最近有客戶需要配置SNMP v3,之前沒有配置過,找了Juniper 的官方文檔看了下,個人覺得Juniper 的官方文檔寫的要麼就是太細,要麼就是重複的,對工程師來說是可以,對最終用戶不是那麼友好,現貼出SRX上snmp v3 的配置,供大家做個初始的配置。
稍微說明下:
snmp 用戶名:testsnmp
祕鑰:testsnmp
加密方式:MD5+DES
[edit snmp]
root# show
v3 {
usm {
local-engine {
user testsnmp {
authentication-md5 {
authentication-key "testsnmp"; ## SECRET-DATA
}
privacy-des {
privacy-key "testsnmp” ## SECRET-DATA
}
}
}
}
vacm {
security-to-group {
security-model usm {
security-name snmpuser {
group snmp-group;
}
}
}
access {
group snmp-group {
default-context-prefix {
security-model any {
security-level authentication {
read-view all;
write-view all;
}
}
}
}
}
}
}
view all {
oid 1. include;
}
set snmp v3 usm local-engine user testsnmp authentication-md5 authentication-key "testsnmp"
set snmp v3 usm local-engine user testsnmp privacy-des privacy-key "testsnmp"
set snmp v3 vacm security-to-group security-model usm security-name snmpuser group snmp-group
set snmp v3 vacm access group snmp-group default-context-prefix security-model any security-level authentication read-view all
set snmp v3 vacm access group snmp-group default-context-prefix security-model any security-level authentication write-view all
set snmp view all oid 1. include
配置後查看下snmp v3 的基本信息:
測試通過,Bingo!!!