3.2.35. snmp¶
SNMP configuration.
vsr running config# vrf <vrf> snmp
enabled (pushed)¶
Enable or disable the SNMP engine.
vsr running config# vrf <vrf> snmp
vsr running snmp# enabled true|false
- Default value
true
interface-ignore¶
SNMP will ignore interfaces whose names start with this prefix in MIBs EtherLike-MIB, the IF-MIB, and the IP-MIB mibs. By default, all interfaces are monitored.
vsr running config# vrf <vrf> snmp
vsr running snmp# interface-ignore INTERFACE-IGNORE
|
An interface name. |
engine-id¶
Define SNMP entity engine id. The engine id will look like 0x80 concatenated with the hex value of the type used to build.
vsr running config# vrf <vrf> snmp engine-id
text¶
Build engine id from the text.
vsr running config# vrf <vrf> snmp engine-id
vsr running engine-id# text <string>{1,32}
ipv4¶
Build engine id from host’s IPv4 addr.
vsr running config# vrf <vrf> snmp engine-id
vsr running engine-id# ipv4
ipv6¶
Build engine id from host’s IPv6 addr.
vsr running config# vrf <vrf> snmp engine-id
vsr running engine-id# ipv6
interface¶
Build engine id from the interface’s mac addr.
vsr running config# vrf <vrf> snmp engine-id
vsr running engine-id# interface <string>
listen¶
Configuration of the transport endpoint on which the engine listens.
vsr running config# vrf <vrf> snmp listen
protocols¶
The protocols used for connecting to the SNMP agent.
vsr running config# vrf <vrf> snmp listen
vsr running listen# protocols PROTOCOLS
|
Description |
---|---|
|
UDP. |
|
TCP. |
|
UDPv6. |
|
TCPv6. |
- Default value
udp
port¶
The TCP or UDP port on which the engine listens.
vsr running config# vrf <vrf> snmp listen
vsr running listen# port PORT
|
A 16-bit port number used by a transport protocol such as TCP or UDP. |
- Default value
161
source¶
Restrict access to requests from the specified address.
vsr running config# vrf <vrf> snmp listen
vsr running listen# source SOURCE
|
Description |
---|---|
|
An IPv4 address. |
|
An IPv6 address. |
static-info¶
Most of the information reported by the SNMP agent is retrieved from the underlying system. However, certain MIB objects can be configured with a static value.
vsr running config# vrf <vrf> snmp static-info
location¶
System location (sysLocation.0) object value.
vsr running config# vrf <vrf> snmp static-info
vsr running static-info# location <string>
contact¶
System contact (sysContact.0) object value.
vsr running config# vrf <vrf> snmp static-info
vsr running static-info# contact <string>
name¶
System name (sysName.0) object value.
vsr running config# vrf <vrf> snmp static-info
vsr running static-info# name <string>
services¶
Value of the sysServices.0 object. For a host system, a good value is 72 (application + end-to-end layers).
vsr running config# vrf <vrf> snmp static-info
vsr running static-info# services <uint8>
description¶
System description of the SNMP agent (sysDescr.0).
vsr running config# vrf <vrf> snmp static-info
vsr running static-info# description <string>
object-id¶
System OID (sysObjectOID.0) object value.
vsr running config# vrf <vrf> snmp static-info
vsr running static-info# object-id OBJECT-ID
|
SNMP object identifier either as a label or numeric form. |
view¶
A named ‘view’ - a subset of the overall OID tree.
vsr running config# vrf <vrf> snmp view <string>
|
The name of the view. |
subtree¶
A part of the OID tree to include or exclude from the view.
vsr running config# vrf <vrf> snmp view <string>
vsr running view <string># subtree <subtree> included true|false
|
SNMP object identifier either as a label or numeric form. |
community¶
An SNMPv1 or SNMPv2c community.
vsr running config# vrf <vrf> snmp community <string>
|
The name of the community. |
authorization (mandatory)¶
The authorization level of the community.
vsr running config# vrf <vrf> snmp community <string>
vsr running community <string># authorization AUTHORIZATION
|
Description |
---|---|
|
Read-only (GET and GETNEXT) access. |
|
Read-write (GET, GETNEXT and SET) access. |
source¶
Restrict access to requests from the specified address or prefix list.
vsr running config# vrf <vrf> snmp community <string>
vsr running community <string># source SOURCE
|
Description |
---|---|
|
The ipv4-address type represents an IPv4 address in dotted-quad notation. The IPv4 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format for the zone index is the numerical format |
|
The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation. The IPv6 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format of IPv6 addresses uses the textual representation defined in Section 4 of RFC 5952. The canonical format for the zone index is the numerical format as described in Section 11.2 of RFC 4007. |
|
The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitly or may depend on the configuration of the resolver. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be A-labels as per RFC 5890. |
|
An IPv4 prefix: address and CIDR mask. |
|
An IPv6 prefix: address and CIDR mask. |
view¶
Restricts access for that community to the subtree rooted at the given view name. If not specified, the community has access to the whole OID tree.
