write view view name security to group security model usm v1 v2c security name security name group group name edit snmp v3 Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series sw
207. ed A single event is also generated if the first sample after this entry becomes valid is less than or equal to this threshold and the associated startup alarm is equal to falling alarm or rising or falling alarm After a falling event is generated another falling event cannot be generated until the sampled value rises above this threshold and reaches the rising threshold You must specify the falling threshold as an integer Its default is 20 percent less than the rising threshold By default the rising threshold is O The rising threshold is the upper threshold for the monitored variable When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval is less than this threshold a single event is generated A single event is also generated if the first sample after this entry becomes valid is greater than or equal to this threshold and the associated startup alarm is equal to rising alarm or rising or falling alarm After a rising event is generated another rising event cannot be generated until the sampled value falls below this threshold and reaches the falling threshold You must specify the rising threshold as an integer Copyright 2015 Juniper Networks Inc 225 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices To configure the falling threshold or rising threshold include the falling threshold or rising threshold statement at the edit snmp rmon ala
208. eiceteds 34 39 45 50 Copyright 2015 Juniper Networks Inc Index IPsec Generic Flow Monitoring Object siya A E S E E E E 34 40 45 51 IPSEC MON ItOF i eseseeeeteteeeeeeeeees 34 40 45 51 IPSEC VPN Ob J CtS ce cccecseeseseeseseseesesessesesesseseseeseeeeees 25 LICENS Eisra sess kesicheee edesteeessseszicectts 36 45 license monnen re orton sare E 40 51 Logical SYSTOIMS ccccsceseseesssessesesesseseseesssessesssesseesseeseees 36 logical SYSTEIMS ccccecssessssessesesesestseeteseetestseeeeeeees 45 5 USE IN PING TeSt iniiis 188 view configuration example SNMP 127 Policy Objects Power Supply Unit PPPOE iiia a Pseudowire TDM cssessssssssstsssssessssesseesessssteseesesseseseess OS IMNteAGG recite creceee a e Reverse Path Forwalding cccssseeees 4l 46 52 RMON Events and Alarm cccsesseseseeseeee 41 46 52 Security Interface Extension ODJECE asses inns cr anna aerate Security Screening ODJECtS cccccessesseseeseeseeee SNM PAD Pe sana a a es SNMP object values displaying a SONET APS oai a iaeesesssen ccna SONET SDH Interface Management 37 Source Class USAC ccceeseeeseseeseeeseeeeees 37 47 53 SPU Monitoring ceceeesesessseesssesesesessseseereeeteeeees 37 47 SPU MONON AS asics nictidinnniiwddidsalaminiiie 53 Structure of Management Informati Onesia 37 38 42 Junos OS for SRX Series devices POfesccaseensieeintd Aikeniohtncc
209. elated Documentation List of Sample Output Output Fields LN Series SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 vSRX show snmp health monitor routing engine history resource lt cpu memory open files count process count storage temperature gt Statement introduced in Junos OS Release 12 1X44 D10 for branch SRX Series devices Statement modified in Junos OS Release 12 1X45 D10 Display the health monitoring information collected for a Routing Engine brief Displays brief health monitor history extensive Displays extensive health monitor history terse Displays terse health monitor history view e show snmp health monitor on page 346 show snmp health monitor routing engine history on page 353 show snmp health monitor routing engine history extensive on page 354 show snmp health monitor routing engine history terse on page 355 Table 27 on page 352 describes the output fields for the show snmp health monitor routing engine history command Output fields are listed in the approximate order in which they appear Table 27 show snmp health monitor routing engine history Output Fields Field Name Field Description Resource Name of the health monitor object instance being monitored Event Displays the latest event and time associated with the resource The available events are e Moderate Rising e High Rising e Critical Rising e Moderate Falling e High Falling e Critical Falling
210. em 286 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements idp This group includes IDP data plane memory usage IDP session usage and policies loaded number storage This group includes storage utilization of directory var log cluster counter This group includes current total session number total CPS IPv4 CPS IPv6 CPS current total IPv4 session number and current total IPv6 session number of both node O and node 1 screen This group includes screen statistics of a specified zone spu This group includes CPU usage memory usage current flow session number current CP session number IPv4 session number IPv6 session number CP IPv4 session number and CP IPv6 session number of the SPU interval Specify the collection interval in minutes The configuration takes effect immediately with new interval value Range to 1440 minutes Default 10 minutes storage limit Specify the storage usage limit in percentage If the current storage usage of the directory var log is above the upper limit collection is canceled but is tried next time Range 1 to 100 percent Default 80 percent Required Privilege security To view this statement in the configuration Level security control To add this statement to the configuration Related show system log vital on page 361 Documentation Copyright 2015 Juniper Networks Inc 287 SNMP MIBs and Traps Monitor
211. en US junosi2Vtopics reference mibs mib jnx ppp txt PPPoE MIB O 1 1 O 0 O O O O htte wwiunipemet tachous en_ US junosi2Vtopics reference mibs mib jnx pppoe txt Pseudowire ATM MIB o 1 0 0 0 0 0 0 Psuedowire TDM MIB 0 0 0 0 0 0 htto Awwijunipemet techpoubsen US juno2Vtopics reference mibs mib jnx pwtdm txt PTP MIB 0 O O 1 O O O O O Real Time Performance Monitoring MIB 1 1 1 0 1 0 0 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx rpm txt 60 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 5 Enterprise Specific MIBs and Supported Devices continued Platforms Enterprise Specific MIB Reverse Path Forwarding MIB 1 1 il 0 1 1 1 http Awwwijunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx rpf txt RMON Events and Alarms MIB o 1 1 1 http Avwwwijunipernet techoubs en_US junosi2 1 topics reference mibs mib jnx rmon txt RSVP MIB 1 1 1 0 0 O O O http Avwwijunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx rsvp txt Security Interface Extension Objects MIB 0 o 0 0 0 http Awwwjunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx js if ext txt Security Screening Objects MIB 0 o 0 o O o http Avwwijunipernet techpubs en_US junosi2 1 topics referen
212. engine user username edit snmp v3 usm remote engine engine id user username Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Description Configure that there should be no authentication for the SNMPv3 user D NOTE You can configure only one authentication type for each SNMPv3 user Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring No Authentication on page 146 Documentation 258 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements authentication password Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation LN Series M Series MX Series PTX Series OFX Series T Series authentication password authentication password edit snmp v3 usm local engine user username authentication md5 edit snmp v3 usm local engine user username authentication sha edit snmp v3 usm remote engine engine id user username authentication md5 edit snmp v3 usm remote engine engine id user username authentication sha Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced i
213. entCommunity Trap group used if an SNMP trap is to be sent If eventCommunity is not configured a trap is sent to each trap group configured with the rmon alarm category eventLastTimeSent Value of sysUpTime when this event entry last generated an event eventOwner Any text string specified by the creating management application or the command line interface CLI Typically it is Used to identify a network manager or application and can be used for fine access control between participating management applications eventStatus Status of this event entry NOTE If this object is not set to valid no action is taken by the associated event entry When this object is set to valid all previous log entries associated with this entry if any are deleted e Understanding RMON Alarms on page 219 e Configuring an Event Entry and Its Attributes on page 228 Copyright 2015 Juniper Networks Inc 22 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 222 Copyright 2015 Juniper Networks Inc CHAPTER 13 Configuring RMON Alarms and Events Understanding RMON Alarms and Events Configuration on page 223 Configuring an Alarm Entry and Its Attributes on page 224 Configuring an Event Entry and Its Attributes on page 228 Example Configuring an RMON Alarm and Event Entry on page 229 Example Configuring Health Monitoring on page 229 Understanding RMON Alarms and Events Configuration Su
214. equests Can Be Accepted Supported Platforms Related Documentation M Series MX Series PTX Series OFX Series T Series By default all router or switch interfaces have SNMP access privileges To limit the access through certain interfaces only include the interface statement at the edit snmp hierarchy level edit snmp interface interface names Specify the names of any logical or physical interfaces that should have SNMP access privileges Any SNMP requests entering the router or switch from interfaces not listed are discarded e Configuring SNMP on a Device Running Junos OS on page 115 e Configuration Statements at the edit snmp Hierarchy Level on page 248 Example Configuring Secured Access List Checking on page 124 Configuring SNMP Example Configuring Secured Access List Checking Supported Platforms Related Documentation 124 LN Series M Series MX Series PTX Series SRX Series T Series SNMP access privileges are granted to only devices on interfaces so 0 0 0 and at 1 0 1 The following example does this by configuring a list of logical interfaces edit snmp interface so O 0 0 0 so 0 0 0 1 at 1 0 1 0 at 1 0 1 1 J The following example grants the same access by configuring a list of physical interfaces edit snmp interface so 0 0 0 at 1 0 1 e Configuring the Interfaces on Which SNMP Requests Can Be Accepted on page 124 Filtering Interface Information Out
215. er 10 Configuring Vital MIB Data user host gt show configuration security zones security zone untrust screen zone syn flood 2 To monitor the number of UDP flood attacks you must first obtain the index of the untrust zone in various screen MIB tables user host gt show snmp mib walk jnxJsScreenZoneName match untrust jnxJsScreenZoneName 117 110 116 114 117 115 116 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 untrust In the output the string 117 110 116 114 117 115 116 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 is the index of the untrust zone in the MIB table By combining the index with screen MIB table jnxJsScreenMonUdpFlood the number can be monitored using the following command edit user Ghost set system log vital add jnxJsScreenMonUdpFlood 117 110 116 114 117 115 116 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 comment Number of UDP flood attack Related Generating Vital Data from a NAT Rule on page 209 Documentation Copyright 2015 Juniper Networks Inc 211 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 212 Copyright 2015 Juniper Networks Inc CHAPTER 11 SNMP FAQs Managing Traps and Informs on page 213 Managing Traps and Informs Supported Platforms M Series MX Series SRX Series T Series The following sections contain a few tips on managing SNMP notifications Generating Traps Based on SysLog Events on
216. er Networks Inc 285 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices log vital Supported Platforms SRX Series Syntax log vital add lt oid gt comment lt comment gt file size files group operating idp storage cluster counter screen Spu interval storage limit Hierarchy Level edit system Release Information Statement introduced in Junos OS Release 12 1X47 D15 Description Configure vital log data Options add lt oid gt Specify the OID to be used to collect the raw data comment Specify the comment for the raw OID file size Specify the size of the current dump file Range 1 MB to 100 MB Default 5 MB for branch SRX Series devices and 10 MB for high end SRX Series devices files Specify the lifetime number of days for the dump file to be stored The dump file is stored at var log vital Range 1 to 30 days Default 3 days group Specify the pre defined OID group to be used Each group contains multiple OIDs within the same area Once a group enabled all OIDs in the group will be periodically collected and dumped operating This group includes state temperature current CPU utilization percentage buffer utilization percentage heap utilization percentage up time average load in the last 1 minute 5 minutes or 15 minutes and buffer pool utilization percentage in the control plane of each operating component in the syst
217. erface CLI user Warning element unresolved in stylesheets lt step gt in lt example gt This is probably anew element that is not yet supported in the stylesheets Configure the remote engine ID Username and authentication type and password edit snmp v3 user host set usm remote engine 800007E5804089071BC6D10A41 user u10 authentication md5 authentication key qol67R Warning element unresolved in stylesheets lt step gt in lt example gt This is probably anew element that is not yet supported in the stylesheets Configure the encryption type and privacy password You can configure only one encryption type per SNMPv3 user edit snmp v3 user host set usm remote engine 800007E5804089071BC6D10A41 user u10 privacy des privacy key m 72J 9v Warning element unresolved in stylesheets lt results gt in lt example gt This is probably anew element that is not yet supported in the stylesheets In configuration mode confirm your configuration by entering the show command If the output does not display the intended configuration repeat the instructions in this example to correct the configuration edit snmp v3 user host show usm remote engine 800007E5804089071BC6D10A41 user ul0 authentication md5 authentication key 9 DOjP536901RiktullcSwY2gUj5QF3 CY8QF CuOxN bwgZGigP5iH STF 9WLX7wYoaUkqfoaAp OBEhSreW87s24aUjsY4ZDjq RhcyWLNdbg4Zs YJDHkTQ69ApulEcyrvWOF tuOREYg4ajHmMPQF39 Ygz3n6At8XxN
218. erfaceConfTable atmVplTable atmVclTable rfc2465 mib ip v6mib Examples ipv6lfTable ipv6AddrPrefixTable ipv6NetToMediaTable ipv6RouteTable rfc2787a mib vrrp mib rfc2932 mib ipMRouteMIB ipMRouteStdMIB mroutemib mib ipMRouteIMIBObjects isismib mib isisMIB pimmib mib pimMIB msdpmib mib msdpmib jnx if extensions mib Examples ifJnxTable ifChassisTable jnx dcu mib jnxDCUs jnx atm mib 69 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 70 Table 7 Class 1 MIB Objects Standard and Juniper MIBs continued Class MIB Objects Examples jnxAtmIfTable jnxAtmVCTable jnxAtmVpTable jnx ipv4 mib jnxipv4 Example jnxlpv4AddrTable jnx cos mib Examples jnxCoslfqStatsTable jnxCosQstatTable jnx scu mib Example jnxScuStatsTable jnx rpf mib Example jnxRpfStatsTable jnx pmon mib Example jnxPMonFlowTable jnx sonet mib Example jnxSonetAlarmTable Class 1 jnx atm cos mib Examples jnxCosAtmVcTable jnxCosAtmVcScTable jnxCosAtmVcQstatsTable jnxCosAtmTrunkTable jnx mac mib Example jnxMacStatsTable jnx services mib Example jnxSvcFlowTableAggStatsTable jnx coll mib jnxCollectorMIB Examples jnxCollPiclfTable jnxCollFileEntry Table 8 on page 71 shows Class 2 MIB objects standard and enterprise specific MIBs supported by Junos OS With Class 2 objects a
219. eries SRX Series T Series Junos OS supports two types of notifications traps and informs With traps the receiver does not send any acknowledgment when it receives a trap Therefore the sender cannot determine if the trap was received A trap may be lost because a problem occurred during transmission To increase reliability an inform is similar to a trap except that the inform is stored and retransmitted at regular intervals until one of these conditions occurs The receiver target of the inform returns an acknowledgment to the SNMP agent A specified number of unsuccessful retransmissions have been attempted and the agent discards the inform message If the sender never receives a response the inform can be sent again Thus informs are more likely to reach their intended destination than traps are Informs use the same communications channel as traps same socket and port but have different protocol data unit PDU types Informs are more reliable than traps but they consume more network router and switch resources see Figure 1 on page 158 Unlike a trap an inform is held in memory until a response is received or the timeout is reached Also traps are sent only once whereas an inform may be retried several times Use informs when it is important that the SNMP manager receive all notifications However if you are more concerned about network traffic or router and switch memory use traps Copyright 2015 Juniper Netw
220. eries requests responses and failures This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js dns txt For more information see DNS Objects MIB Ethernet MAC MIB Monitors media access control MAC statistics on Gigabit Ethernet intelligent queuing IQ interfaces It collects MAC statistics for example inoctets inframes outoctets and outframes on each source MAC address and virtual LAN VLAN ID for each Ethernet port For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs jnx mac txt For more information see Ethernet MAC MIB Event MIB Defines a generic trap that can be generated using an op script or event policy This MIB provides the ability to specify a system log string and raise a trap if that system log string is found For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx event txt For more information see Event MIB Firewall MIB Provides support for monitoring firewall filter counters Routers must have the Internet Processor ASIC to perform firewall monitoring For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx firewallL txt For more information se
221. erval Time period between samples in seconds Rising threshold Upper limit threshold value as a percentage of the maximum possible value Falling threshold Lower limit threshold value as a percentage of the maximum possible value Rising event index Event triggered when the rising threshold is crossed Falling event index Sample Output show snmp health monitor 348 Event triggered when the falling threshold is crossed user host gt show snmp health monitor Alarm Index 32770 32773 32776 32779 32782 32785 32788 32791 32792 32793 Variable description Value Health Monitor md3 jail mfs utilization jnxHrStoragePercentUsed 16 0 Health Monitor md2 mfs var run utm utilization jnxHrStoragePercentUsed 15 0 Health Monitor md1 mfs utilization jnxHrStoragePercentUsed 11 11 Health Monitor var file system utilization jnxHrStoragePercentUsed 10 44 Health Monitor root file system utilization jnxHrStoragePercentUsed 1 52 Health Monitor config file system utilization jnxHrStoragePercentUsed 2 0 Health Monitor RE O CPU utilization jnxOperatingCPU 9 1 0 0 20 Health Monitor RE 0 memory utilization jnxOperatingBuffer 9 1 0 0 52 Health Monitor Max Kernel Memory Used jnxBoxKernelMemoryUsedPercent 0 3 Health Monitor jroute daemon memory usage State active active active critical threshold critical threshold active active active acti
222. es Health and performance monitoring can benefit from the remote monitoring of SNMP variables by the local SNMP agents running on each router The SNMP agents compare MIB values against predefined thresholds and generate exception alarms without the need for polling by a central SNMP management platform This is an effective mechanism for proactive management as long as the thresholds have baselines determined and set correctly For more information see RFC 2819 Remote Network Monitoring MIB This topic includes the following sections Setting Thresholds on page 231 RMON Command Line Interface on page 232 RMON Event Table on page 233 RMON Alarm Table on page 233 Troubleshooting RMON on page 234 Setting Thresholds By setting a rising and a falling threshold for a monitored variable you can be alerted whenever the value of the variable falls outside of the allowable operational range See Figure 3 on page 232 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Figure 3 Setting Thresholds Value Allowable operational range t g041661 Rising event Falling event Rising event Events are only generated when the threshold is first crossed in any one direction rather than after each sample period For example if a rising threshold crossing event is raised no more threshold crossing events will occur until a corresponding falling event This considerably reduces the quanti
223. es You can specify a description for each system being managed by SNMP This string is placed into the MIB II sysDescription object To configure a description include the description statement at the edit snmp hierarchy level edit snmp description description If the description contains spaces enclose it in quotation marks To specify the system description edit snmp description M40 router with 8 FPCs Related Configuring SNMP on a Device Running Junos OS on page 115 Documentation e Configuring the System Contact on a Device Running Junos OS on page 118 e Configuring the System Location for a Device Running Junos OS on page 118 Configuring the System Name on page 119 Configuration Statements at the edit snmp Hierarchy Level on page 248 Configuring the System Name Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Junos OS enables you to override the system name by including the name statement at the edit snmp hierarchy level edit snmp name name If the name contains spaces enclose it in quotation marks To specify the system name override edit snmp name snmp 1 Related Configuring SNMP ona Device Running Junos OS on page 115 D tati ocumentatmon e Configuring the System Contact on a Device Running Junos OS on page 118 e Configuring the System Location for a Device Running Junos OS on page 118 Copyright 2015 Juniper Netw
224. es To create an RMON request specify the fields shown in Table 23 on page 233 Table 23 RMON Alarm Table Field Description alarmStatus Status of this row for example valid invalid or createRequest Copyright 2015 Juniper Networks Inc 233 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 23 RMON Alarm Table continued Field Description alarminterval Sampling period in seconds of the monitored variable alarmVariable OID and instance of the variable to be monitored alarmValue Actual value of the sampled variable alarmSampleType Sample type absolute or delta changes alarmStartupAlarm Initial alarm rising falling or either alarmRisingThreshold Rising threshold against which to compare the value alarmFallingThreshold Falling threshold against which to compare the value alarmRisingEventIndex Index row of the rising event in the event table alarmFallingEventindex Index row of the falling event in the event table Both the alarmStatus and eventStatus fields are entryStatus primitives as defined in RFC 2579 Textual Conventions for SMIv2 Troubleshooting RMON You troubleshoot the RMON agent rmopd that runs on the router by inspecting the contents of the Juniper Networks enterprise RMON MIB jnxRmon which provides the extensions listed in Table 24 on page 234 to the RFC 2819 alarmTable Table 24 jnxRmon Alarm Extensions Field Description
225. es and so on is applied according to the actual community string the set of data after the character in this case public However if the community string RI public is configured the protocol data unit PDU is processed according to that community and the embedded routing instance name is ignored Logical systems perform a subset of the actions of a physical router and have their own unique routing tables interfaces policies and routing instances When a routing instance is defined within a logical system the logical system name must be encoded along with the routing instance using a slash to separate the two For example if the routing instance RI is configured within the logical system LS that routing instance must be encoded within a community string as LS RI public When a routing instance is configured outside a logical system within the default logical system no logical system name or character is needed Also when a logical system is created a default routing instance named default is always created within the logical system This name should be used when querying data for that routing instance for example LS default public For v3 requests the name logical system routing instance should be identified directly in the context field Copyright 2015 Juniper Networks Inc 179 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation D NOTE To identify a virt
226. eseseseresessscssscsesesenesesees 35 EAE PAM Bs sanna ansimeatnniasitien 35 L2TP MIB sisisssidscavscarsiasssosnieasscssdsarducnisonisiaidaoastacdscuesoasdiasusseaziantin 35 Copyright 2015 Juniper Networks Inc Layer 2 Control Protocol MI Briennen din Bee leek natok hes 35 LDP MI Boii ee ei Ntbi endl te eatin 35 License MIB crisi 36 40 45 51 local engine StateEMeNnt ccs 282 location statement SNMP vassadtissscsastasicssidiassavsdoareiesiivadsscasinsncnastiidaveasiavtanavbios 283 usage BUIGELINGS cc cececescesesessessseeesesseseeeeseseees 18 LOW E EE E T T 286 Logical Systems MIB s ssssssssersssrrssrrserrresrresrrrerrrenrn 36 45 51 logical system statemMent ssessesrsssriserrserrrserreerrrerrreen 284 logical system trap filter statement 285 LSYS MIB cscsccsssssssesessssssssesesesesssssessssensesscssssesesseeeeeesessasasaceeees 36 M Management Information Base See MIBs manuals comments on master agent SNMP message processing model statement 288 usage BUIGELINGS ce ceeseseeesessestscstessseessseesesteeesesees 164 MIBs BG PAN 2 sin anen 38 43 49 ASSIS sra RR 38 43 49 Chassis CLUStCM cescescsssessssesssssesessesseseseeseeseeness 43 49 Configuration Management 38 44 49 Destination Class USABEC cccsecessesesesteseeseenes 44 49 EX Series Structure of Management Information ITEP ACO isvann 34 39 45 50 Pi FOPWar bess eatnine station dae
227. esholdStatus 1 3 6 1 4 1 2636 3 5911 011 M Series and MX Series routers 94 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 13 Juniper Networks Enterprise Specific Supported SNMP Version 2 Traps continued System Logging Severity Source MIB Trap Name snmpTrapOID Level System Log Tag Supported On Network jnxJsScreen Attack 1 3 6 1 41 2636 3 391 8 Warning RT_SCREEN_ICMP SRX Series devices Address 1 0 1 RT_SCREEN_IP Translation RT_SCREEN_ MIB SESSION_LIMIT jnx js nat mib RT_SCREEN_TCP RT_SCREEN_UDP Security jnxJsScreenCfg Change 1 3 61 4 1 2636 3 391 8 SRX Series devices Screening 1 0 2 Objects MIB inx js screening mib RMON Alarms RMON MIB jnxRmonGetOk 1 3 6 1 4 1 2636 4 All devices running Junos jnx rmon mib 3 0 2 OSs SONET Alarms E SONET MIB jnxSonetAlarm Cleared 1 3 6 1 4 1 2636 4 Devices that run Junos OS jnx sonet mib 6 0 2 and have SONET PICs installed Related Juniper Networks Enterprise Specific SNMP Traps on page 80 Documentation Standard SNMP Traps Supported on Devices Running Junos OS on page 95 Juniper Networks Enterprise Specific MIBs on page 32 Standard SNMP MIBs Supported by Junos OS on page 13 Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 128 Managing Traps and Informs on page 213 Standard SNMP Traps Supported on Devices Runni
228. ess on page 161 Defining and Configuring the Trap Target Parameters on page 163 Configuring SNMP Informs on page 157 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Copyright 2015 Juniper Networks Inc 135 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 136 Copyright 2015 Juniper Networks Inc CHAPTER 6 Configuring SNMPv3 SNMP v3 Overview on page 138 Creating SNMPv3 Users on page 138 Example SNMPv3 Configuration on page 139 Example Creating SNMPv3 Users Configuration on page 142 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Configuring the SNMPv3 Authentication Type on page 145 Configuring the Encryption Type on page 146 Defining Access Privileges for an SNMP Group on page 148 Configuring the Access Privileges Granted to a Group on page 149 Example Access Privilege Configuration on page 152 Assigning Security Model and Security Name to a Group on page 153 Example Security Group Configuration on page 155 Example Configuring the Tag List on page 155 Configuring the Local Engine ID on page 156 Configuring SNMP Informs on page 157 Configuring SNMPv3 Traps on a Device Running Junos OS on page 158 Configuring the SNMPv3 Trap Notification on page 159 Example Configuring SNMPv3 Trap Notification on page 160 Configuring the Trap Target Address on page 161 De
229. estricts clients in ril from accessing SNMP information Allows clients in ls1 default ls1 ri2 and all other routing instances with names starting with ls to access SNMP information You can use the wildcard character to represent a string in the routing instance name D NOTE You cannotrestrict the SNMP manager of the default routing instance from accessing SNMP information Related Understanding SNMP Support for Routing Instances on page 177 D tati ocumentaton e Enabling SNMP Access over Routing Instances on page 180 e Specifying a Routing Instance in an SNMPvI or SNMPv2c Community on page 180 Copyright 2015 Juniper Networks Inc 183 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 184 Copyright 2015 Juniper Networks Inc CHAPTER 8 Configuring Remote Operations SNMP Remote Operations Overview on page 185 e Using the Ping MIB for Remote Monitoring Devices Running Junos OS on page 188 Starting a Ping Test on page 188 Monitoring a Running Ping Test on page 190 Gathering Ping Test Results on page 192 e Stopping a Ping Test on page 194 Interpreting Ping Variables on page 194 Using the Traceroute MIB for Remote Monitoring Devices Running Junos OS on page 195 SNMP Remote Operations Overview Supported Platforms ACX Series LN Series M Series MX Series PTX Series SRX Series T Series A SNMP remote operation is any process on the router that can be contr
230. etworks Inc SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 244 Copyright 2015 Juniper Networks Inc CHAPTER 16 Configuration Statements Configuration Statements at the edit snmp Hierarchy Level on page 248 Complete SNMPv3 Configuration Statements on page 251 e access list on page 253 address on page 254 e address mask on page 254 agent address on page 255 alarm SNMP RMON on page 256 e authentication md5 on page 257 authentication none on page 258 authentication password on page 259 e authentication sha on page 260 authorization on page 261 e categories on page 262 client list on page 262 client list name on page 263 e clients on page 264 e commit delay on page 265 e community on page 266 community on page 267 community name on page 268 contact on page 269 description on page 269 description on page 270 destination port on page 270 e engine id on page 271 e enterprise oid on page 272 e event on page 272 falling event index on page 273 Copyright 2015 Juniper Networks Inc 245 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices falling threshold on page 274 falling threshold on page 275 falling threshold interval on page 276 filter duplicates on page 276 filter interfaces on page 277 e group Configuring Group Name on page 278 group Defining Access Pri
231. ew user only users with an active status can use SNMPv3 Configuring the Remote Engine and Remote User on page 172 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 e Configuring SNMP Informs on page 157 Configuring the Remote Engine and Remote User on page 172 Copyright 2015 Juniper Networks Inc CHAPTER 7 Configuring Routing Instances Understanding SNMP Support for Routing Instances on page 177 e Trap Support for Routing Instances on page 178 Identifying a Routing Instance on page 179 e Enabling SNMP Access over Routing Instances on page 180 e Specifying a Routing Instance in an SNMPv1 or SNMPv2c Community on page 180 Example Configuring Interface Settings for a Routing Instance on page 181 Configuring Access Lists for SNMP Access over Routing Instances on page 183 Understanding SNMP Support for Routing Instances Supported Platforms LN Series M Series MX Series SRX Series T Series Junos OS enables SNMP managers for all routing instances to request and manage SNMP data related to the corresponding routing instances and logical system networks In Junos OS Clients from routing instances other than the default can access MIB objects and perform SNMP operations only on the logical system networks to which they belong Clients from the default routing instance can access information related to all routing in
232. ex script xsl interfaces fxpO disable unit O family inet address 10 0 0 1 24 2 Merge the contents of the file into your routing platform configuration by issuing the load merge configuration mode command edit user host load merge var tmp ex script conf load complete Merging a Snippet To merge a snippet follow these steps 1 From the HTML or PDF version of the manual copy a configuration snippet into a text file save the file with a name and copy the file to a directory on your routing platform For example copy the following snippet to a file and name the file ex script snippet conf Copy the ex script snippet conf file to the var tmp directory on your routing platform commit file ex script snippet xsl xvi Copyright 2015 Juniper Networks Inc About the Documentation 2 Move to the hierarchy level that is relevant for this snippet by issuing the following configuration mode command edit user host edit system scripts edit system scripts 3 Merge the contents of the file into your routing platform configuration by issuing the load merge relative configuration mode command edit system scripts user host load merge relative var tmp ex script snippet conf load complete For more information about the load command see the CLI User Guide Documentation Conventions Table 1 on page xvii defines notice icons used in this guide Table 1 Notice Icons
233. f SNMP traps The trap group must be configured for SNMP traps to be sent To create an SNMP trap group include the trap group statement at the edit snmp hierarchy level edit snmp trap group group name categories category destination port port number routing instance instance targets address version all v1 v2 The trap group name can be any string and is embedded in the community name field of the trap To configure your own trap group port include the destination port statement The default destination port is port 162 For each trap group that you define you must include the target statement to define at least one system as the recipient of the SNMP traps in the trap group Specify the IPv4 or IPv6 address of each recipient not its hostname Specify the types of traps the trap group can receive in the categories statement For information about the category to which the traps belong see the Standard SNMP Traps Supported on Devices Running Junos OS on page 95 and Juniper Networks Enterprise Specific SNMP Traps on page 80 topics Specify the routing instance used by the trap group in the routing instance statement All targets configured in the trap group use this routing instance A trap group can receive the following categories Copyright 2015 Juniper Networks Inc Copyright 2015 Juniper Networks Chapter 5 Configuring SNMP authentication Authentication failures
234. faces interfaces all internal interfaces interface 1 interface 2 edit snmp Statement introduced in Junos OS Release 9 4 Statement introduced in Junos OS Release 9 4 for EX Series Switches Filter out information related to specific interfaces from the output of SNMP Get and GetNext requests performed on interface related MIBs all internal interfaces Filters out information from SNMP Get and GetNext requests for the specified interfaces interfaces Specifies the interfaces to filter out from the output of SNMP Get and GetNext requests snmp To view this statement in the configuration snmp control To add this statement to the configuration Filtering Interface Information Out of SNMP Get and GetNext Output on page 125 Copyright 2015 Juniper Networks Inc 277 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices group Configuring Group Name Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 278 ACX Series EX Series M Series MX Series OCX1100 PTX Series OFabric System OFX Series standalone switches SRX Series T Series group group name default context prefix context prefix context prefiix security model any usm v1 v2c security level authentication none privacy notify view view name read view view name write view view name
