FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
ebilcari
Staff
Staff
Article Id 350961
Description

 

This article describes the SNMP configuration compatibility with a HP switch (rebranded from ProCurve).

 

Scope

 

FortiNAC and old switches.

 

Solution

 

SNMPv3 is used in environments that require a secure network communication. The configuration is more complex compared to SNMPv2 since it offers options to configure an username for authentication and a password for privacy. Since there are different protocols to chose from, sometimes there are compatibility issues between these devices and FortiNAC.

 

snmpv3.png

If the SNMP validation fails, the following debug command can be enabled to get more information:

 

diag debug plugin enable SnmpV1

 

The output can be checked in output master logs:

 

yams.SnmpV1 FINER :: 2024-01-01 10:10:20:300 :: #123 :: getVersionFromDevice(10.10.1.5) returning 3
yams.SnmpV1 FINER :: 2024-01-01 10:10:20:300 :: #123 :: version : 3
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4j:get - start : element - HP-2530-48G
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4jV3:createSession - start : HP-2530-48G id : 55
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4jV3:getUsmUser - start : HP-2530-48G
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4jV3:getTarget - start
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4jV3:createPDU - start
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: responsePDU = REPORT[{contextEngineID=00:00:00:0b:00:00:ec:02:73:34:43:b2, contextName=}, requestID=2356481247, errorStatus=0, errorIndex=0, VBS[1.3.6.1.6.3.15.1.1.3.0 = 51283]]
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: error = 0 errorIndex = 0
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: Error: SNMP REPORT PDU. Unknown user name. Current counter value is 73583.
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: Snmp4jV3 removing cached UserTarget for element : HP-2530-48G
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: clearing cached engine IDs for target address : 10.10.1.5/161
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: engine ID : 00:00:00:0b:00:00:ec:02:73:34:43:b2
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: Snmp4jV3:getUsmUser - start : HP-2530-48G

 

Since the firmware/hardware on this switches may be old, complex protocols may not be compatible. It is suggested to use simple protocols like MD5 for Authentication and DES for privacy in case when other combinations don't work: 

 

md5des.PNG

 

Configurations done in the switch:

 

HP2530(config)# snmpv3 user gimi auth md5 ******** priv des ********

HP2530(config)# snmpv3 group managerpriv user gimi sec-model ver3

HP2530(config)# no snmpv3 user initial

HP2530(config)# show snmpv3 user

Status and Counters - SNMP v3 Global Configuration Information

User Name                       Auth. Protocol   Privacy Protocol

-------------------------------- ---------------- ----------------

FortiNAC                          MD5               CBC DES