[j-nsp] SNMP NMS support of Junos VLAN MIBs

Ross Vandegrift ross at kallisti.us
Fri Dec 11 10:11:18 EST 2015


On 12/09/2015 11:31 AM, Chuck Anderson wrote:
> What has been your experience of the Juniper support of those SNMP
> products to correctly report Port/VLAN memberships and VLAN/MAC FDB
> information?

I did this with custom software, but it's been 5+ years.  Details are
fuzzy, but here's what I recall.

> Juniper EX-series (at least EX2200,3200,4200) 12.x and earlier has a
> working Q-BRIDGE-MIB (dot1qVlanStaticEgressPorts) and JUNIPER-VLAN-MIB
> (jnxExVlan).  Because Q-BRIDGE-MIB refers only to internal VLAN
> indexes, you need to use both MIBs to get Port/VLAN mappings including
> the 802.1Q VLAN tag ID (jnxExVlanTag).  This means custom software, or
> an NMS vendor willing to implement the Juniper Enterprise MIBs.

Yea, this sounds familiar.

> All other Juniper Junos platforms only have Q-BRIDGE-MIB, but it is
> broken (doesn't follow RFC 4363 standard PortList definition, instead
> storing port indexes as ASCII-encoded, comma separated values),
> apparently for a very long time.  So again, you need custom software
> or an NMS vendor willing to implement the broken Juniper version of
> Q-BRIDGE-MIB (along with detecting which implementation is needed on
> any particular device).  

I never ran into this, but it's not too surprising - I had unending
problems with poor Q-BRIDGE-MIB.  We used at least Junos, Procurve, and
a few flavors of IOS 12.  Only HP had a Q-BRIDGE-MIB that was correct
enough to use - and if you poked it wrong, the switch would crash.

So I just wonder - is there any off-the-shelf software that depends on
correct, vendor neutral Q-BRIDGE-MIB?  I always needed platform specific
hacks.

> I'm pushing to have Juniper fix this, but their
> concern is that it may break SNMP software that has been assuming the
> broken Q-BRIDGE-MIB implementation for all these years.

This response might be right - unless Q-BRIDGE-MIB implementations are
much more useful than they were five years ago, "fixing" it is just
going to break software from folks that bothered to get it working in
the first place.

On Junos, I got sick of all this and switched to netconf.

Ross


More information about the juniper-nsp mailing list