235. fining and Configuring the Trap Target Parameters on page 163 Adding a Group of Clients to an SNMP Community on page 166 Configuring the SNMPv3 Community on page 167 Example SNMPv3 Community Configuration on page 169 Configuring the Inform Notification Type and Target Address on page 170 Example Configuring the Inform Notification Type and Target Address on page 171 Configuring the Remote Engine and Remote User on page 172 Example Configuring the Remote Engine ID and Remote Users on page 173 Copyright 2015 Juniper Networks Inc 137 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices SNMPv3 Overview Supported Platforms Related Documentation ACX Series LN Series M Series MX Series PTX Series SRX Series T Series In contrast to SNMP version 1 SNMPv1 and SNMP version 2 SNMPv2 SNMP version 3 SNMPv3 supports authentication and encryption SNMPv3 uses the user based security model USM for message security and the view based access control model VACM for access control USM specifies authentication and encryption VACM specifies access control rules USM uses the concept of a user for which security parameters levels of security authentication privacy protocols and keys are configured for both the agent and the manager Messages sent using USM are better protected than messages sent with community strings where passwords are sent in the clear With USM messages exchanged between the
236. for a group of target addresses address mask combined with the address defines a range of addresses snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Address Mask on page 162 Copyright 2015 Juniper Networks Inc agent address Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series SRX Series T Series agent address outgoing interface edit snmp trap options Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Set the agent address of all SNMPv1 traps generated by this router or switch Currently the only option is outgoing interface which sets the agent address of each SNMPvI1 trap to the address of the outgoing interface of that trap outgoing interface Value of the agent address of all SNMPv1 traps generated by this router or switch The outgoing interface option sets the agent address of each SNMPv1 trap to the address of the outgoing interface of that trap Default disabled the agent address is not specified in SNMPv1 traps snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Agent Address for SNMP Tra
237. for an SNMP Group on page 148 Configuring SNMPv3 Traps on a Device Running Junos OS on page 158 Configuring SNMP Informs on page 157 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Creating SNMPv3 Users Supported Platforms 138 LN Series M Series MX Series PTX Series OFX Series SRX Series T Series Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 For each SNMPv3 user you can specify the username authentication type authentication password privacy type and privacy password After a user enters a password a key based on the engine ID and password is generated and is written to the configuration file After the generation of the key the password is deleted from this configuration file D NOTE You can configure only one encryption type for each SNMPv3 user To create users include the user statement at the edit snmp v3 usm local engine hierarchy level edit snmp v3 usm local engine user username username is the name that identifies the SNMPv3 user To configure user authentication and encryption include the following statements at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username authentication md5 authentication password authentication password authentication sha authentication password authentication password aut
238. for an SNMPv3 Group Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation health monitor Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation Copyright 2015 Juniper Networks Inc ACX Series EX Series M Series MX Series OCX1100 PTX Series OFabric System OFX Series standalone switches SRX Series T Series group group name edit snmp v3 vacm security to group security model usm v1 v2c security name security name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Statement introduced in Junos OS Release 14 1X53 D20 for the OCX Series Define access privileges granted to a group group name ldentifies a collection of SNMP security names that belong to the same access policy SNMP snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Group on page 154 EX Series LN Series M Series MX Series PTX Series T Series health monitor falling threshold percentage interval seconds rising threshold percentage edit snmp Statement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 f
239. g rising or falling variable event index community description type log trap log and trap none If you do not have CLI access you can configure remote monitoring using the SNMP Manager or management application assuming SNMP access has been granted See Table 22 on page 233 To configure RMON using SNMP perform SNMP Set requests to the RMON event and alarm tables Set up an event for each type that you want to generate For example you could have two generic events rising and falling or many different events for each variable that is being monitored for example temperature rising event temperature falling event firewall hit event interface utilization event and so on Once the events have been configured you do not need to update them Table 22 RMON Event Table Field Description eventDescription Text description of this event eventType Type of event for example log trap or log and trap eventCommunity Trap group to which to send this event as defined in the Junos OS configuration which is not the same as the community eventOwner Entity for example manager that created this event eventStatus Status of this row for example valid invalid or createRequest The RMON alarm table stores the SNMP object identifiers including their instances of the variables that are being monitored together with any rising and falling thresholds and their corresponding event index
240. g Devices Running Junos OS Supported Platforms Related Documentation ACX Series M Series MX Series PTX Series QFX Series T Series A traceroute test approximates the path packets take from the local host to the remote host RFC 2925 is the authoritative description of the Traceroute MIB in detail and provides the ASN 1 MIB definition of the Traceroute MIB SNMP Remote Operations Overview on page 185 Starting a Traceroute Test Monitoring a Running Traceroute Test Monitoring Traceroute Test Completion Gathering Traceroute Test Results Stopping a Traceroute Test Interpreting Traceroute Variables Copyright 2015 Juniper Networks Inc 195 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 196 Copyright 2015 Juniper Networks Inc CHAPTER 9 Tracing SNMP Activity Tracing SNMP Activity on a Device Running Junos OS on page 197 e Example Tracing SNMP Activity on page 200 Tracing SNMP Activity on a Device Running Junos OS Supported Platforms ACX Series M Series MX Series PTX Series QFX Series SRX Series T Series SNMP tracing operations track activity for SNMP agents and record the information in log files The logged error descriptions provide detailed information to help you solve problems faster By default Junos OS does not trace any SNMP activity If you include the traceoptions statement at the edit snmp hierarchy level the default tracing
241. g Secured Access List Checking 0005 124 Filtering Interface Information Out of SNMP Get and GetNext Output 125 Contisuring MIB VIEWS 2c 0 420 ctacaenee ust oernobreqiie Gove adeheneedet 126 Example Ping Proxy MIB 1 cc ee eee nae 127 Configuring SNMP Trap Options and Groups on a Device Running Junos OS 128 Configuring SNMP Trap Options 0 cc eee ees 128 Configuring the Source Address for SNMP TrapS 000000 0s 129 Configuring the Agent Address for SNMP TrapS 0000 eens 131 Adding snmpTrapEnterprise Object Identifier to Standard SNMP Traps 131 Configuring SNMP Trap GroUpS 2 eee eens 132 Example Configuring SNMP Trap GroupS 0 0c eee 134 Configuring the Trap Notification Filter 0 eee 135 Configuring SNMPV3 4es lt ssived danse set vente eaied seek seesaw och 137 SNMPV3VOVETIEW acco ace aun aise Sule ei raya eg ay acta GS aus gr BS Aun genious kee BG bas 138 Creatine SNMPV 3S USES ius ane Goss ose eth con teh See Rak na a dees Gus enideeee age aes 138 Example SNMPv3 Configuration 0 0 0 ee eee eee 139 Example Creating SNMPv3 Users Configuration 00000 cee ee 142 Minimum SNMPv3 Configuration on a Device Running Junos OS 143 Configuring the SNMPv3 Authentication Type 6 eee 145 Configuring MD5 Authentication 0 0 0 eee 145 Configuring SHA Authentication 0 0 0 0 0c eee eee 145 Configuring No Authentica
242. g engine status 356 user host gt show snmp health monitor routing engine status Health monitor status Alarm Resource Current Config Threshold Interval Index Name State Action M H C sec 32770 MD3 jail mfs Active 47 Monitor 70 80 90 1 32773 MD2 mfs var run utm Moderate 69 Monitor 70 80 90 1 32776 MD1 mfs Active 13 Monitor 70 80 90 1 32782 Root cf Moderate 54 Monitor 30 70 85 1 32785 Config config Active 0 Monitor 30 70 85 1 Copyright 2015 Juniper Networks Inc 32779 32788 32791 32800 32803 32797 Copyright 2015 Juniper Networks Inc Var cf var CPU Memory RE process count RE open files count RE Temperature Critical 85 Critical 100 Critical 88 High 81 Moderate 58 Moderate 44 Monitor Monitor Monitor Monitor Monitor Monitor Chapter 17 Operational Commands 30 70 85 30 70 85 70 80 90 30 70 85 30 70 85 30 70 85 PRPRPRPRP PR 357 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices show snmp mib View Supported Platforms Syntax Release Information Description Options Required Privilege Level Related Documentation List of Sample Output 358 LN Series SRX Series show snmp mib get get next walk ascii decimal object id Command introduced in Junos OS Release 9 4 Support for IPv4 and IPv6 systemwide policy statistics added in Junos OS Release 12 1X46 D10 Display local SNMP MIB object values
243. guration e Configuring the Falling Threshold or Rising Threshold on page 225 falling threshold on page 275 Copyright 2015 Juniper Networks Inc 305 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices rising threshold Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation rmon Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation 306 EX Series LN Series M Series MX Series PTX Series T Series rising threshold percentage edit snmp Statement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 for EX Series switches The upper threshold is expressed as a percentage of the maximum possible value for the sampled variable When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval is less than this threshold a single event is generated A single event is also generated if the first sample after this entry becomes valid is greater than or equal to this threshold After a rising event is generated another rising event cannot be generated until the sampled value falls below this threshold and reaches the falling threshold percentage The lower threshold for the alarm entry Range 1 through 100 Default 80 percent of the maxi
244. guration Statements and Operational Commands Operational COMMANRGS cece tetwmons weet eehetd costewwa i ewedaados 345 Table 26 show snmp health monitor Output Fields 346 Table 27 show snmp health monitor routing engine history Output Fields 352 Table 28 show snmp health monitor routing engine status Output Fields 356 Table 29 show snmp mib Output FieldS 0 0 00 cee eee 359 Table 30 show system log vital Output fields 000 00005 361 Copyright 2015 Juniper Networks Inc About the Documentation Documentation and Release Notes on page xv Supported Platforms on page xv e Using the Examples in This Manual on page xv Documentation Conventions on page xvii Documentation Feedback on page xix Requesting Technical Support on page xix Documentation and Release Notes To obtain the most current version of all Juniper Networks technical documentation see the product documentation page on the Juniper Networks website at http www juniper net techpubs If the information in the latest release notes differs from the information in the documentation follow the product Release Notes Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts These books go beyond the technical documentation to explore the nuances of network architecture deployment and administration The current list can be viewed at http www juniper ne
245. h Monitor jroute daemon memory usage Routing protocols process 51452 active Management process 38284 active Management process 38356 active Command line interface 49108 active Periodic packet management process 9828 active Bidirectional Forwarding Detection process 13088 active Service Deployment Client 10012 active Event processing process 12692 active Layer 2 address flooding and learning process 20212 active MPLS Periodic Traceroute process 10488 active Multicast Snooping process 9608 active Feature license management process 12372 active 32794 Health Monitor jkernel daemon memory usage Init daemon 1684 active Chassis control process 115888 rising threshold Firewall process 22584 active Interface control process 34000 active Simple Network Management Protocol process 21772 active Management Information Base II process 27848 active Alarm control process 12568 active Packet Forwarding Engine statistics management process 24388 active Craft interface I O control process 13248 active Remote operations process 13712 active Class of service process 18908 active Internal routing service process 7924 active Inet process 6052 active USB supervise process 2388 active PPP process 8772 active Juniper Stateful Redundancy Protocol Daemon 13668 active Network security daemon 24248 active Simple Mail Transfer Protocol Client process 8088 active 350 Copyright 2015 Juniper Networks Inc 32797 32800 32803 32804 32805
246. h ni 38 42 48 System L g nensanns arannana 4 47 53 Traceroute kiniinin 42 47 53 UENEN 42 47 53 369 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices views SNMP a tenia 126 VPN Certificate Objects eee 42 48 53 monitoring Service QUAIL sisipe iiaa 235 MPLS STANGAMG TADS sisiecedccsscasceccscee fe ictsics cc dseceeatdcensieathanevenss 104 MULTICAST MIB cceccsseesesssscsesescessscssesssessssessestsessssesnsees 22 32 N NAME StATEMENL cccecscsecscssesssssscsescsesseseseesesessssesestseseees 288 usage BUIGELINGS 0 ceeecescssescssessseesesessestseesesessesseeeseeeeees 119 NAT Objects MIB sssessseserserrserrrsrresrreerrresrresn 36 40 46 51 Network Address Translation Objects MIB See NAT Objects MIB nonvolatile StATAMENL cceseesessessessssteseeseesesteseesesseesesees 289 notify STATEMENK cece csseseseeseseetestseesteteeeseneseeenees 290 usage BUICELINGS 0 ceeecseessscssesesessescsseseseesesessestssesteeees 159 notify filter statement for applying to tarBet cesses 291 Usage guideline S sniisniiiniineni 164 TOP CONE UNNE nrsinsminsannpnnanin 291 usage BUIGELINGS cece cstesessessseeseeesesesesseee 135 notify view statemMent ee eesssseriserressrrserresrresrrienrresrreern 292 USASE gyjdeljhES irc 151 O oid statement SNMP a E 293 usage guidelineS ssssesrieerirerrrrrrserrresrrerreess 126 SNMPVS cianie Siia 294 sage gyY deliNeS iiiiiiiin
247. he edit snmp v3 snmp community community index hierarchy level edit snmp v3 snmp community community index community namecommunity name community name is the community string for an SNMPv1 or SNMPv2c community If unconfigured it is the same as the community index If the community name contains spaces enclose it in quotation marks D NOTE Community names must be unique You cannot configure the same community name at the edit snmp community and edit snmp v3 snmp community community index hierarchy levels The configured community name at the edit snmp v3 snmp community community index hierarchy level is encrypted You cannot view the community name after you have configured it and committed your changes In the command line interface CLI the community name is concealed Configuring the Context 168 An SNMP context defines a collection of management information that is accessible to an SNMP entity Typically an SNMP entity has access to multiple contexts A context can be a physical or logical system a collection of multiple systems or even a subset of a system Each context ina management domain has a unique identifier Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 To configure an SNMP context include the context context name statement at the edit snmp v3 snmp community community index hierarchy level edit snmp v3 snmp community community index context context name
248. he traps are organized first by trap category and then by trap name The system logging severity levels are listed for those traps that have them Traps that do not have corresponding system logging severity levels are marked with an en dash For more information about system messages see the Junos OS System Log Messages Reference For more information about configuring system logging see the Junos OS Administration Library for Routing Devices To view the Juniper Networks enterprise specific SNMP version 1 traps see Juniper Networks Enterprise Specific SNMP Version 1 Traps on page 81 For more information about chassis traps see Chassis Traps Table 13 Juniper Networks Enterprise Specific Supported SNMP Version 2 Traps System Logging Severity Source MIB Trap Name snmpTrapOID Level System Log Tag Supported On Chassis Alarm Conditions Notifications Chassis MIB jnxPowerSupplyFailure 1 3 6 1 4 1 2636 4 1 1 Alert CHASSISD_SNMP_ All devices running Junos jnx chassis TRAP OS mib jnxFanFailure 1 3 6 1 4 1 2636 4 1 2 Critical CHASSISD_SNMP__ All devices running Junos TRAP OS jnxOverTemperature 1 3 6 1 4 1 2636 4 1 3 Critical CHASSISD_SNMP_ All devices running Junos TRAP Os jnxFruNotifAdminStatus Notice jnxFruNotifMismatch Notice jnxFruNotifOperStatus Notice jnxRedundancySwitchOver 1 3 6 1 4 1 2636 4 1 4 Critical CHASSISD_SNMP__ All devices running Junos TRAP OS jnxFruRemoval 1 3 6 1 4
249. hentication none privacy aes128 privacy password privacy password privacy des privacy password privacy password privacy 3des privacy password privacy password privacy none Related Complete SNMPv3 Configuration Statements on page 251 Documentation e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 e Example Creating SNMPv3 Users Configuration on page 142 Example SNMPv3 Configuration on page 139 Example SNMPv3 Configuration Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Define an SNMPv3 configuration edit snmp engine id use mac address Copyright 2015 Juniper Networks Inc 139 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 140 view jnxAlarms oid 1 3 6 1 4 1 2636 3 4 include view interfaces oid 1 3 6 1 2 1 2 include view ping mib oid 1 3 6 1 2 1 80 include edit snmp v3 notify nl tag router Identifies a set of target addresses type trap Defines type of notification notify n2 tag hostl type trap notify filter nfl oid 1 include Defines which traps to send In this case includes all traps notify filter nf2 oid 1 3 6 1 4 1 include Sends enterprise specific traps only notify filter nf3 oid 1 3 6 1 2 1 1 5 include Sends BGP traps only snmp community index community name 9 JOZi OF AtOz3 SECRET DATA security name john
250. hich the variable name is resolved The format is x x x x Sample type Method of sampling the monitored variable and calculating the value to compare against the upper and lower thresholds It can have the value of absolute value or delta value Startup alarm Alarm that might be sent when this entry is first activated depending on the following criteria e Alarm is sent when one of the following situations exists e Value of the alarm is above or equal to the rising threshold and the startup type is either rising alarm or rising or falling alarm e Value of the alarm is below or equal to the falling threshold and the startup type is either falling alarm or rising or falling alarm e Alarm isnot sent when one of the following situations exists e Value of the alarm is above or equal to the rising threshold and the startup type is falling alarm e Value of the alarm is below or equal to the falling threshold and the startup type is rising alarm e Value of the alarm is between the thresholds Owner Name of the entry configured by the user If the entry was created through the CLI the owner has monitor prepended to it Creator Mechanism by which the entry was configured Health Monitor Copyright 2015 Juniper Networks Inc 347 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 26 show snmp health monitor Output Fields continued Field Name Field Description Sample int
251. hreshold for the sampled variable When the current sampled value is less than or equal to this threshold and the value at the last sampling interval is greater than this threshold a single event is generated A single event is also generated if the first sample after this entry becomes valid is less than or equal to this threshold and the associated startup alarm value is equal to falling alarm value or rising or falling alarm value After a falling event is generated another falling event cannot be generated until the sampled value rises above this threshold and reaches the rising threshold integer The lower threshold for the alarm entry Range 2 147 483 648 through 2 147 483 647 Default 20 percent less than rising threshold snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Falling Threshold or Rising Threshold on page 225 rising threshold on page 305 Copyright 2015 Juniper Networks Inc 275 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices falling threshold interval Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation filter duplicates Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation 276 EX Series LN Series M Series M
252. ications to a particular management target SNMPv3 also lets you define SNMPv1 and SNMPv2c traps NOTE When you configure SNMP traps make sure your configured access privileges allow the traps to be sent Access privileges are configured at the edit snmp v3 vacm access and edit snmp v3 vacm security to group hierarchy levels To configure SNMP traps include the following statements at the edit snmp v3 hierarchy level edit snmp v3 notify name tag tag name type trap notify filter name Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 oid object identifier include exclude target address target address name address address address mask address mask logical system logical system port port number routing instance instance tag list tag list target parameters target parameters name target parameters target parameters name notify filter profile name parameters message processing model v1 v2c v3 security level authentication none privacy security model usm v1 v2c security name security name l Related Configuring the SNMPv3 Trap Notification on page 159 Documentation e Configuring the Trap Notification Filter on page 135 e Configuring the Trap Target Address on page 161 Defining and Configuring the Trap Target Parameters on page 163 e Configuring SNMP Informs on page 157 Configuring the Remote Engine and Remote User on page 17
253. icy Users belonging to a particular SNMP group inherit all access privileges granted to that group Configuring the Security Model To configure the security model include the security model statement at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix hierarchy level edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c any Any security model usm SNMPv3 security model e vI SNMPV1 security model e v2c SNMPv2c security model Configuring the Security Level To configure the access privileges granted to packets with a particular security level include the security level statement at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c hierarchy level edit snmp v3 vacm access group group name default context prefix security model any usm v1 v2c security level authentication none privacy none Provides no authentication and no encryption authentication Provides authentication but no encryption privacy Provides authentication and encryption NOTE Access privileges are granted to all packets with a security level equal to or greater than that configured If you are configuring the SNMPv1 or SNMPv2c security model use none as your security level If you are
254. ide for Security Devices Monitored Objects 240 This topic describes the minimum required configuration and discusses the following tasks for configuring the health monitor e Monitored Objects on page 240 e Minimum Health Monitoring Configuration on page 241 Configuring the Falling Threshold or Rising Threshold on page 241 Configuring the Interval on page 241 Log Entries and Traps on page 242 When you configure the health monitor monitoring information for certain object instances is available as shown in Table 25 on page 240 Table 25 Monitored Object Instances Object Description jnxHrStoragePercentUsed 1 Monitors the following file system on the router or switch dev adOsla This is the root file system mounted on jnxHrStoragePercentUsed 2 Monitors the following file system on the router or switch dev adOsle This is the configuration file system mounted on config jnxOperatingCPU REO Monitors CPU usage for Routing Engines REO and RE1 The index values assigned to Routing Engines depend on whether the Chassis MIB uses a zero based or ones based indexing scheme Because the indexing scheme is configurable the proper index is determined when the router or switch is initialized and when there is a configuration change If the router or switch has only one Routing Engine the alarm entry monitoring RE1 is removed after five failed attempts to obtain the CPU value jnxOperatingCPU RE1
255. ied as part of the object identifier OID To create a row set pingCtlRowStatus to createAndWait or createAndGo on a row that does not already exist A value of active for pingCtlRowStatus indicates that all necessary information has been supplied and the test can begin pingCtlAdminStatus can be set to enabled An SNMP Set request that sets pingCtlRowStatus to active will fail if the necessary information in the row is not specified or is inconsistent For information about how to configure a view see Setting SNMP Views on page 186 There are two ways to start a ping test e Using Multiple Set Protocol Data Units PDUs on page 189 Using a Single Set PDU on page 189 Using Multiple Set Protocol Data Units PDUs You can use multiple Set request PDUs multiple PDUs with one or more varbinds each and set the following variables in this order to start the test pingCtlLRowStatus to createAndWait All appropriate test variables pingCtlLRowStatus to active Junos OS now verifies that all necessary information to run a test has been specified pingCtlAdminStatus to enabled Using a Single Set PDU You can use a single Set request PDU one PDU with multiple varbinds to set the following variables to start the test pingCtlLRowStatus to createAndGo All appropriate test variables pingCtlAdminStatus to enabled Copyright 2015 Juniper Networks Inc 189 SNMP MIBs and Traps Monitoring and Troubleshooting
256. ies T Series An alarm entry monitors the value of a MIB variable You can configure how often the value is sampled the type of sampling to perform and what event to trigger if a threshold is crossed This section discusses the following topics Configuring the Alarm Entry on page 224 Configuring the Description on page 225 Configuring the Falling Event Index or Rising Event Index on page 225 e Configuring the Falling Threshold or Rising Threshold on page 225 e Configuring the Interval on page 226 Configuring the Falling Threshold Interval on page 226 Configuring the Request Type on page 226 Configuring the Sample Type on page 227 Configuring the Startup Alarm on page 227 e Configuring the System Log Tag on page 227 Configuring the Variable on page 228 Configuring the Alarm Entry 224 An alarm entry monitors the value of a MIB variable The rising event index rising threshold sample type and variable statements are mandatory All other statements are optional To configure the alarm entry include the alarm statement and specify an index at the edit snmp rmon hierarchy level edit snmp rmon alarm index description description falling event index index falling threshold integer falling threshold interval seconds interval seconds rising event index index rising threshold integer sample type absolute value delta value startup alarm falling alarm rising alarm rising
257. ificate Objects MIB Provides support for monitoring the local and CA certificates loaded on the router This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js cert txt For more information see VPN Certificate Objects MIB Structure of Management Information MIB List of SRX5400 SRX5600 and SRX5800 Services Gateways Supported Enterprise Specific MIBs Supported Platforms 48 LN Series SRX5400 SRX5600 SRX5800 Junos OS supports the following enterprise specific MIBs e Structure of Management Information MIB Contains object identifiers OIDs for the security branch of the MIBs used in Junos OS for SRX Series devices product services and traps This MIB is currently supported only by Junos OS for SRX Series devices It also explains how the Juniper Networks enterprise specific MIBs are structured Fora downloadable version of this MIB http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx smi txt For more information see Structure of Management Information MIB AAA Objects MIB Provides support for monitoring user authentication authorization and accounting through the RADIUS LDAP SecurID and local authentication servers This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http
258. iflnOctets 1 event 100 community bedrock description emergency events type log and trap Related Understanding RMON Alarms and Events Configuration on page 223 D tati ocumentatnon e Configuring an Alarm Entry and Its Attributes on page 224 e Configuring an Event Entry and Its Attributes on page 228 Example Configuring Health Monitoring Supported Platforms LN Series M Series MX Series PTX Series T Series Configure the health monitor edit snmp health monitor falling threshold 85 interval 600 rising threshold 75 In this example the sampling interval is every 600 seconds 10 minutes the falling threshold is 85 percent of the maximum possible value for each object instance monitored and the rising threshold is 75 percent of the maximum possible value for each object instance monitored Copyright 2015 Juniper Networks Inc 229 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Configuring Health Monitoring on Devices Running Junos OS on page 239 Documentation 230 Copyright 2015 Juniper Networks Inc CHAPTER 14 Monitoring RMON Alarms and Events e Understanding RMON for Monitoring Service Quality on page 231 e Understanding Measurement Points Key Performance Indicators and Baseline Values on page 235 Understanding RMON for Monitoring Service Quality Supported Platforms ACX Series LN Series M Series MX Series PTX Series T Seri
259. ight 2015 Juniper Networks Inc Related Documentation Chapter 16 Configuration Statements security to group security model usm v1 v2c security name security name group group name e Creating SNMPv3 Users on page 138 e Configuring MIB Views on page 126 e Defining Access Privileges for an SNMP Group on page 148 Configuring SNMPv3 Traps on a Device Running Junos OS on page 158 e Configuring SNMP Informs on page 157 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 access list Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series edit snmp routing instance access access list routing instance routing instance restrict edit snmp routing instance access Statement introduced in Junos OS Release 8 4 Create access lists to control SNMP agents in routing instances from accessing SNMP information To enable the SNMP agent on a routing instance to access SNMP information specify the routing instance name To disable the SNMP agent on a routing instance from accessing SNMP information include the routing instance name followed by the restrict keyword snmp To view this statement in the configuration snmp control To add this statement to the configuration e routing instance access on page 310 Copyr
260. ight 2015 Juniper Networks Inc 253 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices address Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation address mask Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 254 EX Series LN Series M Series MX Series PTX Series T Series address address edit snmp v3 target address target address name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Specify the SNMP target address address Pv4 address of the system to receive traps or informs You must specify an address not a hostname snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Address on page 161 ACX Series EX Series LN Series M Series MX Series PTX Series SRX Series T Series address mask address mask edit snmp v3 target address target address name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 on the OFX Series Statement introduced in Junos OS Release 14 1X53 D20 for the OCX Series Verify the source addresses
261. iguring Access Lists for SNMP Access over Routing Instances on page 183 Example Configuring Interface Settings for a Routing Instance on page 181 Example Configuring Interface Settings for a Routing Instance Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series This example shows an 802 3ad aeO interface configuration allocated to a routing instance named INFrtd edit chassis aggregated devices ethernet device count 5 edit interfaces ae0 vlan tagging aggregated ether options minimum links 2 Copyright 2015 Juniper Networks Inc 181 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 182 link speed 100m unit O vlan id 100 family inet address 10 1 0 1 24 edit interfaces fe 1 1 0 fastether options 802 3ad aeO edit interfaces fe 1 1 1 fastether options 802 3ad aeO edit routing instances INFrtd instance type virtual router interface fe 1 1 0 0 interface fe 1 1 1 0 interface fe 1 1 5 0 interface ae0 0 protocols ospf area 0 0 0 0 interface all The following snmpwalk command shows how to retrieve SNMP related information from router and the 802 3ae bundle interface belonging to routing instance INFrtd with the SNMP community public router snmpwalk Os router INFrtd public dot3adAggTable dot3adAggMACAddress 59 0 90 69 92 93 fO dot3adAggMACAddress 65 0 90 69 92 93 f0
262. include the trap options statement at the edit snmp hierarchy level edit snmp trap options agent address outgoing interface enterprise oid logical system routing instance source address address You must also configure a trap group for the trap options to take effect For information about trap groups see Configuring SNMP Trap Groups on page 132 This topic contains the following sections e Configuring the Source Address for SNMP Traps on page 129 Configuring the Agent Address for SNMP Traps on page 131 Adding snmpTrapEnterprise Object Identifier to Standard SNMP Traps on page 131 Configuring the Source Address for SNMP Traps A valid IPv4 Address As the Source Address You can configure the source address of trap packets in many ways loO a valid IPv4 address configured on one of the router interfaces a logical system address or the address of a routing instance The value loO indicates that the source address of the SNMP trap packets is set to the lowest loopback address configured on the interface loO You can configure the source address of trap packets in one of the following formats avalid IPv4 address configured on one of the router interfaces loO that is the lowest loopback address configured on the interface loO alogical system name arouting instance name To specify a valid interface address as the source address for SNMP traps on one of the router interfaces include the
263. ine id user username Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the Data Encryption Standard DES as the privacy type for the SNMPv3 user privacy password privacy password Password that a user enters The password is then converted into a key that is used for encryption SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Encryption Type on page 146 Copyright 2015 Juniper Networks Inc privacy none Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation Chapter 16 Configuration Statements LN Series M Series MX Series PTX Series OFX Series T Series privacy none edit snmp v3 usm local engine user username edit snmp v3 usm remote engine engine id user username Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX
