Fortinet black logo

FortiWiFi and FortiAP Cookbook

Direct SNMP monitor

6.4.0
Copy Link
Copy Doc ID daf31b55-67cc-11ea-9384-00505692583a:903529
Download PDF

Direct SNMP monitor

You can enable SNMP directly on FortiAP by implementing a SNMPD daemon/subagent on the FortiAP side.

To configure SNMP operation settings per VDOM:
config wireless-controller snmp
    set engine-id "fap-fortinet"
    set contact-info "user@example.com"
    set trap-high-cpu-threshold 80
    set trap-high-mem-threshold 80
    config community
        edit 1
            set name "fap-comm-1"
            set status enable
            set query-v1-status enable
            set query-v2c-status enable
            set trap-v1-status enable
            set trap-v2c-status enable
            config hosts
                edit 1
                    set ip 192.168.1.168 255.255.255.0
                next
            end
        next
    end
    config user
        edit "fap"
            set status enable
            set queries enable
            set trap-status enable
            set security-level no-auth-no-priv
            set notify-hosts 192.168.1.168
        next
    end
end
To allow SNMP access in FortiAP profiles or per FortiAP device:
config wireless-controller wtp-profile
    edit FAP423E-default
        append allowaccess snmp
    next
end
To disallow SNMP access in FortiAP profiles or per FortiAP device:
config wireless-controller wtp-profile
    edit FAP423E-default
        unselect allowaccess snmp
    next
end

FortiAP SNMP implementation

FortiAP-S and FortiAP-W2 6.2 and later support SNMP query and trap messages according to the wireless controller SNMP settings pushed from the FortiGate device.

The example below shows an Ubuntu-OS querying a FortiAP 222E unit with the snmpwalk command. The SNMP agent software has the FORTINET-FORTIAP-MIB already imported.

tester@ControlPC:~$ snmpwalk -v 2c -c QAMikeAn 172.18.56.32 .1.3.6.1.4.1.12356.120.1
FORTINET-FORTIAP-MIB::fapVersion.0 = STRING: FP222E-v6.2-build0231
FORTINET-FORTIAP-MIB::fapSerialNum.0 = STRING: FP222E3X17000073
FORTINET-FORTIAP-MIB::fapHostName.0 = STRING: FortiAP-222E
FORTINET-FORTIAP-MIB::fapRegionCode.0 = STRING: A
FORTINET-FORTIAP-MIB::fapBaseMacAddr.0 = STRING: 70:4c:a5:5d:ea:d0
FORTINET-FORTIAP-MIB::fapBiosVer.0 = STRING: 04000002
FORTINET-FORTIAP-MIB::fapBiosDataVer.0 = INTEGER: 3
FORTINET-FORTIAP-MIB::fapSysPartNum.0 = STRING: 20844-04

Five kinds of trap messages can be sent by the FortiAP-S and FortiAP-W2 devices:

  • fapDevUp: Indicates that the specified AP device is up.
  • CpuOverloadfap: Indicates that the CPU usage of the specified AP has exceeded the configured threshold.
  • MemOverload: Indicates that the memory usage of the specified AP has exceeded the configured threshold.
  • fapDevDown: Indicates that the specified AP device is down.
  • fapfapAcConnected: Indicates that the specified AP device has connected to the specified AC.

The following screenshot shows an SNMP trap receiver (SnmpB) that has received one fapDevUp trap message from a FortiAP unit (serial number: FP222E3X17000000).

Direct SNMP monitor

You can enable SNMP directly on FortiAP by implementing a SNMPD daemon/subagent on the FortiAP side.

To configure SNMP operation settings per VDOM:
config wireless-controller snmp
    set engine-id "fap-fortinet"
    set contact-info "user@example.com"
    set trap-high-cpu-threshold 80
    set trap-high-mem-threshold 80
    config community
        edit 1
            set name "fap-comm-1"
            set status enable
            set query-v1-status enable
            set query-v2c-status enable
            set trap-v1-status enable
            set trap-v2c-status enable
            config hosts
                edit 1
                    set ip 192.168.1.168 255.255.255.0
                next
            end
        next
    end
    config user
        edit "fap"
            set status enable
            set queries enable
            set trap-status enable
            set security-level no-auth-no-priv
            set notify-hosts 192.168.1.168
        next
    end
end
To allow SNMP access in FortiAP profiles or per FortiAP device:
config wireless-controller wtp-profile
    edit FAP423E-default
        append allowaccess snmp
    next
end
To disallow SNMP access in FortiAP profiles or per FortiAP device:
config wireless-controller wtp-profile
    edit FAP423E-default
        unselect allowaccess snmp
    next
end

FortiAP SNMP implementation

FortiAP-S and FortiAP-W2 6.2 and later support SNMP query and trap messages according to the wireless controller SNMP settings pushed from the FortiGate device.

The example below shows an Ubuntu-OS querying a FortiAP 222E unit with the snmpwalk command. The SNMP agent software has the FORTINET-FORTIAP-MIB already imported.

tester@ControlPC:~$ snmpwalk -v 2c -c QAMikeAn 172.18.56.32 .1.3.6.1.4.1.12356.120.1
FORTINET-FORTIAP-MIB::fapVersion.0 = STRING: FP222E-v6.2-build0231
FORTINET-FORTIAP-MIB::fapSerialNum.0 = STRING: FP222E3X17000073
FORTINET-FORTIAP-MIB::fapHostName.0 = STRING: FortiAP-222E
FORTINET-FORTIAP-MIB::fapRegionCode.0 = STRING: A
FORTINET-FORTIAP-MIB::fapBaseMacAddr.0 = STRING: 70:4c:a5:5d:ea:d0
FORTINET-FORTIAP-MIB::fapBiosVer.0 = STRING: 04000002
FORTINET-FORTIAP-MIB::fapBiosDataVer.0 = INTEGER: 3
FORTINET-FORTIAP-MIB::fapSysPartNum.0 = STRING: 20844-04

Five kinds of trap messages can be sent by the FortiAP-S and FortiAP-W2 devices:

  • fapDevUp: Indicates that the specified AP device is up.
  • CpuOverloadfap: Indicates that the CPU usage of the specified AP has exceeded the configured threshold.
  • MemOverload: Indicates that the memory usage of the specified AP has exceeded the configured threshold.
  • fapDevDown: Indicates that the specified AP device is down.
  • fapfapAcConnected: Indicates that the specified AP device has connected to the specified AC.

The following screenshot shows an SNMP trap receiver (SnmpB) that has received one fapDevUp trap message from a FortiAP unit (serial number: FP222E3X17000000).