Example: Configuring SNMPv3

JUNOS® Software 10.1

Example: Configuring SNMPv3
The following example shows how to configure Simple Network Management Protocol
version 3 (SNMPv3) on a router running JUNOS Software:
[edit snmp]
engine-id {
use-fxp0-mac-address;
}
view jnxAlarms {
oid 1.3.6.1.4.1.2636.3.4 include;
}
view interfaces {
oid 1.3.6.1.2.1.2 include;
}
view ping-mib {
oid 1.3.6.1.2.1.80 include;
}
[edit snmp v3]
notify n1 {
tag router1; # Identifies a set of target addresses
type trap;# Defines type of notification
}
notify n2 {
tag host1;
type trap;
}
notify-filter nf1 {
oid .1 include; # Defines which traps (or which objects for which traps) are sent. In
this case, includes all traps
}
notify-filter nf2 {
oid 1.3.6.1.4.1 include; # Sends enterprise-specific traps only
}
notify-filter nf3 {
oid 1.3.6.1.2.1.1.5 include; # Sends BGP traps only
}
snmp-community index1 {
community-name "$9$JOZi.QF/AtOz3"; # SECRET-DATA
security-name john; # Matches the security name at the target-parameters
tag host1; # Finds the addresses that can be used with this community string
}
target-address ta1 { # Associates the target address with the group san-francisco
address 10.1.1.1;
address-mask 255.255.255.0; # Defines the range of addresses
port 162;
tag-list router1;
target-parameters tp1;# Applies configured target parameters
target-address ta2 {
address 10.1.1.2;
address-mask 255.255.255.0;
port 162;
tag-list host1;
target-parameters tp2;
252 ■ Example: Configuring SNMPv3
JUNOS 10.0 System Basics Configuration Guide
}
target-address ta3 {
address 10.1.1.3;
address-mask 255.255.255.0;
port 162;
tag-list [router1 host1];
target-parameters tp3;
}
target-parameters tp1 {# Defines the target parameters
notify-filter nf1; # Specifies which notify filter to apply
parameters {
message-processing-model v1;
security-model v1‘;
security-level none;
security-name john; # Matches the security name configured at the [edit snmp v3
snmp-community community-index] hierarchy level
}}
target-parameters tp2 {
notify-filter nf2;
parameters {
message-processing-model v1;
security-model v1;
security-level none;
security-name john;
}
}
target-parameters tp3 {
notify-filter nf3;
parameters {
message-processing-model v1;
security-model v1;
security-level none;
security-name john;
}
}
usm {
local-engine { # Defines authentication and encryption for
user user1 { # SNMPv3 users
authentication-md5 {
authentication-password authentication-password;
}
privacy-des {
privacy-password password;
}
}
user user2 {
authentication-sha {
authentication-password authentication-password;
}
privacy-none;
}
user user3 {
authentication-none;
privacy-none;
}
user user4 {
authentication-md5 {
authentication-password authentication-password;
}
privacy-3des {
privacy-password password;
}
}
user user5 {
authentication-sha {
authentication-password authentication-password;
}
privacy-aes128 {
privacy-password password;
}
}
vacm {
access {
group san-francisco {# Defines the access privileges for the group
default-context-prefix { # san-francisco
security-model v1 {
security-level none {
notify-view ping-mib;
read-view interfaces;
write-view jnxAlarms;
}
}
}
}
security-to-group {
security-model v1 {
security-name john {# Assigns john to the security group san-francisco
group san-francisco;
}
security-name bob {
group new-york;
}
security-name elizabeth {
group chicago;
}
}