Fortinet black logo

Administration Guide

IPv6 Simple Network Management Protocol

Simple Network Management Protocol (SNMP) in IPv6 is similar to IPv4, with the main difference being the address format. Despite this, SNMP's principles and functionalities, including network management, device monitoring, and performance information gathering, remain consistent across both versions. See SNMP for more information.

SNMP for monitoring interface status example

In this example, SNMP manager (2001:db8:d0c:2::1) is configured to receive notifications when a FortiGate port either goes down or is brought up. Additionally, the SNMP manager has the capability to query the current status of the FortiGate port.

Note

Please note that the IPv6 addresses used in this example are for illustrative purposes only and should not be used in your environment.

The 2001:db8::/32 prefix is a special IPv6 prefix designated for use in documentation examples. See RFC 3849 for more information.

To configure SNMP for monitoring interface status in the GUI:
  1. Configure the Interface access:

    1. Go to Network > Interfaces and edit port1.

    2. In the Administrative Access options, enable SNMP under IPv6.

    3. Click OK.

  2. Configure the SNMP agent:

    1. Go to System > SNMP.

    2. Enable SNMP Agent.

    3. Configure the following fields:

      Description Branch
      Location Burnaby
      Contact Info Jane Doe
    4. Click Apply.

  3. Configure an SNMP v3 user:

    1. Go to System > SNMP.

    2. In the SNMP v3 table, click Create New.

    3. Configure the following fields:

      User Name Interface_Status
      Security Level Authentication
      Authentication Algorithm SHA1
      Password *******
      IPv6 Hosts > IP Address 2001:db8:d0c:2::1
    4. Click OK.
    5. Click Apply.

To configure SNMP for monitoring interface status in the CLI:
  1. Configure the Interface access:

    config system interface
        edit port1
            config ipv6
                append ip6-allowaccess snmp
            end
        next
    end
  2. Configure the SNMP agent:

    config system snmp sysinfo
        set status enable
        set description Branch
        set contact-info "Jane Doe"
        set location Burnaby
    end
  3. Configure an SNMP v3 user:

    config system snmp user
        edit "Interface_Status"
            set notify-hosts6 2001:db8:d0c:2::1
            set security-level auth-no-priv
            set auth-proto sha
            set auth-pwd ********************
        next
    end

Verification

To verify the SNMP configuration:
  1. Start the packet capture on interface port1 with the filter set to port 162. See Using the packet capture tool for more information.

  2. Turn off one of the FortiGate interface statuses to down; in this case, port2.

  3. Save the packet capture.

    The SNMP v3 trap is observed to be transmitted from port1 to the SNMP manager. It's also noteworthy that the msgAuthenticationParameters are configured, signifying that authentication is active. However, the absence of msgPrivacyParameters suggests that encryption is not in place, a fact further corroborated by the plaintext nature of the msgData.

  4. Verify that the SNMP manager has received the trap. See Important SNMP traps for an example of a trap.

  5. Verify that the SNMP manager can successfully query and receive a response on the current status of the FortiGate ports.

    # snmpwalk -v3 -u Interface_Status  -l authNoPriv -a SHA -A xxxxxxxx udp6:2001:db8:d0c:2::f 1.3.6.1.2.1.2.2.1.8
    iso.3.6.1.2.1.2.2.1.8.1 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.2 = INTEGER: 2
    iso.3.6.1.2.1.2.2.1.8.3 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.4 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.5 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.6 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.7 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.8 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.9 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.10 = INTEGER: 1

Simple Network Management Protocol (SNMP) in IPv6 is similar to IPv4, with the main difference being the address format. Despite this, SNMP's principles and functionalities, including network management, device monitoring, and performance information gathering, remain consistent across both versions. See SNMP for more information.

SNMP for monitoring interface status example

In this example, SNMP manager (2001:db8:d0c:2::1) is configured to receive notifications when a FortiGate port either goes down or is brought up. Additionally, the SNMP manager has the capability to query the current status of the FortiGate port.

Note

Please note that the IPv6 addresses used in this example are for illustrative purposes only and should not be used in your environment.

The 2001:db8::/32 prefix is a special IPv6 prefix designated for use in documentation examples. See RFC 3849 for more information.

To configure SNMP for monitoring interface status in the GUI:
  1. Configure the Interface access:

    1. Go to Network > Interfaces and edit port1.

    2. In the Administrative Access options, enable SNMP under IPv6.

    3. Click OK.

  2. Configure the SNMP agent:

    1. Go to System > SNMP.

    2. Enable SNMP Agent.

    3. Configure the following fields:

      Description Branch
      Location Burnaby
      Contact Info Jane Doe
    4. Click Apply.

  3. Configure an SNMP v3 user:

    1. Go to System > SNMP.

    2. In the SNMP v3 table, click Create New.

    3. Configure the following fields:

      User Name Interface_Status
      Security Level Authentication
      Authentication Algorithm SHA1
      Password *******
      IPv6 Hosts > IP Address 2001:db8:d0c:2::1
    4. Click OK.
    5. Click Apply.

To configure SNMP for monitoring interface status in the CLI:
  1. Configure the Interface access:

    config system interface
        edit port1
            config ipv6
                append ip6-allowaccess snmp
            end
        next
    end
  2. Configure the SNMP agent:

    config system snmp sysinfo
        set status enable
        set description Branch
        set contact-info "Jane Doe"
        set location Burnaby
    end
  3. Configure an SNMP v3 user:

    config system snmp user
        edit "Interface_Status"
            set notify-hosts6 2001:db8:d0c:2::1
            set security-level auth-no-priv
            set auth-proto sha
            set auth-pwd ********************
        next
    end

Verification

To verify the SNMP configuration:
  1. Start the packet capture on interface port1 with the filter set to port 162. See Using the packet capture tool for more information.

  2. Turn off one of the FortiGate interface statuses to down; in this case, port2.

  3. Save the packet capture.

    The SNMP v3 trap is observed to be transmitted from port1 to the SNMP manager. It's also noteworthy that the msgAuthenticationParameters are configured, signifying that authentication is active. However, the absence of msgPrivacyParameters suggests that encryption is not in place, a fact further corroborated by the plaintext nature of the msgData.

  4. Verify that the SNMP manager has received the trap. See Important SNMP traps for an example of a trap.

  5. Verify that the SNMP manager can successfully query and receive a response on the current status of the FortiGate ports.

    # snmpwalk -v3 -u Interface_Status  -l authNoPriv -a SHA -A xxxxxxxx udp6:2001:db8:d0c:2::f 1.3.6.1.2.1.2.2.1.8
    iso.3.6.1.2.1.2.2.1.8.1 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.2 = INTEGER: 2
    iso.3.6.1.2.1.2.2.1.8.3 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.4 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.5 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.6 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.7 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.8 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.9 = INTEGER: 1
    iso.3.6.1.2.1.2.2.1.8.10 = INTEGER: 1