Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
motorbass
New Contributor III

Created on ‎04-05-2024 01:39 AM

Can't use SNMPv3 on Meraki AP on FortiNAC

Hi

We're currently trying FortiNAC v7.2.5.0101, everything runs smoothly for most of our devices except for Meraki AP.

 

We follow this guide for configuring/adding the AP https://docs.fortinet.com/document/fortinac-f/7.2.0/network-device-modeling/785561/cisco-meraki-ms-s...

 

Indeed, even though SNMPv3 is enabled on our Meraki oraganization and so AP ( snmpwalk -v3 is ok) FortiNAC always throws an error while trying to add it using S/N as UserName and API Key as Password as you can see below:

fortinac_meraki.png

 

From a firewall perspective we got not deny or any filtering, proof is we can add the same AP using SNMPv2c for instance.

 

From a FortiNAC perspective, there's no such log or information that may helps to troubleshoot this.

 

Any of you guys succeed to use SNMPv3 between FortiNAC and Meraki ?

Thanks a lot for your help & advices

 

FortiNAC  

 

 

 

Labels:
1147
0 Kudos
1 Solution
motorbass
New Contributor III

Created on ‎04-05-2024 07:42 AM

I finally found the solution from here https://support.auvik.com/hc/en-us/articles/204356740-How-to-enable-SNMP-on-Meraki-devices

 

So credentials to use are those from Network-wide, we agree, but in any case, it has to be SHA1 & DES.

It works pretty smooth, happy to have learnt something today ! :)

View solution in original post

959
27 REPLIES 27
motorbass
New Contributor III
In response to ndumaj

Created on ‎04-05-2024 07:14 AM

I'm on FNAC 7.2 so I don't have access to the previous and real linux shell, but only to the "forti" layer shell.

From another server, the snmpwalk -v3 to my Meraki AP is working as mentionned earlier.

343
0 Kudos
ozkanaltas
Contributor III
In response to motorbass

Created on ‎04-05-2024 07:16 AM

Hello @motorbass ,

 

Fortinac can access the switch IP address, right?

 

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
339
0 Kudos
motorbass
New Contributor III
In response to ozkanaltas

Created on ‎04-05-2024 07:18 AM

yes it has, I can also add it through SNMPv2c for instance.

334
0 Kudos
ndumaj
Staff
Staff
In response to motorbass

Created on ‎04-05-2024 07:20 AM

Wait, you can test the snmpwalk -v3 entering on shell:
exec enter-shell

snmpwalk -v3 -l authPriv -u "XXXXX" -a SHA -A "YYYY" -x des -X "YYYY" 10.10.10.10

https://community.fortinet.com/t5/FortiNAC-F/Troubleshooting-tip-Verify-device-support-in-FortiNAC-F...

BR

- Happy to help, hit like and accept the solution -
330
0 Kudos
motorbass
New Contributor III
In response to ndumaj

Created on ‎04-05-2024 07:18 AM

Yes i'm currently having a look from the Meraki perspective, i'm troubleshooting through wireshark and let you know once I found something interesting, thanks again for your help folks !

 

337
0 Kudos
ndumaj
Staff
Staff

Created on ‎04-05-2024 06:30 AM

Additional information:
https://community.fortinet.com/t5/FortiNAC/Technical-Note-Permission-requirements-for-modeled-device...

Also please what is the OID of Meraki?

BR

- Happy to help, hit like and accept the solution -
364
motorbass
New Contributor III
In response to ndumaj

Created on ‎04-05-2024 07:11 AM

Hi, i'm currently reading both of your doc

OID is :

iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.29671.2.22

 

346
0 Kudos
motorbass
New Contributor III

Created on ‎04-05-2024 07:22 AM Edited on ‎04-05-2024 07:25 AM

It seems privKey is not well interpreted (don't know if it's from fnac or Meraki) but both are actually communicating

 

fortinac2.png

EDIT:

Got the same kind of flows and messages no matter if i use S/N + API key OR the AuthKey Privkey

323
0 Kudos
ozkanaltas
Contributor III
In response to motorbass

Created on ‎04-05-2024 07:27 AM

You can review this article about privKey Unknow. 

 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0748756

 

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
310
0 Kudos
ndumaj
Staff
Staff

Created on ‎04-05-2024 07:25 AM

Can you try with another protocol and simple PSK?

BR

- Happy to help, hit like and accept the solution -
313
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.