Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Update device mapping

When new devices are added to the FortiNAC Topology, recognized device types are displayed with an icon indicating the type of device. The system name (sysName) is used for the name of the device. If the device type is not recognized, a question mark icon is displayed and more information is required to manage the device.

Unrecognized devices which support the IETF standard MIBs listed below can be added as generic SNMP devices. This “Generic SNMP” feature allows hosts to be read, VLANs to be read/switched and IP to MAC address information to be read from the device – without needing a specialized code patch or build. In order to successfully configure a Generic SNMP device, it must fully support the MIB groups as described in the following table.

Note

Devices that appear to support the standard VLAN MIB, may not fully support the standards. The switching of a VLAN on a port may or may not be supported by the device.

Standard

Reference

SNMP MIB Objects/Tasks

RFC1213 – MIB II

Address Translation (AT) MIB

Read of IP->MAC:

atTable - The Address Translation tables contain the NetworkAddress to `physical' address equivalences.

SNMP OIDs

1.3.6.1.2.1.3.1.1.2

RFC1158 - MIB II

Address Translation (AT) MIB

Read of IP -> MAC:

atTable - The Address Translation Group contains NetworkAddress to `physical' address equivalences - deprecated by MIB II.

ipNetToMediaTable - The Address Translation tables contain the NetworkAddress to `physical' address equivalences.

SNMP OIDs

1.3.6.1.2.1.3.1.1.2

1.3.6.1.2.1.4.22.1.2

RFC1493 – BRIDGE-MIB

BRIDGE MIB

Read Hosts:

dot1dTpFdbTable - A table that contains information about unicast entries for which the bridge has forwarding and/or filtering information.

SNMP OIDs

1.3.6.1.2.1.17.4.3.1.1

1.3.6.1.2.1.17.4.3.1.2

1.3.6.1.2.1.17.4.3.1.3

RFC2674-Q-BRIDGE-MIB

VLAN MIB

Read / Switch VLANS:

dot1qPortVlanTable - A table containing per port control and status information for VLAN configuration in the device.

SNMP OIDs

1.3.6.1.2.1.17.7.1.4.5.1.1

Note

Do not change an existing supported device to a generic SNMP device or you will lose the custom options provided in FortiNAC for that device.

Note

If support for a generic SNMP device is added in a later release of FortiNAC, you can either leave the device as generic SNMP device or delete it and re-add it to the Topology. Deleting the device removes it from all device and port groups. The device and its ports would have to be added to the appropriate groups again manually.

Update unknown SNMP devices

The existence or absence of the SNMP MIB objects determines the type of device to add. Based on the combination of SNMP MIB objects found, options on the Update Image dialog are dynamically adjusted.

Note

If you try to update a device that is no longer in contact with FortiNAC, you will see the following message. “This Device indicates that - Contact is not established with this device.” When that message is displayed you only have the option to select a device type. Update Device Mapping will not be able to determine whether the device is a switch or a router.

  1. Select Network Devices > Topology.
  2. Right-click on the device marked with a question mark icon.
  3. Select the Update Device Mapping option from the menu.
  4. See the examples listed below for additional information.
Example 1

The following example shows the options for a device that supports both the standard BRIDGE MIB, the standard VLAN MIB and the standard IP MIBs. Therefore, it is likely that this device is a switch. However, if you know this device is not a switch, click the Model this Device as option and select the appropriate device type from the drop-down list.

After updating the image in the Topology, go to Model Configuration to specify VLANs. See Model configuration for additional information.

When testing the device for VLAN switching, check the Events View for a VLAN Switch Failure event. If a VLAN Switch Failure is generated for this device, then the device does not support the standard VLAN MIB. You will not be able to switch VLANs.

Example 2

The following example shows a device that supports the standard IP MIBs, but does not support the BRIDGE MIB. Therefore, it is likely that this device is a router. However, if you know this device is not a router, click the Model this Device as option and select the appropriate device type from the drop-down list.

Example 3

The following example shows a SNMP device that does not support the standards. This indicates that the device is neither a switch nor a router. In this example, the device is an alarm system and you can map it as an alarm system with the appropriate icon. You can leave it as an SNMP device and use the Model this Device as option to select the type. When selected the device will display the SNMP interfaces in the panel on the right pane of the Topology.

If you prefer to see device information instead of the interfaces, go to the Host View, right-click on the device and select Register as Device.

Another option is to delete the device from the Topology. Right click on the container and use the Add Pingable option from the menu to add the device.

Update device mapping

When new devices are added to the FortiNAC Topology, recognized device types are displayed with an icon indicating the type of device. The system name (sysName) is used for the name of the device. If the device type is not recognized, a question mark icon is displayed and more information is required to manage the device.

Unrecognized devices which support the IETF standard MIBs listed below can be added as generic SNMP devices. This “Generic SNMP” feature allows hosts to be read, VLANs to be read/switched and IP to MAC address information to be read from the device – without needing a specialized code patch or build. In order to successfully configure a Generic SNMP device, it must fully support the MIB groups as described in the following table.

Note

Devices that appear to support the standard VLAN MIB, may not fully support the standards. The switching of a VLAN on a port may or may not be supported by the device.

Standard

Reference

SNMP MIB Objects/Tasks

RFC1213 – MIB II

Address Translation (AT) MIB

Read of IP->MAC:

atTable - The Address Translation tables contain the NetworkAddress to `physical' address equivalences.

SNMP OIDs

1.3.6.1.2.1.3.1.1.2

RFC1158 - MIB II

Address Translation (AT) MIB

Read of IP -> MAC:

atTable - The Address Translation Group contains NetworkAddress to `physical' address equivalences - deprecated by MIB II.

ipNetToMediaTable - The Address Translation tables contain the NetworkAddress to `physical' address equivalences.

SNMP OIDs

1.3.6.1.2.1.3.1.1.2

1.3.6.1.2.1.4.22.1.2

RFC1493 – BRIDGE-MIB

BRIDGE MIB

Read Hosts:

dot1dTpFdbTable - A table that contains information about unicast entries for which the bridge has forwarding and/or filtering information.

SNMP OIDs

1.3.6.1.2.1.17.4.3.1.1

1.3.6.1.2.1.17.4.3.1.2

1.3.6.1.2.1.17.4.3.1.3

RFC2674-Q-BRIDGE-MIB

VLAN MIB

Read / Switch VLANS:

dot1qPortVlanTable - A table containing per port control and status information for VLAN configuration in the device.

SNMP OIDs

1.3.6.1.2.1.17.7.1.4.5.1.1

Note

Do not change an existing supported device to a generic SNMP device or you will lose the custom options provided in FortiNAC for that device.

Note

If support for a generic SNMP device is added in a later release of FortiNAC, you can either leave the device as generic SNMP device or delete it and re-add it to the Topology. Deleting the device removes it from all device and port groups. The device and its ports would have to be added to the appropriate groups again manually.

Update unknown SNMP devices

The existence or absence of the SNMP MIB objects determines the type of device to add. Based on the combination of SNMP MIB objects found, options on the Update Image dialog are dynamically adjusted.

Note

If you try to update a device that is no longer in contact with FortiNAC, you will see the following message. “This Device indicates that - Contact is not established with this device.” When that message is displayed you only have the option to select a device type. Update Device Mapping will not be able to determine whether the device is a switch or a router.

  1. Select Network Devices > Topology.
  2. Right-click on the device marked with a question mark icon.
  3. Select the Update Device Mapping option from the menu.
  4. See the examples listed below for additional information.
Example 1

The following example shows the options for a device that supports both the standard BRIDGE MIB, the standard VLAN MIB and the standard IP MIBs. Therefore, it is likely that this device is a switch. However, if you know this device is not a switch, click the Model this Device as option and select the appropriate device type from the drop-down list.

After updating the image in the Topology, go to Model Configuration to specify VLANs. See Model configuration for additional information.

When testing the device for VLAN switching, check the Events View for a VLAN Switch Failure event. If a VLAN Switch Failure is generated for this device, then the device does not support the standard VLAN MIB. You will not be able to switch VLANs.

Example 2

The following example shows a device that supports the standard IP MIBs, but does not support the BRIDGE MIB. Therefore, it is likely that this device is a router. However, if you know this device is not a router, click the Model this Device as option and select the appropriate device type from the drop-down list.

Example 3

The following example shows a SNMP device that does not support the standards. This indicates that the device is neither a switch nor a router. In this example, the device is an alarm system and you can map it as an alarm system with the appropriate icon. You can leave it as an SNMP device and use the Model this Device as option to select the type. When selected the device will display the SNMP interfaces in the panel on the right pane of the Topology.

If you prefer to see device information instead of the interfaces, go to the Host View, right-click on the device and select Register as Device.

Another option is to delete the device from the Topology. Right click on the container and use the Add Pingable option from the menu to add the device.