264. ing and Troubleshooting Guide for Security Devices Copyright 2015 Juniper Networks Inc T SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices For more information about system logging severity levels for standard traps see Standard SNMP Version 1 Traps on page 96 and Standard SNMP Version 2 Traps on page 99 For more information about system logging severity levels for enterprise specific traps see Juniper Networks Enterprise Specific SNMP Version 1 Traps on page 81 and Juniper Networks Enterprise Specific SNMP Version 2 Traps on page 88 Junos OS SNMP Agent Features Related Documentation The Junos OS SNMP agent software consists of an SNMP master agent that delegates all SNMP requests to subagents Each subagent is responsible for the support of a specific set of MIBs The Junos OS supports the following versions of SNMP SNMPv1 The initial implementation of SNMP that defines the architecture and framework for SNMP SNMPv2c The revised protocol with improvements to performance and manager to manager communications Specifically SNMPv2c implements community strings which act as passwords when determining who what and how the SNMP clients can access the data in the SNMP agent The community string is contained in SNMP Get GetBulk GetNext and Set requests The agent might require a different community string for Get GetBulk and GetNext requests read only acces
265. ing and Troubleshooting Guide for Security Devices message processing model Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation name Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 288 EX Series LN Series M Series MX Series PTX Series OFX Series T Series message processing model v1 v2c v3 edit snmp v3 target parameters target parameter name parameters Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the message processing model to be used when generating SNMP notifications vI SNMPv 1 message process model v2c SNMPv2c message process model v3 SNMPv3 message process model snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Message Processing Model on page 164 EX Series LN Series M Series MX Series PTX Series SRX Series T Series name name edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Set the system name from the command line interface name System name override snmp To view this st
266. int to Point Protocol only pppLink group is supported The pppLink group consists of the pppLcp1 object and the tables pppLinkStatustable and pppLinkConfigTable RFC 1657 Definitions of Managed Objects for the Fourth Version of the Border Gateway Protocol BGP 4 using SMIv2 RFC 1695 Definitions of Managed Objects for ATM Management Version 8 0 Using SMIv2 Copyright 2015 Juniper Networks Inc 17 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 4 Standard MIBs Supported on Devices Running Junos OS continued Platforms MIB RFC RFC 1850 OSPF Version 2 Management 1 Information Base except for the ospfOriginateNewLsas and ospfRxNewLsas objects the Host Table and the traps ospfOriginateLSA ospfLsdbOverflow and ospfLsdbApproachingOverflow RFC 1901 Introduction to Community based 1 SNMPv2 RFC 2011 SNMPv2 Management Information Base 1 1 1 for the Internet Protocol Using SMIv2 RFC 2012 SNMPv2 Management Information Base 1 1 for the Transmission Control Protocol Using SMIv2 RFC 2013 SNMPv2 Management Information Base 1 1 1 for the User Datagram Protocol Using SMIlv2 RFC 2024 Definitions of Managed Objects forData O 1 1 1 O Link Switching Using SMIv2 except for the dlswinterface and dlswSdlc object groups the dlswDirLocateMacTable dlswDirNBTable and dlswDirLocateNBTable tables the dlswCircuitDiscR
267. ion e Configuring the SNMP Community String on page 120 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements view Configuring a MIB View Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series PTX Series SRX Series T Series view view name oid object identifier include exclude edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Define a MIB view A MIB view identifies a group of MIB objects Each MIB object in a view has a common OID prefix Each object identifier represents a subtree of the MIB object hierarchy The view statement uses a view to specify a group of MIB objects on which to define access To enable a view you must associate the view with a community by including the view statement at the edit snmp community community name hierarchy level NOTE To remove an OID completely use the delete view all oid oid number command but omit the include parameter view name Name of the view The remaining statement is explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring MIB Views on page 126 e Associating MIB Views with an SNMP User Group on page 151 community
268. ion of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx util txt For more information see Utility MIB VPN Certificate Objects MIB Provides support for monitoring the local and CA certificates loaded on the router This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js cert txt For more information see VPN Certificate Objects MIB System Log Monitoring and Troubleshooting Guide for Security Devices Structure of Management Information MIB List of SRX1400 SRX3400 and SRX3600 Services Gateways Supported Enterprise Specific MIBs Supported Platforms 42 LN Series SRX1400 SRX3400 SRX3600 Junos OS supports the following enterprise specific MIBs e Structure of Management Information MIB Contains object identifiers OIDs for the security branch of the MIBs used in Junos OS for SRX Series devices product services and traps This MIB is currently supported only by Junos OS for SRX Series devices It also explains how the Juniper Networks enterprise specific MIBs are structured For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x46 topics reference mibs mib jnx js smi txt For more information see Structure of Management Information MIB AAA Objects MIB Provides support for mo
269. iper Networks Inc SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Chapter 4 Chapter 5 Chapter 6 Standard SNMP Traps Supported on Devices Running Junos OS 95 Standard SNMP Version TrapS 2 0 erri nat ebrea nia eee 96 Standard SNMP Version 2 TrapS 0 eee eens 99 SNMP Version 2 MPLS TrapS 0 cee ee eee eee eae 104 SNMP Version 2L3VPN TrapS 2 00 ee ees 105 Unsupported Standard SNMP Traps 20 0 00 cc eee eee 106 Loading MIB Files to a Network Management System 2 0005 111 Loading MIB Files to a Network Management System 0000005 MW COnfisurines SNMP s lt cionscedseag cists ead eal a e a ae i ee sal 5 Configuring SNMP on a Device Running JunoS OS 2 0 ee ee 115 Configuring the System Contact on a Device Running Junos OS 118 Configuring the System Location for a Device Running Junos OS 118 Configuring the System Description on a Device Running Junos OS 119 Configuring the System Name erriceretneree n iri pran orr rT 119 Configuring the Commit Delay Timer 0 0 0 0 0000 eee ee eee 120 Configuring the SNMP Community String 2 0 00 ee eee 120 Examples Configuring the SNMP Community String 0005 122 Filtering Duplicate SNMP RequestS 0 00000 ccc ee eee eee 123 Configuring the Interfaces on Which SNMP Requests Can Be Accepted 124 Example Configurin
270. iper Networks Enterprise Specific MIBs on page 32 e Enterprise Specific MIBs and Supported Devices on page 53 Juniper Networks Enterprise Specific SNMP Traps Supported Platforms 80 LN Series SRX Series This topic provides pointers to the enterprise specific SNMP traps supported by the Junos OS NOTE All enterprise specific SNMP traps supported by the Junos OS can be sent in version 1 2 and 3 formats e Juniper Networks Enterprise Specific SNMP Version 1 Traps on page 81 Juniper Networks Enterprise Specific SNMP Version 2 Traps on page 88 Juniper Networks Enterprise Specific BGP Traps Juniper Networks Enterprise Specific DOM Traps Juniper Networks Enterprise Specific LDP Traps Juniper Networks Enterprise Specific License MIB Notifications Juniper Networks Enterprise Specific MIMSTP Traps Juniper Networks Enterprise Specific MPLS Traps Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS NOTE Forscalability reasons the MPLS traps are generated by the ingress router only For information about disabling the generation of MPLS traps see the Junos OS MPLS Applications Library for Routing Devices Juniper Networks Enterprise Specific Traps on EX Series Switches Juniper Networks Enterprise Specific Traps on MX Series 3D Universal Edge Routers Related Standard SNMP Traps Supported on Devices Running Junos OS on page 95 Documentation Juniper
271. isabling syslvd will not impact the existing data in the dump file Once all configuration commands are removed syslvd is disabled automatically If syslvd is disabled in the middle of a collection data from the current collection will be lost but data available in the current dump file is retained Generating Raw MIB OID from a Policy on page 205 Generating Readable Raw OID Data Collections on page 204 Generating Readable Raw OID Data Collections Supported Platforms 204 SRX Series You can use the set system log vital add oid comment comment command to make raw object identifiers OIDs that are lengthy and unreadable easily understood edit system log vital add oid comment comment The OID parameter can be formatted as mib table index For example jnxOperatinglMinLoadAvg 9 1 0 0 is an OID The comment parameter describes the OID If comment is present the comment instead of the OID is generated as the subject of the vital data For example without the comment parameter the output of the set system log vital add jnxJsPolicyNumber 0 command in the dump file is With the comment parameter the output of the set system log vital add jnxJsPolicyNumber O comment Total Policy Number command in the dump file is Copyright 2015 Juniper Networks Inc Chapter 10 Configuring Vital MIB Data D NOTE For OIDs that are temporarily unavailable the string NA is generate
272. it Storage usage limit in percentage file size Size of the current dump file state Number that indicates which state the current collection is in It could indicate IDLE or ONGOING snmp mgmt sock op number Stat number of the querying MIB current timer counter Number that indicates the collection timer Sample Output show system log vital data user host gt show system log vital data Start firefly perimeter fw1 Vitals Check Fri Sep 5 00 00 44 2014 Fri Sep 5 00 00 44 2014 Vital data of SPU Node SPU CPU Mem Flow Sess CP Sess IPv4 Sess IPv6 Sess CP IPv4 CP IPv6 nodeO fwdd 0 55 10 0 10 0 0 0 End firefly perimeter fwl Vitals Check Fri Sep 5 00 00 45 2014 362 Copyright 2015 Juniper Networks Inc Chapter 17 Operational Commands Start firefly perimeter fwl Vitals Check Fri Sep 5 00 01 45 2014 Fri Sep 5 00 01 45 2014 Vital data of SPU Node SPU CPU Mem Flow Sess CP Sess IPv4 Sess IPv6 Sess CP IPv4 CP IPv6 nodeO fwdd 0 55 16 0 16 0 0 0 End firefly perimeter fwl Vitals Check Fri Sep 5 00 01 45 2014 show system log vital oid user host gt show system log vital oid OID list 11dpLocSysName 0 sys name jnxJsNodeCurrentTotalSessIPv4 0 IPv4 sess number 1 3 6 1 4 1 2636 3 1 13 1 8 9 1 0 0 re cpu usage OID number 3 Group SPU list All Group SPU number 1 Group screen list trust untrust Group screen number 2 Group idp cluster counter
273. itches Configure view based access control model VACM information The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration e Defining Access Privileges for an SNMP Group on page 148 Copyright 2015 Juniper Networks Inc variable Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation version Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series variable oid variable edit snmp rmon alarm index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Object identifier OID of MIB variable to be monitored oid variable OID of the MIB variable that is being monitored The OID can be a dotted decimal for example 1 3 6 1 2 1 2 1 2 2 1 10 1 Alternatively use the MIB object name for example iflnOctets 1 snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Variable on page 228 EX Series LN Series M Series MX Series PTX Series SRX Series T Series version all
274. ith it Junos OS looks up all the target addresses with this tag and verifies that the source address of this packet matches one of the configured target addresses D NOTE You must configure the address mask when you configure the SNMP community To specify where you want the traps to be sent and define what SNMPv1 and SNMPv2cc packets are allowed include the target address statement at the edit snmp v3 hierarchy level edit snmp v3 target address target address name target address name is the string that identifies the target address To configure the target address properties include the following statements at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name address address address mask address mask logical system logical system port port number routing instance instance tag list tag list target parameters target parameters name This section includes the following topics Configuring the Address on page 161 Configuring the Address Mask on page 162 e Configuring the Port on page 162 e Configuring the Routing Instance on page 162 Configuring the Trap Target Address on page 162 Applying Target Parameters on page 163 Configuring the Address To configure the address include the address statement at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name
275. ix counters It is based upon similar objects in the MIB documented in Internet draft draft ietf idr bgp4 mibv2 03 txt Definitions of Managed Objects for the Fourth Version of BGP BGP 4 Second Version For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx bgpmib2 txt For more information see BGP4 V2 MIB BFD MIB Provides support for monitoring Bidirectional Forwarding Detection BFD sessions For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx bfd txt For more information see Bidirectional Forwarding Detection MIB Chassis MIB Provides support for environmental monitoring power supply state board voltages fans temperatures and air flow and inventory support for the chassis System Control Board SCB System and Switching Board SSB Switching and Forwarding Model SFM Flexible PIC Concentrators FPCs and PICs Fora downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx chassis txt For more information see Chassis MIBs e Chassis Cluster MIB Provides information about objects that are used whenever the state of the control link interfaces or fabric link interfaces changes up to down or down to up ina chassis cluster deployment For a downloadable version of this MIB see http www juniper net
276. l for the NMS to use polling to monitor the devices A more scalable approach is to rely on network devices to notify the NMS when something requires attention On Juniper Networks routers RMON alarms and events provide much of the infrastructure needed to reduce the polling overhead from the NMS However with this approach you must set up the NMS to configure specific MIB objects into RMON alarms This often requires device specific expertise and customizing of the monitoring application In addition some MIB object instances that need monitoring are set only at initialization or change at runtime and cannot be configured in advance To address these issues the health monitor extends the RMON alarm infrastructure to provide predefined monitoring for a selected set of object instances for file system usage CPU usage and memory usage and includes support for unknown or dynamic object instances such as Junos OS processes Health monitoring is designed to minimize user configuration requirements To configure health monitoring entries include the health monitor statement at the edit snmp hierarchy level edit snmp health monitor falling threshold percentage interval seconds rising threshold percentage You can use the show snmp health monitor operational command to view information about health monitor alarms and logs Copyright 2015 Juniper Networks Inc 239 SNMP MIBs and Traps Monitoring and Troubleshooting Gu
277. l host reach the designated host and are returned If the designated host can be reached the ping test provides the approximate round trip time for the packets Ping test results are stored in pingResultsTable and pingProbeHistoryTable RFC 2925 is the authoritative description of the Ping MIB in detail and provides the ASN 1 MIB definition of the Piing MIB SNMP Remote Operations Overview on page 185 e Starting a Ping Test on page 188 e Monitoring a Running Ping Test on page 190 e Gathering Ping Test Results on page 192 e Stopping a Ping Test on page 194 e Interpreting Ping Variables on page 194 Starting a Ping Test Supported Platforms 188 ACX Series LN Series M Series MX Series PTX Series SRX Series T Series Copyright 2015 Juniper Networks Inc Chapter 8 Configuring Remote Operations Before you start a ping test configure a Ping MIB view This allows SNMP Set requests on pingMIB To start a ping test create a row in pingCtlTable and set pingCtLAdminStatus to enabled The minimum information that must be specified before setting pingCtlAdminStatus to enabled is pingCtLOwnerlndexSnmpAdminString pingCtlLTestNameSnmpAdminString e pingCtlTargetAddressIinetAddress pingCtlTargetAddressTypelnetAddressType pingCtLRowStatusRowStatus For all other values defaults are chosen unless otherwise specified pingCtLOwnerIndex and pingCtlTestName are used as the index so their values are specif
278. l system name for SNMP v1 and v2c clients Include at the edit snmp trap options hierarchy level to specify a logical system address as the source address of an SNMP trap Include at the edit snmp v3 target address hierarchy level to specify a logical system name as the destination address for an SNMPv3 trap or inform logical system name Name of the logical system routing instance routing instance name Statement to specify a routing instance associated with the logical system snmp To view this statement in the configuration snmp control To add this statement to the configuration e Specifying a Routing Instance in an SNMPv1 or SNMPv2c Community on page 180 Configuring the Trap Target Address on page 161 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements logical system trap filter Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series logical system trap filter edit snmp Statement introduced in Junos OS Release 8 4 Restrict the routing instances from receiving traps that are not related to the logical system networks to which they belong snmp To view this statement in the configuration snmp control To add this statement to the configuration e Trap Support for Routing Instances on page 178 Copyright 2015 Junip
279. lUnavailableDest 1 3 6 1 4 1 2636 48 6 1 Devices that Collection run Junos OS Services MIB and have jnx coll mib collector PICs installed jnxCollUnavailableDestCleared 1 3 6 1 4 1 2636 4 8 6 2 Devices that run Junos OS and have collector PICs installed jnxCollUnsuccessfulTransfer 1 3 6 1 4 1 2636 4 8 6 3 Devices that run Junos OS and have collector PICs installed jnxCollFlowOverload 1 3 6 1 4 1 2636 48 6 4 Devices that run Junos OS and have collector PICs installed jnxCollFlowOverloadCleared 1 3 6 1 4 1 2636 48 6 5 Devices that run Junos OS and have collector PICs installed jnxCollMemoryUnavailable 1 3 6 1 4 1 2636 48 6 6 Devices that run Junos OS and have collector PICs installed jnxCollMemoryAvailable 1 3 6 1 4 1 2636 4 8 6 7 Devices that run Junos OS and have collector PICs installed jnxCollFtpSwitchover 1 3 6 1 4 1 2636 4 8 6 8 Devices that run Junos OS and have collector PICs installed 84 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 12 Juniper Networks Enterprise Specific Supported SNMP Version 1 Traps continued Defined in Passive Monitoring MIB jnx pmonmib Trap Name jnxPMonOverloadSet Enterprise ID 1 3 6 1 4 1 2636 4 7 0 1 Generic Trap Number Specific Trap Number System Logging Severity Supported Level On Devices that run Junos OS an
280. ld lt percentage level gt high threshold lt percentage level gt critical threshold lt percentage level gt traceoptions action lt monitor prevent recover gt edit snmp health monitor routing engine Statement introduced in Junos OS Release 12 1X44 D10 Statement modified in Junos OS Release 12 1X45 D10 Enable the system health management feature to use the specified parameters interval Monitoring interval in seconds Default 300 seconds moderate threshold Percentage of moderate threshold level resource utilization Default 70 percent high threshold Percentage of high threshold level resource utilization Default 80 percent critical threshold Percentage of critical threshold level resource utilization Default 90 percent traceoptions Enable tracing of system health monitoring daemon action Enable action for all resources Default If action is not enabled the default is prevent f WARNING If the system health management action for an affected resource is configured to recover then certain instrusive operations necessary for preventing system breakdown are taken Instrusive operations can include restarting or terminating processes deleting files and so on Such action information is logged in the system health management history and system log security To view this statement in the configuration security control To add this statement to the configuration Copyright 2
281. le NOTE Replaced with RFC 4444 S S MIB in Junos OS Release 11 3 and later Internet draft 0 1 1 1 0 1 0 0 o draft ietf ppvpn mpls vpn mib 04 txt MPLS BGP Virtual Private Network Management Information Base Using SMIv2 only mplsVpnScalars mplsVpnVrfTable mplsVpnPerTable and mplsVpnVrfRouteTargetTable Copyright 2015 Juniper Networks Inc 31 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 4 Standard MIBs Supported on Devices Running Junos OS continued Platforms Internet draft draft ietf ospf ospfv3 mib 11 txt 0 0 Management Information Base for OSPFv3 Represented by mib jnx ospfv3mib txt and implemented under the Juniper Networks enterprise branch jnxExperiment Support for ospfv3NbrTable only Read only Object names are prefixed by jnx For example jnxOspfv3NbrTable jnxOspfv3NbrAddressType and jnxOspfv3NbrPriority Internet draft draft ietf idmr pim mib 09 txt 1 1 1 1 1 1 0 0 1 Protocol Independent Multicast PIM MIB ESO Consortium MIB which can be found at 1 1 1 1 1 o o http www snmp com eso NOTE The ESO Consortium MIB has been replaced by RFC 3826 Internet Draft P2MP MPLS TE MIB 1 1 1 0 1 0 0 0 draft ietf mpls p2mp te mib 09 txt read only access except mplsTeP2mpTunnelBranchPerfTable Related Juniper Networks Enterprise Specific MIBs on page 32 Pecmenteuen Loading MIB Fi
282. le 4 Description Notes Objects are exposed only for the default logical system jnxScu 16 Class 1 jnxScuStatsTable 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxRpf 17 Class 1 jnxRpfStatsTable 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxCfgMgmt 18 Class 3 Objects are exposed only for the default logical system jnxPMon 19 Class 1 Only those logical interfaces and their jnxPMonFlowTable 1 jnxPMonErrorTable 2 jnxPMonMemoryTable 3 parent physical interfaces that belong to a specific routing instance are exposed jnxSonet 20 Class 1 jnxSonetAlarmTable 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxAtmCos 21 Class 1 jnxCosAtmVcTable 1 jnxCosAtmScTable 2 jnxCosAtmVcQstatsTable 3 jnxCosAtmTrunkTable 4 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed ipSecFlowMonitorMIB 22 jnxMac 23 Class 1 Only those logical interfaces and their parent physical interfaces that belong to jnxMacStats 1 a specific routing instance are exposed apsMIB 24 Class 3 Objects are exposed only for the default logical system jnxChassisDefines 25 Cl
283. les to a Network Management System on page 111 Juniper Networks Enterprise Specific MIBs Supported Platforms LN Series SRX Series The Junos OS supports the following enterprise specific MIBs DHCP Objects MIB Provides SNMP support get and trap for DHCP local server and relay configurations It also provides support for bindings and leases tables and for statistics For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx jdhcp txt For more information see DHCP MIB SNMP GetSNMP Traphttp www juniper net techpubs en_US junos12 1x45 topics reference mibs mib jnx dom txt 32 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS For more information see Digital Optical Monitoring MIB Power Supply Unit MIB Enables monitoring and managing of the power supply ona device running the Junos OS This MIB is currently supported only on EX Series Ethernet Switches For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x45 topics reference mibs mib jnx power supply unit txt For more information see Power Supply Unit MIB AAA Objects MIB Provides support for monitoring user authentication authorization and accounting through the RADIUS LDAP SecurID and local authentication servers This MIB is currently supported by Junos OS for SRX Series devices only For a downloadabl
284. lete SNMPv3 Configuration Statements 0 0 00 cee eee ee 251 ACCESSH IISE 54 ests Cr AaSaGHBSL ORASEADAESEDLEMAN SOSH eR AAE Das oaks 253 AG GNSS Sie seines eire niriana Eady lacs Sat a A aae doa a 254 BGGKESSAMASK Foydk ds gienqee mone udhaad hg aan ee ae clack ETE r a 254 agent addreSS 2 nee eee eee eens 255 alarm SNMP RMON scexa2dedaceedad 2o eda Geud bepiede Seadasacdtuan ws 256 authentication Md5 0 eee eee eens 257 AULMEMHECATIONENONE 35 onc wake i tenre rE d Se aoe on Go E Daa ES aN 258 authentication DaSSWOId 2 ee tee eee eee 259 BULMENEEATON Shalaoe4 o tS Gunny sheeos 6h anteu sabes wae Gaehot heetanss AG 260 authonzat Ome srea terea db tac A e a EE sacs de E E E samo deend 261 catepol Saenen a r e r acd a a He OSG a e aeaneey 262 CHemlSE ca doreir E aE E E E E E EE ie aA oaa eaa 262 cliemntlistnamMe sesine eraen a E SOLES RSENS eE p SOS ER 263 E E E nash ae AE EN A E E EEEE EEE TE EEEE EN 264 ComM A laVar arnee r EEEE TE E DE ATE E oe 4 a a a a8 265 COMMUNI sacrrine dea ae tee wes ane ue Gad a a a a E A 266 COMMUNI seeno hierne nE Sean waded cohen gate of OE E O ETS 267 COMMUNITYVSNAME 455 penras rnan a desea Gee ee cea ae eee hw oe aS Oe 268 CONTAC waanwoienceicuedaseacadaodeieioetowvney geen EAE EANET ENE 269 GESCHDHOM erare ou re radnedeed oieed Gade kone ne een te dake A E 269 GESCHDNOM ont eet esa ares Boab eeaceumse henge suaendanwasa deeumases Se 270 GEStiNaliOn POMrt occ24 q0ct cee ae oda ceed coda gees ana
285. ll instances within a logical system are exposed Data will not be segregated down to the routing instance level Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 8 Class 2 MIB Objects Standard and Juniper MIBs Class MIB Objects Class 2 rfc3813 mib mplsLsrStdMIB Examples mplsinterfaceTable mplsinSegmentTable mplsOutSegmentTable mplsLabelStackTable mplsXCTable and related MIB objects igmpmib mib igmpStdMIB 3vpnmib mib mplsVpnmib jnx mpls mib Example mplsLspList jnx ldp mib jnxLdp Example jnxLdpStatsTable jnx vpn mib jnxVpnMIB jnx bgpmib2 mib jnxBgpM2Experiment Table 9 on page 72 shows Class 3 MIB objects standard and enterprise specific MIBs supported by Junos OS With Class 3 objects are exposed only for the default logical system Copyright 2015 Juniper Networks Inc 7 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 9 Class 3 MIB Objects Standard and Juniper MIBs Class MIB Objects Class 3 rfc2819a mib rmonEvents alarmTable logTable eventTable agentxMIB rfc2925a mib pingmib rfc2925b mib tracerouteMIB jnxchassis mib jnxBoxAnatomy jnx chassis alarm mib jnxAlarms jnx ping mib jnxPingMIB jnx traceroute mib jnxTraceRouteMIB jnx rmon mib jnxRmonAlarmTable jnx cos mib Example jnxCosFcTable jnx cfgmgmt mib Example jnxCfgMgmt
286. m Log MIB Enables notification of an SNMP trap based application when an important system log message occurs For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx syslog txt For more information see System Log MIB Traceroute MIB Supports the Junos OS extensions of traceroute and remote operations Items in this MIB are created when entries are created in the traceRouteCtlTable of the Traceroute MIB Each item is indexed exactly the same way as it is in the Traceroute MIB For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx traceroute txt For more information see Traceroute MIB Utility MIB Provides SNMP support for exposing Junos OS data and has tables that contain information on each type of data such as integer and string For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx util txt For more information see Utility MIB VPN Certificate Objects MIB Provides support for monitoring the local and CA certificates loaded on the router This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js cert txt For more information see VPN Certificate Objects MIB
287. m local engine user username edit snmp v3 usm remote engine engine id user username Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the Advanced Encryption Standard encryption algorithm CFB128 AES 128 Privacy Protocol for the SNMPv3 user privacy password privacy password Password that a user enters The password is then converted into a key that is used for encryption SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Encryption Type on page 146 Copyright 2015 Juniper Networks Inc 297 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices privacy des Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 298 LN Series M Series MX Series PTX Series OFX Series T Series privacy des privacy password privacy password edit snmp v3 usm local engine user username edit snmp v3 usm remote engine eng
288. m txt Analyzer MIB 8 0 8 0 0 0 6 O http Awwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx analyzer txt Antivirus Objects MIB 0 0 0 0 0 0 1 0 0 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx js utm av txt ATM Class of Service MIB l O o o http Avwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx atm cos txt 54 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 5 Enterprise Specific MIBs and Supported Devices continued Platforms Mid High Enterprise Specific MIB Range End 0 ATM MIB 1 1 1 6 0 O 0 O http Awwwjunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx atm txt BGP4 V2 MIB 1 1 1 1 1 1 http Avwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx bgpmib2 txt Bidirectional Forwarding Detection MIB 1 1 1 1 1 1 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx bfd txt Chassis Forwarding MIB 1 0 O 0 0 1 1 0 0 http A vwwijuniper net techpubs en US junos121 topics reference mibs mib jnx chassis fwdd txt Chassis MIBs 1 1 1 1 1 1 1 1 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx chassis txt http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx chas defines txt Chas
289. mance management Monitor and adjust device performance e Security management Control device access and authenticate users The Junos OS network management features work in conjunction with an operations support system OSS to manage the devices within the network Junos OS can assist you in performing these management tasks as described in Table 3 on page 4 Copyright 2015 Juniper Networks Inc 3 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 3 Device Management Features in Junos OS Task Junos OS Feature Fault management Monitor and see faults using Operational mode commands For more information about operational mode commands see the CL User Guide e SNMP MIBs For more information about SNMP MIBs supported by Junos OS see Standard SNMP MIBs Supported by Junos OS on page 13 and Juniper Networks Enterprise Specific MIBs on page 32 e Standard SNMP traps For more information about standard SNMP traps see the Standard SNMP Traps Supported on Devices Running Junos OS on page 95 e Enterprise specific SNMP traps For more information about enterprise specific traps see Juniper Networks Enterprise Specific SNMP Traps on page 80 System log messages For more information about how to configure system log messages see System Log Monitoring and Troubleshooting Guide for Security Devices Configuration management e Configure device a
290. md5 authentication password authentication password privacy des privacy password privacy password user user2 authentication sha authentication password authentication password privacy none user user3 authentication none privacy none user user4 authentication sha authentication password authentication password privacy aes128 privacy password privacy password user user5 authentication sha SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices authentication password authentication password privacy none vacm access group san francisco Defines the access privileges for the group default context prefix called san francisco security model v1 security level none notify view ping mib read view interfaces write view jnxAlarms security to group security model v1 security name john Assigns john to the security group group san francisco called san francisco security name bob group new york security name elizabeth group chicago Related Complete SNMPv3 Configuration Statements on page 251 D tati ocumentanon e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Example Creating SNMPv3 Users Configuration Supported Platforms SRX Series Define SNMPv3 users edit snmp v3 f usm local engine user user authentication md5 authentication p
291. ment introduced in Junos OS Release 11 1 for the OFX Series Statement introduced in Junos OS Release 14 1X53 D20 for the OCX Series Specify a user associated with an SNMPv3 group on a local or remote SNMP engine username SNMPv3 user based security model USM username snmp To view this statement in the configuration snmp control To add this statement to the configuration e Creating SNMPv3 Users on page 138 Copyright 2015 Juniper Networks Inc 335 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices usm Supported Platforms LN Series M Series MX Series PTX Series OFX Series T Series Syntax usm local engine user username authentication md5 authentication password authentication password authentication none authentication sha authentication password authentication password privacy aes128 privacy password privacy password privacy des privacy password privacy password privacy 3des privacy password privacy password privacy none privacy password privacy password remote engine engine id user username authentication md5 authentication password authentication password authentication none authentication sha authentication password authentication password privacy aes128 privacy password privacy password privacy des privacy password privacy password privacy 3des privacy password privacy p
292. mum possible value snmp To view this statement in the configuration snmp control To add this statement to the configuration falling threshold on page 274 e Configuring the Falling Threshold or Rising Threshold on page 241 EX Series LN Series M Series MX Series PTX Series T Series rmon edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure Remote Monitoring snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring an Alarm Entry and Its Attributes on page 224 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements routing engine SNMP Resource Level Supported Platforms LN Series SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 vSRX Syntax routing engine resource lt cpu memory open files count process count storage temperature gt interval lt interval in secs gt moderate threshold lt percentage level gt high threshold lt percentage level gt critical threshold lt percentage level gt action lt monitor prevent recover gt Hierarchy Level edit snmp health monitor routing engine Release Information Statement introduced in Junos OS Release 12 1X44 D10 Statement modified in Junos OS Release 15 1x49 D10 Description Override the global configuration for a resource Options
293. n snmp control To add this statement to the configuration e Configuring the Sample Type on page 227 Copyright 2015 Juniper Networks Inc 31 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices security level Defining Access Privileges Supported Platforms EX Series LN Series M Series MX Series OFX Series T Series Syntax security level authentication none privacy notify view view name read view view name write view view name Hierarchy Level edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Description Define the security level used for access privileges Default none Options authentication Provide authentication but no encryption none No authentication and no encryption privacy Provide authentication and encryption Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring the Security Level on page 150 Documentation 312 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements security level Generating SNMP Notifications Supported Platfo
294. n Junos OS Release 11 1 for the OFX Series Configure the password for user authentication authentication password Password that a user enters The password is then converted into a key that is used for authentication SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring MD5 Authentication on page 145 e Configuring SHA Authentication on page 145 Copyright 2015 Juniper Networks Inc 259 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices authentication sha Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation 260 LN Series M Series MX Series PTX Series OFX Series T Series authentication sha authentication password authentication password edit snmp v3 usm local engine user username edit snmp v3 usm remote engine engine id user username Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the secure hash algorithm