vsr running config# vrf <vrf> snmp community <string>
vsr running community <string># view <leafref>
monitored-vrf¶
Monitored VRF.
vsr running config# vrf <vrf> snmp monitored-vrf <string>
|
The name of the monitored VRF. Included in the SNMPv3 TRAPs and SNMPv3 INFORMs notifications from this VRF (as context). |
interface-ignore¶
SNMP will ignore interfaces whose names start with this prefix in MIBs EtherLike-MIB, the IF-MIB, and the IP-MIB mibs. By default, all interfaces are monitored.
vsr running config# vrf <vrf> snmp monitored-vrf <string>
vsr running monitored-vrf <string># interface-ignore INTERFACE-IGNORE
|
An interface name. |
identifier¶
Identifier to access the monitored VRF, acts as a community for SNMPv1 or SNMPv2c and as a context for SNMPv3.
vsr running config# vrf <vrf> snmp monitored-vrf <string> identifier <string>
|
The monitored VRF identifier (community for SNMPv1 or SNMPv2c and context for SNMPv3). |
authorization (mandatory)¶
The authorization level of the identifier.
vsr running config# vrf <vrf> snmp monitored-vrf <string> identifier <string>
vsr running identifier <string># authorization AUTHORIZATION
|
Description |
---|---|
|
Read-only (GET and GETNEXT) access. |
|
Read-write (GET, GETNEXT and SET) access. |
source¶
Restrict access to requests from the specified address or prefix list for SNMPv1 or SNMPv2.
vsr running config# vrf <vrf> snmp monitored-vrf <string> identifier <string>
vsr running identifier <string># source SOURCE
|
Description |
---|---|
|
The ipv4-address type represents an IPv4 address in dotted-quad notation. The IPv4 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format for the zone index is the numerical format |
|
The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation. The IPv6 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format of IPv6 addresses uses the textual representation defined in Section 4 of RFC 5952. The canonical format for the zone index is the numerical format as described in Section 11.2 of RFC 4007. |
|
The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitly or may depend on the configuration of the resolver. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be A-labels as per RFC 5890. |
|
An IPv4 prefix: address and CIDR mask. |
|
An IPv6 prefix: address and CIDR mask. |
view¶
Restricts access to the subtree rooted at the given view name. If not specified, the identifier has access to the whole OID tree.
vsr running config# vrf <vrf> snmp monitored-vrf <string> identifier <string>
vsr running identifier <string># view <leafref>
traps¶
Active monitoring and automatic notifications configuration.
vsr running config# vrf <vrf> snmp monitored-vrf <string> traps
destination¶
The destination of SNMPv1 TRAPs, SNMPv2c TRAP2s, SNMPv3 TRAPs, SNMPv2 INFORM or SNMPv3 INFORM notifications.
vsr running config# vrf <vrf> snmp monitored-vrf <string> traps destination <leafref>
|
The receiver address to use. |
community¶
The community string to use when sending traps to this destination.
vsr running config# vrf <vrf> snmp monitored-vrf <string> traps destination <leafref>
vsr running destination <leafref># community <leafref>
access-control¶
SNMPv3 access control configuration.
vsr running config# vrf <vrf> snmp access-control
user¶
An SNMPv3 user.
vsr running config# vrf <vrf> snmp access-control user <string>
|
The name of the user (securityName). |
auth-method¶
The authentication method.
vsr running config# vrf <vrf> snmp access-control user <string>
vsr running user <string># auth-method AUTH-METHOD
|
Description |
---|---|
|
MD5. |
|
SHA. |
- Default value
sha
priv-protocol¶
The encryption protocol.
vsr running config# vrf <vrf> snmp access-control user <string>
vsr running user <string># priv-protocol PRIV-PROTOCOL
|
Description |
---|---|
|
AES. |
|
DES. |
- Default value
aes
engine-id¶
An SNMP engine ID uniquely identifies an SNMP user. It is necessary to send SNMPv3 traps. However it must not be set for users who perform snmpget commands.
vsr running config# vrf <vrf> snmp access-control user <string>
vsr running user <string># engine-id <0x0000000001-0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe>
group¶
An SNMPv3 group.
vsr running config# vrf <vrf> snmp access-control group <string>
|
The name of the group. |
user (mandatory)¶
Name of a user to add to this group.
vsr running config# vrf <vrf> snmp access-control group <string>
vsr running group <string># user <leafref>
security-level (mandatory)¶
The security level enforced on this group.
vsr running config# vrf <vrf> snmp access-control group <string>
vsr running group <string># security-level SECURITY-LEVEL
|
Description |
---|---|
|
Authentication is required. |
|
Authentication and encryption are required. |
view¶
Restricts access for that group to the subtree rooted at the given view name. If not specified, the group has access to the whole OID tree.
