3.2.35. snmp¶

SNMP configuration.

vsr running config# vrf <vrf> snmp

enabled (pushed)¶

Enable or disable the SNMP engine.

vsr running config# vrf <vrf> snmp
vsr running snmp# enabled true|false

Default value: true

interface-ignore¶

SNMP will ignore interfaces whose names start with this prefix in MIBs EtherLike-MIB, the IF-MIB, and the IP-MIB mibs. By default, all interfaces are monitored.

vsr running config# vrf <vrf> snmp
vsr running snmp# interface-ignore INTERFACE-IGNORE

INTERFACE-IGNORE

An interface name.

engine-id¶

Define SNMP entity engine id. The engine id will look like 0x80 concatenated with the hex value of the type used to build.

vsr running config# vrf <vrf> snmp engine-id

text¶

Build engine id from the text.

vsr running config# vrf <vrf> snmp engine-id
vsr running engine-id# text <string>{1,32}

ipv4¶

Build engine id from host’s IPv4 addr.

vsr running config# vrf <vrf> snmp engine-id
vsr running engine-id# ipv4

ipv6¶

Build engine id from host’s IPv6 addr.

vsr running config# vrf <vrf> snmp engine-id
vsr running engine-id# ipv6

interface¶

Build engine id from the interface’s mac addr.

vsr running config# vrf <vrf> snmp engine-id
vsr running engine-id# interface <string>

listen¶

Configuration of the transport endpoint on which the engine listens.

vsr running config# vrf <vrf> snmp listen

protocols¶

The protocols used for connecting to the SNMP agent.

vsr running config# vrf <vrf> snmp listen
vsr running listen# protocols PROTOCOLS

`PROTOCOLS` values	Description
`udp`	UDP.
`tcp`	TCP.
`udp6`	UDPv6.
`tcp6`	TCPv6.

Default value: udp

port¶

The TCP or UDP port on which the engine listens.

vsr running config# vrf <vrf> snmp listen
vsr running listen# port PORT

PORT

A 16-bit port number used by a transport protocol such as TCP or UDP.

Default value: 161

source¶

Restrict access to requests from the specified address.

vsr running config# vrf <vrf> snmp listen
vsr running listen# source SOURCE

`SOURCE` values	Description
`<ipv4-address>`	An IPv4 address.
`<ipv6-address>`	An IPv6 address.

static-info¶

Most of the information reported by the SNMP agent is retrieved from the underlying system. However, certain MIB objects can be configured with a static value.

vsr running config# vrf <vrf> snmp static-info

location¶

System location (sysLocation.0) object value.

vsr running config# vrf <vrf> snmp static-info
vsr running static-info# location <string>

contact¶

System contact (sysContact.0) object value.

vsr running config# vrf <vrf> snmp static-info
vsr running static-info# contact <string>

name¶

System name (sysName.0) object value.

vsr running config# vrf <vrf> snmp static-info
vsr running static-info# name <string>

services¶

Value of the sysServices.0 object. For a host system, a good value is 72 (application + end-to-end layers).

vsr running config# vrf <vrf> snmp static-info
vsr running static-info# services <uint8>

description¶

System description of the SNMP agent (sysDescr.0).

vsr running config# vrf <vrf> snmp static-info
vsr running static-info# description <string>

object-id¶

System OID (sysObjectOID.0) object value.

vsr running config# vrf <vrf> snmp static-info
vsr running static-info# object-id OBJECT-ID

OBJECT-ID

SNMP object identifier either as a label or numeric form.

view¶

A named ‘view’ - a subset of the overall OID tree.

vsr running config# vrf <vrf> snmp view <string>

<string>

The name of the view.

subtree¶

A part of the OID tree to include or exclude from the view.

vsr running config# vrf <vrf> snmp view <string>
vsr running view <string># subtree <subtree> included true|false

<subtree>

SNMP object identifier either as a label or numeric form.

included¶

Set to false to exclude this OID from the view.

included true|false

Default value: true

community¶

An SNMPv1 or SNMPv2c community.

vsr running config# vrf <vrf> snmp community <string>

<string>

The name of the community.

authorization (mandatory)¶

The authorization level of the community.

vsr running config# vrf <vrf> snmp community <string>
vsr running community <string># authorization AUTHORIZATION

`AUTHORIZATION` values	Description
`read-only`	Read-only (GET and GETNEXT) access.
`read-write`	Read-write (GET, GETNEXT and SET) access.

source¶

Restrict access to requests from the specified address or prefix list.

vsr running config# vrf <vrf> snmp community <string>
vsr running community <string># source SOURCE

`SOURCE` values	Description
`<ipv4-address>`	The ipv4-address type represents an IPv4 address in dotted-quad notation. The IPv4 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format for the zone index is the numerical format
`<ipv6-address>`	The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation. The IPv6 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format of IPv6 addresses uses the textual representation defined in Section 4 of RFC 5952. The canonical format for the zone index is the numerical format as described in Section 11.2 of RFC 4007.
`<domain-name>{1,253}`	The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitly or may depend on the configuration of the resolver. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be A-labels as per RFC 5890.
`<ipv4-prefix>`	An IPv4 prefix: address and CIDR mask.
`<ipv6-prefix>`	An IPv6 prefix: address and CIDR mask.

view¶

Restricts access for that community to the subtree rooted at the given view name. If not specified, the community has access to the whole OID tree.

vsr running config# vrf <vrf> snmp community <string>
vsr running community <string># view <leafref>

monitored-vrf¶

Monitored VRF.

vsr running config# vrf <vrf> snmp monitored-vrf <string>

<string>

The name of the monitored VRF. Included in the SNMPv3 TRAPs and SNMPv3 INFORMs notifications from this VRF (as context).

interface-ignore¶

SNMP will ignore interfaces whose names start with this prefix in MIBs EtherLike-MIB, the IF-MIB, and the IP-MIB mibs. By default, all interfaces are monitored.

vsr running config# vrf <vrf> snmp monitored-vrf <string>
vsr running monitored-vrf <string># interface-ignore INTERFACE-IGNORE

INTERFACE-IGNORE

An interface name.

identifier¶

Identifier to access the monitored VRF, acts as a community for SNMPv1 or SNMPv2c and as a context for SNMPv3.

vsr running config# vrf <vrf> snmp monitored-vrf <string> identifier <string>

<string>

The monitored VRF identifier (community for SNMPv1 or SNMPv2c and context for SNMPv3).

authorization (mandatory)¶

The authorization level of the identifier.

vsr running config# vrf <vrf> snmp monitored-vrf <string> identifier <string>
vsr running identifier <string># authorization AUTHORIZATION

`AUTHORIZATION` values	Description
`read-only`	Read-only (GET and GETNEXT) access.
`read-write`	Read-write (GET, GETNEXT and SET) access.

source¶

Restrict access to requests from the specified address or prefix list for SNMPv1 or SNMPv2.

vsr running config# vrf <vrf> snmp monitored-vrf <string> identifier <string>
vsr running identifier <string># source SOURCE

`SOURCE` values	Description
`<ipv4-address>`	The ipv4-address type represents an IPv4 address in dotted-quad notation. The IPv4 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format for the zone index is the numerical format
`<ipv6-address>`	The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation. The IPv6 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format of IPv6 addresses uses the textual representation defined in Section 4 of RFC 5952. The canonical format for the zone index is the numerical format as described in Section 11.2 of RFC 4007.
`<domain-name>{1,253}`	The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitly or may depend on the configuration of the resolver. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be A-labels as per RFC 5890.
`<ipv4-prefix>`	An IPv4 prefix: address and CIDR mask.
`<ipv6-prefix>`	An IPv6 prefix: address and CIDR mask.

view¶

Restricts access to the subtree rooted at the given view name. If not specified, the identifier has access to the whole OID tree.

vsr running config# vrf <vrf> snmp monitored-vrf <string> identifier <string>
vsr running identifier <string># view <leafref>

traps¶

Active monitoring and automatic notifications configuration.

