Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎06-16-2020 02:00 PM Edited on ‎09-27-2024 02:23 AM By Community Manager

Article Id 189853

Technical Tip: Requesting SNMP trap support in FortiNAC

Description

 

This article describes issues where the device is able to be added to Topology, however, the traps sent by the device (MAC Notification traps, Link State traps, etc) are not recognized. This will prevent FortiNAC from dynamically learning endpoints as they connect to the managed switches.
 
Scope

FortiNAC, FortiNAC-F.

Solution
 
A list of currently supported traps and vendors can be found in the SNMP Trap Support reference manual in the Fortinet Document Library.
 
Collect Trap Information.
If the trap is currently unsupported, collect the following:

 

  1. Snmpwalk of system OID from the device:  Snmpwalk can be performed using the snmpwalk tool in the FortiNAC CLI:
  • FortiNAC (CentOS): Depending on SNMP version configured apply the following by replacing <communitystring> <ip_address>  and other arguments with the parameters of the modeled device.
 

snmpwalk -v1 -c <communitystring> <ip_address> system

snmpwalk -v2c -c <communitystring> <ip_address> system

snmpwalk -v3 -u <username> -l <AuthPriv or authNoPriv> -a <MD5 or SHA> -A <password> -x <DES or AES> -X <password> <ip_address> system

 
  • FortiNAC-F (NACOS):
 

diagnose network snmp walk
Usage: diagnose network snmp walk <ip> <oid> [--bulk] [--debug] [--c <context>]
Provides SNMP Walk data for an OID of a given IP
<ip> IP Address of the device
<oid> OID value to manipulate data through snmp4j commands
--c, --context <context> The context value
--debug Turns on detailed debug
--bulk Does a bulk get instead of a getNext

 
  1. Collect a Packet capture of the trap (.pcap format).  To obtain capture using the appliance, type the following in the CLI:
  • FortiNAC (CentOS):

 

logs

tcpdump -i any host <IP_Address> and port 161 or port162 -w Trapfile.pcap

 

Generate the trap by connecting a host or bouncing the switch port. When finished stop the capture by pressing ctrl+c. The 'Trapfile.pcap' will be located in /bsc/logs.

 

Use WinSCP or SCP protocol to collect the file.

 

  • FortiNAC-F (NACOS):

 

execute tcpdump -i any  host <IP_Address> and port 161 or port162 -w Trapfile.pcap

 

Generate the trap by connecting a host or bouncing the switch port. When finished stop the capture by pressing ctrl+c. The 'Trapfile.pcap' will be located /home/admin.

 

To collect the file install a TFTP or SSH server in your local machine and transfer the file:

Technical Tip: Run tcpdump in FortiNAC-F and save capture as a file

 
  1. Provide any additional documentation related to the device vendor ( MIBs, etc ).
 
Open a FortiNAC technical support ticket and include:
  • Current appliance version under Help -> About.
  • snmpwalk output.
  • Packet capture.
  • Additional documented collected.
  • Description of trap (link up/link down, MAC notification trap, etc).
Labels:
2702
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.