Juniper防火墙基于带外管理实例配置SNMP服务（mgmt_junos）（juniper防火墙主备切换命令）

Juniper防火墙基于带外管理实例配置SNMP服务（mgmt_junos）（juniper防火墙主备切换命令）

测试TOP

PC（172.27.22.10）---- （fxp0:172.27.22.117）SRX

(1)、 配置防火墙fxp0接口到mgmt_junos实例（远程操作需谨慎，同时添加完配置后用commit confirmed ，修改配置）root@SRX4200# show interfaces fxp0 | display set >>>带外管理接口IP地址配置set interfaces fxp0 unit 0 family inet address 172.27.22.119/25

root@SRX4200# show system management-instance | display set >>>配置mgmt_junos实例，配置完后fxp0接口自动到mgmt_junos实例set system management-instance

root@SRX4200# show routing-instances mgmt_junos | display set >>>在mgmt_junos实例中添加，带外管理路由set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 172.27.22.1

(2)、确认fxp0路由是否在mgmt_junos路由表中{primary:node0}[edit]root@SRX4200# run show route 172.27.22.119

mgmt_junos.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

= Active Route, - = Last Active, * = Both

172.27.22.119/32 *[Local/0] 5w0d 21:21:33Local via fxp0.0

(3)、防火墙配置SNMP v2配置root@SRX4200# show snmp | display set set snmp community public authorization read-onlyset snmp community public routing-instance mgmt_junosset snmp routing-instance-access

可选：指定源IP配置：set snmp community public clients 172.27.22.10/32

(4)、PC模拟SNMP服务器，向SRX防火墙读SNMP状态

读取大量的SNMP状态Yus-MacBook-Pro:~ root# snmpwalk -v 2c -c public 172.27.22.119 .1iso.0.8802.1.1.1.1.1.1.0 = INTEGER: 0iso.0.8802.1.1.2.1.1.1.0 = INTEGER: 30iso.0.8802.1.1.2.1.1.2.0 = INTEGER: 4iso.0.8802.1.1.2.1.1.3.0 = INTEGER: 2iso.0.8802.1.1.2.1.1.4.0 = INTEGER: 0iso.0.8802.1.1.2.1.1.5.0 = INTEGER: 5iso.0.8802.1.1.2.1.2.1.0 = Timeticks: (0) 0:00:00.00iso.0.8802.1.1.2.1.2.2.0 = Gauge32: 0iso.0.8802.1.1.2.1.2.3.0 = Gauge32: 0iso.0.8802.1.1.2.1.2.4.0 = Gauge32: 0iso.0.8802.1.1.2.1.2.5.0 = Gauge32: 0iso.0.8802.1.1.2.1.3.1.0 = INTEGER: 4iso.0.8802.1.1.2.1.3.2.0 = Hex-STRING: 00 10 DB FF 10 00 iso.0.8802.1.1.2.1.3.3.0 = STRING: "SRX4200"iso.0.8802.1.1.2.1.3.4.0 = STRING: "Juniper Networks, Inc. srx4200 internet router, kernel JUNOS 18.4R3-S4.2, Build date: 2020-06-25 17:34:14 UTC Copyright (c) 1996-2020 Juniper Networks, Inc."<.......> 读取特定MIB OID的状态Yus-MacBook-Pro:~ root# snmpwalk -v 2c -c public 172.27.22.119 1.3.6.1.2.1.1.5.0SNMPv2-MIB::sysName.0 = STRING: SRX4200Yus-MacBook-Pro:~ root# snmpwalk -v 2c -c public 172.27.22.119 1.3.6.1.4.1.2636.3.1.3.0SNMPv2-SMI::enterprises.2636.3.1.3.0 = STRING: "DK2317AR0016"Yus-MacBook-Pro:~ root#

(5)、防火墙上看到的状态root@SRX4200> set cli timestamp Mar 16 10:26:58CLI timestamp set to: %b %d %T

{primary:node0}root@SRX4200> show snmp mib get sysName.0 Mar 16 10:27:00sysName.0 = SRX4200

{primary:node0}root@SRX4200> show snmp mib get jnxBoxSerialNo.0 Mar 16 10:27:03jnxBoxSerialNo.0 = DK2317AR0016

{primary:node0}root@SRX4200>

(6)、SNMP服务器和防火墙SNMP状态截图

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。