vsr running config# vrf <vrf> snmp monitored-vrf <string> traps

destination¶

The destination of SNMPv1 TRAPs, SNMPv2c TRAP2s, SNMPv3 TRAPs, SNMPv2 INFORM or SNMPv3 INFORM notifications.

vsr running config# vrf <vrf> snmp monitored-vrf <string> traps destination <leafref>

<leafref>

The receiver address to use.

community¶

The community string to use when sending traps to this destination.

vsr running config# vrf <vrf> snmp monitored-vrf <string> traps destination <leafref>
vsr running destination <leafref># community <leafref>

access-control¶

SNMPv3 access control configuration.

vsr running config# vrf <vrf> snmp access-control

user¶

An SNMPv3 user.

vsr running config# vrf <vrf> snmp access-control user <string>

<string>

The name of the user (securityName).

auth-password (mandatory) (hidden)¶

The authentication password.

vsr running config# vrf <vrf> snmp access-control user <string>
vsr running user <string># auth-password <string>{8,max}

auth-method¶

The authentication method.

vsr running config# vrf <vrf> snmp access-control user <string>
vsr running user <string># auth-method AUTH-METHOD

`AUTH-METHOD` values	Description
`md5`	MD5.
`sha`	SHA.

Default value: sha

priv-password (hidden)¶

The privacy (encryption) password. If not specified, it is assumed to be the same as the authentication password.

vsr running config# vrf <vrf> snmp access-control user <string>
vsr running user <string># priv-password <string>{8,max}

priv-protocol¶

The encryption protocol.

vsr running config# vrf <vrf> snmp access-control user <string>
vsr running user <string># priv-protocol PRIV-PROTOCOL

`PRIV-PROTOCOL` values	Description
`aes`	AES.
`des`	DES.

Default value: aes

engine-id¶

An SNMP engine ID uniquely identifies an SNMP user. It is necessary to send SNMPv3 traps. However it must not be set for users who perform snmpget commands.

vsr running config# vrf <vrf> snmp access-control user <string>
vsr running user <string># engine-id <0x0000000001-0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe>

group¶

An SNMPv3 group.

vsr running config# vrf <vrf> snmp access-control group <string>

<string>

The name of the group.

user (mandatory)¶

Name of a user to add to this group.

vsr running config# vrf <vrf> snmp access-control group <string>
vsr running group <string># user <leafref>

security-level (mandatory)¶

The security level enforced on this group.

vsr running config# vrf <vrf> snmp access-control group <string>
vsr running group <string># security-level SECURITY-LEVEL

`SECURITY-LEVEL` values	Description
`auth`	Authentication is required.
`priv`	Authentication and encryption are required.

view¶

Restricts access for that group to the subtree rooted at the given view name. If not specified, the group has access to the whole OID tree.

vsr running config# vrf <vrf> snmp access-control group <string>
vsr running group <string># view <leafref>

authorization¶

The authorization level of this group.

vsr running config# vrf <vrf> snmp access-control group <string>
vsr running group <string># authorization AUTHORIZATION

`AUTHORIZATION` values	Description
`read-only`	Read-only (GET and GETNEXT) access.
`read-write`	Read-write (GET, GETNEXT and SET) access.

Default value: read-only

traps¶

Active monitoring and automatic notifications configuration.

vsr running config# vrf <vrf> snmp traps

destination¶

Notification receiver that should be sent SNMPv1 TRAPs, SNMPv2c TRAP2s, SNMPv3 TRAPs, SNMPv2 INFORM or SNMPv3 INFORM notifications.

vsr running config# vrf <vrf> snmp traps
vsr running traps# destination <destination> source SOURCE port PORT protocol PROTOCOL \
... notification-type NOTIFICATION-TYPE community <leafref> user <leafref>

`<destination>` values	Description
`<ipv4-address>`	The ipv4-address type represents an IPv4 address in dotted-quad notation. The IPv4 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format for the zone index is the numerical format
`<ipv6-address>`	The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation. The IPv6 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format of IPv6 addresses uses the textual representation defined in Section 4 of RFC 5952. The canonical format for the zone index is the numerical format as described in Section 11.2 of RFC 4007.
`<domain-name>{1,253}`	The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitly or may depend on the configuration of the resolver. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be A-labels as per RFC 5890.

source¶

The source IP used to reach the receiver.

source SOURCE

`SOURCE` values	Description
`<ipv4-address>`	An IPv4 address.
`<ipv6-address>`	An IPv6 address.

port¶

The port number of the host where to send the traps.

port PORT

PORT

A 16-bit port number used by a transport protocol such as TCP or UDP.

