Juniper SNMPv2 on routing instance

When I need to configure SNMPv2 on a Juniper device and routing instance is involved, I always forget to enable some knobs. Here is a quick one which allowed me to query an EX switch through its VR (in my example VR name is ISP1). You can also specify your specific VR name under “routing-instance-access” too.

root@host# show snmp
client-list allowed-sources {;;
community test123 {
    authorization read-only;
    routing-instance ISP1 {
        client-list-name allowed-sources;

If you don’t do this properly you will get two errors like below:

 SNMPD_AUTH_RESTRICTED_ADDRESS: nsa_initial_callback: request from address not allowed 

Even after configuring you may get an error such as below;

SNMPD_AUTH_FAILURE: nsa_initial_embedcomm: unauthorized SNMP community from

which means you don’t use the correct SNMP community formatted for routing instance. You should send the SNMP community as “ISP1@test123” i.e routing-instance-name@community instead of just test123

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE

2 thoughts on “Juniper SNMPv2 on routing instance”

  1. it only contain routing-instance interface, if you want pull global /default interface . you should you use @test123 community

You have a feedback?