Junos® OS SNMP MIBs and Traps Monitoring and Troubleshooting
Contents
1. 27 32 38 44 monitoring service G Walt nter setenta 100 MPLS standard traps emeret tec 80 Multicast MIB tartara tnter tnnens 13 21 N name statement nennen nnns 230 usage guidelines enne 113 NAT Objects MIB sseseeeenetntes 25 31 36 42 Network Address Translation Objects MIB See NAT Objects MIB nonvolatile statement sees 230 notify statement tnter 231 usage guidelines senes 146 notify filter statement for applying to target 232 usage guidelines sse 151 for configuring tente 232 usage guidelites ie 141 notify view statemwint sseenenetetetrntennnn 233 Usage guidelities ics 158 331 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices O oid statement M usage guidelines SNMPVv3 ssssseeenes usage guidelines OSPF MIB rie eri ie reir rte ne ERR HI npe HORIS P Packet Forwarding Engine MIB 25 31 36 42 parameters statement esses 236 usage guidelines seen 150 parentheses in syntax descriptions xviii performance indicators Ping MIB sesan edente ee use in ping test sesssssssseseseeeentntnnnes view configuration example INVI RR 119 pingProbeHistoryTable ne2. sentent 155 access list statement sss 197 address statement SNMBNWUS cincti E E HE 198 usage guidelines se 148 address mask statement sse 198 usage guidelines sene 148 agent SNMP nnne tenete tenens 6 agent address statement sss 199 Alarm MIB alarm statement RMON i ccntum rode men nt edited 200 usage guidelines ee 178 ATM COS MIB tenente tenta ttnnns 22 33 39 Dl 22 authentication md5 statement 201 USAGE guidelili8S cette 129 authentication none statement 202 usage guidelines ite 129 authentication password statement 203 sage guidelines tcc 129 authentication sha statement sss 204 usage guidel ES nnion authorization statement m usage guicellines cette Copyright O 2014 Juniper Networks Inc B issuu 22 29 34 39 BGPZEW2IMIB ctetuer 22 28 33 39 braces in configuration statement xviii brackets angle in syntax descriptions xviii square in configuration statements xviii C categories statement 206 usage guidelines sse 141 Chassis Cluster MIB sssssseenees 23 34 40 Chassis Definitions for Router Model MIB 22 Chassis Forwarding MIB Chassis MIB entr epis
3. enne 137 traps GE TIMIGI OR RR RE RES 4 SNMP version 1 traps standarcl iiia 74 SNMP version 2 traps Sandales D ER UR nsuUp ported irte tte eet type Statenrienib cinco usage guidelines U unsupported standard SNMP traps nee 81 user statement SINMEBYVS ried Sha Ae aie iunss 276 USM statement essere tnter 277 Utility MIB V V3 Staternenb sicci arc eren E EHE PEN 279 Usage guidelines nnns 195 334 Vac statement inseneri 281 usage guidelines seen 155 Var log mib2d file dues 297 var log snmnpod file sees 297 variable statement 282 usage guidelines entente 182 variable length string indexes ssss 95 version statement SNMP ra E etre eecreereetreretreey eres I 282 usage guidelines see 141 view statement SNMP associating with commmunity 283 usage guidelines sene 165 SNMP configuring MIB view 284 usage guidelines senes 118 views MIB VPN Certificate Objects MIB VPN MIB W write view statement sssssssseeenetees 285 usage gudel eSnissicirousssninunnunnananiia 159 Copyright 2014 Juniper Networks Inc
4. nes Syslog subtag statement sss usage guidelines enn sysName object MIB ll enne system contact SNMP system description SNMP system location SNMP seeernnn System Log MIB eiecit 27 32 38 43 system logging severity levels SNMP traps 6 system name SNMP tnter 113 333 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices T tag statement sss tete tatnen 265 SNMPv3 usage guidelines sse 169 usage guidelines tag list statement eee etes usage guidelines target address staternent senes 267 usage guidelines nnne 147 target parameters statement sss 268 usage guidelines serene 150 targets statement usage guidelines technical support contacting STAC cesesesssssessesescsescscscseesessessacscseeeeeeens xix timeout statement sss 269 usage guidelines esent 171 traceoptions statement sss 270 SNMP usage guidelines ee 297 Traceroute MIB ss 27 32 38 44 175 tracing operations rr 297 trap groups SNMP 141 trap notification for SNMP remote operations 94 trap group statement 272 sage guUIdelilnes u t icc ei etd 141 trap options statement sss 273 usage guidelines
5. Class 1 MIB ODj CS cescecseesescsesessesssessssessesssceseesseeseseeeeses Class 2 MIB ObJects eene decid cecil Class 3 MIB objects ssssssseseeeenetetntnns Class 4 MIB objects eee teet Class of Service MIB u ccssssssssessssesesssssessssssssssesseseeseeseeseens client list adding to SNMP community eee 167 Client list statement sssssseseeettetes 206 sage g idelites eei ae 167 client list name statement sss 207 usage guidelines clients statement t en sage g idelires d 165 comments in configuration statements xviii commit delay statement sss 209 usage guidelires 2 tette 114 community statement usage guidelines sene 165 community string SNMP 165 community name statermnent sss 212 usage guidelines seneenente 169 Configuration Management MIB 23 29 34 40 contact statement nennt 213 usage guidelines enne 112 conventions text and SyplEax cseteris cirestez tetris Brant nta xvii CoS M eer eerectee 23 curly braces in configuration statements xviii customer SUDp poOrt sssssssseseeee entente tenntntnnnnn xix contacting JTAC eessseseeeeeeeeentetntntn nnne Xix 329 SNMP MIBs and Traps Monitoring a
6. edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Define the security level used for access privileges none authentication Provide authentication but no encryption none No authentication and no encryption privacy Provide authentication and encryption snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Security Level on page 157 Copyright O 2014 Juniper Networks Inc 253 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices security level Generating SNMP Notifications Supported Platforms EX Series LN Series M Series MX Series QFX Series T Series Syntax security level authentication none privacy Hierarchy Level edit snmp v3 target parameters target parameters name parameters Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Description Configure the security level to use when generating SNMP notifications Default none Options authentication Provide authentication but no
7. Gathering Ping Test Results on page 307 Stopping a Ping Test on page 309 Interpreting Ping Variables on page 309 Configuring the Remote Engine and Remote User Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series To send inform messages to an SNMPv3 user on a remote device you must first specify the engine identifier for the SNMP agent on the remote device where the user resides The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host When sending an inform message the agent uses the credentials of the user configured on the remote engine inform target Copyright O 2014 Juniper Networks Inc 293 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices To configure a remote engine and remote user to receive and respond to SNMP informs include the following statements at the edit snmp v3 hierarchy level edit snmp v3 remote engine engine id 1 user username authentication md5 authentication key key authentication none authentication sha authentication key key privacy 3des f privacy key key privacy aes128 privacy key key privacy des privacy key key privacy none For informs remote engine engine id is the identifier for the SNMP agent on the remote device where the user resides For informs user username is the user on a remot
8. semicolon Identifies a leaf statement ata configuration hierarchy level edit routing options static route default nexthop address retain GUI Conventions Bold text like this Represents graphical user interface GUI items you click or select e Inthe Logical Interfaces box select All Interfaces Tocancel the configuration click Cancel xviii Copyright O 2014 Juniper Networks Inc About the Documentation Table 2 Text and Syntax Conventions continued Convention Description Examples gt bold right angle bracket Separates levels in a hierarchy of menu In the configuration editor hierarchy selections select Protocols gt Ospf Documentation Feedback We encourage you to provide feedback comments and suggestions so that we can improve the documentation You can provide feedback by using either of the following methods Online feedback rating system On any page at the Juniper Networks Technical Documentation site at http www juniper net techpubs index html simply click the starstorate the content and use the pop up form to provide us with information about your experience Alternately you can use the online feedback form at https www juniper net cgi bin docbugreport E mail Send your comments to techpubs comments juniper net Include the document or topic name URL or page number and software version if applicable Requesting Technical Support Techn
9. Configuring the SNMPv3 Community Supported Platforms 168 LN Series M Series MX Series PTX Series SRX Series T Series The SNMP community defines the relationship between an SNMP server system and the client systems This statement is optional To configure the SNMP community include the snmp community statement at the edit snmp v3 hierarchy level edit snmp v3 snmp community community index community index is the index for the SNMP community To configure the SNMP community properties include the following statements at the edit snmp v3 snmp community community index hierarchy level edit snmp v3 snmp community community index community name community name security name security name tag tag name This section includes the following topics Configuring the Community Name on page 169 Configuring the Security Names on page 169 Configuring the Tag on page 169 Copyright O 2014 Juniper Networks Inc Chapter 13 Community Strings Configuring the Community Name The community name defines the SNMP community The SNMP community authorizes SNMPv1 or SNMPv2c clients The access privileges associated with the configured security name define which MIB objects are available and the operations read write or notify allowed on those objects To configure the SNMP community name include the community name statement at the edit snmp v3 snmp community community index hierarchy level edit snm
10. SNMP Remote Operations Overview on page 93 SNMP Remote Operations Overview Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series A SNMP remote operation is any process on the router that can be controlled remotely using SNMP Junos OS currently provides support for two SNMP remote operations the Ping MIB and Traceroute MIB defined in RFC 2925 Using these MIBs an SNMP client in the network management system NMS can Start a series of operations on a router Receive notification when the operations are complete Gather the results of each operation Junos OS also provides extended functionality to these MIBs in the Juniper Networks enterprise specific extensions jnxPingMIB and jnxTraceRouteMIB For more information about jnxPingMIB and jnxTraceRouteMIB see P NG MIB and Traceroute MIB This topic covers the following sections SNMP Remote Operation Requirements on page 93 Setting SNMP Views on page 93 Setting Trap Notification for Remote Operations on page 94 Using Variable Length String Indexes on page 95 Enabling Logging on page 95 SNMP Remote Operation Requirements Setting SNMP Views To use SNMP remote operations you should be experienced with SNMP conventions You must also configure Junos OS to allow the use of the remote operation MIBs All remote operation MIBs supported by Junos OS require that the SNMP clients have read write privileges The default SNMP con
11. Configuring SNMP on a Device Running Junos OS on page 109 Configuration Statements at the edit snmp Hierarchy Level on page 192 Configuring MIB Views Supported Platforms 118 LN Series QFX Series SRX Series By default an SNMP community grants read access and denies write access to all supported MIB objects even communities configured as authorization read write To restrict or grant read or write access to a set of MIB objects you must configure a MIB view and associate the view with a community To configure MIB views include the view statement at the edit snmp hierarchy level edit snmp view view name 1 oid object identifier include exclude Copyright 2014 Juniper Networks Inc Chapter 8 SNMP The view statement defines a MIB view and identifies a group of MIB objects Each MIB object of a view has a common object identifier OID prefix Each object identifier represents a subtree of the MIB object hierarchy The subtree can be represented either by a sequence of dotted integers such as 1 3 6 1 2 1 2 or by its subtree name such as interfaces A configuration statement uses a view to specify a group of MIB objects on which to define access You can also use a wildcard character asterisk to include OIDs that match a particular pattern in the SNMP view To enable a view you must associate the view with a community D NOTE To remove an OID completely use the delete view all oid oid numbe
12. Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP For more information see Chassis MIBs e Chassis Cluster MIB Provides information about objects that are used whenever the state of the control link interfaces or fabric link interfaces changes up to down or down to up in a chassis cluster deployment For a downloadable version of this MIB see http Awww juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx jsrpd txt For more information see Chassis Cluster MIB e Class of Service MIB Provides support for monitoring interface output queue statistics per interface and per forwarding class For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx cos txt For more information see Class of Service MIB Configuration Management MIB Provides notification for configuration changes as SNMP traps Each trap contains the time at which the configuration change was committed the name of the user who made the change and the method by which the change was made A history of the last 32 configuration changes is kept in jnxCmChgEventTable For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx cfgmgmt txt For more information see Configuration Management MIB Destination Class Usage MIB Provides support for monitoring packet counts based on the ingress and egress
13. Protocol authenticationFailure 1 3 6 1 6 3 1 1 5 5 Notice SNMPD_TRAP_ All devices running SNMPv2 GEN_FAILURE Junos OS Link Notifications omni RFC 2863 The linkDown 1 3 6 1 6 3 1 1 5 3 Warning SNMP_TRAP_ All devices running Interfaces Group LINK DOWN Junos OS MIB linkUp 1 3 6 1 6 3 1 1 5 4 Info SNMP TRAP All devices running LINK_UP Junos OS Remote Operations Notifications ss O RFC 2925 pingProbeFailed 1 3 6 1 2 1 80 0 1 Info SNMP_TRAP_ All devices running Definitions of PING_PROBE_ Junos OS Managed Objects FAILED for Remote Ping der dine and pingTestFailed 1 3 6 1 2 1 80 0 2 Info SNMP TRAP PING All devices running Loo up TEST_FAILED Junos OS Operations pingTestCompleted 1 3 6 1 2 1 80 0 3 Info SNMP TRAP PING q All devices running TEST COMPLETED Junos OS traceRoutePathChange 1 3 6 2 1 81 0 1 Info SNMP TRAP TRACE All devices running ROUTE PATH Junos OS CHANGE traceRouteTestFailed 1 3 6 1 2 1 81 0 2 Info SNMP TRAP TRACE All devices running ROUTE TEST FAILED Junos OS traceRouteTestCompleted 1 3 6 1 2 1 81 0 3 Info SNMP TRAP TRACE All devices running ROUTE TEST Junos OS COMPLETED RMONAlams 9 BEN FR RFC2819a RMON fallingAlarm 1 3 61 21 16 0 1 All devices running MIB Junos OS risingAlarm 1 3 6 1 2 1 16 0 2 All devices running Junos OS 78 Copyright 2014 Juniper Networks Inc Chapter 3 SNMP Traps Table TI Standard Supported SNMP Version 2 T
14. Security name Community String on page 258 Security name Security Group on page 259 Security name SNMP Notifications on page 260 e Security to group on page 261 snmp on page 261 e source address on page 262 snmp community on page 263 Startup alarm on page 264 Syslog subtag on page 265 tag on page 265 e tag list on page 266 target address on page 267 target parameters on page 268 targets on page 269 timeout on page 269 traceoptions on page 270 trap group on page 272 trap options on page 273 type on page 274 type on page 275 User on page 276 Usm on page 277 v3 on page 279 vacm on page 281 Copyright O 2014 Juniper Networks Inc 191 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices variable on page 282 e version on page 282 view Associating a MIB View with a Community on page 283 e view Configuring a MIB View on page 284 write view on page 285 Configuration Statements at the edit snmp Hierarchy Level Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series This topic shows all possible configuration statements at the edit snmp hierarchy level and their level in the configuration hierarchy When you are configuring Junos OS your current hierarchy level is shown in the banner on the line preceding the user host prompt edit snmp client list client list name 1
15. To configure no authentication for an SNMPv3 user include the authentication none statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username authentication none Configuring the Encryption Type on page 130 Defining Access Privileges for an SNMP Group on page 155 Configuring the Access Privileges Granted to a Group on page 156 Assigning Security Model and Security Name to a Group on page 132 Copyright O 2014 Juniper Networks Inc 129 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Configuring the Encryption Type Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series By default encryption is set to none e NOTE Before you configure encryption you must configure MD5 or SHA authentication Before you configure the privacy des privacy 3des and privacy aes128 statements you must install the jcrypto package and either restart the SNMP process or reboot the router This topic includes the following sections Configuring the Advanced Encryption Standard Algorithm on page 130 Configuring the Data Encryption Algorithm on page 131 Configuring Triple DES on page 131 Configuring No Encryption on page 131 Configuring the Advanced Encryption Stan
16. To create a row set pingCtlRowStatus to createAndWait or createAndGo on a row that does not already exist A value of active for pingCtlRowStatus indicates that all necessary information has been supplied and the test can begin pingCtlAdminStatus can be set to enabled An SNMP Set request that sets pingCtlRowStatus to active will fail if the necessary information in the row is not specified or is inconsistent For information about how to configure a view see Setting SNMP Views on page 93 There are two ways to start a ping test Using Multiple Set Protocol Data Units PDUs on page 304 Using a Single Set PDU on page 304 Copyright O 2014 Juniper Networks Inc 303 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Using Multiple Set Protocol Data Units PDUs You can use multiple Set request PDUs multiple PDUs with one or more varbinds each and set the following variables in this order to start the test pingCtlRowStatus to createAndWait All appropriate test variables pingCtlRowStatus to active Junos OS now verifies that all necessary information to run a test has been specified pingCtlAdminStatus to enabled Using a Single Set PDU You can use a single Set request PDU one PDU with multiple varbinds to set the following variables to start the test pingCtlRowStatus to createAndGo All appropriate test variables pingCtlAdminStatus to enabled Monitoring a Running Pin
17. Toload MIB files that are required for managing and monitoring devices running the Junos OS 1 Go to the Junos OS Technical Publications index page http www juniper net techpubs software junos index html 2 Click the tab that corresponds to the Junos OS Release for which you want to download the MIB files 3 Onthe selected tab click the plus sign that corresponds to the Enterprise Specific MIBs and Traps section to expand the section 4 Click the TAR or ZIP link that corresponds to the Enterprise MIBs link under the Enterprise Specific MIBs and Traps section to download the Junos MIB package 5 Decompress the file tar or zip using an appropriate utility 6 Load the standard MIB files from the StandardMibs folder in the following order e NOTE Some of the MIB compilers that are commonly used have the standard MIBs preloaded on them If the standard MIBs are already loaded on the MIB compiler that you are using skip this step and proceed to Step mib SNMPv2 SMI txt mib SNMPv2 TC txt mib IANAifType MIB txt mib IANA RTPROTO MIB txt mib rfc1907 txt mib rfc2O0Tla txt mib rfc2012a txt mib rfc2013a txt mib rfc2863a txt 7 Load the remaining standard MIB files e NOTE You must follow the order specified in this procedure and ensure that all standard MIBs are loaded before you load the enterprise specific MIBs There might be dependencies that require a particular MIB to be present on the compiler before
18. jnxPingCtlEgressTimeThreshold 1 3 6 1 4 1 2636 3 71 2 1 10 jnxPingCtlEgressStdDevThreshold 1 3 6 1 4 1 2636 3 71 2 1 11 jnxPingCtlEgressJitterThreshold 1 3 6 1 4 1 2636 3 7 1 2 1 12 jnxPingCtlIngressTimeThreshold 1 3 6 1 4 1 2636 3 7 2 1 13 jnxPingCtlIngressStdDevThreshold 1 3 6 1 4 1 2636 3 7 1 2 1 14 jnxPingCtlIngressJitterThreshold 1 3 6 1 4 1 2636 3 71 2 1 15 jnxPingTrapGeneration 1 3 6 1 4 1 2636 3 7 1 2 1 16 Enterprise Specific Traceroute MIB jnxTRCtlifName 1 3 6 1 4 1 2636 3 8 1 2 1 3 jnxTRCtlRoutinglnstanceName 1 3 6 1 4 1 2636 3 8 1 2 1 4 RFC 3413 Target MIB snmpTargetSpinLock 1 3 6 1 6 3 12 1 1 snmpTargetAddrTDomain 1 3 6 1 6 3 12 1 2 1 2 snmpTargetAddrTAddress 1 3 6 1 6 3 12 1 2 1 3 snmpTargetAddrTimeout 1 3 6 1 6 3 12 1 2 1 4 snmpTargetAddrRetryCount 1 3 6 1 6 3 12 1 2 1 5 snmpTargetAddrTagList 1 3 6 1 6 3 12 1 2 1 6 snmpTargetAddrParams 1 3 6 1 6 3 12 1 2 1 7 snmpTargetAddrStorageType 1 3 6 1 6 3 12 1 2 1 8 snmpTargetAddrRowStatus 1 3 6 1 6 3 12 1 2 1 9 snmpTargetParamsMPModel 1 3 6 1 6 3 12 1 3 1 2 snmpTargetParamsSecurityModel 1 3 6 1 6 3 12 1 3 1 3 Copyright O 2014 Juniper Networks Inc 67 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Object Name Object Identifier snmpTargetParamsSecurityLevel 1 3 6 1 6 3 12 1 3 1 4
19. sysApplElmtRunMemory Monitors the memory usage for each Junos OS process Multiple instances of the same process are monitored and indexed separately Minimum Health Monitoring Configuration To enable health monitoring on the router or switch include the health monitor statement at the edit snmp hierarchy level edit snmp health monitor Configuring the Falling Threshold or Rising Threshold The falling threshold is the lower threshold expressed as a percentage of the maximum possible value for the monitored variable When the current sampled value is less than or equal to this threshold and the value at the last sampling interval is greater than this threshold a single event is generated A single event is also generated if the first sample after this entry becomes valid is less than or equal to this threshold After a falling event is generated another falling event cannot be generated until the sampled value rises above this threshold and reaches the rising threshold You must specify the falling threshold as a percentage of the maximum possible value The default is 70 percent By default the rising threshold is 80 percent of the maximum possible value for the monitored object instance The rising threshold is the upper threshold for the monitored variable When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval is less than this threshold a single event is gen
20. Copyright 2014 Juniper Networks Inc 29 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 30 Host Resources MIB Extends the hrStorageTable object providing a measure of the usage of each file system on the router in percentage Previously the objects in the hrStorageTable measured the usage in allocation units hrStorageUsed and hrStorageAllocationUnits only Using the percentage measurement you can more easily monitor and apply thresholds on usage For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx hostresources txt For more information see Host Resources MIB Interface MIB Extends the standard ifTable RFC 2863 with additional statistics and Juniper Networks enterprise specific chassis information For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx if extensions txt For more information see nterface MIB IP Forward MIB Extends the standard IP Forwarding Table MIB RFC 2096 to include CIDR forwarding information For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx ipforward txt For more information see P Forward MIB IPsec Monitoring MIB Provides operational and statistical information related to the IPsec and IKE tunnels on Juniper Networks routers
21. Each log is named after the SNMP agent that generates it Currently the following log files are created in the var log directory when the traceoptions statement is used chassisd craftd ilmid mib2d rmopd serviced snmpd When a trace file named filename reaches its maximum size it is renamed filename O then filename and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten For more information about how log files are created see the System Log Monitoring and Troubleshooting Guide for Security Devices Log files can be accessed only by the user who configured the tracing operation Copyright O 2014 Juniper Networks Inc 297 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices You cannot change the directory var log in which trace files are located However you can customize the other trace file settings by including the following statements at the edit snmp hierarchy level edit snmp traceoptions f file files number match regular expression size size world readable no world readable flag flag no remote trace These statements are described in the following sections Configuring the Number and Size of SNMP Log Files on page 298 Configuring Access to the Log File on page 298 Configuring a Regular Expression for Lines to Be Logged on page 299 Configuring the Trace Operations on page 299 Config
22. For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx ipsec monitor asp txt For more information see Psec Monitoring MIB IPsec Generic Flow Monitoring Object MIB Based on jnx ipsec monitor mib this MIB provides support for monitoring IPsec and IPsec VPN management objects This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx ipsec flow mon txt For more information see Psec Generic Flow Monitoring Object MIB IPv4 MIB Provides additional Internet Protocol version 4 IPv4 address information supporting the assignment of identical IPv4 addresses to separate interfaces For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx ipv4 txt For more information see Pv4 MIB License MIB Extends SNMP support to licensing information and introduces SNMP traps that alert users when the licenses are about to expire expire or when the total number of users exceeds the number specified in the license For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx license txt For more information see License MIB Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP
23. Juniper Networks Inc 181 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices To configure the system log tag include the syslog subtag statement at the edit snmp rmon alarm index hierarchy level edit snmp rmon alarm index syslog subtag syslog subtag Configuring the Variable The variable identifies the MIB object that is being monitored To configure the variable include the variable statement and specify the object identifier or object name at the edit snmp rmon alarm index hierarchy level edit snmp rmon alarm index variable o d variable oid variable is a dotted decimal for example 1 3 6 1 2 1 2 1 2 2 1 10 1 or MIB object name for example iflnOctets 1 Configuring an Event Entry and Its Attributes Supported Platforms 182 LN Series M Series MX Series PTX Series T Series An event entry generates a notification for an alarm entry when its rising or falling threshold is crossed You can configure the type of notification that is generated To configure the event entry include the event statement at the edit snmp rmon hierarchy level All statements except the event statement are optional edit snmp rmon event index community community name description description type type index identifies an entry event community name is the trap group that is used when generating a trap If that trap group has the rmon alarm trap category configured a trap is sent
24. LN Series M Series MX Series PTX Series T Series Syntax target address target address name address adaress address mask address mask logical system logical system port port number retry count number routing instance instance tag list tag list target parameters target parameters name timeout seconds Hierarchy Level edit snmp v3 Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the address of an SNMP management application and the parameters to be used in sending notifications Options target address name String that identifies the target address The remaining statements are explained separately Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring the Trap Target Address on page 147 Documentation Copyright O 2014 Juniper Networks Inc 267 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices target parameters Supported Platforms EX Series LN Series M Series MX Series PTX Series OFX Series T Series Syntax Atthe edit snmp v3 hierarchy level target parameters target parameters name 1 profile name parameters message processing model v1 v2c V3 security level authentication none privacy security model usm vl v2c security name
25. Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series SRX Series T Series agent address outgoing interface edit snmp trap options Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Set the agent address of all SNMPvI traps generated by this router or switch Currently the only option is outgoing interface which sets the agent address of each SNMPvI trap to the address of the outgoing interface of that trap outgoing interface Value of the agent address of all SNMPvI traps generated by this router or switch The outgoing interface option sets the agent address of each SNMPv1 trap to the address of the outgoing interface of that trap Default disabled the agent address is not specified in SNMPVvI traps snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Agent Address for SNMP Traps on page 140 Copyright O 2014 Juniper Networks Inc 199 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices alarm Supported Platforms Syntax Hierarchy Level Release Information 200 Description Options Required Privilege Level Related Documentation EX Series
26. edit snmp rmon alarm index Statement introduced in Junos OS Release 8 3 Statement introduced in Junos OS Release 9 0 for EX Series switches Extend monitoring to a specific SNMP object instance get request or extend monitoring to all object instances belonging to a MIB branch walk request or extend monitoring to the next object instance after the instance specified in the configuration get next request get next request Performs an SNMP get next request get request Performs an SNMP get request walk request Performs an SNMP walk request Default walk request snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Request Type on page 180 variable on page 282 Copyright O 2014 Juniper Networks Inc retry count Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation rising event index Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements LN Series retry count number edit snmp v3 target address target address name Statement introduced in Junos OS Release 7 4 Configure the retry count for SNMP informs number Maximum number of times the inform is tra
27. for the Simple Network Management Protocol SNMP NOTE RFC 3418 replaces RFC 1907 which was supported in earlier versions of Junos OS RFC 3498 Definitions of Managed Objects for 1 1 1 0 0 o 0 0 Synchronous Optical Network SONET Linear Automatic Protection Switching APS Architectures implemented under the Juniper Networks enterprise branch jnxExperiment RFC 3584 Coexistence between Version 1 Version 1 1 1 1 0 0 1 2 and Version 3 of the Internet standard Network Management Framework 14 Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Table 3 Standard MIBs Supported on Devices Running Junos OS continued CED O O O Platforms 1 1 0 0 RFC 3591 Managed Objects for the Optical 1 Interface Type optifOTMnTable except optlfOTMnOpticalReach optlfOTMniInterfaceType and optifOTMnOrder optlfOChConfigTable except optifOChDirectionality and optlfOChCurrentStatus optlfOTUkConfigTable except optlfOTUkTraceldentifierAccepted optlIfOTUkTIMDetMode optIfOTUKTIMActEnabled optlfOTUkTraceldentifierTransmitted optIfOTUkDEGThr optifOTUKDEGM optlfOTUkSinkAdaptActive and optlfOTUkSourceAdaptActive and optlfODUkConfigTable except optlfODUkPositionSeqCurrentSize and optlfODUkTtpPresent RFC 3592 Definitions of Managed Objects forthe 1 1 1 1 0 0 o 0 Synchronous Optical Network Synchronous Digital Hierarchy SONET SDH Interface Type RFC 3621 Power Ethernet
28. o 0 1 http www juniper net techpubs en US junos12 1 topics reference mibs mib jnx scu txt SPU Monitoring MIB O0 O0 O0 O0 O0 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx js spu monitoring txt Structure of Management Information MIB 1 1 1 1 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx smi txt Subscriber MIB 0 1 0 0 0 0 O0 0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx subscriber txt System Log MIB 1 il il 1 1 1 1 http www juniper net techpubs en US junos12 1 topics reference mibs mib jnx syslog txt 52 Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Table 4 Enterprise Specific MIBs and Supported Devices continued Platforms SRX Low Mid Enterprise Specific MIB End Range Traceroute MIB 1 1 1 1 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx traceroute txt Utility MIB 1 1 1 1 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx util txt Virtual Chassis MIB 0 O0 O0 1 O0 O0 O0 O0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx virtualchassis txt VLAN MIB 0 O O 1 O O O O http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx vlan txt VPLS MIBs 1 1 1 1 O O 0 O e http Avwwiunipernet techpubs en_
29. see Event MIB Firewall MIB Provides support for monitoring firewall filter counters Routers must have the Internet Processor Il ASIC to perform firewall monitoring For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx firewalL txt For more information see Firewall MIB Host Resources MIB Extends the hrStorageTable object providing a measure of the usage of each file system on the router in percentage Previously the objects in the hrStorageTable measured the usage in allocation units hrStorageUsed and hrStorageAllocationUnits only Using the percentage measurement you can more easily monitor and apply thresholds on usage For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx hostresources txt For more information see Host Resources MIB Interface MIB Extends the standard if Table RFC 2863 with additional statistics and Juniper Networks enterprise specific chassis information For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx if extensions txt For more information see nterface MIB IP Forward MIB Extends the standard IP Forwarding Table MIB RFC 2096 to include CIDR forwarding information For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47
30. snmpTargetParamsSecurityName 1 3 6 1 6 3 12 1 3 1 5 snmpTargetParamsStorageType 1 3 6 1 6 3 12 1 3 1 6 snmpTargetParamsRowStatus 1 3 6 1 6 3 12 1 3 1 7 RFC 3413 Notify MIB snmpNotifyTag 1 3 6 1 6 3 13 1 1 1 2 snmpNotifyType 1 3 6 1 6 3 13 1 1 1 3 snmpNotifyStorageType 1 3 6 1 6 3 13 1 1 1 4 snmpNotifyRowStatus 1 3 6 1 6 3 13 1 1 1 5 snmpNotifyFilterProfileName 1 3 6 1 6 3 13 1 2 1 1 snmpNotifyFilterProfileStorType 1 3 6 1 6 3 13 1 2 1 2 snmpNotifyFilterProfileRowStatus 1 3 6 1 6 3 13 1 2 1 3 snmpNotifyFilterMask 1 3 6 1 6 3 13 1 3 1 2 snmpNotifyFilterType 1 3 6 1 6 3 13 1 3 1 3 snmpNotifyFilterStorageType 1 3 6 1 6 3 13 1 3 1 4 snmpNotifyFilterRowStatus 1 3 6 1 6 3 13 1 3 1 5 RFC 2574 usmUserSpinLock 1 3 6 1 6 3 15 1 2 1 usmUserCloneFrom 1 3 6 1 6 3 15 1 2 2 1 4 usmUserAuthProtocol 1 3 6 1 6 3 15 1 2 2 1 5 usmUserAuthKeyChange 1 3 6 1 6 3 15 1 2 2 1 6 usmUserOwnAuthKeyChange 1 3 6 1 6 3 15 1 2 2 1 7 usmUserPrivProtocol 1 3 6 1 6 3 15 1 2 2 1 8 usmUserPrivKeyChange 1 3 6 1 6 3 15 1 2 2 1 9 68 Copyright 2014 Juniper Networks Inc Chapter 1 SNMP Object Name Object Identifier usmUserOwnPrivKeyChange 1 3 6 1 6 3 15 1 2 2 1 10 usmUserPublic 1 3 6 1 6 3 15 1 2 2 1 11 usmUserStorageType 1 3 6 1 6 3 15 1 2 2 1 12 usmUserStatus 1 3 6 1 6 3 15 1 2 2 1 13 RFC 2575 vacmGr
31. the community edit snmp community community clients f 10 209 152 33 32 routing instance test ri f clients f 10 19 19 1 32 If the routing instance is defined within a logical system include the routing instance statement at the edit snmp community community name logical system logical system name hierarchy level as in the following example edit snmp community community f clients f 10 209 152 33 32 logical system test LS routing instance test ri clients 10 19 19 1 32 Related Understanding SNMP Support for Routing Instances on page 86 Documentation Identifying a Routing Instance on page 85 Enabling SNMP Access over Routing Instances on page 161 Configuring Access Lists for SNMP Access over Routing Instances on page 164 Example Configuring Interface Settings for a Routing Instance on page 162 Example Configuring Interface Settings for a Routing Instance Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series This example shows an 802 3ad aeO interface configuration allocated to a routing instance named INFrtd edit chassis aggregated devices f ethernet f 162 Copyright O 2014 Juniper Networks Inc Chapter 12 Routing Instances device count 5 edit interfaces aeO vlan tagging aggregated ether options f minimum links 2 link speed 100m unit O f vlan id 100 family inet f address 10 1 0 1 24 edi
32. 0 for EX Series switches Associate a view with a community A view represents a group of MIB objects view name Name of the view You must use a view name already configured in the view statement at the edit snmp hierarchy level snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the SNMP Community String on page 165 Copyright O 2014 Juniper Networks Inc 283 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices view Configuring a MIB View Supported Platforms Syntax Hierarchy Level Release Information 284 Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series PTX Series SRX Series T Series view view name oid object identifier include exclude edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Define a MIB view A MIB view identifies a group of MIB objects Each MIB object in a view has a common OID prefix Each object identifier represents a subtree of the MIB object hierarchy The view statement uses a view to specify a group of MIB objects on which to define access To enable a view you must associate the view with a community by including the view statement at the edit snmp community community name hierarchy level NOTE To remove an OID com
33. 2014 Juniper Networks Inc CHAPTER 17 Configuration Statements Configuration Statements at the edit snmp Hierarchy Level on page 192 Complete SNMPv3 Configuration Statements on page 195 e access list on page 197 address on page 198 address mask on page 198 agent address on page 199 alarm on page 200 authentication md5 on page 201 authentication none on page 202 authentication password on page 203 authentication sha on page 204 e authorization on page 205 e categories on page 206 Client list on page 206 Client list name on page 207 e clients on page 208 e commit delay on page 209 community on page 210 community on page 211 community name on page 212 contact on page 213 description on page 213 description on page 214 destination port on page 214 e engine id on page 215 enterprise oid on page 216 event on page 216 falling event index on page 217 Copyright O 2014 Juniper Networks Inc 189 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices falling threshold on page 218 falling threshold on page 219 falling threshold interval on page 220 filter duplicates on page 220 filter interfaces on page 221 group Configuring Group Name on page 222 group Defining Access Privileges for an SNMPv3 Group on page 223 health monitor on page 223 interface on page 224 e interval on page 224 e in
34. 2233 available at http www iana org assignments ianaiftype mib Internet draft 1 1 1 O0 0 0 o draft ietf atommib sonetaps mib 10 txt Definitions of Managed Objects for SONET Linear APS Architectures as defined under the Juniper Networks enterprise branch jnxExperiment only Copyright 2014 Juniper Networks Inc 19 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 3 Standard MIBs Supported on Devices Running Junos OS continued CET O O 1 Platforms 1 1 1 1 1 Internet draft draft ieft bfd mib 02 txt Bidirectional Forwarding Detection Management Information Base Represented by mib jnx bfd exp txt and implemented under the Juniper Networks enterprise branch jnxExperiment Read only Includes bfdSessUp and bfdSessDown traps Does not support bfdSessPerfTable and bfdSessMapTable Internet draft draft ietf idmr igmp mib 13 txt 1 1 1 0 0 1 Internet Group Management Protocol IGMP MIB Internet draft draft ietf idr bgp4 mibv2 04 txt 1 1 1 1 1 0 0 1 Definitions of Managed Objects for the Fourth Version of Border Gateway Protocol BGP 4 Second Version only jnxBgpM2PrefixInPrefixes jnxBgpM2PrefixInPrefixesAccepted and jnxBgpM2PrefixInPrefixesRejected objects Internet draft 1 1 1 o o 1 draft reeder snmpv3 usm 3desede 00 txt Extension to the User Based Security Model USM to Support Triple DES EDE in Outside CBC Mo
35. 7 Remote Monitoring Health Monitoring and Service Quality Understanding RMON Alarms on page 97 Understanding RMON Events on page 99 Understanding Measurement Points Key Performance Indicators and Baseline Values on page 100 Understanding RMON for Monitoring Service Quality on page 101 Understanding RMON Alarms Supported Platforms LN Series M Series MX Series PTX Series T Series An RMON alarm identifies A specific MIB object that is monitored The frequency of sampling The method of sampling The thresholds against which the monitored values are compared An RMON alarm can also identify a specific eventTable entry to be triggered when a threshold is crossed Configuration and operational values are defined in alarmTable in RFC 2819 Additional operational values are defined in Juniper Networks enterprise specific extensions to alarmTable jnxRmonAlarmTable This topic covers the following sections alarmTable on page 98 jnxRmonAlarmTable on page 98 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices alarmTable jnxRmonAlarmTable 98 alarmTable in the RMON MIB allows you to monitor and poll the following alarmIndex The index value for alarmTable that identifies a specific entry alarminterval The interval in seconds over which data is sampled and compared with the rising and falling thresholds alarmVariable The MIB variable that i
36. A to Site B the measurement points should be the ingress point to the provider network at Site A and the egress point at Site B Router centric measurements are taken directly from the routers themselves but be careful to ensure that the correct router subcomponents have been identified in advance Figure 2 Network Entry Points Internal interface A Internal interface B Egress point Ingress point o IP network External interface A External interface B 9017042 Copyright O 2014 Juniper Networks Inc Chapter 7 Remote Monitoring Health Monitoring and Service Quality e NOTE Figure 2 on page 100 does not show the client networks at customer premises but they would be located on either side of the ingress and egress points Although this chapter does not discuss how to measure network services as perceived by these client networks you can Use measurements taken for the service provider network as input into such calculations Basic Key Performance Indicators Setting Baselines Related Documentation For example you could monitor a service provider network for three basic key performance indicators KPIs Availability measures the reachability of one measurement point from another measurement point at the network layer for example using ICMP ping The underlying routing and transport infrastructure of the provider network will support the availability measurements with failures highlighted as una
37. Configuration Statements EX Series LN Series M Series MX Series PTX Series SRX Series T Series trap options f agent address outgoing interface source address address edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Using SNMP trap options you can set the source address of every SNMP trap packet sent by the router or switch to a single address regardless of the outgoing interface In addition you can set the agent address of each SNMPvI trap For more information about the contents of SNMPVvI traps see RFC 1157 The remaining statements are explained separately Disabled snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SNMP Trap Options on page 137 Copyright O 2014 Juniper Networks Inc 273 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices type Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 274 EX Series LN Series M Series MX Series PTX Series OFX Series T Series type inform trap edit snmp v3 notify name Statement introduced before Junos OS Release 7 4 inform option added in Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS
38. Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series community community name edit snmp rmon event index Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches The trap group that is Used when generating a trap if eventType is configured to send traps If that trap group has the rmon alarm trap category configured a trap is sent to all the targets configured for that trap group The community string in the trap matches the name of the trap group and hence the value of eventCommunity If nothing is configured traps are sent to each group with the rmon alarm category set community name l dentifies the trap group that is used when generating a trap if the event is configured to send traps snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring an Event Entry and Its Attributes on page 182 Copyright O 2014 Juniper Networks Inc 211 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices community name Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 212 EX Series LN Series M Series MX Series PTX Series T Series community name community name edit snmp v3 snmp community community index S
39. EX Series switches do not support the dot3adAggPortTable and dot3adAggPortStatsTable dot3adAggPortDebugTable only dot3adAggPortDebugRxState dot3adAggPortDebugMuxState dot3adAggPortDebugActorSyncTransitionCount dot3adAggPortDebugPartnerSyncTransitionCount dot3adAggPortDebugActorChangeCount and dot3adAggPortDebugPartnerChangeCount NOTE EX Series switches do not support the dot3adAggPortDebugTable dot3adTablesLastChanged RFC 1155 Structure and Identification of 1 1 1 1 1 1 1 1 Management Information for TCP IP based Internets RFC 1157 A Simple Network Management Protocol 1 1 1 1 1 1 1 SNMP RFC 1195 Use of OSI IS IS for Routing in TCP IP 1 1 1 1 1 1 and Dual Environments only the objects isisSystem isisMANAreaAddr isisAreaAddr isisSysProtSupp isissummaAddr isisCirc isisCircLevel isisPacketCount isisISAdj isisISAdjAreaAddr isisAdjlPAddr isisISAdjProtSupp isisRa and isisIPRA are supported RFC 1212 Concise MIB Definitions 1 1 1 1 1 0 0 1 8 Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Table 3 Standard MIBs Supported on Devices Running Junos OS continued Platforms RFC 1213 Management Information Base for 1 1 1 0 0 1 Network Management of TCP IP Based Internets MIB II Junos OS supports the following areas e MIBII and its SNMP version 2 derivatives including e Statistics counters IP except for ipRouteTable which has been repl
40. Enterprise Specific MIBs and Supported Devices Supported Platforms 44 EX Series LN Series M Series MX Series SRX Series T Series Table 4 on page 45 lists the enterprise specific MIBs that are supported on various devices running the Junos OS e NOTE In this table a value of 1 in any of the platform columns M MX T EX J and SRX denotes that the corresponding MIB is supported on that particular platform A value of O denotes that the MIB is not supported on the platform NOTE This topic uses the following classification for SRX Series devices Low End SRX100 SRX110 SRX210 SRX220 and SRX240 Mid Range SRX550 and SRX650 and High End SRX1400 SRX3400 SRX3600 SRX5400 SRX5600 and SRX5800 Copyright 2014 Juniper Networks Inc Chapter 1 SNMP Table 4 Enterprise Specific MIBs and Supported Devices Platforms SRX Low Mid Enterprise Specific MIB End Range AAA Objects MIB 1 1 O Oo O0 O 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx user aaa txt Access Authentication Objects MIB 9 O0 0 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx js auth txt Alarm MIB 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx chassis alarm txt Analyzer MIB 0 O0 O0 1 0 O0 0 O http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx analyz
41. Events and Alarms MIB e Security Interface Extension Objects MIB Provides support for the security management of interfaces This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js if ext txt For more information see Security Interface Extension Objects MIB e Security Screening Objects MIB Defines the MIB for the Juniper Networks Enterprise Firewall screen functionality This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx js screening txt For more information see Security Screening Objects MIB Source Class Usage MIB Counts packets sent to customers by performing a lookup onthe IP source address and the IP destination address The Source Class Usage SCU MIB makes it possible to track traffic originating from specific prefixes on the provider core and destined for specific prefixes on the customer edge For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx scu txt For more information see Source Class Usage MIB SPU Monitoring MIB Provides support for monitoring SPUs on SRX5600 and SRX5800 devices For a downloadable version of this MIB see Copyright O 2
42. Guide for Security Devices Table 11 Standard Supported SNMP Version 2 Traps continued System Logging Severity Defined in Trap Name snmpTrapOID Level Syslog Tag Supported On RFC 2787 vrrpTrapNewMaster 1 3 6 1 2 1 68 0 1 Warning VRRPD_ All devices running Definitions of NEWMASTER TRAP Junos OS Managed Objects forthe Virtual vrrpTrapAuthFailure 13612168 02 Warning VRRPD_AUTH_ All devices running MOUTE FAILURE_ TRAP Junos OS Redundancy Protocol The Junos OS also supports the following standard SNMP version 2 traps SNMP Version 2 MPLS Traps on page 80 SNMP Version 2 MPLS Traps TheJunos OS supports the MPLS SNMP version 2 traps defined in RFC 3812 Multiprotocol Label Switching MPLS Traffic Engineering TE Management Information Base You can disable the MPLS traps by including the no trap option at the edit protocol mpls log updown hierarchy level The Junos OS supports the following MPLS traps mplsTunnelUp Generated when an mplsTunnelOperStatus object for one of the configured tunnels leaves the down state and transitions into another state other than the notPresent state mplsTunnelDown Generated when an mplsTunnelOperStatus object for one of the configured tunnels enters the down state from a state other than the notPresent state e NOTE When an LSP flaps only the ingress and egress routers of that LSP generate the mplsTunnelUp and mplsTunnelDown traps Previously all the routers associated with
43. It describes how service providers and network administrators can use information provided by Juniper Networks routers to monitor network performance and capacity You should have a thorough understanding of the SNMP and the associated MIB supported by Junos OS NOTE For a good introduction to the process of monitoring an IP network see RFC 2330 Framework for IP Performance Metrics This topic contains the following sections Measurement Points on page 100 Basic Key Performance Indicators on page 101 Setting Baselines on page 101 Defining the measurement points where metrics are measured is equally as important as defining the metrics themselves This section describes measurement points within the context of this chapter and helps identify where measurements can be taken from a service provider network It is important to understand exactly where a measurement point is Measurement points are vital to understanding the implication of what the actual measurement means An IP network consists of a collection of routers connected by physical links that are all running the Internet Protocol You can view the network as a collection of routers with an ingress entry point and an egress exit point See Figure 2 on page 100 Network centric measurements are taken at measurement points that most closely map to the ingress and egress points for the network itself For example to measure delay across the provider network from Site
44. MIB O0 0 O0 1 O0 0 0 RFC 3637 Definitions of Managed Objects forthe 1 1 1 1 0 9 9 O0 Ethernet WAN Interface Sublayer except etherWisDeviceTable etherWisSectionCurrentTable and etherWisFarEndPathCurrentTable RFC 3811 Definitions of Textual Conventions TCs 1 1 1 1 O0 1 O0 O0 for Multiprotocol Label Switching MPLS Management Copyright O 2014 Juniper Networks Inc 15 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 3 Standard MIBs Supported on Devices Running Junos OS continued Edd 0 0 ie Platforms 1 1 1 O RFC 3812 Multiprotocol Label Switching MPLS 1 Traffic Engineering TE Management Information Base MIB read only access e MPLS tunnels as interfaces are not supported The following objects in the TunnelResource table are not supported mplsTunnelResourceMeanRate mplsTunnelResourceMaxBurstSize mplsTunnelResourceMeanBurstSize mplsTunnelResourceExBurstSize mplsTunnelResourceWeight mplsTunnelPerfTable and mplsTunnelCRLDPResTable are not supported mplsTunnelCHopTable is supported on ingress routers only NOTE The branch used by the proprietary LDP MIB Idpmib mib conflicts with RFC 3812 ldpmib mib has been deprecated and replaced by jnx mpls ldp mib RFC 3813 Multiprotocol Label Switching MPLS 1 1 1 O0 1 O0 O0 Label Switching Router LSR Management Information Base MIB read only access mplsinte
45. MIB documented in Internet draft draft ietf idr bgp4 mibv2 03 txt Definitions of Managed Objects for the Fourth Version of BGP BGP 4 Second Version For a downloadable version of this MIB see Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx bgpmib2 txt For more information see BGP4 V2 MIB BFD MIB Provides support for monitoring Bidirectional Forwarding Detection BFD sessions For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx bfd txt For more information see Bidirectional Forwarding Detection MIB e Chassis MIB Provides support for environmental monitoring power supply state board voltages fans temperatures and air flow and inventory support for the chassis System Control Board SCB System and Switching Board SSB Switching and Forwarding Model SFM Flexible PIC Concentrators FPCs and PICs For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx chassis txt For more information see Chassis MIBs Configuration Management MIB Provides notification for configuration changes as SNMP traps Each trap contains the time at which the configuration change was committed the name of the user who made the change and the method by which the change was made A histo
46. NOTE For scalability reasons the MPLS traps are generated by the ingress router only Standard SNMP Version 1 Traps on page 74 Standard SNMP Version 2 Traps on page 77 Unsupported Standard SNMP Traps on page 81 Related Juniper Networks Enterprise Specific SNMP Traps on page 73 Documentation Juniper Networks Enterprise Specific MIBs on page 21 Standard SNMP MIBs Supported by Junos OS on page 7 Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 144 Managing Traps and Informs on page 289 Standard SNMP Version 1 Traps Supported Platforms LN Series SRX Series Table 10 on page 74 provides an overview of the standard traps for SNMPvI The traps are organized first by trap category and then by trap name and include their enterprise ID generic trap number and specific trap number The system logging severity levels are listed for those traps that have them with their corresponding system log tag Traps that do not have corresponding system logging severity levels are marked with an en dash in the table For more information about system log messages see System Log Monitoring and Troubleshooting Guide for Security Devices Table 10 Standard Supported SNMP Version 1 Traps System Generic Specific Logging Trap Trap Severity Definedin Trap Name Enterprise ID Number Number Level Syslog Tag Supported On Startup Notifications RFC 1215 authenticationFailu
47. Network Address Translation NAT Objects MIB Provides support for monitoring network address translation NAT This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js nat txt For more information see NAT Objects MIB Packet Forwarding Engine MIB Provides notification statistics for Packet Forwarding Engines For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx pfe txt For more information see Packet Forwarding Engine MIB Ping MIB Extends the standard Ping MIB control table RFC 2925 Items in this MIB are created when entries are created in pingCtlTable of the Ping MIB Each item is indexed exactly as it is in the Ping MIB For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx ping txt For more information see PING MIB e Policy Objects MIB Provides support for monitoring the security policies that control the flow of traffic from one zone to another This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js policy txt For more information see Policy Objects MIB Reverse P
48. Networks Inc MonitoringNodeDescr 5 single tch gt show snmp mib walk jnxJsSPUMonitoringObjectsTable MonitoringFPCIndex 20 MonitoringFPCIndex 21 MonitoringFPCIndex 44 MonitoringFPCIndex 45 MonitoringSPUIndex 20 MonitoringSPUIndex 21 MonitoringSPUIndex 44 MonitoringSPUIndex 45 MonitoringCPUUsage 20 MonitoringCPUUsage 21 MonitoringCPUUsage 44 MonitoringCPUUsage 45 MonitoringMemoryUsage 20 64 MonitoringMemoryUsage 21 60 MonitoringMemoryUsage 44 64 MonitoringMemoryUsage 45 60 MonitoringCurrentFlowSession 20 MonitoringCurrentFlowSession 21 MonitoringCurrentFlowSession 44 MonitoringCurrentFlowSession 45 1 MonitoringMaxFlowSession 20 421888 MonitoringMaxFlowSession 21 843776 MonitoringMaxFlowSession 44 421888 MonitoringMaxFlowSession 45 843776 MonitoringCurrentCPSession 20 1 MonitoringCurrentCPSession 21 0 MonitoringCurrentCPSession 44 1 MonitoringCurrentCPSession 45 0 i oooororouUuUUMN i Il Ono 325 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices jnxJsSPUMonitoringMaxCPSession 20 2359296 jnxJsSPUMonitoringMaxCPSession 21 0 jnxJsSPUMonitoringMaxCPSession 44 2359296 jnxJsSPUMonitoringMaxCPSession 45 0 jnxJsSPUMonitoringNodeIndex 20 0 jnxJsSPUMonitoringNodeIndex 21 0 jnxJsSPUMonitoringNodeIndex 44 1 jnxJsSPUMonitoringNodeIndex 45 1 jnxJsSPUMonitoringNodeDescr 20 nodeO jnxJsSPUMonitoringNodeDescr 21 nodeO jnxJs
49. O 2014 Juniper Networks Inc Chapter 20 Tracing Activity Related Configuring SNMP on a Device Running Junos OS on page 109 D tati ee Tracing SNMP Activity on a Device Running Junos OS on page 297 Configuration Statements at the edit snmp Hierarchy Level on page 192 Copyright O 2014 Juniper Networks Inc 301 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 302 Copyright O 2014 Juniper Networks Inc CHAPTER 21 Ping Tests Starting a Ping Test Supported Platforms Starting a Ping Test on page 303 Monitoring a Running Ping Test on page 304 Gathering Ping Test Results on page 307 Stopping a Ping Test on page 309 Interpreting Ping Variables on page 309 LN Series M Series MX Series PTX Series SRX Series T Series Before you start a ping test configure a Ping MIB view This allows SNMP Set requests on pingMIB To start a ping test create a row in pingCtl Table and set pingCtlAdminStatus to enabled The minimum information that must be specified before setting pingCtlAdminStatus to enabled is pingCtLOwnerlndexSnmpAdminString pingCtlTestNameSnmpAdminString pingCtlTargetAddresslInetAddress pingCtlTargetAddressTypelnetAddressType pingCtlRowStatusRowStatus For all other values defaults are chosen unless otherwise specified pingCtlOwnerlndex and pingCtlTestName are used as the index so their values are specified as part of the object identifier OID
