Customer Service
Customer Service Information and Announcements
syordanov
Staff
Staff
Article Id 326675
Description This article describes how to enable SNMP index extension in RFC tables.
Scope Starting from FortiOS 7.2.8 and FortiOS 7.4.4.
Solution

FortiOS allows clients to enable or disable the index extension, which appends VDOM or interface index in RFC tables.

This new feature is introduced in 7.4.4 GA and 7.2.8 GA release.

 

CLI syntax:

 

config system snmp sysinfo

    set append-index {enable | disable}

end

 

  • When enabled, append the VDOM or interface index as INDEX extension in some RFC tables.
  • When is disabled, FortiOS does not append the VDOM or interface index as index extension in any RFC tables.

For single-vdom configuration, the behavior is the same as before upgrading to 7.2.8 and 7.4.4

For multi-vdom configuration, the duplicated IP addresses in different VDOMs will only be present once.

 

If FortiGate is upgraded from any release earlier than 7.2 (also 6.x or 7.0.x), the default value 'disabled' is used.

If FortiGate is upgraded from 7.2.x to 7.2.8 or 7.4.4, this option is 'enabled'.

 

Examples:

 

Below is an example of a 'set append-index enable' FortiGate with 2 VDOMs: root and vdom1. On both VDOMs, there are 2 interfaces with the same IP address:

 

  edit "port15"
           set vdom "root" <-
           set ip 192.168.77.1 255.255.255.0 <-
           set type physical
           set snmp-index 21
  next
  edit "port16"
         set vdom "vdom1" <-
         set ip 192.168.77.1 255.255.255.0 <-
         set type physical
         set snmp-index 22

  next

 

snmpwalk -v 2c -c fortinet 10.5.20.135 iso.3.6.1.2.1.4.20.1.1
iso.3.6.1.2.1.4.20.1.1.192.168.77.1.1 = IpAddress: 192.168.77.1
iso.3.6.1.2.1.4.20.1.1.192.168.77.1.2 = IpAddress: 192.168.77.1
iso.3.6.1.2.1.4.20.1.3.192.168.77.1.1 = IpAddress: 255.255.255.0
iso.3.6.1.2.1.4.20.1.3.192.168.77.1.2 = IpAddress: 255.255.255.0

 

On the end of the OID, the index for the VDOM will be added. This value can be adjusted as well:

 

config system vdom-property
    edit "root"
            set description "property limits for vdom root"
            set snmp-index 1
     next
     edit "vdom1"
             set description "property limits for vdom vdom1"
             set snmp-index 2
      next
end

 

SNMP indexes can be changed. For example:

 

config system vdom-property
     edit "root"
           set description "property limits for vdom root"
           set snmp-index 42
     next
      edit "vdom1"
         set description "property limits for vdom vdom1"
         set snmp-index 82
     next

     end

 

In this case, the output from snmpwalk would change to:

 

snmpwalk -v 2c -c fortinet 10.5.20.135 iso.3.6.1.2.1.4.20.1.1
iso.3.6.1.2.1.4.20.1.1.192.168.77.1.42 = IpAddress: 192.168.77.1
iso.3.6.1.2.1.4.20.1.1.192.168.77.1.82 = IpAddress: 192.168.77.1
iso.3.6.1.2.1.4.20.1.1.192.168.77.1.42 = IpAddress: 192.168.77.1
iso.3.6.1.2.1.4.20.1.1.192.168.77.1.82 = IpAddress: 192.168.77.1

 

If the option 'set append-index' is set to 'disable' and only one IP is present from the duplicated IP address, the SNMP index will not be present anymore:

 

snmpwalk -v 2c -c fortinet 10.5.20.135 iso.3.6.1.2.1.4.20.1
iso.3.6.1.2.1.4.20.1.1.192.168.77.1 = IpAddress: 192.168.77.1
iso.3.6.1.2.1.4.20.1.3.192.168.77.1 = IpAddress: 255.255.255.0