I have a Juniper MX router that is accepting SNMP requests. Problem is I am sending UDP requests to one interface, and it is replying on another. The target IP is that which is assigned to lo0.1 but the router is replying on lo0.0. This is problematic as the IP address for lo0.0 is what is specified on an exterior firewall. Is there a way to define what interface needs to reply to the snmp requests?
Asked
Active
Viewed 2,292 times
8
3 Answers
2
Junos can't have multiple loopback interfaces in the same routing-instance, so you'll need to enable snmp in routing-instances first:
set snmp routing-instance-access
Obviously you'll also need a route inside your routing-instance that will get return traffic back to your SNMP poller.
Benjamin Dale
- 9,421
- 17
- 46
0
Not being a JunOS expert, but in Cisco-land the snmp source-address x.x.x.x command would fix your issue. Here's the JunOS documentation I was able to locate:
Syntax
source-address address;
Hierarchy Level
[edit snmp trap-options]
cpt_fink
- 1,470
- 7
- 17
-
if I understand the problem, he is sending SNMP get or walks to one address, and receives replies from another. SNMP get!=trap; your answer talks about traps. I wonder whether this is a problem that could be solved by polling a different loopback – Mike Pennington May 06 '15 at 02:54
-
That was the part that confused me, how would an SNMP system (or any IP system...) respond to a request with a different source IP address and expect the conversation to complete correctly? – cpt_fink May 06 '15 at 03:07
-
2So the option he has configured (default-address-selection) will take any system service (SNMP, NTP, whatever) and use the Loopback address as the source, instead of the interface. UNLESS, you specifically set source-address flags under each service, the unfortunate part is that this is supported by SNMP traps ONLY, not the gets/walks. Even pings to interfaces will have a different source address if this is enabled, so you have to be careful. If default-address-selection were removed, the interface IP would be the source (this is default). – Jordan Head May 06 '15 at 18:33
-1
The router is going to reply to the source IP address of the SNMP packet, right? I imagine that you would look in the routing table for the route to the subnet of the source packet to determine where the response goes. Normally, this would be the same interface that it received that packet on. You could always to some type of policy-based routing where you could force traffic desitned to [source address of SNMP packet] out of interface [whichever].
Hope that helps.
Ronnie Royston
- 4,399
- 1
- 12
- 28
-
4
-
@MikePennington It's not an SNMP problem. It's a routing problem. Right? – Ronnie Royston May 04 '15 at 15:51
-
2
What would have to change with the firewall in order for the return traffic to be okay on lo0.0, or is it another concern?
– Jordan Head Mar 31 '15 at 15:54lo0.0&lo0.1and the configuration lines of yoursnmpserver configuration? – dan Jul 05 '15 at 10:36