50. Series OFX Series SRX Series T Series authorization authorization edit snmp community community name Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Set the access authorization for SNMP Get GetBulk GetNext and Set requests authorization Access authorization level read only Enable Get GetNext and GetBulk requests read write Enable all requests including Set requests You must configure a view to enable Set requests Default read only snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the SNMP Community String on page 165 Copyright O 2014 Juniper Networks Inc 205 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices categories Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation client list Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 206 EX Series LN Series M Series MX Series PTX Series SRX Series T Series categories category D edit snmp trap group group name Statement introduced before Junos OS Release 7 4 Statement intro
51. Statements EX Series LN Series M Series MX Series PTX Series T Series rising threshold percentage edit snmp Statement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 for EX Series switches The upper threshold is expressed as a percentage of the maximum possible value for the sampled variable When the current sampled value is greater than or equal to this threshold and the value at the last sampling intervalis less than this threshold a single event is generated A single event is also generated if the first sample after this entry becomes valid is greater than or equal to this threshold After a rising event is generated another rising event cannot be generated until the sampled value falls below this threshold and reaches the falling threshold percentage The lower threshold for the alarm entry Range 1through 100 Default 80 percent of the maximum possible value snmp To view this statement in the configuration snmp control To add this statement to the configuration falling threshold on page 218 Configuring the Falling Threshold or Rising Threshold on page 185 EX Series LN Series M Series MX Series PTX Series T Series rmon 1 edit snmp Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure Remote Monitoring snmp To view this statement in the configuration snmp control To add
52. T Series Junos OS supports monitoring routers from remote devices These values are measured against thresholds and trigger events when the thresholds are crossed You configure remote monitoring RMON alarm and event entries to monitor the value of a MIB object To configure RMON alarm and event entries you include statements at the edit snmp hierarchy level of the configuration edit snmp rmon alarm index 1 description text description falling event index index falling threshold integer falling threshold interval seconds interval seconds rising event index index rising threshold integer request type get next request get request walk request sample type absolute value delta value startup alarm falling alarm rising alarm rising or falling alarm syslog subtag syslog subtag variable o d variable event index 1 community community name description description type type Copyright O 2014 Juniper Networks Inc 77 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation Understanding RMON Alarms on page 97 Understanding RMON Events on page 99 Configur Configur ing an Alarm Entry and Its Attributes on page 178 ing an Event Entry and Its Attributes on page 182 Configuring an Alarm Entry and Its Attributes Supported Platforms LN Series M Series MX Series PTX Series T Series An alarm entry monitors the value
53. Tracking Problems That Affect SNMP Performance on a Device Running the Junos OS Optimizing the Network Management System Configuration for the Best Results Configuring Options on Managed Devices for Better SNMP Response Time Using the Enterprise Specific Utility MIB to Enhance SNMP Coverage Copyright O 2014 Juniper Networks Inc 291 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 292 Copyright O 2014 Juniper Networks Inc CHAPTER 19 Remote Operations Using the Ping MIB for Remote Monitoring Devices Running Junos OS on page 293 Configuring the Remote Engine and Remote User on page 293 Example Configuring the Remote Engine ID and Remote Users on page 294 Using the Ping MIB for Remote Monitoring Devices Running Junos OS Supported Platforms Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series A ping test is Used to determine whether packets sent from the local host reach the designated host and are returned If the designated host can be reached the ping test provides the approximate round trip time for the packets Ping test results are stored in pingResultsTable and pingProbeHistoryTable RFC 2925 is the authoritative description of the Ping MIB in detail and provides the ASN 1 MIB definition of the Piing MIB SNMP Remote Operations Overview on page 93 Starting a Ping Test on page 303 Monitoring a Running Ping Test on page 304
54. active pingResultslpTgtAddr and pingResultslpTgtAddrType are set to the value of the resolved destination address when the value of pingCtlTargetAddressType is dns When a test starts successfully and pingResultsOperStatus transitions to enabled pingResultslpTgtAddr is set to null string pingResultslpTgtAddrType is set to unknown pingResultslpTgtAddr and pingResultslpTgtAddrType are not set until pingCtlTargetAddress can be resolved to a numeric address To retrieve these values poll pingResultslpTgtAddrType for any value other than unknown after successfully setting pingCtlAdminStatus to enabled At the start of a test pingResultsSentProbes is initialized to 1 and the first probe is sent pingResultsSentProbes increases by 1 each time a probe is sent As the test runs every pingCtlTimeOut seconds the following occur pingProbeHistoryStatus for the corresponding pingProbeHistoryEntry in pingProbeHistoryTable is set to requestTimedOut A pingProbeFailed trap is generated if necessary An attempt is made to send the next probe D NOTE No more than one outstanding probe exists for each test For every probe you can receive one of the following results The target host acknowledges the probe with a response The probe times out there is no response from the target host acknowledging the probe The probe could not be sent Each probe result is recorded in pingProbeHistoryTable For more information
55. an LSP that is the ingress egress and transit routers used to generate the traps when the LSP flaps mplsTunnelRerouted Generated when a tunnel is rerouted mplsTunnelReoptimized Generated when a tunnel is reoptimized NOTE In Junos OS Release 8 3 and earlier mplsTunnelReoptimized was generated every time the optimization timer expired that is when the optimization timer exceeded the value set for the optimize timer statement at the edit protocols mpls label switched path path name hierarchy level However in Release 8 4 and later this trap is generated only when the path is reoptimized and not when the optimization timer expires 80 Copyright O 2014 Juniper Networks Inc Related Documentation Chapter 3 SNMP Traps Juniper Networks Enterprise Specific SNMP Traps on page 73 Standard SNMP Traps Supported on Devices Running Junos OS on page 73 Juniper Networks Enterprise Specific MIBs on page 21 Standard SNMP MIBs Supported by Junos OS on page 7 Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 144 Managing Traps and Informs on page 289 Unsupported Standard SNMP Traps Supported Platforms LN Series SRX Series Standard SNMP traps that are defined in MIBs supported by the Junos OS but are not generated by the Junos OS are shown in Table 12 on page 82 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 12 Unsupported Standard SNMP Tra
56. and Troubleshooting Guide for Security Devices Related Documentation oid jnxPingMIB exclude deny access to jnxPingMIB objects community no ping mib authorization read write view ping mib view Configuring SNMP on a Device Running Junos OS on page 109 Configuration Statements at the edit snmp Hierarchy Level on page 192 Configuring MIB Views on page 118 View Configuring a MIB View on page 284 oid on page 234 Configuring the Local Engine ID Supported Platforms 120 LN Series M Series MX Series PTX Series SRX Series T Series By default the local engine ID uses the default IP address of the router The local engine ID is the administratively unique identifier for the SNMPv3 engine This statement is optional To configure the local engine ID include the engine id statement at the edit snmp hierarchy level edit snmp engine id local engine id suffix use default ip address use mac address local engine id suffix The engine ID suffix is explicitly configured use default ip address The engine ID suffix is generated from the default IP address use mac address The SNMP engine identifier is generated from the Media Access Control MAC address of the management interface on the router The local engine ID is defined as the administratively unique identifier of an SNMPv3 engine and is used for identification not for addressing There are two parts of an engine
57. and see faults using Operational mode commands For more information about operational mode commands see the CL User Guide SNMP MIBs For more information about SNMP MIBs supported by Junos OS see Standard SNMP MIBs Supported by Junos OS on page 7 and Juniper Networks Enterprise Specific MIBs on page 21 e Standard SNMP traps For more information about standard SNMP traps see the Standard SNMP Traps Supported on Devices Running Junos OS on page 73 e Enterprise specific SNMP traps For more information about enterprise specific traps see Juniper Networks Enterprise Specific SNMP Traps on page 73 System log messages For more information about how to configure system log messages see System Log Monitoring and Troubleshooting Guide for Security Devices Configuration management e Configure device attributes using the command line interface CLI For more information about configuring the device using the CLI see the CLI User Guide e Configuration Management MIB For more information about the Configuration Management MIB see the Configuration Management MIB Accounting management Perform the following accounting related tasks e Collect statistics for interfaces firewall filters destination classes source classes and the Routing Engine For more information about collecting statistics see Accounting Options Configuration Use interface specific traffic statistics and
58. asi 197 addice SS NEN E gf TI RT cers avy bees TTREERLSTEEENEEEERURE UL 198 addiess ma k oie addas DOS TS E arr anche Sede ae dotes RE AEE 198 agent address eee rrr 199 Al eM ORT MERECE EPOR 200 authentication Md5 2 ee een teens 201 authentication none eee ran 202 a thentication pasSsWord 1 3 2 urea cbr Seen dee eas o RR Rosa e ed 203 authenticatiorisshai 54 2 trattare sion vaop ba Da dur dde detenta 204 etit hz e bl siru t ortos Red ays GN d o8 ORK RU Re SALE OMEE RASS ERASERS 205 CALS SOMOS a oda edt toes Ebo UR Ge adh dete xa dv Priva a caduetode Ad dd E 206 clie tells vesc os Sesh ao ME AI Ee EDS EU od SS eRe BES 206 client list naltrie assa aote a dire Repo Bard SER edenda Pres or Bod a redd 207 elent 3a avo nd Sine S Seo SSS 4 3 SCOR EA RU Re MEDS SUCUS TORIA ecd Ard Ey 208 commitsdelay airi 523200255 food RU x dut eibi dite Bedae Rd ters 209 COMMON RNC EETERTITO OLTRE TT 210 COMMUNITY essct s uidrg inb praed giusti bein p ap aw hich de gdh deca pe dra a adobe rp a ND anaes 211 commn seb 2 51 52 64 9 9 EEn do 309 dee Oaer e dod ER 212 COMAC arapi apea E 30 8 puris gras Poe Gh fuo aequ b Edw Deemed 213 GESCHIDLOM 9 sous pred qeqeem qudd trf bad de we US euentu us iut tpe pd que 213 descripto 12a uie oue on atre malo rd crees darse ee ee Dawes mdhelais 214 destuinationspolt qus bx Sex eee Heeb ends Omne SMPUPUQRE EDU PS PN 214 engihe Id herera esee rre deo game gdae ga ge EAE a fe b rd rre 215 enterprise olde esae
59. can specify the location of each system being managed by SNMP This string is placed into the MIB Il sysLocation object To configure a system location include the location statement at the edit snmp hierarchy level edit snmp location location If the location contains spaces enclose it in quotation marks To specify the system location edit snmp location Row 11 Rack C Related Configuring SNMP on a Device Running Junos OS on page 109 Documentation Configuring the System Contact on a Device Running Junos OS on page 112 Configuring the System Description on a Device Running Junos OS on page 112 Configuring the System Name on page 113 Configuration Statements at the edit snmp Hierarchy Level on page 192 Configuring the System Name Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Junos OS enables you to override the system name by including the name statement at the edit snmp hierarchy level edit snmp name name If the name contains spaces enclose it in quotation marks To specify the system name override edit snmp name snmp 1 Related Configuring SNMP on a Device Running Junos OS on page 109 D tati ocumentatmon Configuring the System Contact on a Device Running Junos OS on page 112 Configuring the System Location for a Device Running Junos OS on page 113 Copyright O 2014 Juniper Networks Inc 113 SNMP MIBs
60. clients include the client list statement followed by the IP addresses of the clients at the edit snmp hierarchy level edit snmp client list client list name f ip addresses You can configure a prefix list at the edit policy options hierarchy level Support for prefix lists in the SNMP community configuration enables you to use a single list to configure the SNMP and routing policies To add a client list or prefix list to an SNMP community include the client list name statement at the edit snmp community community name hierarchy level edit snmp community community name client list name client list name e NOTE The client list and prefix list must not have the same name The following example shows how to define a client list edit snmp client list clentlist f 10 11 1732 10 2 2 2 32 The following example shows how to add a client list to an SNMP community edit snmp community community f Copyright O 2014 Juniper Networks Inc 167 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation authorization read only client list name clientlist The following example shows how to add a prefix list to an SNMP community edit policy options f prefix list prefixlist 10 3 3 3 32 10 5 5 5 32 snmp community community2 client list name prefixlist client list on page 206 client list name on page 207
61. configure the trap notifications include the notify statement at the edit snmp v3 hierarchy level edit snmp v3 notify name 1 tag tag name type trap name is the name assigned to the notification tag name defines the target addresses to which this notification is sent This notification is sent to all the target addresses that have this tag in their tag list The tag name is not included in the notification trap is the type of notification NOTE Each notify entry name must be unique Junos OS supports two types of notification trap and inform For information about how to configure the tag list see Configuring the Trap Target Address on page 149 Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Copyright O 2014 Juniper Networks Inc Chapter 10 SNMP Traps Configuring the Trap Notification Filter on page 141 Configuring the Trap Target Address on page 147 Defining and Configuring the Trap Target Parameters on page 150 Configuring SNMP Informs on page 121 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Example Configuring SNMPv3 Trap Notification on page 153 Example Configuring SNMP Trap Groups Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Set up a trap notification list named urgent dispatcher for link and startup traps This list is us
62. configured For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx atm cos txt For more information see ATM Class of Service MIB BGP4 V2 MIB Contains objects used to monitor BGP peer received prefix counters It is based upon similar objects in the MIB documented in Internet draft draft ietf idr bgp4 mibv2 03 txt Definitions of Managed Objects for the Fourth Version of BGP BGP 4 Second Version For a downloadable version of this MIB see Copyright O 2014 Juniper Networks Inc 33 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 34 http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx bgpmib2 txt For more information see BGP4 V2 MIB BFD MIB Provides support for monitoring Bidirectional Forwarding Detection BFD sessions For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx bfd txt For more information see Bidirectional Forwarding Detection MIB Chassis MIB Provides support for environmental monitoring power supply state board voltages fans temperatures and air flow and inventory support for the chassis System Control Board SCB System and Switching Board SSB Switching and Forwarding Model SFM Flexible PIC Concentrators FPCs and PICs For a downloadable version of this MIB see http www
63. falling alarm snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Startup Alarm on page 181 Copyright O 2014 Juniper Networks Inc syslog subtag Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation tag Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series syslog subtag syslog subtag edit snmp rmon alarm index Statement introduced in Junos OS Release 8 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Add a tag to the system log message syslog subtag syslog subtag lag of not more than 80 uppercase characters to be added to syslog messages Default None snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the System Log Tag on page 181 EX Series LN Series M Series MX Series PTX Series T Series tag tag name edit snmp v3 notify name edit snmp v3 snmp community community index Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switch
64. filter Configuring the Profile Name 0 0 0 0 eee n 232 OEY VIEW ao sued cos mete oe a ah en are eT vitrea ted DES 233 ol rr 234 ONG course ke 5h iS OMS de dd ERASE CASAL ACEP FP ER gate abu E RIED 235 paltatmetets a 4a ide Bad acd Awd dao edet obe dra ca obe det bob dv ida 236 DOM avons cae 9x 6b Oe aid e Ae ex A Peo we bape Gian ae ERES I UA 235 DilVaeys3des ute cuiu grea de Ex dob ador SOR b pacer DOO pacis dust doas 237 piivacy aesSl28 xaxa Sade Meow ate qc din Sd Svo d ire dod OE aao A 238 elis ceC MTM 239 DHIVACVAMOMG REN TORTE T EIU ESTIS TE RGA eee ed 240 privaeyspassWOFl 5 2 crar bte ba choequrdre OR e Bde pea bee eig erai 24 CAO VIEW e xs sette Terga omer PPM pO eS EVENIAT RES 242 remote engine lees he 243 fEGUESTSLVOE gerode arotan yaq Hees d eg VENCER Oe haw mage s den aq 244 RETRY COWME S cce iu a onam ibreretioedopten uber forged bp atarcunccacal sane fabula tubos di d 245 rising event ihdex ase wash eas tQeed epp eSI T Pe osu NS TES E Su 245 rising threshold i sussse seem rr bre ea haved aacienaen ae baaes 246 tisingsthtesholg oce p ueemes is sav ewe CU Pb ede e RUPPFSC GP SE 247 PUTO My eid henee Borate erase umbrae ueteri geek S a boon E atrae tirare dun 247 routing engine SNMP Resource Level 0 0 cc ee 248 routing engine SNMP Global Level 0 0 0 RR I 249 FOULING INSTAMEE rras hos kia ed ox rode awe alee Sabine adword tar sni NUS dude ae 250 routing instance socero sco
65. history user host gt show snmp health monitor routing engine history brief Resource CPU jnxOperatingCPU 9 1 0 0 Event Critical Falling 76 2013 04 10 18 44 47 JST Configuration 1 30 70 85 Monitor Inter Mod High Crit Action Usage Trail 76 76 76 78 78 78 78 78 78 78 Top and Growing Consumer Top Consumer Usage Growth flowd_octeon_hm 252 2 Copyright 2014 Juniper Networks Inc 319 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices idle cpuO 34 34 av worker 3 2 Growing Consumer Usage Growth idle cpuO 34 34 flowd octeon hm 252 2 av worker 3 2 Load averages 2 01 1 min Resource Var cf var jnxHrStoragePercentUsed 5 1 70 5 min 2 01 15 min 2013 04 10 14 51 29 JST Event High Rising 70 Configuration 1 30 70 85 Monitor Inter Mod High Crit Action Usage Trail 70 70 69 69 69 69 69 69 69 69 Top and Growing Consumer KB Top Consumer Usage Growth secdb_06 db 50424 0 idpd trace 23860 0 SignatureUpdate xml 20322 0 ai cachedfa group c 10784 0 dfa group cache db 10456 0 Growing Consumer Usage Growth default log message 4403 4403 chassisd 1467 4 jsrpd 1202 2 Storage used 226034 KB Inodes used 506 Nodes show snmp health monitor routing engine history extensive user host gt show snmp health monitor routing engine history extensive Resource CPU jnxOperatingCPU 9 1 0 0 Event Critical Falling 76 96 2013 04 10 18 44 47 JST Con
66. include exclude snmp community community index 1 community name community name security name security name tag tag name target address target address name 1 address address address mask address mask logical system logical system port port number retry count number routing instance instance tag list tag list target parameters target parameters name timeout seconds target parameters target parameters name 1 notify filter profile name parameters f message processing model v1 v2c V3 security level authentication none privacy security model usm v1 v2c security name security name usm local engine user username authentication md5 authentication password authentication password authentication sha authentication password authentication password authentication none privacy aes128 privacy password privacy password privacy des f privacy password privacy password privacy des privacy password privacy password Copyright 2014 Juniper Networks Inc 279 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices privacy none remote engine engine id user username authentication md5 authentication password authentication password authentication sha authentication password authentication password authentication none privacy aes128 privacy password privacy password privacy des privacy password priva
67. is Used when a falling threshold is crossed Range O through 65 535 Default O snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Falling Event Index or Rising Event Index on page 179 rising event index on page 245 Copyright O 2014 Juniper Networks Inc 217 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices falling threshold Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 218 EX Series LN Series M Series MX Series PTX Series T Series falling threshold percentage edit snmp Statement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 for EX Series switches The lower threshold is expressed as a percentage of the maximum possible value for the sampled variable When the current sampled value is less than or equal to this threshold and the value at the last sampling interval is greater than this threshold a single event is generated A single event is also generated if the first sample after this entry becomes valid is less than or equal to this threshold After a falling event is generated another falling event cannot be generated until the sampled value rises above this threshold and reaches the rising threshold percentage The lower threshold for the alarm entry Range 1
68. jnx js smi txt For more information see Structure of Management Information MIB AAA Objects MIB Provides support for monitoring user authentication authorization and accounting through the RADIUS LDAP SecurID and local authentication servers This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx user aaa txt For more information see AAA Objects MIB Access Authentication Objects MIB Provides support for monitoring firewall authentication including data about the users trying to access firewall protected resources and the firewall authentication service itself This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http Avww juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx js auth txt For more information see Access Authentication Objects MIB Alarm MIB Provides support for alarms from the router For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx chassis alarm txt For more information see Alarm MIB ATM CoS MIB Provides support for monitoring Asynchronous Transfer Mode version 2 ATM2 virtual circuit VC class of service CoS configurations It also provides CoS queue statistics for all VCs that have CoS
69. juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx chassis txt For more information see Chassis MIBs Chassis Cluster MIB Provides information about objects that are used whenever the state of the control link interfaces or fabric link interfaces changes up to down or down to up in a chassis cluster deployment For a downloadable version of this MIB see http Avww juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx jsrpd txt For more information see Chassis Cluster MIB Configuration Management MIB Provides notification for configuration changes as SNMP traps Each trap contains the time at which the configuration change was committed the name of the user who made the change and the method by which the change was made A history of the last 32 configuration changes is kept in jnxCmChgEventTable For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx cfgmgmt txt For more information see Configuration Management MIB Destination Class Usage MIB Provides support for monitoring packet counts based on the ingress and egress points for traffic transiting your networks Ingress points are identified by input interface Egress points are identified by destination prefixes grouped into one or more sets known as destination classes One counter is managed per interface per destination class up to a maximum of 16 counters pe
70. level to use when generating SNMP notifications include the security level statement at the edit snmp v3 target parameters target parameter name parameters hierarchy level edit snmp v3 target parameters target parameter name parameters security level authentication none privacy authentication Provides authentication but no encryption none No security Provides no authentication and no encryption privacy Provides authentication and encryption e NOTE If you are configuring the SNMPv1 or SNMPV2c security model use none as your security level If you are configuring the SNMPv3 USM security model use the authentication or privacy security level Configuring the Security Name To configure the security name to use when generating SNMP notifications include the security name statement at the edit snmp v3 target parameters target parameter name parameters hierarchy level edit snmp v3 target parameters target parameter name parameters security name security name If the USM security model is used the security name identifies the user that is used when the notification is generated If the v1 or v2c security models are used security name identifies the SNMP community used when the notification is generated 152 Copyright O 2014 Juniper Networks Inc Chapter 10 SNMP Traps e NOTE The access privileges for the group associated with a security name Related Documentation must allow this no
71. monitored The OID can be a dotted decimal for example 1 3 6 1 2 1 2 1 2 2 1 10 1 Alternatively use the MIB object name for example iflnOctets 1 snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Variable on page 182 EX Series LN Series M Series MX Series PTX Series SRX Series T Series version all v1 v2 edit snmp trap group group name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Specify the version number of SNMP traps all Send an SNMPv1 and SNMPv2 trap for every trap condition all Send an SNMPv1 and SNMPv2 trap for every trap condition vl Send SNMPVvI traps only v2 Send SNMPv2 traps only snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SNMP Trap Groups on page 141 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements view Associating a MIB View with a Community Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series PTX Series SRX Series T Series view view name edit snmp community community name Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9
72. name is resolved The format is x x x x Sample type Method of sampling the monitored variable and calculating the value to compare against the upper and lower thresholds It can have the value of absolute value or delta value Startup alarm Alarm that might be sent when this entry is first activated depending on the following criteria e Alarm is sent when one of the following situations exists e Value of the alarm is above or equal to the rising threshold and the startup type is either rising alarm or rising or falling alarm e Value of the alarm is below or equal to the falling threshold and the startup type is either falling alarm or rising or falling alarm e Alarm is not sent when one of the following situations exists e Value of the alarm is above or equal to the rising threshold and the startup type is falling alarm e Value of the alarm is below or equal to the falling threshold and the startup type is rising alarm e Value of the alarm is between the thresholds Owner Name of the entry configured by the user If the entry was created through the CLI the owner has monitor prepended to it Creator Mechanism by which the entry was configured Health Monitor Copyright O 2014 Juniper Networks Inc 313 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 22 show snmp health monitor Output Fields continued Field Name Field Description Sample interval Time per
73. name security name usm Copyright 2014 Juniper Networks Inc 127 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation local engine f user username 1 vacm access group group name 1 default context prefix context prefix context prefix 1 security model any usm v1 v2c f security level authentication none privacy f notify view view name read view view name write view view name security to group security model usm vl v2c security name security name 1 group group name Creating SNMPv3 Users on page 123 Configuring MIB Views on page 118 Defining Access Privileges for an SNMP Group on page 155 Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Configuring SNMP Informs on page 121 Complete SNMPv3 Configuration Statements on page 195 Example SNMPv3 Configuration on page 124 Configuring the SNMPv3 Authentication Type Supported Platforms 128 LN Series M Series MX Series PTX Series SRX Series T Series By default in a Junos OS configuration the SNMPv3 authentication type is set to none This topic includes the following sections Configuring MD5 Authentication on page 129 Configuring SHA Authentication on page 129 Configuring No Authentication on page 129 Copyright O 2014 Juniper Networks Inc Chapter 9 SNMPv3 Configuring MD5 Authentic
74. net techpubs en_US junos12 1 topics reference mibs mib jnx Isys securityprofile txt MIMSTP MIB 0 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx mimstp txt MPLS LDP MIB 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx mpls ldp txt MPLS MIB 1 1 http www juniper net techpubs en US junos12 1 topics reference mibs mib jnx mpls txt NAT Objects MIB O0 O0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx js nat txt Copyright 2014 Juniper Networks Inc 49 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 4 Enterprise Specific MIBs and Supported Devices continued Platforms SRX Low Mid Enterprise Specific MIB J End Range 1 NAT Resources Monitoring MIB 1 1 0 0 O0 O0 O0 http www juniper net techpubs en US junos12 1 topics reference mibs mib jnx sp nat txt OTN Interface Management MIB 1 1 1 0 O0 O0 0 O0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx otn txt Packet Forwarding Engine MIB 1 1 O0 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx pfe txt Packet Mirror MIB 0 1 0 0 O0 O0 0 O0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx js packet mirror txt PAE Extension MIB 9 O0 O0 1 O0 O0 O0 0 http www juni
75. of a MIB variable You can configure how often the value is sampled the type of sampling to perform and what event to trigger if a threshold is crossed This sectio Configur Configur Configur Configur Configur e Configur Configur Configur e Configur Configur Configur Configuring the Alarm Entry 178 An alarm e n discusses the following topics ing the Alarm Entry on page 178 ing the Description on page 179 ing the Falling Event Index or Rising Event Index on page 179 ing the Falling Threshold or Rising Threshold on page 179 ing the Interval on page 180 ing the Falling Threshold Interval on page 180 ing the Request Type on page 180 ing the Sample Type on page 181 ing the Startup Alarm on page 181 ing the System Log Tag on page 181 ing the Variable on page 182 ntry monitors the value of a MIB variable The rising event index rising threshold sample type and variable statements are mandatory All other statements are optional To configure the alarm entry include the alarm statement and specify an index at the edit snmp rmon hierarchy level edit snmp rmon alarm index description description falling event index index falling threshold integer falling threshold interval seconds interva seconds Copyright O 2014 Juniper Networks Inc Chapter 16 Remote Monitoring Health Monitoring and Service Quality rising event index index rising thres
76. oid 1 3 6 1 2 1 80 include edit snmp v3 notify nl f tag router Identifies a set of target addresses type trap Defines type of notification notify n2 f tag host type trap notify filter nfl oid 1 include Defines which traps to send In this case includes all traps notify filter nf2 oid 1 3 6 1 4 1 include Sends enterprise specific traps only 124 Copyright 2014 Juniper Networks Inc Chapter 9 SNMPv3 notify filter nf3 oid 1 3 6 1 2 1 1 5 include Sends BGP traps only snmp community index f community name 9 JOZi OF AtOz3 44 SECRET DATA security name john Matches the security name at the target parameters tag host 4 Finds the addresses that are allowed to be used with target address tal Associates the target address with the group san francisco address 10 1 1 1 address mask 255 255 255 0 Defines the range of addresses port 162 tag list router target parameters tpl Applies configured target parameters target address ta2 f address 10 1 1 2 address mask 255 255 255 0 port 162 tag list host target parameters tp2 target address ta3 f address 10 1 1 3 address mask 255 255 255 0 port 162 tag list router host1 target parameters tp3 target parameters tpl f Defines the target parameters notify filter nfl Specifies which notify filter to apply parameters f message processing model vl security model v1 security level none sec
77. on page 161 Configuring Access Lists for SNMP Access over Routing Instances on page 164 Trap Support for Routing Instances Supported Platforms Related Documentation LN Series M Series MX Series SRX1400 SRX3400 SRX3600 SRX5400 SRX5600 SRX5800 T Series You can restrict the trap receivers from receiving traps that are not related to the logical system networks to which they belong To do this include the logical system trap filter statement at the edit snmp hierarchy level edit snmp logical system trap filter If the logical system trap filter statement is not included in the SNMP configuration all traps are forwarded to the configured routing instance destinations However even when this statement is configured the trap receiver associated with the default routing instance will receive all SNMP traps When configured under the trap group object all vl and v2c traps that apply to routing instances or interfaces belonging to a routing instance have the routing instance name encoded in the community string The encoding is identical to that used in request PDUs For traps configured under the v3 framework the routing instance name is carried in the context field when the v3 message processing model has been configured For other message processing models vl or v2c the routing instance name is not carried in the trap message header and not encoded in the community string Understanding SNMP Support for
78. or export the data for use by their customers Figure 1 SNMP Data for Routing Instances Routing platform Interface 1 Logical Router LR Interface 3 Routing Instance R1 p eene Logical Router LR Interface 2 ogical Router Ere ende nteriace 4 IF Index Data1 Data2 DataN m 1 If LRRI is specified in the SNMP request 2 2 only information for interfaces 1 3 appear in the table T 3 If LR R2 is specified in the SNMP request LC 4 only information for interfaces 2 4 appear in the table zu If no logical router routing instance is specified N information for all interfaces is returned 9017214 Copyright O 2014 Juniper Networks Inc Related Documentation Chapter 4 Routing Instances If no routing instance is specified in the request the SNMP agent operates as before For nonrouting table objects all instances are exposed For routing table objects only those associated with the default routing instance are exposed e NOTE The actual protocol data units PDUs are still exchanged over the default inet O routing instance but the data contents returned are dictated by the routing instance specified in the request PDUs Trap Support for Routing Instances on page 87 Identifying a Routing Instance on page 85 Enabling SNMP Access over Routing Instances on page 161 e Specifying a Routing Instance in an SNMPvl or SNMPv2c Community
79. ospflfAuthFailure 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfVirtlfAuthFailure 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospflfRxBadPacket 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfVirtlfRxBadPacket 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfTxRetransmit 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfVirtlfTxRetransmit 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfMaxAgeLsa 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices Copyright 2014 Juniper Networks Inc Chapter 3 SNMP Traps Table 10 Standard Supported SNMP Version 1 Traps continued System Generic Logging Trap Severity Definedin Trap Name Enterprise ID Number Level Syslog Tag Supported On ospflfStateChange 1 3 6 1 2 1 14 16 2 6 16 M T MX J EX and SRX for branch devices RFC 2787 vrrpTrapNewMaster 1 3 6 1 2 1 68 6 1 Warning VRRPD NEW All devices running Definitions MASTER TRAP Junos OS of Managed eed f OK vrrpTrapAuthFailure 13612168 6 2 Warning VRRPD_AUTH_ All devices running e virtua FAILURE_TRAP Junos OS Router Redundancy Protocol Related Juniper Networks Enterprise Specific SNMP Traps on page 73 Documentation Standard SNMP Traps Supported on Devices Running Junos OS on page 73 Juniper Networ
80. packets are allowed include the target address statement at the edit snmp v3 hierarchy level edit snmp v3 target address target address name target address name is the string that identifies the target address To configure the target address properties include the following statements at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name address address address mask address mask logical system logical system port port number routing instance instance tag list tag list target parameters target parameters name This section includes the following topics Configuring the Address on page 148 Configuring the Address Mask on page 148 Configuring the Port on page 149 Configuring the Routing Instance on page 149 Configuring the Trap Target Address on page 149 Applying Target Parameters on page 150 Configuring the Address To configure the address include the address statement at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name address address address is the SNMP target address Configuring the Address Mask 148 The address mask specifies a set of addresses that are allowed to use a community string and verifies the source addresses for a group of target addresses To configure the address mask include the address mask statement at the edit
81. password can include alphabetic numeric and special characters but it cannot include control characters snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Encryption Type on page 130 Copyright O 2014 Juniper Networks Inc 239 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices privacy none Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation 240 LN Series M Series MX Series PTX Series OFX Series T Series privacy none edit snmp v3 usm local engine user username edit snmp v3 usm remote engine engine id user username Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure that no encryption be used for the SNMPv3 user snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Encryption Type on page 130 Copyright O 2014 Juniper Networks Inc privacy password Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements LN Series M Series MX Series PTX Series OFX Series T
82. seconds seconds is the length of the time between when the SNMP request is received and the commiit is requested for the candidate configuration For more information about the configure exclusive command and locking the configuration see the CL User Guide Configuring SNMP on a Device Running Junos OS on page 109 Configuration Statements at the edit snmp Hierarchy Level on page 192 Loading MIB Files to a Network Management System Supported Platforms 114 LN Series SRX Series For your network management system NMS to identify and understand the MIB objects used by the Junos OS you must first load the MIB files to your NMS using a MIB compiler A MIB compiler is a utility that parses the MIB information such as the MIB object name IDs and data type for the NMS You can download the Junos MIB package from the Enterprise Specific MIBs and Traps section of the Junos OS Technical Publications index page at http www juniper net techpubs software junos index html The Junos MIB package is available in zip and tar packages You can download the appropriate format based on your requirements Copyright O 2014 Juniper Networks Inc Chapter 8 SNMP The Junos MIB package contains two folders StandardMibs and JuniperMibs The StandardMibs folder contains the standard MIBs and RFCs that are supported on devices running the Junos OS whereas the JuniperMibs folder contains the Juniper Networks enterprise specific MIBs
83. security level privacy f notify view nv read view rv write view wv context prefix lr1 ril routing instance ril in logical system Ir security model usm f security level privacy notify view nv1 read view rv write view wv Copyright 2014 Juniper Networks Inc 159 160 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation group group2 default context prefix f security model usm f Define an SNMPv3 security model security level authentication f read view rv2 write view wv2 group group3 f default context prefix f security model vl f Define an SNMPv3 security model security level none f read view rv3 write view wv3 Configuring the Access Privileges Granted to a Group on page 156 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Copyright O 2014 Juniper Networks Inc CHAPTER 12 Routing Instances Enabling SNMP Access over Routing Instances on page 161 e Specifying a Routing Instance in an SNMPvl or SNMPv2c Community on page 161 Example Configuring Interface Settings for a Routing Instance on page 162 Configuring Access Lists for SNMP Access over Routing Instances on page 164 Enabling SNMP Access over Routing Instances Supported Platforms Related Documentation LN Series M Series MX Series PTX Series SRX Series T Serie
84. snmp mib walk jnxJsPolicySystemStats on page 326 show snmp mib walk jnxJsPolicySystemStatsIPv4 on page 326 show snmp mib walk jnxJsPolicySystemStatsTotalAllowIPv4Packets on page 326 Copyright O 2014 Juniper Networks Inc Chapter 22 Operational Commands Output Fields Table 25 on page 325 describes the output fields for the show snmp mib command Output fields are listed in the approximate order in which they appear Table 2 5 show snmp mib Output Fields Field Name Field Description name Object name and numeric instance value object value Object value The Junos OS translates OIDs into the corresponding object names Sample Output show snmp mib walk standalone user host gt show snmp mib walk jnxJsSPUMonitoringObjectsTable jnxJsSPUMonitoringFPCIndex 5 5 jnxJsSPUMonitoringSPUIndex 5 0 jnxJsSPUMonitoringCPUUsage 5 0 jnxJsSPUMonitoringMemoryUsage 5 61 jnxJsSPUMoni toringCurrentFlowSession 5 0 jnxJsSPUMonitoringMaxFlowSession 5 524288 jnxJsSPUMonitoringCurrentCPSession 5 0 jnxJsSPUMonitoringMaxCPSession 5 2359296 jnxJsSPUMonitoringNodeIndex 5 0 jnxJsSPU show snmp mib walk HA user swi jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU jnxJsSPU Copyright O 2014 Juniper
85. support to logical systems security profile through various MIBs defined under jnxLsysSecurityProfile For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx lsys securityprofile txt For more information about logical systems MIBs and downloadable versions of the MIBs see Logical Systems MIB NAT Objects MIB Provides support for monitoring network address translation NAT This MIB is currently supported by Junos OS for SRX Series devices only Fora downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx js nat txt For more information see NAT Objects MIB Packet Forwarding Engine MIB Provides notification statistics for Packet Forwarding Engines For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx pfe txt For more information see Packet Forwarding Engine MIB Copyright 2014 Juniper Networks Inc 25 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 26 Ping MIB Extends the standard Ping MIB control table RFC 2925 Items in this MIB are created when entries are created in pingCtlTable of the Ping MIB Each item is indexed exactly as it is in the Ping MIB For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs m
86. time a probe result is determined a pingProbeHistoryEntry is created and added to pingProbeHistoryTable pingProbeHistoryIndex of the new pingProbeHistoryEntry is 1 greater than the last pingProbeHistoryEntry added to pingProbeHistoryTable for that test pingProbeHistoryIndex is set to lif this is the first entry in the table The same test can be run multiple times so this index keeps growing If pingProbeHistoryIndex of the last pingProbeHistoryEntry added is OXFFFFFFFF the next pingProbeHistoryEntry added has pingProbeHistoryIndex set to 1 The following are recorded for each probe result pingProbeHistoryResponse Time to live TTL pingProbeHistoryStatus What happened and why pingProbeHistoryLastRC Return code RC value of ICMP packet pingProbeHistoryTime Timestamp when probe result was determined When a probe cannot be sent pingProbeHistoryResponse is set to O When a probe times OUt pingProbeHistoryResponse is set to the difference between the time when the probe was discovered to be timed out and the time when the probe was sent 306 Copyright O 2014 Juniper Networks Inc Generating Traps Chapter 21 Ping Tests For any trap to be generated the appropriate bit of pingCtlTrapGeneration must be set You must also configure a trap group to receive remote operations A trap is generated under the following conditions A pingProbeFailed trap is generated every time pingCtlTrapProbeFailureFilter number of
87. to all the targets configured for that trap group The community string in the trap matches the name of the trap group If nothing is configured all the trap groups are examined and traps are sent using each group with the rmon alarm category set description is a text string that identifies the entry The type variable of an event entry specifies where the event is to be logged You can specify the type as one of the following log Adds the event entry to the logTable log and trap Sends an SNMP trap and creates a log entry none Sends no notification snmptrap Sends an SNMP trap The default for the event entry type is log and trap Copyright O 2014 Juniper Networks Inc Chapter 16 Remote Monitoring Health Monitoring and Service Quality Related Understanding RMON Alarms and Events Configuration on page 177 Documentation Understanding RMON Alarms on page 97 Understanding RMON Events on page 99 Configuring an Alarm Entry and Its Attributes on page 178 Example Configuring an RMON Alarm and Event Entry on page 183 Example Configuring an RMON Alarm and Event Entry Supported Platforms LN Series M Series MX Series PTX Series T Series Configure an RMON alarm and event entry edit snmp rmon alarm 100 f description input traffic on fxpO falling event index 100 falling threshold 10000 interval 60 rising event index 100 rising threshold 100000 sample type delta value star
88. topics reference mibs mib jnx ipforward txt For more information see P Forward MIB IPsec Monitoring MIB Provides operational and statistical information related to the IPsec and IKE tunnels on Juniper Networks routers For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx ipsec monitor asp txt For more information see Psec Monitoring MIB Copyright 2014 Juniper Networks Inc 35 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 36 IPsec Generic Flow Monitoring Object MIB Based on jnx ipsec monitor mib this MIB provides support for monitoring IPsec and IPsec VPN management objects This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx ipsec flow mon txt For more information see Psec Generic Flow Monitoring Object MIB IPv4 MIB Provides additional Internet Protocol version 4 IPv4 address information supporting the assignment of identical IPv4 addresses to separate interfaces For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx ipv4 txt For more information see Pv4 MIB License MIB Extends SNMP support to licensing information and introduces SNMP traps that alert users when the licens
89. traceRouteTestFailed 1 3 6 1 2 1 81 0 6 2 Info SNMP_TRAP_ All devices running TRACE_ROUTE_ Junos OS TEST_FAILED traceRouteTestCompleted 1 3 6 1 2 1 81 0 6 3 Info SNMP_TRAP_ All devices running TRACE_ROUTE_ Junos OS TEST COMPLETED RMONAams EE f BEEN RFC2819a fallingAlarm 1 3 6 1 2 1 16 6 2 All devices running RMON MIB Junos OS risingAlarm 1 3 6 1 2 1 16 6 All devices running Junos OS Routing Notifications BGP 4 MIB bgpEstablished 1 3 6 1 2 1 15 7 6 1 M T MX J EX and SRX for branch devices bgpBackwardTransition 1 3 6 1 2 1 15 7 6 2 M T MX J EX and SRX for branch devices Copyright 2014 Juniper Networks Inc 75 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 10 Standard Supported SNMP Version 1 Traps continued Defined in OSPF TRAP MIB 76 Trap Name ospfVirtlfStateChange Enterprise ID 1 3 6 1 2 1 14 16 2 Generic Trap Number System Logging Severity Level Syslog Tag Supported On M T MX J EX and SRX for branch devices ospfNbrStateChange 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfVirtNbrStateChange 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospflfConfigError 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices ospfVirtlfConfigError 1 3 6 1 2 1 14 16 2 M T MX J EX and SRX for branch devices
90. 0 0 0 Switching GMPLS Label Switching Router LSR Management Information Base MIB read only access gmplsLabelTable and gmplsOutsegmentTable are not supported NOTE The tables in GMPLS TE RFC 4802 and LSR RFC 4803 MIBs are extensions of the corresponding tables from the MPLS TE RFC 3812 and LSR RFC 3813 MIBs and use the same index as the MPLS MIB tables 18 Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Table 3 Standard MIBs Supported on Devices Running Junos OS continued Platforms RFC 5643 Management Information Base for 1 1 O0 0 0 1 OSPFv3 NOTE Junos OS support for this MIB is read only Junos OS does not support the following tables and objects defined in this MIB e ospfv3HostTable e ospfv3CfgNbrTable e ospfv3ExitOverflowinterval e ospfv3ReferenceBandwidth e ospfv3RestartSupport e ospfv3RestartInterval e ospfv3RestartStrictL saChecking e ospfv3RestartStatus e ospfv3RestartAge ospfv3RestartExitReason ospfv3NotificationEnable e ospfv3StubRouterSupport e ospfv3StubRouterAdvertisement e ospfv3DiscontinuityTime e ospfv3RestartTime e ospfv3AreaNssatTranslatorRole e ospfv3AreaNssarTranslatorState e ospfv3AreaNssarTranslatorStablInterval e ospfv3AreaNssarTranslatorEvents e ospfv3AreaTEEnabled e ospfv3lfMetricValue e ospfv3lfDemandNbrProbe Internet Assigned Numbers Authority ANAiftype 1 1 1 1 1 1 0 O0 Textual Convention MIB referenced by RFC
91. 014 Juniper Networks Inc Chapter 22 Operational Commands Table 23 show snmp health monitor routing engine history Output Fields continued Field Name Field Description Configuration E ffective configuration of a resource interval Configured interval in seconds moderate threshold Percentage of moderate threshold level resource utilization high threshold Percentage of high threshold level resource utilization critical threshold Percentage of critical threshold level resource utilization action Configured action for a resource Usage Trail Displays the previous usage records Top daemon Li ist of processes with high resource utilization Growing daemons ist of processes with high incremental resource utilization from the previous sample Top files rc ist of large files in a partition Growing files ist of files in a partition that have gotten larger since the previous sample Resource name Name of the resource Latest event Displays the latest event associated with the resource The available events are Moderate Rising High Rising Critical Rising Moderate Falling High Falling Critical Falling Time elapsed Displays the time elapsed since the event occurred Action Displays the action associated with the resource The available actions are e Monitor e Prevent e Recover Sample Output show snmp health monitor routing engine
92. 014 Juniper Networks Inc 37 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js spu monitoring txt For more information see SPU Monitoring Objects MIB System Log MIB Enables notification of an SNMP trap based application when an important system log message occurs For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx syslog txt For more information see System Log MIB Traceroute MIB Supports the Junos OS extensions of traceroute and remote operations Items in this MIB are created when entries are created in the traceRouteCtlTable of the Traceroute MIB Each item is indexed exactly the same way as it is in the Traceroute MIB For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx traceroute txt For more information see Traceroute MIB Utility MIB Provides SNMP support for exposing Junos OS data and has tables that contain information about each type of data such as integer and string For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx util txt For more information see Utility MIB VPN Certificate Objects MIB Provides support for monitoring the local and CA
93. 104 RMON event entries sss 82 RMON events sse eren nennt nettnn 99 103 RMON Events and Alarms MIB 26 31 37 43 rmon statement essere rennen nentes 247 usage guidelines entes 03 routing instances access lists COMPMBSUNING MEET 64 SNMP enabling access seentnee 161 idlentifVIlig nece test teet ieorste cos 85 SDGCITyITIB renidet cette tto 161 routing instance statement Usage guidelines 2 cte 149 FOUTING INSTANCE ACCESS escscscsesesssessescsesessseseescseseseseeeees 25 S sample type statement 252 usage guidelines for alatis ei eerte mee eus 181 for events tette tentata 182 Security Interface Extension Objects VII RM 26 31 37 43 Security Screening Objects MIB 26 37 43 security level statement for access privileges usage guidelines for SNMP notifications 254 usage guidelines sene 52 security model statement for access privileges ssssne 255 usage guidelines sse 157 for groups usage guidelines for SNMP notifications sse 257 usage guidelines see 52 Copyright O 2014 Juniper Networks Inc security name statement for community string eene for security BIOUD i aae p een usage guidelines ne for SNMP notifi
94. 11 traceRouteCtlSourceAddressType 1 3 6 1 2 1 81 1 2 1 12 traceRouteCtlSourceAddress 1 3 6 1 2 1 81 1 2 1 13 traceRouteCtlifindex 1 3 6 1 2 1 81 1 2 1 14 traceRouteCtlMiscOptions 1 3 6 1 2 1 81 1 2 1 15 traceRouteCtlMaxFailure 1 3 6 1 2 1 81 1 2 1 16 traceRouteCtlDontFragment 1 3 6 1 2 1 81 1 2 1 17 traceRouteCtllnitial Ttl 1 3 6 1 2 1 81 1 2 1 18 traceRouteCtlFrequency 1 3 6 1 2 1 81 1 2 1 19 traceRouteCtlStorageType 1 3 6 1 2 1 81 1 2 1 20 traceRouteCtlAdminStatus 1 3 6 1 2 1 81 1 2 1 21 traceRouteCtlDescr 1 3 6 1 2 1 81 1 2 1 22 traceRouteCtIMaxRows 1 3 6 1 2 1 81 1 2 1 23 traceRouteCtlTrapGeneration 1 3 6 1 2 1 81 1 2 1 24 traceRouteCtlCreateHopEntries 1 3 6 1 2 1 81 1 2 1 25 traceRouteCtlType 1 3 6 1 2 1 81 1 2 1 26 traceRouteCtlRowStatus 1 3 6 1 2 1 81 1 2 1 27 Enterprise Specific PING MIB jnxPingCtllfName 1 3 6 1 4 1 2636 3 71 2 1 3 jnxPingCtlRoutinglflndex 1 3 6 1 4 1 2636 3 7 1 2 1 4 jnxPingCtlRoutinglfName 1 3 6 1 4 1 2636 3 71 2 1 5 jnxPingCtlRoutinglnstanceName 1 3 6 1 4 1 2636 3 71 2 1 6 jnxPingCtlRttThreshold 1 3 6 1 4 1 2636 3 71 2 1 7 66 Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Object Name Object Identifier jnxPingCtlRttStdDevThreshold 1 3 6 1 4 1 2636 3 71 2 1 8 jnxPingCtlRttJitterThreshold 1 3 6 1 4 1 2636 3 7 1 2 1 9
95. 3 6 1 2 1 80 1 2 1 9 pingCtlFrequency 1 3 6 1 2 1 80 1 2 1 10 pingCtlMaxRows 1 3 6 1 2 1 80 1 2 1 11 pingCtlStorageType 1 3 6 1 2 1 80 1 2 1 12 pingCtlTrapGeneration 1 3 6 1 2 1 80 1 2 1 13 pingCtlTrapProbeFailureFilter 1 3 6 1 2 1 80 1 2 1 14 pingCtlTrapTestFailureFilter 1 3 6 1 2 1 80 1 2 1 15 pingCtlType 1 3 6 1 2 1 80 1 2 1 16 pingCtlDescr 1 3 6 1 2 1 80 1 2 1 17 pingCtlSourceAddressType 1 3 6 1 2 1 80 1 2 1 18 pingCtlSourceAddress 1 3 6 1 2 1 80 1 2 1 19 pingCtllflndex 1 3 6 1 2 1 80 1 2 1 20 pingCtlByPassRouteTable 1 3 6 1 2 1 80 1 2 1 21 pingCtlDSField 1 3 6 1 2 1 80 1 2 1 22 pingCtlRowStatus 1 3 6 1 2 1 80 1 2 1 23 RFC 2925B traceRouteMaxConcurrentRequests 1 3 6 1 2 1 81 1 1 traceRouteCtlTargetAddressType 1 3 6 1 2 1 81 1 2 1 3 traceRouteCtlTargetAddress 1 3 6 1 2 1 81 1 2 1 4 traceRouteCtlByPassRouteTable 1 3 6 1 2 1 81 1 2 1 5 traceRouteCtlDataSize 1 3 6 1 2 1 81 1 2 1 6 traceRouteCtlTimeOut 1 3 6 1 2 1 81 1 2 1 7 traceRouteCtlProbesPerHop 1 3 6 1 2 1 81 1 2 1 8 traceRouteCtlPort 1 3 6 1 2 1 81 1 2 1 9 Copyright O 2014 Juniper Networks Inc 65 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Object Name Object Identifier traceRouteCtlMaxTtl 1 3 6 1 2 1 81 1 2 1 10 traceRouteCtlDSField 1 3 6 1 2 1 81 1 2 1
96. 6 1 3 6 1 4 1 2636 3 31 1 1 1 1 16 absolute value rising alarm Health Monitor md3 jail mfs utilization Health Monitor active seconds jnxHrStoragePercentUsed 15 1 3 6 1 4 1 2636 3 31 1 1 1 1 15 absolute value rising alarm Health Monitor md2 mfs var run utm utilization Health Monitor active seconds sysApplEImtRunMemory 5 1 3 6 1 2 1 54 1 2 3 1 10 5 absolute value rising alarm Health Monitor usage Health Monitor active seconds jroute daemon memory Instance Name sysApplElImtRunMemory 5 5 1258 Instance Description Routing protocols process Copyright O 2014 Juniper Networks Inc 315 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Instance Value 51452 Instance State active Instance Name sysApplElmtRunMemory 5 6 1255 Instance Description Management process Instance Value 38284 Instance State active Instance Name sysApplElImtRunMemory 5 6 3816 Instance Description Management process Instance Value 38352 Instance State active Instance Name sysApplElImtRunMemory 5 8 3815 Instance Description Command line interface Instance Value 49108 Instance State active show snmp health monitor alarms brief user host gt show snmp health monitor alarms brief 32791 Health Monitor RE O0 memory utilization jnxOperatingBuffer 9 1 0 0 52 active 32792 Health Monitor Max Kernel Memory Used jnxBoxKernelMemoryUsedPercent 0O 3 active 32793 Health Monitor jro
97. 650 Junos OS supports the following enterprise specific MIBs Structure of Management Information MIB Contains object identifiers OIDs for the security branch of the MIBs used in Junos OS for SRX Series devices product services and traps This MIB is currently supported only by Junos OS for SRX Series devices It also explains how the Juniper Networks enterprise specific MIBs are structured For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx js smi txt For more information see Structure of Management Information MIB Access Authentication Objects MIB Provides support for monitoring firewall authentication including data about the users trying to access firewall protected resources and the firewall authentication service itself This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx js auth txt For more information see Access Authentication Objects MIB Alarm MIB Provides support for alarms from the router For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx chassis alarm txt For more information see Alarm MIB BGP4 V2 MIB Contains objects used to monitor BGP peer received prefix counters It is based upon similar objects in the
