Have three EX4200's in a stack.
Until recently they were not properly monitored. We have a couple of NMS
machines for various monitoring functions.
Updated SNMP config:
client-list list0 {
10.2.100.55/32;
10.11.33.67/32;
10.11.41.50/32;
}
community xxxx {
authorization read-only;
client-list-name list0;
}
10.2.100.55 is an old server and will be retired soon. the two servers on
the 10.11.x.x network are NMS machines.
The only thing is neither of these machines can pull an SNMP query.
Log from the EX4200 stack:
Apr 14 15:30:04 prrt-sl1-lan-main snmpd[1233]:
SNMPD_AUTH_RESTRICTED_ADDRESS: nsa_initial_callback: request from address
10.11.33.67 not allowed Apr 14 15:30:06 prrt-sl1-lan-main last message
repeated 3 times
As you can see the switch says that IP is not allowed, when it is in fact in
the client list as allowed.
This goes for the IP 10.11.41.50, while it is in the allowed list, it also
cannot pull any SNMP queries.
But the original IP: 10.2.100.55 CAN do SNMP queries. Snmpwalk, get etc no
issues. But the two IP's that were added to the client list cannot pull an
SNMP query.
Stack is running: 15.1R5.5
One thing that has happened is this message comes up on login:
** WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE **
** **
** It is possible that the primary copy of JUNOS failed to boot up **
** properly, and so this device has booted from the backup copy. **
** **
** Please re-install JUNOS to recover the primary copy in case **
** it has been corrupted and if auto-snapshot feature is not **
** enabled.
So while we have done commit, commit synchronize it seems like somehow even
though the commit has been done, the IP's are in the client allowed list,
the stack does not recognize the IP's as being allowed.
Right now FPC2 is the master, FPC0 is backup and FPC1 is linecard.
We can ping the IP on the switch, 10.11.255.230 from both NMS IP's in the
allowed list but only the one IP 10.2.100.55 can do SNMP queries.
I am wondering what is causing this and how to fix it? We thought about
pulling the snmp config for allowed hosts and allow all but that might break
10.2.100.55 from being able to do SNMP.
Any clues?
Thank you.
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Until recently they were not properly monitored. We have a couple of NMS
machines for various monitoring functions.
Updated SNMP config:
client-list list0 {
10.2.100.55/32;
10.11.33.67/32;
10.11.41.50/32;
}
community xxxx {
authorization read-only;
client-list-name list0;
}
10.2.100.55 is an old server and will be retired soon. the two servers on
the 10.11.x.x network are NMS machines.
The only thing is neither of these machines can pull an SNMP query.
Log from the EX4200 stack:
Apr 14 15:30:04 prrt-sl1-lan-main snmpd[1233]:
SNMPD_AUTH_RESTRICTED_ADDRESS: nsa_initial_callback: request from address
10.11.33.67 not allowed Apr 14 15:30:06 prrt-sl1-lan-main last message
repeated 3 times
As you can see the switch says that IP is not allowed, when it is in fact in
the client list as allowed.
This goes for the IP 10.11.41.50, while it is in the allowed list, it also
cannot pull any SNMP queries.
But the original IP: 10.2.100.55 CAN do SNMP queries. Snmpwalk, get etc no
issues. But the two IP's that were added to the client list cannot pull an
SNMP query.
Stack is running: 15.1R5.5
One thing that has happened is this message comes up on login:
** WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE **
** **
** It is possible that the primary copy of JUNOS failed to boot up **
** properly, and so this device has booted from the backup copy. **
** **
** Please re-install JUNOS to recover the primary copy in case **
** it has been corrupted and if auto-snapshot feature is not **
** enabled.
So while we have done commit, commit synchronize it seems like somehow even
though the commit has been done, the IP's are in the client allowed list,
the stack does not recognize the IP's as being allowed.
Right now FPC2 is the master, FPC0 is backup and FPC1 is linecard.
We can ping the IP on the switch, 10.11.255.230 from both NMS IP's in the
allowed list but only the one IP 10.2.100.55 can do SNMP queries.
I am wondering what is causing this and how to fix it? We thought about
pulling the snmp config for allowed hosts and allow all but that might break
10.2.100.55 from being able to do SNMP.
Any clues?
Thank you.
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp