{"id":941,"date":"2019-11-06T23:52:09","date_gmt":"2019-11-06T20:52:09","guid":{"rendered":"https:\/\/isp-tech.ru\/?p=941"},"modified":"2021-04-19T23:43:46","modified_gmt":"2021-04-19T20:43:46","slug":"juniper-snmp-from-routing-instance","status":"publish","type":"post","link":"https:\/\/isp-tech.ru\/en\/juniper-snmp-from-routing-instance\/","title":{"rendered":"Juniper SNMP and Tacacs+ in routing-instance."},"content":{"rendered":"\n<p>Recently, while setting up one more Juniper <a href=\"https:\/\/isp-tech.ru\/en\/switch-asic\/juniper-qfx5100\/\">QFX5100<\/a> switch, i have run in to interesting case.<br>Since the switch was prepared as a classic TOR switch for IP fabric, it was necessary to place management to a routing-instance.<\/p>\n\n\n\n<p>In Junos,  SNMP access from routing-instance is disabled by default. To enable it, the following configuration is required:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n&#x5B;edit snmp]\nrouting-instance-access;\n<\/pre><\/div>\n\n\n<p> Full SNMP config :<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nsnmp {\n    name test1;\n    location MSK;\n    community public {\n        authorization read-only;\n        clients {\n            1.1.1.2\/32;\n        }\n        routing-instance mng-vrf {\n            clients {\n                1.1.1.2\/32;\n            }\n        }\n    }\n    routing-instance-access;\n}\n<\/pre><\/div>\n\n\n<p>When polling via SNMP, you must specify routing-instance  name in the community, separeted by &#8220;@&#8221;. Switch will return data only for those interfaces, that belongs to this routing-instance:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nsnmpwalk -v2c -c mng-vrf@public 10.2.2.1 .1.3.6.1.2.1.2.2 \n<\/pre><\/div>\n\n\n<p>You can also poll interfaces in the default routing-instance:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nsnmpwalk -v2c -c default@public 10.2.2.1 .1.3.6.1.2.1.2.2 \n<\/pre><\/div>\n\n\n<p>To poll all interfaces at once, regardless of belonging to routing-instance:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nsnmpwalk -v2c -c @public 10.2.2.1 .1.3.6.1.2.1.2.2 \n<\/pre><\/div>\n\n\n<p>Junos has another nice feature &#8211; filtering  interfaces from SNMP polling.<br> Useful if you are too lazy to configure regular expressions in Zabbix:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nsnmp { \nfilter-interfaces {\n        interfaces {\n            &quot;^ae&#x5B;0-9]*.0&quot;;\n            &quot;^xe-0\/0\/&#x5B;0-9]*.0&quot;;\n        }\n        all-internal-interfaces;\n    }\n }  \n<\/pre><\/div>\n\n\n<p>Using this configuration, we will exclude  0 units of the interfaces ae *, and xe-0\/0 \/ * (for example, ae0.0 or xe-0\/0\/8.0)  and all internal interfaces from SNMP polling. Only ae * and xe-0\/0 \/ * will be polled.<\/p>\n\n\n\n<p>Now basic configuration of SNMP in the routing-instance is complete, so let&#8217;s move on to setting up Tacacs.<\/p>\n\n\n\n<p>Tacacs + in any routing-instance is supported only from Junos 18.2R1 and later.<br>To configure Tacacs+, you just need to specify the required routing-instance:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nsystem {\n    authentication-order &#x5B; tacplus password ];\n    tacplus-server {\n        1.1.1.2 {\n            routing-instance mng-vrf;\n            port 49;\n            secret &quot;$9******************&quot;; ## SECRET-DATA\n            timeout 10;\n            single-connection;\n            source-address 10.2.2.1;\n        }\n    }\n}\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"<p>Recently, while setting up one more Juniper QFX5100 switch, i have run in to interesting case.Since the switch was prepared as a classic TOR switch for IP fabric, it was necessary to place management to a routing-instance. In Junos, SNMP access from routing-instance is disabled by default. To enable it, the following configuration is required:\u2026 <span class=\"read-more\"><a href=\"https:\/\/isp-tech.ru\/en\/juniper-snmp-from-routing-instance\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[11],"tags":[26,24,25,14],"class_list":["post-941","post","type-post","status-publish","format-standard","hentry","category-general-juniper","tag-routing-instance","tag-snmp","tag-tacacs","tag-juniper"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Juniper SNMP and Tacacs+ in routing-instance configuration- isp-tech.ru<\/title>\n<meta name=\"description\" content=\"How to configure Juniper SNMP in routing-instance. How to configure Juniper Tacacs+ in routing-instance. Configuration samples.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/isp-tech.ru\/en\/juniper-snmp-from-routing-instance\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/isp-tech.ru\/#\/schema\/person\/bfc8f447cee1b54cc04a263ed0673363\"},\"headline\":\"Juniper SNMP and Tacacs+ in routing-instance.