98. 8 This section describes the following topics related to this configuration Configuring the Notify View on page 158 Configuring the Read View on page 158 Configuring the Write View on page 159 Configuring the Notify View To associate notify access with an SNMP user group include the notify view statement atthe edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm vl v2c security level authentication none privacy hierarchy level edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy notify view view name view name specifies the notify access which is a list of notifications that can be sent to each user in an SNMP group A view name cannot exceed 32 characters Configuring the Read View To associate a read view with an SNMP group include the read view statement at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm vl v2c security level authentication none privacy hierarchy level edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy read view view name Copyright O 2014 Juni
99. 807 Copyright O 2014 Juniper Networks Inc PFE rel Subscri Subscri Web man Applica IDP pol Shared System Network Wireles Wireles Health jnxFruT Health hrSyste Health jnxHrSy Health jnxFwdd Health jnxFwdd Health jnxFwdd Health jnxFwdd Chapter 22 Operational Commands ay process 8044 active ber management process 17852 active ber management helper process 21076 active agement gatekeeper process 12820 active tion identification process 18328 active icy daemon 30188 active memory routing socket message database process 15672 active Health Management Daemon 15004 active security trace daemon 10400 active S WAN process 15016 active S LAN service process 13936 active Monitor RE Temperature emp 9 1 0 0 5 active Monitor RE Process count usage mProcesses 0 123 moderate threshold Monitor RE Open file Descriptor count stemOpenFiles O 738 active Monitor FWDD Micro Kernel threads total CPU Utilization MicroKernelCPUUsage 0 11 active Monitor FWDD Real Time threads total CPU Utilization RtThreadsCPUUsage 0 0 active Monitor FWDD DMA Memory utilization DmaMemUsage 0 1 active Monitor FWDD Heap utilization HeapUsage 0 39 active 317 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices show snmp health monitor routing engine history Supported Platforms Syntax Release Information Description Options Required Privilege Level Related Documen
100. Configuring SNMP on a Device Running Junos OS on page 109 Configuration Statements at the edit snmp Hierarchy Level on page 192 Standard SNMP MIBs Supported by Junos OS Supported Platforms LN Series SRX Series Table 3 on page 7 contains the list of standard SNMP MIBs and RFCs that are supported on various devices running Junos OS RFCs can be found at http www etf org e NOTE In this table a value of 1 in any of the platform columns M T J MX EX and SRX denotes that the corresponding MIB is supported on that particular platform and a value of O denotes that the MIB is not supported on the platform MIB RFC IEEE 802 lab section 12 1 Link Layer Discovery O0 O0 O0 O0 1 O0 Protocol LLDP MIB Supported tables and objects lildpRemManAddrOID lidpLocManAddrOID UldpReinitDelay lldpNotificationInterval lidpStatsRxPortFramesDiscardedTotal lldpStatsRxPortFramesError lldpStatsRxPortTLVsDiscardedTotal UldpStatsRxPortTLVsUnrecognizedTotal UldpStatsRxPortAgeoutsTotal Copyright 2014 Juniper Networks Inc 7 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 3 Standard MIBs Supported on Devices Running Junos OS continued Platforms MIB RFC J MX EX ton ren Hahn IEEE 802 3ad Aggregation of Multiple Link 1 1 1 1 1 1 1 1 Segments Supported tables and objects dot3adAggPortTable dot3adAggPortListTable dot3adAggTable and dot3adAggPortStatsTable NOTE
101. Delay 65 O Understanding SNMP Support for Routing Instances on page 86 e Specifying a Routing Instance in an SNMPvl or SNMPv2c Community on page 161 Configuring Access Lists for SNMP Access over Routing Instances Supported Platforms 164 Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series You can create and maintain access lists to manage access to SNMP information Access list configuration enables you to allow or deny SNMP access to clients of a specific routing instance The following example shows how to create an access list edit snmp routing instance access access list f ril restrict ls1 default ls1 ri2 ls1 The configuration given in the example e Restricts clients in ril from accessing SNMP information Allows clients in ls1 default ls1 ri2 and all other routing instances with names starting with Isl to access SNMP information You can use the wildcard character to represent a string in the routing instance name NOTE You cannot restrict the SNMP manager of the default routing instance from accessing SNMP information Understanding SNMP Support for Routing Instances on page 86 Enabling SNMP Access over Routing Instances on page 161 e Specifying a Routing Instance in an SNMPvl or SNMPv2c Community on page 161 Copyright O 2014 Juniper Networks Inc CHAPTER 13 Community Strings Configuring the SNMP Community String on pag
102. Documentation 202 Copyright 2014 Juniper Networks Inc Chapter 17 Configuration Statements authentication password Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation LN Series M Series MX Series PTX Series OFX Series T Series authentication password authentication password edit snmp v3 usm local engine user username authentication md5 edit snmp v3 usm local engine user username authentication sha edit snmp v3 usm remote engine engine id user username authentication md5 edit snmp v3 usm remote engine engine id user username authentication sha Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure the password for user authentication authentication password Password that a user enters The password is then converted into a key that is used for authentication SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring MD5 Authentication on
103. E Ed a 3 Table 3 Standard MIBs Supported on Devices Running Junos OS 7 Table 4 Enterprise Specific MIBs and Supported Devices 5 45 Table 5 MIB Support for Routing Instances Juniper Networks MIBs 54 Table 6 Class 1 MIB Objects Standard and Juniper MIBs 57 Table 7 Class 2 MIB Objects Standard and Juniper MIBs 61 Table 8 Class 3 MIB Objects Standard and Juniper MIBS 62 Table 9 Class 4 MIB Objects Standard and Juniper MIBs 63 SNMP Traps eura ois e teens dot ettet a M Dae E ei dd 73 Table 10 Standard Supported SNMP Version Traps 74 Table 11 Standard Supported SNMP Version 2 Traps sseeeeees 78 Table 12 Unsupported Standard SNMP Traps e eee eee eee 82 Device Management oc hem tur rx mnm menn mre Re m RN IL e 89 Table 13 Device Management Features in Junos OS 2 2 0 ee 90 Remote Monitoring Health Monitoring and Service Quality 97 Table 14 RMON Event Table 0 0 cece ee nee 103 Table 15 RMON Alarm Table 0 eee eee 104 Table 16 jnxRmon Alarm Extensions eee RR 104 Configuration Remote Monitoring Health Monitoring and Service Quality 177 Table 17 Monitored Object Instances sse 184 Administration Tracing ACtIVity os siue d niera iaid Ena Rom RR Ere R RU IUE QANES da aS d 297 Table 18 SNMP Tracing Flags lille 299 PINS TEStSi
104. Extends the hrStorageTable object providing a measure of the usage of each file system on the router in percentage Previously the objects in the hrStorageTable measured the usage in allocation units hrStorageUsed and hrStorageAllocationUnits only Using the percentage measurement you can more easily monitor and apply thresholds on usage For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx hostresources txt For more information see Host Resources MIB Interface MIB Extends the standard if Table RFC 2863 with additional statistics and Juniper Networks enterprise specific chassis information For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx if extensions txt For more information see nterface MIB IP Forward MIB Extends the standard IP Forwarding Table MIB RFC 2096 to include CIDR forwarding information For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx ipforward txt For more information see P Forward MIB IPsec Generic Flow Monitoring Object MIB Based on jnx ipsec monitor mib this MIB provides support for monitoring IPsec and IPsec VPN management objects This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www junipe
105. ID prefix and suffix The prefix is formatted according to the specifications defined in RFC 3411 An Architecture for Describing Simple Network Management Protocol SNMP Management Frameworks You can configure the suffix here NOTE SNMPv3 authentication and encryption keys are generated based on the associated passwords and the engine ID If you configure or change the engine ID you must commit the new engine ID before you configure SNMPv3 users Otherwise the keys generated from the configured passwords are based on the previous engine ID For the engine ID we recommend using the master IP address of the device if the device has multiple routing engines and has the master IP address configured Alternatively you can use the MAC address of the management port if the device has only one Routing Engine Copyright O 2014 Juniper Networks Inc Related Documentation Chapter 8 SNMP Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Example SNMPv3 Configuration on page 124 Configuring SNMP Informs Supported Platforms Related Documentation LN Series M Series MX Series PTX Series OFX Series SRX Series T Series Junos OS supports two types of notifications traps and informs With traps the receiver does not send any acknowledgment when it receives a trap Therefore the sender cannot determine if the trap was received A trap m
106. Instances on page 161 Copyright O 2014 Juniper Networks Inc 25 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices sample type Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 252 EX Series LN Series M Series MX Series T Series sample type absolute value delta value edit snmp rmon alarm index Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Method of sampling the selected variable absolute value Actual value of the selected variable is used when comparing against the thresholds delta value Difference between samples of the selected variable is used when comparing against the thresholds snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Sample Type on page 181 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements security level Defining Access Privileges Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series QFX Series T Series security level authentication none privacy f notify view view name read view view name write view view name
107. JUNIP EL NETWORKS Junos OS SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 121X47 D10 Published 2014 12 15 Copyright 2014 Juniper Networks Inc Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale California 94089 USA 408 745 2000 www juniper net Juniper Networks Junos Steel Belted Radius NetScreen and ScreenOS are registered trademarks of Juniper Networks Inc in the United States and other countries The Juniper Networks Logo the Junos logo and JunosE are trademarks of Juniper Networks Inc All other trademarks service marks registered trademarks or registered service marks are the property of their respective owners Juniper Networks assumes no responsibility for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice Junos OS SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 12 1X47 D10 Copyright 2014 Juniper Networks Inc All rights reserved The information in this document is current as of the date on the title page YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant Junos OS has no known time related limitations through the year 2038 However the NTP application is known to have some difficulty in the year 2036 END USER LICENSE AGREEMENT The Juniper Networks product that is th
108. Juniper Networks Enterprise Specific MIBs on page 21 List of SRXIOO SRX210 SRX220 SRX240 SRX550 and SRX650 Services Gateways Supported Enterprise Specific MIBs on page 28 e List of SRX1400 SRX3400 and SRX3600 Services Gateways Supported Enterprise Specific MIBs on page 33 List of SRX5400 SRX5600 and SRX5800 Services Gateways Supported Enterprise Specific MIBs on page 38 Enterprise Specific MIBs and Supported Devices on page 44 MIB Support Details on page 54 SNMP MIB Objects Supported by Junos OS for the Set Operation on page 63 Understanding the SNMP Implementation in Junos OS Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series SNMP enables the monitoring of network devices from a central location This topic provides an overview of SNMP and describes how SNMP is implemented in the Junos OS This topic includes the following sections SNMP Architecture on page 3 Junos OS SNMP Agent Features on page 6 SNMP Architecture The SNMP agent exchanges network management information with SNMP manager software running on a network management system NMS or host The agent responds torequests for information and actions from the manager The agent also controls access to the agent s MIB the collection of objects that can be viewed or changed by the SNMP manager The SNMP manager collects information about network connectivity activity and events by polling managed devices SN
109. LN Series M Series MX Series PTX Series T Series alarm index description description falling event index index falling threshold integer falling threshold interval seconds interval seconds request type get next request get request walk request rising event index index rising threshold integer sample type absolute value delta value startup alarm falling alarm rising alarm rising or falling alarm syslog subtag syslog subtag variable o d variable edit snmp rmon Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure RMON alarm entries index l dentifies this alarm entry as an integer The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring an Alarm Entry and Its Attributes on page 178 event on page 216 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements authentication md5 Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation LN Series M Series MX Series PTX Series OFX Series T Series authentication md5 f authentication password authentication password edit snmp v3 usm local engine user username edit snmp v3 usm remote engine engine id user username Statemen
110. MIB Views on page 118 Configuring the Write View on page 159 Copyright O 2014 Juniper Networks Inc 285 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 286 Copyright O 2014 Juniper Networks Inc PART 3 Administration SNMP Traps on page 289 Remote Operations on page 293 Tracing Activity on page 297 Ping Tests on page 303 Operational Commands on page 311 Copyright O 2014 Juniper Networks Inc 287 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 288 Copyright O 2014 Juniper Networks Inc CHAPTER 18 SNMP Traps Managing Traps and Informs on page 289 Managing Traps and Informs Supported Platforms M Series MX Series SRX Series T Series The following sections contain a few tips on managing SNMP notifications Generating Traps Based on SysLog Events on page 289 Filtering Traps Based on the Trap Category on page 290 Filtering Traps Based on the Object Identifier on page 290 Generating Traps Based on SysLog Events Generating Traps Based on SysLog Events Event policies can include an action that raises traps for events based on system log messages This feature enables notification of an SNMP trap based application when an important system log message occurs You can convert any system log message for which there is no corresponding trap into a trap If you are using network management system traps rather than system
111. MP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Communication between the agent and the manager occurs in one of the following forms Get GetBulk and GetNext requests The manager requests information from the agent the agent returns the information in a Get response message Setrequests The manager changes the value of a MIB object controlled by the agent the agent indicates status in a Set response message Traps notification The agent sends traps to notify the manager of significant events that occur on the network device This topic contains the following sections e SNMP MIBs on page 4 SNMP Traps and Informs on page 4 SNMP MIBs A MIB is a hierarchy of information used to define managed objects in a network device The MIB structure is based ona tree structure which defines a grouping of objects into related sets Each object in the MIB is associated with an object identifier OID which names the object The leaf in the tree structure is the actual managed object instance which represents a resource event or activity that occurs in your network device MIBs are either standard or enterprise specific Standard MIBs are created by the Internet Engineering Task Force IETF and documented in various RFCs Depending on the vendor many standard MIBs are delivered with the NMS software You can also download the standard MIBs from the IETF website www ietf org and compile them i
112. Mibs 3 Class 3 Objects are exposed only for the default logical system jnxBoxAnatomy 1 mpls 2 Class 2 All instances within a logical system are exposed Data will not be segregated down to the routing instance level if nx 3 Class 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxAlarms 4 Class 3 Objects are exposed only for the default logical system jnxFirewalls 5 Class 4 Data is not segregated by routing instance Allinstances are exposed jnxDCUs 6 Class 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxPingMIB 7 Class 3 Objects are exposed only for the default logical system jnxTraceRouteMIB 8 Class 3 Objects are exposed only for the default logical system jnxATM 10 Class 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxlpv6 11 Class 4 Data is not segregated by routing instance Allinstances are exposed 54 Copyright 2014 Juniper Networks Inc Chapter 1 SNMP Table 5 MIB Support for Routing Instances Juniper Networks MIBs continued 8 eJ Told Support Class Description Notes jnxlpv4 12 Class 1 jnxlpv4AddrTable 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance a
113. Objects MIB Provides support for monitoring SNMP IDP queries requests responses and failures This MIB defines the key monitoring and threshold crossing trap support IDP database update status and trap support attack related monitoring and trap support for SRXIOO SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 Services Gateways This MIB models IDP attributes specific to the appropriate Juniper Networks implementation For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx js idp txt For more information see SNMP IDP MIB System Log MIB Enables notification of an SNMP trap based application when an important system log message occurs For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx syslog txt For more information see System Log MIB Traceroute MIB Supports the Junos extensions of traceroute and remote operations Items in this MIB are created when entries are created in the traceRouteCtlTable of the Traceroute MIB Each item is indexed exactly the same way as it is in the Traceroute MIB For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx traceroute txt For more information see Traceroute MIB Utility MIB Provides SNMP support for exposing Junos data and has tables that contain informati
114. Off general Log general events Off interface stats Log physical and logical interface statistics Off Copyright O 2014 Juniper Networks Inc 299 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 18 SNMP Tracing Flags continued Flag Description Default Setting nonvolatile set Log nonvolatile SNMP set request handling Off pdu Log SNMP request and response packets Off policy Log policy processing Off protocol timeouts Log SNMP response timeouts Off routing socket Log routing socket calls Off server Log communication with processes that are Off generating events subagent Log subagent restarts Off timer Log internal timer events Off varbind error Log variable binding errors Off To display the end of the log for an agent issue the show log agentd last operational mode command edit user host run show log agentd last where agent is the name of an SNMP agent Related Configuring SNMP on a Device Running Junos OS on page 109 Documentation Configuration Statements at the edit snmp Hierarchy Level on page 192 Example Tracing SNMP Activity on page 300 Example Tracing SNMP Activity Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Trace information about SNMP packets edit snmp traceoptions file size 10k files 5 flag pdu flag protocol timeouts flag varbind error 300 Copyright
115. PUNO OWE se seg oo exc A cs TORT EEEE EEE gus Bea Sede See Aa yy acieesre nee a 269 HaACCODUONS EET ETIN TIE 270 CAD STOO seine asta be Eoo soe dclcD ade esa ddr dace cata ae Ae eo atte Edo S Naro TUE a ok 272 HAD ODUONS tude ohehuia toned Deana a a no anneal AN Bite tan qst 273 a S T E EE E EEES EATE TET A E E E E EE E EE SA 274 oA ETU M MMVITT 2 5 USB as euieigbe aids au GDS GO AG AGE add Coe exqd OSH G0 ROIS RE Ae 276 ISU x dh ay topo Savas hod grea E E EE ESEE TEET EN E E elec Sd aes 277 VY Bob entis ba SR S OA S NUT ei SS Ruhe Cie sS der ESE DOSE ERED RE 279 YAE ss piriana a e a a ar E D a eai e Eai eai E a EET 281 VEREIN ET ache com aS I eee EN E O TE E EE A oe bea TEE 282 VERSION 2 53 mpra oi E E dde ad a a a a E E EE 282 view Associating a MIB View with a Community 00 000 eee 283 view Configuring a MIB View lle RII 284 i2 c c 285 Part 3 Administration Chapter 18 SNMP map uum tae s do ra md E dme d esM Pede E E E E Ee 289 Managing Traps and INforms xiu xum RR x EE RETIRER Ex 289 Generating Traps Based on SysLog EventS 0 e eee 289 Filtering Traps Based on the Trap Category n s 20 000 ee 290 Filtering Traps Based on the Object Identifier 000 290 Chapter 19 Remote Operations nae iar I prc tdadtedabs EE URS ERE REUS 293 Using the Ping MIB for Remote Monitoring Devices Running Junos OS 293 Configuring the Remote Engine and Remote U
116. Protocol VRRP events such as new master or authentication failures If you include SONET SDH subcategories only those SONET SDH trap alarm types are included in trap notifications The version statement allows you to specify the SNMP version of the traps sent to targets of the trap group If you specify v1 only SNMPVvI traps are sent If you specify v2 only SNMPv2 traps are sent If you specify all both an SNMPv1 and an SNMPv2 trap are sent for every trap condition For more information about the version statement see version Copyright O 2014 Juniper Networks Inc 143 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 144 Configuring SNMP Trap Options on page 137 Configuring SNMP on a Device Running Junos OS on page 109 Configuration Statements at the edit snmp Hierarchy Level on page 192 Example Configuring SNMP Trap Groups on page 147 Configuring SNMP Trap Options and Groups on a Device Running Junos OS Supported Platforms 144 Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series Some carriers have more than one trap receiver that forwards traps to a central NMS This allows for more than one path for SNMP traps from a router to the central NMS through different trap receivers A device running Junos OS can be configured to send the sa
117. Psec and IPsec VPN management objects for Juniper security product lines This MIB is an extension of jnx ipsec flow mon mib This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx js ipsec vpn txt For more information see Psec VPN Objects MIB Pv4 MIB Provides additional Internet Protocol version 4 IPv4 address information supporting the assignment of identical IPv4 addresses to separate interfaces For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx ipv4 txt For more information see Pv4 MIB IPv6 and ICMPv6 MIB Provides IPv6 and Internet Control Message Protocol version 6 ICMPv6 statistics For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx ipv6 txt For more information see Pv6 MIB License MIB Extends SNMP support to licensing information and introduces SNMP traps that alert users when the licenses are about to expire expire or when the total number of users exceeds the number specified in the license For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx license txt For more information see License MIB Logical Systems MIBs Extend SNMP
118. RUE 303 Table 19 Results in pingProbeHistoryTable After the First Ping Test 308 Table 20 Results in pingProbeHistoryTable After the First Probe of the Second TEST DP 308 Table 21 Results in pingProbeHistoryTable After the Second Ping Test 308 Copyright O 2014 Juniper Networks Inc xiii SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices xiv Chapter 22 Operational Commands 311 Table 22 show snmp health monitor Output FieldS nanana anaana aaaea 312 Table 23 show snmp health monitor routing engine history Output Fields 318 Table 24 show snmp health monitor routing engine status Output Fields 322 Table 25 show snmp mib Output Fields lees 325 Copyright O 2014 Juniper Networks Inc About the Documentation Documentation and Release Notes on page xv Supported Platforms on page xv Using the Examples in This Manual on page xv Documentation Conventions on page xvii Documentation Feedback on page xix Requesting Technical Support on page xix Documentation and Release Notes To obtain the most current version of all Juniper Networks technical documentation see the product documentation page on the Juniper Networks website at http www juniper net techpubs If the information in the latest release notes differs from the information in the documentation follow the product Release Notes Juniper Networks B
119. Release 11 1 for the QFX Series Configure the type of SNMP notification inform Defines the type of notification as an inform SNMP informs are confirmed notifications trap Defines the type of notification as a trap SNMP traps are unconfirmed notifications snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SNMP Informs on page 121 Configuring the SNMPv3 Trap Notification on page 146 Copyright O 2014 Juniper Networks Inc type Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series type type edit snmp rmon event index Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Type of notification generated when a threshold is crossed type Type of notification log Add an entry to logTable log and trap Send an SNMP trap and make a log entry e none No notifications are sent snmptrap Send an SNMP trap Default log and trap snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring an Event Entry and Its Attributes on page 182 Copyright O 2014 Juniper Networks Inc 275 SNMP MIBs and
120. Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure the SNMP community community index Optional String that identifies an SNMP community The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the SNMPv3 Community on page 168 Copyright O 2014 Juniper Networks Inc 263 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices startup alarm Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 264 EX Series LN Series M Series MX Series PTX Series T Series startup alarm falling alarm rising alarm rising or falling alarm edit snmp rmon alarm index Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches The alarm that can be sent upon entry startup falling alarm Generated if the first sample after the alarm entry becornes active is less than or equal to the falling threshold rising alarm Generated if the first sample after the alarm entry becomes active is greater than or equal to the rising threshold rising or falling alarm Generated if the first sample after the alarm entry becomes active satisfies either of the corresponding thresholds Default rising or
121. Required Privilege Level Related Documentation 242 EX Series LN Series M Series MX Series PTX Series OFX Series T Series read view view name edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm vl v2c security level authentication none privacy Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Associate the read only view with a community for SNMPv1 or SNMPv2c clients or a group name for SNMPv3 clients view name The name of the view to which the SNMP user group has access snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Read View on page 158 Configuring MIB Views on page 118 Copyright O 2014 Juniper Networks Inc remote engine Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements LN Series M Series MX Series PTX Series OFX Series T Series remote engine engine id user username 1 authentication md5 f authentication password authentication password authentication none authentication sha authentication password authentication password privacy ae
122. Routing Instances on page 86 MIB Support Details on page 54 Copyright O 2014 Juniper Networks Inc 87 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 88 Copyright O 2014 Juniper Networks Inc CHAPTER 5 Device Management Understanding Device Management Functions in Junos OS on page 89 Understanding the Integrated Local Management Interface on page 91 Understanding Device Management Functions in Junos OS Supported Platforms LN Series SRX Series After you have installed a device into your network you need to manage the device within your network Device management can be divided into five tasks Fault management Monitor the device detect and fix faults Configuration management Configure device attributes Accounting management Collect statistics for accounting purposes Performance management Monitor and adjust device performance Security management Control device access and authenticate users The Junos OS network management features work in conjunction with an operations support system OSS to manage the devices within the network Junos OS can assist you in performing these management tasks as described in Table 13 on page 90 Copyright O 2014 Juniper Networks Inc 89 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 13 Device Management Features in Junos OS Task Junos OS Feature Fault management Monitor
123. SPUMonitoringNodeDescr 44 nodel jnxJsSPUMonitoringNodeDescr 45 nodel show snmp mib walk jnxJsPolicySystemStats user host gt show snmp mib walk jnxJsPolicySystemStats jnxJsPolicySystemStatsTotalAl lowIPv4Packets 0 10347 jnxJsPolicySystemStatsTotalAllowIPv4Bytes 0 94053327 jnxJsPolicySystemStatsTotalAllowIPv4PacketsRate 0 21 jnxJsPolicySystemStatsTotalAllowIPv4BytesRate 0 1012 jnxJsPolicySystemStatsTotalDropIPv4Packets 0 257 jnxJsPolicySystemStatsTotalDropIPv4Bytes 0 40298 jnxJsPolicySystemStatsTotalDropIPv4PacketsRate 0 0 jnxJsPolicySystemStatsTotalDropIPv4BytesRate 0 0 jnxJsPolicySystemStatsTotalAllowIPv4Flows 0 1 jnxJsPolicySystemStatsTotalAllowIPv4FlowsRate O jnxJsPolicySystemStatsTotalAl lowIPv6Packets 0 0 jnxJsPolicySystemStatsTotalAl lowIPv6Bytes 0 0 jnxJsPolicySystemStatsTotalAl lowIPv6PacketsRate 0 jnxJsPolicySystemStatsTotalAl lowIPv6BytesRate 0 jnxJsPolicySystemStatsTotalDropIPv6Packets 0 0 jnxJsPolicySystemStatsTotalDropIPv6 Bytes 0 0 jnxJsPolicySystemStatsTotalDropIPv6PacketsRate 0 jnxJsPolicySystemStatsTotalDropIPv6BytesRate 0 0 jnxJsPolicySystemStatsTotalAllowIPv6Flows 0 0 jnxJsPolicySystemStatsTotalAllowIPv6FlowsRate 0 0 jnxJsPolicySystemStatsEnabled O 1 Il o I ll o 0 show snmp mib walk jnxJsPolicySystemStatsIPv4 user host gt show snmp mib walk jnxJsPolicySystemStatsIPv4 jnxJsPolicySystemStatsTotalAl lowIPv4Packets 0 10347 jnxJsPolicySystemStatsTotalAllowIPv4Byte
124. Series privacy password privacy password edit snmp v3 usm local engine user username privacy 3des edit snmp v3 usm local engine user username privacy aes128 edit snmp v3 usm local engine user username privacy des edit snmp v3 usm remote engine engine id user username privacy 3des edit snmp v3 usm remote engine engine id user username privacy aes128 edit snmp v3 usm remote engine engine id user username privacy des Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure a privacy password for the SNMPv3 user privacy password Password that a user enters The password is then converted into a key that is used for encryption SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Encryption Type on page 130 Copyright O 2014 Juniper Networks Inc 241 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices read view Supported Platforms Syntax Hierarchy Level Release Information Description Options
125. T Series To assign security names to groups include the following statements at the edit snmp v3 vacm security to group hierarchy level edit snmp v3 vacm security to group security model usm vl v2c security name security name 1 group group name This topic includes the following sections Configuring the Security Model on page 132 Assigning Security Names to Groups on page 132 Configuring the Group on page 133 Configuring the Security Model To configure the security model include the security model statement at the edit snmp v3 vacm security to group hierarchy level edit snmp v3 vacm security to group security model usm v1 v2c e usm SNMPVv3 security model vI SNMPvI security model v2c SNMPv2 security model Assigning Security Names to Groups 132 To associate a security name with an SNMPv3 user ora vl or v2 community string include the security name statement at the edit snmp v3 vacm security to group security model usm v1 v2c hierarchy level edit snmp v3 vacm security to group security model usm vl v2c security name security name For SNMPv3 the security name is the username configured at the edit snmp v3 usm local engine user username hierarchy level For SNMPv1 and SNMPv2c the security name is the community string configured at the edit snmp v3 snmp community community index hierarchy level For information about configuring usernames see C
126. TableAggStatsTable jnx coll mib jnxCollectorMIB Examples jnxCollPiclfTable jnxCollFileEntry Table 7 on page 61 shows Class 2 MIB objects standard and enterprise specific MIBs supported by Junos OS With Class 2 objects all instances within a logical system are exposed Data will not be segregated down to the routing instance level Copyright 2014 Juniper Networks Inc Chapter 1 SNMP Table 7 Class 2 MIB Objects Standard and Juniper MIBs Class MIB 8 0 feats Class 2 rfc3813 mib mplsLsrStdMIB Examples mplsinterfaceTable mplsinSegmentTable mplsOutSegmentTable mplsLabelStackTable mplsXCTable and related MIB objects igmpmib mib igmpStdMIB I3vpnmib mib mplsVpnmib jnx mpls mib Example mplsLspList jnx ldp mib jnxLdp Example jnxLdpStatsTable jnx vpn mib jnxVpnMIB jnx bgpmib2 mib jnxBgpM2Experiment Table 8 on page 62 shows Class 3 MIB objects standard and enterprise specific MIBs supported by Junos OS With Class 3 objects are exposed only for the default logical system Copyright 2014 Juniper Networks Inc 61 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 8 Class 3 MIB Objects Standard and Juniper MIBs Class MIB 9 o feats Class 3 rfc2819a mib rmonEvents alarmTable logTable eventTable agentxMIB rfc2925a mib pingmib rfc2925b mib tracerouteMIB jnxchassis mib jnxBoxAnatomy jnx chass
127. Target Address on page 149 type inform is the type of notification target address target address name identifies the target address The target address defines a management application s address and parameters that are used to respond to informs timeout seconds is the number of seconds to wait for an acknowledgment If no acknowledgment is received within the timeout period the inform is retransmitted The default timeout is 15 seconds retry count number is the maximum number of times an inform is transmitted if no acknowledgment is received The default is 3 If no acknowledgment is received after the inform is transmitted the maximum number of times the inform message is discarded message processing model defines which version of SNMP to use when SNMP notifications are generated Informs require a va message processing model security model defines the security model to use when SNMP notifications are generated Informs require a usm security model security level specifies whether the inform is authenticated and encrypted before it is sent For the usm security model the security level must be one of the following authentication Provides authentication but no encryption privacy Provides authentication and encryption security name identifies the username that is used when generating the inform Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Configuring SNMP Informs on page 121 Config
128. To create users include the user statement at the edit snmp v3 usm local engine hierarchy level edit snmp v3 usm local engine user username username is the name that identifies the SNMPv3 user To configure user authentication and encryption include the following statements at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username authentication md5 f authentication password authentication password Copyright 2014 Juniper Networks Inc 123 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices authentication sha authentication password authentication password authentication none privacy aes128 privacy password privacy password privacy des privacy password privacy password privacy 3des f privacy password privacy password privacy none Related Complete SNMPv3 Configuration Statements on page 195 D tati ocumentaton Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Example Creating SNMPv3 Users Configuration on page 135 Example SNMPv3 Configuration on page 124 Example SNMPv3 Configuration Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Define an SNMPv3 configuration edit snmp engine id f Use mac address view jnxAlarms f oid 1 3 6 1 4 1 2636 3 4 include view interfaces f oid 1 3 6 1 2 1 2 include view ping mib f
129. Traps Monitoring and Troubleshooting Guide for Security Devices User Supported Platforms LN Series M Series MX Series PTX Series QFX Series T Series Syntax userusername Hierarchy Level edit snmp v3 usm local engine edit snmp v3 usm remote engine engine id Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Description Specify a user associated with an SNMPv3 group on a local or remote SNMP engine Options username SNMPv3 user based security model USM username Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related gt Creating SNMPv3 Users on page 123 Documentation 276 Copyright O 2014 Juniper Networks Inc usm Chapter 17 Configuration Statements Supported Platforms LN Series M Series MX Series PTX Series QFX Series T Series Syntax usm local engine f user username 1 authentication md5 f authentication password authentication password authentication none authentication sha authentication password authentication password privacy aes128 privacy password privacy password privacy des privacy password privacy password privacy 3des privacy password privacy password privacy none privacy password privacy password remote en
130. US junos 12 1 topics reference mibs mib jnx vpls generic txt http Awwwjuniper net techpubs en US junosl2 l topics reference mibs mib jnx vpls ldp txt e http Awwwjuniper net techpubs en US junosl2 l topics reference mibs mib jnx vpls bgp txt VPN Certificate Objects MIB 9 0 0 0 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx js cert txt VPN MIB 1 1 O0 1 O 0 O http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx vpn txt Related Juniper Networks Enterprise Specific MIBs on page 21 Documentation Juniper Networks Enterprise Specific SNMP Traps on page 73 Standard SNMP MIBs Supported by Junos OS on page 7 Loading MIB Files to a Network Management System on page 114 Copyright O 2014 Juniper Networks Inc 53 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices MIB Support Details Supported Platforms LN Series M Series MX Series SRX Series T Series Table 5 on page 54 shows enterprise specific MIB objects supported by Junos OS and provides notes detailing how they are handled when a routing instance is specified in an SNMP request An en dash indicates that the item is not applicable Table 5 MIB Support for Routing Instances Juniper Networks MIBs 8 e Toi Support Class Description Notes jnxProducts 1 Product Object IDs jnxServices 2 Services jnx
131. X Series SRX Series T Series location location edit snmp Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Define the value of the MIB Il sysLocation object which is the physical location of the managed system location Location of the local system You must enclose the name within quotation marks snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the System Location for a Device Running Junos OS on page 113 Copyright O 2014 Juniper Networks Inc 227 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices logical system Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 228 EX Series LN Series M Series MX Series PTX Series SRX Series T Series logical system logical system name 1 routing instance routing instance name edit snmp community community name edit snmp trap group edit snmp trap options edit snmp v3target address target address name Statement introduced in Junos OS Release 9 3 Statement introduced in Junos OS Release 9 0 for EX Series switches NOTE The logical system statement replaces the logical router statement and is backward compatible with Junos OS Release 8 3 and later Specify a logical sy
132. about pingProbeHistoryTable see pingProbeHistory Table on page 306 When a response is received from the target host acknowledging the current probe pingResultsProbeResponses increases by 1 The following variables are updated pingResultsMinRtt Minimum round trip time pingResultsMaxRtt Maximum round trip time Copyright O 2014 Juniper Networks Inc 305 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices pingResultsAverageRtt Average round trip time pingResultsRttSumOfSquares Sum of squares of round trip times pingResultsLastGoodProbe Timestamp of the last response NOTE Only probes that result in a response from the target host contribute to the calculation of the round trip time RTT variables When a response to the last probe is received or the last probe has timed out the test is complete pingProbeHistoryTable An entry in pingProbeHistoryTable pingProbeHistoryEntry represents a probe result and is indexed by three variables The first two variables pingCtlOwnerlndex and pingCtlTestName are the same ones used for pingCtlTable which identifies the test The third variable pingProbeHistoryIndex is a counter to uniquely identify each probe result The maximum number of pingProbeHistoryTable entries created for a given test is limited by pingCtlMaxRows If pingCtlMaxRows is set to O no pingProbeHistoryTable entries are created for that test Each
133. access except mplsTeP2mpTunnelBranchPerfTable Related Juniper Networks Enterprise Specific MIBs on page 21 D mentation ocumengae Loading MIB Files to a Network Management System on page 114 Juniper Networks Enterprise Specific MIBs Supported Platforms LN Series SRX Series The Junos OS supports the following enterprise specific MIBs AAA Objects MIB Provides support for monitoring user authentication authorization and accounting through the RADIUS LDAP SecurID and local authentication servers This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx user aaa txt For more information see AAA Objects MIB Access Authentication Objects MIB Provides support for monitoring firewall authentication including data about the users trying to access firewall protected resources and the firewall authentication service itself This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js auth txt For more information see Access Authentication Objects MIB Alarm MIB Provides support for alarms from the router For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx chassis
134. aced by ipCidrRouteTable RFC 2096 P Forwarding Table MIB SNMP management Interface management e SNMPVI Get GetNext requests and version 2 GetBulk request e Junos OS specific secured access list e Master configuration keywords e Reconfigurations upon SIGHUP RFC 1215 A Convention for Defining Traps for use 1 1 1 1 1 O0 O0 1 with the SNMP only MIB II SNMP version 1 traps and version 2 notifications RFC 1406 Definitions of Managed Objects forthe 1 1 1 O0 0 1 0 O0 DS1 and El Interface Types T1 MIB is supported RFC 1407 Definitions of Managed Objects forthe 1 1 1 0 0 0 0 0 DS3 E3 Interface Type T3 MIB is supported RFC 1471 Definitions of Managed Objects for the 1 0 0 1 0 o 0 O Link Control Protocol of the Point to Point Protocol only pppLink group is supported The pppLink group consists of the pppLcp 1 object and the tables pppLinkStatustable and pppLinkConfigTable RFC 1657 Definitions of Managed Objects for the 1 1 1 1 1 0 0 0 Fourth Version of the Border Gateway Protocol BGP 4 using SMIv2 RFC 1695 Definitions of Managed Objects for ATM 1 1 1 0 0 0 o 0 Management Version 8 0 Using SMIv2 Copyright O 2014 Juniper Networks Inc 9 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 3 Standard MIBs Supported on Devices Running Junos OS continued Platforms 1 1 0 0 RFC 1850 OSPF version 2 Management 1 1 Inf
135. acter in this case public However if the community string RI public is configured the protocol data unit PDU is processed according to that community and the embedded routing instance name is ignored Logical systems perform a subset of the actions of a physical router and have their own unique routing tables interfaces policies and routing instances When a routing instance is defined within a logical system the logical system name must be encoded along with the routing instance using a slash to separate the two For example if the routing instance RI is configured within the logical system LS that routing instance must be encoded within a community string as LS RI public When a routing instance is configured outside a logical system within the default logical system no logical system name or character is needed Also when a logical system is created a default routing instance named default is always created within the logical system This name should be used when querying data for that routing instance for example LS default public For v3 requests the name logical system routing instance should be identified directly in the context field Copyright O 2014 Juniper Networks Inc 85 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation e NOTE To identify a virtual LAN VLAN spanning tree instance VSTP on MX Series 3D Universal Edge Routers specify the routi
136. ain information about each type of data such as integer and string For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx util txt For more information see Utility MIB VPN Certificate Objects MIB Provides support for monitoring the local and CA certificates loaded on the router This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see Copyright O 2014 Juniper Networks Inc 27 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js cert txt For more information see VPN Certificate Objects MIB VPN MIB Provides monitoring for Layer 3 VPNs Layer 2 VPNs and virtual private LAN service VPLS read access only For a downloadable version of the MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx vpn txt For more information see VPN MIB Standard SNMP MIBs Supported by Junos OS on page 7 Enterprise Specific MIBs and Supported Devices on page 44 Loading MIB Files to a Network Management System on page 114 List of SRX1OO SRX210 SRX220 SRX240 SRX550 and SRX650 Services Gateways Supported Enterprise Specific MIBs Supported Platforms 28 LN Series SRXIOO SRX110 SRX210 SRX220 SRX240 SRX550 SRX
137. alarm txt For more information see Alarm MIB Copyright O 2014 Juniper Networks Inc 21 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 22 ATM Class of Service MIB Provides support for monitoring Asynchronous Transfer Mode version 2 ATM2 virtual circuit VC class of service CoS configurations It also provides CoS queue statistics for all VCs that have CoS configured For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx atm cos txt For more information see ATM Class of Service MIB ATM MIB Provides support for ATM interfaces and virtual connections For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx atm txt For more information see ATM MIB BGP4 V2 MIB Contains objects used to monitor BGP peer received prefix counters It is based upon similar objects in the MIB documented in Internet draft draft ietf idr bgp4 mibv2 03 txt Definitions of Managed Objects for the Fourth Version of BGP BGP 4 Second Version For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx bgpmib2 txt For more information see BGP4 V2 MIB Bidirectional Forwarding Detection MIB Provides support for monitoring Bidirectional Forwarding Detection BFD sessions For a downloadable ve
138. ame of the health monitor object instance being monitored Value Current value of the monitored variable in the most recent sample interval 312 Copyright 2014 Juniper Networks Inc Chapter 22 Operational Commands Table 22 show snmp health monitor Output Fields continued Field Name Field Description State State of the alarm or event entry Alarms moderate threshold Percentage of moderate threshold level resource utilization e high threshold Percentage of high threshold level resource utilization e critical threshold Percentage of citical threshold level resource utilization active Entry is fully configured and activated e falling threshold crossed Value of the variable has crossed the lower threshold limit e rising threshold crossed Value of the variable has crossed the upper threshold limit e under creation Entry is being configured and is not yet activated e startup Alarm is waiting for the first sample of the monitored variable e object not available Monitored variable of that type is not available to the health monitor agent e instance not available Monitored variable s instance is not available to the health monitor agent e object type invalid Monitored variable is not a nurneric value Object processing errored An error occurred when the monitored variable was processed unknown State is not one of the above Variable OID Object ID to which the variable
139. anagement port local engine id suffix Explicit setting for the engine ID suffix use default ip address The engine ID suffix is generated from the default IP address use mac address The SNMP engine identifier is generated from the MAC address of the management interface on the router Default use default ip address snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Local Engine ID on page 120 Copyright O 2014 Juniper Networks Inc 215 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices enterprise oid Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation event Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 216 LN Series M Series MX Series PTX Series SRX Series T Series enterprise oid edit snmp trap options Statement introduced in Junos OS Release 10 0 Add the snmpTrapEnterprise object which shows the association between an enterprise specific trap and the organization that defined the trap to standard SNMP traps By default the snmpTrapEnterprise object is added only to the enterprise specific traps When the enterprise oid statement is included in the configuration snmpTrapEnterprise is added to all the traps gen
140. and Traps Monitoring and Troubleshooting Guide for Security Devices Configuring the System Description on a Device Running Junos OS on page 112 Configuration Statements at the edit snmp Hierarchy Level on page 192 Configuring the Commit Delay Timer Supported Platforms Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series When a router or switch first receives an SNMP nonvolatile Set request a Junos OS XML protocol session opens and prevents other users or applications from changing the candidate configuration equivalent to the command line interface CLI configure exclusive command If the router does not receive new SNMP Set requests within 5 seconds the default value the candidate configuration is committed and the Junos OS XML protocol session closes the configuration lock is released If the router receives new SNMP Set requests while the candidate configuration is being committed the SNMP Set request is rejected and an error is generated If the router receives new SNMP Set requests before 5 seconds have elapsed the commit delay timer the length of time between when the last SNMP request is received and the commit is requested resets to 5 seconds By default the timer is set to 5 seconds To configure the timer for the SNMP Set reply and start of the commit include the commit delay statement at the edit snmp nonvolatile hierarchy level edit snmp nonvolatile commit delay
141. arameters Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure the security name used when generating SNMP notifications security name f the SNMPv3 USM security model is used identify the user when generating the SNMP notification If the v1 or v2c security models are used identify the SNMP community used when generating the notification e NOTE The access privileges for the group associated with this security name must allow this notification to be sent If you are using the v1 or v2 security models the security name at the edit snmp v3 vacm security to group hierarchy level must match the security name at the edit snmp v3 snmp community community index hierarchy level snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Security Name on page 152 Copyright O 2014 Juniper Networks Inc security to group Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation snmp Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series QFX Series T Series security t
142. ard and Juniper MIBs continued Class Class 1 Copyright 2014 Juniper Networks Inc MIB Objects rfc2863a mib Examples ifXtable ifStackTable rfc2665a mib etherMIB rfc2515a mib atmMIB objects Examples atminterfaceConfTable atmVplTable atmVclTable rfc2465 mib ip v6mib Examples ipv6lfTable ipv6AddrPrefixTable ipv6NetToMediaTable ipv6RouteTable rfc2787a mib vrrp mib rfc2932 mib ipMRouteMIB ipMRouteStdMIB mroutemib mib ipMRoutelMIBObjects isismib mib isisMIB pimmib mib pimMIB msdpmib mib msdpmib jnx if extensions mib Examples ifJnxTable ifChassisTable jnx dcu mib jnxDCUs jnx atm mib 59 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 60 Table 6 Class 1 MIB Objects Standard and Juniper MIBs continued Class MIB Objects Examples jnxAtmlfTable jnxAtmVCTable jnxAtmVpTable jnx ipv4 mib jnxipv4 Example jnxlpv4AddrTable jnx cos mib Examples jnxCoslfqStatsTable jnxCosQstatTable jnx scu mib Example jnxScuStatsTable jnx rpf mib Example jnxRpfStatsTable jnx pmon mib Example jnxPMonFlowTable jnx sonet mib Example jnxSonetAlarmTable Class 1 jnx atm cos mib Examples jnxCosAtmVcTable jnxCosAtmVcScTable jnxCosAtmVcQstatsTable jnxCosAtmTrunkTable jnx mac mib Example jnxMacStatsTable jnx services mib Example jnxSvcFlow
143. are Search technical bulletins for relevant hardware and software notifications http kb juniper net InfoCenter Join and participate in the Juniper Networks Community Forum http www juniper net company communities Open a case online in the CSC Case Management tool http www juniper net cm To verify service entitlement by product serial number use our Serial Number Entitlement SNE Tool https tools juniper net SerialNumberEntitlementSearch Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone Use the Case Management tool in the CSC at http www juniper net cm Call 1 888 314 JTAC 1 888 314 5822 toll free in the USA Canada and Mexico For international or direct dial options in countries without toll free numbers see http www juniper net support requesting support html XX Copyright O 2014 Juniper Networks Inc PART 1 Overview SNMP on page 3 SNMPv3 on page 71 SNMP Traps on page 73 Routing Instances on page 85 Device Management on page 89 Remote Operations on page 93 Remote Monitoring Health Monitoring and Service Quality on page 97 Copyright O 2014 Juniper Networks Inc SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 2 Copyright 2014 Juniper Networks Inc CHAPTER 1 SNMP Understanding the SNMP Implementation in Junos OS on page 3 e Standard SNMP MIBs Supported by Junos OS on page 7 e
144. as special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Encryption Type on page 130 Copyright O 2014 Juniper Networks Inc privacy des Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements LN Series M Series MX Series PTX Series OFX Series T Series privacy des f privacy password privacy password edit snmp v3 usm local engine user username edit snmp v3 usm remote engine engine id user username Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the Data Encryption Standard DES as the privacy type for the SNMPv3 user privacy password privacy password Password that a user enters The password is then converted into a key that is used for encryption SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The
145. astGoodProbe Timestamp of the last response You can also consult pingProbeHistoryTable for more detailed information about each probe The index used for pingProbeHistoryTable starts at 1 goes to OXFFFFFFFF and wraps to 1 again Copyright O 2014 Juniper Networks Inc 307 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 308 For example if pingCtlProbeCount is 15 and pingCtlMaxRows is 5 then upon completion of the first run of this test pingProbeHistoryTable contains probes like those in Table 19 on page 308 Table 19 Results in pingProbeHistoryTable After the First Ping Test n Result of 11th probe from run 1 12 Result of 12th probe from run 1 13 Result of 13th probe from run 1 14 Result of 14th probe from run 1 15 Result of 15th probe from run 1 Upon completion of the first probe of the second run of this test pingProbeHistoryTable will contain probes like those in Table 20 on page 308 Table 20 Results in pingProbeHistoryTable After the First Probe of the Second Test 12 Result of 12th probe from run 1 13 Result of 13th probe from run 1 14 Result of 14th probe from run 1 15 Result of 15th probe from run 1 16 Result of Ist probe from run 2 Upon completion of the second run of this test pingProbeHistoryTable will contain probes like those in Table 21 on page 308 Table 21 Results in pingProbeHistoryTable After the Second Ping Test 26 Result
146. at the edit snmp Hierarchy Level on page 192 Copyright O 2014 Juniper Networks Inc Chapter 10 SNMP Traps Configuring the Trap Notification Filter Supported Platforms Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series SNMPv3 uses the notify filter to define which traps or which objects from which traps are sent to the network management system NMS The trap notification filter limits the type of traps that are sent to the NMS Each object identifier represents a subtree of the MIB object hierarchy The subtree can be represented either by a sequence of dotted integers such as 1 3 6 1 2 1 2 or by its subtree name such as interfaces You can also use the wildcard character asterisk in the object identifier OID to specify object identifiers that match a particular pattern To configure the trap notifications filter include the notify filter statement at the edit snmp v3 hierarchy level edit snmp v3 notify filter profile name profile name is the name assigned to the notify filter By default the OID is set to include To define access to traps or objects from traps include the oid statement at the edit snmp v3 notify filter profile name hierarchy level edit snmp v3 notify filter profile name oid o d include exclude oid is the object identifier ALL MIB objects represented by this statement have the specified OID as a prefix It can be specified either
147. atement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure health monitoring The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring Health Monitoring on Devices Running Junos OS on page 183 223 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices interface Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation interval Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 224 EX Series LN Series M Series MX Series PTX Series OFX Series SRX Series T Series interface interface names edit snmp Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure the interfaces on which SNMP requests can be accepted If you omit this statement SNMP requests entering the router or switch through any interface are accepted interface names Names of one or more logical interfaces snmp To view this statement in the configuration snmp control To add this statement to the c