295. n Junos OS Release 9 0 for EX Series switches The lower threshold is expressed as a percentage of the maximum possible value for the sampled variable When the current sampled value is less than or equal to this threshold and the value at the last sampling interval is greater than this threshold a single event is generated A single event is also generated if the first sample after this entry becomes valid is less than or equal to this threshold After a falling event is generated another falling event cannot be generated until the sampled value rises above this threshold and reaches the rising threshold percentage The lower threshold for the alarm entry Range 1 through 100 Default 70 percent of the maximum possible value snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Falling Threshold or Rising Threshold on page 241 rising threshold on page 306 Copyright 2015 Juniper Networks Inc falling threshold Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series falling threshold integer edit snmp rmon alarm index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches The lower t
296. n maeri eam aw eieiei iaren i i 233 RMON Alam Tables arare nackte edad earedan dbase srok amp sdederereia see 233 Troubleshooting RMON 0 0 ccc cee eee eens 234 Understanding Measurement Points Key Performance Indicators and Baseline MALU OS megana en Gite S Ei inie a Gre auger hid boa Bie a Da E ded aeee ass 235 Meas rement POMES 6 4264 4dcd bu based askava sanidseahena sana ead 235 Basic Key Performance Indicators 0 0 eee 236 Seting Baselines amp cccn dlaciensds oaedee sede ane wageeewesaab ones 236 Copyright 2015 Juniper Networks Inc vii SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices viii Part 4 Chapter 15 Part 5 Chapter 16 Health Monitoring with SNMP Configuring Health Monitoring 0 0 c cece eee 239 Configuring Health Monitoring on Devices Running JunosOS 239 Monitored OBDjeCts 2862 4oce naateunta twos sate bed andweexeede He eeE 240 Minimum Health Monitoring Configuration 0 0 241 Configuring the Falling Threshold or Rising Threshold 24 Configuring the Interval j c lt ccc seist wade ovata weds eoaedeeae ada ae es 241 OS Enties and TWabSin lt t22te nr ddcotacrucma meet et ous Shenae d Sener ee 242 Configuration Statements and Operational Commands Configuration Statements 2 jcccc ccs sea tee ebieeeecd wecdeeget ade 245 Configuration Statements at the edit snmp Hierarchy Level 248 Comp
297. name edit snmp v3 target parameters target parameters name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure a set of target parameters for message processing and security The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Defining and Configuring the Trap Target Parameters on page 163 EX Series LN Series M Series MX Series PTX Series QFX Series T Series port port number edit snmp v3 target address target address name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure a UDP port number for an SNMP target If you omit this statement the default port is 162 port number Port number for the SNMP target snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Port on page 162 295 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices privacy 3des Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 296 LN Se
298. ndTotalTable and dsx1FracTable RFC 2515 Definitions of Managed Objects for ATM Management except atmVpCrossConnectTable atmVcCrossConnectTable and aal5VccTable RFC 2570 Introduction to Version 3 of the Internet standard Network Management Framework RFC 2571 An Architecture for Describing SNMP Management Frameworks read only access NOTE RFC 2571 has been replaced by RFC 3411 However Junos OS supports both RFC 2571 and RFC 3411 RFC 2572 Message Processing and Dispatching for the Simple Network Management Protocol SNMP read only access NOTE RFC 2572 has been replaced by RFC 3412 However Junos OS supports both RFC 2572 and RFC 3412 Copyright 2015 Juniper Networks Inc SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 4 Standard MIBs Supported on Devices Running Junos OS continued Platforms MIB RFC RFC 2576 Coexistence between Version 1 Version 1 1 1 o 2 and Version 3 of the Internet standard Network Management Framework NOTE RFC 2576 has been replaced by RFC 3584 However Junos OS supports both RFC 2576 and RFC 3584 RFC 2578 Structure of Management Information 1 1 1 1 1 1 0 0 1 Version 2 SMIv2 RFC 2579 Textual Conventions for SMIv2 1 ll 1 1 0 0 1 RFC 2580 Conformance Statements for SMIv2 1 1 1 1 1 1 0 0 1 RFC 2662 Definitions of Managed Objects for 0 1 1 1 O 0 1 0 0 ADSL Li
299. ned in RFC 3812 Multiprotocol Label Switching MPLS Traffic Engineering TE Management Information Base You can disable the MPLS traps by including the no trap option at the edit protocol mpls log updown hierarchy level For information about disabling the generation of MPLS traps see the Junos OS MPLS Applications Configuration Guide The Junos OS supports the following MPLS traps mplsTunnelUp Generated when an mplsTunnelOperStatus object for one of the configured tunnels leaves the down state and transitions into another state other than the notPresent state mplsTunnelDown Generated when an mplsTunnelOperStatus object for one of the configured tunnels enters the down state from a state other than the notPresent state D NOTE When an LSP flaps only the ingress and egress routers of that LSP generate the mplsTunnelUp and mplsTunnelDown traps Previously all the routers associated with an LSP that is the ingress egress and transit routers used to generate the traps when the LSP flaps mplsTunnelRerouted Generated when a tunnel is rerouted mplsTunnelReoptimized Generated when a tunnel is reoptimized NOTE In Junos OS Release 8 3 and earlier mplsTUnnelReoptimized was generated every time the optimization timer expired that is when the optimization timer exceeded the value set for the optimize timer statement at the edit protocols mpls label switched path path name hierarchy level However in Rele
300. nes All MIB tables objects and traps are applicable for the ADSL ATU R agent RFC 2665 Definitions of Managed Objects forthe 1 1 1 1 1 1 1 0 1 Ethernet like Interface Types NOTE For M T and MX Series the SNMP counters do not count the Ethernet header and frame check sequence FCS Therefore the Ethernet header bytes and the FCS bytes are not included in the following four OIDs e iflnOctets e ifOutOctets e ifHCInOctets e ifHCOutOctets However the EX switches adhere to RFC 2665 NOTE The list of managed objects specified in RFC 2665 has been updated by RFC 3635 by including information useful for the management of 10 Gigabit per second Ethernet interfaces RFC 2787 Definitions of Managed Objects forthe 1 1 1 1 l 1 1 0 1 Virtual Router Redundancy Protocol except row creation the Set operation and the object vrrpStatsPacketLengthErrors 20 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 4 Standard MIBs Supported on Devices Running Junos OS continued SRX Low End 1 Platforms 1 1 1 1 1 RFC 2790 Host Resources MIB e Only the hrStorageTable The file systems config var and tmp always return the same index number When SNMP restarts the index numbers for the remaining file systems might change e Only the objects of the hrSystem and hrSWInstalled groups RFC 2819 Remote Network Monitoring 1 1 0 1
301. ng Junos OS Supported Platforms LN Series SRX Series This topic provides pointers to the standard SNMP traps supported by the Junos OS NOTE For scalability reasons the MPLS traps are generated by the ingress router only Copyright 2015 Juniper Networks Inc 95 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices e Standard SNMP Version 1 Traps on page 96 e Standard SNMP Version 2 Traps on page 99 Standard SNMP Traps on EX Series Ethernet Switches Unsupported Standard SNMP Traps on page 106 Related Juniper Networks Enterprise Specific SNMP Traps on page 80 Documentation Juniper Networks Enterprise Specific MIBs on page 32 Standard SNMP MIBs Supported by Junos OS on page 13 Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 128 Managing Traps and Informs on page 213 Standard SNMP Version 1 Traps Supported Platforms LN Series SRX Series Table 14 on page 96 provides an overview of the standard traps for SNMPvI The traps are organized first by trap category and then by trap name and include their enterprise ID generic trap number and specific trap number The system logging severity levels are listed for those traps that have them with their corresponding system log tag Traps that do not have corresponding system logging severity levels are marked with an en dash in the table For more information about system log messages see the Junos
302. ng and Troubleshooting Guide for Security Devices This topic includes the following sections Configuring the Security Model on page 154 Assigning Security Names to Groups on page 154 Configuring the Group on page 154 Configuring the Security Model To configure the security model include the security model statement at the edit snmp v3 vacm security to group hierarchy level edit snmp v3 vacm security to group security model usm v1 v2c e usm SNMPVv3 security model e vI SNMPvI1 security model e v2c SNMPv2 security model Assigning Security Names to Groups To associate a security name with an SNMPv3 user or a vl or v2 community string include the security name statement at the edit snmp v3 vacm security to group security model usm v1 v2c hierarchy level edit snmp v3 vacm security to group security model usm v1 v2c security name security name For SNMPv3 the security name is the username configured at the edit snmp v3 usm local engine user username hierarchy level For SNMPv1 and SNMPv2c the security name is the community string configured at the edit snmp v3 snmp community community index hierarchy level For information about configuring usernames see Creating SNMPv3 Users on page 138 For information about configuring acommunity string see Configuring the SNMPv3 Community on page 167 NOTE The USM security name is separate from the SNMPv1 and SNMPv2c secu
303. ng socket calls subagent Log subagent restarts timer Log internally generated events varbind error Log variable binding errors match regular expression Optional Refine the output to include lines that contain the regular expression size size Optional Maximum size in kilobytes KB of each trace file before it is closed and archived Range 10 KB through 1 GB Default 1000 KB world readable no world readable Optional By default log files can be accessed only by the user who configures the tracing operation The world readable option enables any user to read the file To explicitly set the default behavior use the no world readable option snmp To view this statement in the configuration snmp control To add this statement to the configuration e Tracing SNMP Activity on a Device Running Junos OS on page 197 Copyright 2015 Juniper Networks Inc trap group Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements ACX Series EX Series M Series MX Series OCX1100 PTX Series QFabric System OFX Series SRX Series T Series trap group group name categories category destination port port number routing instance instance targets address version all v1 v2 edit snmp Statement introduced before Junos OS Release
304. ngine history e show snmp health monitor routing engine status e show snmp mib View e show system log vital Copyright 2015 Juniper Networks Inc 345 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices show snmp health Supported Platforms Syntax Release Information Description Options Required Privilege Level List of Sample Output Output Fields monitor LN Series SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 vSRX show snmp health monitor lt alarms lt detail gt gt lt logs gt Statement introduced in Junos OS Release 12 1X44 D10 for SRX Series devices Display information about SNMP health monitor alarms and logs none Display information about all health monitor alarms and logs alarms lt detail gt Optional Display detailed information about health monitor alarms logs Optional Display information about health monitor logs view show snmp health monitor on page 348 show snmp health monitor alarms detail on page 349 show snmp health monitor alarms brief on page 350 Table 26 on page 346 describes the output fields for the show snmp health monitor command Output fields are listed in the approximate order in which they appear Table 26 show snmp health monitor Output Fields Field Name Field Description Alarm Index Alarm identifier Variable description Description of the health monitor object instance being monitored
305. nitoring and Troubleshooting Guide for Security Devices Table 11 SNMP MIB Objects continued Object Name Object Identifier snmpEnableAuthenTraps 1 3 6 1 2 1 11 30 RFC 2819a alarminterval 1 3 6 1 2 1 16 3 1 1 2 alarmVariable 1 3 6 1 2 1 16 3 1 1 2 alarmSampleType 1 3 6 1 2 1 16 3 1 1 4 alarmStartupAlarm 1 3 6 1 2 1 16 3 1 1 6 alarmRisingThreshold 1 3 6 1 2 1 16 3 1 1 7 alarmFallingThreshold 1 3 6 1 2 1 16 3 1 1 8 alarmRisingEventIndex 1 3 6 1 2 1 16 3 1 1 9 alarmFallingEventIndex 1 3 6 1 2 1 16 3 1 1 10 alarmOwner 1 3 6 1 2 1 16 3 1 1 11 alarmStatus 1 3 6 1 2 1 16 3 1 1 12 eventDescription 1 3 6 1 2 1 16 9 1 1 2 eventType 1 3 6 1 2 1 16 9 1 1 3 eventCommunity 1 3 6 1 2 1 16 9 1 1 4 eventOwner 1 3 6 1 2 1 16 9 1 1 6 eventStatus 1 3 6 1 2 1 16 9 1 1 7 RFC 2925a pingMaxConcurrentRequests 1 3 6 1 2 1 80 1 1 pingCtlTargetAddressType 1 3 6 1 2 1 80 1 2 1 3 pingCtlTargetAddress 1 3 6 1 2 1 80 1 2 1 4 pingCtlDataSize 1 3 6 1 2 1 80 1 2 1 5 pingCtlTimeOut 1 3 6 1 2 1 80 1 2 1 6 pingCtlProbeCount 1 3 6 1 2 1 80 1 2 1 7 74 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 11 SNMP MIB Objects continued Object Name Object Identifier pingCtlAdminStatus 1 3 6 1 2 1 80 1 2 1 8 pingCtlDataFill 1 3 6 1 2 1 80 1
306. nitoring network address translation NAT This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js nat txt For more information see NAT Objects MIB PPP MIB Provides SNMP support for PPP related information such as the type of authentication used interface characteristics status and statistics This MIB is currently supported only on M Series and MX Series routers For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x45 topics reference mibs mib jnx ppp txt For more information see PPP MIB PPPoE MIB Provides SNMP support for PPPoE related information such as the type of authentication used interface characteristics status and statistics This MIB is currently supported only on M Series and MX Series routers For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x45 topics reference mibs mib jnx pppoe txt For more information see PPPoE MIB Pseudowire TDM MIB Extends the standard Pseudowire MIB and contains information about configuration and statistics for specific pseudowire types The enterprise specific Pseudowire TDM MIBis the Juniper Networks implementation of the standard Managed Objects for TDM over Packet Switched Network MIB draft ietf pwe3 tdm mib 08 txt For a downloadable version of
307. nitoring user authentication authorization and accounting through the RADIUS LDAP SecurID and local authentication servers This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx user aaa txt For more information see AAA Objects MIB Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS e Access Authentication Objects MIB Provides support for monitoring firewall authentication including data about the users trying to access firewall protected resources and the firewall authentication service itself This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http wwwjuniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js auth txt For more information see Access Authentication Objects MIB Alarm MIB Provides support for alarms from the router For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx chassis alarm txt For more information see Alarm MIB ATM CoS MIB Provides support for monitoring Asynchronous Transfer Mode version 2 ATM2 virtual circuit VC class of service CoS configurations It also provides CoS queue Statistics for all VCs that have CoS configured For a downloadable
308. nmpTargetParamsStorageType 1 3 6 1 6 3 12 1 3 1 6 snmpTargetParamsRowStatus 1 3 6 1 6 3 12 1 3 1 7 RFC 3413 Notify MIB snmpNotifyTag 1 3 6 1 6 3 13 1 1 1 2 snmpNotifyType 1 3 6 1 6 3 13 1 1 1 3 snmpNotifyStorageType 1 3 6 1 6 3 13 1 1 1 4 snmpNotifyRowStatus 1 3 6 1 6 3 13 1 1 1 5 snmpNotifyFilterProfileName 1 3 6 1 6 3 13 1 2 1 1 snmpNotifyFilterProfileStorType 1 3 6 1 6 3 13 1 2 1 2 snmpNotifyFilterProfileRowStatus 1 3 6 1 6 3 13 1 2 1 3 snmpNotifyFilterMask 1 3 6 1 6 3 13 1 3 1 2 snmpNotifyFilterType 1 3 6 1 6 3 13 1 3 1 3 snmpNotifyFilterStorageType 1 3 6 1 6 3 13 1 3 1 4 snmpNotifyFilterRowStatus 1 3 6 1 6 3 13 1 3 1 5 RFC 2574 usmUserSpinLock 1 3 6 1 6 3 15 1 2 1 usmUserCloneFrom 1 3 6 1 6 3 15 1 2 2 1 4 usmUserAuthProtocol 1 3 6 1 6 3 15 1 2 2 1 5 usmUserAuthKeyChange 1 3 6 1 6 3 15 1 2 2 1 6 usmUserOwnAuthKeyChange 1 3 6 1 6 3 15 1 2 2 1 7 usmUserPrivProtocol 1 3 6 1 6 3 15 1 2 2 1 8 78 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 11 SNMP MIB Objects continued Object Name Object Identifier usmUserPrivKeyChange 1 3 6 1 6 3 15 1 2 2 1 9 usmUserOwnPrivKeyChange 1 3 6 1 6 3 15 1 2 2 1 10 usmUserPublic 1 3 6 1 6 3 15 1 2 2 1 11 usmUserStorageType 1 3 6 1 6 3 15 1 2 2 1 12 usmUserStatus 1 3 6 1 6 3 15 1 2 2 1 13 RFC 2575 vacmGroupName 1 3 6 1 6 3 16 1 2 1 3 vacmSecurityToGroupSt
309. nos OS Platforms ACX ATE 1 1 1 1 RFC 4293 Management Information Base for the Internet Protocol IP Supports only the mandatory groups For detailed information see Standard IPv4 IPv6 MIBs RFC 4318 Definitions of Managed Objects for Bridges with Rapid Spanning Tree Protocol Supports 802 1w and 802 1t extensions for RSTP RFC 4363b O Bridge VLAN MIB Copyright 2015 Juniper Networks Inc 27 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 4 Standard MIBs Supported on Devices Running Junos OS continued Platforms MIB RFC RFC 4382 MPLS BGP Layer 3 Virtual Private 0 1 Network VPN MIB The Junos OS support for RFC 4382 includes the following scalar objects and tables mplsL3VpnActiveVrfs mplsL3VpnConfiguredVrfs e mplsL3VpnConnectedinterfaces mplsL3VpnVrfConfMidRteThresh e mplsL3VpnVrfConfHighRteThresh mplsL3VpnifConfRowStatus e mplsL3VpnillLblRevThrsh mplsL3VpnNotificationEnable mplsL3VpnVrfConfMaxPossRts e mplsL3VpnVrfConfRteMxThrshTime e mplsL3VpnVrfOperStatus e mplsL3VpnVrfPerfCurrNumRoutes mplsL3VpnVrfPerfTable mplsVpnVrfRT Table e mplsL3VpnVrfSecillegalLblVltns e mplsL3VpnVrfTable NOTE The mplsL3VpnifConfTable has not been implemented in the MPLS BGP Layer 3 Virtual Private Network VPN MIB because of limited utility and difficulty in representing the DistProtocol bit accurately 1 1 1
310. nos15 1x49 topics reference mibs mib jnx ipforward txt For more information see P Forward MIB IPsec Monitoring MIB Provides operational and statistical information related to the IPsec and IKE tunnels on Juniper Networks routers For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipsec monitor asp txt For more information see Psec Monitoring MIB IPsec Generic Flow Monitoring Object MIB Based on jnx ipsec monitor mib this MIB provides support for monitoring IPsec and IPsec VPN management objects This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipsec flow mon txt For more information see Psec Generic Flow Monitoring Object MIB IPv4 MIB Provides additional Internet Protocol version 4 IPv4 address information supporting the assignment of identical IPv4 addresses to separate interfaces Fora downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipv4 txt For more information see Pv4 MIB License MIB Extends SNMP support to licensing information and introduces SNMP traps that alert Users when the licenses are about to expire expire or when the total number of users exceeds the number specified in the license For
311. notification for SNMP remote operations include the categories and targets statements at the edit snmp trap group group name hierarchy level edit snmp trap group group name categories category targets address Example Setting Trap Notification for Remote Operations Specify 172 17 12 213 as a target host for all remote operation traps snmp trap group remote traps categories remote operations targets 172 17 12 213 For more information about trap groups see Configuring SNMP Trap Groups on page 132 Using Variable Length String Indexes All tabular objects in the remote operations MIBs supported by Junos OS are indexed by two variables of type SnmpAdminString For more information about SnmpAdminString see RFC 2571 Junos OS does not handle SnmpAdminString any differently from the octet string variable type However the indexes are defined as variable length When a variable length string is used as an index the length of the string must be included as part of the object identifier OID Example Set Variable Length String Indexes To reference the pingCtlTargetAddress variable of a row in pingCtlTable where pingCtlOwnerlndex is bob and pingCtlTestName is test use the following object identifier OID pingMIB pingObjects pingCtlTable pingCtlEntry pingCtlTargetAddress bob test 1 3 6 1 2 1 80 1 2 1 4 3 98 111 98 4 116 101 115 116 For more information about the definition
312. nt introduced in Junos OS Release 11 1 for the OFX Series Description Configure the security model for an SNMPv3 group The security model is used to determine access privileges for the group Options usm SNMPv3 security model vI SNMPvI security model v2c SNMPv2c security model Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring the Security Model on page 150 Documentation 314 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements security model Group Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series T Series security model usm v1 v2c security name security name group group name edit snmp v3 vacm security to group Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Define a security model for a group usm SNMPv3 security model vI SNMPvI security model v2c SNMPv2c security model snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Security Model on page 154 Copyright 2015 Juniper Networks Inc 315 SNMP MIBs and Traps Monitoring and Troubleshooting Guide
313. ntains the following sections SNMP MIBs on page 10 SNMP Traps and Informs on page 10 SNMP MIBs A MIB is a hierarchy of information used to define managed objects in a network device The MIB structure is based on a tree structure which defines a grouping of objects into related sets Each object in the MIB is associated with an object identifier OID which names the object The leaf in the tree structure is the actual managed object instance which represents a resource event or activity that occurs in your network device MIBs are either standard or enterprise specific Standard MIBs are created by the Internet Engineering Task Force IETF and documented in various RFCs Depending on the vendor many standard MIBs are delivered with the NMS software You can also download the standard MIBs from the IETF website www ietf org and compile them into your NMS if necessary For a list of standard supported MIBs see Standard SNMP MIBs Supported by Junos OS on page 13 Enterprise specific MIBs are developed and supported by a specific equipment manufacturer If your network contains devices that have enterprise specific MIBs you must obtain them from the manufacturer and compile them into your network management software For a list of Juniper Networks enterprise specific supported MIBs see Juniper Networks Enterprise Specific MIBs on page 32 SNMP Traps and Informs Routers can send notifications to
314. nts only the objects isisSystem isisMANAreaAddr isisAreaAddr isisSysProtSupp isisSummAddr isisCirc isisCircLevel isisPacketCount isisISAdj isisISAdjAreaAddr isisAdjlPAddr isisISAdjProtSupp isisRa and isisIPRA are supported RFC 1212 Concise MIB Definitions 1 1 o o ll 16 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 4 Standard MIBs Supported on Devices Running Junos OS continued MIB RFC RFC 1213 Management Information Base for Network Management of TCP P Based Internets MIB II Junos OS supports the following areas e MIBIIl and its SNMP version 2 derivatives including e Statistics counters e IP except for ipRouteTable which has been replaced by ipCidrRouteTable RFC 2096 IP Forwarding Table MIB e SNMP management e Interface management e SNMPvI Get GetNext requests and version 2 GetBulk request e Junos OS specific secured access list e Master configuration keywords e Reconfigurations upon SIGHUP Platforms RFC 1215 A Convention for Defining Traps for use with the SNMP only MIB II SNMP version 1 traps and version 2 notifications RFC 1406 Definitions of Managed Objects for the DS1 and El Interface Types T1 MIB is supported RFC 1407 Definitions of Managed Objects for the DS3 E3 Interface Type T3 MIB is supported RFC 1471 Definitions of Managed Objects for the Link Control Protocol of the Po
315. nxFanOK 1 3 6 1 4 1 2636 4 2 2 Critical CHASSISD_ All devices running SNMP_ Junos OS TRAP jnxTemperatureOK 1 3 6 1 4 1 2636 4 2 3 Alert CHASSISD_ All devices running SNMP_ Junos OS TRAP Configuration Notifications Copyright 2015 Juniper Networks Inc 89 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 13 Juniper Networks Enterprise Specific Supported SNMP Version 2 Traps continued Source MIB Trap Name Configuration Management MIB jnx jnxCmCfgChange System Logging Severity snmpTrapOID Level 1 3 6 1 4 1 2636 4 5 01 System Log Tag Supported On All devices running Junos os cfgmgmt mib jnxCmRescueChange Link Notifications Flow Collection Services MIB jnx coll mib jnxCollUnavailableDest 1 3 6 1 4 1 2636 4 5 0 2 1 3 6 1 4 1 2636 4 8 0 1 All devices running Junos os Devices that run Junos OS and have collector PICs installed jnxCollUnavailableDestCleared 1 3 6 1 4 1 2636 4 8 0 2 Devices that run Junos OS and have collector PICs installed jnxCollUnsuccessfulTransfer 1 3 6 1 4 1 2636 4 8 0 3 Devices that run Junos OS and have collector PICs installed jnxCollFlowOverload 1 3 6 1 4 1 2636 4 8 0 4 Devices that run Junos OS and have collector PICs installed jnxCollFlowOverloadCleared 1 3 61 4 1 2636 4 8 0 5 Devices that run Junos OS and have
316. ode0 jnxJsSPUMonitoringNodeDescr 44 nodel jnxJsSPUMonitoringNodeDescr 45 nodel show snmp mib walk jnxJsPolicySystemStats user host gt show snmp mib walk jnxJsPolicySystemStats jnxJsPolicySystemStatsTotalAl lowIPv4Packets 0 10347 jnxJsPolicySystemStatsTotalAl lowIPv4Bytes 0 94053327 jnxJsPolicySystemStatsTotalAl lowIPv4PacketsRate 0 21 jnxJsPolicySystemStatsTotalAl lowIPv4BytesRate 0O 1012 jnxJsPolicySystemStatsTotalDropIPv4Packets 0 257 jnxJsPolicySystemStatsTotalDropIPv4Bytes 0 40298 jnxJsPolicySystemStatsTotalDropIPv4PacketsRate 0 0 jnxJsPolicySystemStatsTotalDropIPv4BytesRate 0 0 jnxJsPolicySystemStatsTotalAl lowIPv4Flows 0 1 jnxJsPolicySystemStatsTotalAl lowIPv4FlowsRate 0 jnxJsPolicySystemStatsTotalAl lowIPv6Packets 0 0 jnxJsPolicySystemStatsTotalAl lowIPv6Bytes 0 0 jnxJsPolicySystemStatsTotalAl lowIPv6PacketsRate 0 jnxJsPolicySystemStatsTotalAl lowIPv6BytesRate 0 jnxJsPolicySystemStatsTotalDropIPv6Packets 0 0 jnxJsPolicySystemStatsTotalDropIPv6 Bytes 0 0 jnxJsPolicySystemStatsTotalDropIPv6PacketsRate 0 jnxJsPolicySystemStatsTotalDropIPv6BytesRate 0 0 jnxJsPolicySystemStatsTotalAl lowIPv6Flows 0 0 jnxJsPolicySystemStatsTotalAl lowIPv6FlowsRate 0 0 jnxJsPolicySystemStatsEnabled O 1 Il I ll 0 show snmp mib walk jnxJsPolicySystemStatsIPv4 user host gt show snmp mib walk jnxJsPolicySystemStatsIPv4 jnxJsPolicySystemStatsTotalAl lowIPv4Packets 0 10347 jnxJsPolicySystemSt
317. odel and Security Name to a Group on page 153 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Defining Access Privileges for an SNMP Group Supported Platforms 148 ACX Series LN Series M Series MX Series PTX Series SRX Series T Series The SNMP version 3 SNMPv3 uses the view based access control model VACM which allows you to configure the access privileges granted to a group Access is controlled by filtering the MIB objects available for a specific operation through a predefined view You assign views to determine the objects that are visible for read write and notify operations for a particular group using a particular context a particular security model vl v2c or usm and particular security level authenticated privacy or none For information about how to configure views see Configuring MIB Views on page 126 You define user access to management information at the edit snmp v3 vacm hierarchy level All access control within VACM operates on groups which are collections of users as defined by USM or community strings as defined in the SNMPv1 and SNMPv2c security models The term security name refers to these generic end users The group to whicha specific security name belongs is configured at the edit snmp v3 vacm security to group hierarchy level That security name can be associated with a group defined at the edit snmp
318. of Managed Objects for ping TestFailed 1 3 6 1 2 1 80 0 6 Info SNMP_TRAP_ All devices running Remote PING_TEST_FAILED Junos OS Ping Traceroute R and Lookup pingTestCompleted 1 3 6 1 2 1 80 0 6 Info SNMP_TRAP_ All devices running Operations PING_TEST_ Junos OS COMPLETED traceRoutePathChange 1 3 6 1 2 1 81 0 6 Info SNMP_TRAP_ All devices running TRACE_ROUTE_ Junos OS PATH_CHANGE traceRouteTestFailed 1 3 6 1 2 1 81 0 6 Info SNMP_TRAP_ All devices running TRACE_ROUTE_ Junos OS TEST_FAILED traceRouteTestCompleted 1 3 6 1 2 1 81 0 6 Info SNMP_TRAP_ All devices running TRACE_ROUTE_ Junos OS TEST_COMPLETED RMON Alarms a RFC 2819a fallingAlarm 1 3 6 1 2 1 16 6 All devices running RMON MIB Junos OS risingAlarm 1 3 6 1 2 1 16 6 All devices running Junos OS Routing Notifications Se BGP 4 MIB bgpEstablished 1 3 6 1 2 1 15 7 6 M T MX J EX and SRX for branch devices bgpBackwardTransition 1 3 6 1 2 1 15 7 6 M T MX J EX and SRX for branch devices Copyright 2015 Juniper Networks Inc 97 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 14 Standard Supported SNMP Version 1 Traps continued Defined in OSPF TRAP MIB 98 Trap Name ospfVirtlfStateChange Enterprise ID 1 3 6 1 2 1 14 16 2 Generic Trap Number System Logging Severity Level Syslog Tag Supported On M T MX J EX and SRX for branch devices
319. of SNMP Get and GetNext Output on page 125 e Configuring SNMP on a Device Running Junos OS on page 115 Configuration Statements at the edit snmp Hierarchy Level on page 248 Copyright 2015 Juniper Networks Inc Chapter 5 Configuring SNMP Filtering Interface Information Out of SNMP Get and GetNext Output Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Junos OS enables you to filter out information related to specific interfaces from the output of SNMP Get and GetNext requests performed on interface related MIBs such as IF MIB ATM MIB RMON MIB and the Juniper Networks enterprise specific IF MIB You can use the following options of the filter interfaces statement at the edit snmp hierarchy level to specify the interfaces that you want to exclude from SNMP Get and GetNext queries interfaces Interfaces that match the specified regular expressions all internal interfaces I nternal interfaces edit snmp filter interfaces interfaces interface interface2 all internal interfaces Starting with Release 12 1 Junos OS provides an except option operator that enables you to filter out all interfaces except those interfaces that match all the regular expressions prefixed with the mark For example to filter out all interfaces except the ge interfaces from the SNMP get and get next results enter the following command edit snmp user host
320. of the Ping MIB see RFC 2925 Copyright 2015 Juniper Networks Inc 187 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Enabling Logging Related Documentation The SNMP error code returned in response to SNMP requests can only provide a generic description of the problem The error descriptions logged by the remote operations process can often provide more detailed information about the problem and help you to solve the problem faster This logging is not enabled by default To enable logging include the flag general statement at the edit snmp traceoptions hierarchy level edit snmp traceoptions flag general For more information about traceoptions see Tracing SNMP Activity on a Device Running Junos OS on page 197 If the remote operations process receives an SNMP request that it cannot accommodate the error is logged in the var log rmopd file To monitor this log file issue the monitor start rmopd command in operational mode of the command line interface CLI e Using the Ping MIB for Remote Monitoring Devices Running Junos OS on page 188 Using the Traceroute MIB for Remote Monitoring Devices Running Junos OS on page 195 Using the Ping MIB for Remote Monitoring Devices Running Junos OS Supported Platforms Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series A ping test is used to determine whether packets sent from the loca
321. ohn tag router Identifies managers that are allowed to use Copyright 2015 Juniper Networks Inc 169 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Documentation a community string target address tal address 10 1 1 1 address mask 255 255 255 0 Defines the range of addresses port 162 tag list router target parameters tpl Applies configured target parameters Configuring the SNMPv3 Community on page 167 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Configuring the Inform Notification Type and Target Address Supported Platforms 170 ACX Series M Series MX Series PTX Series T Series To configure the inform notification type and target information include the following statements at the edit snmp v3 hierarchy level edit snmp v3 notify name tag tag name type trap inform target address target address name address address address mask address mask logical system logical system port port number retry count number routing instance instance tag list tag list target parameters target parameters name timeout seconds target parameters target parameters name notify filter profile name parameters message processing model v1 v2c v3 security level authentication none privacy security model usm v1 v2c security name security name
322. olled remotely using SNMP Junos OS currently provides support for two SNMP remote operations the Ping MIB and Traceroute MIB defined in RFC 2925 Using these MIBs an SNMP client in the network management system NMS can Start a series of operations on a router Receive notification when the operations are complete Gather the results of each operation Junos OS also provides extended functionality to these MIBs in the Juniper Networks enterprise specific extensions jnxPingMIB and jnxTraceRouteMIB For more information about jnxPingMIB and jnxTraceRouteMIB see PING MIB and Traceroute MIB This topic covers the following sections SNMP Remote Operation Requirements on page 186 e Setting SNMP Views on page 186 Setting Trap Notification for Remote Operations on page 186 Using Variable Length String Indexes on page 187 e Enabling Logging on page 188 Copyright 2015 Juniper Networks Inc 185 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices SNMP Remote Operation Requirements To use SNMP remote operations you should be experienced with SNMP conventions You must also configure Junos OS to allow the use of the remote operation MIBs Setting SNMP Views All remote operation MIBs supported by Junos OS require that the SNMP clients have read write privileges The default SNMP configuration of Junos OS does not provide clients with a community string with such privileges To set read
323. ommands edit user host set system log vital add jnxlpSecTunMonReplayDropPkts 1 4 2 2 2 1 2 comment Anti Replay drop number of VPN policy test user host set system log vital add jnxlpSecTunMonBadHeaders 1 4 2 2 2 1 2 comment Bad Header number of VPN policy test Generating Vital Data from a Screen on page 210 Generating Vital Data from a NAT Rule Supported Platforms SRX Series You can monitor the vital data from a NAT rule in this example r1 by first obtaining the MIB index of rl Consider the following source NAT configuration user host gt show configuration security nat source rule set rs from zone trust to zone untrust rule rl match source address 17 0 0 0 8 destination address 0 0 0 0 0 then source nat interface To find the MIB index of rl enter the following command edit Copyright 2015 Juniper Networks Inc 209 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices user host show snmp mib walk jnxJsNatRuleName grep r1 jnxJsNatRuleName 2 114 49 1 r1 The output shows that 2 114 49 1 is the MIB index of rl Therefore by combining the index with NAT MIB table jnxJsNatRuleHits the session number associated with NAT rule rl can be monitored by using the command edit userGhost set system log vital add jnxJsNatRuleHits 2 114 49 1 comment Number of sessions on NAT rule rl Related Generating Readable Raw OID Data
