Description
SNMP communication is failing between network device and appliance. The following symptoms are experienced:
- When the Credential Validation button in the Model Configuration under the Credentials tab is clicked, a message displays stating SNMP communication failed.
- 'SNMP Failure' events are generated with message: 'SNMP failed for device <device name> with message <ip address> Timed out'.
- snmpwalk results display: "snmpwalk: Timeout"
Scope
FortiNAC.
Solution
Before any troubleshooting first check if SNMP agent is active on target device. For example on FortiGate should look like this:
SNMP timeouts typically occur when there is no response to an SNMP request.
1. Verify switch successfully responds to ICMP (PING) requests.
2. Confirm the appliance is not receiving SNMP responses from the switch using tcpdump.
a. Open two windows for the Control Server CLI.
b. In first window, start a tcpdump by running the following command (specifying the IP address of the switch):
tcpdump -nni eth0 host <ip address> and port 161
c. In the second window, run the snmpwalk.
SNMP v1:snmpwalk -v1 -c <R/W Community String> <ip address> systemSNMP v2:snmpwalk -v2c -c <R/W Community String> <ip address> systemSNMP v3:snmpwalk -v3 -u <username> -l <authpriv/authnopriv> -a <MD5/SHA> -A <password> -x <DES/AES> -X <password> <ipAddressOfDevice> systemExample:
snmpwalk -v1 -c public 192.168.1.2 system
d. Once the snmpwalk completes and the error message is returned, type CTRL-C to stop the tcpdump.
If the tcpdump does not show any packets returned from the switch, verify the SNMP traffic from the appliance is reaching the switch (either by a packet trace on the switch side or logging on the switch itself).
- If the SNMP traffic is not reaching the switch, troubleshoot the network path.
- If the SNMP traffic is reaching the switch, but the switch is not responding, troubleshoot the switch itself. Consult switch vendor for assistance.