148. ath Forwarding MIB Monitors statistics for traffic that is rejected because of reverse path forwarding RPF processing For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx rpf txt NOTE The enterprise specific RPF MIB is not supported on EX Series Ethernet Switches For more information see Reverse Path Forwarding MIB RMON Events and Alarms MIB Supports the Junos extensions to the standard Remote Monitoring RMON Events and Alarms MIB RFC 2819 The extension augments alarmTable with additional information about each alarm Two new traps are also defined to indicate when problems are encountered with an alarm For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx rmon txt For more information see RMON Events and Alarms MIB e Security Interface Extension Objects MIB Provides support for the security management of interfaces This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see Copyright O 2014 Juniper Networks Inc 3l SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation 32 http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js if ext txt For more information see Security Interface Extension Objects MIB SNMP IDP
149. ation To configure the message digest algorithm MD5 as the authentication type for an SNMPv3 user include the authentication md5 statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username authentication md5 f authentication password authentication password authentication password is the password used to generate the key used for authentication SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters Configuring SHA Authentication To configure the secure hash algorithm SHA as the authentication type for an SNMPv3 user include the authentication sha statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username authentication sha f authentication password authentication password authentication password is the password used to generate the key used for authentication SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters Configuring No Authentication Related Documentation
150. atistics and Juniper Networks enterprise specific chassis information For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx if extensions txt For more information see nterface MIB IP Forward MIB Extends the standard IP Forwarding Table MIB RFC 2096 to include CIDR forwarding information For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx ipforward txt For more information see P Forward MIB Psec Generic Flow Monitoring Object MIB Based on jnx ipsec monitor mib this MIB provides support for monitoring IPsec and IPsec VPN management objects This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx ipsec flow mon txt For more information see Psec Generic Flow Monitoring Object MIB IPsec Monitoring MIB Provides operational and statistical information related to the IPsec and IKE tunnels on Juniper Networks routers For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx ipsec monitor asp txt For more information see Psec Monitoring MIB Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP IPsec VPN Objects MIB Provides support for monitoring I
151. ax Hierarchy Level Release Information Description Required Privilege Level Related Documentation Chapter 17 Configuration Statements security name security name 1 group group name Creating SNMPv3 Users on page 123 Configuring MIB Views on page 118 Defining Access Privileges for an SNMP Group on page 155 Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Configuring SNMP Informs on page 121 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 LN Series M Series MX Series PTX Series SRX Series T Series edit snmp routing instance access f access list f routing instance routing instance restrict edit snmp routing instance access Statement introduced in Junos OS Release 8 4 Create access lists to control SNMP agents in routing instances from accessing SNMP information To enable the SNMP agent on a routing instance to access SNMP information specify the routing instance name To disable the SNMP agent on arouting instance from accessing SNMP information include the routing instance name followed by the restrict keyword snmp To view this statement in the configuration snmp control To add this statement to the configuration routing instance access on page 251 Copyright O 2014 Juniper Networks Inc 197 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices address Supported Platforms Sy
152. ay be lost because a problem occurred during transmission To increase reliability an inform is similar to a trap except that the inform is stored and retransmitted at regular intervals until one of these conditions occurs The receiver target of the inform returns an acknowledgment to the SNMP agent Aspecified number of unsuccessful retransmissions have been attempted and the agent discards the inform message If the sender never receives a response the inform can be sent again Thus informs are more likely to reach their intended destination than traps are Informs use the same communications channel as traps same socket and port but have different protocol data unit PDU types Informs are more reliable than traps but they consume more network router and switch resources see Figure 4 on page 121 Unlike a trap an inform is held in memory until a response is received or the timeout is reached Also traps are sent only once whereas an inform may be retried several times Use informs when it is important that the SNMP manager receive all notifications However if you are more concerned about network traffic or router and switch memory use traps Figure 4 Inform Request and Response ct L Inform request SNMP agent gt SNMP Manager ct L Response SNMP agent lt SNMP Manager 5 Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Configuring the Remote Engine and Rem
153. b jnx jsrpd txt Class of Service MIB 1 1 1 1 1 O0 0 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx cos txt Configuration Management MIB 1 1 1 1 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx cfgmgmt txt Destination Class Usage MIB 1 1 1 0 1 0 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx dcu txt DHCP MIB 1 1 1 O0 O0 O O O http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx jdhcp txt DHCPv6 MIB Oo 0 0 0 0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx jdhcpv6 txt Digital Optical Monitoring MIB 1 O0 1 0 O0 O0 O0 O0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx dom txt 46 Copyright 2014 Juniper Networks Inc Table 4 Enterprise Specific MIBs and Supported Devices continued Platforms Enterprise Specific MIB DNS Objects MIB 0 0 O O http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx js dns txt SRX Low End Chapter 1 SNMP Mid Range Dynamic Flow Capture MIB 1 1 1 0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx dfc txt Ethernet MAC MIB 1 http www juniper net techpubs en_US junos12 1 topics reference mibs jnx mac txt Event MIB 1 il 1 1 http www juniper net techpubs
154. bject identifier OID pingMIB pingObjects pingCtlTable pingCtlEntry pingCtlTargetAddress bob test 1 3 6 1 2 1 80 1 2 1 4 3 98 111 98 4 116 101 115 116 For more information about the definition of the Ping MIB see RFC 2925 Enabling Logging The SNMP error code returned in response to SNMP requests can only provide a generic description of the problem The error descriptions logged by the remote operations process can often provide more detailed information about the problem and help you to solve the problem faster This logging is not enabled by default To enable logging include the flag general statement at the edit snmp traceoptions hierarchy level edit snmp traceoptions f flag general For more information about traceoptions see Tracing SNMP Activity on a Device Running Junos OS on page 297 Copyright O 2014 Juniper Networks Inc 95 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices If the remote operations process receives an SNMP request that it cannot accommodate the error is logged in the var log rmopd file To monitor this log file issue the monitor start rmopd command in operational mode of the command line interface CLI Related gt Using the Ping MIB for Remote Monitoring Devices Running Junos OS on page 293 D tati DLL Usingthe Traceroute MIB for Remote Monitoring Devices Running Junos OS on page 175 96 Copyright O 2014 Juniper Networks Inc CHAPTER
155. ble Extension to 1 1 1 1 O0 O0 0 1 the Interfaces Group MIB RFC 2922 The Physical Topology PTOPO MIB 0 O0 0 0 o 1 Supported objects ptopoConnDiscAlgorithm ptopoConnAgentNetAddrType ptopoConnAgentNetAddr ptopoConnMultiMacSASeen ptopoConnMultiNetSASeen ptopoConnlsStatic ptopoConnLastVerifyTime ptopoConnRowStatus 12 Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Table 3 Standard MIBs Supported on Devices Running Junos OS continued Platforms 1 1 0 1 RFC 2925 Definitions of Managed Objects for 1 1 1 Rernote Ping Traceroute and Lookup Operations only the objects pingCtlTable pingResultsTable pingProbeHistoryTable pingMaxConcurrentRequests traceRouteCtlTable traceRouteResultsTable traceRouteProbeHistoryTable and traceRouteHopsTable RFC 2932 IPv4 Multicast Routing MIB 1 1 1 1 1 1 0 1 RFC 2933 Internet Group Management Protocol ll 1 1 1 1 1 0 O0 IGMP MIB RFC 2934 Protocol Independent Multicast MIB for 1 1 1 1 1 1 ie O IPv4 NOTE In Junos OS RFC 2934 is implemented based on a draft version pimmib mib of the now standard RFC Support for the pimNeighborLoss trap was added in Release 11 4 RFC 2981 Event MIB 1 1 1 1 O 0 0 O RFC 3014 Notification Log MIB 1 1 1 O0 9 0 0 RFC 3019 P Version 6 Management Information 1 1 1 1 O0 O0 0 1 Base for The Multicast Listener Discovery Protocol RFC 3410 Introduction and Applicab
156. bleshooting Guide for Security Devices vi Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 Chapter 16 Defining and Configuring the Trap Target Parameters 0005 150 Applying the Trap Notification Filter iles 151 Configuring the Target Parameters 0 0 ee 151 Configuring the Message Processing Model 00000 eee 151 Configuring the Security Model 0 0 ee es 152 Configuring the Security Level 152 Configuring the Security Name ee ees 152 Example Configuring SNMPv3 Trap Notification llle 153 Access Privileges este shin ecc were tds Sa mac wa dns eee c ue FN m e RN 155 Defining Access Privileges for an SNMP GroUD sssee ee 155 Configuring the Access Privileges Granted to a Group 0 eee eee 156 Conflsuring the GlOUBiz o2 24 ao esae e em uera gas deed awe on Bees 156 Configuring the Security Model ee eee 157 Configuring the Security Level ee eee 157 Associating MIB Views with an SNMP User Group 2 0 0000 eese 157 Configuring the Notify VieW 0 0 0 0 ccc eee 158 Configuring the Read VieW 6 eee eee 158 Configuring the Write View lcs eee 159 Example Access Privilege Configuration llle 159 Routing INSTANCES ceeds rem ripe Rs in ime eai e medie FS RE Fons 161 Enabling SNMP Access over Routing Instances 000 eee 161 Specifying a Routing Instance in an SNMPv1 or SNMPv2c Commun
157. bv2 03 txt Definitions of Managed Objects for the Fourth Version of BGP BGP 4 Second Version For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx bgpmib2 txt For more information see BGP4 V2 MIB BFD MIB Provides support for monitoring Bidirectional Forwarding Detection BFD sessions For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx bfd txt For more information see Bidirectional Forwarding Detection MIB Copyright O 2014 Juniper Networks Inc 39 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 40 Chassis MIB Provides support for environmental monitoring power supply state board voltages fans temperatures and air flow and inventory support for the chassis System Control Board SCB System and Switching Board SSB Switching and Forwarding Model SFM Flexible PIC Concentrators FPCs and PICs For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx chassis txt For more information see Chassis MIBs Chassis Cluster MIB Provides information about objects that are used whenever the state of the control link interfaces or fabric link interfaces changes up to down or down to up in a chassis cluster deployment For a downloadable version of this MIB se
158. by a sequence of dotted integers or by a subtree name include Include the subtree of MIB objects represented by the specified OID exclude Exclude the subtree of MIB objects represented by the specified OID Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Configuring the SNMPv3 Trap Notification on page 146 Configuring the Trap Target Address on page 147 Defining and Configuring the Trap Target Parameters on page 150 Configuring SNMP Informs on page 121 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Configuring SNMP Trap Groups Supported Platforms LN Series SRX Series Copyright O 2014 Juniper Networks Inc 141 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 142 You can create and name a group of one or more types of SNMP traps and then define which systems receive the group of SNMP traps The trap group must be configured for SNMP traps to be sent To create an SNMP trap group include the trap group statement at the edit snmp hierarchy level edit snmp trap group group name 1 categories category destination port port number routing instance instance targets address version all v1 v2 The trap group name can be any string and is embedded in the community name field of the trap To configure your own trap group port include t
159. c Index SNMP traps tiet aie heec ae de erae eaa 4 source address configuration 138 standard Version 1i esit ic ec edes 74 version 2 Nd system logging severity levels 6 WASUD DORE ie teet etd 81 snmp community statement 263 SNMPv2 MPLS traps nnne 80 Passive Monitoring Traps MIB 141 SNMPv3 authentication configuring see 128 informs configuring 121 local engine ID configuring sss 120 minimum configuration nnn 127 Source Class Usage MIB cesses 27 37 43 source address statement sss 262 usage guidelines sse 138 SPU Monitoring MIB essere 27 37 SPU monitoring MIB esent 43 standard traps SNMP version 1 version 2 standards documents SNMP andiMIBS itti icto serons t dcs 8 startup alarm statement seen 264 Usage guidelines 1 ticos 181 Structure of Management Information MIB eot nUD IM EE 27 28 33 Junos OS for SRX Series devices je LR EH MEE 28 33 39 s bagernt SNMP eet eiit ie bet tira 6 support technical See technical support syntax CONVENTIONS ccccsesesssessesesescsessseceescseesecseeessseseseees sysContact object MIB Il sysDescription object MIB ll nnne sysLocation object MIB ll
160. cations usage guidelines see security to group statement sss 261 usage guidelines enne 155 service quality ITV OM ME ONIN os css E 100 Set requests SNMP 3 show SNMP MID command 324 SNMP adding client lists and prefix lists agentis cene e en INI Ie AT architecture esent tette tnt ttentatan commit delay timer S community string sss configuration Veelo ee Ar 195 versions 1 and 2 109 filtering duplicate requests 116 limiting interface access 117 logging enabling 95 Imatlagel ccectestcsecio esit eere i deiese ets idisse is eed cess 3 Master agent netter aed 6 MIB object values displaying 324 MIBEVIGWS asiertima imas sam 118 remote operations 93 standard traps See SNMP traps standards documents sentes 7 SUDaBOTL recette cutie eit p eed 6 system CONDLact eerte tpe reato 112 system description 112 system location ecce system name tracing operations TAD BROW DS E trap notification for remote operations 94 trap options sss a aaeain 137 VIEWS Setbirig u ete e etica 93 SNMP iNO Sienaan e Rn ER een snmp statement usage guidelines SNMPV1 and SNMPV2 cccssssessessesssseseeseeseens 109 SNMPBV3 aci tta tete etie p a eec pe 195 Copyright O 2014 Juniper Networks In
161. certificates loaded on the router This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js cert txt For more information see VPN Certificate Objects MIB Structure of Management Information MIB List of SRX5400 SRX5600 and SRX5800 Services Gateways Supported Enterprise Specific MIBs Supported Platforms 38 LN Series SRX5400 SRX5600 SRX5800 Junos OS supports the following enterprise specific MIBs Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Structure of Management Information MIB Contains object identifiers OIDs for the security branch of the MIBs used in Junos OS for SRX Series devices product services and traps This MIB is currently supported only by Junos OS for SRX Series devices It also explains how the Juniper Networks enterprise specific MIBs are structured For a downloadable version of this MIB http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx smi txt For more information see Structure of Management Information MIB AAA Objects MIB Provides support for monitoring user authentication authorization and accounting through the RADIUS LDAP SecurID and local authentication servers This MIB is currently supported only by Junos OS for SRX Series devices Fora downloadable version of this MIB see http www ju
162. clude the privacy 3des statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username privacy 3des f privacy password privacy password privacy password is the password used to generate the key used for encryption SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters Configuring No Encryption To configure no encryption for an SNMPv3 user include the privacy none statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username privacy none Related Configuring the SNMPv3 Authentication Type on page 128 Documentation Defining Access Privileges for an SNMP Group on page 155 Configuring the Access Privileges Granted to a Group on page 156 e Assigning Security Model and Security Name to a Group on page 132 Copyright O 2014 Juniper Networks Inc 131 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Assigning Security Model and Security Name to a Group Supported Platforms LN Series M Series MX Series PTX Series SRX Series
163. consecutive probes fail during the test ApingTestFailed trap is generated when the test completes and at least pingCtlTrapTestFailureFilter number of probes fail A pingTestCompleted trap is generated when the test completes and fewer than pingCtlTrapTestFailureFilter probes fail C NOTE A probe is considered a failure when pingProbeHistoryStatus of the probe result is anything besides responseReceived For information about how to configure a trap group to receive remote operations see Configuring SNMP Trap Groups on page 141 and Example Setting Trap Notification for Remote Operations on page 95 Gathering Ping Test Results Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series You can either poll pingResultsOperStatus to find out when the test is complete or request that a trap be sent when the test is complete For more information about pingResultsOperStatus see pingResults Table on page 304 For more information about Ping MIB traps see Generating Traps on page 307 The statistics calculated and then stored in pingResultsTable include pingResultsMinRtt Minimum round trip time pingResultsMaxRtt Maximum round trip time pingResultsAverageRtt Average round trip time pingResultsProbeResponses Number of responses received pingResultsSentProbes Number of attempts to send probes pingResultsRttSumOfSquares Sum of squares of round trip times pingResultsL
164. converted into a key that is used for encryption SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Encryption Type on page 130 Copyright O 2014 Juniper Networks Inc 237 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices privacy aes128 Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 238 LN Series M Series MX Series PTX Series OFX Series T Series privacy aes128 f privacy password privacy password edit snmp v3 usm local engine user username edit snmp v3 usm remote engine engine id user username Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the Advanced Encryption Standard encryption algorithm CFBI28 AES 128 Privacy Protocol for the SNMPv3 user privacy password privacy password Password that a user enters The password is then converted into a key that is used for encryption SNMPv3 h
165. cy password privacy 3des f privacy password privacy password privacy none f privacy password privacy password vacm access group group name default context prefix context prefix context prefix security model any usm vl v2c f security level authentication none privacy notify view view name read view view name write view view name security to group security model usm v1 v2c security name security name group group name Hierarchy Level edit snmp 280 Copyright O 2014 Juniper Networks Inc Release Information Description Required Privilege Level Related Documentation vacm Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation Chapter 17 Configuration Statements Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure SNMPv3 The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 EX Series LN Series M Series MX Series PTX Series T Series vacm access f group group name default context prefix context prefix context prefix security model any usm v1 v2c f security level authentica
166. cy security level Associating MIB Views with an SNMP User Group MIB views define access privileges for members of a group Separate views can be applied for each SNMP operation read write and notify within each security model usm vl and v2c and each security level authentication none and privacy supported by SNMP Copyright O 2014 Juniper Networks Inc 157 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 158 To associate MIB views with an SNMP user group include the following statements at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm vl v2c security level authentication none privacy hierarchy level edit snmp v3 vacm accessgroup group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy notify view view name read view view name write view view name e NOTE You must associate at least one view notify read or write at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm vl v2c security level authentication none privacy hierarchy level You must configure the MIB view at the edit snmp view view name hierarchy level For information about how to configure MIB views see Configuring MIB Views on page 11
167. d on the interface loO You can configure the source address of trap packets in one of the following formats avalid IPv4 address configured on one of the router interfaces loO that is the lowest loopback address configured on the interface loO alogical system name arouting instance name To specify a valid interface address as the source address for SNMP traps on one of the router interfaces include the source address statement at the edit snmp trap options hierarchy level edit snmp trap options source address address address is a valid IPv4 address configured on one of the router interfaces To specify the source address of the SNMP traps so that they use the lowest loopback address configured on the interface loO as the source address include the source address statement at the edit snmp trap options hierarchy level edit snmp trap options source address loO To enable and configure the loopback address include the address statement at the edit interfaces loO unit O family inet hierarchy level edit interfaces loO unit O family inet f address ip adaress Copyright 2014 Juniper Networks Inc Logical System Name as the Source Address Routing Instance Name as the Source Address Chapter 10 SNMP Traps To configure the loopback address as the source address of trap packets edit snmp trap options f source address loO trap group urgent dispatcher f version
168. d to that group Configuring the Security Model To configure the security model include the security model statement at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix hierarchy level edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c any Any security model usm SNMPv3 security model e vVI SNMPVI security model v2c SNMPv2c security model Configuring the Security Level To configure the access privileges granted to packets with a particular security level include the security level statement at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c hierarchy level edit snmp v3 vacm access group group name default context prefix security model any usm v1 v2c security level authentication none privacy none Provides no authentication and no encryption authentication Provides authentication but no encryption privacy Provides authentication and encryption C NOTE Access privileges are granted to all packets with a security level equal to or greater than that configured If you are configuring the SNMPv1 or SNMPv2c security model use none as your security level If you are configuring the SNMPv3 security model USM use the authentication none or priva
169. dard Algorithm 130 To configure the Advanced Encryption Standard AES algorithm for an SNMPv3 user include the privacy aes128 statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username privacy aes128 1 privacy password privacy password privacy password is the password used to generate the key used for encryption SNMPv3 has special requirements when you create plain text passwords on a router or switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters Copyright O 2014 Juniper Networks Inc Chapter 9 SNMPv3 Configuring the Data Encryption Algorithm To configure the data encryption algorithm DES for an SNMPv3 user include the privacy des statement at the edit snmp v3 usm local engine user username hierarchy level edit snmp v3 usm local engine user username privacy des privacy password privacy password privacy password is the password used to generate the key used for encryption SNMPv3 has special requirements when you create plain text passwords on a router or Switch The password must be at least eight characters long The password can include alphabetic numeric and special characters but it cannot include control characters Configuring Triple DES To configure triple DES for an SNMPv3 user in
170. de Internet draft draft ietf isis wg mib 07 txt 1 1 1 1 1 1 0 O0 Management Information Base for IS IS only isislISAdjTable isisISAdjAreaAddrTable isislISAdjlPAddrTable and isislISAdjProtSuppTable NOTE Replaced with RFC 4444 S S MIB in Junos OS Release 11 3 and later Internet draft 1 1 1 O0 0 0 o draft ietf ppvpn mpls vpn mib 04 txt MPLS BGP Virtual Private Network Management Information Base Using SMIv2 only mplsVpnScalars mplsVpnVrfTable mplsVpnPerTable and mplsVpnVrfRouteTargetTable Internet draft draft ietf ospf ospfv3 mib 11 txt 1 1 1 1 O0 O0 O0 1 Management Information Base for OSPFv3 Represented by mib jnx ospfv3mib txt and implemented under the Juniper Networks enterprise branch jnxExperiment Support for ospfv3NbrTable only Read only Object names are prefixed by jnx For example jnxOspfv3NbrTable jnxOspfv3NbrAddressType and jnxOspfv3NbrPriority 20 Copyright 2014 Juniper Networks Inc Chapter 1 SNMP Table 3 Standard MIBs Supported on Devices Running Junos OS continued Platforms 1 1 1 Oo O0 1 Internet draft draft ietf idmr pim mib 09 txt 1 1 Protocol Independent Multicast PIM MIB ESO Consortium MIB which can be found at 1 1 1 1 1 1 0 O0 http www snmp com eso NOTE The ESO Consortium MIB has been replaced by RFC 3826 Internet Draft P2MP MPLS TE MIB 1 1 1 0 9 9 O0 draft ietf mpls p2mp te mib 09 txt read only
171. duced in Junos OS Release 9 0 for EX Series switches Define the types of traps that are sent to the targets of the named trap group If you omit the categories statement all trap types are included in trap notifications category Name of a trap type authentication chassis configuration link remote operations rmon alarm routing sonet alarms startup or vrrp events snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SNMP Trap Groups on page 141 EX Series LN Series M Series MX Series PTX Series SRX Series T Series client list client list name 1 ip addresses edit snmp Statement introduced in Junos OS Release 8 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for QFX Series switches Define a list of SNMP clients client list name Narme of the client list ip addresses P addresses of the SNMP clients to be added to the client list snmp To view this statement in the configuration snmp control To add this statement to the configuration Adding a Group of Clients to an SNMP Community on page 167 Copyright O 2014 Juniper Networks Inc client list name Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Ser
172. dvance To address these issues the health monitor extends the RMON alarm infrastructure to provide predefined monitoring for a selected set of object instances for file system usage CPU usage and memory usage and includes support for unknown or dynamic object instances such as Junos OS processes Health monitoring is designed to minimize user configuration requirements To configure health monitoring entries include the health monitor statement at the edit snmp hierarchy level edit snmp health monitor f falling threshold percentage interval seconds rising threshold percentage You can use the show snmp health monitor operational command to view information about health monitor alarms and logs This topic describes the minimurn required configuration and discusses the following tasks for configuring the health monitor Monitored Objects on page 184 Minimum Health Monitoring Configuration on page 185 Configuring the Falling Threshold or Rising Threshold on page 185 Configuring the Interval on page 186 Log Entries and Traps on page 186 When you configure the health monitor monitoring information for certain object instances is available as shown in Table 17 on page 184 Table 17 Monitored Object Instances 8 o ou Description jnxHrStoragePercentUsed 1 Monitors the following file system on the router or switch dev adOsla This is the root file system mounted on jnxHrStoragePe
173. e edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm vl v2c security level authentication none privacy Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Associate the notify view with a community for SNMPv1 or SNMPv2c clients or a group name for SNMPv3 clients view name Name of the view to which the SNMP user group has access snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring MIB Views on page 118 Configuring the Notify View on page 158 Copyright O 2014 Juniper Networks Inc 233 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices oid Supported Platforms EX Series LN Series M Series MX Series PTX Series SRX Series T Series Syntax oidobject identifier exclude include Hierarchy Level edit snmp view view name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify an object identifier OID used to represent a subtree of MIB objects Options exclude Exclude the subtree of MIB objects represented by the specified OID include Include the subtree of MIB objects represented by the specifi
174. e address address address mask address mask Copyright 2014 Juniper Networks Inc 195 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices logical system logical system port port number retry count number routing instance instance tag list tag list target parameters target parameters name timeout seconds target parameters target parameters name 1 notify filter profile name parameters f message processing model vl v2c v3 security level authentication none privacy security model usm vl v2c security name security name usm local engine remote engine engine id f user username authentication md5 authentication password authentication password authentication none authentication sha authentication password authentication password privacy 3des f privacy password privacy password privacy aes128 1 privacy password privacy password privacy des f privacy password privacy password privacy none vacm access group group name default context prefix context prefix context prefix security model any usm vl v2c f security level authentication none privacy f notify view view name read view view name write view view name security to group security model usm vl v2c 196 Copyright 2014 Juniper Networks Inc Related Documentation access list Supported Platforms Synt
175. e http Avww juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx jsrpd txt For more information see Chassis Cluster MIB Configuration Management MIB Provides notification for configuration changes as SNMP traps Each trap contains the time at which the configuration change was committed the name of the user who made the change and the method by which the change was made A history of the last 32 configuration changes is kept in jnxCmChgEventTable For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx cfgmgmt txt For more information see Configuration Management MIB Destination Class Usage MIB Provides support for monitoring packet counts based on the ingress and egress points for traffic transiting your networks Ingress points are identified by input interface Egress points are identified by destination prefixes grouped into one or more sets known as destination classes One counter is managed per interface per destination class up to a maximum of 16 counters per interface For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx dcu txt For more information see Destination Class Usage MIB DNS Objects MIB Provides support for monitoring DNS proxy queries requests responses and failures This MIB is currently supported only by Junos OS for SRX Series dev
176. e 165 Examples Configuring the SNMP Community String on page 166 Adding a Group of Clients to an SNMP Community on page 167 Configuring the SNMPv3 Community on page 168 Example SNMPv3 Community Configuration on page 170 Configuring the SNMP Community String Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series The SNMP community string defines the relationship between an SNMP server system and the client systems This string acts like a password to control the clients access to the server To configure a community string in a Junos OS configuration include the community statement at the edit snmp hierarchy level edit snmp community name 1 authorization authorization clients default restrict address restrict view view name If the community name contains spaces enclose it in quotation marks The default authorization level for a community is read only To allow Set requests within a community you need to define that community as authorization read write For Set requests you also need to include the specific MIB objects that are accessible with read write privileges using the view statement The default view includes all supported MIB objects that are accessible with read only privileges no MIB objects are accessible with read write privileges For more information about the view statement see Configuring MIB Views on page 118 The clients statement l
177. e SNMP engine who receives the informs Informs generated can be unauthenticated authenticated or authenticated_and_encrypted depending on the security level of the SNMPv3 user configured on the remote engine the inform receiver The authentication key is used for generating message authentication code MAC The privacy key is used to encrypt the inform PDU part of the message Related Documentation Configuring SNMP Informs on page 121 Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Configuring the Inform Notification Type and Target Address on page 171 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Example Configuring the Remote Engine ID and Remote Users on page 294 Example Configuring the Remote Engine ID and Remote Users Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series 294 Copyright O 2014 Juniper Networks Inc Chapter 19 Remote Operations The following example configures user u10 located on remote engine 0x800007E5804089071BC6D10A41 and the user s authentication and privacy keys The keys are autogenerated from the passwords entered by the command line interface CLI user edit snmp v3 usm remote engine 800007E5804089071BC6D10A41 user u1O authentication md5 f authentication key 9 DOjP536901RiktullcSwY2gUj5QF3 CYgQF CuOxN bwgZGiqP5iH 5TF 9WLX7wYoaUkgqfoaAp OBEhSr
178. e appropriate conditions occur eventDescription A comment describing the event entry eventType Type of notification that the probe makes about this event eventCommunity Trap group used if an SNMP trap is to be sent If eventCommunity is not configured a trap is sent to each trap group configured with the rmon alarm category eventLastTimeSent Value of sysUpTime when this event entry last generated an event eventOwner Any text string specified by the creating management application or the command line interface CLI Typically it is used to identify a network manager or application and can be used for fine access control between participating management applications eventStatus Status of this event entry NOTE If this object is not set to valid no action is taken by the associated event entry When this object is set to valid all previous log entries associated with this entry if any are deleted Understanding RMON Alarms on page 97 Configuring an Event Entry and Its Attributes on page 182 Copyright O 2014 Juniper Networks Inc 99 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Understanding Measurement Points Key Performance Indicators and Baseline Values Supported Platforms Measurement Points 100 LN Series M Series MX Series PTX Series T Series This chapter topic provides guidelines for monitoring the service quality of an IP network
179. e internal Get request for the variable failed Copyright 2014 Juniper Networks Inc Chapter 7 Remote Monitoring Health Monitoring and Service Quality Table 16 jnxRmon Alarm Extensions continued Field Description jnxRmonAlarmGetFailTime Value of sysUpTime when the last failure occurred jnxRmonAlarmGetFailReason Reason why the Get request failed jnxRmonAlarmGetOkTime Value of sysUpTime when the variable moved out of failure state jnxRmonAlarmState Status of this alarm entry Monitoring the extensions in this table provides clues as to why remote alarms may not behave as expected Related Understanding Measurement Points Key Performance Indicators and Baseline Values Documentation on page 100 Copyright 2014 Juniper Networks Inc 105 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 106 Copyright O 2014 Juniper Networks Inc PART 2 Configuration SNMP on page 109 SNMPv3 on page 123 SNMP Traps on page 137 Access Privileges on page 155 Routing Instances on page 161 Community Strings on page 165 Inform Notifications on page 171 Remote Operations on page 175 Remote Monitoring Health Monitoring and Service Quality on page 177 Configuration Statements on page 189 Copyright O 2014 Juniper Networks Inc 107 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 108 Copyright O 2014 Juniper Netw
180. e subject of this technical documentation consists of or is intended for use with Juniper Networks software Use of such software is subject to the terms and conditions of the End User License Agreement EULA posted at http www juniper net support eula html By downloading installing or using such software you agree to the terms and conditions of that EULA ii Copyright 2014 Juniper Networks Inc Table of Contents About the Documentations occ sossar ud mE eid bbs SA SE E UE abd XV Documentation and Release NoteS 0 0 00 ccc eee eee XV Supported Plavronms jax 21573 ck dade tio sei e a ase oases a esta e wee XV Using the Examples in This Manual se I IIR XV Merging a F llExatnple x xu texte dS Ee PEU LAc Eben bids xvi Mersing a ShIBpDel aa 42chdecaa ca cad E 3 ad sande Ghd edad ka A xvi Documentation CONVENTIONS xxu eam d neessann cue Dace hs ade OR dde xvii Documentation Feedback 0 cc eee eee xix Requesting Technical Support Xix Self Help Online Tools and ResourceS 1 0 cee eee xix Opening a Case WithITAG asas presets ERE b Rr REP ae nee XX Part 1 Overview Chapter 1 SNMP accede M TM EPA 3 Understanding the SNMP Implementation inJUnosOS 0000005 3 SNMP Architecture aiiud acd aede pe EP ESI GR A TE IAS LLSSGReed 3 SINMP MBS s 5 63 dnd aco c qe R Oa RON cow T Gor RU EROR atro 4 SNMP Traps and IMONMS oio sea duce ato PE REP e vm v Duro 4 Junos OS SNMP Agent Featur
181. e the same access policy You then define the access privileges associated with a group at the edit snmp v3 vacm access hierarchy level Access privileges are defined using views For each group you can apply different views depending on the SNMP operation for example read get getNext or getBulk write set notifications the security level used authentication privacy or none and the security model vl v2c or usm used within an SNMP request You configure members of a group with the security name statement For v3 packets using USM the security name is the same as the username For SNMPv1 or SNMPv2c packets the security name is determined based on the community string Security names are specific to a security model If you are also configuring VACM access policies for SNMPv1 or SNMPv2c packets you must assign security names to groups for each security model SNMPv1 or SNMPv2c at the edit snmp v3 vacm security to group hierarchy Copyright O 2014 Juniper Networks Inc 155 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices level You must also associate a security name with an SNMP community at the edit snmp v3 snmp community community index hierarchy level To configure the access privileges for an SNMP group include statements at the edit snmp v3 vacm hierarchy level edit snmp v3 vacm access group group name 1 default context prefix context prefix context prefix 1 security mode
182. eS 0 0 eee ees 6 Standard SNMP MIBs Supported by Junos OS 6 eee 7 Juniper Networks Enterprise Specific MIBS 0 2 0 0 cee eee 21 List of SRX100 SRX210 SRX220 SRX240 SRX550 and SRX650 Services Gateways Supported Enterprise Specific MIBS 0 00 eee eee 28 List of SRX1400 SRX3400 and SRX3600 Services Gateways Supported Enterprise Specific MIBS 0 eee ene teens 33 List of SRX5400 SRX5600 and SRX5800 Services Gateways Supported Enterprise Specific MIBS n nananana anaana eee eee ene 38 Enterprise Specific MIBs and Supported DeviceS 0 0 0 0 ccc eee eee 44 MIB Support DetailS pdre saapi een eee eee ene 54 SNMP MIB Objects Supported by Junos OS for the Set Operation 63 Chapter 2 SNMPVS scissiecices oiana diia CARE E RDREENGUSER EC ERA GR DLE WERE ae PX 71 SNMPVS OVEINIEW as icis pS daro 935 pa Meg Rene ated aes Rut tag ee ea iot pi Chapter 3 SNMP TES ss s ut dome ao nt 6 6 cm di son a ek ac Ens RISUS a EMRE Ome Ue eU un 73 Juniper Networks Enterprise Specific SNMP TrapsS 00 20 eee 73 Standard SNMP Traps Supported on Devices Running Junos OS 73 Standard SNMP Version 1 Traps l l RR RR ee 74 Standard SNMP Version 2 Traps ssee e RR ee 77 SNMP Version 2 MPLS TIapSss s cds det Sea rte ot aci nada se cs eh 80 Unsupported Standard SNMP TrapS 0 ccc e 81 Copyright O 2014 Juniper Networks Inc iii SNMP MIBs and Traps Monitoring and Troubleshooti
183. eW87s24aUjsY4ZDjq RhcyWLNdbg4Zs YJDHkTQ69ApulEcyrvWQF tuOREYg4ajHmPQF39 Ygz3n6At8XxNYgik PTz7 ikmfn6vW8XVw privacy des privacy key 9 MZZXxdwYgJUjlKJGiH5T69AUuOIrlM7NbeK24 aJDjOlIRylIM8XbwglR24aJDjHqm5n ApOORhn6evLXbwmf5T CRhSyKMS5QEcIeW87 Vbs4JGD mT VwgaZkqfTznAphSrlM8yr Wx7dsYTzF36AtuOlEcpuNdwYoa69CuRhcyleM8rlaZGjq OTllEhr Related Configuring the Remote Engine and Remote User on page 293 D tati oe Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Copyright O 2014 Juniper Networks Inc 295 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 296 Copyright O 2014 Juniper Networks Inc CHAPTER 20 Tracing Activity Tracing SNMP Activity on a Device Running Junos OS on page 297 Example Tracing SNMP Activity on page 300 Tracing SNMP Activity on a Device Running Junos OS Supported Platforms LN Series M Series MX Series PTX Series QFX Series SRX Series T Series SNMP tracing operations track activity for SNMP agents and record the information in log files The logged error descriptions provide detailed information to help you solve problems faster By default Junos OS does not trace any SNMP activity If you include the traceoptions statement at the edit snmp hierarchy level the default tracing behavior is Important activities are logged in files located in the var log directory
184. ed OID object identifier OIlD used to represent a subtree of MIB objects All MIB objects represented by this statement have the specified OID as a prefix You can specify the OID using either a sequence of dotted integers or a subtree name Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring MIB Views on page 118 Documentation 234 Copyright O 2014 Juniper Networks Inc oid Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series oid o d include exclude edit snmp v3 notify filter profile name Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Specify an object identifier OID used to represent a subtree of MIB objects This OID is a prefix that the represented MIB objects have in common exclude Exclude the subtree of MIB objects represented by the specified OID include Include the subtree of MIB objects represented by the specified OID oid Object identifier used to represent a subtree of MIB objects All MIB objects represented by this statement have the specified OID as a prefix You can specify the OID using either a sequence of dotted integer
185. ed to identify the network management hosts 1 2 3 4 and fe80 1 2 3 4 to which traps generated by the local router should be sent The name specified for a trap group is used as the SNMP community string when the agent sends traps to the listed targets edit snmp trap group urgent dispatcher f version v2 categories link startup targets 1 2 3 4 fe80 1 2 3 4 Related Configuring SNMP Trap Groups on page 141 D tati ocumentanon Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 144 Configuring SNMP Trap Options on page 137 Configuring the Trap Target Address Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series The target address defines a management application s address and parameters that are used in sending notifications It can also identify management stations that are allowed to use specific community strings When you receive a packet with a recognized community string and a tag is associated with it Junos OS looks up all the target addresses with this tag and verifies that the source address of this packet matches one of the configured target addresses Copyright O 2014 Juniper Networks Inc 147 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices e NOTE You must configure the address mask when you configure the SNMP community To specify where you want the traps to be sent and define what SNMPv1 and SNMPv2cc
186. eir instances of the variables that are being monitored together with any rising and falling thresholds and their corresponding event indexes To create an RMON request specify the fields shown in Table 15 on page 104 Table 15 RMON Alarm Table Field Description alarmStatus Status of this row for example valid invalid or createRequest alarminterval Sampling period in seconds of the monitored variable alarmVariable OID and instance of the variable to be monitored alarmValue Actual value of the sampled variable alarmSampleType Sample type absolute or delta changes alarmStartupAlarm Initial alarm rising falling or either alarmRisingThreshold Rising threshold against which to compare the value alarmFallingThreshold Falling threshold against which to compare the value alarmRisingEventindex Index row of the rising event in the event table alarmFallingEventindex Index row of the falling event in the event table Both the alarmStatus and eventStatus fields are entryStatus primitives as defined in RFC 2579 Textual Conventions for SMIv2 Troubleshooting RMON 104 You troubleshoot the RMON agent rmopd that runs on the router by inspecting the contents of the Juniper Networks enterprise RMON MIB jnxRmon which provides the extensions listed in Table 16 on page 104 to the RFC 2819 alarmTable Table 16 jnxRmon Alarm Extensions Field Description jnxRmonAlarmGetFailCnt Number of times th
187. el is used for SNMP notifications usm SNMPv3 security model vI SNMPvI1 security model v2c SNMPv2c security model snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Security Model on page 152 Copyright O 2014 Juniper Networks Inc 257 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices security name Community String Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 258 EX Series LN Series M Series MX Series T Series security name security name edit snmp v3 snmp community community index Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Associate the community string configured at the edit snmp v3 snmp community community index hierarchy level to a security name security name Name used when performing access control e NOTE The security name must match the configured security name at the edit snmp v3 target parameters target parameters name parameters hierarchy level when you configure traps or informs snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Security Names on page 169 Copyright O 2014 Juniper Networks Inc Chapter 17 Config
188. en US junos12 1 topics reference mibs mib jnx event txt EX Series MAC Notification MIB 0 O0 O0 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx ex mac notification txt EX Series SMI MIB O0 o O0 1 http www juniper net techpubs en US junos12 1 topics reference mibs mib jnx ex smi txt Experimental MIB 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx exp txt Firewall MIB 1 1 1 1 http www juniper net techpubs en US junos12 1 topics reference mibs mib jnx firewall txt Flow Collection Services MIB 1 1 1 O0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx coll txt Copyright O 2014 Juniper Networks Inc 47 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 4 Enterprise Specific MIBs and Supported Devices continued Platforms Low Mid Enterprise Specific MIB EX End Range 1 Host Resources MIB 1 1 1 1 1 1 http www juniper net techpubs en US junos12 1 topics reference mibs mib jnx hostresources txt Interface MIB 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx if extensions txt IP Forward MIB 1 1 1 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx ipforward txt IPsec Generic Flow Monitoring Object MIB O0 O0 O0 0 1 O0 0 1 http www juniper
189. encryption none No authentication and no encryption privacy Provide authentication and encryption Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring the Security Level on page 152 Documentation 254 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements security model Access Privileges Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series QFX Series T Series security model usm vl v2c edit snmp v3 vacm access group group name default context prefix context prefix context prefix Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the security model for an SNMPv3 group The security model is used to determine access privileges for the group usm SNMPv3 security model vI SNMPvI security model v2c SNMPv2c security model snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Security Model on page 157 Copyright O 2014 Juniper Networks Inc 255 SNMP MIBs and Traps Monitoring and Troubleshooting Guide f
190. entries generated for any health monitor events thresholds crossed errors and so on have a corresponding HEALTHMONITOR tag rather than a generic SNMPD_RMON_EVENTLOG tag However the health monitor sends generic RMON risingThreshold and fallingThreshold traps Understanding RMON Alarms and Events Configuration on page 177 Configuring an Alarm Entry and Its Attributes on page 178 Configuring an Event Entry and Its Attributes on page 182 Example Configuring Health Monitoring on page 186 Understanding Device Management Functions in Junos OS on page 89 Example Configuring Health Monitoring Supported Platforms 186 LN Series M Series MX Series PTX Series T Series Configure the health monitor edit snmp health monitor f falling threshold 85 Copyright O 2014 Juniper Networks Inc Chapter 16 Remote Monitoring Health Monitoring and Service Quality interval 600 rising threshold 75 In this example the sampling interval is every 600 seconds 10 minutes the falling threshold is 85 percent of the maximum possible value for each object instance monitored and the rising threshold is 75 percent of the maximum possible value for each object instance monitored Related Configuring Health Monitoring on Devices Running Junos OS on page 183 Documentation Copyright O 2014 Juniper Networks Inc 187 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 188 Copyright O
191. eoptions file filename files number size size gt lt world readable no world readable match regular expression gt flag flag trap group group name categories f category destination port port number routing instance instance targets f address version all vl v2 trap options f agent address outgoing interface source address address view view name oid object identifier include exclude Related Understanding the SNMP Implementation in Junos OS on page 3 D tati ocumentanon Configuration Statements at the edit snmp Hierarchy Level on page 192 Complete SNMPv3 Configuration Statements on page 195 Copyright O 2014 Juniper Networks Inc m SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Configuring the System Contact on a Device Running Junos OS Supported Platforms Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series You can specify an administrative contact for each system being managed by SNMP This name is placed into the MIB Il sysContact object To configure a contact name include the contact statement at the edit snmp hierarchy level edit snmp contact contact If the name contains spaces enclose it in quotation marks To define a system contact name that contains spaces edit snmp contact Juniper Berry 650 555 1234 Configuring SNMP on a Device Running Jun
192. er 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series SRX Series T Series contact contact edit snmp Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Define the value of the MIB Il sysContact object which is the contact person for the managed system contact Name of the contact person If the name includes spaces enclose it in quotation marks snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the System Contact on a Device Running Junos OS on page 112 EX Series LN Series M Series MX Series PTX Series OFX Series SRX Series T Series description description edit snmp Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Define the value of the MIB Il sysDescription object which is the description of the system being managed description System description If the name includes spaces enclose it in quotation marks snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the System Description on a Device Running Junos OS on page 112 Copyright O 2014 Juniper Networks Inc 213 SNMP MIBs and Traps Monitoring and Troubles
193. er net techpubs en_US junos12 1x47 topics reference mibs mib jnx ping txt For more information see PING MIB Policy Objects MIB Provides support for monitoring the security policies that control the flow of traffic from one zone to another This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see Copyright 2014 Juniper Networks Inc Chapter 1 SNMP http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js policy txt For more information see Policy Objects MIB Reverse Path Forwarding MIB Monitors statistics for traffic that is rejected because of reverse path forwarding RPF processing For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx rpf txt NOTE The enterprise specific RPF MIB is not supported on EX Series Ethernet Switches For more information see Reverse Path Forwarding MIB RMON Events and Alarms MIB Supports the Junos OS extensions to the standard Remote Monitoring RMON Events and Alarms MIB RFC 2819 The extension augments alarmTable with additional information about each alarm Two new traps are also defined to indicate when problems are encountered with an alarm Fora downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx rmon txt For more information see RMON
194. er the group is allowed to view or change specific MIB objects VACM defines collections of data called views groups of data users and access statements that define which views a particular group of users can use for reading writing or receiving traps Trap entries in SNMPv3 are created by configuring the notify notify filter target address and target parameters The notify statement specifies the type of notification trap and contains a single tag The tag defines a set of target addresses to receive a trap The notify filter defines access to a collection of trap object identifiers OIDs The target address defines a management application s address and other attributes to be used in sending notifications Target parameters define the message processing and security parameters to be used in sending notifications to a particular management target To configure SNMPv3 perform the following tasks Copyright O 2014 Juniper Networks Inc 7 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 72 Related Documentation Creating SNMPv3 Users on page 123 Configuring MIB Views on page 118 Defining Access Privileges for an SNMP Group on page 155 Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Configuring SNMP Informs on page 121 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Copyright O 2014 Juniper Netwo
195. er txt Antivirus Objects MIB 0 O0 O0 0 O0 1 0 O http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx js utm av txt ATM Class of Service MIB 1 1 1 9 0 1 0 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx atm cos txt ATM MIB 1 1 1 0 ie 0 0 0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx atm txt BGP4 V2 MIB 1 1 1 1 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx bgpmib2 txt Bidirectional Forwarding Detection MIB 1 1 1 1 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx bfd txt Copyright 2014 Juniper Networks Inc 45 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 4 Enterprise Specific MIBs and Supported Devices continued Platforms SRX Low Mid Enterprise Specific MIB End Range Chassis Forwarding MIB 9 0 1 1 0 0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx chassis fwdd txt Chassis MIBs 1 1 1 1 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx chassis txt http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx chas defines txt Chassis Cluster MIBs 0 0 0 0 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mi
196. erate Rising 1d 02 25 Monitor RE Temperature Moderate Rising 1d 02 24 Monitor Copyright 2014 Juniper Networks Inc 321 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices show snmp health monitor routing engine status Supported Platforms Syntax Release Information Description Required Privilege Level Related Documentation List of Sample Output Output Fields SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 show snmp health monitor routing engine status Statement introduced in Junos OS Release 12 1X45 D1O for branch SRX Series devices Display the SNMP health monitoring information for a Routing Engine view show snmp health monitor routing engine history on page 318 show snmp health monitor routing engine status on page 322 Table 24 on page 322 describes the output fields for the show snmp health monitor routing engine status command Output fields are listed in the approximate order in which they appear Table 24 show snmp health monitor routing engine status Output Fields Field Name Field Description Alarm Index Alarm identifier Resource name Name of the resource Current State Current state of the monitored variable Config Action Displays the configured action Threshold Displays the threshold value for medium high and critical as a percentage Interval Displays the time taken in seconds Sample Output show snmp health monitor routin
