In this continuing story about Junos and virtual routers an episode about SNMPv3.
A simple SNMPv3 config for Junos would be the following:
set snmp v3 usm local-engine user authpriv authentication-md5 authentication-password My_Password_01 set snmp v3 usm local-engine user authpriv privacy-aes128 privacy-password My_Password_02 set snmp v3 vacm security-to-group security-model usm security-name v3test group v3test set snmp v3 vacm security-to-group security-model usm security-name authpriv group v3test set snmp v3 vacm access group v3test default-context-prefix security-model any security-level authentication read-view v3testview set snmp v3 vacm access group v3test default-context-prefix security-model any security-level authentication write-view v3testview set snmp v3 vacm access group v3test default-context-prefix security-model any security-level authentication notify-view v3testview set snmp v3 vacm access group v3test default-context-prefix security-model any security-level privacy read-view v3testview set snmp v3 vacm access group v3test default-context-prefix security-model any security-level privacy write-view v3testview set snmp v3 vacm access group v3test default-context-prefix security-model any security-level privacy notify-view v3testview set snmp v3 snmp-community v3test security-name v3test set snmp view v3testview oid system include set snmp view v3testview oid .1 include
Authenticating with the correct credentials (U: authpriv, P: My_Password_01) will give results in a single (default) virtual router.
Using this config in a multiple VR environment will result in Authentication and/or authorization errors. Reason being the not using the root/single VR configuration.
Adding some details to the config, AND altering the actual SNMPv3 query will solve that.
set snmp v3 usm local-engine user authpriv authentication-md5 authentication-password My_Password_01 set snmp v3 usm local-engine user authpriv privacy-aes128 privacy-password My_Password_02 set snmp v3 vacm security-to-group security-model usm security-name authpriv group v3test set snmp v3 vacm access group v3test context-prefix DEFAULT security-model any security-level authentication read-view v3testview set snmp v3 vacm access group v3test context-prefix DEFAULT security-model any security-level authentication write-view v3testview set snmp v3 vacm access group v3test context-prefix DEFAULT security-model any security-level authentication notify-view v3testview set snmp v3 vacm access group v3test context-prefix DEFAULT security-model any security-level privacy read-view v3testview set snmp v3 vacm access group v3test context-prefix DEFAULT security-model any security-level privacy write-view v3testview set snmp v3 vacm access group v3test context-prefix DEFAULT security-model any security-level privacy notify-view v3testview set snmp v3 snmp-community v3test security-name v3test set snmp view v3testview oid system include set snmp view v3testview oid .1 include set snmp routing-instance-access access-list DEFAULT
The main differences are:
- context-prefix <VR-NAME>
- snmp routing-instant-access access-list <VR-NAME>
Having done that, AND adding a context parameter to the actual query will give the correct results.