How to Manage Junos Devices with Simple Network Management Protocol - dummies

How to Manage Junos Devices with Simple Network Management Protocol

By Walter J. Goralski, Cathy Gadecki, Michael Bushong

Simple Network Management Protocol (SNMP) is an Internet standard protocol for managing all devices on an IP network. SNMP has centralized systems called clients (which SNMP calls managers) that actively monitor servers (which SNMP calls agents) by querying them and collecting status information and statistics from them. The managers generally run on dedicated computers called Network Management Systems (NMSs). Routers are one type of agent.

When you want the NMS on your network to be able to monitor the device, you need to configure the device to be an SNMP agent:

user@junos-device# set snmp community public authorization read-only

To transform the router into an agent, you place the router into an SNMP community using set snmp community public authorization read-only. This command uses one of the common SNMP communities, public.

The second part of the command defines how the agent (your Junos OS) will respond to requests from the NMS system. An authorization of read-only means that the device will send its information to the NMS, but the NMS will not be able to modify any settings on the device (which it could do if you specified an authorization of read-write).

You can configure the device to respond to multiple communities, each with its own authorization level.

You can configure basic information about the device for the NMS to collect when it queries the device, such as the device’s location and description and who to contact about the device. This information corresponds to leaves in the system group in the standard MIB-II, and NMS on the network can collect this information when querying the device (in this case, a router):

[edit snmp]
user@junos-device# set description “Juniper Router”
[edit snmp]
user@junos-device# set location “Sunnyvale, California machine room”
[edit snmp]
user@junos-device# set contact “,
    cell phone +1-408-555-2000”

It’s always a good idea to make the SNMP community permission string something other than public. If you don’t, you can bet at some point someone will change the SNMP for every network device to contact you whenever anything goes wrong.

In normal SNMP operation, the NMS periodically queries the device. If any unexpected events occur on the device, the NMS finds out only after sending a query and examining the response.

However, you can configure the device to send notifications to the NMS when unexpected events occur. This notification means that the NMS, and the people monitoring the NMS, can find out about device problems more quickly. These notifications of serious events are called traps, and you can configure the types of events that trigger the device to send traps.

The following command configures the router to send traps when an NMS system uses the wrong community string when trying to access the device:

[edit snmp]
fred@junos-device# set trap-group authentication-traps targets
fred@junos-device# set trap-group authentication-traps categories authentication
SNMP Trap Categories
Configuration Option MIB Description
authentication Standard MIB-II Authentication failures on the agent (the device)
chassis Juniper proprietary Chassis and router environment notifications
configuration Juniper proprietary Configuration mode notifications
Link Juniper proprietary Interface transitions, such as transitioning from up to
rmon-alarm Juniper proprietary SNMP remote monitoring (RMON) events
routing Juniper proprietary Routing protocol notifications
startup Standard MIB-II Device reboots (soft/warm and full reboots)

SNMP uses a set of acronyms all its own:

  • SMI: Structure of Management Information defines the way data is stored in a Management Information Base (MIB).

  • MIB: Management Information Bases are hierarchical databases, like a directory structure on a PC or Mac, in which SNMP agents (such as a router) store their status information and statistics. SNMP defines standard MIBs, and individual network equipment vendors can also define proprietary MIBs.

    The standard MIB for use in TCP/IP networks is called MIB-II because it is the second version of this MIB. For your SNMP client to be able to retrieve information stored in these MIBs, it must know the structure of the MIB. You can download all Juniper Networks MIBs, both the standard and proprietary ones, from the Juniper website.

  • OID: Object Identifier is the number that uniquely identifies a branch (directory) or leaf (file) in the MIB. The OID is actually a string of numbers, with one number for each branch in the hierarchy and one number for the final leaf in the hierarchy.

    The OID generally begins with a period to indicate the top of the tree (the root node), and each subsequent number is separated by a period. An example of an OID from MIB-II is ., which points to the device’s description (sysDescr).