is there a way to hide Juniper router interfaces from SNMP tree

Question

I have a virtualized router running JUNOS 14.1R1.10 (Juniper).

I enabled SNMP on it but I want it to 'hide' some of its interfaces: means that upon snmp-walk on the interfaces list it will not reply with value on certain interface(s).

example: while walking the below specific entry, instead of getting 2 interfaces I want to 'hide' the 1st one and get response on the 2nd one alone.

instead of: root@docker2s:~# snmpbulkwalk -v 3 -u sedona 10.22.175.84 .1.3.6.1.2.1.31.1.1.1.5 iso.3.6.1.2.1.31.1.1.1.5.38 = Counter32: 0 iso.3.6.1.2.1.31.1.1.1.5.39 = Counter32: 0 root@docker2s:~#

I wish to get: root@docker2s:~# snmpbulkwalk -v 3 -u sedona 10.22.175.84 .1.3.6.1.2.1.31.1.1.1.5 iso.3.6.1.2.1.31.1.1.1.5.39 = Counter32: 0 root@docker2s:~#

is there a way to configure JUNOS to act like that?

Answer 1

Junos OS enables you to filter out information related to specific interfaces from the output of SNMP Get and GetNext requests performed on interface-related MIBs such as IF MIB, ATM MIB, RMON MIB, and the Juniper Networks enterprise-specific IF MIB.

You can use the following options of the filter-interfaces statement at the [edit snmp] hierarchy level to specify the interfaces that you want to exclude from SNMP Get and GetNext queries:

interfaces — Interfaces that match the specified regular expressions.

all-internal-interfaces — Internal interfaces.

snmp { filter-interfaces { interfaces { interface-name 1; interface-name 2; } all-internal-interfaces; } }

Please refer: https://www.juniper.net/techpubs/en_US/junos15.1/topics/task/configuration/snmp-filter-interfaces-configuring-junos-nm.html

junos-snmp

Answer 2

You need to use a SNMP MIB view in JUNOS: MIB View

Here is an example:

lab@mx80-3-re0> show configuration snmp
view view1 {
    oid .1.3.6.1.2.1.31.1.1.1.5.39 include;
    oid .1.3.6.1.2.1.31.1.1.1.5.22 include;
}
community public;
community restricted {
    view view1;
}

lab@mx80-3-re0>

Using the configuration above, if you execute a SNMP walk using the community public, you'll get all interfaces. If you use restricted then you will get only those OIDs configured in view1.

Example:

Retrieving all interfaces:

snmpwalk -On -v1 -c public 172.27.18.27 .1.3.6.1.2.1.31.1.1.1.5
.1.3.6.1.2.1.31.1.1.1.5.1 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.5.4 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.5.5 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.5.6 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.5.7 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.5.8 = Counter32: 0

<... omitted for brevity ...>

Retrieving the interfaces configured in the restricted view:

snmpwalk -On -v1 -c restricted 172.27.18.27
.1.3.6.1.2.1.31.1.1.1.5.22 = Counter32: 0
End of MIB