Have three EX4200's in a stack.
Until recently they were not properly monitored. We have a couple of NMS machines for various monitoring functions. Updated SNMP config: client-list list0 { 10.2.100.55/32; 10.11.33.67/32; 10.11.41.50/32; } community xxxx { authorization read-only; client-list-name list0; } 10.2.100.55 is an old server and will be retired soon. the two servers on the 10.11.x.x network are NMS machines. The only thing is neither of these machines can pull an SNMP query. Log from the EX4200 stack: Apr 14 15:30:04 prrt-sl1-lan-main snmpd[1233]: SNMPD_AUTH_RESTRICTED_ADDRESS: nsa_initial_callback: request from address 10.11.33.67 not allowed Apr 14 15:30:06 prrt-sl1-lan-main last message repeated 3 times As you can see the switch says that IP is not allowed, when it is in fact in the client list as allowed. This goes for the IP 10.11.41.50, while it is in the allowed list, it also cannot pull any SNMP queries. But the original IP: 10.2.100.55 CAN do SNMP queries. Snmpwalk, get etc no issues. But the two IP's that were added to the client list cannot pull an SNMP query. Stack is running: 15.1R5.5 One thing that has happened is this message comes up on login: ** WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE ** ** ** ** It is possible that the primary copy of JUNOS failed to boot up ** ** properly, and so this device has booted from the backup copy. ** ** ** ** Please re-install JUNOS to recover the primary copy in case ** ** it has been corrupted and if auto-snapshot feature is not ** ** enabled. So while we have done commit, commit synchronize it seems like somehow even though the commit has been done, the IP's are in the client allowed list, the stack does not recognize the IP's as being allowed. Right now FPC2 is the master, FPC0 is backup and FPC1 is linecard. We can ping the IP on the switch, 10.11.255.230 from both NMS IP's in the allowed list but only the one IP 10.2.100.55 can do SNMP queries. I am wondering what is causing this and how to fix it? We thought about pulling the snmp config for allowed hosts and allow all but that might break 10.2.100.55 from being able to do SNMP. Any clues? Thank you. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp