Fortinet Community

This article describes how to troubleshoot the behavior where link state SNMP traps are not received by FortiNAC when a host connects to a managed FortiSwitch.

Symptoms:

- Host record does not appear online after connection.

- Link State trap events are not listed in FortiNAC.

- tcpdump from appliance CLI indicates traps are not received.

- Online status is updated after L2 poll of the FortiSwitch.

1) Verify the FortiSwitch is sending traps via the FortiSwitch CLI:

# diag sniffer packet any “udp and port 162"

The output should show the FortiSwitch sending traps to the FortiNAC IP address:

9.298683 <FortiSwitch IP address>.162 -> <FortiNAC IP address>.162: udp 184

2) If the FortiSwitch is sending traps, verify if the FortiNAC received the traps using tcpdump from the FortiNAC CLI.

FortiLink Mode:

tcpdump -nni any port 162 and host <FortiGate IP address>

Standalone:

tcpdump -nni any port 162 and host <FortiSwitch management IP address>

Example output from the FortiSwitch in FortiLink mode:

- Source IP is the FortiGate (10.12.240.2).
- Switch serial number (XXXXXXXXXXXXXX).
- Switch internal IP address (169.254.2.2).
- Port number (port5).
- Link state (linkup).

13:02:16.847645 IP 10.12.240.2.673 > 10.12.240.7.162: C="fortinet" Trap(167) .1.3.6.1.4.1.12356.106 169.254.2.2 linkUp 502198510 .1.3.6.1.2.1.2.2.1.2.5="port5" .1.3.6.1.2.1.2.2.1.1.5=5 .1.3.6.1.2.1.2.2.1.7.5=1 .1.3.6.1.2.1.2.2.1.8.5=1 .1.3.6.1.4.1.12356.106.1.1.1.0="XXXXXXXXXXXXXX" .1.3.6.1.2.1.1.5.0="XXXXXXXXXXXXXX"

3) If FortiNAC is not receiving the traps, verify the policy configuration in the FortiGate. In the FortiGate GUI, navigate to Policy & Objects -> IPv4 Policy.

4) If the FortiNAC is receiving the traps, verify the system is processing them using the debug tools in FortiNAC CLI for SNMP activity:

nacdebug –name SnmpV1 true

Example output:
- Source IP is the FortiGate (10.12.240.2).
- Switch serial number (XXXXXXXXXXXXXX).
- Switch internal IP address (169.254.2.2).
- Port number (5).
- Link state (linkup = 0.3).

org.snmp4j.transport.DefaultUdpTransportMapping FINE :: 2019-09-30 13:02:16:847 :: Received message from /10.12.240.2/673 with length 186:

<...>

pdu=V1TRAP[reqestID=0,timestamp=58 days, 2:59:45.10,enterprise=1.3.6.1.4.1.12356.106,genericTrap=3,specificTrap=0, VBS[1.3.6.1.2.1.2.2.1.2.5 = port5; 1.3.6.1.2.1.2.2.1.1.5 = 5; 1.3.6.1.2.1.2.2.1.7.5 = 1; 1.3.6.1.2.1.2.2.1.8.5 = 1; 1.3.6.1.4.1.12356.106.1.1.1.0 = XXXXXXXXXXXXXX; 1.3.6.1.2.1.1.5.0 = XXXXXXXXXXXXXX ]], messageProcessingModel=0, securityName=fortinet, processed=false, peerAddress=10.12.240.2/673, transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping@54f74762, tmStateReference=null]
yams.SnmpV1 FINER :: 2019-09-30 13:02:16:848 :: receiveTrap() ip = 169.254.2.2 version = 1 securityName = fortinet
YamsEvent:
Landscape = -1 FF:FF:FF:FF:FF:FF
ID = -1
State = Active
Name = 0.3
element type = Unknown
element ID = -1
element name = null
Date = 09/30/2019 13:02:16.848
Message = null
Number of Mib Elements = 9
NameValue:
Name = Trap Def
Value = 0.3
NameValue:
<...>
NameValue:
Name = AgentID
Value = 169.254.2.2

yams.SnmpV1 FINER :: 2019-09-30 13:02:16:848 :: receiveTrap() name = 0.3 ip = 169.254.2.2 dbid = 519 possibleEventTypes = 0.3

5) Once the trap is processed, the FortiNAC executes an L2 poll in order to read the address table and update the database:

yams.BridgeManager INFO :: 2019-09-30 13:02:27:689 ::
********** sup-fgt-hw 10.12.240.2 PollThread-poll0 172 **********
readForwardingDatabase 0.833 Seconds
old client count = 0

lost client count = 0

new client count = 0
Done update Clients 0.836 Seconds

Link Up interface count = 1
-3235441

Add Back to Queue = true
Link Up Retry Count = 1
Queue Size = 1
********************************************

6) If SNMP packets are processing and L2 poll initiates but fails, see related article:

Troubleshooting Poll Failures