• 0
Sign in to follow this  
Michael Dieter

Juniper EX Virtual Chassis SNMP v3 monitoring after a change in RE mastership ????

Question

  • 0

Can anyone share how they have solved the problem of maintaining SNMP v3 auth/Priv connectivity between LM collectors and a virtual chassis after there is a change in the RE mastership?

Juniper offers 3 methods to set the local engine id:

1)enter no config, and automatically the default ip address of the RE at the time of configuration is used --> communication will fail as soon as this RE is no longer the master RE

2)set a value for the local engine id: this produces some interoperability issue between LM and the virtual chassis --> no snmp-discoverable datasources ever get discovered even though the switch logs no indication of SNMP credential failure

3)use the MAC of the management ethernet port: well, this one will change too as soon as there is a change in RE mastership.

I have an open case with Juniper support but I am sort of getting the run-around from them and there brand -new documentation support site is the equivalent of a Byzantine Labyrinth.

Any ideas, feedback or comments are appreciated.

Thanks.

Share this post


Link to post
Share on other sites

2 answers to this question

Recommended Posts

  • 0

Can anyone share how they have solved the problem of maintaining SNMP v3 auth/Priv connectivity between LM collectors and a virtual chassis after there is a change in the RE mastership?

Juniper offers 3 methods to set the local engine id:

1)enter no config, and automatically the default ip address of the RE at the time of configuration is used --> communication will fail as soon as this RE is no longer the master RE

2)set a value for the local engine id: this produces some interoperability issue between LM and the virtual chassis --> no snmp-discoverable datasources ever get discovered even though the switch logs no indication of SNMP credential failure

3)use the MAC of the management ethernet port: well, this one will change too as soon as there is a change in RE mastership.

I have an open case with Juniper support but I am sort of getting the run-around from them and there brand -new documentation support site is the equivalent of a Byzantine Labyrinth.

Any ideas, feedback or comments are appreciated.

Thanks.

Share this post


Link to post
Share on other sites
  • 0

Resolution reached: finally walked away in frustration from attempting to use SNMPV3 and Juniper EX Virtual Chassis.

After extensive work with Juniper support, I discovered that even Advanced JTAC does not know how to make this work. While it is possible that LM SNMP operation might contribute to an interoperability issue, I am not interested in a line-by-line validation of adherence to RFCs. Regardless, I have serious doubts about Juniper's ability to preserve SNMPV3 communication across Virtual-Chassis Routing Engine mastership changes.

SNMPV3 works very well with stand-alone devices...but I do not recommend it for use in Virtual Chassis.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this