DescriptionAccess to certain SNMP OIDs on Juniper Switches are required in order to allow for proper management. Otherwise, functions such as Layer 2 and Layer 3 polling, reading and changing VLANs, etc will not work properly.
ScopeVersion: 8.xSolutionIf restricting access, grant the proper permissions using a similar configuration as below on the switch:
set snmp view NAC-View oid sysDescr.0 include
set snmp view NAC-View oid sysObjectID.0 include
set snmp view NAC-View oid sysUpTime.0 include
set snmp view NAC-View oid sysContact.0 include
set snmp view NAC-View oid sysName.0 include
set snmp view NAC-View oid sysLocation.0 include
set snmp view NAC-View oid sysServices.0 include
set snmp view NAC-View oid 1.3.6.1.2.1.1.8 include
set snmp view NAC-View oid 1.3.6.1.2.1.2.2.1 include
set snmp view NAC-View oid jnxExVlanTag include
set snmp view NAC-View oid jnxExVlanName include
set snmp view NAC-View oid 1.3.6.1.2.1.17.4.3.1 include
set snmp view NAC-View oid 1.3.6.1.2.1.17.1.4 include
set snmp view NAC-View oid 1.3.6.1.2.1.17.7.1.4.5.1.1 include
set snmp view NAC-View oid 1.3.6.1.2.1.31.1.1.1 include
set snmp view NAC-View oid 1.3.6.1.2.1.17.7.1.2.2 include
set snmp view NAC-View oid 1.3.6.1.2.1.4.22.1.2 include
To verify access, use the appropriate snmpwalk command to test access or display the data contents of each individual SNMP OID table in the appliance CLI:
snmpwalk -v1 -c <R/W Community String> <ip address> <SNMP OID>
snmpwalk -v3 -u <username> -l <authpriv/authnopriv> -a <MD5/SHA> -A <password> -x <DES/AES> -X <password> <ipAddressOfDevice> <SNMP OID>
SNMP OID Use Descriptions
Switch system information:
sysDescr.0 (1.3.6.1.2.1.1.1)
sysObjectID.0 (1.3.6.1.2.1.1.2)
sysUpTime.0 (1.3.6.1.2.1.1.3)
sysContact.0 (1.3.6.1.2.1.1.4)
sysName.0 (1.3.6.1.2.1.1.5)
sysLocation.0 (1.3.6.1.2.1.1.6)
sysServices.0 (1.3.6.1.2.1.1.7)
sysORLastChange (1.3.6.1.2.1.1.8)
Populating Interface information:
1.3.6.1.2.1.2.2.1
jnxExVlanTag
jnxExVlanName
dot1dTpFdbEntry (1.3.6.1.2.1.17.4.3.1)
dot1dBasePortTable (1.3.6.1.2.1.17.1.4)
Reading VLANS:
dot1qPvid (1.3.6.1.2.1.17.7.1.4.5.1.1)
ifXEntry (1.3.6.1.2.1.31.1.1.1)
1.3.6.1.4.1.2636.3
Layer 2 Polling:
dot1qTpFdbTable (1.3.6.1.2.1.17.7.1.2.2)
Layer 3 Polling:
ipNetToMediaPhysAddress (1.3.6.1.2.1.4.22.1.2)