Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

Home FortiAP / FortiWiFi 7.2.0 FortiWiFi and FortiAP Configuration Guide

Monitoring FortiAP with SNMP

7.2.0
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.1
7.2.0
7.0.4
7.0.2
7.0.1
7.0.0
6.4.6
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.2
6.2.0
6.0.5
6.0.4
6.0.3
5.6.4
5.4.3
Copy Link
Copy Doc ID 89ea0dba-bc2e-11ec-9fd1-fa163e15d75b:930384
Download PDF

Monitoring FortiAP with SNMP

You can enable SNMP directly on FortiAP by implementing a SNMPD daemon/subagent on the FortiAP side.

To configure SNMP operation settings per VDOM
config wireless-controller snmp
    set engine-id "fap-fortinet"
    set contact-info "user@example.com"
    set trap-high-cpu-threshold 80
    set trap-high-mem-threshold 80
    config community
        edit 1
            set name "fap-comm-1"
            set status enable
            set query-v1-status enable
            set query-v2c-status enable
            set trap-v1-status enable
            set trap-v2c-status enable
            config hosts
                edit 1
                    set ip 192.168.1.168 255.255.255.0
                next
            end
        next
    end
    config user
        edit "fap"
            set status enable
            set queries enable
            set trap-status enable
            set security-level no-auth-no-priv
            set notify-hosts 192.168.1.168
        next
    end
end
To allow SNMP access in FortiAP profiles or per FortiAP device
config wireless-controller wtp-profile
    edit FAP423E-default
        append allowaccess snmp
    next
end
To disallow SNMP access in FortiAP profiles or per FortiAP device
config wireless-controller wtp-profile
    edit FAP423E-default
        unselect allowaccess snmp
    next
end

FortiAP SNMP implementation

Note

Simple Network Management Protocol (SNMP) queries and trap messages based on wireless-controller SNMP settings configured on FortiGate is supported on the following:

  • FortiAP-S and FortiAP-W2 version 6.2.0 and later.
  • FortiAP 6.4.3 and later.
  • FortiAP-U 6.0.4 and later.

All SNMP versions (v1, v2, and v3) are supported.

The local standalone mode does not support FortiAP direct SNMP.

The SNMP manager requires the following management information base (MIB) files:

  • FortiAP MIB
  • Fortinet Core MIB

Downloading the FortiAP MIB and Fortinet Core MIB files

To download the FortiAP SNMP MIB and Fortinet Core MIB files, perform the following steps:

  1. Go to the Fortinet Support website.
  2. Log in to your account. If you do not have an account, create one and then log in.
  3. From the top banner, select Support > Firmware Download.
  4. From Select Product drop-down, select FortiAP-S or FortiAP-W2, as applicable.
  5. Click the Download tab.
  6. Locate the v6.00 folder (or later) and then the 6.2 (or later) folder to match the firmware release running on your FortiAP-S or FortiAP-W2 device.
  7. Navigate through the folders to find and then download the FORTINET-FORTIAP-MIB-buildxxxx.mib file.
  8. From the Select Product drop-down, select FortiGate.
  9. Click the Download tab.
  10. Locate the v6.00 folder (or later) and then 6.2 (or later) folder to match the firmware release running on your FortiGate device.
  11. Navigate through the folders to find and then download the FORTINET-CORE-MIB-buildxxxx.mib file.
  12. Load the MIB files into your SNMP manager.

FortiAP SNMP trap messages

FortiAP-S and FortiAP-W2 can send the following trap messages to an SNMP manager or trap receiver:

Trap message

Description

fapDevUp

The specified FortiAP device is up.

fapCpuOverload

The CPU usage of the specified FortiAP has exceeded the configured threshold.

fapMemOverload

The memory usage of the specified FortiAP has exceeded the configured threshold.

fapDevDown

The specified FortiAP device is down.

fapAcConnected

FortiAP has connected to the specified AP controller (AC).

The following screenshot shows an SNMP trap receiver (SnmpB) that has received one fapDevUp trap message from a FortiAP unit (serial number: FP222E3X17000000).

FortiAP SNMP queries

From your SNMP manager, you can use the SNMP GET and SNMP WALK commands to query FortiAP for status information, variables values, SSID configuration, radio configuration, and so on. You can also use the SNMP SET command to configure local FortiAP variables.

Here is an example of polling FortiAP data using the snmpwalk command from a Linux OS computer: 

$ snmpwalk -v2c -c public 10.0.28.2 .1
SNMPv2-MIB::sysDescr.0 = STRING: FortiAP-S223E
SNMPv2-MIB::sysObjectID.0 = OID: FORTINET-FORTIAP-MIB::fapHostName
DISMAN-EXPRESSION-MIB::sysUpTimeInstance = Timeticks: (27486) 0:04:34.86
SNMPv2-MIB::sysContact.0 = STRING: user@example.com
SNMPv2-MIB::sysName.0 = STRING: FortiAP-S223E
SNMPv2-MIB::sysLocation.0 = STRING: N/A
IF-MIB::ifNumber.0 = INTEGER: 25
...
FORTINET-FORTIAP-MIB::fapVersion.0 = STRING: PS223E-v6.2-build0229
FORTINET-FORTIAP-MIB::fapSerialNum.0 = STRING: PS223E3X170000001
FORTINET-FORTIAP-MIB::fapHostName.0 = STRING: FortiAP-S223E
FORTINET-FORTIAP-MIB::fapRegionCode.0 = STRING: E
FORTINET-FORTIAP-MIB::fapBaseMacAddr.0 = STRING: 70:4c:a5:43:7b:8
FORTINET-FORTIAP-MIB::fapBiosVer.0 = STRING: 04000002
FORTINET-FORTIAP-MIB::fapBiosDataVer.0 = INTEGER: 3
FORTINET-FORTIAP-MIB::fapSysPartNum.0 = STRING: 20155-03
FORTINET-FORTIAP-MIB::fapWtpWanMode.0 = INTEGER: wanOnly(0)
FORTINET-FORTIAP-MIB::fapWtpApAddrMode.0 = INTEGER: dhcp(0)
FORTINET-FORTIAP-MIB::fapWtpApIpAddr.0 = STRING: "192.168.1.2"
FORTINET-FORTIAP-MIB::fapWtpApIpNetmask.0 = STRING: "255.255.255.0"
FORTINET-FORTIAP-MIB::fapWtpApIpGateway.0 = STRING: "192.168.1.1"
FORTINET-FORTIAP-MIB::fapWtpApMode.0 = INTEGER: thinAp(0)
...
Previous
Next

Monitoring FortiAP with SNMP

You can enable SNMP directly on FortiAP by implementing a SNMPD daemon/subagent on the FortiAP side.

To configure SNMP operation settings per VDOM
config wireless-controller snmp
    set engine-id "fap-fortinet"
    set contact-info "user@example.com"
    set trap-high-cpu-threshold 80
    set trap-high-mem-threshold 80
    config community
        edit 1
            set name "fap-comm-1"
            set status enable
            set query-v1-status enable
            set query-v2c-status enable
            set trap-v1-status enable
            set trap-v2c-status enable
            config hosts
                edit 1
                    set ip 192.168.1.168 255.255.255.0
                next
            end
        next
    end
    config user
        edit "fap"
            set status enable
            set queries enable
            set trap-status enable
            set security-level no-auth-no-priv
            set notify-hosts 192.168.1.168
        next
    end
end
To allow SNMP access in FortiAP profiles or per FortiAP device
config wireless-controller wtp-profile
    edit FAP423E-default
        append allowaccess snmp
    next
end
To disallow SNMP access in FortiAP profiles or per FortiAP device
config wireless-controller wtp-profile
    edit FAP423E-default
        unselect allowaccess snmp
    next
end

FortiAP SNMP implementation

Note

Simple Network Management Protocol (SNMP) queries and trap messages based on wireless-controller SNMP settings configured on FortiGate is supported on the following:

  • FortiAP-S and FortiAP-W2 version 6.2.0 and later.
  • FortiAP 6.4.3 and later.
  • FortiAP-U 6.0.4 and later.

All SNMP versions (v1, v2, and v3) are supported.

The local standalone mode does not support FortiAP direct SNMP.

The SNMP manager requires the following management information base (MIB) files:

  • FortiAP MIB
  • Fortinet Core MIB

Downloading the FortiAP MIB and Fortinet Core MIB files

To download the FortiAP SNMP MIB and Fortinet Core MIB files, perform the following steps:

  1. Go to the Fortinet Support website.
  2. Log in to your account. If you do not have an account, create one and then log in.
  3. From the top banner, select Support > Firmware Download.
  4. From Select Product drop-down, select FortiAP-S or FortiAP-W2, as applicable.
  5. Click the Download tab.
  6. Locate the v6.00 folder (or later) and then the 6.2 (or later) folder to match the firmware release running on your FortiAP-S or FortiAP-W2 device.
  7. Navigate through the folders to find and then download the FORTINET-FORTIAP-MIB-buildxxxx.mib file.
  8. From the Select Product drop-down, select FortiGate.
  9. Click the Download tab.
  10. Locate the v6.00 folder (or later) and then 6.2 (or later) folder to match the firmware release running on your FortiGate device.
  11. Navigate through the folders to find and then download the FORTINET-CORE-MIB-buildxxxx.mib file.
  12. Load the MIB files into your SNMP manager.

FortiAP SNMP trap messages

FortiAP-S and FortiAP-W2 can send the following trap messages to an SNMP manager or trap receiver:

Trap message

Description

fapDevUp

The specified FortiAP device is up.

fapCpuOverload

The CPU usage of the specified FortiAP has exceeded the configured threshold.

fapMemOverload

The memory usage of the specified FortiAP has exceeded the configured threshold.

fapDevDown

The specified FortiAP device is down.

fapAcConnected

FortiAP has connected to the specified AP controller (AC).

The following screenshot shows an SNMP trap receiver (SnmpB) that has received one fapDevUp trap message from a FortiAP unit (serial number: FP222E3X17000000).

FortiAP SNMP queries

From your SNMP manager, you can use the SNMP GET and SNMP WALK commands to query FortiAP for status information, variables values, SSID configuration, radio configuration, and so on. You can also use the SNMP SET command to configure local FortiAP variables.

Here is an example of polling FortiAP data using the snmpwalk command from a Linux OS computer: 

$ snmpwalk -v2c -c public 10.0.28.2 .1
SNMPv2-MIB::sysDescr.0 = STRING: FortiAP-S223E
SNMPv2-MIB::sysObjectID.0 = OID: FORTINET-FORTIAP-MIB::fapHostName
DISMAN-EXPRESSION-MIB::sysUpTimeInstance = Timeticks: (27486) 0:04:34.86
SNMPv2-MIB::sysContact.0 = STRING: user@example.com
SNMPv2-MIB::sysName.0 = STRING: FortiAP-S223E
SNMPv2-MIB::sysLocation.0 = STRING: N/A
IF-MIB::ifNumber.0 = INTEGER: 25
...
FORTINET-FORTIAP-MIB::fapVersion.0 = STRING: PS223E-v6.2-build0229
FORTINET-FORTIAP-MIB::fapSerialNum.0 = STRING: PS223E3X170000001
FORTINET-FORTIAP-MIB::fapHostName.0 = STRING: FortiAP-S223E
FORTINET-FORTIAP-MIB::fapRegionCode.0 = STRING: E
FORTINET-FORTIAP-MIB::fapBaseMacAddr.0 = STRING: 70:4c:a5:43:7b:8
FORTINET-FORTIAP-MIB::fapBiosVer.0 = STRING: 04000002
FORTINET-FORTIAP-MIB::fapBiosDataVer.0 = INTEGER: 3
FORTINET-FORTIAP-MIB::fapSysPartNum.0 = STRING: 20155-03
FORTINET-FORTIAP-MIB::fapWtpWanMode.0 = INTEGER: wanOnly(0)
FORTINET-FORTIAP-MIB::fapWtpApAddrMode.0 = INTEGER: dhcp(0)
FORTINET-FORTIAP-MIB::fapWtpApIpAddr.0 = STRING: "192.168.1.2"
FORTINET-FORTIAP-MIB::fapWtpApIpNetmask.0 = STRING: "255.255.255.0"
FORTINET-FORTIAP-MIB::fapWtpApIpGateway.0 = STRING: "192.168.1.1"
FORTINET-FORTIAP-MIB::fapWtpApMode.0 = INTEGER: thinAp(0)
...
Previous
Next