Juniper SNMPv2 on routing instance

When I need to configure SNMPv2 on a Juniper device and routing instance is involved, I always forget to enable some knobs. Here is a quick one which allowed me to query an EX switch through its VR (in my example VR name is ISP1). You can also specify your specific VR name under “routing-instance-access” too.

root@host# show snmp
client-list allowed-sources {
    10.1.1.1/32;
    10.2.2.2/32;
}
community test123 {
    authorization read-only;
    routing-instance ISP1 {
        client-list-name allowed-sources;
    }
}
routing-instance-access;

If you don’t do this properly you will get two errors like below:

 SNMPD_AUTH_RESTRICTED_ADDRESS: nsa_initial_callback: request from address 10.1.1.1 not allowed 

Even after configuring you may get an error such as below;

SNMPD_AUTH_FAILURE: nsa_initial_embedcomm: unauthorized SNMP community from 10.1.1.1

which means you don’t use the correct SNMP community formatted for routing instance. You should send the SNMP community as “ISP1@test123” i.e routing-instance-name@community instead of just test123

About: rtoodtoo

Genco has worked for more than 10 years as a Network/Support Engineer. He is also interested in Python, Linux, Security and SD-WAN, currently lives in the Netherlands and works as a Network Support Engineer at Tesla Inc. // JNCIE-SEC #223 / RHCE / PCNSE


You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.