vsr running config# vrf <vrf> snmp access-control group <string>
vsr running group <string># view <leafref>
authorization¶
The authorization level of this group.
vsr running config# vrf <vrf> snmp access-control group <string>
vsr running group <string># authorization AUTHORIZATION
|
Description |
---|---|
|
Read-only (GET and GETNEXT) access. |
|
Read-write (GET, GETNEXT and SET) access. |
- Default value
read-only
traps¶
Active monitoring and automatic notifications configuration.
vsr running config# vrf <vrf> snmp traps
destination¶
Notification receiver that should be sent SNMPv1 TRAPs, SNMPv2c TRAP2s, SNMPv3 TRAPs, SNMPv2 INFORM or SNMPv3 INFORM notifications.
vsr running config# vrf <vrf> snmp traps
vsr running traps# destination <destination> source SOURCE port PORT protocol PROTOCOL \
... notification-type NOTIFICATION-TYPE community <leafref> user <leafref>
|
Description |
---|---|
|
The ipv4-address type represents an IPv4 address in dotted-quad notation. The IPv4 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format for the zone index is the numerical format |
|
The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation. The IPv6 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format of IPv6 addresses uses the textual representation defined in Section 4 of RFC 5952. The canonical format for the zone index is the numerical format as described in Section 11.2 of RFC 4007. |
|
The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitly or may depend on the configuration of the resolver. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be A-labels as per RFC 5890. |
source¶
The source IP used to reach the receiver.
source SOURCE
|
Description |
---|---|
|
An IPv4 address. |
|
An IPv6 address. |
port¶
The port number of the host where to send the traps.
port PORT
|
A 16-bit port number used by a transport protocol such as TCP or UDP. |
- Default value
162
protocol¶
The protocol used to connect to the destination host.
protocol PROTOCOL
|
Description |
---|---|
|
UDP. |
|
TCP. |
|
UDPv6. |
|
TCPv6. |
- Default value
udp
notification-type (mandatory)¶
The type of notifications that is to be sent to the specified host.
notification-type NOTIFICATION-TYPE
|
Description |
---|---|
|
Send SNMPv1 TRAPs to the specified host. |
|
Send SNMPv2c TRAP2s to the specified host. |
|
Send SNMPv3 TRAPs to the specified host. |
|
Send SNMPv2 INFORM notifications to the specified host. |
|
Send SNMPv3 INFORM notifications to the specified host. |
community¶
The community string to use when sending traps to this destination. Mandatory for SNMPv1 TRAPs, SNMPv2c TRAP2s and SNMPv2 INFORM.
community <leafref>
user¶
The user name to use when sending traps to this destination. Mandatory for SNMPv3 TRAP3s and SNMPv3 INFORM3s.
user <leafref>
authfail-check¶
Monitor authentication failures.
vsr running config# vrf <vrf> snmp traps
vsr running traps# authfail-check enabled true|false
enabled¶
Enable or disable authentication failures monitoring.
enabled true|false
- Default value
true
link-status-check¶
Monitor network interfaces being taken up or down, triggering a linkUp or linkDown notification as appropriate.
vsr running config# vrf <vrf> snmp traps
vsr running traps# link-status-check frequency FREQUENCY enabled true|false
frequency¶
Check for network interfaces being taken up or down every <frequency> period.
frequency FREQUENCY
|
Value in seconds or optionnally suffixed by one of s (for seconds), m (for minutes), h (for hours), d (for days) or w (for weeks). |
- Default value
60s
process-check¶
Monitor the important processes of the system, triggering a notification when one of them is not alive.
vsr running config# vrf <vrf> snmp traps
vsr running traps# process-check frequency FREQUENCY enabled true|false
frequency¶
Check for network interfaces being taken up or down every <frequency> period.
frequency FREQUENCY
|
Value in seconds or optionnally suffixed by one of s (for seconds), m (for minutes), h (for hours), d (for days) or w (for weeks). |
- Default value
2s
disk-space-check¶
Enables monitoring of all disks found on the system, using the specified (percentage) threshold.
vsr running config# vrf <vrf> snmp traps
vsr running traps# disk-space-check threshold <1-99> frequency FREQUENCY \
... enabled true|false
threshold (mandatory)¶
The minimum free disk space in percentage of the total space.
threshold <1-99>
frequency¶
Check for free disk space every <frequency> period.
frequency FREQUENCY
|
Value in seconds or optionnally suffixed by one of s (for seconds), m (for minutes), h (for hours), d (for days) or w (for weeks). |
- Default value
5m
load-check¶
Enables monitoring of the load average and trigger notifications if it goes above the specified thresholds.
vsr running config# vrf <vrf> snmp traps
vsr running traps# load-check threshold <uint16> enabled true|false