Default value: 162

protocol¶

The protocol used to connect to the destination host.

protocol PROTOCOL

`PROTOCOL` values	Description
`udp`	UDP.
`tcp`	TCP.
`udp6`	UDPv6.
`tcp6`	TCPv6.

Default value: udp

notification-type (mandatory)¶

The type of notifications that is to be sent to the specified host.

notification-type NOTIFICATION-TYPE

`NOTIFICATION-TYPE` values	Description
`TRAP`	Send SNMPv1 TRAPs to the specified host.
`TRAP2`	Send SNMPv2c TRAP2s to the specified host.
`TRAP3`	Send SNMPv3 TRAPs to the specified host.
`INFORM`	Send SNMPv2 INFORM notifications to the specified host.
`INFORM3`	Send SNMPv3 INFORM notifications to the specified host.

community¶

The community string to use when sending traps to this destination. Mandatory for SNMPv1 TRAPs, SNMPv2c TRAP2s and SNMPv2 INFORM.

community <leafref>

user¶

The user name to use when sending traps to this destination. Mandatory for SNMPv3 TRAP3s and SNMPv3 INFORM3s.

user <leafref>

authfail-check¶

Monitor authentication failures.

vsr running config# vrf <vrf> snmp traps
vsr running traps# authfail-check enabled true|false

enabled¶

Enable or disable authentication failures monitoring.

enabled true|false

Default value: true

link-status-check¶

Monitor network interfaces being taken up or down, triggering a linkUp or linkDown notification as appropriate.

vsr running config# vrf <vrf> snmp traps
vsr running traps# link-status-check frequency FREQUENCY enabled true|false

frequency¶

Check for network interfaces being taken up or down every <frequency> period.

frequency FREQUENCY

FREQUENCY

Value in seconds or optionnally suffixed by one of s (for seconds), m (for minutes), h (for hours), d (for days) or w (for weeks).

Default value: 60s

enabled¶

Enable or disable link status monitoring.

enabled true|false

Default value: true

process-check¶

Monitor the important processes of the system, triggering a notification when one of them is not alive.

vsr running config# vrf <vrf> snmp traps
vsr running traps# process-check frequency FREQUENCY enabled true|false

frequency¶

Check for network interfaces being taken up or down every <frequency> period.

frequency FREQUENCY

FREQUENCY

Value in seconds or optionnally suffixed by one of s (for seconds), m (for minutes), h (for hours), d (for days) or w (for weeks).

Default value: 2s

enabled¶

Enable or disable process monitoring.

enabled true|false

Default value: true

disk-space-check¶

Enables monitoring of all disks found on the system, using the specified (percentage) threshold.

vsr running config# vrf <vrf> snmp traps
vsr running traps# disk-space-check threshold <1-99> frequency FREQUENCY \
... enabled true|false

threshold (mandatory)¶

The minimum free disk space in percentage of the total space.

threshold <1-99>

frequency¶

Check for free disk space every <frequency> period.

frequency FREQUENCY

FREQUENCY

Value in seconds or optionnally suffixed by one of s (for seconds), m (for minutes), h (for hours), d (for days) or w (for weeks).

Default value: 5m

enabled¶

Enable or disable disk space monitoring.

enabled true|false

Default value: true

load-check¶

Enables monitoring of the load average and trigger notifications if it goes above the specified thresholds.

vsr running config# vrf <vrf> snmp traps
vsr running traps# load-check threshold <uint16> enabled true|false

threshold (mandatory)¶

The maximum system load average.

threshold <uint16>

enabled¶

Enable or disable system load monitoring.

enabled true|false

Default value: true