197. erated A single event is also generated if the first sample after this entry becomes valid is greater than or equal to this threshold After a rising event is generated another Copyright 2014 Juniper Networks Inc 185 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices rising event cannot be generated until the sampled value falls below this threshold and reaches the falling threshold You must specify the rising threshold as a percentage of the maximum possible value for the monitored variable To configure the falling threshold or rising threshold include the falling threshold or rising threshold statement at the edit snmp health monitor hierarchy level edit snmp health monitor falling threshold percentage rising threshold percentage percentage can be a value from 1 through 100 The falling and rising thresholds apply to all object instances monitored by the health monitor Configuring the Interval The interval represents the period of time in seconds over which the object instance is sampled and compared with the rising and falling thresholds To configure the interval include the interval statement and specify the number of seconds at the edit snmp health monitor hierarchy level edit snmp health monitor interval seconds seconds can be a value from 1 through 2147483647 The default is 300 seconds 5 minutes Log Entries and Traps Related Documentation The system log
198. erated from the device snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SNMP Trap Options on page 137 EX Series LN Series M Series MX Series PTX Series T Series event index f community community name description description type type edit snmp rmon Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure RMON event entries index l dentifier for a specific event entry The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring an Event Entry and Its Attributes on page 182 alarm on page 200 Copyright O 2014 Juniper Networks Inc falling event index Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series falling event index index edit snmp rmon alarm index Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches The index of the event entry that is used when a falling threshold is crossed If this value is zero no event is triggered index I ndex of the event entry that
199. eric Flow Monitoring Object Armut CI NEL TIE 24 30 36 4 24 30 35 4 SOME IHE RAMS 25 25 30 36 4 POONA TEE AE EN HEUS 25 CICESE irena aa 25 36 depict 30 42 logical Syste MSnase 25 logical systems M lticaSt E ere els cee NAT Objects 25 31 36742 isizjo Ec N See ad 10 Copyright 2014 Juniper Networks Inc Index Packet Forwarding Engine 25 31 36 42 s 26 31 36 42 use in ping test ees 293 view configuration example SNMP 119 Policy Objects 26 31 36 42 PPPusiend nsesedsdpo aa eed E 9 Reverse Path Forwarding 26 31 37 42 RMON Events and Alarms 26 31 37 43 Security Interface Extension 0 lt 01 k ee 26 31 37 43 Security Screening Objects 26 37 43 SNMP IDP esccsessessessessssessessssessessessssecsessessssecseeseeneess 24 32 SNMP object values displaying 324 Source Class Usage 27 37 43 SPU Monitoring 27 37 SPU MON ItOSING ce csssesssseseseststseseseecesescscscaesesesenenes 43 Structure of Management Information cocinas 27 28 33 Junos OS for SRX Series devices je 28 33 39 System LOG cccsesseseseeseseseesessseseseeseteteeees 27 32 38 43 TfacerOBLe itm 27 32 38 44 Bl 27 32 38 44 views Ne X 118 Mic 28 VPN Certificate Objects
200. es Configure a set of targets to receive traps or informs for IPv4 packets only tag name ldentifies the address of managers that are allowed to use a community string snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Tag on page 169 Configuring the SNMPv3 Trap Notification on page 146 265 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices tag list Supported Platforms EX Series LN Series M Series MX Series PTX Series OFX Series T Series Syntax tag list tag list Hierarchy Level edit snmp v3 target address target address name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Description Configure an SNMP tag list used to select target addresses Options tag list Define sets of target addresses tags To specify more than one tag specify the tag names as a space separated list enclosed within double quotes Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring the Trap Target Address on page 149 Documentation 266 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements target address Supported Platforms EX Series
201. es are about to expire expire or when the total number of users exceeds the number specified in the license For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx license txt For more information see License MIB Logical Systems MIB Provides support for logical systems security profile For a downloadable version of this MIB see http Awwwijunipernet techpubs en_US junos12 1x47 topics reference mibs mib jnx lsys securityprofile txt For more information see Logical Systems MIB NAT Objects MIB Provides support for monitoring network address translation NAT This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx js nat txt For more information see NAT Objects MIB Packet Forwarding Engine MIB Provides notification statistics for Packet Forwarding Engines For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx pfe txt For more information see Packet Forwarding Engine MIB Ping MIB Extends the standard Ping MIB control table RFC 2925 Items in this MIB are created when entries are created in pingCtlTable of the Ping MIB Each item is indexed exactly as it is in the Ping MIB For a downloadable version of this MIB see http www junip
202. ess address edit snmp trap options Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Set the source address of every SNMP trap packet sent by this router to a single address regardless of the outgoing interface If the source address is not specified the default is to use the address of the outgoing interface as the source address address Source address of SNMP traps You can configure the source address of trap packets two ways loO or a valid IPv4 address configured on one of the router interfaces The value loO indicates that the source address of all SNMP trap packets is set to the lowest loopback address configured at interface loO Default Disabled The source address is the address of the outgoing interface snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Source Address for SNMP Traps on page 138 Copyright O 2014 Juniper Networks Inc snmp community Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series snmp community community index community name community name security name security name tag tag name edit snmp v3 Statement introduced before Junos OS
203. et and GetNext Output on page 118 Configuring SNMP on a Device Running Junos OS on page 109 Configuration Statements at the edit snmp Hierarchy Level on page 192 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Filtering Interface Information Out of SNMP Get and GetNext Output Supported Platforms Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series Junos OS enables you to filter out information related to specific interfaces from the output of SNMP Get and GetNext requests performed on interface related MIBs such as IF MIB ATM MIB RMON MIB and the Juniper Networks enterprise specific IF MIB You can use the following options of the filter interfaces statement at the edit snmp hierarchy level to specify the interfaces that you want to exclude from SNMP Get and GetNext queries interfaces Interfaces that match the specified regular expressions all internal interfaces Internal interfaces edit snmp filter interfaces f interfaces interface interface2 all internal interfaces However note that these settings are limited to SNMP operations and the users can continue to access information related to the interfaces including those hidden using the filter interfaces options using the appropriate Junos OS command line interface CLI commands Configuring the Interfaces on Which SNMP Requests Can Be Accepted on page 117
204. et the agent address of the SNMPvI traps For more information about the contents of SNMPVvI traps see RFC 1157 e NOTE SNMP cannot be associated with any routing instances other than the master routing instance To configure SNMP trap options include the trap options statement at the edit snmp hierarchy level edit snmp trap options f agent address outgoing interface enterprise oid logical system routing instance source address address Copyright O 2014 Juniper Networks Inc 137 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices You must also configure a trap group for the trap options to take effect For information about trap groups see Configuring SNMP Trap Groups on page 141 This topic contains the following sections Configuring the Source Address for SNMP Traps on page 138 Configuring the Agent Address for SNMP Traps on page 140 Adding snmpTrapEnterprise Object Identifier to Standard SNMP Traps on page 140 Configuring the Source Address for SNMP Traps A valid IPv4 Address As the Source Address The Lowest Loopback Address As the Source 138 Address You can configure the source address of trap packets in many ways loO a valid IPv4 address configured on one of the router interfaces a logical system address or the address of a routing instance The value loO indicates that the source address of the SNMP trap packets is set to the lowest loopback address configure
205. event is generated A single event is also generated if the first sample after this entry becomes valid is less than or equal to this threshold and the associated startup alarm is equal to falling alarm or rising or falling alarm After a falling event is generated another falling event cannot be generated until the sampled value rises above this threshold and reaches the rising threshold You must specify the falling threshold as an integer Its default is 20 percent less than the rising threshold By default the rising threshold is O The rising threshold is the upper threshold for the monitored variable When the current sampled value is greater than or equal to this threshold and the value at the last sampling intervalis less than this threshold a single event is generated A single event is also generated if the first sample after this entry becomes valid is greater than or equal to this threshold and the associated startup alarm is equal to rising alarm or rising or falling alarm After a rising event is generated another Copyright O 2014 Juniper Networks Inc 179 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices rising event cannot be generated until the sampled value falls below this threshold and reaches the falling threshold You must specify the rising threshold as an integer To configure the falling threshold or rising threshold include the falling threshold or rising threshold statement at the ed
206. f pingCtlDataSize maximum value of 65 507 and the standard ping application If the value of pingCtlDataSize is between O and 8 inclusive itis ignored and the payload is 8 bytes the timestamp The Ping MIB assumes all probes are timed so the payload must always include the timestamp For example if you wish to add an additional 4 bytes of payload to the packet you must set pingCtlDataSize to 12 pingCtlDataFill The first 8 bytes of the data segment of the packet is for the timestamp After that the pingCtlDataFill pattern is used in repetition The default pattern when pingCtlDataFill is not specified is OO 01 O2 03 FF OO 01 O2 03 FF pingCtIMaxRows The maximum value is 255 pingMaxConcurrentRequests The maximum value is 500 pingCtlTrapProbeFailureFilter and pingCtlTrapTestFailureFilter A value of O for pingCtlTrapProbeFailureFilter or pingCtlTrapTestFailureFilter is not well defined by the Ping MIB If pingCtlTrapProbeFailureFilter is O pingProbeFailed traps will not be generated for the test under any circumstances If pingCtlTrapTestFailureFilter is O pingTestFailed traps will not be generated for the test under any circumstances Copyright O 2014 Juniper Networks Inc 309 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 310 Copyright 2014 Juniper Networks Inc CHAPTER 22 Operational Commands show snmp health monitor show snmp health mo
207. faces on Which SNMP Requests Can Be Accepted Supported Platforms LN Series M Series MX Series PTX Series QFX Series SRX Series T Series By default all router or switch interfaces have SNMP access privileges To limit the access through certain interfaces only include the interface statement at the edit snmp hierarchy level edit snmp interface interface names Specify the names of any logical or physical interfaces that should have SNMP access privileges Any SNMP requests entering the router or switch from interfaces not listed are discarded Related Configuring SNMP on a Device Running Junos OS on page 109 Heciimienrasen Configuration Statements at the edit snmp Hierarchy Level on page 192 Example Configuring Secured Access List Checking on page 117 Example Configuring Secured Access List Checking Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Grant SNMP access privileges only to devices on interfaces so 0 0 0 and at 1 0 1 The following example does this by configuring a list of logical interfaces edit snmp interface so O 0 0 0 so 0 0 0 1 at 1 0 1 0 at 1 0 1 1 J The following example grants the same access by configuring a list of physical interfaces edit snmp interface so 0 0 0 at 1 0 1 Related Configuring the Interfaces on Which SNMP Requests Can Be Accepted on page 117 Documentation Filtering Interface Information Out of SNMP G
208. figuration 1 30 70 85 Monitor Inter Mod High Crit Action Usage Trail 76 76 76 78 78 78 78 78 78 78 Top and Growing Consumer Top Consumer Usage Growth flowd octeon hm 252 2 idle cpuO 34 34 av worker 3 2 Growing Consumer Usage Growth idle cpuO 34 34 flowd octeon hm 252 2 av worker 3 2 Load averages 2 01 1 min Resource CPU CjnxOperatingCPU 9 1 0 0 Event Critical Rising 85 96 Configuration 1 70 5 min 2 01 15 min 2013 04 10 18 43 28 JST 1 30 70 85 Monitor Inter Mod High Crit Action Usage Trail X 85 85 85 84 84 84 84 84 84 84 Top and Growing Consumer Top Consumer Usage Growth flowd octeon hm 250 1 syshmd 14 0 cli 8 0 av worker 2 0 av worker 1 0 Load averages 3 26 1 min Resource CPU jnxOperatingCPU 9 1 0 0 Event High Rising 72 Configuration 1 69 5 min 3 26 15 min 2013 04 10 18 43 28 JST 1 30 70 85 Monitor Inter Mod High Crit Action Usage Trail 7 72 69 69 69 69 69 69 69 69 69 Top and Growing Consumer Top Consumer flowd octeon hm 320 Usage 251 Growth 4 Copyright O 2014 Juniper Networks Inc Chapter 22 Operational Commands init 14 14 syshmd 14 14 cli 8 8 av worker 2 2 Growing Consumer Usage Growth syshmd 14 14 init 14 14 cli 8 8 flowd octeon hm 251 4 av worker 2 2 Load averages 3 26 1 min 1 69 5 min 3 26 15 min Resource Var cf var jnxHrStoragePercentUsed 5 E
209. figuration of Junos OS does not provide clients with a community string with such privileges Copyright O 2014 Juniper Networks Inc 93 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices To set read write privileges for an SNMP community string include the following statements at the edit snmp hierarchy level edit snmp community community name 1 authorization authorization view view name view view name oid object identifier include exclude Example Setting SNMP Views To create a community named remote community that grants SNMP clients read write access to the Ping MIB jnxPing MIB Traceroute MIB and jnxTraceRoute MIB include the following statements at the edit snmp hierarchy level snmp view remote view oid 1 3 6 1 2 1 80 include pingMIB oid 1 3 6 1 4 1 2636 3 include jnxPingMIB oid 1 3 6 1 2 1 81 include traceRouteMIB oid 1 3 6 1 4 1 2636 3 8 include jnxTraceRouteMIB community remote community view remote view authorization read write For more information about the community statement see Configuring the SNMP Community String on page 165 and community For more information about the view statement see Configuring MIB Views on page 118 view Associating a MIB View with a Community and view Configuring a MIB View Setting Trap Notification for Remote Operations In addition to configuring the remote operations MIB for trap no
210. g Test Supported Platforms pingResultsTable 304 LN Series SRX Series When pingCtlAdminStatus is successfully set to enabled the following is done before the acknowledgment of the SNMP Set request is sent back to the client pingResultsEntry is created if it does not already exist pingResultsOperStatus transitions to enabled For more information see the following sections pingResultsTable on page 304 pingProbeHistoryTable on page 306 Generating Traps on page 307 While the test is running pingResultsEntry keeps track of the status of the test The value of pingResultsOperStatus is enabled while the test is running and disabled when it has stopped The value of pingCtlAdminStatus remains enabled until you set it to disabled Thus to get the status of the test you must examine pingResultsOperStatus The pingCtlFrequency variable can be used to schedule many tests for one pingCtlEntry After a test ends normally you did not stop the test and the pingCtlFrequency number Copyright O 2014 Juniper Networks Inc Chapter 21 Ping Tests of seconds has elapsed the test is started again just as if you had set pingCtlAdminStatus to enabled If you intervene at any time between repeated tests you set pingCtlAdminStatus to disabled or pingCtlRowStatus to notInService the repeat feature is disabled until another test is started and ends normally A value of O for pingCtlFrequency indicates this repeat feature is not
211. g engine status 322 user host gt show snmp health monitor routing engine status Health monitor status Alarm Resource Current Config Threshold Interval Index Name State Action M H C sec 32770 MD3 jail mfs Active 47 Monitor 70 80 90 1 32773 MD2 mfs var run utm Moderate 69 Monitor 70 80 90 1 32776 MD1 mfs Active 13 Monitor 70 80 90 1 32782 Root cf Moderate 54 Monitor 30 70 85 1 32785 Config config Active 0 Monitor 30 70 85 1 Copyright 2014 Juniper Networks Inc 32779 32788 32791 32800 32803 32797 Copyright O 2014 Juniper Networks Inc Var cf var CPU Memory RE process count RE open files count RE Temperature Critical 85 Critical 100 Critical 88 High 81 Moderate 58 Moderate 44 Monitor Monitor Monitor Monitor Monitor Monitor Chapter 22 Operational Commands 30 70 85 30 70 85 70 80 90 30 70 85 30 70 85 30 70 85 PRPRPRPRP PR 323 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices show snmp mib View Supported Platforms Syntax Release Information Description Options Required Privilege Level Related Documentation List of Sample Output 324 LN Series SRX Series show snmp mib get get next walk ascii decimal object id Command introduced in Junos OS Release 9 4 Support for IPv4 and IPv6 systemwide policy statistics added in Junos OS Release 12 1X46 D10 Display local SNMP MIB object values ge
212. ge relative var tmp ex script snippet conf load complete For more information about the load command see the CL User Guide Documentation Conventions Table 1 on page xvii defines notice icons used in this guide Table 1 Notice Icons e Informational note Indicates important features or instructions Caution Indicates a situation that might result in loss of data or hardware damage Warning Alerts you to the risk of personal injury or death Laser warning Alerts you to the risk of personal injury from a laser Q Tip Indicates helpful information Q Best practice Alerts you to a recommended use or implementation Table 2 on page xvii defines the text and syntax conventions used in this guide Table 2 Text and Syntax Conventions Convention Description Examples Bold text like this Represents text that you type To enter configuration mode type the configure command user host gt configure Copyright 2014 Juniper Networks Inc xvii SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 2 Text and Syntax Conventions continued Convention Fixed width text like this Description Represents output that appears on the terminal screen Examples user host gt show chassis alarms No alarms currently active Italic text like this e Introduces or emphasizes important new terms e Identifies guide names e Identifies RFC and Internet draft
213. gh 2 147 483 647 Default 20 percent less than rising threshold snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Falling Threshold or Rising Threshold on page 179 rising threshold on page 246 Copyright O 2014 Juniper Networks Inc 219 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices falling threshold interval Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation filter duplicates Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation 220 EX Series LN Series M Series MX Series PTX Series T Series falling threshold interval seconds edit snmp rmon alarm index Statement introduced in Junos OS Release 8 3 Statement introduced in Junos OS Release 9 0 for EX Series switches Interval between samples when the rising threshold is crossed Once the alarm crosses the falling threshold the regular sampling interval is used seconds Time between samples in seconds Range 1 through 2 147 483 647 seconds Default 60 seconds snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Falling Threshold Interval on page 180 interval on page 224 EX Serie
214. gine engine id 1 user username 1 authentication md5 authentication password authentication password authentication none authentication sha authentication password authentication password privacy aes128 privacy password privacy password privacy des privacy password privacy password privacy 3des privacy password privacy password privacy none privacy password privacy password Hierarchy Level edit snmp v3 Copyright 2014 Juniper Networks Inc 277 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Release Information Description Required Privilege Level Related Documentation 278 Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure user based security model USM information The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Creating SNMPv3 Users on page 123 Configuring the Remote Engine and Remote User on page 293 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements v3 Supported Platforms EX Series LN Series M Series MX Series PTX Series T Series Syntax v3 notify name 1 tag tag name type trap notify filter profile name 1 oid object identifier
215. he destination port statement The default destination port is port 162 For each trap group that you define you must include the target statement to define at least one system as the recipient of the SNMP traps in the trap group Specify the IPv4 or IPv6 address of each recipient not its hostname Specify the types of traps the trap group can receive in the categories statement For information about the category to which the traps belong see the Standard SNMP Traps Supported on Devices Running Junos OS on page 73 and Juniper Networks Enterprise Specific SNMP Traps on page 73 topics Specify the routing instance used by the trap group in the routing instance statement All targets configured in the trap group use this routing instance A trap group can receive the following categories authentication Authentication failures chassis Chassis or environment notifications configuration Configuration notifications link Link related notifications up down transitions DS 3 and DS 1 line status change IPv6 interface state change and Passive Monitoring PIC overload n NOTE To send Passive Monitoring PIC overload interface traps select the link trap category remote operations Remote operation notifications rmon alarm Alarm for RMON events routing Routing protocol notifications sonet alarms SONET SDH alarms Copyright O 2014 Juniper Networks Inc Chapter 10 SNMP Traps e NOTE If you omit
216. hird target getting two traps edit snmp v3 notify nl tag router Identifies a set of target addresses type trap Defines the type of notification notify n2 f tag router2 type trap target address tal f address 10 1 1 1 address mask 255 255 255 0 port 162 tag list router target parameters tpl target address ta2 f address 10 1 1 2 address mask 255 255 255 0 port 162 tag list router2 target parameters tp2 target address ta3 f address 10 1 1 3 address mask 255 255 255 0 port 162 tag list router router2 Define multiple tags in the target address tag list target parameters tp3 Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Configuring the Trap Target Address on page 147 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Copyright O 2014 Juniper Networks Inc Chapter 9 SNMPv3 Example Creating SNMPv3 Users Configuration Supported Platforms SRX Series Define SNMPv3 users edit snmp v3 f usm local engine user user authentication md5 authentication password authentication password privacy des privacy password password user user2 authentication sha authentication password authentication password privacy none user user3 f authentication none privacy none user user4 f authentication md5 authentication password authentication pa
217. hold integer sample type absolute value delta value startup alarm falling alarm rising alarm rising or falling alarm variable oid variable index is an integer that identifies an alarm or event entry Configuring the Description The description is a text string that identifies the alarm entry To configure the description include the description statement and a description of the alarm entry at the edit snmp rmon alarm index hierarchy level edit snmp rmon alarm index description description Configuring the Falling Event Index or Rising Event Index The falling event index identifies the event entry that is triggered when a falling threshold is crossed The rising event index identifies the event entry that is triggered when arising threshold is crossed To configure the falling event index or rising event index include the falling event index or rising event index statement and specify an index at the edit snmp rmon alarm index hierarchy level edit snmp rmon alarm index falling event index index rising event index index index can be from O through 65 535 The default for both the falling and rising event index is O Configuring the Falling Threshold or Rising Threshold The falling threshold is the lower threshold for the monitored variable When the current sampled value is less than or equal to this threshold and the value at the last sampling interval is greater than this threshold a single
218. hooting Guide for Security Devices description Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation destination port Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation 214 EX Series LN Series M Series MX Series PTX Series T Series description description edit snmp rmon alarm index edit snmp rmon event index Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Text description of alarm or event description Text description of an alarm or event entry If the description includes spaces enclose it in quotation marks snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Description on page 179 Configuring an Event Entry and Its Attributes on page 182 EX Series LN Series M Series MX Series PTX Series SRX Series T Series destination port port number edit snmp trap group Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Assign a trap port number other than the default If you omit this statement the default port is 162 port number SNMP trap port number snmp To view th
219. ib jnx ping txt For more information see PING MIB Policy Objects MIB Provides support for monitoring the security policies that control the flow of traffic from one zone to another This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js policy txt For more information see Policy Objects MIB Reverse Path Forwarding MIB Monitors statistics for traffic that is rejected because of reverse path forwarding RPF processing For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx rpf txt D NOTE The enterprise specific RPF MIB is not supported on EX Series Ethernet Switches For more information see Reverse Path Forwarding MIB RMON Events and Alarms MIB Supports the Junos OS extensions to the standard Remote Monitoring RMON Events and Alarms MIB RFC 2819 The extension augments alarmTable with additional information about each alarm Two new traps are also defined to indicate when problems are encountered with an alarm For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx rmon txt For more information see RMON Events and Alarms MIB e Security Interface Extension Objects MIB Provides support for the security management of in
220. ical product support is available through the Juniper Networks Technical Assistance Center JTAC If you are a customer with an active J Care or JNASC support contract or are covered under warranty and need post sales technical support you can access our tools and resources online or open a case with JTAC JTAC policies For a complete understanding of our JTAC procedures and policies review the JTAC User Guide located at http www juniper net us en local pdf resource guides 7100059 en pdf Product warranties For product warranty information visit http www juniper net support warranty JTAC hours of operation The JTAC centers have resources available 24 hours a day 7 days a week 365 days a year Self Help Online Tools and Resources For quick and easy problem resolution Juniper Networks has designed an online self service portal called the Customer Support Center CSC that provides you with the following features Find CSC offerings http www juniper net customers support Search for known bugs http www2 juniper net kb Find product documentation http www juniper net techpubs Find solutions and answer questions using our Knowledge Base http kb juniper net Copyright O 2014 Juniper Networks Inc xix SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Download the latest versions of software and review release notes http www juniper net customers csc softw
221. ices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js dns txt For more information see DNS Objects MIB Ethernet MAC MIB Monitors media access control MAC statistics on Gigabit Ethernet intelligent queuing IQ interfaces It collects MAC statistics for example inoctets inframes outoctets and outframes on each source MAC address and virtual LAN VLAN ID for each Ethernet port For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs jnx mac txt For more information see Ethernet MAC MIB Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Event MIB Defines a generic trap that can be generated using an op script or event policy This MIB provides the ability to specify a system log string and raise a trap if that system log string is found For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx event txt For more information see Event MIB Firewall MIB Provides support for monitoring firewall filter counters Routers must have the Internet Processor Il ASIC to perform firewall monitoring For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx firewall txt For more information see Firewall MIB Host Resources MIB
222. idelines sees 113 Logical Systems MIB een 25 36 42 Copyright O 2014 Juniper Networks Inc logical system statement sse 228 logical system trap filter statement 229 LSYS MIB pesci ter coe ct vere rec v ER rc 25 M Management Information Base See MIBs manuals COMMENTS OBI caeci teet thee DX nd xix master agent SNMP 6 message processing model statement 229 Usage guidelines sete 151 MIBs AAA 0 101 k ee 21 33 39 Access Authentication Objects 21 28 33 39 VEE a p EO E E 21 28 33 39 AMM EE 22 ATM COS essssssssssesssssssssseesesssssesseseesessesseseeseeseenees 22 33 39 sjow 22 29 34 39 GPA M scite net 22 28 33 39 Chassis cc ie tetti etd Res 22 29 34 40 Chassis Cluster sss 23 34 40 Chassis Definitions for Router Modlel 22 Chassis Forwarding eeeenntnnn 22 Class of ServicCe s sese tettnnnn 23 Configuration Management 23 29 34 40 Destination Class Usage T DNS OD CCtS saciiississactonicnninciennine ee enterprise spe cific listed 28 33 38 Ethernet MAC iecit 29 35 40 uem EIL uM ULCUS 23 29 35 4 24 29 35 4 24 30 35 4 VEEE EE MEM EEA 24 24 3035 4 24 30 35 4 IPsec Gen
223. ies LN Series M Series MX Series PTX Series SRX Series T Series client list name client list name edit snmp community community name Statement introduced in Junos OS Release 8 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for FX Series switches Add a client list or prefix list to an SNMP community client list name Name of the client list or prefix list snmp To view this statement in the configuration snmp control To add this statement to the configuration Adding a Group of Clients to an SNMP Community on page 167 Copyright O 2014 Juniper Networks Inc 207 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices clients Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation 208 EX Series LN Series M Series MX Series PTX Series SRX Series T Series clients f address restrict edit snmp community community name Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for FX Series switches Specify the IPv4 or IPv6 addresses of the SNMP client hosts that are authorized to use this community If you omit the clients statement all SNMP clients using this community string are autho
224. ies M Series MX Series PTX Series OFX Series T Series port port number edit snmp v3 target address target address name Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure a UDP port number for an SNMP target If you omit this statement the default port is 162 port number Port number for the SNMP target snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Port on page 149 Copyright O 2014 Juniper Networks Inc privacy 3des Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements LN Series M Series MX Series PTX Series OFX Series T Series privacy 3des f privacy password privacy password edit snmp v3 usm local engine user username edit snmp v3 usm remote engine engine id user username Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the triple Data Encryption Standard 3DES as the privacy type for the SNMPv3 user privacy password privacy password Password that a user enters The password is then
225. ify filter profile name parameters f message processing model vl v2c v3 security level authentication none privacy security model usm vl v2c security name security name Copyright O 2014 Juniper Networks Inc 145 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation Configuring the SNMPv3 Trap Notification on page 146 Configuring the Trap Notification Filter on page 141 Configuring the Trap Target Address on page 147 Defining and Configuring the Trap Target Parameters on page 150 Configuring SNMP Informs on page 121 Configuring the Remote Engine and Remote User on page 293 Configuring the Inform Notification Type and Target Address on page 171 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Configuring the SNMPv3 Trap Notification Supported Platforms 146 Related Documentation LN Series M Series MX Series PTX Series OFX Series T Series The notify statement specifies the type of notification trap and contains a single tag The tag defines a set of target addresses to receive a trap The tag list contains one or more tags and is configured at the edit snmp v3 target address target address name hierarchy level If the tag list contains this tag Junos OS sends a notification to all the target addresses associated with this tag To
226. iguring the Falling Event Index or Rising Event Index 179 Configuring the Falling Threshold or Rising Threshold 0 179 Copyright O 2014 Juniper Networks Inc Table of Contents Configuring THE Intenvals s sut aware prece dex der SE 180 Configuring the Falling Threshold Interval llle 180 Configuring the Request Type isseeeee n 180 Configuring the Sample Type RR RR 181 Configuring the Startup Alarm 2 eee eee 181 Configuring the System Log Tag ills 181 Configuring the Variable 6 er 182 Configuring an Event Entry and Its Attributes 0 0 0 eee 182 Example Configuring an RMON Alarm and Event Entry 0000008 183 Configuring Health Monitoring on Devices Running Junos OS 183 Monitored Objects lisse 184 Minimum Health Monitoring Configuration llle 185 Configuring the Falling Threshold or Rising Threshold 05 185 Configuring the Interval i sacs cede oben dada d dwedadeod EG pd Re n 186 Log Entries and TIapjs secet or re yy ayn ERR CR ERR PR dub Rc 186 Example Configuring Health Monitoring llle 186 Chapter 17 Configuration Statements 0 cece eee enhn rn 189 Configuration Statements at the edit snmp Hierarchy Level 192 Complete SNMPv3 Configuration StatementsS 0 0 0 cee eee 195 accessi Us ao uod trapo Ra A obi arbre facet ud xd met ane ee Se eae tees us
227. ility 1 1 1 1 0 0 1 Statements for Internet Standard Management Framework RFC 3411 An Architecture for Describing Simple 1 1 1 1 1 0 0 1 Network Management Protocol SNMP Management Frameworks NOTE RFC 341 replaces RFC 2571 However Junos OS supports both RFC 3411 and RFC 2571 RFC 3412 Message Processing and Dispatching for 1 1 1 1 1 O0 o 1 the Simple Network Management Protocol SNMP NOTE RFC 3412 replaces RFC 2572 However Junos OS supports both RFC 3412 and RFC 2572 Copyright 2014 Juniper Networks Inc 13 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 3 Standard MIBs Supported on Devices Running Junos OS continued Platforms RFC 3413 Simple Network Management Protocol 1 1 1 1 1 1 0 1 SNMP Applications except for the Proxy MIB RFC 3414 User based Security Model USM for 1 1 1 1 1 0 9 1 version 3 of the Simple Network Management Protocol SNMPv3 RFC 3415 View based Access Control Model 1 1 1 1 1 0 0 1 VACM for the Simple Network Management Protocol SNMP RFC 3416 Version 2 of the Protocol Operations for 1 1 1 0 0 1 the Simple Network Management Protocol SNMP NOTE RFC 3416 replaces RFC 1905 which was supported in earlier versions of Junos OS RFC 3417 Transport Mappings for the Simple 1 1 1 1 1 1 o 1 Network Management Protocol SNMP RFC 3418 Management Information Base MIB 1 1 1 o O0 1
228. initions of Managed Objects for ADSL Lines All MIB tables objects and traps are applicable for the ADSL ATU R agent Copyright 2014 Juniper Networks Inc SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 3 Standard MIBs Supported on Devices Running Junos OS continued Platforms RFC 2665 Definitions of Managed Objects forthe 1 1 1 1 1 1 0 1 Ethernet like Interface Types RFC 2787 Definitions of Managed Objects forthe 1 1 1 1 1 1 0 1 Virtual Router Redundancy Protocol except row creation the Set operation and the object vrrpStatsPacketLengthErrors RFC 2790 Host Resources MIB 1 1 1 1 1 1 o 1 Only the hrStorageTable The file systems config var and tmp always return the same index number When SNMP restarts the index numbers for the remaining file systems might change e Only the objects of the hrSystem and hrSWinstalled groups RFC 2819 Remote Network Monitoring 1 1 1 1 1 1 0 1 Management Information Base e etherStatsTable for Ethernet interfaces only alarmTable eventTable and logTable are supported on all devices running Junos OS e historyControlTable and etherHistoryTable except etherHistoryUtilization object are supported only on EX Series switches RFC 2863 The Interfaces Group MIB 1 1 1 1 1 o o 1 NOTE RFC 2863 replaces RFC 2233 However Junos OS supports both RFC 2233 and RFC 2863 RFC 2864 The Inverted Stack Ta
229. iod after which the destination queue restarts sending the traps Copyright O 2014 Juniper Networks Inc 5 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices e NOTE Users cannot configure the Junos OS for trap queuing Users cannot view any information about trap queues except what is available in the syslog System Logging Severity Levels for SNMP Traps For some traps when a trap condition occurs regardless of whether the SNMP agent sends a trap to an NMS the trap is logged if the system logging is configured to log an event with that system logging severity level For more information about system logging severity levels see the System Log Monitoring and Troubleshooting Guide for Security Devices For more information about system logging severity levels for standard traps see Standard SNMP Version 1 Traps on page 74 and Standard SNMP Version 2 Traps on page 77 For more information about system logging severity levels for enterprise specific traps see Juniper Networks Enterprise Specific SNMP Version 1 Traps and Juniper Networks Enterprise Specific SNMP Version 2 Traps Junos OS SNMP Agent Features The Junos OS SNMP agent software consists of an SNMP master agent that delegates all SNMP requests to subagents Each subagent is responsible for the support of a specific set of MIBs The Junos OS supports the following versions of SNMP SNMPviI The initial implementation of SNMP that defi
230. iod between samples in seconds Rising threshold Upper limit threshold value as a percentage of the maximum possible value Falling threshold Lower limit threshold value as a percentage of the maximum possible value Rising event index Event triggered when the rising threshold is crossed Falling event index Sample Output show snmp health monitor 314 Event triggered when the falling threshold is crossed user host gt show snmp health monitor Alarm Index 32770 32773 32776 32779 32782 32785 32788 32791 32792 32793 Variable description Value Health Monitor md3 jail mfs utilization jnxHrStoragePercentUsed 16 0 Health Monitor md2 mfs var run utm utilization jnxHrStoragePercentUsed 15 0 Health Monitor md1 mfs utilization jnxHrStoragePercentUsed 11 11 Health Monitor var file system utilization jnxHrStoragePercentUsed 10 44 Health Monitor root file system utilization jnxHrStoragePercentUsed 1 52 Health Monitor config file system utilization jnxHrStoragePercentUsed 2 0 Health Monitor RE O CPU utilization jnxOperatingCPU 9 1 0 0 20 Health Monitor RE O0 memory utilization jnxOperatingBuffer 9 1 0 0 52 Health Monitor Max Kernel Memory Used 95 jnxBoxKernelMemoryUsedPercent 0O 3 Health Monitor jroute daemon memory usage State active active active critical threshold critical threshold active active active active Routing p
231. ion edit snmp community public The community defined here as public grants read access to all MIB data to any client To configure complete SNMP features include the following statements at the edit snmp hierarchy level snmp client list client list name ip addresses community community name authorization authorization client list name client list name clients address restrict routing instance routing instance name clients addresses logical system logical system name routing instance routing instance name clients addresses view view name contact contact description description engine id local engine id use mac address use default ip address filter duplicates health monitor falling threshold integer interval seconds rising threshold integer interface interface names location location name name nonvolatile f no Copyright 2014 Juniper Networks Inc Chapter 8 SNMP commit delay seconds rmon alarm index description text description falling event index index falling threshold integer falling threshold interval seconds interval seconds request type get next request get request walk request rising event index index sample type type startup alarm alarm syslog subtag syslog subtag variable o d variable event index community community name description text description type type trac
232. ip addresses community community name 1 authorization authorization client list name client list name clients f address restrict logical system logical system name routing instance routing instance name clients f address restrict routing instance routing instance name clients address lt restrict gt view view name contact contact description description engine id local engine id use default ip address use mac address filter duplicates interface interface names location location name name nonvolatile f commit delay seconds rmon alarm index f 192 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements description description falling event index index falling threshold integer falling threshold interval seconds interval seconds request type get next request get request walk request rising event index index rising threshold integer sample type type startup alarm alarm syslog subtag syslog subtag variable o d variable event index community community name description description type type traceoptions file filename files number size size lt world readable no world readable match regular expression gt flag flag trap group group name categories f category destination port port number routing instance instance logical system logical system name targets f address
233. is alarm mib jnxAlarms jnx ping mib jnxPingMIB jnx traceroute mib jnxTraceRouteMIB jnx rmon mib jnxRmonAlarmTable jnx cos mib Example jnxCosFcTable jnx cfgmgmt mib Example jnxCfgMgmt jnx sonetaps mib apsMIBObjects jnx sp mib jnxSpMIB ggsn mib ejnmobileipABmib rfc1907 mib snmpModules snmpModules Examples snmpMIB snmpFrameworkMIB Table 9 on page 63 shows Class 4 MIB objects standard and enterprise specific MIBs supported by Junos OS With Class 4 objects data is not segregated by routing instance All instances are exposed 62 Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Table 9 Class 4 MIB Objects Standard and Juniper MIBs Class MIB Objects Class 4 system Example sysORTable rfc201la mib ip ipDefaultTTL iplnReceives icmp rfc2012a mib tcp tcpConnTable ipv6TcpConnTable rfc2013a mib udp udpTable ipv6UdpTable rfc2790a mib hrSystem rfc2287a mib sysApplOBJ jnx firewall mib jnxFirewalls jnx ipv6 mib jnxlpv6 Related gt Understanding SNMP Support for Routing Instances on page 86 D mentation ocumengato Trap Support for Routing Instances on page 87 SNMP MIB Objects Supported by Junos OS for the Set Operation Supported Platforms LN Series SRX Series The following table lists the SNMP MIB objects that are supported for the snmp set operation by Junos OS Object Name Object Identifier RFC 1907 sysC
234. is statement in the configuration snmp control To add this statement to the configuration Configuring SNMP Trap Groups on page 141 Copyright O 2014 Juniper Networks Inc engine id Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series engine id f local engine id suffix use default ip address use mac address edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 1 for EX Series switches The local engine ID is defined as the administratively unique identifier of an SNMPv3 engine and is used for identification not for addressing There are two parts of an engine ID prefix and suffix The prefix is formatted according to the specifications defined in RFC 3411 An Architecture for Describing Simple Network Management Protocol SNMP Management Frameworks You can configure the suffix here e NOTE SNMPv3 authentication and encryption keys are generated based on the associated passwords and the engine ID If you configure or change the engine ID you must commit the new engine ID before you configure SNMPv3 users Otherwise the keys generated from the configured passwords are based on the previous engine ID Forthe engine ID we recommend using the MAC address of the m
235. ists the IP addresses of the clients community members that are allowed to use this community If no clients statement is present all clients are allowed For address you must specify an IPv4 or IPv6 address not a hostname Include the default restrict option to deny access to all SNMP clients for which access is not Copyright O 2014 Juniper Networks Inc 165 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices explicitly granted We recommend that you always include the default restrict option to limit SNMP client access to the local router D NOTE Community names must be unique You cannot configure the same community name at the edit snmp community and edit snmp v3 snmp community community index hierarchy levels Related Adding a Group of Clients to an SNMP Community on page 167 D tati ocumentaton Configuring SNMP on a Device Running Junos OS on page 109 Configuration Statements at the edit snmp Hierarchy Level on page 192 Examples Configuring the SNMP Community String on page 166 Examples Configuring the SNMP Community String Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Grant read only access to all clients With the following configuration the system responds to SNMP Get GetNext and GetBulk requests that contain the community string public edit snmp community public authorization read only Grant all clients read wr
236. it snmp rmon alarm index hierarchy level edit snmp rmon alarm index falling threshold integer rising threshold integer integer can be a value from 2 147 483 647 through 2 147 483 647 Configuring the Interval The interval represents the period of time in seconds over which the monitored variable is sampled and compared with the rising and falling thresholds To configure the interval include the interval statement and specify the number of seconds at the edit snmp rmon alarm index hierarchy level edit snmp rmon alarm index interval seconds seconds can be a value from 1 through 2 147 483 647 The default is 60 seconds Configuring the Falling Threshold Interval The falling threshold interval represents the interval between samples when the rising threshold is crossed Once the alarm crosses the falling threshold the regular sampling interval is used Q NOTE You cannot configure the falling threshold interval for alarms that have the request type set to walk request To configure the falling threshold interval include the falling threshold interval statement at the edit snmp rmon alarm index hierarchy level and specify the number of seconds edit snmp rmon alarm index falling threshold interval seconds seconds can be a value from 1 through 2 147 483 647 The default is 60 seconds Configuring the Request Type 180 By default an RMON alarm can monitor only one object instance as specified in the c
237. it snmp rmon alarm index hierarchy level edit snmp rmon alarm index sample type absolute value delta value absolute value Actual value of the selected variable is compared against the thresholds delta value Difference between samples of the selected variable is compared against the thresholds Configuring the Startup Alarm The startup alarm identifies the type of alarm that can be sent when this entry is first activated You can specify it as falling alarm rising alarm or rising or falling alarm To configure the startup alarm include the startup alarm statement and specify the type of alarm at the edit snmp rmon alarm index hierarchy level edit snmp rmon alarm index startup alarm falling alarm rising alarm rising or falling alarm falling alarm Generated if the first sample after the alarm entry becomes active is less than or equal to the falling threshold rising alarm Generated if the first sample after the alarm entry becomes active is greater than or equal to the rising threshold rising or falling alarm Generated if the first sample after the alarm entry becomes active satisfies either of the corresponding thresholds The default is rising or falling alarm Configuring the System Log Tag The syslog subtag statement specifies the tag to be added to the system log message You can specify a string of not more than 80 uppercase characters as the system log tag Copyright O 2014
238. ite access to the ping MIB and jnxPingMIB With the following configuration the system responds to SNMP Get GetNext GetBulk and Set requests that contain the community string private and specify an OID contained in the ping MIB or jnxPingMIB hierarchy edit snmp view ping mib view f oid pingMIB include oid jnxPingMIB include community private f authorization read write view ping mib view The following configuration allows read only access to clients with IP addresses in the range 1 2 3 4 24 and denies access to systems in the range fe80 1 2 3 4 64 edit snmp community field service authorization read only clients 166 Copyright 2014 Juniper Networks Inc Chapter 13 Community Strings default restrict 4 Restrict access to all SNMP clients not explicitly listed on the following lines 1 2 3 4 24 Allow access by all clients in 1 2 3 4 24 except fe80 1 2 3 4 64 restrict fe80 1 2 3 4 64 Related Configuring the SNMP Community String on page 165 Documentation Adding a Group of Clients to an SNMP Community Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Junos OS enables you to add one or more groups of clients to an SNMP community You can include the client list name name statement at the edit snmp community community name hierarchy level to add all the members of the client list or prefix list to an SNMP community To define a list of
239. itored by this entry last failed jnxRmonAlarmGetOkTime The value of sysUpTime when an internal Get request for the variable monitored by this entry succeeded and the entry left the getFailure state jnxRmonAlarmState The current state of this RMON alarm entry To view the Juniper Networks enterprise specific extensions to the RMON Events and Alarms and Event MIB see http www juniper net techpubs en_US junos10 3 topics reference mibs mib jnx rmon txt Copyright 2014 Juniper Networks Inc Related Documentation Chapter 7 Remote Monitoring Health Monitoring and Service Quality For more information about the Juniper Networks enterprise specific extensions to the RMON Events and Alarms MIB see RMON Events and Alarms MIB in the SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Understanding RMON Events on page 99 Configuring an Alarm Entry and Its Attributes on page 178 Understanding RMON Events Supported Platforms eventTable Related Documentation LN Series M Series MX Series PTX Series T Series An RMON event allows you to log the crossing of thresholds of other MIB objects It is defined in eventTable for the RMON MIB This section covers the following topics eventTable on page 99 eventTable contains the following objects eventindex An index that uniquely identifies an entry in eventTable Each entry defines one event that is generated when th
240. ity 161 Example Configuring Interface Settings for a Routing Instance 162 Configuring Access Lists for SNMP Access over Routing Instances 164 Community SNES cua ern eet er Reser EE CENE RE RSS TRE 165 Configuring the SNMP Community StrinB llle 165 Examples Configuring the SNMP Community String lees 166 Adding a Group of Clients to an SNMP Community 0000005 167 Configuring the SNMPv3 Community seen 168 Configuring the Community Name ssseeeee es 169 Configuring the Security Names lslsseeee eh 169 Configuring the Tag ee eee e nn 169 Example SNMPv3 Community Configuration sasoe eee eee 170 Inform Notifications riso ear meram rax Raman RR EY RR chap oe 171 Configuring the Inform Notification Type and Target Address 171 Example Configuring the Inform Notification Type and Target Address 172 Remote OperatiOnns 222 eee ativan edema aea a os IRR Fu a race eta a RR Gan 175 Using the Traceroute MIB for Remote Monitoring Devices Running Junos OS 175 Remote Monitoring Health Monitoring and Service Quality 177 Understanding RMON Alarms and Events Configuration 0 177 Configuring an Alarm Entry and Its Attributes 0 0 0 ees 178 Configuring the Alarm Entry ses rPkRRTREXaPRRZJCCRRPCEPIHPTS TE 178 Configuring the Description leeeee IR IIR 179 Conf
241. iwierset cm Reha c 6 d Rc a e Beles 311 show snmp health monitor 0 0 eee eee 312 show snmp health monitor routing engine history lille 318 show snmp health monitor routing engine statUs lees 322 Show snm MIO VIEW 5 x ctaccckucs oeage pasovennaee Saede Reed a aa 324 Part 4 Index DAER pr 329 Copyright O 2014 Juniper Networks Inc List of Figures Part 1 Chapter 4 Chapter 7 Part 2 Chapter 8 Overview Routing Instances ioco nitrate rur ek mes seed ewes em xd nece Gls 85 Figure 1 SNMP Data for Routing Instances eee 86 Remote Monitoring Health Monitoring and Service Quality 97 Figure 2 Network Entry PointS 20 0 0 ccc cc ee eee eee 100 Figure 3 Setting Thresholds llle eee 102 Configuration nl 109 Figure 4 Inform Request and RESPONSE 2 e 121 Copyright O 2014 Juniper Networks Inc xi SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices xii Copyright O 2014 Juniper Networks Inc List of Tables Part 1 Chapter 1 Chapter 3 Chapter 5 Chapter 7 Part 2 Chapter 16 Part 3 Chapter 20 Chapter 21 About the Documentation 55 pm RR RE RE REESE EUR en Im RU etal XV Table T Notice Icons ssa suos sonnent RIA E RICE Y re E CIrpeu pes Pers xvii Table 2 Text and Syntax Conventions iseeeeee eee xvii Overview SNMP echar ds or ae putet eis a cab ipd er dee ses pis Aden ice dua siete RU
242. junos12 1x47 topics reference mibs mib jnx syslog txt For more information see System Log MIB Copyright O 2014 Juniper Networks Inc 43 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation Traceroute MIB Supports the Junos OS extensions of traceroute and remote operations Items in this MIB are created when entries are created in the traceRouteCtlTable of the Traceroute MIB Each item is indexed exactly the same way asitis in the Traceroute MIB For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx traceroute txt For more information see Traceroute MIB Utility MIB Provides SNMP support for exposing Junos OS data and has tables that contain information on each type of data such as integer and string For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx util txt For more information see Utility MIB VPN Certificate Objects MIB Provides support for monitoring the local and CA certificates loaded on the router This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js cert txt For more information see VPN Certificate Objects MIB Structure of Management Information MIB
243. ks Enterprise Specific MIBs on page 21 Standard SNMP MIBs Supported by Junos OS on page 7 Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 144 Managing Traps and Informs on page 289 Standard SNMP Version 2 Traps Supported Platforms LN Series SRX Series Table 11 on page 78 provides an overview of the standard SNMPv2 traps supported by the Junos OS The traps are organized first by trap category and then by trap name and include their snmpTrapOID The system logging severity levels are listed for those traps that have them with their corresponding system log tag Traps that do not have corresponding system logging severity levels are marked with an en dash in the table For more information about system log messages see System Log Monitoring and Troubleshooting Guide for Security Devices Copyright O 2014 Juniper Networks Inc 77 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 11 Standard Supported SNMP Version 2 Traps Defined in Trap Name Startup Notifications coldStart snmpTrapOID 1 3 6 1 6 3 1 1 5 1 System Logging Severity Level Critical Syslog Tag SNMPD_TRAP_ Supported On All devices running RFC 1907 Management COLD_START Junos OS Information Base i iE Of warmStart 1361631152 Error SNMPD TRAP All devices running See WARM_START Junos OS Network Management
244. l any usm vl v2c f security level authentication none privacy f notify view view name read view view name write view view name security to group security model usm vl v2c security name security name 1 group group name Related Configuring the SNMPv3 Authentication Type on page 128 Documentation Configuring the Access Privileges Granted to a Group on page 156 e Assigning Security Model and Security Name to a Group on page 132 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Configuring the Access Privileges Granted to a Group Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series This topic includes the following sections Configuring the Group on page 156 Configuring the Security Model on page 157 Configuring the Security Level on page 157 Associating MIB Views with an SNMP User Group on page 157 Configuring the Group To configure the access privileges granted to a group include the group statement at the edit snmp v3 vacm access hierarchy level edit snmp v3 vacm access 156 Copyright O 2014 Juniper Networks Inc Chapter 11 Access Privileges group group name group name is a collection of SNMP users that belong to a common SNMP list that defines an access policy Users belonging to a particular SNMP group inherit all access privileges grante
245. leshooting Guide for Security Devices local engine Supported Platforms LN Series M Series MX Series PTX Series QFX Series T Series Syntax local engine f user username 1 authentication md5 f authentication password authentication password authentication none authentication sha authentication password authentication password privacy aes128 f privacy password privacy password privacy des privacy password privacy password privacy 3des f privacy password privacy password privacy none privacy password privacy password Hierarchy Level edit snmp v3 usm Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Description Configure local engine information for the user based security model USM The remaining statements are explained separately Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Creating SNMPv3 Users on page 123 Documentation 226 Copyright O 2014 Juniper Networks Inc location Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PT
