How to Use SNMP to Troubleshoot a Junos Network

By Walter J. Goralski, Cathy Gadecki, Michael Bushong

Some people may imagine that their network is too small to expend resources on keeping elaborate event tracking logs, and that if things go wrong, the root cause will be obvious. These people are wrong. Some of the essential troubleshooting tools in a Junos network are SNMP polling and SNMP traps. You would be wise to use them, no matter how small your network.

SNMP is a poll-and-response device management protocol (“Are you OK?” “Yep.”) that can also have a managed device send unsolicited messages called traps to a management console.

SNMP polling

Let’s first look at the poll-and-response aspects of SNMP.

As essential as SNMP might be, it is not enabled by default in Junos — you must explicitly configure SNMP!

The following configuration allows read-only polling from a specific client (host address 172.17.110.10) and establishes an SNMP community string of mysnmp (the community string is a simple passphrase and not a secure password, but it will do here).

user@router>set snmp community mysnmp authorization read-only
user@router>set snmp community mysnmp clients 172.16.110.10/32
user@router>show snmp
community mysnmp {
    authorization read-only;
    clients {
                                   172.16.110.10/32;
    }
}

SNMP traps

Polling is essential for monitoring a network, but frequent polling can add load to the device and the network. In stable networks, much of the information gathered by polling is redundant. So mature networks rely more on traps: SNMP messages sent in response to a condition on the managed device.

Configuring traps is a similar operation to configuring SNMP polling. You use the trap-groups keyword and flags, however.

You must configure an additional SNMP community and SNMP server to use traps in the Junos OS. You can trap one or all of the following events:

  • Authentication (failures to authenticate an activity)

  • Chassis (all chassis or environmental notifications)

  • Configuration (changes to the configuration)

  • Link (all link transitions such as up or down)

  • Remote operations (remote access to the router)

  • RMON alarm (alarms concerning remote monitoring)

  • Routing (notifications sent by routing protocols)

  • Services (notifications regarding the routers application services)

  • SONET/SDH alarms (standard alarms for WAN links)

  • Startup (system warm and cold starts)

  • VRRP events (notifications for the Virtual Router Redundancy Protocol)

Unlike syslog levels, SNMP traps are specific to each type of event. If you want to capture all types of traps, you must configure them all.

The following configuration traps all authentication, chassis, configuration, link, routing, and startup alarms. Traps are sent to the SNMP client with community mytraps.

user@router>set snmp trap-group mytraps targets 172.16.110.10
user@router>set snmp trap-group mytraps categories authorization
user@router>set snmp trap-group mytraps categories chassis
user@router>set snmp trap-group mytraps categories configuration
user@router>set snmp trap-group mytraps categories link
user@router>set snmp trap-group mytraps categories routing
user@router>set snmp trap-group mytraps categories startup
user@router>show snmp trap-group mytraps
categories {
               authentication;
               chassis;
               configuration;
               link;
               routing;
               startup;
}
targets {
               172.16.110.10;
}