Juniper防火墙基于带外管理实例配置SNMP服务(mgmt_junos)
作者:互联网
测试TOP
PC(172.27.22.10)---- (fxp0:172.27.22.117)SRX
(1)、 配置防火墙fxp0接口到mgmt_junos实例(远程操作需谨慎,同时添加完配置后用commit confirmed ,修改配置)
root@SRX4200# show interfaces fxp0 | display set >>>带外管理接口IP地址配置
set interfaces fxp0 unit 0 family inet address 172.27.22.119/25
root@SRX4200# show system management-instance | display set >>>配置mgmt_junos实例,配置完后fxp0接口自动到mgmt_junos实例
set system management-instance
root@SRX4200# show routing-instances mgmt_junos | display set >>>在mgmt_junos实例中添加,带外管理路由
set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 172.27.22.1
(2)、确认fxp0路由是否在mgmt_junos路由表中
{primary:node0}[edit]
root@SRX4200# run show route 172.27.22.119
mgmt_junos.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
- = Active Route, - = Last Active, * = Both
172.27.22.119/32 *[Local/0] 5w0d 21:21:33
Local via fxp0.0
(3)、防火墙配置SNMP v2配置
root@SRX4200# show snmp | display set
set snmp community public authorization read-only
set snmp community public routing-instance mgmt_junos
set snmp routing-instance-access
可选:指定源IP配置:
set snmp community public clients 172.27.22.10/32
(4)、PC模拟SNMP服务器,向SRX防火墙读SNMP状态
-
读取大量的SNMP状态
Yus-MacBook-Pro:~ root# snmpwalk -v 2c -c public 172.27.22.119 .1
iso.0.8802.1.1.1.1.1.1.0 = INTEGER: 0
iso.0.8802.1.1.2.1.1.1.0 = INTEGER: 30
iso.0.8802.1.1.2.1.1.2.0 = INTEGER: 4
iso.0.8802.1.1.2.1.1.3.0 = INTEGER: 2
iso.0.8802.1.1.2.1.1.4.0 = INTEGER: 0
iso.0.8802.1.1.2.1.1.5.0 = INTEGER: 5
iso.0.8802.1.1.2.1.2.1.0 = Timeticks: (0) 0:00:00.00
iso.0.8802.1.1.2.1.2.2.0 = Gauge32: 0
iso.0.8802.1.1.2.1.2.3.0 = Gauge32: 0
iso.0.8802.1.1.2.1.2.4.0 = Gauge32: 0
iso.0.8802.1.1.2.1.2.5.0 = Gauge32: 0
iso.0.8802.1.1.2.1.3.1.0 = INTEGER: 4
iso.0.8802.1.1.2.1.3.2.0 = Hex-STRING: 00 10 DB FF 10 00
iso.0.8802.1.1.2.1.3.3.0 = STRING: "SRX4200"
iso.0.8802.1.1.2.1.3.4.0 = STRING: "Juniper Networks, Inc. srx4200 internet router, kernel JUNOS 18.4R3-S4.2, Build date: 2020-06-25 17:34:14 UTC Copyright (c) 1996-2020 Juniper Networks, Inc."
<.......> - 读取特定MIB OID的状态
Yus-MacBook-Pro:~ root# snmpwalk -v 2c -c public 172.27.22.119 1.3.6.1.2.1.1.5.0
SNMPv2-MIB::sysName.0 = STRING: SRX4200
Yus-MacBook-Pro:~ root# snmpwalk -v 2c -c public 172.27.22.119 1.3.6.1.4.1.2636.3.1.3.0
SNMPv2-SMI::enterprises.2636.3.1.3.0 = STRING: "DK2317AR0016"
Yus-MacBook-Pro:~ root#
(5)、防火墙上看到的状态
root@SRX4200> set cli timestamp
Mar 16 10:26:58
CLI timestamp set to: %b %d %T
{primary:node0}
root@SRX4200> show snmp mib get sysName.0
Mar 16 10:27:00
sysName.0 = SRX4200
{primary:node0}
root@SRX4200> show snmp mib get jnxBoxSerialNo.0
Mar 16 10:27:03
jnxBoxSerialNo.0 = DK2317AR0016
{primary:node0}
root@SRX4200>
(6)、SNMP服务器和防火墙SNMP状态截图
-
SRX SNMP debug的输出
set snmp traceoptions file snmp-debug
set snmp traceoptions file size 10m
set snmp traceoptions flag all -
SRX支持从mgmt_junos VR读取到NMP状态(仅测试参考)
SRX测试平台: SRX4200
SRX测试版本: 18.4R3-S4.2 - 其它的NTP、DNS、RADIUS、TACASA+等管理配置请参考链接
[SRX] Example - Management instance configuration for SRX devices
https://kb.juniper.net/InfoCenter/index?page=content&id=KB36101&cat=SRX320&actp=LIST
标签:set,带外,1.2,snmp,mgmt,SNMP,Juniper,root,8802.1 来源: https://blog.51cto.com/ciscosyh/2661283