\",\"datePublished\":\"2019-11-06T20:52:09+00:00\",\"dateModified\":\"2021-04-19T20:43:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/\"},\"wordCount\":397,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/isp-tech.ru\/#\/schema\/person\/bfc8f447cee1b54cc04a263ed0673363\"},\"keywords\":[\"Routing-instance\",\"SNMP\",\"Tacacs+\",\"Juniper\"],\"articleSection\":[\"General\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/\",\"url\":\"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/\",\"name\":\"Juniper SNMP and Tacacs+ in routing-instance configuration- isp-tech.ru\",\"isPartOf\":{\"@id\":\"https:\/\/isp-tech.ru\/#website\"},\"datePublished\":\"2019-11-06T20:52:09+00:00\",\"dateModified\":\"2021-04-19T20:43:46+00:00\",\"description\":\"How to configure Juniper SNMP in routing-instance. How to configure Juniper Tacacs+ in routing-instance. Configuration samples.\",\"breadcrumb\":{\"@id\":\"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\",\"item\":\"https:\/\/isp-tech.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Juniper SNMP and Tacacs+ in routing-instance.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/isp-tech.ru\/#website\",\"url\":\"https:\/\/isp-tech.ru\/\",\"name\":\"isp-tech.ru\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/isp-tech.ru\/#\/schema\/person\/bfc8f447cee1b54cc04a263ed0673363\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/isp-tech.ru\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/isp-tech.ru\/#\/schema\/person\/bfc8f447cee1b54cc04a263ed0673363\",\"name\":\"admin\",\"logo\":{\"@id\":\"https:\/\/isp-tech.ru\/#\/schema\/person\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Juniper SNMP and Tacacs+ in routing-instance configuration- isp-tech.ru","description":"How to configure Juniper SNMP in routing-instance. How to configure Juniper Tacacs+ in routing-instance. Configuration samples.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/isp-tech.ru\/en\/juniper-snmp-from-routing-instance\/","twitter_misc":{"Written by":"admin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/#article","isPartOf":{"@id":"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/"},"author":{"name":"admin","@id":"https:\/\/isp-tech.ru\/#\/schema\/person\/bfc8f447cee1b54cc04a263ed0673363"},"headline":"Juniper SNMP and Tacacs+ in routing-instance.","datePublished":"2019-11-06T20:52:09+00:00","dateModified":"2021-04-19T20:43:46+00:00","mainEntityOfPage":{"@id":"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/"},"wordCount":397,"commentCount":0,"publisher":{"@id":"https:\/\/isp-tech.ru\/#\/schema\/person\/bfc8f447cee1b54cc04a263ed0673363"},"keywords":["Routing-instance","SNMP","Tacacs+","Juniper"],"articleSection":["General"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/","url":"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/","name":"Juniper SNMP and Tacacs+ in routing-instance configuration- isp-tech.ru","isPartOf":{"@id":"https:\/\/isp-tech.ru\/#website"},"datePublished":"2019-11-06T20:52:09+00:00","dateModified":"2021-04-19T20:43:46+00:00","description":"How to configure Juniper SNMP in routing-instance. How to configure Juniper Tacacs+ in routing-instance. Configuration samples.","breadcrumb":{"@id":"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/isp-tech.ru\/juniper-snmp-from-routing-instance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430","item":"https:\/\/isp-tech.ru\/"},{"@type":"ListItem","position":2,"name":"Juniper SNMP and Tacacs+ in routing-instance."}]},{"@type":"WebSite","@id":"https:\/\/isp-tech.ru\/#website","url":"https:\/\/isp-tech.ru\/","name":"isp-tech.ru","description":"","publisher":{"@id":"https:\/\/isp-tech.ru\/#\/schema\/person\/bfc8f447cee1b54cc04a263ed0673363"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/isp-tech.ru\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/isp-tech.ru\/#\/schema\/person\/bfc8f447cee1b54cc04a263ed0673363","name":"admin","logo":{"@id":"https:\/\/isp-tech.ru\/#\/schema\/person\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/isp-tech.ru\/en\/wp-json\/wp\/v2\/posts\/941","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/isp-tech.ru\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/isp-tech.ru\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/isp-tech.ru\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/isp-tech.ru\/en\/wp-json\/wp\/v2\/comments?post=941"}],"version-history":[{"count":59,"href":"https:\/\/isp-tech.ru\/en\/wp-json\/wp\/v2\/posts\/941\/revisions"}],"predecessor-version":[{"id":1067,"href":"https:\/\/isp-tech.ru\/en\/wp-json\/wp\/v2\/posts\/941\/revisions\/1067"}],"wp:attachment":[{"href":"https:\/\/isp-tech.ru\/en\/wp-json\/wp\/v2\/media?parent=941"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/isp-tech.ru\/en\/wp-json\/wp\/v2\/categories?post=941"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/isp-tech.ru\/en\/wp-json\/wp\/v2\/tags?post=941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}