324. ommit delay seconds edit snmp nonvolatile Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure the timer for the SNMP Set reply and start of the commit seconds Delay between an affirmative SNMP Set reply and start of the commit Default 5 seconds snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Commit Delay Timer on page 120 Copyright 2015 Juniper Networks Inc 265 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices community Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation 266 EX Series LN Series M Series MX Series PTX Series SRX Series T Series community community name authorization authorization client list name client list name clients address restrict view view name edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Define an SNMP community An SNMP community authorizes SNMP clients based on the source IP address of incoming SNMP request packets A community also defines which MIB objects are available and the operations read only or read write allowed on those objects The SNMP client application specifies
325. on page 256 Copyright 2015 Juniper Networks Inc falling event index Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series falling event index index edit snmp rmon alarm index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches The index of the event entry that is used when a falling threshold is crossed If this value is zero no event is triggered index I ndex of the event entry that is Used when a falling threshold is crossed Range O through 65 535 Default O snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Falling Event Index or Rising Event Index on page 225 e rising event index on page 304 Copyright 2015 Juniper Networks Inc 273 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices falling threshold Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 274 EX Series LN Series M Series MX Series PTX Series T Series falling threshold percentage edit snmp Statement introduced in Junos OS Release 8 0 Statement introduced i
326. onfiguring MIB Views on page 126 This section describes the following topics related to this configuration e Configuring the Notify View on page 151 Configuring the Read View on page 152 e Configuring the Write View on page 152 Configuring the Notify View To associate notify access with an SNMP user group include the notify view statement at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy hierarchy level edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy notify view view name view name specifies the notify access which is a list of notifications that can be sent to each user in an SNMP group A view name cannot exceed 32 characters Copyright 2015 Juniper Networks Inc 151 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Configuring the Read View To associate a read view with an SNMP group include the read view statement at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy hierarchy level edit snmp v3 vacm access group group name default context prefix contex
327. ons a a PING MIB jnxPingRttThreshold Exceeded 1 3 6 1 4 1 2636 4 9 01 All devices running Junos jnx ping mib OS jnxPingRttStdDevThreshold 1 3 6 1 4 1 2636 4 9 0 2 All devices running Junos Exceeded OS jnxPingRttJitterThreshold 1 3 6 1 4 1 2636 4 9 0 3 All devices running Junos Exceeded OS jnxPingEgressThreshold 1 3 6 1 4 1 2636 49 04 All devices running Junos Exceeded OS jnxPingEgressStdDevThreshold 1 3 6 1 4 1 2636 4 9 0 5 All devices running Junos Exceeded OS jnxPingEgressJitterThreshold 1 3 6 1 4 1 26364 9 0 6 All devices running Junos Exceeded OS jnxPingIngressThreshold 1 3 6 1 4 1 2636 4 9 0 7 All devices running Junos Exceeded OS jnxPingIngressStddevThreshold 1 3 6 1 4 1 2636 4 9 0 8 All devices running Junos Exceeded OS jnxPingIngressJitterThreshold 1 3 6 1 4 1 2636 49 09 All devices running Junos Exceeded OS Routing Notifications iii BFD bfdSessUp 1 3 6 1 4 1 2636 All devices running Junos Experimental 5 3 1 0 1 OS MIB jnx bfd exp mib bfdSessDown 1 3 61 4 1 2636 5 3 1 0 2 All devices running Junos OS Copyright 2015 Juniper Networks Inc 9 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 13 Juniper Networks Enterprise Specific Supported SNMP Version 2 Traps continued System Logging Severity Source MIB Trap Name snmpTrapOID Level System Log Tag Supported On
328. ontrol To add this statement to the configuration e Configuring SNMP Trap Groups on page 132 LN Series timeout seconds edit snmp v3 target address target address name Statement introduced in Junos OS Release 7 4 Configure the timeout period in seconds for SNMP informs seconds Number of seconds to wait for an inform acknowledgment If no acknowledgment is received within the timeout period the inform is retransmitted Default 15 snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring SNMP Informs on page 157 e retry count on page 304 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements traceoptions SNMP Supported Platforms Syntax Hierarchy Level Release Information Description Options ACX Series EX Series M Series MX Series PTX Series SRX210 SRX3400 vSRX T Series traceoptions file filename lt files number gt lt match regular expression gt lt size size gt lt world readable no world readable gt flag flag no remote trace edit snmp Statement introduced before Junos OS Release 7 4 file filename option added in Junos OS Release 8 1 world readable no world readable option added in Junos OS Release 8 1 match regular expression option added in Junos OS Release 8 1 Statement introduced in Junos OS Release 9 0 for EX Series switches The output of the tracing
329. opics reference mibs mib jnx dfc txt Ethernet MAC MIB 0 1 o 0 http Avwwwijunipernet techpubs en_US junosi2 1 topics reference mibs jnx mac txt Event MIB 1 1 1 1 1 1 1 http Avwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx event txt EX Series MAC Notification MIB 0 0 0 1 0 0 0 0 0 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx ex mac notification bt EX Series SMI MIB 0 0 0 0 0 0 0 0 http Avwwijuniper net techpubs en US junosl21 topics reference mibs mib jnx ex smi txt 56 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 5 Enterprise Specific MIBs and Supported Devices continued Platforms Mid High Enterprise Specific MIB Range End 0 Experimental MIB 1 1 1 1 1 0 0 0 http Avwwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx exp txt Firewall MIB il ll 1 1 http Avwwijuniper net techpubs en US junosl21 topics reference mibs mib jnx firewall txt Flow Collection Services MIB 0 0 0 0 0 0 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx coll txt Host Resources MIB 0 http Awwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx hostresources txt Interface MIB 1 1 1 1 http Avwwwijunipernet techpubs
330. or EX Series switches Configure health monitoring The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring Health Monitoring on Devices Running Junos OS on page 239 279 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices interface Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation interval Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 280 EX Series LN Series M Series MX Series PTX Series OFX Series SRX Series T Series interface interface names edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the interfaces on which SNMP requests can be accepted If you omit this statement SNMP requests entering the router or switch through any interface are accepted interface names Names of one or more logical interfaces snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Interfaces on Which SNMP Requests Can Be Accepted on pag
331. or Security Devices Table 4 Standard MIBs Supported on Devices Running Junos OS continued MIB RFC RFC 5643 Management Information Base for OSPFv3 NOTE Junos OS support for this MIB is read only Junos OS does not support the following tables and objects defined in this MIB e ospfv3HostTable ospfv3CfgNbrTable e ospfv3ExitOverflowinterval e ospfv3ReferenceBandwidth e ospfv3RestartSupport e ospfv3Restartinterval e ospfv3RestartStrictLsaChecking e ospfv3RestartStatus e ospfv3RestartAge e ospfv3RestartExitReason e ospfv3NotificationEnable e ospfv3StubRouterSupport e ospfv3StubRouterAdvertisement e ospfv3DiscontinuityTime e ospfv3RestartTime e ospfv3AreaNssatTranslatorRole e ospfv3AreaNssatTranslatorState e ospfv3AreaNssaTranslatorStabinterval e ospfv3AreaNssatTranslatorEvents e ospfv3AreaTEEnabled e ospfv3lfMetricValue e ospfv3lfDemandNbrProbe Platforms wast 0 1 1 1 O RFC 6527 Definitions of Managed Objects for the Virtual Router Redundancy Protocol Version 3 VRRPVv3 except row creation the Set operation and the objects vrrpv3StatisticsRowDiscontinuityTime and vrrpv3StatisticsPacketLengthErrors Internet Assigned Numbers Authority ANAiftype Textual Convention MIB referenced by RFC 2233 available at http Avww iana org assignments ianaiftype mib 30 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 4 Standard
332. or addressing There are two parts of an engine ID prefix and suffix The prefix is formatted according to the specifications defined in RFC 3411 An Architecture for Describing Simple Network Management Protocol SNMP Management Frameworks You can configure the suffix here D NOTE SNMPv3 authentication and encryption keys are generated based on the associated passwords and the engine ID If you configure or change the engine ID you must commit the new engine ID before you configure SNMPv3 users Otherwise the keys generated from the configured passwords are based on the previous engine ID For the engine ID we recommend using the MAC address of the management port local engine id suffix Explicit setting for the engine ID suffix use default ip address The engine ID suffix is generated from the default IP address use mac address The SNMP engine identifier is generated from the MAC address of the management interface on the router Default use default ip address snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Local Engine ID on page 156 Copyright 2015 Juniper Networks Inc 271 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices enterprise oid Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation event Supported Platforms
333. orageType 1 3 6 1 6 3 16 1 2 1 4 vacmSecurityToGroupStatus 1 3 6 1 6 3 16 1 2 1 5 vacmAccessContextMatch 1 3 6 1 6 3 16 1 4 1 4 vacmAccessReadViewName 1 3 6 1 6 3 16 1 4 1 5 vacmAccessWriteViewName 1 3 6 1 6 3 16 1 4 1 6 vacmAccessNotifyViewName 1 3 6 1 6 3 16 1 4 1 7 vacmAccessStorageType 1 3 6 1 6 3 16 1 4 1 8 vacmAccessStatus 1 3 6 1 6 3 16 1 4 1 9 vacmViewSpinLock 1 3 6 1 6 3 16 1 5 1 vacmViewTreeFamilyMask 1 3 6 1 6 3 16 1 5 2 1 3 vacmViewTreeFamilyType 1 3 6 1 6 3 16 1 5 2 1 4 vacmViewTreeFamilyStorageType 1 3 6 1 6 3 16 1 5 2 1 5 vacmViewTreeFamilyStatus 1 3 6 1 6 3 16 1 5 2 1 6 RFC 2576 snmpCommunityName 1 3 6 1 6 3 18 1 1 1 2 snmpCommunitySecurityName 1 3 6 1 6 3 18 1 1 1 3 snmpCommunityContextEnginelD 1 3 6 1 6 3 18 1 1 1 4 Copyright 2015 Juniper Networks Inc SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 11 SNMP MIB Objects continued Object Name Object Identifier snmpCommunityContextName 1 3 6 1 6 3 18 1 1 1 5 snmpCommunityTransportTag 1 3 6 1 6 3 18 1 1 1 6 snmpCommunityStorageType 1 3 6 1 6 3 18 1 1 1 7 snmpCommunityStatus 1 3 6 1 6 3 18 1 1 1 8 RFC 2576 snmpTargetAddrMask 1 3 6 1 6 3 18 1 2 1 1 snmpTargetAddrMMS 1 3 6 1 6 3 18 1 2 1 2 Related Documentation e Standard SNMP MIBs Supported by Junos OS on page 13 e Jun
334. ore Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Define the value of the MIB II sysLocation object which is the physical location of the managed system location Location of the local system You must enclose the name within quotation marks snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the System Location for a Device Running Junos OS on page 118 Copyright 2015 Juniper Networks Inc 283 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices logical system Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 284 EX Series LN Series M120 MX240 PTX Series SRX Series SRX210 SRX3400 T1600 logical system logical system name routing instance routing instance name source address adoress edit snmp community community name edit snmp trap group edit snmp trap options edit snmp v3target address target address name Statement introduced in Junos OS Release 9 3 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series NOTE The logical system statement replaces the logical router statement and is backward compatible with Junos OS Release 8 3 and later Specify a logica
335. ork management system NMS The trap notification filter limits the type of traps that are sent to the NMS Each object identifier represents a subtree of the MIB object hierarchy The subtree can be represented either by a sequence of dotted integers such as 1 3 6 1 2 1 2 or by its subtree name such as interfaces You can also use the wildcard character asterisk in the object identifier OID to specify object identifiers that match a particular pattern To configure the trap notifications filter include the notify filter statement at the edit snmp v3 hierarchy level edit snmp v3 notify filter profile name profile name is the name assigned to the notify filter By default the OID is set to include To define access to traps or objects from traps include the oid statement at the edit snmp v3 notify filter profile name hierarchy level edit snmp v3 notify filter profile name oid oid include exclude oid is the object identifier All MIB objects represented by this statement have the specified OID as a prefix It can be specified either by a sequence of dotted integers or by a subtree name include Include the subtree of MIB objects represented by the specified OID exclude Exclude the subtree of MIB objects represented by the specified OID e Configuring SNMPv3 Traps on a Device Running Junos OS on page 158 e Configuring the SNMPv3 Trap Notification on page 159 Configuring the Trap Target Addr
336. orks Inc 119 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices e Configuring the System Description on a Device Running Junos OS on page 119 Configuration Statements at the edit snmp Hierarchy Level on page 248 Configuring the Commit Delay Timer Supported Platforms Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series When a router or switch first receives an SNMP nonvolatile Set request a Junos OS XML protocol session opens and prevents other users or applications from changing the candidate configuration equivalent to the command line interface CLI configure exclusive command If the router does not receive new SNMP Set requests within 5 seconds the default value the candidate configuration is committed and the Junos OS XML protocol session closes the configuration lock is released If the router receives new SNMP Set requests while the candidate configuration is being committed the SNMP Set request is rejected and an error is generated If the router receives new SNMP Set requests before 5 seconds have elapsed the commit delay timer the length of time between when the last SNMP request is received and the commit is requested resets to 5 seconds By default the timer is set to 5 seconds To configure the timer for the SNMP Set reply and start of the commit include the commit delay statement at the edit snmp nonvolatile hierarchy level edit snmp
337. orks Inc 157 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation Figure 1 Inform Request and Response ct L Inform request SNMP agent gt SNMP Manager ct L Response agent lt SNMP Manager 5 For information about configuring SNMP traps see Configuring SNMPv3 Traps ona Device Running Junos OS on page 158 e Configuring SNMPv3 Traps on a Device Running Junos OS on page 158 Configuring the Remote Engine and Remote User on page 172 Configuring the Inform Notification Type and Target Address on page 170 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Configuring SNMPv3 Traps on a Device Running Junos OS Supported Platforms 158 ACX Series M Series MX Series PTX Series QFX Series T Series In SNMPv3 you create traps and informs by configuring the notify target address and target parameters parameters Traps are unconfirmed notifications whereas informs are confirmed notifications This section describes how to configure SNMP traps For information about configuring SNMP informs see Configuring SNMP Informs on page 157 The target address defines a management application s address and parameters to be used in sending notifications Target parameters define the message processing and security parameters that are used in sending notif
338. otoe de edaee ese 322 StartUup alanmM 4064 4 ge gaeke Ghee Oia sec neeShebentAadgios wie ede be rew mers 323 SVSIOS SU DIAS iid 32 arias Gace Sone ae eee ee Gadus nies aver 324 TAS 2 E E ENEE E ome bas GH ere See dan Soak ewades Rare REPhe Rae eaiad ead 324 TOS AIST fos acdisices oo 4 oe es Bae ele EE EEE EEE EN E E eh E A EE 325 targetaddieSS urean Sk ts a aes Se Rad a ARA B dewere anh Sedona eae 326 target ParaMeters 2 0 eee ee nee eee 327 Ire AIEI EAE A E S E EA A A T a7 rk E ares ne Be E SAA A E ae 328 TUPATE EI ss EEEE E es E E EE E E E E E E E EAEE E 328 traceoptions SNMP ressice sasidas dren adii ennaa a i i i a 329 taD ProD srna aeea aud eral E La ad e dee aana a aN 33 ton opn ta stars enw carina a beste 4 wie ook de a a a teeter isis ghee eae eens es 332 EVD asd cra dows decd ss reste gael 4s T a Ga has ou ee ea ou ead E tad 333 N SA ari etree E ee Sees aah a hee Sone eens Bees ort prion ees 334 DSM AA ss Ge reneo te E T aie eva is ete ee be AS atch ts ae A erates we eked 335 IST lhia ents E ead oop testes AT Greet ores Sos eee eb goes eee ek E A Guanes 336 WS oxi E EE GAGS ERASE EL MAL OL oes FRESE EMOTE RAO AEA EE IAEE 338 yae Misina a aa a a ste idea A aia ia A EE EN 340 yana DE is wars es aoe dSLR IRE E O OA ADSENSE 341 VERSION sardetan tooni por Aa E Beal a tea aa a aE aad D 341 view Associating a MIB View with a Community 0000000 342 view Configuring a MIB View eee eens 343 VEES VIEW ornans
339. ou can configure a request type statement to extend the scope of the RMON alarm to include all object instances belonging to a MIB branch or to include the next object instance after the instance specified in the configuration To configure the request type include the request type statement at the edit snmp rmon alarm index hierarchy level and specify get next request get request or walk request edit snmp rmon alarm index request type get next request get request walk request walk extends the RMON alarm configuration to all object instances belonging to a MIB branch next extends the RMON alarm configuration to include the next object instance after the instance specified in the configuration Copyright 2015 Juniper Networks Inc Chapter 13 Configuring RMON Alarms and Events Configuring the Sample Type The sample type identifies the method of sampling the selected variable and calculating the value to be compared against the thresholds If the value of this object is absolute value the value of the selected variable is compared directly with the thresholds at the end of the sampling interval If the value of this object is delta value the value of the selected variable at the last sample is subtracted from the current value and the difference is compared with the thresholds To configure the sample type include the sample type statement and specify the type of sample at the edit snmp rmon alarm index hierarchy le
340. ources MIB eesesesesesessseeseseseeeseeees 34 39 44 50 l IDP MIB uu cescesessessessessssessessessssesssssssssesssesssssessessssssssessenssseees 34 41 WEI Ves aaa E ace reactance 5 informs SNMP See SNMP informs integrated local management interface See ILMI Interface Accounting Forwarding Class MIB 34 Interface MIB scescesesecsesesssseesessestesessessesteseesees 34 39 45 50 interface statement SNM Pitan titer innana an a AR 280 usage SUICELINGS ccc estes eseetesesteeeeeesenes 124 interfaces limiting SNMP ACCESS sess 124 interval statement Me alth MONITO knnen dente heen 281 usage guidelineS seesesererrrerrresrrrerrrerrrrerrreerrn 24 RMON Vii esessctsessenissersins 280 usage SUIDELINES xidiiscscikn annie 226 IP Forward MIB ccssescssssesesseseseeescssesesesseseeeeees 34 39 45 50 IPsec Generic Flow Monitoring Object Ml Bienni ee ceeded 34 40 45 51 IPsec Monitoring MIB cece 34 40 45 51 IPsec VPN Objects MIB sccccsssescssssssesssesesssessesessesesesees 35 TV AIM B sse 35 40 45 51 IPV6 and ICMPV6 MIB sescsscesssessssescssescssesssesesesessesesseseseeseee 35 IPV6 SNMP community StriNG eee ceeeeeseteeseeeeees 122 J JNXRMONALAPMTADLE ceseceseesssessesescssescseeeseeseseseesesesseeeees 220 Juniper Networks MIB ODje CtS cccessesceseseeseseseeeseeees 63 K key performance INdiCAtOIS cccesesesesseseseeeseeeeeseeseees 236 L LZALD MIB uu cesssssssscssscssscscscscsssssssscssscs
341. p file size limitation default is 5 megabytes for branch SRX Series and 10 megabytes for high end SRX Series and disk storage limitation default is 80 percent The expired dump file is removed automatically When the dump file exceeds the limited size a new dump file is created and the old dump file is compressed When disk utilization exceeds the storage limitation data collection is skipped but is attempted the next time If an issue should arise then the collected data is examined to help identify its cause Once you enable a predefined group the vital data of all OIDs in the group are periodically collected and analyzed Only critical data is collected when CPU utilization exceeds 60 percent but is within 80 percent A maximum of 64 groups per OIDs are supported for branch SRX Series devices anda maximum of 128 groups per OIDs are supported for high end SRX Series devices You can also collect raw MIB OID data For the format of raw OID output the first volume is 40 characters and the second volume is 30 characters in length Any extra characters are stripped Copyright 2015 Juniper Networks Inc 203 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation Q TIP To make the dump file easily understood we recommend that you configure short comments for each raw OID Use the set system processes system log vital disable command to manually disable the syslvd process daemon D
342. p group group name categories category destination port port number routing instance instance logical system logical system name targets address version all vl v2 trap options agent address outgoing interface source address address enterprise oid logical system logical system name routing instance routing instance name source address address routing instance routing instance name source address address v3 notify name tag tag name type trap inform Copyright 2015 Juniper Networks Inc 249 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices notify filter profile name oid oid include exclude snmp community community index community name community name security name security name tag tag name target address target address name address address address mask address mask logical system logical system port port number retry count number routing instance instance tag list tag list target parameters target parameters name timeout seconds target parameters target parameters name notify filter profile name parameters message processing model v1 v2c v3 security level authentication none privacy security model usm v1 v2c security name security name usm local engine user username authentication md5 authentication password authentication password authentication none
343. p support IDP database update status and trap support attack related monitoring and trap support for all SRX Series devices This MIB models IDP attributes specific to the appropriate Juniper Networks implementation For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js idp txt For more information see DP MIB Interface MIB Extends the standard ifTable RFC 2863 with additional statistics and Juniper Networks enterprise specific chassis information For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx if extensions txt For more information see nterface MIB Interface Accounting Forwarding Class MIB Extends the Juniper Enterprise Interface MIB and provides support for monitoring statistcs data for interface accounting and IETF standardization This MIB is currently supported by Junos OS for M Series and MX Series devices only For a downloadable version of this MIB see http Awwwjjuniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx if accounting txt For more information see nterface Accounting Forwarding Class MIB IP Forward MIB Extends the standard IP Forwarding Table MIB RFC 2096 to include CIDR forwarding information For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipforward txt
344. page 213 e Filtering Traps Based on the Trap Category on page 214 Filtering Traps Based on the Object Identifier on page 214 Generating Traps Based on SysLog Events Generating Traps Based on SysLog Events Event policies can include an action that raises traps for events based on system log messages This feature enables notification of an SNMP trap based application when an important system log message occurs You can convert any system log message for which there is no corresponding trap into a trap If you are using network management system traps rather than system log messages to monitor your network you can use this feature to ensure that you are notified of all the major events To configure a policy that raises a trap on receipt of an event include the following statements at the edit event options policy policy name hierarchy level edit event options policy policy name events events then raise trap The following example shows the sample configuration for raising a trap for the event ui_mgd_terminate edit event options policy p1 events ui_mgd_terminate then raise trap Copyright 2015 Juniper Networks Inc 213 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Filtering Traps Based on the Trap Category SNMP traps are categorized into many categories The Junos OS provides a configuration option categories at the edit snmp trap group trap group hie
345. pnVrfMidRouteThreshold value as follows edit routing instances lt instance name gt user RI1 set routing options maximum paths lt limit gt threshold lt threshold value gt This configuration sets the mplsL3VpnVrfMidRouteThreshold value to lt threshold value gt of lt limit gt This value can also be calculated as lt limit gt lt threshold value gt 100 mplsL3VpnVrfNumVrfRouteMaxThreshExceeded Generated when the number of routes contained by the specified VRF exceeds or attempts to exceed the maximum allowed value as indicated by mplsL3VpnVrfMaxRouteThreshold mplsL3VpnNumvVrfSecillglLblThrshExcd Generated when the number of illegal label violations on a VRF as indicated by mplsL3VpnvrfSeclillegalLblVltnshas exceeded mplsL3VpnillLblRcvThrsh mplsL3VpnNumvVrfRouteMaxThreshCleared Generated only after the number of routes contained by the specified VRF exceeds or attempts to exceed the maximum allowed value as indicated by mplsVrfMaxRouteThreshold and then falls below this value Related Juniper Networks Enterprise Specific SNMP Traps on page 80 D tati ead nace e Standard SNMP Traps Supported on Devices Running Junos OS on page 95 e Juniper Networks Enterprise Specific MIBs on page 32 Copyright 2015 Juniper Networks Inc 105 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices e Standard SNMP MIBs Supported by Junos OS on page 13 e Configuring SNMP Trap Options and Grou
346. ported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation rising event index Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 304 LN Series retry count number edit snmp v3 target address target address name Statement introduced in Junos OS Release 7 4 Configure the retry count for SNMP informs number Maximum number of times the inform is transmitted if no acknowledgment is received If no acknowledgment is received after the inform is transmitted the maximum number of times the inform message is discarded Default 3 times snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring SNMP Informs on page 157 timeout on page 328 EX Series LN Series M Series MX Series PTX Series T Series rising event index index edit snmp rmon alarm index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Index of the event entry that is used when a rising threshold is crossed If this value is zero no event is triggered index I ndex of the event entry that is used when a rising threshold is crossed Range O through 65 535 Default O snmp To view this statement in the configuration snmp con
347. pported Platforms ACX Series LN Series M Series MX Series T Series Junos OS supports monitoring routers from remote devices These values are measured against thresholds and trigger events when the thresholds are crossed You configure remote monitoring RMON alarm and event entries to monitor the value of a MIB object To configure RMON alarm and event entries you include statements at the edit snmp hierarchy level of the configuration edit snmp rmon alarm index description text description falling event index index falling threshold integer falling threshold interval seconds interval seconds rising event index index rising threshold integer request type get next request get request walk request sample type absolute value delta value startup alarm falling alarm rising alarm rising or falling alarm syslog subtag syslog subtag variable oid variable event index community community name description description type type Copyright 2015 Juniper Networks Inc 223 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation e Understanding RMON Alarms on page 219 Understanding RMON Events on page 221 e Configuring an Alarm Entry and Its Attributes on page 224 Configuring an Event Entry and Its Attributes on page 228 Configuring an Alarm Entry and Its Attributes Supported Platforms LN Series M Series MX Series PTX Ser
348. ps see Defining Access Privileges for an SNMP Group on page 148 Example Security Group Configuration Supported Platforms Related Documentation LN Series M Series MX Series SRX Series T Series Assign security names to groups vacm security to group security model usm security name user group group security name user2 group group2 security name user3 group group3 e Assigning Security Model and Security Name to a Group on page 153 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Example Configuring the Tag List Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series In the following example two tag entries routerl and router2 are defined at the edit snmp v3 notify notify name hierarchy level When an event triggers a notification Junos OS sends a trap to all target addresses that have router or router2 configured in their target address tag list This results in the first two targets getting one trap each and the third target getting two traps edit snmp v3 notify nl tag router Identifies a set of target addresses Copyright 2015 Juniper Networks Inc 155 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation type trap Defines the type of notification notify n2 tag router2 type
349. ps on a Device Running Junos OS on page 128 Managing Traps and Informs on page 213 Unsupported Standard SNMP Traps Supported Platforms LN Series SRX Series Standard SNMP traps that are defined in MIBs supported by the Junos OS but are not generated by the Junos OS are shown in Table 16 on page 107 106 Copyright 2015 Juniper Networks Inc Table 16 Unsupported Standard SNMP Traps MIB isismib mib Trap Name isisDatabaseOverload Chapter 3 SNMP MIBs and Traps Supported by Junos OS Description Generated when the system enters or leaves the overload state isisManualAddressDrops Generated when one of the manual areaAddresses assigned to the system is ignored when computing routes isisCorruptedLSPDetected Generated when an LSP stored in memory becomes corrupted isisAttemptToExceedMaxSequence Generated when the sequence number on a generated LSP wraps the 32 bit sequence counter and the number is purged isisIDLenMismatch Generated when a protocol data unit PDU is received with a different value for the system ID length This trap includes an index to identify the circuit where the PDU was received and the PDU header isisMaxAreaAddressesMismatch Generated when a PDU with a different value for the maximum area addresses is received isisOwnLSPPurge Generated when a PDU is received with a system ID and zero age This notification includes the circuit index if available
350. ps on page 131 Copyright 2015 Juniper Networks Inc 255 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices alarm SNMP RMON Supported Platforms ACX Series EX Series M Series MX Series OCX1100 PTX Series OFX Series standalone switches SRX210 SRX3400 T Series Syntax alarm index description description falling event index index falling threshold integer falling threshold interval seconds interval seconds request type get next request get request walk request rising event index index rising threshold integer sample type absolute value delta value startup alarm falling alarm rising alarm rising or falling alarm syslog subtag syslog subtag variable ojd variable Hierarchy Level edit snmp rmon Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Statement introduced in Junos OS Release 14 1X53 D20 for the OCX Series Description Configure RMON alarm entries Options index ldentifies this alarm entry as an integer The remaining statements are explained separately Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring an Alarm Entry and Its Attributes on page 224 Documentation event on page 272 R
351. pt optlfODUkPositionSeqCurrentSize and optlfODUkTtpPresent RFC 3592 Definitions of Managed Objects for the Synchronous Optical Network Synchronous Digital Hierarchy SONET SDH Interface Type 0 1 1 1 O O o O O Copyright 2015 Juniper Networks Inc 23 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 4 Standard MIBs Supported on Devices Running Junos OS continued Platforms MIB RFC RFC 3621 Power Ethernet MIB ie 0 0 O o 0 0 o RFC 3635 Definitions of Managed Objects forthe O 0 0 1 0 0 0 0 Ethernet like Interface Types except dot3StatsRateControlAbility and dot3StatsRateControlStatus in dot3StatsEntry table NOTE The values of the following objects in dot3HCStatsEntry table will be always zero for both 32 bit counters and 64 bit counters e dot3HCStatsSymbolErrors e dotHCStatsinternalMacTransmitErrors RFC 3637 Definitions of Managed Objects forthe O 1 1 1 0 1 0 0 0 Ethernet WAN Interface Sublayer except etherWisDeviceTable etherWisSectionCurrentTable and etherWisFarEndPathCurrentTable RFC 3811 Definitions of Textual Conventions TCs 1 0 1 1 0 0 for Multiprotocol Label Switching MPLS Management RFC 3812 Multiprotocol Label Switching MPLS 1 1 1 1 0 1 0 0 0 Traffic Engineering TE Management Information Base MIB read only access e MPLS tunnels as interfaces are not supported
352. ption edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Define the value of the MIB II sysDescription object which is the description of the system being managed description System description If the name includes spaces enclose it in quotation marks snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the System Description on a Device Running Junos OS on page 119 269 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices description Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation destination port Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation 270 EX Series LN Series M Series MX Series PTX Series T Series description description edit snmp rmon alarm index edit snmp rmon event index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Text description of alarm or event description Text description of an alarm or event entry If the description includes spaces enclose it in
353. ption on a Device Running Junos OS on page 119 ing the System Name on page 119 ing the Commit Delay Timer on page 120 ing the SNMP Community String on page 120 Examples Configuring the SNMP Community String on page 122 Filtering Configur Duplicate SNMP Requests on page 123 ing the Interfaces on Which SNMP Requests Can Be Accepted on page 124 Example Configuring Secured Access List Checking on page 124 Filtering Configur Interface Information Out of SNMP Get and GetNext Output on page 125 ing MIB Views on page 126 Example Ping Proxy MIB on page 127 Configur Configur Configur ing SNMP Trap Options and Groups ona Device Running Junos OS on page 128 ing SNMP Trap Options on page 128 ing SNMP Trap Groups on page 132 Example Configuring SNMP Trap Groups on page 134 Configur ing the Trap Notification Filter on page 135 Configuring SNMP ona Device Running Junos OS Supported Platforms ACX Series M Series MX Series PTX Series SRX Series T Series Copyright 2015 Juniper Networks Inc 15 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices By default SNMP is disabled on devices running Junos OS To enable SNMP on a router or switch you must include the SNMP configuration statements at the edit snmp hierarchy level To configure the minimum requirements for SNMP include the following statements at the edit snmp hierarchy level of the configuration edit snmp
