Fortinet black logo

Configuring Traps for MAC Notification

Home FortiNAC-F 7.2.0 Configuring Traps for MAC Notification
7.2.0
7.4.0
7.2.0

Cisco cat4500e

Cisco cat4500e

  1. Configure SNMP MAC Notification traps on all access ports (do not include uplinks).

    interface fastEthernet 0/23

    snmp trap mac-notification added

    snmp trap mac-notification removed

    Example of an interface range setup: (ports 1 - 23):

    interface range fastEthernet 0/1-23

    snmp trap mac-notification added

    snmp trap mac-notification removed

  2. Remove linkUp and linkDown traps on ports where Mac Notification traps are added.

    no snmp-server enable traps snmp linkup

    no snmp-server enable traps snmp linkdown

  3. Configure SNMP and enable MAC Notification traps pointed to the IP address of the eth0 on FortiNAC Control Server or Control Server.

    snmp-server community public RO

    snmp-server community private RW

    snmp-server enable traps MAC-Notification

    snmp-server host <eth0 FNAC IP> <RO or RW community>

  4. Configure MAC address table notifications globally.

    mac-address-table notification

  5. (SNMP v3 managed devices only) Configure Contexts for VLANs.

    Context settings must be configured correctly for reading Mib-2 information. When FortiNAC processes MAC Notification traps, the dot1dbridge mib must be read. This mib is accessed via SNMP v3 using SNMP context values. The Cisco switch must be configured to allow access to these context values for the SNMP User/View created for access by FortiNAC. Specifically, each VLAN defined on the device is used as a context and a configuration setting allowing access to that VLAN/Context there is needed.

    For details and examples, see KB article Configure and validate Cisco SNMPv3.

  6. Run the following command to save the configuration:

write memory

Previous
Next

Cisco cat4500e

  1. Configure SNMP MAC Notification traps on all access ports (do not include uplinks).

    interface fastEthernet 0/23

    snmp trap mac-notification added

    snmp trap mac-notification removed

    Example of an interface range setup: (ports 1 - 23):

    interface range fastEthernet 0/1-23

    snmp trap mac-notification added

    snmp trap mac-notification removed

  2. Remove linkUp and linkDown traps on ports where Mac Notification traps are added.

    no snmp-server enable traps snmp linkup

    no snmp-server enable traps snmp linkdown

  3. Configure SNMP and enable MAC Notification traps pointed to the IP address of the eth0 on FortiNAC Control Server or Control Server.

    snmp-server community public RO

    snmp-server community private RW

    snmp-server enable traps MAC-Notification

    snmp-server host <eth0 FNAC IP> <RO or RW community>

  4. Configure MAC address table notifications globally.

    mac-address-table notification

  5. (SNMP v3 managed devices only) Configure Contexts for VLANs.

    Context settings must be configured correctly for reading Mib-2 information. When FortiNAC processes MAC Notification traps, the dot1dbridge mib must be read. This mib is accessed via SNMP v3 using SNMP context values. The Cisco switch must be configured to allow access to these context values for the SNMP User/View created for access by FortiNAC. Specifically, each VLAN defined on the device is used as a context and a configuration setting allowing access to that VLAN/Context there is needed.

    For details and examples, see KB article Configure and validate Cisco SNMPv3.

  6. Run the following command to save the configuration:

write memory

Previous
Next