246. loading some other MIB You can find such dependencies listed in the IMPORT section of the MIB file Copyright O 2014 Juniper Networks Inc 115 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation 8 Load the Juniper Networks enterprise specific SMI MIB mib jnx smi txt and the following optional SMI MIBs based on your requirements e mib jnx js smi txt Optional For Juniper Security MIB tree objects mib jnx ex smi txt Optional For EX Series Ethernet Switches mib jnx exp txt Recommended For Juniper Networks experimental MIB objects 9 Load the remaining enterprise specific MIBs from the JuniperMibs folder TIP While loading a MIB file if the compiler returns an error message saying that any of the objects is undefined open the MIB file using a text editor and ensure that all the MIB files listed in the IMPORT section are loaded on the compiler If any of the MIB files listed in the IMPORT section is not loaded on the compiler load that MIB file and then try to load the MIB file that failed to load For example the enterprise specific PING MIB mib jnx ping txt has dependencies on RFC 2925 DISMAN PING MIB mib rfc2925a txt If you try to load mib jnx ping txt before loading mib rfc2925a txt the compiler returns an error message saying that certain objects in mib jnx ping txt are undefined Load mib rfc2925a txt and then try to load mib jnx ping txt The enter
247. log trap log and trap none If you do not have CLI access you can configure remote monitoring using the SNMP Manager or management application assuming SNMP access has been granted See Table 14 on page 103 To configure RMON using SNMP perform SNMP Set requests to the RMON event and alarm tables RMON Event Table Set up an event for each type that you want to generate For example you could have two generic events rising and falling or many different events for each variable that is being monitored for example temperature rising event temperature falling event firewall hit event interface utilization event and so on Once the events have been configured you do not need to update them Table 14 RMON Event Table Field Description eventDescription Text description of this event eventType Type of event for example log trap or log and trap eventCommunity Trap group to which to send this event as defined in the Junos OS configuration which is not the same as the community eventOwner Entity for example manager that created this event Copyright 2014 Juniper Networks Inc 103 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices RMON Alarm Table Table 14 RMON Event Table continued Field Description eventStatus Status of this row for example valid invalid or createRequest The RMON alarm table stores the SNMP object identifiers including th
248. log messages to monitor your network you can use this feature to ensure that you are notified of all the major events To configure a policy that raises a trap on receipt of an event include the following statements at the edit event options policy policy name hierarchy level edit event options policy policy name events events then raise trap The following example shows the sample configuration for raising a trap for the event ui mgd terminate edit event options policy p1 events ui mgd terminate then raise trap Copyright 2014 Juniper Networks Inc 289 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Filtering Traps Based on the Trap Category SNMP traps are categorized into many categories The Junos OS provides a configuration option categories at the edit snmp trap group trap group hierarchy level that enables you to specify categories of traps that you want to receive on a particular host You can use this option when you want to monitor only specific modules of the Junos OS The following example shows a sample configuration for receiving only link vrrp events services and otn alarms traps edit snmp trap group jnpr f categories f link vrrp events services otn alarms targets f 192 168 69 179 Filtering Traps Based on the Object Identifier The Junos OS also provides a more advanced filter option that enables you to filter o
249. me copy of each SNMP trap to every trap receiver configured in the trap group The source address in the IP header of each SNMP trap packet is set to the address of the outgoing interface by default When a trap receiver forwards the packet to the central NMS the source address is preserved The central NMS looking only at the source address of each SNMP trap packet assumes that each SNMP trap came from a different source In reality the SNMP traps came from the same router but each left the router through a different outgoing interface The statements discussed in the following sections are provided to allow the NMS to recognize the duplicate traps and to distinguish SNMPvI traps based on the outgoing interface To configure SNMP trap options and trap groups include the trap options and trap group statements at the edit snmp hierarchy level edit snmp trap options f agent address outgoing interface source address address trap group group name 1 categories f category destination port port number targets f address version all v1 v2 Configuring SNMP Trap Options on page 137 Configuring SNMP Trap Groups on page 141 Configuring SNMP on a Device Running Junos OS on page 109 Copyright O 2014 Juniper Networks Inc Chapter 10 SNMP Traps Configuration Statements at the edit snmp Hierarchy Level on page 192 Configuring SNMPv3 Traps on a Device Running Junos OS Supported Platfo
250. mibs mib jnx js spu monitoring txt For more information see SPU Monitoring Objects MIB Structure of Management Information MIB Contains object identifiers OIDs for the security branch of the MIBs used in Junos OS for SRX Series devices services and traps This MIB is currently supported by Junos OS for SRX Series devices only Explains how the Juniper Networks enterprise specific MIBs are structured For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx smi txt For more information see Structure of Management Information MIB System Log MIB Enables notification of an SNMP trap based application when an important system log message occurs For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx syslog txt For more information see System Log MIB Traceroute MIB Supports the Junos OS extensions of traceroute and remote operations Items in this MIB are created when entries are created in the traceRouteCtlTable of the Traceroute MIB Each item is indexed exactly the same way asitis in the Traceroute MIB For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx traceroute txt For more information see Traceroute MIB Utility MIB Provides SNMP support for exposing Junos OS data and has tables that cont
251. n of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx js policy txt For more information see Policy Objects MIB Reverse Path Forwarding MIB Monitors statistics for traffic that is rejected because of reverse path forwarding RPF processing For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx rpf txt Copyright 2014 Juniper Networks Inc Chapter 1 SNMP e NOTE The enterprise specific RPF MIB is not supported on EX Series Ethernet Switches For more information see Reverse Path Forwarding MIB RMON Events and Alarms MIB Supports the Junos OS extensions to the standard Remote Monitoring RMON Events and Alarms MIB RFC 2819 The extension augments alarmTable with additional information about each alarm Two new traps are also defined to indicate when problems are encountered with an alarm For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx rmon txt For more information see RMON Events and Alarms MIB e Security Interface Extension Objects MIB Provides support for the security management of interfaces This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js if ext txt Fo
252. nd Troubleshooting Guide for Security Devices D description statement RNMONZ eei mitten titii RE 214 usage guidelines alarms 179 usage guidelines events SNMP S Ssetentasns Eu RIEN RE RN MINE usage guidelines eene 112 Destination Class Usage MIB 23 34 40 destination port statement SNMP se Sonet einen i EU Ns 214 usage guidelines see 141 DNS Objects MIB documentation COMMENTS OMe RR xix E engine id statement SIN V LAYA 215 usage guidelines ene 120 enterprise oid statement sss 216 enterprise specific MIBs listed 28 33 38 Ethernet MAC MIB sssseeeeeertetentene 29 35 40 Event MIB ine ER eicere bn etta eh 23 29 35 41 event statement sse nennen tenete tenentes 216 usage guidelines eene 182 F falling event index statement sage guidelines ksi teh needa ns falling threshold statement health rrionitor seio meten 218 usage guidelines ee 185 RMON S Ruinen gen aibi e ee 219 falling threshold interval statement RMON dcin ted res tc d d 220 usage guidelines eee 180 filter duplicates statement 220 usage guidelines seen 116 filter interfaces statement sss filtering get SNMP requests Firewall MIB rtt cene font conventions t
253. nes the architecture and framework for SNMP SNMPv2c The revised protocol with improvements to performance and manager to manager communications Specifically SNMPv2c implements community strings which act as passwords when determining who what and how the SNMP Clients can access the data in the SNMP agent The community string is contained in SNMP Get GetBulk GetNext and Set requests The agent may require a different community string for Get GetBulk and GetNext requests read only access than it does for Set requests read write access SNMPv3 The most up to date protocol focuses on security SNMPv3 defines a security model user based security model USM and a view based access control model VACM SNMPv3 USM provides data integrity data origin authentication message replay protection and protection against disclosure of the message payload SNMPv3 VACM provides access control to determine whether a specific type of access read or write to the management information is allowed In addition the Junos OS SNMP agent software accepts IPv4 and IPv6 addresses for transport over IPv4 and IPv6 For IPv6 the Junos OS supports the following features SNMP data over IPv6 networks Pv6 specific MIB data SNMP agents for IPv6 6 Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Related System Log Monitoring and Troubleshooting Guide for Security Devices Documentation SNMPv3 Overview on page 71
254. net techpubs en_US junos12 1 topics reference mibs mib jnx ipsec flow mon txt IPsec Monitoring MIB 1 1 1 O0 1 O0 9 1 http www juniper net techpubs en US junos12 1 topics reference mibs mib jnx ipsec monitor asp txt IPsec VPN Objects MIB Oo O O Oo 1 Oo O http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx js ipsec vpn txt IPv4 MIB 1 1 1 1 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx ipv4 txt IPv6 and ICMPv6 MIB 1 1 1 1 O 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx ipv6 txt L2ALD MIB 0 1 O 1 O0 O O http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx l2ald txt 48 Copyright 2014 Juniper Networks Inc Table 4 Enterprise Specific MIBs and Supported Devices continued Platforms Enterprise Specific MIB L2CP MIB O0 0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx l2cp features txt Chapter 1 SNMP Low Mid EX End Range O 0 0 L2TP MIB 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx l2tp txt LDP MIB 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx ldp txt License MIB 1 1 http www juniper net techpubs en US junos12 1 topics reference mibs mib jnx license txt Logical Systems MIB O0 O0 http www juniper
255. ng Guide for Security Devices Chapter 4 Chapter 5 Chapter 6 Chapter 7 Part 2 Chapter 8 Routing Instances ceiei eec e a rh mo ha eee ERE GE ee 85 Identifying a Routing Instance ix iss er rur gr ER Tc S eIGesveei 85 Understanding SNMP Support for Routing InstanceS 0 000 eee 86 Trap Support for Routing Instances ioco ca rr eeu QT s eos 87 Device Managererit s eese eds ve EcrAaS G00 Eee pide d dones oe dee pK ead 89 Understanding Device Management Functions inJunosOS 89 Understanding the Integrated Local Management Interface 91 Remote Operations eereeeeeee enhn hn nn 93 SNMP Remote Operations Overview cele 93 SNMP Remote Operation RequirementS 0 0000 eee eee ee eee 93 Setting SNMP VieWS 1 a rs 93 Example Setting SNMP Views ee eee eee 94 Setting Trap Notification for Remote Operations 0000 94 Example Setting Trap Notification for Remote Operations 95 Using Variable Length String Indexes 0 2 0c eee 95 Example Set Variable Length String Indexes 0000 eee 95 Enabling EOSSIDB 21 cad od bres ee bir eem puri reb bee 95 Remote Monitoring Health Monitoring and Service Quality 97 Understanding RMON Alarms llle as 97 Alama Ble 1 52 25 1 ouo 9 E 6 8 bd d batur SNe RSEN Reg d x Rud OE Md E edd 98 jnxbmonmAL arkm Table 2 5 3 5 0 2 t5 1 d Ear pr dedo obedire ores o
256. ng instance name followed by a double colon and the VLAN ID For example to identify VSTP instance for VLAN 1O in the global default routing instance include default 10 public in the context SNMPv3 or community SNMPvI or v2 string Understanding SNMP Support for Routing Instances on page 86 Enabling SNMP Access over Routing Instances on page 161 e Specifying a Routing Instance in an SNMPvl or SNMPv2c Community on page 161 Understanding SNMP Support for Routing Instances Supported Platforms 86 LN Series M Series MX Series SRX Series T Series Junos OS enables SNMP managers for all routing instances to request and manage SNMP data related to the corresponding routing instances and logical system networks In Junos OS Clients from routing instances other than the default can access MIB objects and perform SNMP operations only on the logical system networks to which they belong Clients from the default routing instance can access information related to all routing instances and logical system networks Before Junos OS Release 8 4 only the SNMP manager in the default routing instance inet O had access to the MIB objects With the increase in virtual private network VPN service offerings this feature is useful particularly for service providers who need to obtain SNMP data for specific routing instances see Figure 1 on page 86 Service providers can use this information for their own management needs
257. niper net techpubs en_US junos12 1x47 topics reference mibs mib jnx user aaa txt For more information see AAA Objects MIB Access Authentication Objects MIB Provides support for monitoring firewall authentication including data about the users trying to access firewall protected resources and the firewall authentication service itself This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http Avww juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx js auth txt For more information see Access Authentication Objects MIB Alarm MIB Provides support for alarms from the router For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx chassis alarm txt For more information see Alarm MIB ATM CoS MIB Provides support for monitoring Asynchronous Transfer Mode version 2 ATM2 virtual circuit VC class of service CoS configurations It also provides CoS queue statistics for all VCs that have CoS configured For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx atm cos txt For more information see ATM Class of Service MIB BGP4 V2 MIB Contains objects used to monitor BGP peer received prefix counters It is based upon similar objects in the MIB documented in Internet draft draft ietf idr bgp4 mi
258. nitor routing engine history show snmp health monitor routing engine status show snmp mib View Copyright O 2014 Juniper Networks Inc 3n SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices show snmp health Supported Platforms Syntax Release Information Description Options Required Privilege Level List of Sample Output Output Fields monitor LN Series SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 show snmp health monitor lt alarms lt detail gt gt lt logs gt Statement introduced in Junos OS Release 12 1X44 D10 for SRX Series devices Display information about SNMP health monitor alarms and logs none Display information about all health monitor alarms and logs alarms detail Optional Display detailed information about health monitor alarms logs Optional Display information about health monitor logs view show snmp health monitor on page 314 show snmp health monitor alarms detail on page 315 show snmp health monitor alarms brief on page 316 Table 22 on page 312 describes the output fields for the show snmp health monitor command Output fields are listed in the approximate order in which they appear Table 22 show snmp health monitor Output Fields Field Name Field Description Alarm Index Alarm identifier Variable description Description of the health monitor object instance being monitored Variable name N
259. nntetnnntennn G Get requests SNMP sssssseeeenenenenennnnntnnnnnnnnnnenes 3 330 group statement SNMPv3 for access privileges 223 sage guldelinas 2 5 2 eee 133 SNMPv3 for configuring 222 usage guidelines H health monitor staterment eene 223 usage guidelines etes 185 Host Resources MIB sss 24 30 35 41 l IDP v T 24 32 informs SNMP See SNMP informs integrated local management interface See ILMI Interface MIB titre tein 24 30 35 41 interface statement usage guidelines ees interfaces limiting SNMP access interval statement health MONON seesessessesessestesessesssseeseesessesteseeseeseseees 225 usage guidelines sees 186 RMON onie imt 224 Usage guidelines cis 180 IP Forward MIB eene 24 30 35 41 IPsec Monitoring MIB 24 30 35 41 IPsec VPN Objects MIB eennnnrnnnnnnnnnes 25 NPA v A 25 30 36 41 IPv6 and ICMPV6 MIB essences 25 IPV6 SNMP community string 165 J jnxRmonAlarmr7Table eeeeeeeeeenetetnth tenente 98 Juniper Networks MIB objects eene 54 K key performance indicators 101 L License MIB intel local engine statement location statement Eh VIAM 227 usage gu
260. nsmitted if no acknowledgment is received If no acknowledgment is received after the inform is transmitted the maximum number of times the inform message is discarded Default 3 times snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SNMP Informs on page 121 timeout on page 269 EX Series LN Series M Series MX Series PTX Series T Series rising event index index edit snmp rmon alarm index Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Index of the event entry that is used when a rising threshold is crossed If this value is Zero no event is triggered index I ndex of the event entry that is used when a rising threshold is crossed Range O through 65 535 Default O snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Falling Event Index or Rising Event Index on page 179 falling event index on page 217 245 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices rising threshold Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 246 EX Series LN Series M Series MX Series PTX Series T Series rising threshold integer edit snmp rmon alarm index Sta
261. ntation Juniper Networks Enterprise Specific MIBs on page 21 Enterprise Specific MIBs and Supported Devices on page 44 70 Copyright O 2014 Juniper Networks Inc CHAPTER2 SNMPv3 SNMPv3 Overview Supported Platforms e SNMPv3 Overview on page 71 LN Series M Series MX Series PTX Series SRX Series T Series In contrast to SNMP version 1 SNMPv1 and SNMP version 2 SNMPv2 SNMP version 3 SNMPv3 supports authentication and encryption SNMPv3 uses the user based security model USM for message security and the view based access control model VACM for access control USM specifies authentication and encryption VACM specifies access control rules USM uses the concept of a user for which security parameters levels of security authentication privacy protocols and keys are configured for both the agent and the manager Messages sent using USM are better protected than messages sent with community strings where passwords are sent in the clear With USM messages exchanged between the manager and the agent can have data integrity checking and data origin authentication USM protects against message delays and message replays by using time indicators and request IDs Encryption is also available To complement the USM SNMPv3 uses the VACM a highly granular access control model for SNMPv3 applications Based on the concept of applying security policies to the name of the groups querying the agent the agent decides wheth
262. ntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation address mask Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 198 EX Series LN Series M Series MX Series PTX Series T Series address address edit snmp v3 target address target address name Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Specify the SNMP target address address Pv4 address of the system to receive traps or informs You must specify an address not a hostname snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Address on page 148 EX Series LN Series M Series MX Series PTX Series T Series address mask address mask edit snmp v3 target address target address name Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Verify the source addresses for a group of target addresses address mask combined with the address defines a range of addresses snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Address Mask on page 148 Copyright O 2014 Juniper Networks Inc agent address
263. nter and the next delivery attempt timer for the queue are reset Subsequent attempts occur at progressive intervals of 1 minute 2 minutes 4 minutes and 8 minutes The maximum delay between the attempts is 8 minutes and the maximum number of attempts is 10 After 10 unsuccessful attempts the destination queue and all the traps in the queue are deleted The Junos OS also has a throttle mechanism to control the number of traps throttle threshold default value of 500 traps sent during a particular time period throttle interval default of 5 seconds and to ensure consistency in trap traffic especially when a large number of traps are generated because of interface status changes The throttle interval period begins when the first trap arrives at the throttle All traps within the trap threshold are processed and the traps beyond the threshold limit are queued The maximum size of trap queues that is the throttle queue and the destination queue combined is 40 000 traps However on EX Series switches the maximum size of the trap queue is 1000 traps The maximum size of any one queue is 20 000 traps for devices other than EX Series switches On EX Series switches the maximum size of one queue is 500 traps If a trap is sent from a destination queue when the throttle queue has exceeded the maximum size the trap is added back to the top of the destination queue and all subsequent attempts from the destination queue are stopped for a 30 second per
264. nto your NMS if necessary For a list of standard supported MIBs see Standard SNMP MIBs Supported by Junos OS on page 7 Enterprise specific MIBs are developed and supported by a specific equipment manufacturer If your network contains devices that have enterprise specific MIBs you must obtain them from the manufacturer and compile them into your network management software For a list of Juniper Networks enterprise specific supported MIBs see Juniper Networks Enterprise Specific MIBs on page 21 SNMP Traps and Informs Routers can send notifications to SNMP managers when significant events occur on a network device most often errors or failures SNMP notifications can be sent as traps or inform requests SNMP traps are unconfirmed notifications SNMP informs are confirmed notifications SNMP traps are defined in either standard or enterprise specific MIBs Standard traps are created by the IETF and documented in various RFCs The standard traps are compiled into the network management software You can also download the standard traps from the IETF website www ietf org 4 Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP For more information about standard traps supported by the Junos OS see Standard SNMP Traps Supported on Devices Running Junos OS on page 73 Enterprise specific traps are developed and supported by a specific equipment manufacturer If your network contains devices that have ente
265. o a directory on your routing platform For example copy the following configuration to a file and name the file ex script conf Copy the ex script conf file to the var tmp directory on your routing platform system scripts f commit f file ex script xsl interfaces fxpO f disable unit O family inet f address 10 0 0 1 24 2 Merge the contents of the file into your routing platform configuration by issuing the load merge configuration mode command edit user host load merge var tmp ex script conf load complete Merging a Snippet To merge a snippet follow these steps 1 From the HTML or PDF version of the manual copy a configuration snippet into a text file save the file with a name and copy the file to a directory on your routing platform For example copy the following snippet to a file and name the file ex script snippet conf Copy the ex script snippet conf file to the var tmp directory on your routing platform commit file ex script snippet xsl 1 2 Move to the hierarchy level that is relevant for this snippet by issuing the following configuration mode command xvi Copyright O 2014 Juniper Networks Inc About the Documentation edit user host edit system scripts edit system scripts 3 Merge the contents of the file into your routing platform configuration by issuing the load merge relative configuration mode command edit system scripts user host load mer
266. o group security model usm vl v2c group group name security name security name edit snmp v3 vacm Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure the group to which a specific SNMPv3 security name belongs The security name is used for messaging security The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration e Assigning Security Model and Security Name to a Group on page 132 EX Series LN Series M Series MX Series PTX Series SRX Series T Series snmp edit Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure SNMP snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SNMP on a Device Running Junos OS on page 109 Copyright O 2014 Juniper Networks Inc 261 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices source address Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 262 EX Series LN Series M Series MX Series PTX Series SRX Series T Series source addr
267. o world readable statement at the edit snmp traceoptions hierarchy level edit snmp traceoptions Copyright O 2014 Juniper Networks Inc Chapter 20 Tracing Activity file no world readable Configuring a Regular Expression for Lines to Be Logged By default the trace operation output includes all lines relevant to the logged activities You can refine the output by including the match statement at the edit snmp traceoptions file filename hierarchy level and specifying a regular expression regex to be matched edit snmp traceoptions file filename match regular expression Configuring the Trace Operations By default only important activities are logged You can specify which trace operations are to be logged by including the following flag statement with one or more tracing flags at the edit snmp traceoptions hierarchy level edit snmp traceoptions flag 1 all configuration database events general interface stats nonvolatile sets pdu policy protocol timeouts routing socket server subagent timer varbind error Table 18 on page 299 describes the meaning of the SNMP tracing flags Table 18 SNMP Tracing Flags Flag Description Default Setting all Log all operations Off configuration Log reading of the configuration at the Off edit snmp hierarchy level database Log events involving storage and retrievalin the Off events database events Log important events
268. oadable version of this MIB see http Awwwjuniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx lsys securityprofile txt For more information see Logical Systems MIB Network Address Translation NAT Objects MIB Provides support for monitoring network address translation NAT This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js nat txt For more information see NAT Objects MIB Packet Forwarding Engine MIB Provides notification statistics for Packet Forwarding Engines For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx pfe txt For more information see Packet Forwarding Engine MIB Ping MIB Extends the standard Ping MIB control table RFC 2925 Items in this MIB are created when entries are created in pingCtl Table of the Ping MIB Each item is indexed exactly as it is in the Ping MIB For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx ping txt For more information see PING MIB Policy Objects MIB Provides support for monitoring the security policies that control the flow of traffic from one zone to another This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable versio
269. odel usm vl v2c security name security name group group name group name identifies a collection of SNMP security names that share the same access policy For more information about groups see Defining Access Privileges for an SNMP Group on page 155 Example Security Group Configuration Supported Platforms LN Series M Series MX Series SRX Series T Series Assign security names to groups vacm security to group security model usm security name user f group group security name user2 group group2 security name user3 group group3 Copyright 2014 Juniper Networks Inc 133 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation e Assigning Security Model and Security Name to a Group on page 132 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Example Configuring the Tag List Supported Platforms Related Documentation 134 LN Series M Series MX Series PTX Series SRX Series T Series In the following example two tag entries routerl and router2 are defined at the edit snmp v3 notify notify name hierarchy level When an event triggers a notification Junos OS sends a trap to all target addresses that have routerl or router2 configured in their target address tag list This results in the first two targets getting one trap each and the t
270. of 11th probe from run 2 27 Result of 12th probe from run 2 28 Result of 13th probe from run 2 29 Result of 14th probe from run 2 Copyright O 2014 Juniper Networks Inc Chapter 21 Ping Tests Table 21 Results in pingProbeHistoryTable After the Second Ping Test continued pingProbeHistoryIndex Probe Result 30 Result of 15th probe from run 2 History entries can be deleted from the MIB in two ways e More history entries for a given test are added and the number of history entries exceeds pingCtlMaxRows The oldest history entries are deleted to make room for the new ones You delete the entire test by setting pingCtlRowStatus to destroy Stopping a Ping Test Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series To stop an active test set pingCtlAdminStatus to disabled To stop the test and remove its pingCtlEntry pingResultsEntry and any pingHistoryEntry objects from the MIB set pingCtlRowStatus to destroy Interpreting Ping Variables Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series This section clarifies the ranges for the following variables that are not explicitly specified in the Ping MIB pingCtlDataSize The value of this variable represents the total size of the payload in bytes of an outgoing probe packet This payload includes the timestamp 8 bytes that is used to time the probe This is consistent with the definition o
271. ommunity name hierarchy level in Junos OS Release 8 4 Added to the edit snmp community community name logical system logical system name hierarchy level in Junos OS Release 9 1 Statement introduced in Junos OS Release 9 1 for EX Series switches Specify a routing instance for SNMPv1 and SNMPv2 trap targets All targets configured in the trap group use this routing instance If the routing instance is defined within a logical system include the logical system logical system name statement at the editsnmp community community name hierarchy level and specify the routing instance statement under the edit snmp community community name logical system logical system name hierarchy level routing instance name Name of the routing instance snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SNMP Trap Groups on page 141 Configuring the Source Address for SNMP Traps on page 138 e Specifying a Routing Instance in an SNMPvl or SNMPv2c Community on page 161 Copyright O 2014 Juniper Networks Inc routing instance Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series routing instance routing instance name edit snmp v3 target address target address name S
272. on on each type of data such as integer and string For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx util txt For more information see Utility MIB VPN Certificate Objects MIB Provides support for monitoring the local and CA certificates loaded on the router This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js cert txt For more information see VPN Certificate Objects MIB System Log Monitoring and Troubleshooting Guide for Security Devices Structure of Management Information MIB Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP List of SRX1400 SRX3400 and SRX3600 Services Gateways Supported Enterprise Specific MIBs Supported Platforms LN Series SRX1400 SRX3400 SRX3600 Junos OS supports the following enterprise specific MIBs e Structure of Management Information MIB Contains object identifiers OIDs for the security branch of the MIBs used in Junos OS for SRX Series devices product services and traps This MIB is currently supported only by Junos OS for SRX Series devices It also explains how the Juniper Networks enterprise specific MIBs are structured For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib
273. onfiguration Configuring the Interfaces on Which SNMP Requests Can Be Accepted on page 117 EX Series LN Series M Series MX Series PTX Series T Series interval seconds edit snmp rmon alarm index Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Interval between samples seconds Time between samples in seconds Range 1through 2 147 483 647 seconds Default 60 seconds snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Interval on page 180 Copyright O 2014 Juniper Networks Inc interval Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series interval seconds edit snmp health monitor Statement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 for EX Series switches Interval between samples seconds Time between samples in seconds Range 1 through 2147483647 seconds Default 300 seconds snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Interval on page 186 Copyright O 2014 Juniper Networks Inc 225 SNMP MIBs and Traps Monitoring and Troub
274. onfiguration You can configure a request type statement to extend the scope of the RMON alarm to include all object instances belonging to a MIB branch or to include the next object instance after the instance specified in the configuration To configure the request type include the request type statement at the edit snmp rmon alarm index hierarchy level and specify get next request get request or walk request edit snmp rmon alarm index request type get next request get request walk request Copyright O 2014 Juniper Networks Inc Chapter 16 Remote Monitoring Health Monitoring and Service Quality walk extends the RMON alarm configuration to all object instances belonging to a MIB branch next extends the RMON alarm configuration to include the next object instance after the instance specified in the configuration Configuring the Sample Type The sample type identifies the method of sampling the selected variable and calculating the value to be compared against the thresholds If the value of this object is absolute value the value of the selected variable is compared directly with the thresholds at the end of the sampling interval If the value of this object is delta value the value of the selected variable at the last sample is subtracted from the current value and the difference is compared with the thresholds To configure the sample type include the sample type statement and specify the type of sample at the ed
275. onfigured to recover then certain instrusive operations necessary for preventing system breakdown are taken Instrusive operations can include restarting or terminating processes deleting files and so on Such action information is logged in the system health management history and system log Required Privilege security To view this statement in the configuration Level security control To add this statement to the configuration 248 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements routing engine SNMP Global Level Supported Platforms LN Series SRXIOO SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 Syntax routing engine interval lt interval in secs gt moderate threshold lt percentage level gt high threshold lt percentage level gt critical threshold lt percentage level gt traceoptions action lt monitor prevent recover gt Hierarchy Level edit snmp health monitor routing engine Release Information Statement introduced in Junos OS Release 12 1X44 D10 Statement modified in Junos OS Release 12 1X45 D1O Description Enable the system health management feature to Use the specified parameters Options interval Monitoring interval in seconds Default 300 seconds moderate threshold Percentage of moderate threshold level resource utilization Default 70 percent high threshold Percentage of high threshold level resource utilization Default 80 percen
276. ontact 1 3 6 1 2 1 1 4 sysName 1 3 6 1 2 1 1 5 sysLocation 1 3 6 1 2 1 1 6 snmpEnableAuthenTraps 1 3 6 1 2 1 11 30 Copyright 2014 Juniper Networks Inc 63 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Object Name Object Identifier RFC 2819a alarminterval 1 3 6 1 2 1 16 3 1 1 2 alarmVariable 1 3 6 1 2 1 16 3 1 1 2 alarmSampleType 1 3 6 1 2 1 16 3 1 1 4 alarmStartupAlarm 1 3 6 1 2 1 16 3 1 1 6 alarmRisingThreshold 1 3 6 1 2 1 16 3 1 1 7 alarmFalling Threshold 1 3 6 1 2 1 16 3 1 1 8 alarmRisingEventIndex 1 3 6 1 2 1 16 3 1 1 9 alarmFallingEventIndex 1 3 6 1 2 1 16 3 1 1 10 alarmOwner 1 3 6 1 2 1 16 3 1 1 11 alarmStatus 1 3 6 1 2 1 16 3 1 1 12 eventDescription 1 3 6 1 2 1 16 9 1 1 2 eventType 1 3 6 1 2 1 16 9 1 1 3 eventCommunity 1 3 6 1 2 1 16 9 1 1 4 eventOwner 1 3 6 1 2 1 16 9 1 1 6 eventStatus 1 3 6 1 2 1 16 9 1 1 7 RFC 2925a pingMaxConcurrentRequests 1 3 6 1 2 1 80 1 1 pingCtlTargetAddressType 1 3 6 1 2 1 80 1 2 1 3 pingCtlTargetAddress 1 3 6 1 2 1 80 1 2 1 4 pingCtlDataSize 1 3 6 1 2 1 80 1 2 1 5 pingCtlTimeOut 1 3 6 1 2 1 80 1 2 1 6 pingCtlProbeCount 1 3 6 1 2 1 80 1 2 1 7 pingCtlAdminStatus 1 3 6 1 2 1 80 1 2 1 8 64 Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Object Name Object Identifier pingCtlDataFill 1
277. ooks publishes books by Juniper Networks engineers and subject matter experts These books go beyond the technical documentation to explore the nuances of network architecture deployment and administration The current list can be viewed at http www juniper net books Supported Platforms For the features described in this document the following platforms are supported LN Series e SRX Series Using the Examples in This Manual If you want to use the examples in this manual you can use the load merge or the load merge relative command These commands cause the software to merge the incoming configuration into the current candidate configuration The example does not become active until you commit the candidate configuration If the example configuration contains the top level of the hierarchy or multiple hierarchies the example is a full example In this case use the load merge command Copyright O 2014 Juniper Networks Inc XV SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices If the example configuration does not start at the top level of the hierarchy the example is a snippet In this case use the load merge relative command These procedures are described in the following sections Merging a Full Example To merge a full example follow these steps 1 Fromthe HTML or PDF version of the manual copy a configuration example into a text file save the file with a name and copy the file t
278. or Security Devices security model Group Supported Platforms EX Series LN Series M Series MX Series T Series Syntax security model usm vl v2c f security name security name 1 group group name Hierarchy Level edit snmp v3 vacm security to group Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Define a security model for a group Options usm SNMPv3 security model vI SNMPvI security model v2c SNMPv2c security model Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring the Security Model on page 132 Documentation 256 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements security model SNMP Notifications Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series QFX Series T Series security model usm vl v2c edit snmp v3 target parameters target parameters name parameters Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure the security model for an SNMPv3 group The security mod
279. orks Inc CHAPTER 8 SNMP Configuring SNMP on a Device Running Junos OS on page 109 Configuring the System Contact on a Device Running Junos OS on page 112 Configuring the System Description on a Device Running Junos OS on page 112 Configuring the System Location for a Device Running Junos OS on page 113 Configuring the System Name on page 113 Configuring the Commit Delay Timer on page 114 Loading MIB Files to a Network Management System on page 114 Filtering Duplicate SNMP Requests on page 116 Configuring the Interfaces on Which SNMP Requests Can Be Accepted on page 117 Example Configuring Secured Access List Checking on page 117 Filtering Interface Information Out of SNMP Get and GetNext Output on page 118 Configuring MIB Views on page 118 Example Ping Proxy MIB on page 119 Configuring the Local Engine ID on page 120 Configuring SNMP Informs on page 121 Configuring SNMP on a Device Running Junos OS Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Copyright O 2014 Juniper Networks Inc 109 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices By default SNMP is disabled on devices running Junos OS To enable SNMP on a router or switch you must include the SNMP configuration statements at the edit snmp hierarchy level To configure the minimum requirements for SNMP include the following statements at the edit snmp hierarchy level of the configurat
280. ormation Base except for the ospfOriginateNewLsas and ospfRxNewLsas objects the Host Table and the traps ospfOriginateLSA ospfLsdbOverflow and ospfLsdbApproachingOverflow RFC 1901 Introduction to Community based 1 1 1 SNMPv2 RFC 2011 SNMPv2 Management Information Base 1 1 1 1 1 9 O0 O0 for the Internet Protocol Using SMIv2 RFC 2012 SNMPv2 Management Information Base 1 1 1 1 1 1 0 1 for the Transmission Control Protocol Using SMIv2 RFC 2013 SNMPv2 Management Information Base 1 1 1 1 1 1 0 1 for the User Datagram Protocol Using SMIv2 RFC 2096 IP Forwarding Table MIB The 1 1 1 1 1 o o 1 ipCidrRouteTable has been extended to include the tunnel name when the next hop is through an RSVP signaled LSP RFC 2115 Management Information Base for Frame 1 1 1 1 O0 1 0 O Relay DTEs Using SMIv2 frDlcmiTable only frCircuitTable and frErrTable are not supported RFC 2233 The Interfaces Group MIB Using SMIv2 1 1 1 1 1 1 0 1 NOTE RFC 2233 has beenreplaced by RFC 2863 IF MIB However Junos OS supports both RFC 2233 and RFC 2863 RFC 2287 Definitions of System Level Managed 1 1 1 1 1 1 0 1 Objects for Applications only the objects sysApplinstallPkgTable sysApplinstallElmtTable sysApplElmtRunTable and sysApplMapTable RFC 2465 Management Information Base for IP 1 1 1 1 O0 1 O0 O0 Version 6 Textual Conventions and General Group except for IPv6 interface statistic
281. os OS on page 109 Configuring the System Location for a Device Running Junos OS on page 113 Configuring the System Description on a Device Running Junos OS on page 112 Configuring the System Name on page 113 Configuration Statements at the edit snmp Hierarchy Level on page 192 Configuring the System Description on a Device Running Junos OS Supported Platforms 112 Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series You can specify a description for each system being managed by SNMP This string is placed into the MIB Il sysDescription object To configure a description include the description statement at the edit snmp hierarchy level edit snmp description description If the description contains spaces enclose it in quotation marks To specify the system description edit snmp description M40 router with 8 FPCs Configuring SNMP on a Device Running Junos OS on page 109 Configuring the System Contact on a Device Running Junos OS on page 112 Configuring the System Location for a Device Running Junos OS on page 113 Configuring the System Name on page 113 Copyright O 2014 Juniper Networks Inc Chapter 8 SNMP Configuration Statements at the edit snmp Hierarchy Level on page 192 Configuring the System Location for a Device Running Junos OS Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series You
282. ote User on page 293 Configuring the Inform Notification Type and Target Address on page 171 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Copyright O 2014 Juniper Networks Inc 121 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 122 Copyright O 2014 Juniper Networks Inc CHAPTER 9 SNMPv3 Creating SNMPv3 Users on page 123 Example SNMPv3 Configuration on page 124 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Configuring the SNMPv3 Authentication Type on page 128 Configuring the Encryption Type on page 130 e Assigning Security Model and Security Name to a Group on page 132 Example Security Group Configuration on page 133 Example Configuring the Tag List on page 134 Example Creating SNMPv3 Users Configuration on page 135 Creating SNMPv3 Users Supported Platforms LN Series M Series MX Series PTX Series OFX Series SRX Series T Series For each SNMPv3 user you can specify the username authentication type authentication password privacy type and privacy password After a user enters a password a key based on the engine ID and password is generated and is written to the configuration file After the generation of the key the password is deleted from this configuration file NOTE You can configure only one encryption type for each SNMPv3 user
283. other counters available in the Standard Interfaces MIB Juniper Networks enterprise specific extensions to the Interfaces MIB and media specific MIBs such as the enterprise specific ATM MIB e Count packets as part of a firewall filter For more information about firewall filter policies see Juniper Networks Enterprise Specific MIBs on page 21 and the Junos OS Routing Protocols Library for Security Devices Performance management Monitor performance in the following ways e Use operational mode commands For more information about monitoring performance using operational mode commands see the CL User Guide e Use firewall filters For more information about performance monitoring using firewall filters see the Junos OS Routing Protocols Library for Security Devices 90 Copyright 2014 Juniper Networks Inc Chapter 5 Device Management Table 13 Device Management Features in Junos OS continued Task Junos OS Feature Security management Assure security in your network in the following ways e Control access to the router and authenticate users For more information about access control and user authentication see the Junos OS User Authentication Library for Security Devices e Control access to the router using SNMPv3 and SNMP over IPv6 For more information see Configuring the Local Engine ID on page 120 and Tracing SNMP Activity on a Device Running Junos OS on page 297 Related Unde
284. oupName 1 3 6 1 6 3 16 1 2 1 3 vacmSecurityToGroupStorageType 1 3 6 1 6 3 16 1 2 1 4 vacmSecurityToGroupStatus 1 3 6 1 6 3 16 1 2 1 5 vacmAccessContextMatch 1 3 6 1 6 3 16 1 4 1 4 vacmAccessReadViewName 1 3 6 1 6 3 16 1 4 1 5 vacmAccessWriteViewName 1 3 6 1 6 3 16 1 4 1 6 vacmAccessNotifyViewName 1 3 6 1 6 3 16 1 4 1 7 vacmAccessStorageType 1 3 6 1 6 3 16 1 4 1 8 vacmAccessStatus 1 3 6 1 6 3 16 1 4 1 9 vacmViewSpinLock 1 3 6 1 6 3 16 1 5 1 vacmViewTreeFamilyMask 1 3 6 1 6 3 16 1 5 2 1 3 vacmViewTreeFamilyType 1 3 6 1 6 3 16 1 5 2 1 4 vacmViewTreeFamilyStorageType 1 3 6 1 6 3 16 1 5 2 1 5 vacmViewTreeFamilyStatus 1 3 6 1 6 3 16 1 5 2 1 6 RFC 2576 snmpCommunityName 1 3 6 1 6 3 18 1 1 1 2 snmpCommunitySecurityName 1 3 6 1 6 3 18 1 1 1 3 snmpCommunityContextEnginelD 1 3 6 1 6 3 18 1 1 1 4 snmpCommunityContextName 1 3 6 1 6 3 18 1 1 1 5 Copyright O 2014 Juniper Networks Inc 69 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Object Name Object Identifier snmpCommunityTransportTag 1 3 6 1 6 3 18 1 1 1 6 snmpCommunityStorageType 1 3 6 1 6 3 18 1 1 1 7 snmpCommunityStatus 1 3 6 1 6 3 18 1 1 1 8 RFC 2576 snmpTargetAddrMask 1 3 6 1 6 3 18 1 2 1 1 snmpTargetAddrMMS 1 3 6 1 6 3 18 1 2 1 2 Related Standard SNMP MIBs Supported by Junos OS on page 7 Docume
285. p To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring the Group on page 156 Documentation 222 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements group Defining Access Privileges for an SNMPv3 Group Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation health monitor Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation Copyright O 2014 Juniper Networks Inc EX Series LN Series M Series MX Series PTX Series T Series group group name edit snmp v3 vacm security to group security model usm vl v2c security name security name Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Define access privileges granted to a group group name l dentifies a collection of SNMP security names that belong to the same access policy SNMP snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Group on page 133 EX Series LN Series M Series MX Series PTX Series T Series health monitor f falling threshold percentage interval seconds rising threshold percentage edit snmp St
286. p v3 snmp community community index community name community name community name is the community string for an SNMPv1 or SNMPv2c community If unconfigured it is the same as the community index If the community name contains spaces enclose it in quotation marks e NOTE Community names must be unique You cannot configure the same community name at the edit snmp community and edit snmp v3 snmp community community index hierarchy levels The configured community name at the edit snmp v3 snmp community community index hierarchy level is encrypted You cannot view the community name after you have configured it and committed your changes In the command line interface CLI the community name is concealed Configuring the Security Names To assign a community string to a security name include the security name statement at the edit snmp v3 snmp community community index hierarchy level edit snmp v3 snmp community community index security name security name security name is used when access control is set up The security to group configuration at the edit snmp v3 vacm hierarchy level identifies the group e NOTE This security name must match the security name configured at the edit snmp v3 target parameters target parameters name parameters hierarchy level when you configure traps Configuring the Tag To configure the tag include the tag statement at the edit snmp v3 snmp community community index hiera
287. page 129 Configuring SHA Authentication on page 129 Copyright O 2014 Juniper Networks Inc 203 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices authentication sha Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation 204 LN Series M Series MX Series PTX Series OFX Series T Series authentication sha f authentication password authentication password edit snmp v3 usm local engine user username edit snmp v3 usm remote engine engine id user username Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure the secure hash algorithm SHA as the authentication type for the SNMPv3 user NOTE You can configure only one authentication type for each SNMPv3 user The remaining statement is explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SHA Authentication on page 129 Copyright 2014 Juniper Networks Inc authorization Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX
288. per Networks Inc Chapter 11 Access Privileges view name specifies read access for an SNMP user group A view name cannot exceed 32 characters Configuring the Write View To associate a write view with an SNMP user group include the write view statement at the edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy hierarchy level edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm v1 v2c security level authentication none privacy write view view name view name specifies write access for an SNMP user group A view name cannot exceed 32 characters Related Configuring the SNMPv3 Authentication Type on page 128 D tati ocumentaton Defining Access Privileges for an SNMP Group on page 155 e Assigning Security Model and Security Name to a Group on page 132 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Example Access Privilege Configuration on page 159 Example Access Privilege Configuration Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Define access privileges edit snmp v3 access f group groupl f default context prefix f security model usm f Define an SNMPv3 security model
289. per net techpubs en_US junos12 1 topics reference mibs mib jnx pae extension txt Passive Monitoring MIB 0 O0 O0 0 O0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx pmon txt Ping MIB 1 1 1 1 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx ping txt Policy Objects MIB 0 0 0 0 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx js policy txt Power Supply Unit MIB 0 O0 O0 1 O0 O0 O0 O0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx power supply unit txt 50 Copyright 2014 Juniper Networks Inc Chapter 1 SNMP Table 4 Enterprise Specific MIBs and Supported Devices continued Platforms SRX Low Mid Enterprise Specific MIB End Range PPP MIB 1 1 O Oo O0 0 0 0 http www juniper net techpubs en US junos12 l topics reference mibs mib jnx ppp txt PPPoE MIB 1 1 0 O O O O 0 http Avwwjuniper net techpubs en_US junos12 1 topics reference mibs mib jnx pppoe txt Psuedowire TDM MIB o O0 O0 0 O0 http Awww juniper net techpubs en_US junos 12 1 topics reference mibs mib jnx pwtdm txt Real Time Performance Monitoring MIB 1 1 1 1 1 1 O0 O0 http www juniper net techpubs en US junos12 1 topics reference mibs mib jnx rpm txt Reverse Path Forwarding MIB 0 1 1 1 1 http www juniper net techpubs en_US j
290. peration to perform To specify more than one tracing operation include multiple flag statements all Log all SNMP events Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements general Log general events interface stats Log physical and logical interface statistics nonvolatile sets Log nonvolatile SNMP set request handling pdu Log SNMP request and response packets protocol timeouts Log SNMP response timeouts routing socket Log routing socket calls subagent Log subagent restarts timer Log internally generated events varbind error Log variable binding errors match regular expression Optional Refine the output to include lines that contain the regular expression size size Optional Maximum size in kilobytes KB of each trace file before it is closed and archived Range 10 KB through 1 GB Default 1000 KB world readable no world readable Optional By default log files can be accessed only by the user who configures the tracing operation The world readable option enables any user to read the file To explicitly set the default behavior use the no world readable option Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Tracing SNMP Activity on a Device Running Junos OS on page 297 Documentation Copyright O 2014 Juniper Ne
291. pletely use the delete view all oid oid number command but omit the include parameter view name Name of the view The remaining statement is explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring MIB Views on page 118 e Associating MIB Views with an SNMP User Group on page 157 community on page 210 Copyright O 2014 Juniper Networks Inc write view Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series OFX Series T Series write view view name edit snmp v3 vacm access group group name default context prefix context prefix context prefix security model any usm vl v2c security level authentication none privacy Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series switches Associate the write view with a community for SNMPv1 or SNMPv2c clients or a group name for SNMPv3 clients view name Narme of the view for which the SNMP user group has write permission snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring
292. points for traffic transiting your networks Ingress points are identified by the input interface Egress points are identified by destination prefixes grouped into one or more sets known as destination classes One counter is managed per interface per destination class up to a maximum of 16 counters per interface For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx dcu txt For more information see Destination Class Usage MIB DNS Objects MIB Provides support for monitoring DNS proxy queries requests responses and failures This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js dns txt For more information see DNS Objects MIB Event MIB Defines a generic trap that can be generated using an op script or event policy This MIB provides the ability to specify a system log string and raise a trap if that system log string is found For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx event txt For more information see Event MIB Copyright O 2014 Juniper Networks Inc 23 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 24 Firewall MIB Provides support for monitoring firewall filter counters Rou
293. port for RFC 4382 includes the following scalar objects and tables mplsL3VpnConfiguredVrfs e mplsL3VpnActiveVrfs e mplsL3VpnConnectedinterfaces mplsL3VpnNotificationEnable mplsL3VpnVrfConfMaxPossRts e mplsL3VpnVrfConfRteMxThrshTime e mplsL3VpnillLblRevThrsh e mplsL3VpnVrfTable e mplsL3VpnifConfTable mplsL3VpnVrfPerfTable mplsL3VpnVrfRteTable mplsVpnVrfRT Table RFC 4444 S S MIB 1 1 1 1 1 0 O RFC 4668 RADIUS Accounting Client Management O O0 O0 1 O0 O0 0 O0 Information Base MIB for IPv6 read only access Copyright O 2014 Juniper Networks Inc 17 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 3 Standard MIBs Supported on Devices Running Junos OS continued Platforms MIB RFC RFC 4670 RADIUS Accounting Client Management O O0 O0 O0 0 Information Base MIB read only access RFC 4801 Definitions of Textual Conventions for 1 1 1 1 O0 O0 0 o Generalized Multiprotocol Label Switching GMPLS Management Information Base MIB read only access RFC 4802 Generalized Multiprotocol Label 1 1 1 O0 0 0 O0 Switching GMPLS Traffic Engineering TE Management Information Base MIB read only access gmplsTunnelReversePerfTable gmplsTeScalars gmplsTunnelTable gmplsTunnelARHopTable gmplsTunnelCHopTable and gmplsTunnelErrorTable are not supported RFC 4803 Generalized Multiprotocol Label 1 1 1 1 0
294. pported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Copyright O 2014 Juniper Networks Inc EX Series LN Series M Series MX Series PTX Series OFX Series T Series message processing model v1 v2c v3 edit snmp v3 target parameters target parameter name parameters Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure the message processing model to be used when generating SNMP notifications v1I SNMPVvI message process model v2c SNMPv2c message process model v3 SNMPv3 message process model snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Message Processing Model on page 151 229 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices name Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation nonvolatile Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation 230 EX Series LN Series M Series MX Series PTX Series SRX Series T Series name name edit snmp Statement introduced befo