354. punctuation Inform notifications are supported in SNMPv3 to increase reliability For example an SNMP agent receiving an inform notification acknowledges the receipt For inform notifications the remote engine ID identifies the SNMP agent on the remote device where the user resides and the username identifies the user on a remote SNMP engine who receives the inform notifications Consider a scenario in which you have the values in Table 17 on page 174 to use in configuring the remote engine ID and remote user in this example Table 17 Values to Use in Example Name of Variable Value username ulO remote engine ID 800007E5804089071BC6DI10A41 authentication type authentication md5 authentication password qol67R encryption type privacy des privacy password m 72Jl9v Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 Configuration CLI Quick To quickly configure this example copy the following commands and paste them into a Configuration text file remove any line breaks and change any details necessary to match your network configuration copy and paste these commands into the CLI at the edit snmp v3 hierarchy level and then enter commit from configuration mode The following example configures user u10 located on remote engine 0x800007E5804089071BC6D10A41 and the user s authentication and privacy keys The keys are autogenerated from the passwords entered by the command line int
355. r To associate MIB views with a community include the view statement at the edit snmp community community name hierarchy level edit snmp community community name view view name For more information about the Ping MIB see RFC 2925 and the PING MIB topic Copyright 2015 Juniper Networks Inc Related Documentation Chapter 5 Configuring SNMP PING MIB Configuring SNMP on a Device Running Junos OS on page 115 Configuration Statements at the edit snmp Hierarchy Level on page 248 Example Ping Proxy MIB on page 127 view Configuring a MIB View on page 343 view Associating MIB View with a Community oid on page 293 Example Ping Proxy MIB Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Restrict the ping mib community to read and write access of the Ping MIB and jnxpingMIB only Read or write access to any other MIB using this community is not allowed edit snmp view ping mib view oid 1 3 6 1 2 1 80 include pingMIB oid jnxPingMIB include jnxPingMIB community ping mib authorization read write view ping mib view The following configuration prevents the no ping mib community from accessing Ping MIB and jnxPingMIB objects However this configuration does not prevent the no ping mib community from accessing any other MIB object that is supported on the device Related Documentation edit snmp view no ping mib view oid 1 3 6 1 2 1 80 exclude
356. r current hierarchy level is shown in the banner on the line preceding the user host prompt edit snmp client list client list name ip addresses community community name authorization authorization client list name client list name clients address lt restrict gt logical system logical system name routing instance routing instance name clients address lt restrict gt routing instance routing instance name clients address lt restrict gt view view name contact contact description description engine id local engine id use default ip address use mac address filter duplicates interface interface names location location name name nonvolatile commit delay seconds 248 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements rmon alarm index description description falling event index index falling threshold integer falling threshold interval seconds interval seconds request type get next request get request walk request rising event index index rising threshold integer sample type type startup alarm alarm syslog subtag syslog subtag variable oid variable event index community community name description description type type traceoptions file filename lt files number gt lt size size gt lt world readable no world readable gt lt match regular expression gt flag flag tra
357. r include exclude snmp community community index community name community name security name security name tag tag name target address target address name Copyright 2015 Juniper Networks Inc 251 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 252 address address address mask address mask logical system logical system port port number retry count number routing instance instance tag list tag list target parameters target parameters name timeout seconds target parameters target parameters name notify filter profile name parameters message processing model v1 v2c v3 security level authentication none privacy security model usm v1 v2c security name security name usm local engine remote engine engine id user username authentication md5 authentication password authentication password authentication none authentication sha authentication password authentication password privacy 3des privacy password privacy password privacy aes128 privacy password privacy password privacy des privacy password privacy password privacy none vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy notify view view name read view view name write view view name Copyr
358. r a downloadable version of this MIB see http Awwwijunipernet techpubs en_US junos 51x49 topics eference mibs mib jnx lsys securityprofile txt For more information see Logical Systems MIB Network Address Translation NAT Objects MIB Provides support for monitoring network address translation NAT This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js nat txt For more information see NAT Objects MIB Packet Forwarding Engine MIB Provides notification statistics for Packet Forwarding Engines For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx pfe txt For more information see Packet Forwarding Engine MIB Copyright 2015 Juniper Networks Inc 51 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 52 Ping MIB Extends the standard Ping MIB control table RFC 2925 Items in this MIB are created when entries are created in pingCtlTable of the Ping MIB Each item is indexed exactly as it is in the Ping MIB For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ping txt For more information see PING MIB Policy Objects MIB Provides support for monitoring the security policies that
359. r a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js spu monitoring txt For more information see SPU Monitoring Objects MIB System Log MIB Enables notification of an SNMP trap based application when an important system log message occurs For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx syslog txt For more information see System Log MIB Traceroute MIB Supports the Junos OS extensions of traceroute and remote operations Items in this MIB are created when entries are created in the traceRouteCtlTable of the Traceroute MIB Each item is indexed exactly the same way as it is in the Traceroute MIB For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx traceroute txt For more information see Traceroute MIB Utility MIB Provides SNMP support for exposing Junos OS data and has tables that contain information about each type of data such as integer and string For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx util txt Copyright 2015 Juniper Networks Inc 47 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation For more information see Utility MIB VPN Cert
360. rEndCurrentTable dsx3FarEndintervalTable dsx3FarEndTotalTable and dsx3FracTable 0 1 RFC 4087 IP Tunnel MIB Describes MIB objects in the following tables for managing tunnels of any type over IPv4 and IPv6 networks e tunnellfTable Provides information about the tunnels known to a router e tunnellnetConfigTable Assists dynamic creation of tunnels and provides mapping from end point addresses to the current interface index value NOTE Junos OS supports MAX ACCESS of read only for all the MIB objects in tunnellfTable and tunnellnetConfigTable tables O 1 Copyright 2015 Juniper Networks Inc 25 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 4 Standard MIBs Supported on Devices Running Junos OS continued Platforms MIB RFC RFC 4133 Entity MiB Supports tables and 0 0 0 1 0 0 0 0 objects except e entityLogicalGroup table e entPhysicalMfgDate and entPhysicalUris objects in entityPhysical2Group table e entLPMappingTable and entPhysicalContainsTable in entityMappingGroup table e entityNotoficationsGroup table NOTE Supported only on MX240 MX480 and MX960 routers RFC 4188 Definitions of Managed Objects for 0 0 0 1 1 0 0 0 Bridges Supports 802 1D STP 1998 Supports only the following subtrees and objects e dotldStp subtree is supported on MX Series 3D Universal Edge Routers dotidTpFdbAddress doti
361. rarchy level that enables you to specify categories of traps that you want to receive on a particular host You can use this option when you want to monitor only specific modules of the JUnos OS The following example shows a sample configuration for receiving only link vrrp events services and otn alarms traps edit snmp trap group jnpr categories link vrrp events services otn alarms targets 192 168 69 179 Filtering Traps Based on the Object Identifier The Junos OS also provides a more advanced filter option that enables you to filter out specific traps based on their object identifiers You can use the notify filter option to filter out a specific trap or a group of traps The following example shows the sample configuration for excluding Juniper Networks enterprise specific configuration management traps note that the SNMPv3 configuration also supports filtering of SNMPv1 and SNMPv2 traps as is shown in the following example edit snmp v3 vacm security to group security model v2c security name sn_v2c_trap group gr_v2c_trap access group gr_v2c_trap default context prefix security model v2c security level none read view all notify view all 214 Copyright 2015 Juniper Networks Inc Related Documentation target address TA_v2c_trap address 10 209 196 166 port 9001 tag list tg target parameters TP_v2c_trap target paramete
362. ration 0 0 000000 ee eee ee 169 Configuring the Inform Notification Type and Target Address 170 Example Configuring the Inform Notification Type and Target Address 171 Configuring the Remote Engine and Remote User 0 000 e eee 172 Example Configuring the Remote Engine ID and Remote Users 173 Chapter 7 Configuring Routing InstanceS 0 0 c cece eee eee eee teens 177 Understanding SNMP Support for Routing InstanceS 000 e uae 177 Trap Support for Routing InstanceS 6 eae 178 Copyright 2015 Juniper Networks Inc v SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices vi Chapter 8 Chapter 9 Chapter 10 Identifying a Routing Instance 0 ee eee ee 179 Enabling SNMP Access over Routing InstanceS 0 0 cece eee 180 Specifying a Routing Instance in an SNMPv1 or SNMPv2c Community 180 Example Configuring Interface Settings for a Routing Instance 181 Configuring Access Lists for SNMP Access over Routing Instances 183 Configuring Remote Operations 00 0 cece eee ene 185 SNMP Remote Operations OverVieW 2 eee eee 185 SNMP Remote Operation RequirementS 0000 cee eee eee 186 Setting SNMP VIEWS esas octane cee te wade oien Geena Gases eae eae on 186 Example Setting SNMP ViewS 0 0 00 cee eee eee eee 186 Setting Trap Notification for Remote Operations
363. ration at the Off edit snmp hierarchy level database Log events involving storage and retrievalinthe Off events database events Log important events Off Copyright 2015 Juniper Networks Inc 199 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 21 SNMP Tracing Flags continued Flag Description Default Setting general Log general events Off interface stats Log physical and logical interface statistics Off nonvolatile set Log nonvolatile SNMP set request handling Off pdu Log SNMP request and response packets Off policy Log policy processing Off protocol timeouts Log SNMP response timeouts Off routing socket Log routing socket calls Off server Log communication with processes that are Off generating events subagent Log subagent restarts Off timer Log internal timer events Off varbind error Log variable binding errors Off To display the end of the log for an agent issue the show log agentd last operational mode command edit user host run show log agentd last where agent is the name of an SNMP agent Related Configuring SNMP ona Device Running Junos OS on page 115 Documentation Configuration Statements at the edit snmp Hierarchy Level on page 248 e Example Tracing SNMP Activity on page 200 Configuring SNMP Example Tracing SNMP Activity Supported Platforms LN Series M Series MX Series PTX Series SRX Series
364. reshTrap Generated when the loss of power 15 minute interval threshold is reached adslAturRateChangeTrap Generated when the ATURs transmit rate changes RADSL mode only rfc3020 mib mfrMibTrapBundleLinkMismatch Generated when a bundle link mismatch is detected rfc3813 mib mplsXCUp Generated when mplsXCOperStatus for one or more contiguous entries in mplsXCTable enters the up 1 state from some other state mplsXCDown Generated when mplsXCOperStatus for one or more contiguous entries in mplsXCTable enters the down 2 state from some other state Related Documentation Juniper Networks Enterprise Specific SNMP Traps on page 80 Standard SNMP Traps Supported on Devices Running Junos OS on page 95 Juniper Networks Enterprise Specific MIBs on page 32 Standard SNMP MIBs Supported by Junos OS on page 13 Copyright 2015 Juniper Networks Inc 109 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices no Copyright 2015 Juniper Networks Inc CHAPTER 4 Loading MIB Files to a Network Management System Loading MIB Files to a Network Management System on page 111 Loading MIB Files to a Network Management System Supported Platforms LN Series SRX Series For your network management system NMS to identify and understand the MIB objects used by the Junos OS you must first load the MIB files to your NMS using a MIB compiler A MIB compiler is a utility that parses the MIB information
365. ries M Series MX Series PTX Series OFX Series T Series privacy 3des privacy password privacy password edit snmp v3 usm local engine user username edit snmp v3 usm remote engine engine id user username Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the triple Data Encryption Standard 3DES as the privacy type for the SNMPv3 user privacy password privacy password Password that a user enters The password is then converted into a key that is used for encryption SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Encryption Type on page 146 Copyright 2015 Juniper Networks Inc privacy aes128 Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements LN Series M Series MX Series PTX Series OFX Series T Series privacy aes128 privacy password privacy password edit snmp v3 us
366. ries T Series syslog subtag syslog subtag edit snmp rmon alarm index Statement introduced in Junos OS Release 8 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Add a tag to the system log message syslog subtag syslog subtag Tag of not more than 80 uppercase characters to be added to syslog messages Default None snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the System Log Tag on page 227 EX Series LN Series M Series MX Series PTX Series T Series tag tag name edit snmp v3 notify name edit snmp v3 snmp community community index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure a set of targets to receive traps or informs for IPv4 packets only tag name ldentifies the address of managers that are allowed to use a community string snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Tag on page 169 e Configuring the SNMPv3 Trap Notification on page 159 Copyright 2015 Juniper Networks Inc tag list Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Serie
367. right 2015 Juniper Networks Inc 301 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices remote engine Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 302 M Series MX Series PTX Series OFX Series SRX Series T Series remote engine engine id user username authentication md5 authentication password authentication password authentication none authentication sha authentication password authentication password privacy aes128 privacy password privacy password privacy des privacy password privacy password privacy 3des privacy password privacy password privacy none privacy password privacy password edit snmp v3 usm Statement introduced in Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure the remote engine information for the user based security model USM To send inform messages to an SNMPv3 user on a remote device you must configure the engine identifier for the SNMP agent on the remote device where the user resides engine id Engine identifier Used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host The remaining statements are explained separately snmp
368. rity name If you support SNMPv1 and SNMPv2c in addition to SNMPv3 you must configure separate security names within the security to group configuration at the edit snmp v3 vacm access hierarchy level Configuring the Group 154 After you have created SNMPv3 users or v1 or v2 security names you associate them with a group A group is a set of security names belonging to a particular security model A group defines the access rights for all Users belonging to it Access rights define what SNMP objects can be read written to or created A group also defines what notifications a user is allowed to receive If you already have a group that is configured with all of the view and access permissions that you want to give a user you can add the user to that group If you want to give a user Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 view and access permissions that no other groups have or if you do not have any groups configured create a group and add the user to it To configure the access privileges granted to a group include the group statement at the edit snmp v3 vacm security to group security model usm v1 v2c security name security name hierarchy level edit snmp v3 vacm security to group security model usm v1 v2c security name security name group group name group name identifies a collection of SNMP security names that share the same access policy For more information about grou
369. rm index hierarchy level edit snmp rmon alarm index falling threshold integer rising threshold integer integer can be a value from 2 147 483 647 through 2 147 483 647 Configuring the Interval The interval represents the period of time in seconds over which the monitored variable is sampled and compared with the rising and falling thresholds To configure the interval include the interval statement and specify the number of seconds at the edit snmp rmon alarm index hierarchy level edit snmp rmon alarm index interval seconds seconds can be a value from 1 through 2 147 483 647 The default is 60 seconds Configuring the Falling Threshold Interval The falling threshold interval represents the interval between samples when the rising threshold is crossed Once the alarm crosses the falling threshold the regular sampling interval is used O NOTE You cannot configure the falling threshold interval for alarms that have the request type set to walk request To configure the falling threshold interval include the falling threshold interval statement at the edit snmp rmon alarm index hierarchy level and specify the number of seconds edit snmp rmon alarm index falling threshold interval seconds seconds can be a value from 1 through 2 147 483 647 The default is 60 seconds Configuring the Request Type 226 By default an RMON alarm can monitor only one object instance as specified in the configuration Y
370. rmation about objects that are used whenever the state of the control link interfaces or fabric link interfaces changes Up to down or down to up ina chassis cluster deployment For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx jsrpd txt For more information see Chassis Cluster MIB Copyright 2015 Juniper Networks Inc 43 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 44 Configuration Management MIB Provides notification for configuration changes as SNMP traps Each trap contains the time at which the configuration change was committed the name of the user who made the change and the method by which the change was made A history of the last 32 configuration changes is kept in jnxCmChgEventTable For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx cfgmgmt txt For more information see Configuration Management MIB e Destination Class Usage MIB Provides support for monitoring packet counts based on the ingress and egress points for traffic transiting your networks Ingress points are identified by input interface Egress points are identified by destination prefixes grouped into one or more sets known as destination classes One counter is managed per interface per destination class up to a maximum of 16 counters per interface Fora downloadabl
371. rms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series QFX Series T Series security level authentication none privacy edit snmp v3 target parameters target parameters name parameters Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the security level to use when generating SNMP notifications none authentication Provide authentication but no encryption none No authentication and no encryption privacy Provide authentication and encryption snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Security Level on page 165 Copyright 2015 Juniper Networks Inc 313 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices security model Access Privileges Supported Platforms EX Series LN Series M Series MX Series OFX Series T Series Syntax security model usm v1 v2c Hierarchy Level edit snmp v3 vacm access group group name default context prefix context prefix context prefix Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Stateme
372. roup object all vl and v2c traps that apply to routing instances or interfaces belonging to a routing instance have the routing instance name encoded in the community string The encoding is identical to that Used in request PDUs For traps configured under the v3 framework the routing instance name is carried in the context field when the v3 message processing model has been configured For other message processing models v1 or v2c the routing instance name is not carried in the trap message header and not encoded in the community string Related Understanding SNMP Support for Routing Instances on page 177 D tati ocumentaton e MIB Support Details on page 63 Identifying a Routing Instance Supported Platforms ACX Series M Series MX Series PTX Series SRX Series T Series With this feature routing instances are identified by either the context field in v3 requests or encoded in the community string in vl or v2c requests When encoded in a community string the routing instance name appears first and is separated from the actual community string by the character To avoid conflicts with valid community strings that contain the character the community is parsed only if typical community string processing fails For example if a routing instance named RI is configured an SNMP request with RI public is processed within the context of the RI routing instance Access control views source address restrictions access privileg
373. router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Encryption Type on page 146 Copyright 2015 Juniper Networks Inc read view Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series OFX Series T Series read view view name edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Associate the read only view with a community for SNMPv1 or SNMPv2c clients ora group name for SNMPv3 clients view name The name of the view to which the SNMP user group has access snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Read View on page 152 e Configuring MIB Views on page 126 Copy
374. rs Routers must have the Internet Processor II ASIC to perform firewall monitoring For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx firewall txt For more information see Firewall MIB Host Resources MIB Extends the hrStorageTable object providing a measure of the usage of each file system on the router in percentage Previously the objects in the Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS hrStorageTable measured the usage in allocation units hrStorageUsed and hrStorageAllocationUnits only Using the percentage measurement you can more easily monitor and apply thresholds on usage For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx hostresources txt For more information see Host Resources MIB Interface MIB Extends the standard ifTable RFC 2863 with additional statistics and Juniper Networks enterprise specific chassis information For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx if extensions txt For more information see nterface MIB IP Forward MIB Extends the standard IP Forwarding Table MIB RFC 2096 to include CIDR forwarding information For a downloadable version of this MIB see http www juniper net techpubs en_US ju
375. rs TP_v2c_trap parameters message processing model v2c security model v2c security level none security name sn_v2c_trap notify filter nfl notify v2c_notify type trap tag tgl notify filter nfl oid 1 3 6 1 4 1 2636 4 5 exclude oid 1 include snmp community index community name 9 tDLLOIH7Nbw2axN SECRET DATA security name sn_v2c_trap tag tgl view all oid 1 include Understanding SNMP Implementation in the Junos OS Configuring SNMP on Devices Running the Junos OS Chapter 11 SNMP FAQs Monitoring SNMP Activity and Tracking Problems That Affect SNMP Performance ona Device Running the Junos OS Optimizing the Network Management System Configuration for the Best Results Configuring Options on Managed Devices for Better SNMP Response Time Using the Enterprise Specific Utility MIB to Enhance SNMP Coverage Copyright 2015 Juniper Networks Inc 215 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 216 Copyright 2015 Juniper Networks Inc Remote Monitoring RMON with SNMP RMON Overview on page 219 Configuring RMON Alarms and Events on page 223 Monitoring RMON Alarms and Events on page 231 Copyright 2015 Juniper Networks Inc 217 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 218 Copyright 2015 Juniper Networks Inc CHAPTER 12 RMON Overview Understanding RMON Alarms on page
376. rts only two ILMI MIB variables atmfMYIPNmAddress and atmfPortMylfname For ATM and ATM2 intelligent queuing IQ interfaces you can configure ILMI to communicate directly with an attached ATM switch to enable querying of the switch s IP address and port number For more information about the ILMI MIB see the ATM Forum at http www atmforum com Related Understanding Device Management Functions in Junos OS on page 3 Documentation Copyright 2015 Juniper Networks Inc 5 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 6 Copyright 2015 Juniper Networks Inc PART 2 Network Mon itoring Using SNMP SNMP MIBs Overview on page 9 SNMP MIBs and Traps Supported by Junos OS on page 13 Loading Configur e Configur Configur Configur MIB Files to a Network Management System on page 111 ing SNMP on page 115 ing SNMPv3 on page 137 ing Routing Instances on page 177 ing Remote Operations on page 185 Tracing SNMP Activity on page 197 Configur ing Vital MIB Data on page 203 e SNMP FAQs on page 213 Copyright 2015 Juniper Networks Inc SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 8 Copyright 2015 Juniper Networks Inc CHAPTER 2 SNMP MIBs Overview Understanding the SNMP Implementation in Junos OS on page 9 Understanding the SNMP Implementation in Junos OS Supported Platforms SNMP Architectur
377. run 1 16 Result of Ist probe from run 2 Upon completion of the second run of this test pingProbeHistoryTable will contain probes like those in Table 20 on page 194 Table 20 Results in pingProbeHistoryTable After the Second Ping Test pingProbeHistorylndex Probe Result 26 Result of 11th probe from run 2 27 Result of 12th probe from run 2 28 Result of 13th probe from run 2 29 Result of 14th probe from run 2 30 Result of 15th probe from run 2 History entries can be deleted from the MIB in two ways e More history entries for a given test are added and the number of history entries exceeds pingCtlMaxRows The oldest history entries are deleted to make room for the new ones You delete the entire test by setting pingCtlRowStatus to destroy Stopping a Ping Test Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series To stop an active test set pingCtlAdminStatus to disabled To stop the test and remove its pingCtlEntry pingResultsEntry and any pingHistoryEntry objects from the MIB set pingCtlRowStatus to destroy Interpreting Ping Variables Supported Platforms 194 ACX Series LN Series M Series MX Series PTX Series SRX Series T Series This section clarifies the ranges for the following variables that are not explicitly specified in the Ping MIB Copyright 2015 Juniper Networks Inc Chapter 8 Configuring Remote Operations pingCtlDataSize The value
378. ry becomes valid is less than or equal to this threshold After a falling event is generated another falling event cannot be generated until the sampled value rises above this threshold and reaches the rising threshold You must specify the falling threshold as a percentage of the maximum possible value The default is 70 percent By default the rising threshold is 80 percent of the maximum possible value for the monitored object instance The rising threshold is the Upper threshold for the monitored variable When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval is less than this threshold a single event is generated A single event is also generated if the first sample after this entry becomes valid is greater than or equal to this threshold After a rising event is generated another rising event cannot be generated until the sampled value falls below this threshold and reaches the falling threshold You must specify the rising threshold as a percentage of the maximum possible value for the monitored variable To configure the falling threshold or rising threshold include the falling threshold or rising threshold statement at the edit snmp health monitor hierarchy level edit snmp health monitor falling threshold percentage rising threshold percentage percentage can be a value from 1 through 100 The falling and rising thresholds apply to all object instances monitored b
379. s 180 ACX Series LN Series M Series MX Series PTX Series SRX Series T Series You can specify the routing instance along with the client information when you add a client to an SNMP community To specify the routing instance to which a client belongs include the routing instance statement followed by the routing instance name and client information in the SNMP configuration The following example shows the configuration statement to add routing instance test ri to SNMP community community D NOTE Routing instances specified at the edit snmp community community name hierarchy level are added to the default logical system in the community Copyright 2015 Juniper Networks Inc Chapter 7 Configuring Routing Instances edit snmp community community clients 10 209 152 33 32 routing instance test ri clients 10 19 19 1 32 If the routing instance is defined within a logical system include the routing instance statement at the edit snmp community community name logical system logical system name hierarchy level as in the following example edit snmp community community clients 10 209 152 33 32 logical system test LS routing instance test ri clients 10 19 19 1 32 Related Understanding SNMP Support for Routing Instances on page 177 Documentation e Identifying a Routing Instance on page 179 e Enabling SNMP Access over Routing Instances on page 180 e Conf
380. s For a complete understanding of our JTAC procedures and policies review the JTAC User Guide located at http www juniper net us en local pdf resource guides 7100059 en pdf Product warranties For product warranty information visit http www juniper net support warranty JTAC hours of operation The JTAC centers have resources available 24 hours a day 7 days a week 365 days a year Self Help Online Tools and Resources For quick and easy problem resolution Juniper Networks has designed an online self service portal called the Customer Support Center CSC that provides you with the following features Copyright 2015 Juniper Networks Inc xix SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Find CSC offerings http www juniper net customers support Search for known bugs http www2 juniper net kb Find product documentation http www juniper net techpubs Find solutions and answer questions using our Knowledge Base http kb juniper net Download the latest versions of software and review release notes http www juniper net customers csc software Search technical bulletins for relevant hardware and software notifications http kb juniper net InfoCenter Join and participate in the Juniper Networks Community Forum http www juniper net company communities Open a case online in the CSC Case Management tool http www juniper net cm To verif
381. s OFX Series T Series tag list tag list edit snmp v3 target address target address name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure an SNMP tag list Used to select target addresses tag list Define sets of target addresses tags To specify more than one tag specify the tag names as a space separated list enclosed within double quotes snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Trap Target Address on page 162 Copyright 2015 Juniper Networks Inc 325 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices target address Supported Platforms Syntax Hierarchy Level Release Information 326 Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series PTX Series T Series target address target address name address address address mask address mask logical system logical system port port number retry count number routing instance instance tag list tag list target parameters target parameters name timeout seconds edit snmp v3 Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure the address of an S
382. s This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipsec flow mon txt For more information see Psec Generic Flow Monitoring Object MIB IPsec Monitoring MIB Provides operational and statistical information related to the IPsec and IKE tunnels on Juniper Networks routers For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipsec monitor asp txt For more information see Psec Monitoring MIB IPv4 MIB Provides additional Internet Protocol version 4 IPv4 address information supporting the assignment of identical IPv4 addresses to separate interfaces Fora downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipv4 txt For more information see Pv4 MIB License MIB Extends SNMP support to licensing information and introduces SNMP traps that alert Users when the licenses are about to expire expire or when the total number of users exceeds the number specified in the license For a downloadable version of this MIB see http Avww juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx license txt For more information see License MIB e Logical Systems MIB Provides support for logical systems security profile Fo
383. s than it does for Set requests read write access SNMPv3 The most up to date protocol focuses on security SNMPv3 defines a security model user based security model USM and a view based access control model VACM SNMPv3 USM provides data integrity data origin authentication message replay protection and protection against disclosure of the message payload SNMPv3 VACM provides access control to determine whether a specific type of access read or write to the management information is allowed In addition the Junos OS SNMP agent software accepts IPv4 and IPv6 addresses for transport over IPv4 and IPv6 For IPv6 the Junos OS supports the following features SNMP data over IPv6 networks e IPv6 specific MIB data SNMP agents for IPv6 System Log Monitoring and Troubleshooting Guide for Security Devices e SNMPv3 Overview on page 138 e Configuring SNMP on a Device Running Junos OS on page 115 e Configuration Statements at the edit snmp Hierarchy Level on page 248 Copyright 2015 Juniper Networks Inc CHAPTER 3 SNMP MIBs and Traps Supported by SUAS OS Standard SNMP MIBs Supported by Junos OS on page 13 Juniper Networks Enterprise Specific MIBs on page 32 List of SRX100 SRX210 SRX220 SRX240 SRX550 and SRX650 Services Gateways Supported Enterprise Specific MIBs on page 37 List of SRX1400 SRX3400 and SRX3600 Services Gateways Supported Enterprise Specific MIBs on page 42 List of SRX540
384. scription Examples Bold text like this Represents graphical user interface GUI Inthe Logical Interfaces box select items you click or select All Interfaces e To cancel the configuration click Cancel gt bold right angle bracket Separates levels in a hierarchy of menu In the configuration editor hierarchy selections select Protocols gt Ospf Documentation Feedback We encourage you to provide feedback comments and suggestions so that we can improve the documentation You can provide feedback by using either of the following methods Online feedback rating system On any page at the Juniper Networks Technical Documentation site at http www juniper net techpubs index html simply click the stars to rate the content and use the pop up form to provide us with information about your experience Alternately you can use the online feedback form at https www juniper net cgi bin docbugreport E mail Send your comments to techpubs comments juniper net Include the document or topic name URL or page number and software version if applicable Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center JTAC If you are a customer with an active J Care or Partner Support Service support contract or are covered under warranty and need post sales technical support you can access our tools and resources online or open a case with JTAC JTAC policie
