我一直看到瞻博网络 EX4300 和 SRX 345 和 1500 存在问题。我们经常看到的问题是我们的监控服务器停止接收来自这些设备的陷阱。我已经向瞻博网络开了几张票,但问题尚未解决。我很好奇是否有其他人见过类似的东西。
因此,我们注意到设备似乎会定期随机停止发送陷阱。为了证明这一点,我的团队在 Junos Space 服务器上运行了一个 tcpdump,然后从设备中欺骗了陷阱。设备会说它生成了一个陷阱,但 tcpdump 从来没有看到陷阱进入。此外,我在 SRX 的 fxp0 端口和交换机上的访问端口之间放置了一个网络分路器。在欺骗陷阱时,我看到没有从 fxp0 端口发出的 snmptraps 正在运行数据包捕获。
令人沮丧的是,我们无法复制这个问题。无论我们做什么,我们都不能让 snmp 在它工作时中断。重新启动设备或服务器的组合不会复制问题。另一个令人沮丧的部分是我们可以轻松修复它。我发现只需发出“restart snmp”命令即可立即纠正问题。一旦我们重新启动它,tcpdump 和 wireshark 就会显示欺骗陷阱。如果我们无法弄清楚这一点,我可能只需要在维护窗口期间每周安排一次 snmp 重新启动作业。
有任何想法吗?
user@SRX1500-A1> show configuration snmp | display set relative
set v3 usm local-engine user SNMPv3Guest authentication-sha authentication-key "$9$IgtcevNdb2oJx7b2aJHiHmLxk."
set v3 usm local-engine user SNMPv3Guest privacy-aes128 privacy-key "$9$MnhXdbaZUH.P4oUHmP3nM8jiH5QFn/AtO/9"
set v3 usm local-engine user SNMPv3Admin authentication-sha authentication-key "$9$R6jSKM-VwgaZ7NwgJZkq39puEhevW8NdgoJHkPX7qm"
set v3 usm local-engine user SNMPv3Admin privacy-aes128 privacy-key "$9$7gV24jHqf1hu0"
set v3 vacm security-to-group security-model usm security-name SNMPv3Admin group ADMIN
set v3 vacm security-to-group security-model usm security-name SNMPv3Guest group GUEST
set v3 vacm access group ADMIN default-context-prefix security-model any security-level privacy read-view ADMIN-VIEW
set v3 vacm access group ADMIN default-context-prefix security-model any security-level privacy write-view ADMIN-VIEW
set v3 vacm access group ADMIN default-context-prefix security-model any security-level privacy notify-view ADMIN-VIEW
set v3 vacm access group ADMIN context-prefix default-context-prefix security-model any security-level privacy read-view ADMIN-VIEW
set v3 vacm access group ADMIN context-prefix default-context-prefix security-model any security-level privacy write-view ADMIN-VIEW
set v3 vacm access group ADMIN context-prefix default-context-prefix security-model any security-level privacy notify-view ADMIN-VIEW
set v3 vacm access group GUEST default-context-prefix security-model any security-level privacy read-view GUEST-VIEW
set v3 vacm access group GUEST context-prefix default-context-prefix security-model any security-level privacy read-view GUEST-VIEW
set v3 target-address SVR-WUG1 address 2001:db8:33:38c6::1:200
set v3 target-address SVR-WUG1 port 162
set v3 target-address SVR-WUG1 tag-list MGMT
set v3 target-address SVR-WUG1 routing-instance mgmt_junos
set v3 target-address SVR-WUG1 target-parameters ADMIN
set v3 target-address SVR-JSPACE1 address 2001:db8:33:38c4::1:240
set v3 target-address SVR-JSPACE1 port 162
set v3 target-address SVR-JSPACE1 tag-list MGMT
set v3 target-address SVR-JSPACE1 routing-instance mgmt_junos
set v3 target-address SVR-JSPACE1 target-parameters ADMIN
set v3 target-address TA_SPACE address 2001:db8:33:38c4:0:0:1:241
set v3 target-address TA_SPACE tag-list TAG_SPACE
set v3 target-address TA_SPACE target-parameters TP_SPACE
set v3 target-parameters ADMIN parameters message-processing-model v3
set v3 target-parameters ADMIN parameters security-model usm
set v3 target-parameters ADMIN parameters security-level privacy
set v3 target-parameters ADMIN parameters security-name SNMPv3Admin
set v3 target-parameters ADMIN notify-filter ADMIN-TRAPS
set v3 target-parameters GUEST parameters message-processing-model v3
set v3 target-parameters GUEST parameters security-model usm
set v3 target-parameters GUEST parameters security-level privacy
set v3 target-parameters GUEST parameters security-name SNMPv3Guest
set v3 target-parameters TP_SPACE parameters message-processing-model v3
set v3 target-parameters TP_SPACE parameters security-model usm
set v3 target-parameters TP_SPACE parameters security-level privacy
set v3 target-parameters TP_SPACE parameters security-name SNMPv3Admin
set v3 target-parameters TP_SPACE notify-filter SPACE_TRAP_FILTER
set v3 notify ADMIN type trap
set v3 notify ADMIN tag MGMT
set v3 notify GUEST type trap
set v3 notify GUEST tag MGMT
set v3 notify SPACE_TRAPS type trap
set v3 notify SPACE_TRAPS tag TAG_SPACE
set v3 notify-filter ADMIN-TRAPS oid .1 include
set v3 notify-filter SPACE_TRAP_FILTER oid .1 include
set engine-id use-mac-address
set view GUEST-VIEW oid .1 include
set view ADMIN-VIEW oid .1 include
set client-list SNMP_CLIENTS 2001:db8:33:38c4::1:240/128
set client-list SNMP_CLIENTS 2001:db8:33:38c4::1:241/128
set client-list SNMP_CLIENTS 2001:db8:33:38c6::1:200/128
set trap-options routing-instance mgmt_junos source-address 2001:db8:44:3611::4:200