295. prise specific PING MIB mib jnx ping txt then loads without any issue Standard SNMP MIBs Supported by Junos OS on page 7 Juniper Networks Enterprise Specific MIBs on page 21 Filtering Duplicate SNMP Requests Supported Platforms 116 LN Series PTX Series SRX Series By default filtering duplicate get getNext and getBulk SNMP requests is disabled on devices running Junos OS If a network management station retransmits a Get GetNext or GetBulk SNMP request too frequently to the router that request might interfere with the processing of previous requests and slow down the response time of the agent Filtering these duplicate requests improves the response time of the SNMP agent Junos OS uses the following information to determine if an SNMP request is a duplicate Source IP address of the SNMP request Source UDP port of the SNMP request Request ID of the SNMP request To filter duplicate SNMP requests include the filter duplicates statement at the edit snmp hierarchy level edit snmp filter duplicates Copyright O 2014 Juniper Networks Inc Chapter 8 SNMP Related Configuring SNMP on a Device Running Junos OS on page 109 Documentation Configuring the Interfaces on Which SNMP Requests Can Be Accepted on page 117 Filtering Interface Information Out of SNMP Get and GetNext Output on page 118 Configuration Statements at the edit snmp Hierarchy Level on page 192 Configuring the Inter
296. ps MIB isismib mib 82 Trap Name isisDatabaseOverload Description Generated when the system enters or leaves the overload state isisManualAddressDrops Generated when one of the manual areaAddresses assigned to the system is ignored when computing routes isisCorruptedLSPDetected Generated when an LSP stored in memory becomes corrupted isisAttemptToExceedMaxSequence Generated when the sequence number on a generated LSP wraps the 32 bit sequence counter and the number is purged isisIDLenMismatch Generated when a protocol data unit PDU is received with a different value for the system ID length This trap includes an index to identify the circuit where the PDU was received and the PDU header isisMaxAreaAddressesMismatch Generated when a PDU with a different value for the maximum area addresses is received isisOwnLSPPurge Generated when a PDU is received with a system ID and zero age This notification includes the circuit index if available isisSequenceNumberSkip Generated when an LSP is received with a system ID and different contents indicating the LSP might require a higher sequence number isisAuthenticationTypeFailure Generated when a PDU with the wrong authentication type field is received isisAuthenticationFailure Generated when a PDU with an incorrect authentication information field is received isisVersionSkew Generated when a hello PDU f
297. r command but omit the include parameter To associate MIB views with a community include the view statement at the edit snmp community community name hierarchy level edit snmp community community name view view name For more information about the Ping MIB see RFC 2925 and the PING MIB topic Related Configuring SNMP on a Device Running Junos OS on page 109 Documentation Configuration Statements at the edit snmp Hierarchy Level on page 192 Example Ping Proxy MIB on page 119 View Configuring a MIB View on page 284 oid on page 234 Example Ping Proxy MIB Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Restrict the ping mib community to read and write access of the Ping MIB and jnxpingMIB only Read or write access to any other MIB using this community is not allowed edit snmp view ping mib view f oid 1 3 6 1 2 1 80 include pingMIB oid jnxPingMIB include jnxPingMIB community ping mib authorization read write view ping mib view The following configuration prevents the no ping mib community from accessing Ping MIB and jnxPingMIB objects However this configuration does not prevent the no ping mib community from accessing any other MIB object that is supported on the device edit snmp view no ping mib view f oid 1 3 6 1 2 1 80 exclude deny access to pingMIB objects Copyright O 2014 Juniper Networks Inc n9 SNMP MIBs and Traps Monitoring
298. r interface Fora downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx dcu txt For more information see Destination Class Usage MIB DNS Objects MIB Provides support for monitoring DNS proxy queries requests responses and failures This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx js dns txt Copyright 2014 Juniper Networks Inc Chapter 1 SNMP For more information see DNS Objects MIB Ethernet MAC MIB Monitors media access control MAC statistics on Gigabit Ethernet intelligent queuing IQ interfaces It collects MAC statistics for example inoctets inframes outoctets and outframes on each source MAC address and virtual LAN VLAN ID for each Ethernet port For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx mac txt For more information see Ethernet MAC MIB Event MIB Defines a generic trap that can be generated using an op script or event policy This MIB provides the ability to specify a system log string and raise a trap if that system log string is found For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx event txt For more information
299. r more information see Security Interface Extension Objects MIB Security Screening Objects MIB Defines the MIB for the Juniper Networks Enterprise Firewall screen functionality This MIB is currently supported only by Junos OS for SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js screening txt For more information see Security Screening Objects MIB Source Class Usage MIB Counts packets sent to customers by performing a lookup onthe IP source address and the IP destination address The Source Class Usage SCU MIB makes it possible to track traffic originating from specific prefixes on the provider core and destined for specific prefixes on the customer edge For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx scu txt For more information see Source Class Usage MIB SPU Monitoring MIB Provides support for monitoring SPUs on SRX5600 and SRX5800 devices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js spu monitoring txt For more information see SPU Monitoring Objects MIB System Log MIB Enables notification of an SNMP trap based application when an important system log message occurs For a downloadable version of this MIB see http www juniper net techpubs en US
300. r net techpubs en US junos12 1x47 topics reference mibs mib jnx ipsec flow mon txt For more information see Psec Generic Flow Monitoring Object MIB Psec Monitoring MIB Provides operational and statistical information related to the IPsec and IKE tunnels on Juniper Networks routers For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx ipsec monitor asp txt For more information see Psec Monitoring MIB Pv4 MIB Provides additional Internet Protocol version 4 IPv4 address information supporting the assignment of identical IPv4 addresses to separate interfaces For a Copyright O 2014 Juniper Networks Inc 41 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 42 downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx ipv4 txt For more information see Pv4 MIB License MIB Extends SNMP support to licensing information and introduces SNMP traps that alert users when the licenses are about to expire expire or when the total number of users exceeds the number specified in the license For a downloadable version of this MIB see http Avww juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx license txt For more information see License MIB Logical Systems MIB Provides support for logical systems security profile For a downl
301. ra a motit Rh ee eee ees 25 routing instance access auror ee hande penki Erra ED hh na 251 Sarmmple tyDpe terase eranen ea aE EE S a ae a 252 security level Defining Access Privileges 2 0 0 0 00 cee ee eee 253 security level Generating SNMP Notifications 0 0 20 254 security model Access Privileges 0 0 eee eee 255 securitysmodel GIOUD i 4 reru Eee Urb eR RA BeGae cess E REA EEG 256 security model SNMP Notifications sseeee RR RII 257 security name Community String llle 258 security name Security GroUD s eee eee 259 Copyright O 2014 Juniper Networks Inc Table of Contents security name SNMP Notifications ls 260 Ssecurity to BIOUD xxv cskaeqeruecctRVxrk ese PR dae e Row esrb eS 261 SE cp bay wings REA d x aora CEP a gua Sac aee TS NE ES PLU md d 261 so rce adcdiess suisxiweca Eua Ee eee We c Peg492 UT RP EE SUR TS 262 SEDI COMMUN esras aai iei en iA e gis Bue s dulled daos SUR nd nb ad ees 263 Startop alai ssa ve etx teats see a sop rn eb eRe deat ae Ea dotted 264 SV SOS SUIS ssi ercatauaue rs su ay uas tear ate gale CET LU NT ashe hate a Soe deus 265 Rep CCP TEM ERR EE EE PITT 265 MASS US oor Esqui A E E desine Gus ens Soe aes nae eee a 266 target address hr 267 TARAS O SAMUS IS a edn other eecpsg udi invisi SF aus edis Eust B eui des elus ect RU Cg ane 268 TORGOUS 205 aun E chat nie seat aod wired abate dro pera dta drot iot amie eases OE 269
302. raps continued System Logging Severity Defined in Trap Name snmpTrapOID Level Syslog Tag Supported On Routing Notifications BGP 4 MIB bgpEstablished 1 3 6 1 2 1 15 7 1 All devices running Junos OS bgpBackwardTransition 1 3 6 1 2 1 15 7 2 All devices running Junos OS OSPF Trap MIB ospfVirtlfStateChange 1 3 6 1 21 14 16 2 1 All devices running Junos OS ospfNbrStateChange 1 3 6 1 2114 16 2 2 All devices running Junos OS ospfVirtNbrStateChange 1 3 6 1 211416 2 3 All devices running Junos OS ospflfConfigError 1 3 6 1 2114 16 2 4 All devices running Junos OS ospfVirtlfConfigError 1 3 6 1 211416 2 5 All devices running Junos OS ospflfAuthFailure 1 3 6 1 2114 16 2 6 All devices running Junos OS ospfVirtlfAuthFailure 13 60 211416 27 All devices running Junos OS ospflfRxBadPacket 1 3 6 1 2 1 14 16 2 8 All devices running Junos OS ospfVirtlfRxBadPacket 1 3 6 1 211416 2 9 d All devices running Junos OS ospfTxRetransmit 1 3 6 1 2 114 16 210 All devices running Junos OS ospfVirtlfTxRetransmit 1 3 6 1 21 14 16 2 11 x All devices running Junos OS ospfMaxAgeLsa 1 3 6 1 21 14 16 2 13 xd All devices running Junos OS ospfifStateChange 13 61211416 216 All devices running Junos OS Copyright 2014 Juniper Networks Inc 79 SNMP MIBs and Traps Monitoring and Troubleshooting
303. rcentUsed 2 Monitors the following file system on the router or switch dev adOsle This is the configuration file system mounted on config Copyright O 2014 Juniper Networks Inc Chapter 16 Remote Monitoring Health Monitoring and Service Quality Table 17 Monitored Object Instances continued 8 0 ou Description jnxOperatingCPU REO Monitors CPU usage for Routing Engines REO and REI The index values assigned to Routing Engines depend on whether the Chassis MIB uses a zero based or ones based indexing scheme Because the indexing scheme is configurable the proper index is determined when the router or switch is initialized and when there is a configuration change If the router or switch has only one Routing Engine the alarm entry monitoring REI is removed after five failed attempts to obtain the CPU value jnxOperatingCPU RET jnxOperatingBuffer REO Monitors the amount of memory available on Routing Engines REO and REI Because the indexing of this object is identical to that used for jnxOperatingCPU index values are adjusted depending on the indexing scheme used in the Chassis MIB As with jnxOperatingCPU the alarm entry monitoring REI is removed if the router or switch has only one Routing Engine jnxOperatingBuffer RET sysApplElmtRunCPU Monitors the CPU usage for each Junos OS process also called daemon Multiple instances of the same process are monitored and indexed separately
304. rchy level edit snmp v3 snmp community community index tag tag name Copyright O 2014 Juniper Networks Inc 169 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices tag name identifies the address of managers that are allowed to use a community string Related Creating SNMPv3 Users on page 123 Documentation Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Example SNMPv3 Community Configuration on page 170 Example SNMPv3 Community Configuration Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Define an SNMP community edit snmp v3 snmp community index f community name 9 JOZi OF AtOz3 44 SECRET DATA security name john tag router Identifies managers that are allowed to use a community string target address tal f address 10 1 1 1 address mask 255 255 255 0 Defines the range of addresses port 162 tag list router target parameters tpl Applies configured target parameters Related Configuring the SNMPv3 Community on page 168 Documentation Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 170 Copyright 2014 Juniper Networks Inc CHAPTER 14 Inform Notifications Configuring the Inform Notification Type and Target Address on page 171 Example Configu
305. re 1 3 6 1 4 1 2636 4 0 Notice SNMPD_TRAP_ All devices running Conventions GEN_FAILURE Junos OS for Defining Bd coldStart 1 3 6 1 4 1 2636 0 0 Critical SNMPD_TRAP_ All devices running LD_START J the SNMP COLD S unos OS warmStart 1 3 6 1 4 1 2636 1 0 Error SNMPD_TRAP_ All devices running WARM START Junos OS 74 Copyright O 2014 Juniper Networks Inc Table 10 Standard Supported SNMP Version 1 Traps continued Definedin Trap Name Link Notifications linkDown Enterprise ID 1 3 6 1 4 1 2636 System Logging Severity Level Generic Trap Number Specific Trap Number Warning Chapter 3 SNMP Traps Syslog Tag SNMP_TRAP_ Supported On All devices running RFC 1215 Conventions LINK DOWN Junos OS for Defining ee linkUp 1 3 6 1 4 1 2636 3 o Info SNMP TRAP All devices running LINK UP J i the SNMP U onos 9S Remote Operations Notifications mms RFC 2925 pingProbeFailed 1 3 6 1 2 1 80 0 6 1 Info SNMP TRAP PING All devices running Definitions PROBE FAILED Junos OS of Managed Objects for pingTestFailed 1 3 6 1 2 1 80 0 6 2 Info SNMP_TRAP_ All devices running Remote PING_TEST_FAILED Junos OS Ping Traceroute pingTestCompleted 1 3 6 1 2 1 80 0 6 3 Info SNMP_TRAP_ All devices running ana oe PING TEST Junos OS Operations jx unos OS COMPLETED traceRoutePathChange 1 3 6 1 2 1 81 0 6 1 Info SNMP TRAP All devices running TRACE ROUTE Junos OS PATH CHANGE
306. re Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Set the system name from the command line interface name System name override snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the System Name on page 113 EX Series LN Series M Series MX Series PTX Series SRX Series T Series nonvolatile f commit delay seconds edit snmp Statement introduced before Junos OS Release 7 4 The commit delay statement introduced in Junos OS Release 9 0 for EX Series switches Configure options for SNMP Set requests The statement is explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Commit Delay Timer on page 114 commit delay on page 209 Copyright O 2014 Juniper Networks Inc notify Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series OFX Series T Series notify name tag tag name type trap inform edit snmp v3 Statement introduced before Junos OS Release 7 4 type inform option added in Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement in
307. re exposed jnxRmon 13 Class 3 jnxRmonAlarmTable 1 Objects are exposed only for the default logical system jnxLdp 14 Class 2 jnxLdpTrapVars 1 All instances within a logical system are exposed Data will not be segregated down to the routing instance level jnxCos 15 Class 3 Objects are exposed only for the default logical system jnxCoslfqStatsTable 1 jnxCosFcTable 2 jnxCosFcldTable 3 jnxCosQstatTable 4 jnxScu 16 Class 1 Only those logical interfaces and their parent physical interfaces that belong to jnxScuStatsTable 1 a specific routing instance are exposed jnxRpf 17 Class 1 Only those logical interfaces and their parent physical interfaces that belong to jnxRpfStatsTable 1 a specific routing instance are exposed jnxCfgMgmt 18 Class 3 Objects are exposed only for the default logical system jnxPMon 19 Class 1 Only those logical interfaces and their parent physical interfaces that belong to jnxPMonFlowTable 1 a specific routing instance are exposed jnxPMonErrorTable 2 jnxPMonMemoryTable 3 jnxSonet 20 Class 1 Only those logical interfaces and their jnxSonetAlarmTable 1 parent physical interfaces that belong to a specific routing instance are exposed Copyright 2014 Juniper Networks Inc 55 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 5 MIB Support for Routing Instances Juniper Networks MIBs continued S eJ Told Support Clas
308. reating SNMPv3 Users on page 123 For information about configuring a community string see Configuring the SNMPv3 Community on page 168 Copyright O 2014 Juniper Networks Inc Chapter 9 SNMPv3 e NOTE The USM security name is separate from the SNMPv1 and SNMPv2c security name If you support SNMPv1 and SNMPv2c in addition to SNMPv3 you must configure separate security names within the security to group configuration at the edit snmp v3 vacm access hierarchy level Configuring the Group After you have created SNMPv3 users or vl or v2 security names you associate them with a group A group is a set of security names belonging to a particular security model A group defines the access rights for all users belonging to it Access rights define what SNMP objects can be read written to or created A group also defines what notifications a user is allowed to receive If you already have a group that is configured with all of the view and access permissions that you want to give a user you can add the user to that group If you want to give a user view and access permissions that no other groups have or if you do not have any groups configured create a group and add the user to it To configure the access privileges granted to a group include the group statement at the edit snmp v3 vacm security to group security model usm vl v2c security name security name hierarchy level edit snmp v3 vacm security to group security m
309. ress can only be the address of the outgoing interface edit snmp trap options f agent address outgoing interface To configure the outgoing interface as the agent address edit snmp trap options f agent address outgoing interface trap group urgent dispatcher f version v1 categories link startup targets f 192 168 10 22 172 17 1 2 In this example each SNMPvI trap packet sent has its agent address value set to the IP address of the outgoing interface Adding snmpTrapEnterprise Object Identifier to Standard SNMP Traps 140 Related Documentation The snmpTrapEnterprise object helps you identify the enterprise that has defined the trap Typically the snmpTrapEnterprise object appears as the last varbind in enterprise specific SNMP version 2 traps However starting Release 10 0 Junos OS enables you to add the snmpTrapEnterprise object identifier to standard SNMP traps as well To add snmpTrapEnterprise to standard traps include the enterprise oid statement at the edit snmp trap options hierarchy level If the enterprise oid statement is not included in the configuration snmpTrapEnterprise is added only for enterprise specific traps edit snmp trap options f enterprise oid Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 144 Configuring SNMP Trap Groups on page 141 Configuring SNMP on a Device Running Junos OS on page 109 Configuration Statements
310. rfacePerfTable mplsinSegmentPerfTable mplsOutSegmentPerfTable mplsInSegmentMapTable mplsXCUp and mplsXCDown are not supported RFC 3826 The Advanced Encryption Standard 1 1 1 O0 O0 1 AES Cipher Algorithm in the SNMP User based Security Model RFC 3896 Definitions of Managed Objects forthe 1 1 1 9 O 0 0 0 DS3 E3 Interface Type except dsx3FarEndConfigTable dsx3FarEndCurrentTable dsx3FarEndintervalTable dsx3FarEndTotalTable and dsx3FracTable 16 Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Table 3 Standard MIBs Supported on Devices Running Junos OS continued Platforms Oo 0 0 RFC 4188 Definitions of Managed Objects for O0 O0 O0 1 Bridges Supports 802 1D STP 1998 Supports only the following subtrees and objects e dotldStp subtree is supported on MX Series 3D Universal Edge Routers dotidTpFdbAddress dotidTpFdbPort and dotidTpFdbStatus objects from the dotidTpFdbTable of the dotldTp subtree are supported on EX Series Ethernet Switches NOTE dotldTpLearnedEntryDiscards and dotidTpAgingTime objects are supported on M and T Series routers RFC 4318 Definitions of Managed Objects for 1 1 1 1 1 9 0 0 Bridges with Rapid Spanning Tree Protocol Supports 802 1w and 802 1t extensions for RSTP RFC 4363b Q Bridge VLAN MIB O0 o 0 1 1 0 0 o RFC 4382 MPLS BGP Layer 3 Virtual Private 1 1 1 1 1 9 0 O0 Network VPN MIB The Junos OS sup
311. right O 2014 Juniper Networks Inc Chapter 1 SNMP Table 6 Class 1 MIB Objects Standard and Juniper MIBs Class MIB Class 1 802 3ad mib Objects dot3adAgg MIB objects dot3adAggTable dot3adAggPortListTable dot3adAggPort dot3adAggPortTable dot3adAggPortStatsTable dot3adAggPortDebugTable rfc2863a mib ifTable ifXTable ifStackTable rfc201la mib ipAddrTable ipNetToMediaTable rtmib mib ipForward ipCidrRouteTable rfc2665a mib dot3StatsTable dot3ControlTable dot3PauseTable rfc2495a mib dsx1ConfigTable dsxICurrentTable dsxlIntervalTable dsx1TotalTable dsx1FarEndCurrentTable dsx1FarEndintervalTable dsx1FarEndTotalTable dsx1FracTable rfc2496a mib dsx3 dsx3ConfigTable rfc2115a mib frDicmiTable and related MIB objects rfc3592 mib sonetMediumTable and related MIB objects Copyright 2014 Juniper Networks Inc 57 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 6 Class 1 MIB Objects Standard and Juniper MIBs continued Class MIB Objects rfc3020 mib mfrMIB mfrBundleTable mfrMibBundleLinkObjects mfrBundlelfIndexMappingTable and related MIB objects ospf2mib mib All objects ospf2trap mib All objects bgpmib mib All objects rfc2819a mib Example etherStatsTable 58 Copyright 2014 Juniper Networks Inc Chapter 1 SNMP Table 6 Class 1 MIB Objects Stand
312. ring the Inform Notification Type and Target Address on page 172 Configuring the Inform Notification Type and Target Address Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series To configure the inform notification type and target information include the following statements at the edit snmp v3 hierarchy level edit snmp v3 notify name 1 tag tag name type trap inform target address target address name 1 address address address mask address mask logical system logical system port port number retry count number routing instance instance tag list tag list target parameters target parameters name timeout seconds target parameters target parameters name 1 notify filter profile name parameters f message processing model vl v2c v3 security level authentication none privacy security model usm vl v2c security name security name notify name is the name assigned to the notification Each notify entry name must be unique tag tag name defines the target addresses that are sent this notification The notification is sent to all target addresses that have this tag in their tag list The tag name is not Copyright O 2014 Juniper Networks Inc 171 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation included in the notification For information about how to configure the tag list see Configuring the Trap
313. ring the Message Processing Model on page 151 Configuring the Security Model on page 152 Configuring the Security Level on page 152 Configuring the Security Name on page 152 Configuring the Message Processing Model The message processing model defines which version of SNMP to use when generating SNMP notifications To configure the message processing model include the message processing model statement at the edit snmp v3 target parameters target parameter name parameters hierarchy level edit snmp v3 target parameters target parameter name parameters message processing model v1 v2c v3 VI SNMPviI message processing model v2c SNMPv2c message processing model v3 SNMPV3 message processing model Copyright O 2014 Juniper Networks Inc 151 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Configuring the Security Model To define the security model to use when generating SNMP notifications include the security model statement at the edit snmp v3 target parameters target parameter name parameters hierarchy level edit snmp v3 target parameters target parameter name parameters security model usm vl v2c usm SNMPv3 security model vI SNMPvI1 security model v2c SNMPv2c security model Configuring the Security Level The security level statement specifies whether the trap is authenticated and encrypted before it is sent To configure the security
314. rity to group security model v1 f security name john 1 Assigns john to the security group group san francisco called san francisco 126 Copyright O 2014 Juniper Networks Inc Chapter 9 SNMPv3 security name bob group new york security name elizabeth group chicago Related Complete SNMPv3 Configuration Statements on page 195 D tati ocumentation Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Minimum SNMPv3 Configuration on a Device Running Junos OS Supported Platforms LN Series M Series MX Series PTX Series QFX Series SRX Series T Series To configure the minimum requirements for SNMPv3 include the following statements at the edit snmp v3 and edit snmp hierarchy levels Q NOTE You must configure at least one view notify read or write at the edit snmp view name hierarchy level edit snmp view view name 1 oid object identifier include exclude edit snmp v3 notify name 1 tag tag name notify filter profile name 1 oid object identifier include exclude snmp community community index security name security name target address target address name 1 address address target parameters target parameters name target parameters target parameters name 1 notify filter profile name parameters f message processing model vl v2c v3 security level authentication none privacy security model usm vl v2c security
315. rivacy password privacy des privacy password privacy password privacy none vacm access group group name default context prefix context prefix context prefiix security model any usm v1 v2c f security level authentication none privacy f notify view view name 194 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements read view view name write view view name security to group security model usm vl v2c security name security name 1 group group name view view name oid object identifier include exclude Related Understanding the SNMP Implementation in Junos OS on page 3 D tati SEHE Configuring SNMP on a Device Running Junos OS on page 109 Complete SNMPv3 Configuration Statements Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series To configure SNMPv3 include the following statements at the edit snmp v3 and edit snmp hierarchy levels edit snmp engine id local engine id use mac address use default ip address view view name 1 oid object identifier include exclude edit snmp v3 notify name tag tag name type trap inform notify filter profile name oid object identifier include exclude snmp community community index community name community name security name security name tag tag name target address target address nam
316. rized to access the router address Address of an SNMP client that is authorized to access this router You must specify an address not a hostname To specify more than one client include multiple address options restrict Optional Do not allow the specified SNMP client to access the router snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the SNMP Community String on page 165 Copyright O 2014 Juniper Networks Inc commit delay Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series OFX Series SRX Series T Series commit delay seconds edit snmp nonvolatile Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure the timer for the SNMP Set reply and start of the commit seconds Delay between an affirmative SNMP Set reply and start of the commit Default 5 seconds snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Commit Delay Timer on page 114 Copyright O 2014 Juniper Networks Inc 209 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices community Supported Platfo
317. rks Inc CHAPTER 3 SNMP Traps Juniper Networks Enterprise Specific SNMP Traps on page 73 Standard SNMP Traps Supported on Devices Running Junos OS on page 73 Standard SNMP Version 1 Traps on page 74 Standard SNMP Version 2 Traps on page 77 Unsupported Standard SNMP Traps on page 81 Juniper Networks Enterprise Specific SNMP Traps Supported Platforms LN Series SRX Series This topic provides pointers to the enterprise specific SNMP traps supported by the Junos OS e NOTE All enterprise specific SNMP traps supported by the Junos OS can be sent in version 1 2 and 3 formats Juniper Networks Enterprise Specific SNMP Version 1 Traps Juniper Networks Enterprise Specific SNMP Version 2 Traps Juniper Networks Enterprise Specific License MIB Notifications Related Standard SNMP Traps Supported on Devices Running Junos OS on page 73 D mentation OSUMENTANS Juniper Networks Enterprise Specific MIBs on page 21 Standard SNMP MIBs Supported by Junos OS on page 7 Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 144 Managing Traps and Informs on page 289 Standard SNMP Traps Supported on Devices Running Junos OS Supported Platforms LN Series SRX Series This topic provides pointers to the standard SNMP traps supported by the Junos OS Copyright O 2014 Juniper Networks Inc 73 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices
318. rms LN Series M Series MX Series PTX Series OFX Series T Series In SNMPv3 you create traps and informs by configuring the notify target address and target parameters parameters Traps are unconfirmed notifications whereas informs are confirmed notifications This section describes how to configure SNMP traps For information about configuring SNMP informs see Configuring SNMP Informs on page 121 The target address defines a management application s address and parameters to be used in sending notifications Target parameters define the message processing and security parameters that are used in sending notifications to a particular management target SNMPv3 also lets you define SNMPvI and SNMPv2c traps e NOTE When you configure SNMP traps make sure your configured access privileges allow the traps to be sent Access privileges are configured at the edit snmp v3 vacm access and edit snmp v3 vacm security to group hierarchy levels To configure SNMP traps include the following statements at the edit snmp v3 hierarchy level edit snmp v3 notify name tag tag name type trap notify filter name oid object identifier include exclude target address target address name 1 address address address mask address mask logical system logical system port port number routing instance instance tag list tag list target parameters target parameters name target parameters target parameters name 1 not
319. rms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation 210 EX Series LN Series M Series MX Series PTX Series SRX Series T Series community community name 1 authorization authorization client list name client list name clients f address restrict view view name edit snmp Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Define an SNMP community An SNMP community authorizes SNMP clients based on the source IP address of incoming SNMP request packets A community also defines which MIB objects are available and the operations read only or read write allowed on those objects The SNMP client application specifies an SNMP community name in Get GetBulk GetNext and Set SNMP requests If you omit the community statement all SNMP requests are denied community name Community string If the name includes spaces enclose it in quotation marks The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the SNMP Community String on page 165 Copyright O 2014 Juniper Networks Inc community Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related
320. rms without the need for polling by a central SNMP management platform This is an effective mechanism for proactive management as long as the thresholds have baselines determined and set correctly For more information see RFC 2819 Remote Network Monitoring MIB Copyright 2014 Juniper Networks Inc 101 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Setting Thresholds 102 This topic includes the following sections Setting Thresholds on page 102 RMON Command Line Interface on page 103 RMON Event Table on page 103 RMON Alarm Table on page 104 Troubleshooting RMON on page 104 By setting a rising and a falling threshold for a monitored variable you can be alerted whenever the value of the variable falls outside of the allowable operational range See Figure 3 on page 102 Figure 3 Setting Thresholds Value A Coun 9 7 009 Rising threshold Allowable Operational Range 1 epee 2 MEEEM vo Falling threshold Time 9017043 Rising event Falling event Rising event Events are only generated when the threshold is first crossed in any one direction rather than after each sample period For example if a rising threshold crossing event is raised no more threshold crossing events will occur until a corresponding falling event This considerably reduces the quantity of alarms that are produced by the system making it ea
321. rom an IS running a different version of the protocol is received isisAreaMismatch Generated when a hello PDU from an IS which does not share any area address is received isisRejectedAdjacency Generated when a hello PDU from an IS is received but no adjacency is established because of a lack of resources isisLSPTooLargeToPropagate Generated when a link state PDU that is larger than the dataLinkBlockSize for a circuit is attempted but not propagated isisOriginatingLSPBufferSizeMismatch Copyright O 2014 Juniper Networks Inc Chapter 3 SNMP Traps Table 12 Unsupported Standard SNMP Traps continued MIB Trap Name Description Generated when a Level 1 link state PDU or Level 2 link state PDU is received that is larger than the local value for originating LILSPBufferSize or originating L2LSPBufferSize respectively or when a Level 1 link state PDU or Level 2 link state PDU is received containing the originating LSPBufferSize option and the value in the PDU option field does not match the local value for originating LILSPBufferSize or originating L2LSPBufferSize respectively isisProtocolsSupportedMismatch Generated when a nonpseudonode segment O link state PDU is received that has no matching protocols I3vpnmib mib mplsVrfIfUp Generated when the ifOperStatus of an interface associated with a VRF table changes to the up 1 state or when an interface with ifOperStatus up 1 is as
322. rotocols process 51452 active Management process 38284 active Periodic packet management process 9828 active Bidirectional Forwarding Detection process 13088 active Service Deployment Client 10012 active Event processing process 12692 active Layer 2 address flooding and learning process 20212 active Copyright O 2014 Juniper Networks Inc MPLS Periodic Traceroute process Multicast Snooping process Feature license management process show snmp health monitor alarms detail Chapter 22 Operational Commands 10488 active 9608 active 12372 active user host gt show snmp health monitor alarms detail Alarm Index 32770 Variable name Variable OID Sample type Startup alarm Owner Creator State Sample interval Moderate threshold High threshold Critical threshold Rising event index Falling event index Instance Value O Instance State active Alarm Index 32773 Variable name Variable OID Sample type Startup alarm Owner Creator State Sample interval Moderate threshold High threshold Critical threshold Rising event index Falling event index Instance Value O Instance State active Alarm Index 32793 Variable name Variable OID Sample type Startup alarm Owner Creator State Sample interval Rising threshold Falling threshold Rising event index Falling event index 15 20 30 40 32768 32768 15 20 30 40 32768 32768 20 104857 91750 32768 32768 jnxHrStoragePercentUsed 1
323. rprise specific traps you must obtain them from the manufacturer and compile them into your network management software For more information about enterprise specific traps supported by the Junos OS see Juniper Networks Enterprise Specific SNMP Traps on page 73 For information about system logging severity levels for SNMP traps see System Logging Severity Levels for SNMP Traps on page 6 With traps the receiver does not send any acknowledgment when it receives a trap and the sender cannot determine if the trap was received To increase reliability SNMP informs are supported in SNMPv3 An SNMP manager that receives an inform acknowledges the message with a response For information about SNMP informs see Configuring SNMP Informs on page 121 SNMP Trap Queuing The Junos OS supports trap queuing to ensure that traps are not lost because of temporary unavailability of routes Two types of queues destination queues and a throttle queue are formed to ensure delivery of traps and to control the trap traffic The Junos OS forms a destination queue when a trap to a particular destination is returned because the host is not reachable and adds the subsequent traps to the same destination to the queue The Junos OS checks for availability of routes every 30 seconds and sends the traps from the destination queue in a round robin fashion If the trap delivery fails the trap is added back to the queue and the delivery attempt cou
324. rsion of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx bfd txt For more information see Bidirectional Forwarding Detection MIB e Chassis Definitions for Router Model MIB Contains the object identifiers OIDs that are used by the Chassis MIB to identify platform and chassis components The Chassis MIB provides information that changes often whereas the Chassis Definitions for Router Model MIB provides information that changes less often For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx chas defines txt For more information see Chassis MIBs e Chassis Forwarding MIB This MIB extends the scope of health monitoring to include Junos forwarding process fwdd components For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx chassis fwdd txt For more information see Chassis Forwarding MIB Chassis MIB Provides support for environmental monitoring power supply state board voltages fans temperatures and air flow and inventory support for the chassis System Control Board SCB System and Switch Board SSB Switching and Forwarding Module SFM Flexible PIC Concentrators FPCs and PICs For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx chassis txt
325. rstanding the SNMP Implementation in Junos OS on page 3 D tati MELDEN Accounting Options Overview Understanding the Integrated Local Management Interface Supported Platforms LN Series M Series MX Series PTX Series T Series The Integrated Local Management Interface ILMI provides a mechanism for Asynchronous Transfer Mode ATM attached devices such as hosts routers and ATM switches to transfer management information ILMI provides bidirectional exchange of management information between two ATM interfaces across a physical connection ILMI information is exchanged over a direct encapsulation of SNMP version 1 RFC 1157 A Simple Network Management Protocol over ATM Adaptation Layer 5 AAL5 using a virtual path identifier virtual channel identifier VPI VCI value VPI O VCI 16 Junos OS supports only two ILMI MIB variables atmfMYIPNmAddress and atmfPortMylfname For ATM and ATM2 intelligent queuing IQ interfaces you can configure ILMI to communicate directly with an attached ATM switch to enable querying of the switch s IP address and port number For more information about the ILMI MIB see the ATM Forum at http www atmforum com Related Understanding Device Management Functions in Junos OS on page 89 Documentation Copyright O 2014 Juniper Networks Inc 91 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 92 Copyright O 2014 Juniper Networks Inc CHAPTER 6 Remote Operations
326. ry of the last 32 configuration changes is kept in jnxCmChgEventTable For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx cfgmgmt txt For more information see Configuration Management MIB Ethernet MAC MIB Monitors media access control MAC statistics on Gigabit Ethernet intelligent queuing IQ interfaces It collects MAC statistics for example inoctets inframes outoctets and outframes on each source MAC address and virtual LAN VLAN ID for each Ethernet port For a downloadable version of this MIB see http www juniper net techpubs en US junos1 2 1x47 topics reference mibs mib jnx mac txt For more information see Ethernet MAC MIB Event MIB Defines a generic trap that can be generated using an op script or event policy This MIB provides the ability to specify a system log string and raise a trap if that system log string is found For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx event txt For more information see Event MIB Firewall MIB Provides support for monitoring firewall filter counters Routers must have the Internet Processor Il ASIC to perform firewall monitoring For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx firewall txt For more information see Firewall MIB
327. s 10 Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP Table 3 Standard MIBs Supported on Devices Running Junos OS continued MIB RFC RFC 2495 Definitions of Managed Objects for the DSI El DS2 and E2 Interface Types except for dsxlFarEndConfigTable dsx1FarEndCurrentTable dsx1FarEndintervalTable dsxlFarEndTotalTable and dsxlFracTable Platforms MX 0 1 0 0 RFC 2515 Definitions of Managed Objects for ATM Management except atmVpCrossConnectTable atmVcCrossConnectTable and aal5VccTable RFC 2570 Introduction to Version 3 of the Internet standard Network Management Framework RFC 2571 An Architecture for Describing SNMP Management Frameworks read only access NOTE RFC 2571 has been replaced by RFC 3411 However Junos OS supports both RFC 2571 and RFC 3411 RFC 2572 Message Processing and Dispatching for the Simple Network Management Protocol SNMP read only access NOTE RFC 2572 has been replaced by RFC 3412 However Junos OS supports both RFC 2572 and RFC 3412 RFC 2576 Coexistence between Version 1 Version 2 and Version 3 of the Internet standard Network Management Framework NOTE RFC 2576 has been replaced by RFC 3584 However Junos OS supports both RFC 2576 and RFC 3584 RFC 2578 Structure of Management Information Version 2 SMIv2 RFC 2579 Textual Conventions for SMIv2 RFC 2580 Conformance Statements for SMIv2 RFC 2662 Def
328. s To enable SNMP managers in routing instances other than the default routing instance to access SNMP information include the routing instance access statement at the edit snmp hierarchy level edit snmp routing instance access If this statement is not included in the SNMP configuration SNMP managers from routing instances other than the default routing instance cannot access SNMP information Understanding SNMP Support for Routing Instances on page 86 Identifying a Routing Instance on page 85 e Specifying a Routing Instance in an SNMPvl or SNMPv2c Community on page 161 Configuring Access Lists for SNMP Access over Routing Instances on page 164 Specifying a Routing Instance in an SNMPv1 or SNMPv2c Community Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series You can specify the routing instance along with the client information when you add a client to an SNMP community To specify the routing instance to which a client belongs include the routing instance statement followed by the routing instance name and client information in the SNMP configuration The following example shows the configuration statement to add routing instance test ri to SNMP community community SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices e NOTE Routing instances specified at the edit snmp community community name hierarchy level are added to the default logical system in
329. s LN Series M Series MX Series PTX Series SRX Series T Series filter duplicates edit snmp Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Filter duplicate Get GetNext or GetBulk SNMP requests snmp To view this statement in the configuration snmp control To add this statement to the configuration Filtering Duplicate SNMP Requests on page 116 Copyright O 2014 Juniper Networks Inc filter interfaces Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series SRX Series T Series filter interfaces interfaces all internal interfaces interface 1 interface 2 edit snmp Statement introduced in Junos OS Release 9 4 Statement introduced in Junos OS Release 9 4 for EX Series Switches Filter out information related to specific interfaces from the output of SNMP Get and GetNext requests performed on interface related MIBs all internal interfaces Filters out information from SNMP Get and GetNext requests for the specified interfaces interfaces Specifies the interfaces to filter out from the output of SNMP Get and GetNext requests snmp To view this statement in the configuration snmp control To add this statement to the configura
330. s 0 94053327 jnxJsPolicySystemStatsTotalAl lowIPv4PacketsRate 0 21 jnxJsPolicySystemStatsTotalAllowIPv4BytesRate 0 1012 jnxJsPolicySystemStatsTotalDropIPv4Packets 0 257 jnxJsPolicySystemStatsTotalDropIPv4Bytes 0 40298 jnxJsPolicySystemStatsTotalDropIPv4PacketsRate 0 0 jnxJsPolicySystemStatsTotalDropIPv4BytesRate 0 0 jnxJsPolicySystemStatsTotalAllowIPv4Flows 0 1 jnxJsPolicySystemStatsTotalAllowIPv4FlowsRate 0 0 show snmp mib walk jnxJsPolicySystemStatsTotalAllowIPv4Packets user host gt show snmp mib walk jnxJsPolicySystemStatsTotalAllowlPv4Packets jnxJsPolicySystemStatsTotalAl lowIPv4Packets 0 10347 326 Copyright 2014 Juniper Networks Inc PART 4 Index Index on page 329 Copyright O 2014 Juniper Networks Inc 327 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 328 Copyright O 2014 Juniper Networks Inc Index Symbols comments in configuration statements xviii in syntax descriptions var log mib2d Bn i e re ANatr log snimpd file tae lt gt in syntax descriptions enne xviii in configuration statements see xviii in configuration statements s xviii pipe in syntax descriptions e xviii A AAA Objects MIB sac ein cle 21 33 39 Access Authentication Objects MIB 21 28 33 39 access statement usage guidelines
331. s 308 Policy Objects MIB cscs 26 31 36 42 port statement SNMPY3 tiii Oa 236 usage guidelines see 149 siia Sealine 9 prefix list adding to SNMP community privacy 3des statement sssseeeeretetenens 237 sage guldelines ei tenda 131 privacy aes128 statement 238 usage guldelimnas cities privacy des staternent sete usage guidelines enne privacy none statement usage guidelines sene privacy password StatEMENt cesses 24 usage guidelines for 3DES algorithm sss 13 for AES algorithm eere 130 for DES algorithm eee 13 R read view statement sss 242 usage guidelines senes 158 remote operations MIBS sss 95 remote engine statement sss 243 request type statement 244 RMON usage guidelines see 180 332 retry count StATEMENL ccccessscsesesesststsescsessseseteeeesesees 245 usage guidelines entren 171 Reverse Path Forwarding MIB 26 31 37 42 rising event index statement sese 245 usage guidelines rising threshold statement health monitor reete 247 Ne m 246 RMON alarm entries essssseeenetees 78 RMON alarrms sesenta ttnntn tana 97
332. s 90 of the value of ospfExtLsdbLimit Copyright O 2014 Juniper Networks Inc 83 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 12 Unsupported Standard SNMP Traps continued MIB rfc1747 mib Trap Name Description sdlcPortStatusChange Generated when the state of an SDLC port transitions to active or inactive sdlcLSStatusChange Generated when the state of an SDLC link station transitions to contacted or disconnected rfc2115a mib frDLCIStatusChange Generated when a virtual circuit changes state has been created or invalidated or has toggled between the active and inactive states rfc2662 mib adslAtucRateChangeTrap Generated when the ATUCs transmit rate has changed RADSL mode only adslAtucPerfLofsThreshTrap Generated when the loss of framing 15 minute interval threshold is reached adslAtucInitFailureTrap Generated when ATUC initialization fails adslAturPerfLprsThreshTrap Generated when the loss of power 15 minute interval threshold is reached adslAturRateChangeTrap Generated when the ATURs transmit rate changes RADSL mode only rfc3020 mib mfrMibTrapBundleLinkMismatch Generated when a bundle link mismatch is detected rfc3813 mib mplsXCUp Generated when mplsXCOperStatus for one or more contiguous entries in mplsXCTable enters the up 1 state from some other state mplsXCDown Generated when mplsXCOperStatus for one or more contiguou
333. s Description Notes jnxAtmCos 21 Class 1 Only those logical interfaces and their parent physical interfaces that belong to jnxCosAtmVcTable 1 a specific routing instance are exposed jnxCosAtmScTable 2 jnxCosAtmVcQstatsTable 3 jnxCosAtmTrunkTable 4 ipSecFlowMonitorMIB 22 jnxMac 23 Class 1 Only those logical interfaces and their parent physical interfaces that belong to jnxMacStats 1 a specific routing instance are exposed apsMIB 24 Class 3 Objects are exposed only for the default logical system jnxChassisDefines 25 Class 3 Objects are exposed only for the default logical system jnxVpnMIB 26 Class 2 All instances within a logical system are exposed Data will not be segregated down to the routing instance level jnxSericesInfoMib 27 Class 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxCollectorMIB 28 Class 1 Only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed jnxHistory 29 jnxSpMIB 32 Class 3 Objects are exposed only for the default logical system Table 6 on page 57 shows Class 1 MIB objects standard and enterprise specific MIBs supported by Junos OS With Class 1 objects only those logical interfaces and their parent physical interfaces that belong to a specific routing instance are exposed 56 Copy
334. s entries in mplsXCTable enters the down 2 state from some other state Related Documentation 84 Juniper Networks Enterprise Specific SNMP Traps on page 73 Standard SNMP Traps Supported on Devices Running Junos OS on page 73 Juniper Networks Enterprise Specific MIBs on page 21 Standard SNMP MIBs Supported by Junos OS on page 7 Copyright O 2014 Juniper Networks Inc CHAPTER 4 Routing Instances Identifying a Routing Instance on page 85 Understanding SNMP Support for Routing Instances on page 86 Trap Support for Routing Instances on page 87 Identifying a Routing Instance Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series With this feature routing instances are identified by either the context field in v3 requests or encoded in the community string in vl or v2c requests When encoded in a community string the routing instance name appears first and is separated from the actual community string by the character To avoid conflicts with valid community strings that contain the character the community is parsed only if typical community string processing fails For example if a routing instance named RI is configured an SNMP request with RI public is processed within the context of the RI routing instance Access control views source address restrictions access privileges and so on is applied according to the actual community string the set of data after the char
335. s monitored by the alarm entry alarmSampleType The method of sampling the selected variable and calculating the value to be compared against the thresholds alarmValue The value of the variable during the last sampling period This value is compared with the rising and falling thresholds alarmStartupAlarm The alarm sent when the entry is first activated alarmRisingThreshold The upper threshold for the sampled variable alarmFallingThreshold The lower threshold for the sampled variable alarmRisingEventIndex The eventTable entry used when a rising threshold is crossed alarmFallingEventIndex The eventTable entry used when a falling threshold is crossed alarmStatus Method for adding and removing entries from the table It can also be used to change the state of an entry to allow modifications NOTE If this object is not set to valid the associated event alarm does not take any action The jnxRmonAlarmTable is a Juniper Networks enterprise specific extension to alarmTable It provides additional operational information and includes the following objects jnxRmonAlarmGetFailCnt The number of times the internal Get request for the variable monitored by this entry has failed jnxRmonAlarmGetFailTime The value of sysUpTime when an internal Get request for the variable monitored by this entry last failed jnxRmonAlarmGetFailReason The reason an internal Get request for the variable mon
336. s or a subtree name snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Trap Notification Filter on page 141 Copyright O 2014 Juniper Networks Inc 235 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices parameters Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation port Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation 236 EX Series LN Series M Series MX Series PTX Series OFX Series T Series parameters message processing model vl v2c v3 security level none authentication privacy security model usm v1 v2c security name security name edit snmp v3 target parameters target parameters name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure a set of target parameters for message processing and security The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Defining and Configuring the Trap Target Parameters on page 150 EX Series LN Ser
337. s128 f privacy password privacy password privacy des privacy password privacy password privacy 3des f privacy password privacy password privacy none privacy password privacy password edit snmp v3 usm Statement introduced in Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Configure the remote engine information for the user based security model USM To send inform messages to an SNMPv3 user on a remote device you must configure the engine identifier for the SNMP agent on the remote device where the user resides engine id Engine identifier Used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Remote Engine and Remote User on page 293 Copyright O 2014 Juniper Networks Inc 243 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices request type Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 244 EX Series LN Series M Series MX Series PTX Series T Series request type get next request get request walk request
338. scription Options EX Series LN Series M Series MX Series PTX Series SRX Series T Series traceoptions f file filename files number match regular expression gt size size world readable no world readable gt flag flag no remote trace edit snmp Statement introduced before Junos OS Release 7 4 file filename option added in Junos OS Release 8 1 world readable no world readable option added in Junos OS Release 8 1 match regular expression option added in Junos OS Release 8 1 Statement introduced in Junos OS Release 9 0 for EX Series switches The output of the tracing operations is placed into log files in the var log directory Each log file is named after the SNMP agent that generates it Currently the following logs are created in the var log directory when the traceoptions statement is used e chassisd e craftd e ilmid mib2d rmopd e serviced snmpd file filename By default the name of the log file that records trace output is the name of the process being traced for example mib2d or snmpd Use this option to specify another name files number Optional Maximum number of trace files per SNMP subagent When a trace file for example snmpd reaches its maximum size it is archived by being renamed to snmpd O The previous snmpd 1 is renamed to snmpd 2 and so on The oldest archived file is deleted Range 2 through 1000 files Default 10 files flag flag Tracing o
339. scription Options Required Privilege Level Related Documentation Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series SRX Series T Series targets f adaress edit snmp trap group group name Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure one or more systems to receive SNMP traps address Pv4 or IPv6 address of the system to receive traps You must specify an address not a hostname snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SNMP Trap Groups on page 141 LN Series timeout seconds edit snmp v3 target address target address name Statement introduced in Junos OS Release 7 4 Configure the timeout period in seconds for SNMP informs seconds Number of seconds to wait for an inform acknowledgment If no acknowledgment is received within the timeout period the inform is retransmitted Default 15 snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SNMP Informs on page 121 retry count on page 245 269 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices traceoptions Supported Platforms Syntax Hierarchy Level Release Information 270 De
340. security name At the edit snmp v3 target address target address name hierarchy level target parameters target parameters name Hierarchy Level edit snmp v3 edit snmp v3 target address target address name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Description Configure the message processing and security parameters for sending notifications to a particular management target The target parameters are configured at the edit snmp v3 hierarchy level The remaining statements at this level are explained separately Then apply the target parameters configured at the edit snmp v3 target parameters target parameters name hierarchy level to the target address configuration at the edit snmp v3 hierarchy level Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Defining and Configuring the Trap Target Parameters on page 150 D tati oan Applying Target Parameters on page 150 268 Copyright O 2014 Juniper Networks Inc targets Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation timeout Supported Platforms Syntax Hierarchy Level Release Information De
341. ser 0 0 00 eee 293 Example Configuring the Remote Engine ID and Remote Users 294 Chapter 20 Tracirig ACTIV ING su iate ome noni retorno Ere os iege cac Ege Eon wearers A a iii 297 Tracing SNMP Activity on a Device Running Junos OS 000 000s 297 Configuring the Number and Size of SNMP Log Files 298 Configuring Access to the Log File 0 en 298 Configuring a Regular Expression for Lines to BeLogged 299 Configuring the Trace Operations sseeeee eee 299 Example Tracing SNMP Activity sse RII 300 Copyright O 2014 Juniper Networks Inc ix SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Chapter 21 Ping Tests umo 2 55 er tanine te Eon Saeed wears cng Gears wee heen aie elena kee 303 Starting a Cie TesE asco oad ages oto watads dera gt Pp S qud 303 Using Multiple Set Protocol Data Units PDUs 005 304 Using a Single Set PD zudem rr rex wa dod ad eed arie 304 Monitoring a Running Ping Test l l 304 pingResultsTable 22232 vv p pTes base wary See wore e ease dadadiedannsoawe 304 pingProbeHistoryTable 0 eee eens 306 Generating TES zu me oe te oa reg Toa ct SCORES KE TC ce hata dented 307 Gathering Ping Test Results llle ee 307 Stopping a PINE Wests sso arare hoy RVREAN Y erode esas aed he a4 PU PS 309 Interpreting Ping Variables 0 0 II 309 Chapter 22 Operational Commands 2 int
342. sier for operations staff to react when alarms do occur To configure remote monitoring specify the following pieces of information The variable to be monitored by its SNMP object identifier The length of time between each inspection Arising threshold A falling threshold Arising event A falling event Before you can successfully configure remote monitoring you should identify what variables need to be monitored and their allowable operational range This requires some period of baselining to determine the allowable operational ranges An initial baseline Copyright O 2014 Juniper Networks Inc Chapter 7 Remote Monitoring Health Monitoring and Service Quality period of at least three months is not unusual when first identifying the operational ranges and defining thresholds but baseline monitoring should continue over the life span of each monitored variable RMON Command Line Interface Junos OS provides two mechanisms you use to control the Remote Monitoring agent on the router command line interface CLI and SNMP To configure an RMON entry using the CLI include the following statements at the edit snmp hierarchy level rmon alarm index description falling event index falling threshold intervals rising event index rising threshold sample type absolute value delta value startup alarm falling rising rising or falling variable event index f community description type
343. snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name address mask address mask Copyright O 2014 Juniper Networks Inc Chapter 10 SNMP Traps address mask combined with the address defines a range of addresses For information about how to configure the community string see Configuring the SNMPv3 Community on page 168 Configuring the Port By default the UDP port is set to 162 To configure a different port number include the port statement at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name port port number port number is the SNMP target port number Configuring the Routing Instance Traps are sent over the default routing instance To configure the routing instance for sending traps include the routing instance statement at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name routing instance instance instance is the name of the routing instance To configure a routing instance within a logical systern specify the logical system name followed by the routing instance name Use a slash to separate the two names for example test lr test ri To configure the default routing instance on a logical system specify the logical system name followed by default for example test lr default Configuring the Trap Targe
344. sociated with a VRF table mplsVrflfDown Generated when the ifOperStatus of an interface associated with a VRF table changes to the down 1 state or when an interface with ifOperStatus up 1 state is disassociated from a VRF table mplsNumVrfRouteMidThreshExceeded Generated when the number of routes contained by the specified VRF table exceeds the value indicated by mplsVrfMidRouteThreshold mplsNumVrfRouteMaxThreshExceeded Generated when the number of routes contained by the specified VRF table reaches or attempts to exceed the maximum allowed value as indicated by mplsVrfMaxRouteThreshold mplsNumVrfSecillglLblThrshExcd Generated when the number of illegal label violations on a VRF table as indicated by mplsVpnVrfSeclllegalLblVltns has exceeded mplsVpnVrfSeclllegalLblRcvThrsh msdpmib mib msdpEstablished Generated when the Multicast Source Discovery Protocol MSDP finite state machine FSM enters the Established state msdpBackwardTransition Generated when the MSDP FSM moves from a higher numbered state to a lower numbered state ospf2trap mib ospfOriginateLsa Generated when anew LSA is originated by the router because of a topology change ospfLsdbOverflow Generated when the number of LSAs in the router s link state database exceeds the value of ospfExtLsdbLimit ospfLsdbApproachingOverflow Generated when the number of LSAs in the router s link state database exceed
345. ss Privileges Granted to a Group on page 156 Example Access Privilege Configuration on page 159 Defining Access Privileges for an SNMP Group Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series The SNMP version 3 SNMPv3 uses the view based access control model VACM which allows you to configure the access privileges granted to a group Access is controlled by filtering the MIB objects available for a specific operation through a predefined view You assign views to determine the objects that are visible for read write and notify operations for a particular group using a particular context a particular security model v1 v2c or usm and particular security level authenticated privacy or none For information about how to configure views see Configuring MIB Views on page 118 You define user access to management information at the edit snmp v3 vacm hierarchy level All access control within VACM operates on groups which are collections of users as defined by USM or community strings as defined in the SNMPv1 and SNMPv2c security models The term security name refers to these generic end users The group to which a specific security name belongs is configured at the edit snmp v3 vacm security to group hierarchy level That security name can be associated with a group defined at the edit snmp v3 vacm security to group hierarchy level A group identifies a collection of SNMP Users that shar
346. ssword privacy des privacy password authentication password user user5 authentication sha authentication password authentication password privacy aes128 privacy password authentication password Related Complete SNMPv3 Configuration Statements on page 195 D tati acean Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Copyright O 2014 Juniper Networks Inc 135 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 136 Copyright O 2014 Juniper Networks Inc CHAPTER 10 SNMP Traps Configuring SNMP Trap Options on page 137 Configuring the Trap Notification Filter on page 141 Configuring SNMP Trap Groups on page 141 Configuring SNMP Trap Options and Groups on a Device Running Junos OS on page 144 Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Configuring the SNMPv3 Trap Notification on page 146 Example Configuring SNMP Trap Groups on page 147 Configuring the Trap Target Address on page 147 Defining and Configuring the Trap Target Parameters on page 150 Example Configuring SNMPv3 Trap Notification on page 153 Configuring SNMP Trap Options Supported Platforms LN Series M Series MX Series PTX Series SRX Series T Series Using SNMP trap options you can set the source address of every SNMP trap packet sent by the router to a single address regardless of the outgoing interface In addition you can s
347. statement at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name target parameters target parameters name target parameters name is the name associated with the message processing and security parameters that are used in sending notifications to a particular management target Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Configuring the SNMPv3 Trap Notification on page 146 Configuring the Trap Notification Filter on page 141 Defining and Configuring the Trap Target Parameters on page 150 Configuring SNMP Informs on page 121 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Example Configuring the Tag List on page 134 Defining and Configuring the Trap Target Parameters Supported Platforms 150 LN Series M Series MX Series PTX Series SRX Series T Series Target parameters define the message processing and security parameters that are used in sending notifications to a particular management target To define a set of target parameters include the target parameters statement at the edit snmp v3 hierarchy level edit snmp v3 target parameters target parameters name target parameters name is the name assigned to the target parameters To configure target parameter properties include the following statements at the edit snmp
348. stem name for SNMP v1 and v2c clients Include at the edit snmp trap options hierarchy level to specify a logical system address as the source address of an SNMP trap Include at the edit snmp v3 target address hierarchy level to specify a logical system name as the destination address for an SNMPv3 trap or inform logical system name Name of the logical system routing instance routing instance name Statement to specify a routing instance associated with the logical system snmp To view this statement in the configuration snmp control To add this statement to the configuration e Specifying a Routing Instance in an SNMPvl or SNMPv2c Community on page 161 Configuring the Trap Target Address on page 147 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements logical system trap filter Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series logical system trap filter edit snmp Statement introduced in Junos OS Release 8 4 Restrict the routing instances from receiving traps that are not related to the logical system networks to which they belong snmp To view this statement in the configuration snmp control To add this statement to the configuration Trap Support for Routing Instances on page 87 message processing model Su
349. t critical threshold Percentage of critical threshold level resource utilization Default 90 percent traceoptions Enable tracing of system health monitoring daemon action Enable action for all resources Default If action is not enabled the default is prevent f WARNING If the system health management action for an affected resource is configured to recover then certain instrusive operations necessary for preventing system breakdown are taken Instrusive operations can include restarting or terminating processes deleting files and so on Such action information is logged in the system health management history and system log Required Privilege security To view this statement in the configuration Level security control To add this statement to the configuration Copyright O 2014 Juniper Networks Inc 249 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices routing instance Supported Platforms Syntax Hierarchy Level Release Information 250 Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series PTX Series SRX Series T Series routing instance routing instance name edit snmp community community name edit snmp community community name logical system logical system name edit snmp trap group group Statement introduced in Junos OS Release 8 3 Added to the edit snmp community c
350. t Retrieve and display one or more SNMP object values get next Retrieve and display the next SNMP object values walk Retrieve and display the SNMP object values that are associated with the requested object identifier OID When you use this option the Junos OS displays the objects below the subtree that you specify ascii Display the SNMP object s string indices as an ASCII key representation decimal Display the SNMP object values in the decimal default format The decimal option is the default option for this command Therefore issuing the show snmp mib get get next walk decimal object id and the show snmp mib get get next walk object id commands display the same output object id The object can be represented by a sequence of dotted integers such as 1 3 6 1 2 1 2 or by its subtree name such as interfaces When entering multiple objects enclose the objects in quotation marks NOTE On all high end SRX Series devices the show snmp mib command will not display the output for security related MIBs We recommend that you use an SNMP client and prefix logical system name to the community name For example if the community is public use default public for default root logical system snmp To view this statement in the configuration SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices show snmp mib walk standalone on page 325 show snmp mib walk HA on page 325 show
351. t Address Each target address statement can have one or more tags configured in its tag list Each tag can appear in more than one tag list When a significant event occurs on the network device the tag list identifies the targets to which a notification is sent To configure the tag list include the tag list statement at the edit snmp v3 target address target address name hierarchy level edit snmp v3 target address target address name tag list tag list tag list specifies one or more tags as a space separated list enclosed within double quotes For an example of tag list configuration see Example Configuring the Tag List on page 134 For information about how to specify a tag at the edit snmp v3 notify notify name hierarchy level see Configuring the SNMPv3 Trap Notification on page 146 Q NOTE When you configure SNMP traps make sure your configured access privileges allow the traps to be sent Configure access privileges at the edit snmp v3 vacm access hierarchy level Copyright O 2014 Juniper Networks Inc 149 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Applying Target Parameters Related Documentation The target parameters statement at the edit snmp v3 hierarchy level applies the target parameters configured at the edit snmp v3 target parameters target parameters name hierarchy level To reference configured target parameters include the target parameters
352. t O 2014 Juniper Networks Inc Table of Contents Configuring the Interfaces on Which SNMP Requests Can Be Accepted 117 Example Configuring Secured Access List Checking llle 117 Filtering Interface Information Out of SNMP Get and GetNext Output 118 Configuring MIB VIeWS x zuo Tarea mecha ad nd octet ewes Race que pen eS o 118 Example Ping Proxy MIB lsseeeeee RR IRR RR 119 Configuring the Local Engine ID 1 llli 120 Configuring SNMP Informs ss cni currens rasta egne RR RR RI RR has 121 Chapter 9 SNMPV3 omarm uf rire 6h 919 0 5 dame dane nn ties alea map aii ca a e d 123 Creating SNMBPwV3 USets ux neuer xmv ERG daa argos Gea aw on 123 Example SNMPv3 Configuration 0 0 0c RR 124 Minimum SNMPv3 Configuration on a Device Running Junos OS 127 Configuring the SNMPv3 Authentication Type 0 000 eee ee 128 Contisvring MDS AUTHENTICATION 4 2x ERIS E EROR I ER E RR 29 Configuring SHA Authentication eee 129 Configuring No Authentication le I 129 Configuring the Encryption Type lsssssesee RII 130 Configuring the Advanced Encryption Standard Algorithm 130 Configuring the Data Encryption Algorithm 0 0 2 0 ee eee 131 Configuring Triple DES asantas pi eet eee eee 131 Configuring No Encryption nado eee ae die b QURE Fc Rok 131 Assigning Security Model and Security Name to a Group 000 0s 132 Configuring the Securi
353. t a eq Seres d ope eed did p eua d een Seale da 216 cn ge C M 216 falling event index creus eriaren er rs 217 falling threshold 0 0 RR rna 218 Tallingsthleshold xvoenio dede mod cr yv WES NI e Gk dr eq aT qe Cu ad g does 219 falling threshold interval lee RR RR 220 Copyright O 2014 Juniper Networks Inc vii SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices viii filterscluplieatbes x s arzt eto Ene Gaede Eon Serv RE Ene E S US p CR EE 220 filter intel faces auos mpm a RR e ERPTLSensA A RR ISa Air a S RP Pau 221 sroup Configuring Group Name isses xeu coed EEG neous quy RR dea 222 group Defining Access Privileges for an SNMPv3 Group 005 223 health monitor 0 ehh 223 AUC TACOS e M EAR TET RATE TUTTI bd tLe Bode ere ane eee ane eae 224 giis MR EE TRECE 224 Menal RENE TUNER REP IC ERAN EET ee ve een DRE 225 local engllie a usssuau sme eese pute kgretssegsmsas das beau agri 226 efecto otras Sash sre ch TOU DTE ITERUM 227 logical SySterm isse e eerte perpe E ER ose RU GER wap wale go e hin 228 logical system trap filter 2 0 Ren 229 message processing model 1 0 In 229 Hame sce g casas ae ue da oe Sees ee ate ats eo ae E as ot ata wae ee 230 MOMVOUAULCY x ote cocti sun dg asta y sunu Peake es duin tet aUe ohne E LEE 230 fold ER RR ER ERR TCU ERES TET RESET 231 notify filter Applying to the Management Target 000e eee ee 232 notify
354. t interfaces fe 1 1 0 fastether options 802 3ad ae0 edit interfaces fe 1 1 1 fastether options 802 3ad ae0 edit routing instances INFrtd instance type virtual router interface fe 1 1 0 0 interface fe 1 1 1 0 interface fe 1 1 5 0 interface aeO O protocols ospf f area 0 0 0 0 f interface all The following snmpwalk command shows how to retrieve SNMP related information from router and the 802 3ae bundle interface belonging to routing instance INFrtd with the SNMP community public router snmpwalk Os router INFrtd public dot3adAggTable dot3adAggMACAddress 59 0 90 69 92 93 fO dot3adAggMACAddress 65 0 90 69 92 93 f0 dot3adAggActorSystemPriority 59 O dot3adAggActorSystemPriority 65 O dot3adAggActorSystemlD 59 0 0 0 0 0 0 dot3adAggActorSystemlD 65 0 0 0 0 0 0 dot3adAggAggregateOrIndividual 59 true 1 dot3adAggAggregateOrIndividual 65 true 1 dot3adAggActorAdminKey 59 O dot3adAggActorAdminKey 65 O dot3adAggActorOperKey 59 O dot3adAggActorOperKey 65 O Copyright O 2014 Juniper Networks Inc 163 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Related Documentation dot3adAggPartnerSystemlD 59 0 0 0 0 0 0 dot3adAggPartnerSystemlD 65 0 0 0 0 0 0 dot3adAggPartnerSystemPriority 59 O dot3adAggPartnerSystemPriority 65 O dot3adAggPartnerOperKey 59 O dot3adAggPartnerOperKey 65 O dot3adAggCollectorMaxDelay 59 O dot3adAggCollectorMax
355. t introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the OFX Series Configure MD5 as the authentication type for the SNMPv3 user D NOTE You can only configure one authentication type for each SNMPv3 user The remaining statement is explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring MD5 Authentication on page 129 Copyright O 2014 Juniper Networks Inc 201 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices authentication none Supported Platforms LN Series M Series MX Series QFX Series T Series Syntax authentication none Hierarchy Level edit snmp v3 usm local engine user username edit snmp v3 usm remote engine engine id user username Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Description Configure that there should be no authentication for the SNMPv3 user C NOTE You can configure only one authentication type for each SNMPv3 user Required Privilege snmp To view this statement in the configuration Level snmp control To add this statement to the configuration Related Configuring No Authentication on page 129
356. tatement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches The community name defines an SNMP community The SNMP community authorizes SNMPv1 or SNMPv2 clients The access privileges associated with the configured security name define which MIB objects are available and the operations notify read or write allowed on those objects community name Community string for an SNMPvI or SNMPv2c community If unconfigured it is the same as the community index If the name includes spaces enclose it in quotation marks Q NOTE Community names must be unique You cannot configure the same community name at the edit snmp community and edit snmp v3 snmp community community index hierarchy levels The community name at the edit snmp v3 snmp community community index hierarchy level is encrypted and not displayed in the command line interface CLI snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the SNMPv3 Community on page 168 Copyright O 2014 Juniper Networks Inc contact Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation description Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapt
357. tatement introduced in Junos OS Release 8 3 Statement introduced in Junos OS Release 9 0 for EX Series switches Specify a routing instance for an SNMPv3 trap target routing instance name Name of the routing instance To configure a routing instance within a logical system specify the logical system name followed by the routing instance name Use a slash to separate the two names for example test ls test ri To configure the default routing instance on a logical system specify the logical system name followed by default for example test Is default snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Trap Target Address on page 147 routing instance access Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation LN Series M Series MX Series PTX Series SRX Series T Series edit snmp routing instance access f access list f routing instance routing instance restrict edit snmp Statement introduced in Junos OS Release 8 4 Enable SNMP managers in routing instances other than the default routing instance to access SNMP information For information about the access list option see access list snmp To view this statement in the configuration snmp control To add this statement to the configuration Enabling SNMP Access over Routing
358. tation List of Sample Output Output Fields LN Series SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 show snmp health monitor routing engine history resource cpu memory open files count process count storage temperature Statement introduced in Junos OS Release 12 1X44 D10 for branch SRX Series devices Statement modified in Junos OS Release 12 1X45 D1O Display the health monitoring information collected for a Routing Engine brief Displays brief health monitor history extensive Displays extensive health monitor history terse Displays terse health monitor history view Show snmp health monitor on page 312 show snmp health monitor routing engine history on page 319 show snmp health monitor routing engine history extensive on page 320 show snmp health monitor routing engine history terse on page 321 Table 23 on page 318 describes the output fields for the show snmp health monitor routing engine history command Output fields are listed in the approximate order in which they appear Table 23 show snmp health monitor routing engine history Output Fields Field Name Field Description Resource Name of the health monitor object instance being monitored Event Displays the latest event and time associated with the resource The available events are e Moderate Rising e High Rising e Critical Rising Moderate Falling e High Falling e Critical Falling 318 Copyright 2
359. tement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Upper threshold for the sampled variable When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval is less than this threshold a single event is generated A single event is also generated if the first sample after this entry becomes valid is greater than or equal to this threshold and the associated startup alarm value is equal to the falling alarm or rising or falling alarm value After a rising event is generated another rising event cannot be generated until the sampled value falls below this threshold and reaches the falling threshold integer The lower threshold for the alarm entry Range 2 147 483 648 through 2 147 483 647 snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Falling Threshold or Rising Threshold on page 179 falling threshold on page 219 Copyright O 2014 Juniper Networks Inc rising threshold Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation rmon Supported Platforms Syntax Hierarchy Level Release Information Description Required Privilege Level Related Documentation Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration
360. terfaces This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js if ext txt For more information see Security Interface Extension Objects MIB e Security Screening Objects MIB Defines the MIB for the Juniper Networks Enterprise Firewall screen functionality This MIB is currently supported by Junos OS for SRX Series devices only For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js screening txt For more information see Security Screening Objects MIB Copyright O 2014 Juniper Networks Inc Chapter 1 SNMP e Source Class Usage MIB Counts packets sent to customers by performing a lookup on the IP source address and the IP destination address The Source Class Usage SCU MIB makes it possible to track traffic originating from specific prefixes on the provider core and destined for specific prefixes on the customer edge For a downloadable version of this MIB see http www juniper net techpubs en_US junos12 1x47 topics reference mibs mib jnx scu txt For more information see Source Class Usage MIB SPU Monitoring MIB Provides support for monitoring SPUs on all high end SRX Series devices For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference
361. ters must have the Internet Processor Il ASIC to perform firewall monitoring For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx firewall txt For more information see Firewall MIB Host Resources MIB Extends the hrStorageTable object providing a measure of the usage of each file system on the router in percentage format Previously the objects in the hrStorageTable measured the usage in allocation units hrStorageUsed and hrStorageAllocationUnits only Using the percentage measurement you can more easily monitor and apply thresholds on usage For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx hostresources txt For more information see Host Resources MIB IDP Objects MIB Provides support for monitoring SNMP IDP queries requests responses and failures This MIB defines the key monitoring and threshold crossing trap support IDP database update status and trap support attack related monitoring and trap support for all SRX Series devices This MIB models IDP attributes specific to the appropriate Juniper Networks implementation For a downloadable version of this MIB see http www juniper net techpubs en US junos12 1x47 topics reference mibs mib jnx js idp txt For more information see DP MIB Interface MIB Extends the standard ifTable RFC 2863 with additional st
362. terval on page 225 local engine on page 226 location on page 227 logical system on page 228 logical system trap filter on page 229 message processing model on page 229 name on page 230 nonvolatile on page 230 notify on page 231 notify filter Applying to the Management Target on page 232 notify filter Configuring the Profile Name on page 232 notify view on page 233 oid on page 234 oid on page 235 parameters on page 236 port on page 236 privacy 3des on page 237 privacy aes128 on page 238 privacy des on page 239 privacy none on page 240 privacy password on page 241 read view on page 242 remote engine on page 243 request type on page 244 retry count on page 245 rising event index on page 245 rising threshold on page 246 190 Copyright O 2014 Juniper Networks Inc Chapter 17 Configuration Statements e rising threshold on page 247 rmon on page 247 routing engine SNMP Resource Level on page 248 routing engine SNMP Global Level on page 249 routing instance on page 250 routing instance on page 251 routing instance access on page 251 sample type on page 252 e security level Defining Access Privileges on page 253 e security level Generating SNMP Notifications on page 254 e Security model Access Privileges on page 255 Security model Group on page 256 Security model SNMP Notifications on page 257
363. th daca ees 98 Understanding RMON EventsS 0 0 ccc e e n 99 event Table chaired dade dE daa Edad shee aged Seas tad as ced 99 Understanding Measurement Points Key Performance Indicators and Baseline MANES MN ecc a aa Stes are a E dM 100 Measurement PONS sasse sasien etid fex eREEOPOPdRQqU sae eded es 100 Basic Key Performance Indicators ccc eee 101 Setting Baselines s cwssecdu sca cides ges wae Seb PA EE ewes 101 Understanding RMON for Monitoring Service Quality 0005 101 Setting THVeSHOIGS 22 4 5 sva eew taser ESeWEOPUEPSORE PP D IMP eae 102 RMON Command Line Interface lille 103 RMON Event Table asd e qucm d Ambo EORR air DOE SUR Qa Glare Sees SOOO Pops 103 RMON Alarm Table eere tcner eiramine raa 104 Troubleshooting RMON ere ccbsecRORSGP RIO TOTUSI Qd dager 104 Configuration SNMP disacaugataeans cae Sinem aesaknre Shed daatedmaiaes See eacnd 109 Configuring SNMP on a Device Running Junos OS ee ee 109 Configuring the System Contact on a Device Running JunosOS 112 Configuring the System Description on a Device Running Junos OS 112 Configuring the System Location for a Device Running Junos OS 113 Configuring the System Name lsseeeee eee eee 113 Configuring the Commit Delay Timer llle IR 114 Loading MIB Files to a Network Management System urnana nane 114 Filtering Duplicate SNMP Requests 0 0 0 0 116 Copyrigh
364. the SONET SDH subcategories all SONET SDH trap e alarm types are included in trap notifications loss of light Loss of light alarm notification pll lock PLL lock alarm notification loss of frame Loss of frame alarm notification loss of signal Loss of signal alarm notification severely errored frame Severely errored frame alarm notification line ais Line alarm indication signal AIS alarm notification path ais Path AIS alarm notification loss of pointer Loss of pointer alarm notification ber defect SONET SDH bit error rate alarm defect notification ber fault SONET SDH error rate alarm fault notification line remote defect indication Line remote defect indication alarm notification path remote defect indication Path remote defect indication alarm notification remote error indication Remote error indication alarm notification unequipped Unequipped alarm notification path mismatch Path mismatch alarm notification loss of cell Loss of cell delineation alarm notification vt ais Virtual tributary VT AIS alarm notification vt loss of pointer VT loss of pointer alarm notification vt remote defect indication VT remote defect indication alarm notification vt unequipped VT unequipped alarm notification vt label mismatch VT label mismatch error notification vt loss of cell VT loss of cell delineation notification startup System warm and cold starts vrrp events Virtual Router Redundancy
365. this statement to the configuration Configuring an Alarm Entry and Its Attributes on page 178 247 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices routing engine SNMP Resource Level Supported Platforms LN Series SRXIOO SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 Syntax routing engine f resource cpu memory open files count process count storage temperature i interval interval in secs moderate threshold percentage level high threshold percentage level critical threshold percentage level action monitor prevent recover Hierarchy Level edit snmp health monitor routing engine Release Information Statement introduced in Junos OS Release 12 1X44 D10 Statement modified in Junos OS Release 12 1X45 D1O Description Override the global configuration for a resource Options interval Monitoring interval in seconds Default 300 seconds moderate threshold Percentage of moderate threshold level resource utilization Default 70 percent high threshold Percentage of high threshold level resource utilization Default 80 percent critical threshold Percentage of critical threshold level resource utilization Default 90 percent action Enable action for all resources Default If action is not enabled the default action is prevent f WARNING If the system health management action for an affected resource is c
366. through 100 Default 70 percent of the maximum possible value snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Falling Threshold or Rising Threshold on page 185 rising threshold on page 247 Copyright O 2014 Juniper Networks Inc falling threshold Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series T Series falling threshold integer edit snmp rmon alarm index Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches The lower threshold for the sampled variable When the current sampled value is less than or equal to this threshold and the value at the last sampling interval is greater than this threshold a single event is generated A single event is also generated if the first sample after this entry becomes valid is less than or equal to this threshold and the associated startup alarm value is equal to falling alarm value or rising or falling alarm value After a falling event is generated another falling event cannot be generated until the sampled value rises above this threshold and reaches the rising threshold integer The lower threshold for the alarm entry Range 2 147 483 648 throu
367. tification you must also configure Junos OS You must specify a target host for remote operations traps To configure trap notification for SNMP remote operations include the categories and targets statements at the edit snmp trap group group name hierarchy level edit snmp trap group group name categories category targets address 94 Copyright 2014 Juniper Networks Inc Chapter 6 Remote Operations Example Setting Trap Notification for Remote Operations Specify 172 17 12 213 as a target host for all remote operation traps snmp trap group remote traps categories remote operations targets 172 17 12 213 For more information about trap groups see Configuring SNMP Trap Groups on page 141 Using Variable Length String Indexes All tabular objects in the remote operations MIBs supported by Junos OS are indexed by two variables of type SnmpAdminString For more information about SnmpAdminString see RFC 2571 Junos OS does not handle SnmpAdminString any differently from the octet string variable type However the indexes are defined as variable length When a variable length string is used as an index the length of the string must be included as part of the object identifier OID Example Set Variable Length String Indexes To reference the pingCtlTargetAddress variable of a row in pingCtl Table where pingCtlOwnerlndex is bob and pingCtlTestName is test use the following o
368. tification to be sent If you are using the v1 or v2 security models the security name at the edit snmp v3 vacm security to group hierarchy level must match the security name at the edit snmp v3 snmp community community index hierarchy level Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Configuring the SNMPv3 Trap Notification on page 146 Configuring the Trap Notification Filter on page 141 Configuring the Trap Target Address on page 147 Configuring SNMP Informs on page 121 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Example Configuring SNMPv3 Trap Notification Supported Platforms LN Series M Series MX Series PTX Series T Series Specify three sets of destinations to send traps Related Documentation edit snmp v3 notify n1 f tag router type trap notify n2 1 tag router2 type trap notify n3 f tag router3 type trap Configuring SNMPv3 Traps on a Device Running Junos OS on page 145 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Copyright O 2014 Juniper Networks Inc 153 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 154 Copyright O 2014 Juniper Networks Inc CHAPTER 11 Access Privileges Defining Access Privileges for an SNMP Group on page 155 Configuring the Acce
369. tion Filtering Interface Information Out of SNMP Get and GetNext Output on page 118 Copyright O 2014 Juniper Networks Inc 221 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices group Configuring Group Name Supported Platforms EX Series LN Series M Series MX Series PTX Series T Series Syntax group group name default context prefix context prefix context prefiix 1 security model any usm vl v2c f security level authentication none privacy f notify view view name read view view name write view view name Hierarchy Level edit snmp v3 vacm access Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Assign the security name to a group and specify the SNMPv3 context applicable to the group The default context prefix statement when included adds all the contexts configured on the device to the group whereas the context prefix context prefix statement enables you to specify a context and to add that particular context to the group When the context prefix is specified as default for example context prefix default the context associated with the master routing instance is added to the group The remaining statements under this hierarchy are documented in separate topics Options group name SNMPv3 group name created for the SNMPv3 group Required Privilege snm
370. tion none privacy f notify view view name read view view name write view view name security to group security model usm vl v2c security name security name group group name edit snmp v3 Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Configure view based access control model VACM information The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Defining Access Privileges for an SNMP Group on page 155 Copyright O 2014 Juniper Networks Inc 281 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices variable Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation version Supported Platforms Syntax Hierarchy Level Release Information Description Default Options Required Privilege Level Related Documentation 282 EX Series LN Series M Series MX Series PTX Series T Series variable oid variable edit snmp rmon alarm index Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Object identifier OID of MIB variable to be monitored oid variable OID of the MIB variable that is being
371. tion snmp control To add this statement to the configuration Applying the Trap Notification Filter on page 151 notify filter Configuring the Profile Name Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 232 EX Series LN Series M Series MX Series PTX Series OFX Series T Series notify filter profile name 1 oid oid include exclude edit snmp v3 Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Statement introduced in Junos OS Release 11 1 for the QFX Series Specify a group of MIB objects for which you define access The notify filter limits the type of traps or informs sent to the network management system profile name Name assigned to the notify filter The remaining statement is explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Trap Notification Filter on page 141 oid on page 235 Copyright O 2014 Juniper Networks Inc notify view Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation Chapter 17 Configuration Statements EX Series LN Series M Series MX Series PTX Series OFX Series T Series notify view view nam
372. titles e A policy term is a named structure that defines match conditions and actions e Junos OS CLI User Guide e RFC1997 BGP Communities Attribute Italic text like this Represents variables options for which you substitute a value in commands or configuration statements Configure the machine s domain name edit root set system domain name domain name Text like this Represents names of configuration statements commands files and directories configuration hierarchy levels or labels on routing platform components e To configure a stub area include the stub statement at the edit protocols ospf area area id hierarchy level Theconsole port is labeled CONSOLE angle brackets Encloses optional keywords or variables stub default metric metric pipe symbol Indicates a choice between the mutually exclusive keywords or variables on either side of the symbol The set of choices is often enclosed in parentheses for clarity broadcast multicast string string2 string3 pound sign Indicates a comment specified on the same line asthe configuration statement to which it applies rsvp f Required for dynamic MPLS only square brackets Encloses a variable for which you can substitute one or more values community name members community ids Indention and braces 11 Identifies a level in the configuration hierarchy
373. troduced in Junos OS Release 11 1 for the QFX Series Select management targets for SNMPv3 notifications as well as the type of notifications Notifications can be either traps or informs name Name assigned to the notification tag name Notifications are sent to all targets configured with this tag type Notification type is trap or inform Traps are unconfirmed notifications Informs are confirmed notifications snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring the Inform Notification Type and Target Address on page 171 Configuring the SNMPv3 Trap Notification on page 146 Copyright O 2014 Juniper Networks Inc 231 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices notify filter Applying to the Management Target Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series PTX Series T Series notify filter profile name edit snmp v3 target parameters target parameters name Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Specify the notify filter to be used by a specific set of target parameters profile name Name of the notify filter to apply to notifications snmp To view this statement in the configura
374. tup alarm rising or falling alarm variable iflnOctets 1 event 100 f community bedrock description emergency events type log and trap Related Understanding RMON Alarms and Events Configuration on page 177 D tati ocumentanon Configuring an Alarm Entry and Its Attributes on page 178 Configuring an Event Entry and Its Attributes on page 182 Configuring Health Monitoring on Devices Running Junos OS Supported Platforms LN Series M Series MX Series PTX Series T Series As the number of devices managed by a typical network management system NMS grows and the complexity of the devices themselves increases it becomes increasingly impractical for the NMS to use polling to monitor the devices A more scalable approach is to rely on network devices to notify the NMS when something requires attention On Juniper Networks routers RMON alarms and events provide much of the infrastructure needed to reduce the polling overhead from the NMS However with this approach you must set up the NMS to configure specific MIB objects into RMON alarms This often Copyright O 2014 Juniper Networks Inc 183 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Monitored Objects 184 requires device specific expertise and customizing of the monitoring application In addition some MIB object instances that need monitoring are set only at initialization or change at runtime and cannot be configured in a
375. tworks Inc 173 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 174 Copyright 2014 Juniper Networks Inc CHAPTER 15 Remote Operations Usingthe Traceroute MIB for Remote Monitoring Devices Running Junos OS on page 175 Using the Traceroute MIB for Remote Monitoring Devices Running Junos OS Supported Platforms LN Series M Series MX Series PTX Series QFX Series T Series A traceroute test approximates the path packets take from the local host to the remote host RFC 2925 is the authoritative description of the Traceroute MIB in detail and provides the ASN 1 MIB definition of the Traceroute MIB Related SNMP Remote Operations Overview on page 93 Documentation Copyright O 2014 Juniper Networks Inc 175 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices 176 Copyright 2014 Juniper Networks Inc CHAPTER 16 Remote Monitoring Health Monitoring and Service Quality Understanding RMON Alarms and Events Configuration on page 177 Configuring an Alarm Entry and Its Attributes on page 178 Configuring an Event Entry and Its Attributes on page 182 Example Configuring an RMON Alarm and Event Entry on page 183 Configuring Health Monitoring on Devices Running Junos OS on page 183 Example Configuring Health Monitoring on page 186 Understanding RMON Alarms and Events Configuration Supported Platforms LN Series M Series MX Series PTX Series
376. tworks Inc 27 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices trap group Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 272 EX Series LN Series M Series MX Series PTX Series SRX Series T Series trap group group name 1 categories category destination port port number routing instance instance targets f address version all v1 v2 edit snmp Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Create a named group of hosts to receive the specified trap notifications The name of the trap group is embedded in SNMP trap notification packets as one variable binding varbind known as the community name At least one trap group must be configured for SNMP traps to be sent group name Name of the trap group If the name includes spaces enclose it in quotation marks The remaining statements are explained separately snmp To view this statement in the configuration snmp control To add this statement to the configuration Configuring SNMP Trap Groups on page 141 Copyright O 2014 Juniper Networks Inc trap options Supported Platforms Syntax Hierarchy Level Release Information Description Default Required Privilege Level Related Documentation Chapter 17
377. ty Model 6 0 ccc eee 132 Assigning Security Names to GroUpS 00 ee eee 132 COMfISUFINE The GIOUD ys doro rien tear aed died e BG Gee Bak Eo apa dene 133 Example Security Group Configuration 0 0 eee 133 Example Configuring the Tag List e eee 134 Example Creating SNMPv3 Users Configuration lee 135 Chapter 10 SNMP Traps reiser nhan accio nue e a telegram aa 137 Configuring SNMP TrapOptions llle 137 Configuring the Source Address for SNMP Traps llle 138 Configuring the Agent Address for SNMP Traps eee 140 Adding snmpTrapEnterprise Object Identifier to Standard SNMP Traps 140 Configuring the Trap Notification Filter lle 141 Configuring SNMP Trap GrOUDS ls eee eee 141 Configuring SNMP Trap Options and Groups on a Device Running Junos OS 144 Configuring SNMPv3 Traps on a Device Running Junos OS 145 Configuring the SNMPv3 Trap Notification eee 146 Example Configuring SNMP Trap GroUDS sssseee Rh 147 Configuring the Trap Target Address 0 0 cc n 147 Configuring the Address lilleee eee eee 148 Configuring the Address Mask e eee eens 148 Configuring the Port 0 0 0 RR e e 149 Configuring the Routing Instance 1 eee 149 Configuring the Trap Target Address 149 Applying Target Parameters 0 0 0 ee 150 Copyright O 2014 Juniper Networks Inc v SNMP MIBs and Traps Monitoring and Trou
378. unos12 1 topics reference mibs mib jnx rpf txt RMON Events and Alarms MIB 1 1 1 o 1 1 1 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx rmon txt RSVP MIB O 8 0 0 0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx rsvp txt Security Interface Extension Objects MIB o 0 0 1 1 1 1 http www juniper net techpubs en US junos12 1 topics reference mibs mib jnx js if ext txt Security Screening Objects MIB 0 O O O 0 O O0 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx js screening txt Copyright 2014 Juniper Networks Inc 51 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Table 4 Enterprise Specific MIBs and Supported Devices continued Platforms Low Mid Enterprise Specific MIB EX End Range 0 0 Services PIC MIB 1 1 1 o o http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx sp txt SNMP IDP MIB Oo O O Oo O 1 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx js idp txt SONET APS MIB 1 1 0 6 O O 0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx sonetaps txt SONET SDH Interface Management MIB 1 1 1 0 O0 O0 0 O0 http www juniper net techpubs en_US junos12 1 topics reference mibs mib jnx sonet txt Source Class Usage MIB 1 1 1 0 0
379. uration Statements security name Security Group Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation EX Series LN Series M Series MX Series T Series security name security name 1 group group name edit snmp v3 vacm security to group security model usm vl v2c Statement introduced before Junos OS Release 74 Statement introduced in Junos OS Release 9 0 for EX Series switches Associate a group or a community string with a configured security group security name Username configured at the edit snmp v3 usm local engine user username hierarchy level For SNMPv1 and SNMPv2c the security name is the community string configured at the edit snmp v3 snmp community community index hierarchy level snmp To view this statement in the configuration snmp control To add this statement to the configuration Assigning Security Names to Groups on page 132 Copyright O 2014 Juniper Networks Inc 259 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices security name SNMP Notifications Supported Platforms Syntax Hierarchy Level Release Information Description Options Required Privilege Level Related Documentation 260 EX Series LN Series M Series MX Series QFX Series T Series security name security name edit snmp v3 target parameters target parameters name p
380. uring the Number and Size of SNMP Log Files By default when the trace file reaches 128 kilobytes KB in size it is renamed filename O then filename and so on until there are three trace files Then the oldest trace file filename 2 is overwritten You can configure the limits on the number and size of trace files by including the following statements at the edit snmp traceoptions hierarchy level edit snmp traceoptions file files number size size For example set the maximum file size to 2 MB and the maximum number of files to 20 When the file that receives the output of the tracing operation filename reaches 2 MB filename is renamed filename O and a new file called filename is created When the new filename reaches 2 MB filename O is renamed filename and filename is renamed filename O This process repeats until there are 20 trace files Then the oldest file filename 19 is overwritten by the newest file filename O The number of files can be from 2 through 1000 files The file size of each file can be from 10 KB through 1 gigabyte GB Configuring Access to the Log File 298 By default log files can be accessed only by the user who configured the tracing operation To specify that any user can read all log files include the file world readable statement at the edit snmp traceoptions hierarchy level edit snmp traceoptions file world readable To explicitly set the default behavior include the file n
381. uring the Remote Engine and Remote User on page 293 Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Example Configuring the Inform Notification Type and Target Address on page 172 Example Configuring the Inform Notification Type and Target Address Supported Platforms 172 LN Series M Series MX Series PTX Series SRX Series T Series In the following example target 172 17 20 184 is configured to respond to informs The inform timeout is 30 seconds and the maximum retransmit count is 3 The inform is sent to all targets in the tll list The security model for the remote user is usm and the remote engine username is u1O edit snmp v3 notify n1 f Copyright O 2014 Juniper Networks Inc Chapter 14 Inform Notifications type inform tag tll notify filter nfl oid 1 3 include target address tal f address 172 17 20 184 retry count 3 tag list tll address mask 255 255 255 0 target parameters tpl timeout 30 target parameters tpl f parameters f message processing model v3 security model usm security level privacy security name ul0 notify filter nfl Related Configuring the Inform Notification Type and Target Address on page 171 D tati ocumentaton Complete SNMPv3 Configuration Statements on page 195 Minimum SNMPv3 Configuration on a Device Running Junos OS on page 127 Copyright O 2014 Juniper Ne
382. urity name john Matches the security name configured at the edit snmp v3 snmp community community index hierarchy level target parameters tp2 notify filter nf2 parameters f message processing model v security model v1 security level none security name john target parameters tp3 f notify filter nf3 parameters f message processing model vl security model v1 security level none security name john Copyright O 2014 Juniper Networks Inc 125 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices usm local engine f Defines authentication and encryption for SNMPv3 users user user authentication md5 authentication password authentication password privacy des f privacy password privacy password user user2 authentication sha authentication password authentication password privacy none user user3 authentication none privacy none user user4 f authentication sha f authentication password authentication password privacy aes128 f privacy password privacy password user user5 authentication sha authentication password authentication password privacy none vacm access group san francisco f Defines the access privileges for the group default context prefix f called san francisco security model vl f security level none f notify view ping mib read view interfaces write view jnxAlarms secu
383. ut specific traps based on their object identifiers You can use the notify filter option to filter OUt a specific trap or a group of traps The following example shows the sample configuration for excluding Juniper Networks enterprise specific configuration management traps note that the SNMPv3 configuration also supports filtering of SNMPvI and SNMPv2 traps as is shown in the following example edit snmp v3 vacm security to group security model v2c security name sn_v2c_trap group gr_v2c_trap access group gr_v2c_trap default context prefix security model v2c security level none read view all notify view all 290 Copyright 2014 Juniper Networks Inc Related Documentation target address TA_v2c_trap address 10 209 196 166 port 9001 tag list tgl target parameters TP_v2c_trap target parameters TP_v2c_trap parameters f message processing model v2c security model v2c security level none security name sn v2c trap notify filter nfl notify v2c_notify type trap tag tgl notify filter nfl f oid 1 3 6 1 4 1 2636 4 5 exclude oid 1 include snmp community index f community name 9 tDLIOTh7Nbw2axN SECRET DATA security name sn v2c trap tag tgl view all oid 1 include Understanding SNMP Implementation in the Junos OS Configuring SNMP on Devices Running the Junos OS Chapter 18 SNMP Traps Monitoring SNMP Activity and
384. ute daemon memory usage Routing protocols process 51452 active Management process 38284 active Management process 38356 active Command line interface 49108 active Periodic packet management process 9828 active Bidirectional Forwarding Detection process 13088 active Service Deployment Client 10012 active Event processing process 12692 active Layer 2 address flooding and learning process 20212 active MPLS Periodic Traceroute process 10488 active Multicast Snooping process 9608 active Feature license management process 12372 active 32794 Health Monitor jkernel daemon memory usage Init daemon 1684 active Chassis control process 115888 rising threshold Firewall process 22584 active Interface control process 34000 active Simple Network Management Protocol process 21772 active Management Information Base II process 27848 active Alarm control process 12568 active Packet Forwarding Engine statistics management process 24388 active Craft interface I O control process 13248 active Remote operations process 13712 active Class of service process 18908 active Internal routing service process 7924 active Inet process 6052 active USB supervise process 2388 active PPP process 8772 active Juniper Stateful Redundancy Protocol Daemon 13668 active Network security daemon 24248 active Simple Mail Transfer Protocol Client process 8088 active 316 Copyright 2014 Juniper Networks Inc 32797 32800 32803 32804 32805 32806 32
385. v2 categories link startup targets f 192 168 10 22 172 1711 2 edit interfaces loO unit O family inet f address 10 0 0 1 32 address 127 0 0 1 32 In this example the IP address 10 0 0 1 is the source address of every trap sent from this router To specify a logical system name as the source address of SNMP traps include the logical system logical system name statement at the edit snmp trap options hierarchy level For example the following configuration sets logical system name Isl as the source address of SNMP traps edit snmp trap options logical system ls To specify a routing instance name as the source address of SNMP traps include the routing instance routing instance name statement at the edit snmp trap options hierarchy level For example the following configuration sets the routing instance name ril as the source address for SNMP traps edit snmp trap options f routing instance ril Copyright 2014 Juniper Networks Inc 139 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices Configuring the Agent Address for SNMP Traps The agent address is only available in SNMPv1 trap packets see RFC 1157 By default the router s default local address is used in the agent address field of the SNMPVvI trap To configure the agent address include the agent address statement at the edit snmp trap options hierarchy level Currently the agent add
386. v3 target parameters target parameter name hierarchy level edit snmp v3 target parameters target parameter name notify filter profile name parameters f message processing model v1 v2c V3 security level authentication none privacy security model usm vl v2c security name security name Copyright 2014 Juniper Networks Inc Chapter 10 SNMP Traps This topic includes the following sections Applying the Trap Notification Filter on page 151 Configuring the Target Parameters on page 151 Applying the Trap Notification Filter To apply the trap notification filter include the notify filter statement at the edit snmp v3 target parameters target parameter name hierarchy level edit snmp v3 target parameters target parameter name notify filter profile name profile name is the name of a configured notify filter For information about configuring notify filters see Configuring the Trap Notification Filter on page 141 Configuring the Target Parameters To configure target parameter properties include the following statements at the edit snmp v3 target parameters target parameter name parameters hierarchy level edit snmp v3 target parameters target parameter name parameters message processing model v1 v2c v3 security level authentication none privacy security model usm vl v2c security name security name This section includes the following topics Configu
387. vailability Health measures the number and type of errors that are occurring on the provider network and can consist of both router centric and network centric measurements such as hardware failures or packet loss Performance of the provider network measures how well it can support IP services for example in terms of delay or utilization How well is the provider network performing We recommend an initial three month period of monitoring to identify a network s normal operational parameters With this information you can recognize exceptions and identify abnormal behavior You should continue baseline monitoring for the lifetime of each measured metric Over time you must be able to recognize performance trends and growth patterns Within the context of this chapter many of the metrics identified do not have an allowable operational range associated with them In most cases you cannot identify the allowable operational range until you have determined a baseline for the actual variable on a specific network Understanding RMON for Monitoring Service Quality on page 101 Understanding RMON for Monitoring Service Quality Supported Platforms LN Series M Series MX Series PTX Series T Series Health and performance monitoring can benefit from the remote monitoring of SNMP variables by the local SNMP agents running on each router The SNMP agents compare MIB values against predefined thresholds and generate exception ala
388. vent High Rising 70 2013 04 10 14 51 29 JST Configuration 1 30 70 85 Monitor Inter Mod High Crit Action Usage Trail 70 70 69 69 69 69 69 69 69 69 Top and Growing Consumer KB Top Consumer Usage Growth secdb_06 db 50424 0 idpd trace 23860 0 SignatureUpdate xml 20322 0 ai cachedfa group c 10784 0 dfa group cache db 10456 0 Growing Consumer Usage Growth default log message 4403 4403 chassisd 1467 4 jsrpd 1202 2 Storage used 226034 KB Inodes used 506 Nodes Resource Event Configuration Usage Trail 65 Top and Growing Consumer KB Var cf var jnxHrStoragePercentUsed 5 Moderate Rising 65 1 30 70 85 Monitor Inter Mod High Crit Action 2013 04 10 14 16 42 JST Top Consumer Usage Growth secdb 06 db 50424 0 idpd trace 23860 0 SignatureUpdate xml 20322 0 ai cachedfa group c 10784 0 dfa group cache db 10456 0 Growing Consumer Usage Growth chassisd 1463 18 jsrpd 1200 7 Storage used 211868 KB Inodes used 503 Nodes show snmp health monitor routing engine history terse user host gt show snmp health monitor routing engine history terse Resource name Latest event Time elapsed Action MD2 mfs var run utm High Falling 00 00 36 Monitor Root cf Moderate Rising 1d 02 25 Monitor Var cf var Critical Rising 00 02 38 Monitor CPU Critical Rising 1d 02 19 Monitor Memory Critical Rising 00 08 00 Monitor RE process count High Rising 1d 02 25 Monitor RE open files count Mod
389. version all vl v2 trap options agent address outgoing interface source address address enterprise oid logical system logical system name 1 routing instance routing instance name 1 source address address routing instance routing instance name source address address v3 notify name tag tag name type trap inform notify filter profile name oid oid include exclude Copyright 2014 Juniper Networks Inc 193 SNMP MIBs and Traps Monitoring and Troubleshooting Guide for Security Devices snmp community community index community name community name security name security name tag tag name target address target address name address address address mask address mask logical system logical system port port number retry count number routing instance instance tag list tag list target parameters target parameters name timeout seconds target parameters target parameters name notify filter profile name parameters message processing model v1 v2c v3 security level authentication none privacy security model usm vl v2c security name security name usm local engine user username authentication md5 authentication password authentication password authentication none authentication sha authentication password authentication password privacy 3des privacy password privacy password privacy aes128 privacy password p
Download Pdf Manuals
Related Search