385. scssesesesssseesssesessssesseseeesees 148 privacy password StAteEMENt cceccscseeeeeseeeeseseeeee 300 usage guidelines for 3DES AlSOrithim c ecssssssscsessesesteseeseeseeneees 147 for AES algorithm for DES algorithm Pseudowire TDM MIB cessesesssscssessssssseesessessssteseesessesesessees PSO MIB esis aneiennaeannaomadtennans R read view STATEMENK cccessessestesesseseesessesteseeseesesteseeseesees usage BUIGELINGS ccccscesescssesessssescssestseessseseseeeeseeeees remote operations MIBS ccccsscsseesesesesssssseseseseeseeeeeees remote engine statement request type STATEMENT ee cscecescssesssecsesesseeteteestseeees RMON usage SUIGELINGS s csecscesctctessszccssemtemitanecnan 226 retry COUNT StAtEMOEN cccccsssssesesesesesessteeseseseeeeeeeees 304 usage BUICELINGS ccccccsessescssesestessesseseseesessseeseseeeese 170 Reverse Path Forwarding MIB 41 46 52 rising event index statement 304 usage BUICELINGS cccccsesessescssesessesesesseseseestsesseseeeesees 225 rising threshold statement Health MONTO A escesceseeseesesseseseeseeseseseesessesseseeseesees RMON esecsssessssesseesessesecsecsessssucseesesseseseeseesesnsstsaseseaneases RMON alarm entries RMON Alar S ccccsscssessesessssessessesteseesessesesesseesesseseeases RMON event CNtri S cccescsesssesessesessssesessssesessssesseseseesees RMON VEMMS ccscssssesessssesssssessesssssssesessesessesesseseeeesess RMON Events and Alarms MIB
386. set filter interfaces interfaces ge user host commit When this is configured Junos OS filters out all interfaces except the ge interfaces from the SNMP get and get next results NOTE The mark is supported only as the first character of the regular expression If it appears anywhere else in a regular expression Junos OS considers the regular expression invalid and returns an error However note that these settings are limited to SNMP operations and the users can continue to access information related to the interfaces including those hidden using the filter interfaces options using the appropriate Junos OS command line interface CLI commands Copyright 2015 Juniper Networks Inc 125 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation e Configuring the Interfaces on Which SNMP Requests Can Be Accepted on page 124 Configuring SNMP on a Device Running Junos OS on page 115 Configuration Statements at the edit snmp Hierarchy Level on page 248 Configuring MIB Views Supported Platforms 126 QFX Series SNMP v3 defines the concept of MIB views in RFC 3415 View based Access Control Model VACM for the Simple Network Management Protocol SNMP MIB views provide an agent better control over who can access specific branches and objects within its MIB tree A view consists of aname and a collection of SNMP object identifiers which are either explici
387. set to the lowest loopback address configured at interface loO Default Disabled The source address is the address of the outgoing interface snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Source Address for SNMP Traps on page 129 Copyright 2015 Juniper Networks Inc 321 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices snmp community Supported Platforms EX Series LN Series M Series MX Series PTX Series T Series Syntax snmp community community index community name community name security name security name tag tag name Hierarchy Level edit snmp v3 Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the SNMP community Options community index Optional String that identifies an SNMP community The remaining statements are explained separately Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring the SNMPv3 Community on page 167 Documentation 322 Copyright 2015 Juniper Networks Inc startup alarm Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configura
388. sis Cluster MIBs 0 0 O 0 0 0 0 1 http Avwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx jsrpd txt Class of Service MIB 1 1 1 1 1 0 0 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx cos txt Configuration Management MIB i 1 1 1 http Awwwijunipernet techpubs en_US junos2 1 topics reference mibs mib jnx cfgmgmt txt Destination Class Usage MIB 0 0 0 1 1 http wwwijuniper net techpubs en US junos121 topics reference mibs mib jnx dcu txt Copyright 2015 Juniper Networks Inc 55 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 5 Enterprise Specific MIBs and Supported Devices continued Platforms Enterprise Specific MIB EX PTX End Range End DHCP MIB 1 1 1 0 O O http Awwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx jdhcp txt DHCPv6 MIB O 1 1 1 0 O 0 O O http Avwwwijunipernet techpubs en_US junosi2 1 topics reference mibs mib jnx jdhcpv6 txt Digital Optical Monitoring MIB 0 0 0 0 http Avwwijuniper net techpubs en US junos121 topics reference mibs mib jnx dom txt DNS Objects MIB O O O 8 0 O O 1 http Awwwijunipernet techpubs en_US junos 2 1 topics reference mibs mib jnx js dns txt Dynamic Flow Capture MIB 0 1 il 0 0 0 0 http Avwwijuniper net techpubs en US junos121 t
389. sisiiirisiiatiiinin 135 OSPF MIB P Packet Forwarding Engine MIB 4O 46 51 parameters StAtEMENh cccccsssssssescseetesetsesessseseeeeeees 295 sage SUIGElINGS sae icdactiadciantcaanecdancss 163 parentheses in syntax GESCTIPTIONS c eects xviii performance iNdiCatorS ssessesesesriesrirerrreerrrsrrrserrnsrrrnerrens 236 Ping MIB uu ec eeeseseeessssssesescsescseseescsesescseessecsesesesseeeeees use in ping test view configuration example ONM 8a ccccarschets a E a A 127 pingProbeHistoryTable sssesssrrssrrssrrserrresrresrrrerrrrerrrernn 193 Policy Objects MIB s ssssessrerrserrrssrrisrrrssrrssrreesrrenn 4l 46 52 port statement SNMPV3 caine wena eae 295 Sage g ldelih S nnnnssinssnanannnnna 162 370 Power Supply Unit MIB uu cece 33 PPP MI BerssesectiecetictepectisheeesenHiaset a a 17 36 PPPOE MIB resns SEA 36 prefix list adding to SNMP COMMUNI 166 privacy 3des STATEMEN eeccecsesessesessesecsessessseeseeseeneens 296 usage SUICELINGS ccecssessescsesescsseseseeseeeseseseeseseseesees 147 privacy aes128 StAtEMEN th cccccseseseseeseessesesesesesenens 297 usage SUICELINGS ec ceesssscssesesesesesseseseesesesestseeseseeeesees 147 privacy des State MEN eccecesesseseesesesseseseessseseeeseeeses 298 usage SUICELINGS cccecssessesesessescsseseseesesesestseeseseseesees 147 PFIVACY NONE StATEMENNL cccescscesssesesesessssessscseeseseeeeeees 299 usage BUICELINGS ccccecseess
390. snmp community community index hierarchy level is encrypted and not displayed in the command line interface CLI snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the SNMPv3 Community on page 167 Copyright 2015 Juniper Networks Inc contact Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation description Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series SRX Series T Series contact contact edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Define the value of the MIB II sysContact object which is the contact person for the managed system contact Name of the contact person If the name includes spaces enclose it in quotation marks snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the System Contact on a Device Running Junos OS on page 118 EX Series LN Series M Series MX Series PTX Series OFX Series SRX Series T Series description descri
391. source address statement at the edit snmp trap options hierarchy level edit snmp trap options source address address Copyright 2015 Juniper Networks Inc 129 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices address is a valid IPv4 address configured on one of the router interfaces The Lowest Loopback To specify the source address of the SNMP traps so that they use the lowest loopback Address As the Source address configured onthe interface loO as the source address include the source address Address Statement at the edit snmp trap options hierarchy level edit snmp trap options source address loO To enable and configure the loopback address include the address statement at the edit interfaces loO unit O family inet hierarchy level edit interfaces loO unit O family inet address ip address To configure the loopback address as the source address of trap packets edit snmp trap options source address loO trap group urgent dispatcher version v2 categories link startup targets 192 168 10 22 172 17 1 2 edit interfaces loO unit O family inet address 10 0 0 1 32 address 127 0 0 1 32 In this example the IP address 10 0 0 1 is the source address of every trap sent from this router Logical System Name To specify a logical system name as the source address of SNMP traps include the as the Source Address logical sys
392. sseesescsesesesssseseseseeeeeeees 262 usage BUICELINGS ce eecsessesessessssssesesseseseesseesestseeeseeeaes 132 Chassis Cluster MIB c cccsesesssecssssssssseesessssssseseesesneees Chassis MIBhu ecscessessesessessessesessecsessssssseesesssstseeseeseens Class 1 MIB objects Class 2 MIB ODje CtS ccccssescssesssessscssssesesssseseesssesseessessesesesees Class 3 MIB ODJ CtS csescesessessessestssteseeseesssteseesessesteseeseesees Class 4 MIB ODj CtS i ccccssesessssescsssscssesesessssesscstscestesseeecees client list adding to SNMP COMMUDNItY ccssesesseseeeeeeeees 166 ClieNt liSt StATEMENK ec sesessecsestestesessessesteseeseeseseeees 262 sage SUIGELIMES sinisiin 166 client list name StateMeNt cccceesesesecseeseseseeseeseeees 263 USAGE SUIGELINGS ce cscesesessesesessesessestsessesestesssenseeenees 166 clients STATEMEN Kh ecscestessessesessssseseeseesessesteseeseeseseeseesees 264 USASE SUIGELIMES vessccscsisccssesccemsiaivastasinmisienitn dee 120 comments in configuration statements xviii Commit delay StateMent cece 265 usage guideli community statement PIM QIN ond sete scecteccsaseerccasssectstts cans teeszseel rennet usage guidelines SNMP craen R usage guidelines community string SNMP ccesesesssesesssescsesesssssseeeseeees community name StateEMeNt ceeseseseeeeeseees 268 usage guidelineS ssssseserseriessriserrssrrrssrrenriesrreerrrern 168 Configuration Management MIB 38
393. stances and logical system networks Before Junos OS Release 8 4 only the SNMP manager in the default routing instance inet 0 had access to the MIB objects With the increase in virtual private network VPN service offerings this feature is useful particularly for service providers who need to obtain SNMP data for specific routing instances see Figure 2 on page 178 Service providers can use this information for their own management needs or export the data for use by their customers Copyright 2015 Juniper Networks Inc 177 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation Figure 2 SNMP Data for Routing Instances Routing platform Interface 1 Logical Router LR Interface 3 Routing Instance R1 gt Logical Router LR a Interface 2 ogical Router Routing Instance R2 Interface 4 IF Index Datai Data2 DataN 1 If LR R1 is specified in the SNMP request gt only information for interfaces 1 3 appear in the table gt 3 If LR R2 is specified in the SNMP request pa only information for interfaces 2 4 appear in the table lt lt If no logical router routing instance is specified N 8 information for all interfaces is returned If no routing instance is specified in the request the SNMP agent operates as before For nonrouting table objects all instances are exposed For routing tabl
394. subtag statement at the edit snmp rmon alarm index hierarchy level edit snmp rmon alarm index syslog subtag syslog subtag Copyright 2015 Juniper Networks Inc 227 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Configuring the Variable The variable identifies the MIB object that is being monitored To configure the variable include the variable statement and specify the object identifier or object name at the edit snmp rmon alarm index hierarchy level edit snmp rmon alarm index variable oid variable oid variable is a dotted decimal for example 1 3 6 1 2 1 2 1 2 2 1 10 1 or MIB object name for example iflnOctets 1 Configuring an Event Entry and Its Attributes Supported Platforms 228 Related Documentation LN Series M Series MX Series PTX Series T Series Anevent entry generates a notification for an alarm entry when its rising or falling threshold is crossed You can configure the type of notification that is generated To configure the event entry include the event statement at the edit snmp rmon hierarchy level All statements except the event statement are optional edit snmp rmon event index community community name description description type type index identifies an entry event community name is the trap group that is used when generating a trap If that trap group has the rmon alarm trap category configured a trap is sent to all the
395. t books Supported Platforms For the features described in this document the following platforms are supported vSRX e LN Series e SRX Series Using the Examples in This Manual If you want to use the examples in this manual you can use the load merge or the load merge relative command These commands cause the software to merge the incoming configuration into the current candidate configuration The example does not become active until you commit the candidate configuration Copyright 2015 Juniper Networks Inc XV SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices If the example configuration contains the top level of the hierarchy or multiple hierarchies the example is a full example In this case use the load merge command If the example configuration does not start at the top level of the hierarchy the example is a snippet In this case Use the load merge relative command These procedures are described in the following sections Merging a Full Example To merge a full example follow these steps 1 From the HTML or PDF version of the manual copy a configuration example into a text file save the file with a name and copy the file to a directory on your routing platform For example copy the following configuration to a file and name the file ex script conf Copy the ex script conf file to the var tmp directory on your routing platform system scripts commit file
396. t introduced in Junos OS Release 11 1 for the OFX Series Associate a community string with the security name of a user The community string which is used for SNMPv1 and SNMPv2c clients in an SNMPv3 system is configured at the edit snmp v3 snmp community community index hierarchy level security name Name that is used for messaging security and user access control D NOTE The security name must match the configured security name at the edit snmp v3 target parameters target parameters name parameters hierarchy level when you configure traps or informs snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Security Names on page 169 Copyright 2015 Juniper Networks Inc 317 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices security name Security Group Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 318 EX Series LN Series M Series MX Series T Series security name security name group group name edit snmp v3 vacm security to group security model usm v1 v2c Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Associate a group or a community string with a configured security group security name Username configured at the
397. t is rejected because of reverse path forwarding RPF processing For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx rpf txt NOTE The enterprise specific RPF MIB is not supported on EX Series Ethernet Switches For more information see Reverse Path Forwarding MIB RMON Events and Alarms MIB Supports the Junos extensions to the standard Remote Monitoring RMON Events and Alarms MIB RFC 2819 The extension augments alarmTable with additional information about each alarm Two new traps are also defined to indicate when problems are encountered with an alarm For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx rmon txt For more information see RMON Events and Alarms MIB e Security Interface Extension Objects MIB Provides support for the security management of interfaces This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx js if ext txt For more information see Security Interface Extension Objects MIB SNMP IDP Objects MIB Provides support for monitoring SNMP IDP queries requests responses and failures This MIB defines the key monitoring and threshold crossing trap support IDP database update status and trap support att
398. t prefix context prefix security model any usm v1 v2c security level authentication none privacy read view view name view name specifies read access for an SNMP user group A view name cannot exceed 32 characters Configuring the Write View To associate a write view with an SNMP user group include the write view statement at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy hierarchy level edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy write view view name view name specifies write access for an SNMP user group A view name cannot exceed 32 characters Related Configuring the SNMPv3 Authentication Type on page 145 Documentation e Defining Access Privileges for an SNMP Group on page 148 e Assigning Security Model and Security Name to a Group on page 153 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Example Access Privilege Configuration on page 152 Example Access Privilege Configuration Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Define access privileges edit snmp v3 access group group
399. t sampling period This value is compared with the rising and falling thresholds alarmStartupAlarm The alarm sent when the entry is first activated alarmRisingThreshold The upper threshold for the sampled variable alarmFallingThreshold The lower threshold for the sampled variable alarmRisingEventIndex The eventTable entry used when a rising threshold is crossed alarmFallingEventIndex The eventTable entry used when a falling threshold is crossed alarmStatus Method for adding and removing entries from the table It can also be used to change the state of an entry to allow modifications D NOTE If this object is not set to valid the associated event alarm does not take any action jnxRmonAlarmTable The jnxRmonAlarmTable is a Juniper Networks enterprise specific extension to alarmTable It provides additional operational information and includes the following objects jnxRmonAlarmGetFailCnt The number of times the internal Get request for the variable monitored by this entry has failed jnxRmonAlarmGetFailTime The value of sysUpTime when an internal Get request for the variable monitored by this entry last failed jnxRmonAlarmGetFailReason The reason an internal Get request for the variable monitored by this entry last failed jnxRmonAlarmGetOkTime The value of sysUpTime when an internal Get request for the variable monitored by this entry succeeded and the entry left the getFailure
400. t techpubs en_US junos15 1x49 topics reference mibs mib jnx js spu monitoring txt For more information see SPU Monitoring Objects MIB e Structure of Management Information MIB Contains object identifiers OIDs for the security branch of the MIBs used in Junos OS for SRX Series devices services and traps This MIB is currently supported by Junos OS for SRX Series devices only Explains how the Juniper Networks enterprise specific MIBs are structured For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx smi txt For more information see Structure of Management Information MIB Structure of Management Information MIB for EX Series Ethernet Switches Defines a MIB branch for switching related MIB definitions for the EX Series Ethernet Switches For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ex smi txt For more information see EX Series SMI MIB List of SRX100 SRX210 SRX220 SRX240 SRX550 and SRX650 Services Gateways Supported Enterprise Specific MIBs Supported Platforms LN Series SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 Junos OS supports the following enterprise specific MIBs Copyright 2015 Juniper Networks Inc 37 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 38 e Structure of Management Information MI
401. tal MIB Data ccc cece eee ete eees 203 Understanding Vital MIB OID Data Collection 0000 000 c eee 203 Generating Readable Raw OID Data Collections 0 00 0000 204 Generating Raw MIB OID froma Policy 0 0 0c cece eee 205 Generating Vital Data from a Predefined Group nananana naaran narran 206 Generating Vital Data from an Interface 6 eee 207 Generating Vital Data from an IPsec VPN 0 0 ce eee 208 Generating Vital Data from a NAT Rule 2 nee 209 Generating Vital Data from an Operating Component 00000 210 Generating Vital Data froma Screen eee eee 210 Copyright 2015 Juniper Networks Inc Table of Contents Chapter 11 SNMP FAQS 2200c cc6u a nedi imal age san ellen eG woe hee we ease eee 213 Managing TrapsanG NIONS s25 s25644 ide Gda so eer eE tan eek sews oed 213 Generating Traps Based on SysLog EventS 0 0000 araar eee 213 Filtering Traps Based on the Trap Category cc eee 214 Filtering Traps Based on the Object Identifier 0000 214 Part 3 Remote Monitoring RMON with SNMP Chapter 12 RMON Overview seacicaccaesawsamsademe dawned Marke Swea ds da daaied bara 219 Understanding RMON Alarms 000 ccc ee eee raai 219 LANA Gs ce 3 rcpt vet oe Roatan fh ats R ous avast oot a eyo eens ara caida Gera e 219 jnxRmonAlarmTable 0 ee eee eee ee 220 Understanding RMON EventsS 0 0 00 ccc cece eee eens 221 CVEMiM
402. tance To configure a routing instance within a logical system specify the logical system name followed by the routing instance name Use a slash to separate the two names for example test lr test ri To configure the default routing instance on a logical system specify the logical system name followed by default for example test lr default Configuring the Trap Target Address 162 Each target address statement can have one or more tags configured in its tag list Each tag can appear in more than one tag list When a significant event occurs on the network device the tag list identifies the targets to which a notification is sent To configure the tag list include the tag list statement at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name tag list tag list tag list specifies one or more tags as a space separated list enclosed within double quotes Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 For an example of tag list configuration see Example Configuring the Tag List on page 155 For information about how to specify a tag at the edit snmp v3 notify notify name hierarchy level see Configuring the SNMPv3 Trap Notification on page 159 NOTE When you configure SNMP traps make sure your configured access privileges allow the traps to be sent Configure access privileges at the edit snmp v3 vacm
403. teChange 1 3 6 1 2114 16 2 2 All devices running Junos OS ospfVirtNbrStateChange 1 3 6 1 211416 2 3 All devices running Junos OS ospflfConfigError 1 3 6 1 2114 16 2 4 All devices running Junos OS ospfVirtlfConfigError 1 3 6 1 2114 16 2 5 All devices running Junos OS ospflfAuthFailure 1 3 6 1 2114 16 2 6 All devices running Junos OS ospfVirtlfAuthFailure 1 3 6 1 211416 2 7 All devices running Junos OS ospfifRxBadPacket 1 3 6 1 2 1 14 16 2 8 All devices running Junos OS ospfVirtlIfRxBadPacket 1 3 6 1 2 1 14 16 2 9 All devices running Junos OS ospfTxRetransmit 1 3 61 2114 16 2 10 All devices running Junos OS ospfVirtlfTxRetransmit 1 3 6 1 2 1 14 16 2 11 i All devices running Junos OS ospfMaxAgeLsa 1 3 6 1 21 14 16 2 13 All devices running Junos OS ospfifStateChange 1 3 6 1 211416 216 All devices running Junos OS MPLS Notifications 102 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 15 Standard Supported SNMP Version 2 Traps continued System Logging Severity Defined in Trap Name snmpTrapOID Level Syslog Tag Supported On i a RFC 3812 mplsTunnelUp Multiprotocol Label Switching MPLS Traffic mplsTunnelDown Engineering TE Managemen t mplsTunnelRerouted Information Base mplsTunnelReoptimized Entity State MIB Notifications RFC 4268
404. tem logical system name statement at the edit snmp trap options hierarchy level For example the following configuration sets logical system name ls1 as the source address of SNMP traps edit snmp trap options logical system ls 130 Copyright 2015 Juniper Networks Inc Chapter 5 Configuring SNMP Routing Instance To specify a routing instance name as the source address of SNMP traps include the Name as the Source _routing instance routing instance name statement at the edit snmp trap options hierarchy Address level For example the following configuration sets the routing instance name ril as the source address for SNMP traps edit snmp trap options routing instance ril Configuring the Agent Address for SNMP Traps The agent address is only available in SNMPv1 trap packets see RFC 1157 By default the router s default local address is used in the agent address field of the SNMPvI trap To configure the agent address include the agent address statement at the edit snmp trap options hierarchy level Currently the agent address can only be the address of the outgoing interface edit snmp trap options agent address outgoing interface To configure the outgoing interface as the agent address edit snmp trap options agent address outgoing interface trap group urgent dispatcher version v1 categories link startup targets 192 168 10 22 172 17 1 2
405. tement introduced in Junos OS Release 9 0 for EX Series switches Specify an object identifier OID used to represent a subtree of MIB objects This OID is a prefix that the represented MIB objects have in common exclude Exclude the subtree of MIB objects represented by the specified OID include Include the subtree of MIB objects represented by the specified OID oid Object identifier used to represent a subtree of MIB objects All MIB objects represented by this statement have the specified OID as a prefix You can specify the OID using either a sequence of dotted integers or a subtree name snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Trap Notification Filter on page 135 Copyright 2015 Juniper Networks Inc parameters Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation port Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series OFX Series T Series parameters message processing model v1 v2c v3 security level none authentication privacy security model usm v1 v2c security name security
406. th monitor routing engine history user host gt show snmp health monitor routing engine history brief Resource CPU jnxOperatingCPU 9 1 0 0 Event Critical Falling 76 2013 04 10 18 44 47 JST Configuration 1 30 70 85 Monitor Inter Mod High Crit Action Usage Trail 76 76 76 78 78 78 78 78 78 78 Top and Growing Consumer Top Consumer Usage Growth flowd_octeon_hm 252 2 Copyright 2015 Juniper Networks Inc 353 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices idle cpud 34 34 av_worker 3 2 Growing Consumer Usage Growth idle cpud 34 34 flowd_octeon_hm 252 2 av_worker 3 2 Load averages 2 01 1 min Resource Var cf var CjnxHrStoragePercentUsed 5 1 70 5 min 2 01 15 min 2013 04 10 14 51 29 JST Event High Rising 70 Configuration 1 30 70 85 Monitor Inter Mod High Crit Action Usage Trail 70 70 69 69 69 69 69 69 69 69 Top and Growing Consumer KB Top Consumer Usage Growth secdb_06 db 50424 0 idpd_trace 23860 0 SignatureUpdate xml 20322 0 ai_cachedfa_group_c 10784 0 dfa_group_cache db 10456 0 Growing Consumer Usage Growth default log message 4403 4403 chassisd 1467 4 jsrpd 1202 2 Storage used 226034 KB Inodes used 506 Nodes show snmp health monitor routing engine history extensive user host gt show snmp health monitor routing engine history extensive Resource CPU jnxOperatingCPU 9 1 0 0 Event Critical Falling 76 2013 04 10 1
407. the Established state msdpBackwardTransition Generated when the MSDP FSM moves from a higher numbered state to a lower numbered state ospf2trap mib ospfOriginateLsa Generated when anew LSA is originated by the router because of a topology change ospfLsdbOverflow Generated when the number of LSAs in the router s link state database exceeds the value of ospfExtLsdbLimit ospfLsdbApproachingOverflow Generated when the number of LSAs in the router s link state database exceeds 90 of the value of ospfExtLsdbLimit 108 Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS Table 16 Unsupported Standard SNMP Traps continued MIB rfc1747 mib Trap Name Description sdlcPortStatusChange Generated when the state of an SDLC port transitions to active or inactive sdlcLSStatusChange Generated when the state of an SDLC link station transitions to contacted or disconnected rfc2115a mib frDLCIStatusChange Generated when a virtual circuit changes state has been created or invalidated or has toggled between the active and inactive states rfc2662 mib adslAtucRateChangeTrap Generated when the ATUCs transmit rate has changed RADSL mode only adslAtucPerfLofsThreshTrap Generated when the loss of framing 15 minute interval threshold is reached adslAtucInitFailureTrap Generated when ATUC initialization fails adslAturPerfLprsTh
408. this MIB see http www juniper net techpubs en_US junos12 1x45 topics reference mibs mib jnx pwtdm txt SONET APS MIB Monitors any SONET interface that participates in Automatic Protection Switching APS For a downloadable version of this MIB see Copyright 2015 Juniper Networks Inc Chapter 3 SNMP MIBs and Traps Supported by Junos OS http www juniper net techpubs en_US junos12 1x45 topics reference mibs mib jnx sonetaps txt For more information see SONET APS MIB SONET SDH Interface Management MIB Monitors the current alarm for each SONET SDH interface For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x45 topics reference mibs mib jnx sonet txt For more information see SONET SDH Interface Management MIB e Source Class Usage MIB Counts packets sent to customers by performing a lookup onthe IP source address and the IP destination address The Source Class Usage SCU MIB makes it possible to track traffic originating from specific prefixes on the provider core and destined for specific prefixes on the customer edge For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx scu txt For more information see Source Class Usage MIB SPU Monitoring MIB Provides support for monitoring SPUs on all high end SRX Series devices For a downloadable version of this MIB see http www juniper ne
409. threshold 0 0 eee eee tenets 305 hISINE thleSMOlG oa Saga dw aes paw sed aad Sine ween 4a eae Teese Reds 306 GUM ihc te jce reepa ete heuer Seton ae earn Spay a oboe de ote 306 routing engine SNMP Resource Level 20 0 000 eee eee 307 routing engine SNMP Global Level 0 0 00 0c eens 308 FOWLINE INSLAMES 34 sk ois nr aciolande dese aheadawess Bede OT ee wwe bE ESS Sg 309 FOUTINS INSTANCE 2 eee ee ee eens 310 routing inStaNnCe ACCESS 2 6 6 eke eee ee eee ee eee ee eee eee 310 sample type eee eee ee eee ee ae 311 security level Defining Access Privileges 6 00 eee BIZ security level Generating SNMP Notifications 0 0 0 eee eee 313 security model Access Privileges 0 0 0 eee eee 314 Security model GhOUD erp ac okenceag aide Peel b weeds dda a ee ee aes 315 security model SNMP Notifications 0 0 eee 316 security name Community String 0 ee eee 317 security name Security Group 6 eee 318 security name SNMP Notifications 0 0 eee 319 SECUNITY 1O SIOUD 06 verde hiaiae gee Pre Sees CH ees eee eAW Bae ee ee bes 320 SAMO aa decade eo06 edue nedoa dee 4 gat b oee eee Pea E ke Qaeda 2 eas 320 SOUICE AdGIESS eevczcrcddedeneehe rh oteceatas ae Po emee eae ee eee eae 321 Copyright 2015 Juniper Networks Inc ix SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Chapter 17 Part 6 SHIMP COMMUNILYs cba tee deanscteatene a E a teed
410. tion 0 0 eee 146 Configuring the Encryption Type 0 eens 146 Configuring the Advanced Encryption Standard Algorithm 147 Configuring the Data Encryption Algorithm 0 2 2 0 0 cee eee 147 COMnSunns Moe DES cn oaorcar 6h808dnebes Gathge oben ae ews oe wake 147 Confisuring NO ENC PON 0 scecscctwdncad aioe evees Sagas beaded 148 Defining Access Privileges for an SNMP Group 0 0 0 0 e eee ee eee 148 Copyright 2015 Juniper Networks Inc Table of Contents Configuring the Access Privileges Granted to a Group 0000000 149 CONTSULINE the GrOUPnaccxctawrerhouases ade genoa Rodent ohenaaden 150 Configuring the Security Model 0 0 0 0 ccc eee 150 Configuring the Security Level 0 ee eee 150 Associating MIB Views with an SNMP User Group 20000e 151 Configuring the Notify VieW 6 ee eens 151 Configuring the Read VieW 6 tenes 152 Configuring the Write View 0 ee eee 152 Example Access Privilege Configuration a na saaana ccc eee eee 152 Assigning Security Model and Security Name toa Group 2 2 0 0 eae 153 Configuring the Security Model 0 teens 154 Assigning Security Names to GroupS 1 es 154 Configuring the Group eee eee nee 154 Example Security Group Configuration rores 0 ene 155 Example Configuring the Tag List 0 0 eens 155 Configuring the Local Engine ID 1 eens 156 Contisuring SNMP IM
411. tion Statements EX Series LN Series M Series MX Series PTX Series T Series startup alarm falling alarm rising alarm rising or falling alarm edit snmp rmon alarm index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches The alarm that can be sent upon entry startup falling alarm Generated if the first sample after the alarm entry becomes active is less than or equal to the falling threshold rising alarm Generated if the first sample after the alarm entry becomes active is greater than or equal to the rising threshold rising or falling alarm Generated if the first sample after the alarm entry becomes active satisfies either of the corresponding thresholds Default rising or falling alarm snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Startup Alarm on page 227 Copyright 2015 Juniper Networks Inc 323 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices syslog subtag Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation tag Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 324 EX Series LN Series M Series MX Series PTX Se
412. tions and Groups on a Device Running Junos OS on page 128 e Configuring SNMP Trap Options on page 128 e Configuring SNMP on a Device Running Junos OS on page 115 Configuration Statements at the edit snmp Hierarchy Level on page 248 Example Configuring SNMP Trap Groups on page 134 Example Configuring SNMP Trap Groups Supported Platforms 134 LN Series M Series MX Series PTX Series SRX Series T Series Set up a trap notification list named urgent dispatcher for link and startup traps This list is used to identify the network management hosts 1 2 3 4 and fe80 1 2 3 4 to which traps generated by the local router should be sent The name specified for a trap group is used as the SNMP community string when the agent sends traps to the listed targets edit snmp trap group urgent dispatcher version v2 categories link startup targets 1 2 3 4 fe80 1 2 3 4 Copyright 2015 Juniper Networks Inc Related Documentation Chapter 5 Configuring SNMP e Configuring SNMP Trap Groups on page 132 e Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 128 e Configuring SNMP Trap Options on page 128 Configuring the Trap Notification Filter Supported Platforms Related Documentation ACX Series LN Series M Series MX Series PTX Series SRX Series T Series SNMPv3 uses the notify filter to define which traps or which objects from which traps are sent to the netw
413. tly included or excluded Once defined a view is then assigned to an SNMPv3 group or SNMPv1 v2c community or multiple communities automatically masking which parts of the agent s MIB tree members of the group or community can or cannot access By default an SNMP community grants read access and denies write access to all supported MIB objects even communities configured as authorization read write To restrict or grant read or write access to a set of MIB objects you must configure a MIB view and associate the view with a community To configure MIB views include the view statement at the edit snmp hierarchy level edit snmp view view name oid object identifier include exclude The view statement defines a MIB view and identifies a group of MIB objects Each MIB object of a view has a common object identifier OID prefix Each object identifier represents a subtree of the MIB object hierarchy The subtree can be represented either by a sequence of dotted integers such as 1 3 6 1 2 1 2 or by its subtree name such as interfaces A configuration statement uses a view to specify a group of MIB objects on which to define access You can also use a wildcard character asterisk to include OIDs that match a particular pattern in the SNMP view To enable a view you must associate the view with a community NOTE To remove an OID completely use the delete view all oid oid number command but omit the include paramete
