NeophyteFurther clarification---and BTW Im not faulting LM for the seeming interoperability. I cant say where the break is occurring yet.rnIve documented this behavior with both EX 2200 and EX 3300 families and at JUNOS 11.4R5.x and 12.3R3 and higher.
NeophyteCan anyone share how they have solved the problem of maintaining SNMP v3 auth/Priv connectivity between LM collectors and a virtual chassis after there is a change in the RE mastership?
Juniper offers 3 methods to set the local engine id:
1)enter no config, and automatically the default ip address of the RE at the time of configuration is used --> communication will fail as soon as this RE is no longer the master RE
2)set a value for the local engine id: this produces some interoperability issue between LM and the virtual chassis --> no snmp-discoverable datasources ever get discovered even though the switch logs no indication of SNMP credential failure
3)use the MAC of the management ethernet port: well, this one will change too as soon as there is a change in RE mastership.
I have an open case with Juniper support but I am sort of getting the run-around from them and there brand -new documentation support site is the equivalent of a Byzantine Labyrinth.
Any ideas, feedback or comments are appreciated.
Thanks.
NeophyteResolution reached: finally walked away in frustration from attempting to use SNMPV3 and Juniper EX Virtual Chassis.
After extensive work with Juniper support, I discovered that even Advanced JTAC does not know how to make this work. While it is possible that LM SNMP operation might contribute to an interoperability issue, I am not interested in a line-by-line validation of adherence to RFCs. Regardless, I have serious doubts about Juniper's ability to preserve SNMPV3 communication across Virtual-Chassis Routing Engine mastership changes.
SNMPV3 works very well with stand-alone devices...but I do not recommend it for use in Virtual Chassis.
