Fortinet black logo

Configuring Traps for MAC Notification

Home FortiNAC-F 7.2.0 Configuring Traps for MAC Notification
7.2.0
7.4.0
7.2.0

Cisco 3560 (IOS 12.2)

Cisco 3560 (IOS 12.2)

  1. Configure SNMP MAC Notification traps on all access ports (do not include uplinks). Remove linkUp and linkDown traps on ports where Mac Notification traps are added.

    interface fastEthernet 0/23

    snmp trap mac-notification change added

    snmp trap mac-notification change removed

    Example of an interface range setup: (ports 1 - 23):

    interface range fastEthernet 0/1-23

    snmp trap mac-notification added

    snmp trap mac-notification removed

  2. Configure MAC address table notifications globally.

    mac address-table notification change

    mac address-table notification mac-move

    mac address-table notification threshold

    snmp-server enable traps snmp coldstart warmstart

    snmp-server enable traps mac-notification change move threshold

  3. Configure to send traps to the IP address of the eth0 on FortiNAC Control Server or Control Server. SNMP Traps are independent of the SNMP Discover protocols. Example: if switch was modeled SNMP v3, traps can be sent with either SNMP v1/2c or v3.

    Option1: Send SNMP v1/2c traps

    snmp-server host <eth0 FNAC IP> <RO or RW community> mac-notification snmp

    Option 2: Send SNMP v3 traps

    snmp-server host <eth0 FNAC IP> traps version 3 <auth or priv> <user name> mac-notification

  4. L3 switches: specify the IP address from which to source the traps and respond to SNMP requests. If SNMP traffic is sourced from an IP other than the one used to model the switch in Topology, FortiNAC will not process the traffic:

    snmp-server source-interface traps <vlan>

  5. (SNMP v3 managed devices only) Configure Contexts for VLANs.

    Context settings must be configured correctly for reading Mib-2 information. When FortiNAC processes MAC Notification traps, the dot1dbridge mib must be read. This mib is accessed via SNMP v3 using SNMP context values. The Cisco switch must be configured to allow access to these context values for the SNMP User/View created for access by FortiNAC. Specifically, each VLAN defined on the device is used as a context and a configuration setting allowing access to that VLAN/Context there is needed. For details and examples, see KB article Configure and validate Cisco SNMPv3.

  6. Run the following command to save the configuration:

    write memory

Previous
Next

Cisco 3560 (IOS 12.2)

  1. Configure SNMP MAC Notification traps on all access ports (do not include uplinks). Remove linkUp and linkDown traps on ports where Mac Notification traps are added.

    interface fastEthernet 0/23

    snmp trap mac-notification change added

    snmp trap mac-notification change removed

    Example of an interface range setup: (ports 1 - 23):

    interface range fastEthernet 0/1-23

    snmp trap mac-notification added

    snmp trap mac-notification removed

  2. Configure MAC address table notifications globally.

    mac address-table notification change

    mac address-table notification mac-move

    mac address-table notification threshold

    snmp-server enable traps snmp coldstart warmstart

    snmp-server enable traps mac-notification change move threshold

  3. Configure to send traps to the IP address of the eth0 on FortiNAC Control Server or Control Server. SNMP Traps are independent of the SNMP Discover protocols. Example: if switch was modeled SNMP v3, traps can be sent with either SNMP v1/2c or v3.

    Option1: Send SNMP v1/2c traps

    snmp-server host <eth0 FNAC IP> <RO or RW community> mac-notification snmp

    Option 2: Send SNMP v3 traps

    snmp-server host <eth0 FNAC IP> traps version 3 <auth or priv> <user name> mac-notification

  4. L3 switches: specify the IP address from which to source the traps and respond to SNMP requests. If SNMP traffic is sourced from an IP other than the one used to model the switch in Topology, FortiNAC will not process the traffic:

    snmp-server source-interface traps <vlan>

  5. (SNMP v3 managed devices only) Configure Contexts for VLANs.

    Context settings must be configured correctly for reading Mib-2 information. When FortiNAC processes MAC Notification traps, the dot1dbridge mib must be read. This mib is accessed via SNMP v3 using SNMP context values. The Cisco switch must be configured to allow access to these context values for the SNMP User/View created for access by FortiNAC. Specifically, each VLAN defined on the device is used as a context and a configuration setting allowing access to that VLAN/Context there is needed. For details and examples, see KB article Configure and validate Cisco SNMPv3.

  6. Run the following command to save the configuration:

    write memory

Previous
Next