414. trap target address tal address 10 1 1 1 address mask 255 255 255 0 port 162 tag list router target parameters tpl target address ta2 address 10 1 1 2 address mask 255 255 255 0 port 162 tag list router2 target parameters tp2 target address ta3 address 10 1 1 3 address mask 255 255 255 0 port 162 tag list routerl router2 Define multiple tags in the target address tag list target parameters tp3 e Configuring SNMPv3 Traps on a Device Running Junos OS on page 158 Configuring the Trap Target Address on page 161 Complete SNMPv3 Configuration Statements on page 251 e Minimum SNMPv3 Configuration on a Device Running Junos OS on page 143 Configuring the Local Engine ID Supported Platforms 156 ACX Series LN Series M Series MX Series PTX Series SRX Series T Series By default the local engine ID uses the default IP address of the router The local engine ID is the administratively unique identifier for the SNMPv3 engine This statement is optional To configure the local engine ID include the engine id statement at the edit snmp hierarchy level edit snmp engine id local engine id suffix use default ip address use mac address local engine id suffix The engine ID suffix is explicitly configured use default ip address The engine ID suffix is generated from the default IP address use mac address The SNMP engine identifier is generated from
415. trol To add this statement to the configuration Configuring the Falling Event Index or Rising Event Index on page 225 falling event index on page 273 Copyright 2015 Juniper Networks Inc rising threshold Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 16 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series rising threshold integer edit snmp rmon alarm index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Upper threshold for the sampled variable When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval is less than this threshold a single event is generated A single event is also generated if the first sample after this entry becomes valid is greater than or equal to this threshold and the associated startup alarm value is equal to the falling alarm or rising or falling alarm value After a rising event is generated another rising event cannot be generated until the sampled value falls below this threshold and reaches the falling threshold integer The lower threshold for the alarm entry Range 2 147 483 648 through 2 147 483 647 snmp To view this statement in the configuration snmp control To add this statement to the confi
416. tsSentProbes Number of attempts to send probes pingResultsRttSumOfSquares Sum of squares of round trip times pingResultsLastGoodProbe Timestamp of the last response You can also consult pingProbeHistoryTable for more detailed information about each probe The index used for pingProbeHistoryTable starts at 1 goes to OxFFFFFFFF and wraps to 1 again For example if pingCtlProbeCount is 15 and pingCtlMaxRows is 5 then upon completion of the first run of this test pingProbeHistoryTable contains probes like those in Table 18 on page 193 Table 18 Results in pingProbeHistoryTable After the First Ping Test 1 Result of 11th probe from run 1 12 Result of 12th probe from run 1 13 Result of 13th probe from run 1 14 Result of 14th probe from run 1 15 Result of 15th probe from run 1 Upon completion of the first probe of the second run of this test pingProbeHistoryTable will contain probes like those in Table 19 on page 193 Table 19 Results in pingProbeHistoryTable After the First Probe of the Second Test pingProbeHistoryIndex Probe Result 12 Result of 12th probe from run 1 13 Result of 13th probe from run 1 Copyright 2015 Juniper Networks Inc 193 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 19 Results in pingProbeHistoryTable After the First Probe of the Second Test continued 14 Result of 14th probe from run 1 15 Result of 15th probe from
417. ttributes using the command line interface CLI For more information about configuring the device using the CLI see the CLI User Guide e Configuration Management MIB For more information about the Configuration Management MIB see the Configuration Management MIB Accounting management Perform the following accounting related tasks e Collect statistics for interfaces firewall filters destination classes source classes and the Routing Engine For more information about collecting statistics see Accounting Options Configuration e Use interface specific traffic statistics and other counters available in the Standard Interfaces MIB Juniper Networks enterprise specific extensions to the Interfaces MIB and media specific MIBs such as the enterprise specific ATM MIB e Count packets as part of a firewall filter For more information about firewall filter policies see Juniper Networks Enterprise Specific MIBs on page 32 and the Junos OS Routing Protocols Library for Security Devices Performance management Monitor performance in the following ways e Use operational mode commands For more information about monitoring performance using operational mode commands see the CL User Guide e Use firewall filters For more information about performance monitoring using firewall filters see the Junos OS Routing Protocols Library for Security Devices Copyright 2015 Juniper Networks Inc Chapter 1
418. tup rate of policy test 233 Related Understanding Vital MIB OID Data Collection on page 203 D tati ocumentation Generating Readable Raw OID Data Collections on page 204 Generating Vital Data from a Predefined Group Supported Platforms SRX Series You can use the set system log vital group cluster counter idp operating storage spu lt spu name gt screen lt zone name gt command to enable a predefined group edit system group operating idp storage 206 Copyright 2015 Juniper Networks Inc Related Documentation Chapter 10 Configuring Vital MIB Data cluster counter screen SPU NOTE The parameter for spu name must be fwdd all focy picz or nodex fpcy picz The predefined groups are operating SPU storage IDP screen and cluster counter Once a group is enabled all OIDs in the group are periodically collected and dumped The operating group includes state temperature current CPU utilization percentage buffer utilization percentage heap utilization percentage up time average load in the last 1 minute 5 minutes or 15 minutes and buffer pool utilization percentage in the control plane of each operating component in the system The IDP group includes IDP data plane memory usage IDP session Usage and policies loaded number The storage group includes storage utilization of directory var log The cluster counter group includes current total session number total CPS IPv
419. ty of alarms that are produced by the system making it easier for operations staff to react when alarms do occur To configure remote monitoring specify the following pieces of information The variable to be monitored by its SNMP object identifier The length of time between each inspection Arising threshold A falling threshold Arising event A falling event Before you can successfully configure remote monitoring you should identify what variables need to be monitored and their allowable operational range This requires some period of baselining to determine the allowable operational ranges An initial baseline period of at least three months is not unusual when first identifying the operational ranges and defining thresholds but baseline monitoring should continue over the life span of each monitored variable RMON Command Line Interface 232 Junos OS provides two mechanisms you use to control the Remote Monitoring agent on the router command line interface CLI and SNMP To configure an RMON entry using the CLI include the following statements at the edit snmp hierarchy level rmon alarm index description falling event index falling threshold intervals rising event index Copyright 2015 Juniper Networks Inc RMON Event Table RMON Alarm Table Chapter 14 Monitoring RMON Alarms and Events rising threshold sample type absolute value delta value startup alarm falling risin
420. ual LAN VLAN spanning tree instance VSTP on MX Series 3D Universal Edge Routers specify the routing instance name followed by a double colon and the VLAN ID For example to identify VSTP instance for VLAN 10 in the global default routing instance include default 10 public in the context SNMPv3 or community SNMPvI or v2 string Understanding SNMP Support for Routing Instances on page 177 e Enabling SNMP Access over Routing Instances on page 180 e Specifying a Routing Instance in an SNMPv1 or SNMPv2c Community on page 180 Enabling SNMP Access over Routing Instances Supported Platforms Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series To enable SNMP managers in routing instances other than the default routing instance to access SNMP information include the routing instance access statement at the edit snmp hierarchy level edit snmp routing instance access If this statement is not included in the SNMP configuration SNMP managers from routing instances other than the default routing instance cannot access SNMP information Understanding SNMP Support for Routing Instances on page 177 e Identifying a Routing Instance on page 179 e Specifying a Routing Instance in an SNMPv1 or SNMPv2c Community on page 180 e Configuring Access Lists for SNMP Access over Routing Instances on page 183 Specifying a Routing Instance in an SNMPv1 or SNMPv2c Community Supported Platform
421. ubs en_US junos15 1x49 topics reference mibs mib jnx ipsec monitor asp txt For more information see Psec Monitoring MIB IPsec Generic Flow Monitoring Object MIB Based on jnx ipsec monitor mib this MIB provides support for monitoring IPsec and IPsec VPN management objects This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipsec flow mon txt For more information see Psec Generic Flow Monitoring Object MIB IPv4 MIB Provides additional Internet Protocol version 4 IPv4 address information supporting the assignment of identical IPv4 addresses to separate interfaces For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipv4 txt For more information see Pv4 MIB License MIB Extends SNMP support to licensing information and introduces SNMP traps that alert users when the licenses are about to expire expire or when the total number of users exceeds the number specified in the license For a downloadable version of this MIB see http Avwww juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx license txt For more information see License MIB Network Address Translation NAT Objects MIB Provides support for monitoring network address translation NAT This MIB is currently supporte
422. ugh a different outgoing interface The statements discussed in the following sections are provided to allow the NMS to recognize the duplicate traps and to distinguish SNMPvI1 traps based on the outgoing interface To configure SNMP trap options and trap groups include the trap options and trap group statements at the edit snmp hierarchy level edit snmp trap options agent address outgoing interface source address address trap group group name categories category destination port port number targets address version all v1 v2 i Related Configuring SNMP Trap Options on page 128 pecomentaon e Configuring SNMP Trap Groups on page 132 Configuring SNMP on a Device Running Junos OS on page 115 Configuration Statements at the edit snmp Hierarchy Level on page 248 Configuring SNMP Trap Options Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series 128 Copyright 2015 Juniper Networks Inc Chapter 5 Configuring SNMP Using SNMP trap options you can set the source address of every SNMP trap packet sent by the router to a single address regardless of the outgoing interface In addition you can set the agent address of the SNMPvI traps For more information about the contents of SNMPvI1 traps see RFC 1157 D NOTE SNMP cannot be associated with any routing instances other than the master routing instance To configure SNMP trap options
423. uidelineS sesssseiesriesrrrerrresrrirrrserrrerrress 161 address mask StateMent ccccecseseseseesessesseseseeseeseeees 254 usage guidelineS esssssriserirrrrsssrrsrrssrrirrresrrresrresrn 162 agent SNMP ss sessssesesssessreoersressrnsrerersrnereroneruresnrrerenersnnonrssnrse 12 agent address StAtEMEN ta ccc 255 Alarm MIB alarm statement RMON sraccssrace to ncavestesten eateninnierm gaan usage BUICELINGS ce eeccecsecsesesceeseeseseseesesesseeeees ATM COS MIB uecscssessssecsesessssessesssssssssssnsssssesseessesseseseeneens aUthentication Md5 stateMent ccseseeseeesesesesees USAGE guideliNES viniti authentication none statement pe usage BUIGELINGS ce ccccssesescesesessesestesssessestsesseseeesees authentication password statement 259 usage SUICELINGS 0 ceecseesesessesesceseseseestseseesteeeseeenees 145 authentication sha StateMent cccccsessesesesesesees 260 usage BUICELINGS ce ceeecseesesessesescesesesseseseeteseeeeseeenees 145 authorization STATEMENK cececceseeseesesseseseesessesesteseeseeses 261 usage guidelines B BED IMIBuscanihtitincaninicnni nations 38 43 49 Copyright 2015 Juniper Networks Inc BGP4 V2 MIB wrissevecccsitetccnan tenn annnnin 38 43 49 braces in configuration statement cesses xviii brackets angle in syntax GeSCTIPTIONS eects square in configuration statements C categories STATEMEN Eu eeescsesceesss
424. undefined open the MIB file using a text editor and ensure that all the MIB files listed in the IMPORT section are loaded on the compiler If any of the MIB files listed in the IMPORT section is not loaded on the compiler load that MIB file and then try to load the MIB file that failed to load Copyright 2015 Juniper Networks Inc Chapter 4 Loading MIB Files to a Network Management System For example the enterprise specific PING MIB mib jnx ping txt has dependencies on RFC 2925 DISMAN PING MIB mib rfc2925a txt If you try to load mib jnx ping txt before loading mib rfc2925a txt the compiler returns an error message saying that certain objects in mib jnx ping txt are undefined Load mib rfc2925a txt and then try to load mib jnx ping txt The enterprise specific PING MIB mib jnx ping txt then loads without any issue Related Standard SNMP MIBs Supported by Junos OS on page 13 Documentation e Juniper Networks Enterprise Specific MIBs on page 32 Copyright 2015 Juniper Networks Inc 113 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 114 Copyright 2015 Juniper Networks Inc CHAPTER 5 Configuring SNMP Configur Configur Configur Configur Configur Configur Configur ing SNMP ona Device Running Junos OS on page 115 ing the System Contact on a Device Running Junos OS on page 118 ing the System Location for a Device Running Junos OS on page 118 ing the System Descri
425. uniper Networks Inc MonitoringNodeDescr 5 single tch gt show snmp mib walk jnxJsSPUMonitoringObjectsTable MonitoringFPCIndex 20 MonitoringFPCIndex 21 MonitoringFPCIndex 44 MonitoringFPCIndex 45 MonitoringSPUIndex 20 MonitoringSPUIndex 21 MonitoringSPUIndex 44 MonitoringSPUIndex 45 MonitoringCPUUsage 20 MonitoringCPUUsage 21 MonitoringCPUUsage 44 MonitoringCPUUsage 45 MonitoringMemoryUsage 20 64 MonitoringMemoryUsage 21 60 MonitoringMemoryUsage 44 64 MonitoringMemoryUsage 45 60 MonitoringCurrentFlowSession 20 MonitoringCurrentFlowSession 21 Moni toringCurrentFlowSession 44 MonitoringCurrentFlowSession 45 1 MonitoringMaxFlowSession 20 421888 MonitoringMaxFlowSession 21 843776 MonitoringMaxFlowSession 44 421888 MonitoringMaxFlowSession 45 843776 MonitoringCurrentCPSession 20 1 MonitoringCurrentCPSession 21 0 MonitoringCurrentCPSession 44 1 MonitoringCurrentCPSession 45 0 i oooororouUuUUMN i Il Oro 359 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices jnxJsSPUMonitoringMaxCPSession 20 2359296 jnxJsSPUMonitoringMaxCPSession 21 0 jnxJsSPUMonitoringMaxCPSession 44 2359296 jnxJsSPUMonitoringMaxCPSession 45 0 jnxJsSPUMonitoringNodeIndex 20 0 jnxJsSPUMonitoringNodeIndex 21 0 jnxJsSPUMonitoringNodeIndex 44 1 jnxJsSPUMonitoringNodeIndex 45 1 jnxJsSPUMonitoringNodeDescr 20 node0 jnxJsSPUMonitoringNodeDescr 21 n
426. ure a remote engine and remote user So you can receive and respond to SNMP inform notifications Inform notifications can be authenticated and encrypted They are also more reliable than traps another type of notification that Junos OS supports Unlike traps inform notifications are stored and retransmitted at regular intervals until one of these conditions occurs The target of the inform notification returns an acknowledgment to the SNMP agent Copyright 2015 Juniper Networks Inc 173 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Requirements Overview 174 A specified number of unsuccessful retransmissions have been attempted e Requirements on page 174 e Overview on page 174 Configuration on page 175 e Verification on page 176 No special configuration beyond device initialization is required before configuring this example This feature requires the use of plain text passwords valid for SNMPv3 SNMPv3 has the following special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters Although quotation marks are not always required to enclose passwords it is best to use them You need quotation marks if the password contains any spaces or possibly in the case of certain special characters or
427. ure of the usage of each file system on the router in percentage Previously the objects in the hrStorageTable measured the usage in allocation units hrStorageUsed and hrStorageAllocationUnits only Using the percentage measurement you can more easily monitor and apply thresholds on usage For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx hostresources txt For more information see Host Resources MIB Interface MIB Extends the standard ifTable RFC 2863 with additional statistics and Juniper Networks enterprise specific chassis information For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx if extensions txt For more information see nterface MIB IP Forward MIB Extends the standard IP Forwarding Table MIB RFC 2096 to include CIDR forwarding information For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx ipforward txt For more information see P Forward MIB Copyright 2015 Juniper Networks Inc 39 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 40 IPsec Monitoring MIB Provides operational and statistical information related to the IPsec and IKE tunnels on Juniper Networks routers For a downloadable version of this MIB see http www juniper net techp
428. v3 security model e vI SNMPvI1 security model e v2c SNMPv2c security model Configuring the Security Level The security level statement specifies whether the trap is authenticated and encrypted before it is sent To configure the security level to use when generating SNMP notifications include the security level statement at the edit snmp v3 target parameters target parameter name parameters hierarchy level edit snmp v3 target parameters target parameter name parameters security level authentication none privacy authentication Provides authentication but no encryption none No security Provides no authentication and no encryption privacy Provides authentication and encryption NOTE If you are configuring the SNMPv1 or SNMPV2c security model use none as your security level If you are configuring the SNMPv3 USM security model use the authentication or privacy security level Configuring the Security Name To configure the security name to use when generating SNMP notifications include the security name statement at the edit snmp v3 target parameters target parameter name parameters hierarchy level edit snmp v3 target parameters target parameter name parameters security name security name If the USM security model is used the security name identifies the user that is used when the notification is generated If the v1 or v2c security models are used security name identifies the S
429. v3 vacm security to group hierarchy level A group identifies a collection of SNMP users that share the same access policy You then define the access privileges associated with a group at the edit snmp v3 vacm access hierarchy level Access privileges are defined using views For each group you can apply different views depending on the SNMP operation for example read get getNext or getBulk write set notifications the security level used authentication privacy or none and the security model v1 v2c or usm used within an SNMP request You configure members of a group with the security name statement For v3 packets using USM the security name is the same as the username For SNMPv1 or SNMPv2c Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 packets the security name is determined based on the community string Security names are specific to a security model If you are also configuring VACM access policies for SNMPVvI or SNMPv2c packets you must assign security names to groups for each security model SNMPvI1 or SNMPv2c at the edit snmp v3 vacm security to group hierarchy level You must also associate a security name with an SNMP community at the edit snmp v3 snmp community community index hierarchy level To configure the access privileges for an SNMP group include statements at the edit snmp v3 vacm hierarchy level Related Documentation edit snmp v3 vacm access group group
430. ve Routing protocols process 51452 active Management process 38284 active Periodic packet management process 9828 active Bidirectional Forwarding Detection process 13088 active Service Deployment Client 10012 active Event processing process 12692 active Layer 2 address flooding and learning process 20212 active Copyright 2015 Juniper Networks Inc MPLS Periodic Traceroute process Multicast Snooping process Feature license management process show snmp health monitor alarms detail Chapter 17 Operational Commands 10488 active 9608 active 12372 active user host gt show snmp health monitor alarms detail Alarm Index 32770 Variable name Variable OID Sample type Startup alarm Owner Creator State Sample interval Moderate threshold High threshold Critical threshold Rising event index Falling event index Instance Value 0 Instance State active Alarm Index 32773 Variable name Variable OID Sample type Startup alarm Owner Creator State Sample interval Moderate threshold High threshold Critical threshold Rising event index Falling event index Instance Value 0 Instance State active Alarm Index 32793 Variable name Variable OID Sample type Startup alarm Owner Creator State Sample interval Rising threshold Falling threshold Rising event index Falling event index 15 20 30 40 32768 32768 15 20 30 40 32768 32768 20 104857 91750 32768 32768 jnxHrStor
431. vel edit snmp rmon alarm index sample type absolute value delta value absolute value Actual value of the selected variable is compared against the thresholds delta value Difference between samples of the selected variable is compared against the thresholds Configuring the Startup Alarm The startup alarm identifies the type of alarm that can be sent when this entry is first activated You can specify it as falling alarm rising alarm or rising or falling alarm To configure the startup alarm include the startup alarm statement and specify the type of alarm at the edit snmp rmon alarm index hierarchy level edit snmp rmon alarm index startup alarm falling alarm rising alarm rising or falling alarm falling alarm Generated if the first sample after the alarm entry becomes active is less than or equal to the falling threshold rising alarm Generated if the first sample after the alarm entry becomes active is greater than or equal to the rising threshold rising or falling alarm Generated if the first sample after the alarm entry becomes active satisfies either of the corresponding thresholds The default is rising or falling alarm Configuring the System Log Tag The syslog subtag statement specifies the tag to be added to the system log message You can specify a string of not more than 80 uppercase characters as the system log tag To configure the system log tag include the syslog
432. vent High Rising 70 2013 04 10 14 51 29 JST Configuration 1 30 70 85 Monitor Inter Mod High Crit Action Usage Trail 70 70 69 69 69 69 69 69 69 69 Top and Growing Consumer KB Top Consumer Usage Growth secdb_06 db 50424 0 idpd_trace 23860 0 SignatureUpdate xml 20322 0 ai_cachedfa_group_c 10784 0 dfa_group_cache db 10456 0 Growing Consumer Usage Growth default log message 4403 4403 chassisd 1467 4 jsrpd 1202 2 Storage used 226034 KB Inodes used 506 Nodes Resource Event Configuration Usage Trail 65 Top and Growing Consumer KB Var cf var CjnxHrStoragePercentUsed 5 Moderate Rising 65 1 30 70 85 Monitor CInter Mod High Crit Action 2013 04 10 14 16 42 JST Top Consumer Usage Growth secdb_06 db 50424 0 idpd_trace 23860 0 SignatureUpdate xml 20322 0 ai_cachedfa_group_c 10784 0 dfa_group_cache db 10456 0 Growing Consumer Usage Growth chassisd 1463 18 jsrpd 1200 7 Storage used 211868 KB Inodes used 503 Nodes show snmp health monitor routing engine history terse user host gt show snmp health monitor routing engine history terse Resource name Latest event Time elapsed Action MD2 mfs var run utm High Falling 00 00 36 Monitor Root cf Moderate Rising 1d 02 25 Monitor Var cf var Critical Rising 00 02 38 Monitor CPU Critical Rising 1d 02 19 Monitor Memory Critical Rising 00 08 00 Monitor RE process count High Rising 1d 02 25 Monitor RE open files count Moderate
433. version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx atm cos txt For more information see ATM Class of Service MIB BGP4 V2 MIB Contains objects used to monitor BGP peer received prefix counters It is based upon similar objects in the MIB documented in Internet draft draft ietf idr bgp4 mibv2 03 txt Definitions of Managed Objects for the Fourth Version of BGP BGP 4 Second Version For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx bgpmib2 txt For more information see BGP4 V2 MIB BFD MIB Provides support for monitoring Bidirectional Forwarding Detection BFD sessions For a downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx bfd txt For more information see Bidirectional Forwarding Detection MIB e Chassis MIB Provides support for environmental monitoring power supply state board voltages fans temperatures and air flow and inventory support for the chassis System Control Board SCB System and Switching Board SSB Switching and Forwarding Model SFM Flexible PIC Concentrators FPCs and PICs Fora downloadable version of this MIB see http www juniper net techpubs en_US junos15 1x49 topics reference mibs mib jnx chassis txt For more information see Chassis MIBs Chassis Cluster MIB Provides info
434. vileges for an SNMPv3 Group on page 279 e health monitor on page 279 interface on page 280 e interval on page 280 interval on page 281 local engine on page 282 e location on page 283 logical system on page 284 logical system trap filter on page 285 log vital on page 286 message processing model on page 288 name on page 288 nonvolatile on page 289 e notify on page 290 notify filter Applying to the Management Target on page 291 notify filter Configuring the Profile Name on page 291 e notify view on page 292 e oid on page 293 e oid on page 294 parameters on page 295 port on page 295 privacy 3des on page 296 e privacy aesl28 on page 297 privacy des on page 298 privacy none on page 299 privacy password on page 300 read view on page 301 remote engine on page 302 request type on page 303 e retry count on page 304 rising event index on page 304 246 Copyright 2015 Juniper Networks Inc Chapter 16 Configuration Statements rising threshold on page 305 e rising threshold on page 306 rmon on page 306 routing engine SNMP Resource Level on page 307 routing engine SNMP Global Level on page 308 routing instance on page 309 e routing instance on page 310 e routing instance access on page 310 sample type on page 311 e security level Defining Access Privileges on page 312 e security level Generating SNMP Notifications on page
435. write privileges for an SNMP community string include the following statements at the edit snmp hierarchy level edit snmp community community name authorization authorization view view name view view name oid object identifier include exclude Example Setting SNMP Views To create a community named remote community that grants SNMP clients read write access to the Ping MIB jnxPing MIB Traceroute MIB and jnxTraceRoute MIB include the following statements at the edit snmp hierarchy level snmp view remote view oid 1 3 6 1 2 1 80 include pingMIB oid 1 3 6 1 4 1 2636 3 7 include jnxPingMIB oid 1 3 6 1 2 1 81 include traceRouteMIB oid 1 3 6 1 4 1 2636 3 8 include jnxTraceRouteMIB community remote community view remote view authorization read write For more information about the community statement see Configuring the SNMP Community String on page 120 and community For more information about the view statement see Configuring MIB Views on page 126 view Associating a MIB View with a Community and view Configuring a MIB View Setting Trap Notification for Remote Operations In addition to configuring the remote operations MIB for trap notification you must also configure Junos OS You must specify a target host for remote operations traps 186 Copyright 2015 Juniper Networks Inc Chapter 8 Configuring Remote Operations To configure trap
436. ws If pingCtlMaxRows is set to O no pingProbeHistoryTable entries are created for that test Each time a probe result is determined a pingProbeHistoryEntry is created and added to pingProbeHistoryTable pingProbeHistoryIndex of the new pingProbeHistoryEntry is 1 greater than the last pingProbeHistoryEntry added to pingProbeHistoryTable for that test pingProbeHistorylndex is set to 1 if this is the first entry in the table The same test can be run multiple times so this index keeps growing If pingProbeHistorylndex of the last pingProbeHistoryEntry added is OxFFFFFFFF the next pingProbeHistoryEntry added has pingProbeHistoryIndex set to 1 The following are recorded for each probe result pingProbeHistoryResponse Time to live TTL pingProbeHistoryStatus What happened and why pingProbeHistoryLastRC Return code RC value of ICMP packet pingProbeHistoryTime Timestamp when probe result was determined When a probe cannot be sent pingProbeHistoryResponse is set to 0 When a probe times out pingProbeHistoryResponse is set to the difference between the time when the probe was discovered to be timed out and the time when the probe was sent For any trap to be generated the appropriate bit of pingCtlTrapGeneration must be set You must also configure a trap group to receive remote operations A trap is generated under the following conditions ApingProbeFailed trap is generated every time pingCtlTrapProbeFailureFilter
437. y a network s normal operational parameters With this information you can recognize exceptions and identify abnormal behavior You should continue baseline monitoring for the lifetime of each measured metric Over time you must be able to recognize performance trends and growth patterns Within the context of this chapter many of the metrics identified do not have an allowable operational range associated with them In most cases you cannot identify the allowable operational range until you have determined a baseline for the actual variable on a specific network e Understanding RMON for Monitoring Service Quality on page 231 Defining and Measuring Network Availability Measuring Health Measuring Performance Copyright 2015 Juniper Networks Inc Health Monitoring with SNMP Configuring Health Monitoring on page 239 Copyright 2015 Juniper Networks Inc 237 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 238 Copyright 2015 Juniper Networks Inc CHAPTER 15 Configuring Health Monitoring Configuring Health Monitoring on Devices Running Junos OS on page 239 Configuring Health Monitoring on Devices Running Junos OS Supported Platforms LN Series M Series MX Series PTX Series T Series As the number of devices managed by a typical network management system NMS grows and the complexity of the devices themselves increases it becomes increasingly impractica
438. y level edit snmp v3 target parameters target parameter name parameters message processing model v1 v2c v3 security level authentication none privacy security model usm v1 v2c security name security name This section includes the following topics Configuring the Message Processing Model on page 164 Configuring the Security Model on page 165 e Configuring the Security Level on page 165 Configuring the Security Name on page 165 Configuring the Message Processing Model The message processing model defines which version of SNMP to use when generating SNMP notifications To configure the message processing model include the message processing model statement at the edit snmp v3 target parameters target parameter name parameters hierarchy level edit snmp v3 target parameters target parameter name parameters message processing model v1 v2c v3 164 Copyright 2015 Juniper Networks Inc Chapter 6 Configuring SNMPv3 vI SNMPvI1 message processing model v2c SNMPv2c message processing model e v3 SNMPV3 message processing model Configuring the Security Model To define the security model to use when generating SNMP notifications include the security model statement at the edit snmp v3 target parameters target parameter name parameters hierarchy level edit snmp v3 target parameters target parameter name parameters security model usm v1 v2c usm SNMP
439. y name at the edit snmp v3 vacm security to group hierarchy level must match the security name at the edit snmp v3 snmp community community index hierarchy level snmp To view this statement in the configuration snmp control To add this statement to the configuration e Configuring the Security Name on page 165 Copyright 2015 Juniper Networks Inc 319 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices security to group Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation snmp Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation 320 EX Series LN Series M Series MX Series QFX Series T Series security to group security model usm v1 v2c group group name security name security name edit snmp v3 vacm Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure the group to which a specific SNMPv3 security name belongs The security name is used for messaging security The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration e Assigning Security Model
440. y service entitlement by product serial number use our Serial Number Entitlement SNE Tool https tools juniper net SerialNumberEntitlementSearch Opening a Case with JTAC XX You can open a case with JTAC on the Web or by telephone Use the Case Management tool in the CSC at http www juniper net cm Call 1 888 314 JTAC 1 888 314 5822 toll free in the USA Canada and Mexico For international or direct dial options in countries without toll free numbers see http www juniper net support requesting support html Copyright 2015 Juniper Networks Inc PART 1 Overview Introduction to Device Management on page 3 Copyright 2015 Juniper Networks Inc SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 2 Copyright 2015 Juniper Networks Inc CHAPTER 1 Introduction to Device Management e Understanding Device Management Functions in Junos OS on page 3 e Understanding the Integrated Local Management Interface on page 5 Understanding Device Management Functions in Junos OS Supported Platforms LN Series SRX Series After you have installed a device into your network you need to manage the device within your network Device management can be divided into five tasks Fault management Monitor the device detect and fix faults Configuration management Configure device attributes Accounting management Collect statistics for accounting purposes Perfor
441. y the health monitor Configuring the Interval The interval represents the period of time in seconds over which the object instance is sampled and compared with the rising and falling thresholds To configure the interval include the interval statement and specify the number of seconds at the edit snmp health monitor hierarchy level edit snmp health monitor interval seconds seconds can be a value from 1 through 2147483647 The default is 300 seconds 5 minutes Copyright 2015 Juniper Networks Inc 241 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Log Entries and Traps The system log entries generated for any health monitor events thresholds crossed errors and so on have a corresponding HEALTHMONITOR tag rather than a generic SNMPD_RMON_EVENTLOG tag However the health monitor sends generic RMON risingThreshold and fallingThreshold traps Related Understanding RMON Alarms and Events Configuration on page 223 Documentation Configuring an Alarm Entry and Its Attributes on page 224 e Configuring an Event Entry and Its Attributes on page 228 Example Configuring Health Monitoring on page 229 e Understanding Device Management Functions in Junos OS on page 3 242 Copyright 2015 Juniper Networks Inc PART 5 Configuration Statements and Operational Commands Configuration Statements on page 245 Operational Commands on page 345 Copyright 2015 Juniper N
Download Pdf Manuals
Related Search