Description
This article describes the differences between SNMP and CLI Methods for L2/L3 Polling in Cisco Devices.
Scope
FortiNAC.
Solution
FortiNAC collects host information by reading and parsing the information of the MAC address and the ARP table of the network device. When modeling Cisco devices, there are two methods available for polling: SNMP and CLI. There are advantages and disadvantages to each method. Reading this information through CLI (option not enabled) is usually quicker and more stable:
CLI (default method):
Advantage: IP Address information is more accurate using this method. ARP entries are timestamped which allows FortiNAC to determine which IP address is the most recent if duplicate entries exist.
Disadvantage: Full read/write access is required.
SNMP:
Advantage: Full read/write privileges are not required to collect L2 and L3 information. Read-only privileges are sufficient.
Disadvantage: Duplicate ARP entries cannot be differentiated by time (SNMP MIB does not provide an age for the entries). This inability to differentiate duplicate entries by time can lead to FortiNAC having inaccurate IP information.
To enable SNMP for L2/L3 Polling:
Navigate to Network Devices -> Topology.
Select the L3 Cisco device in the left panel and select the Element tab.
Select the Advanced checkbox.
Select the Use SNMP to read L2/L3 data from the device check box.
Select Save.
Advantage: Full read/write privileges are not required to collect L2 and L3 information. Read-only privileges are sufficient.
Disadvantage: Duplicate ARP entries cannot be differentiated by time (SNMP MIB does not provide an age for the entries). This inability to differentiate duplicate entries by time can lead to FortiNAC having inaccurate IP information.
To enable SNMP for L2/L3 Polling:
Navigate to Network Devices -> Topology.
Select the L3 Cisco device in the left panel and select the Element tab.
Select the Advanced checkbox.
Select the Use SNMP to read L2/L3 data from the device check box.
Select Save.
