Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS Network Management and Monitoring Guide Network Monitoring by using SNMP

Network Management and Monitoring Guide

keyboard_arrow_up
close
keyboard_arrow_left
Network Management and Monitoring Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

SNMPv3 Informs

date_range 28-Nov-23
arrow_backward
arrow_forward

Junos OS supports two types of notifications: traps and informs.

With traps, the receiver does not send any acknowledgment when it receives a trap. Therefore, the sender cannot determine if the trap was received. A trap may be lost because a problem occurred during transmission. To increase reliability, an inform is similar to a trap except that the inform is stored and retransmitted at regular intervals until one of these conditions occurs:

  • The receiver (target) of the inform returns an acknowledgment to the SNMP agent.

  • A specified number of unsuccessful retransmissions have been attempted and the agent discards the inform message.

If the sender never receives a response, the inform can be sent again. Thus, informs are more likely to reach their intended destination than traps are. Informs use the same communications channel as traps (same socket and port) but have different protocol data unit (PDU) types.

Informs are more reliable than traps, but they consume more network, router, and switch resources. Unlike a trap, an inform is held in memory until a response is received or the timeout is reached. Also, traps are sent only once, whereas an inform may be retried several times. Use informs when it is important that the SNMP manager receive all notifications. However, if you are more concerned about network traffic, or router and switch memory, use traps.

Figure 1: Inform Request and ResponseInform Request and Response

Example: Configure the Inform Notification Type and Target Address

In the following example, target 172.17.20.184 is configured to respond to informs. The inform timeout is 30 seconds and the maximum retransmit count is 3. The inform is sent to all targets in the tl1 list. The security model for the remote user is usm and the remote engine username is u10.

content_copy zoom_out_map
[edit snmp v3]
notify n1 {
    type inform;
    tag tl1;
}
notify-filter nf1 {
    oid .1.3 include;
}
target-address ta1 {
    address 172.17.20.184;
    retry-count 3;
    tag-list tl1;
    address-mask 255.255.255.0;
    target-parameters tp1;
    timeout 30;
}
target-parameters tp1 {
    parameters {
        message-processing-model v3;
        security-model usm;
        security-level privacy;
        security-name u10;
    }
    notify-filter nf1;
}

Example: Configure the Remote Engine ID and Remote User

This example shows how to configure a remote engine and remote user so you can receive and respond to SNMP inform notifications. Inform notifications can be authenticated and encrypted. They are also more reliable than traps, another type of notification that Junos OS supports. Unlike traps, inform notifications are stored and retransmitted at regular intervals until one of these conditions occurs:

  • The target of the inform notification returns an acknowledgment to the SNMP agent.

  • A specified number of unsuccessful retransmissions have been attempted.

Requirements

This feature requires the use of plain-text passwords valid for SNMPv3. SNMPv3 has the following requirements when you create plain-text passwords on a router or a switch:

  • The password must be at least eight characters long.

  • The password can include alphabetic, numeric, and special characters, but it cannot include control characters.

It is best to use quotation marks to enclose passwords although it is not necessary. You need quotation marks if the password contains any spaces or in the case of certain special characters or punctuation.

Overview

Inform notifications are supported in SNMPv3 to increase reliability. For example, an SNMP agent receiving an inform notification acknowledges the receipt.

For inform notifications, the remote engine ID identifies the SNMP agent on the remote device where the user resides, and the username identifies the user on a remote SNMP engine who receives the inform notifications.

Consider a scenario in which you have the values in Table 1 to use in configuring the remote engine ID and remote user in this example.

To send inform messages to an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host. When sending an inform message, the agent uses the credentials of the user configured on the remote engine (inform target).

For informs, remote-engine engine-id is the identifier for the SNMP agent on the remote device where the user resides.

For informs, user username is the user on a remote SNMP engine who receives the informs.

Informs generated can be unauthenticated, authenticated, or authenticated_and_encrypted, depending on the security level of the SNMPv3 user configured on the remote engine (the inform receiver). The authentication key is used for generating message authentication code (MAC). The privacy key is used to encrypt the inform PDU part of the message.

Table 1: Values to Use in Example

Name of Variable

Value

username

u10

remote engine ID

800007E5804089071BC6D10A41

authentication type

authentication-md5

authentication password

qol67R%?

encryption type

privacy-des

privacy password

m*72Jl9v

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands and paste them into a text file, remove any line breaks and change any details necessary to match your network configuration, copy and paste these commands into the CLI at the [edit snmp v3] hierarchy level, and then enter commit from configuration mode.

content_copy zoom_out_map
set usm remote-engine 800007E5804089071BC6D10A41 user u10 authentication-md5 authentication-password "qol67R%?"
set usm remote-engine 800007E5804089071BC6D10A41 user u10 privacy-des privacy-password "m*72Jl9v"

Configuring the Remote Engine and Remote User

Step-by-Step Procedure

The following example requires that you navigate to various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

To configure the remote engine ID and remote user:

  1. Configure the remote engine ID, username, and authentication type and password.

    content_copy zoom_out_map
    [edit snmp v3] 
user@host# set usm remote-engine 800007E5804089071BC6D10A41 user u10 authentication-md5 authentication-password "qol67R%?"

  2. Configure the encryption type and privacy password.

    You can configure only one encryption type per SNMPv3 user.

    content_copy zoom_out_map
    [edit snmp v3] 
user@host# set usm remote-engine 800007E5804089071BC6D10A41 user u10 privacy-des privacy-password "m*72Jl9v"

Results

In configuration mode, confirm your configuration by entering the show command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

content_copy zoom_out_map
[edit snmp v3]
user@ host# show
usm {
    remote-engine 800007E5804089071BC6D10A41 {
        user u10 {
            authentication-md5 {
                authentication-key "$9$hagSyKNdbY2acyvLN-2g69CtpBRhSvMX/CLx-V4oZUjkqfQz69CuF36Apu1Idbw2ZUiHm3/C.mF/CA1IVws4oGkqf6CtzF";## SECRET-DATA
            }
            privacy-des {
                privacy-key "$9$GJDmf3nCtO1zFnCu0hcrevM87bs2oaUbwqmP5F3Ap0O1hrevMLxcSYgoaUDqmf5n/Ap0REyk.BIREyr4aJZUHfTz9tu5T";## SECRET-DATA
            }
        }
    }
}

After you have confirmed that the configuration is correct, enter commit from configuration mode.

Verification

Verifying the Configuration of the Remote Engine ID and Username

Purpose

Verify the status of the engine ID and user information.

Action

Display information about the SNMPv3 engine ID and user.

content_copy zoom_out_map
user@host> show snmp v3
Local engine ID: 80 00 0a 4c 01 0a ff 03 e3          
Engine boots:           3
Engine time:       769187 seconds
Max msg size:       65507 bytes

Engine ID: 80 00 07 e5 80 40 89 07 1b c6 d1 0a 41 
    User                            Auth/Priv   Storage      Status
    u10                              md5/des    nonvolatile  active
Meaning

The output displays the following information:

  • Local engine ID and detail about the engine

  • Remote engine ID (labeled Engine ID)

  • Username

  • Authentication type and encryption (privacy) type that is configured for the user

  • Type of storage for the username, either nonvolatile (configuration saved) or volatile (not saved)

  • Status of the new user; only users with an active status can use SNMPv3

See Also

arrow_backward PREVIOUS SNMPv3 Traps
NEXT arrow_forward SNMP Communities
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top