Set v3 vacm access group ADMIN default-context-prefix security-model any security-level privacy write-view ADMIN-VIEW
Set v3 vacm access group ADMIN default-context-prefix security-model any security-level privacy read-view ADMIN-VIEW Set v3 vacm security-to-group security-model usm security-name SNMPv3Guest group GUEST Set v3 vacm security-to-group security-model usm security-name SNMPv3Admin group ADMIN
Set v3 usm local-engine user SNMPv3Admin privacy-aes128 privacy-key "$9$7gV24jHqf1hu0" Set v3 usm local-engine user SNMPv3Admin authentication-sha authentication-key "$9$R6jSKM-VwgaZ7NwgJZkq39puEhevW8NdgoJHkPX7qm" Set v3 usm local-engine user SNMPv3Guest privacy-aes128 privacy-key "$9$MnhXdbaZUH.P4oUHmP3nM8jiH5QFn/AtO/9"
Set v3 usm local-engine user SNMPv3Guest authentication-sha authentication-key "$9$IgtcevNdb2oJx7b2aJHiHmLxk." I'm to the point where I may just have to schedule an snmp restart job once a week during a maintenance window if we can't get this figured out.Īny ideas? show configuration snmp | display set relative As soon as we restart it, the tcpdump and wireshark will show the spoofed traps. I've found that simply issuing the "restart snmp" command corrects the issue instantly. The other frustrating part is that we can easily fix it. No combination of rebooting the device or server replicates the issue. Whatever we do, we cannot get snmp to break when it is working. The frustrating thing is that we cannot replicate the issue. When spoofing a trap, I see no snmptraps coming out of the fxp0 port with a packet capture running. Additionally, I've put a network tap in line between the fxp0 port of our SRXs and the access port on the switch. The device will say that it generates a trap, but the tcpdump does not ever see the trap come in. To prove this, my team has ran a tcpdump on the Junos Space server and then spoofed traps from the devices. So, what we notice is that periodically the devices seem to randomly stop sending traps. I'm curious if anyone else has seen anything similar. I've had several tickets open with Juniper on this and the problem has yet to be solved. The problem that we continually see is that our monitoring servers stop receiving traps from these devices. I've been seeing an ongoing problem with Juniper EX4300s and SRX 3s.
0 kommentar(er)
