Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Cisco Wireless LAN

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP

Controller host name, Controller hardware model, Controller network interfaces, Associated WLAN Access Points

Controller Uptime, Controller CPU and Memory utilization, Controller Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths)

Availability and Performance Monitoring

SNMP Trap

Controller device type

All system logs: User authentication, Admin authentication, WLAN attacks, Wireless link health

Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "cisco wireless" to see the event types associated with this device. 

Rules

There are no predefined rules for this device. 

Reports

There are no predefined reports for this device. 

Configuration

SNMP V1/V2c and SNMP Traps
  1. Log in to your Cisco wireless LAN controller with administrative privileges.
  2. Go to MANAGEMENT > SNMP > General
  3. Set both SNMP v1 Mode and SNMP v2c Mode to Enable.
  4. Go to SNMP > Communities
  5. Click New and create a public community string with Read-Only privileges. 
  6. Click Apply
  7. Go to SNMP > Trap Controls
  8. Select the event traps you want to sent to FortiSIEM. 
  9. Click Apply
  10. Go to SNMP > Trap Receivers
  11. Click New and enter the IP address of your FortiSIEM virtual appliance as a trap receiver. 
  12. Click Apply
Sample SNMP Trap

2008-06-09 08:59:50 192.168.20.9 [192.168.20.9]:SNMPv2-MIB::sysUpTime.0 = Timeticks: (86919800) 10 days, 1:26:38.00     SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.14179.2.6.3.2  SNMPv2-SMI::enterprises.14179.2.6.2.35.0 = Hex-STRING: 00 21 55 4D 66 B0        SNMPv2-SMI::enterprises.14179.2.6.2.36.0 = INTEGER: 0   SNMPv2-SMI::enterprises.14179.2.6.2.37.0 = INTEGER: 1   SNMPv2-SMI::enterprises.14179.2.6.2.34.0 = Hex-STRING: 00 12 F0 0A 3F 15

2010-11-01 12:59:57 0.0.0.0(via UDP: [172.22.2.25]:32769) TRAP2, SNMP v2c, community 1n3t3ng . Cold Start Trap (0) Uptime: 0:00:00.00 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (9165100) 1 day, 1:27:31.00 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.9.9.599.0.4 SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.1.0 = Hex-STRING: 00 24 D7 36 A0 00  SNMPv2-SMI::enterprises.9.9.513.1.1.1.1.5.0 = STRING: "AP-2" SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.8.0 = Hex-STRING: 00 25 45 B7  66 70  SNMPv2-SMI::enterprises.9.9.513.1.2.1.1.1.0 = INTEGER: 0 SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.10.0 = IpAddress: 172.22.4.54 SNMPv2-SMI::enterprises.9.9.599.1.2.1.0 = STRING: "IE\brouse" SNMPv2-SMI::enterprises.9.9.599.1.2.2.0 = STRING: "IE"2011-04-05 10:37:42 0.0.0.0(via UDP: [10.10.81.240]:32768) TRAP2, SNMP v2c, community FortiSIEM	. Cold Start Trap (0) Uptime: 0:00:00.00 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1672429600) 193 days, 13:38:16.00	SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.9.9.615.0.1 SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.1.0 = Hex-STRING: 00 25 BC 80 E8 77 	SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.8.0 = Hex-STRING: 6C 50 4D 7D AC 50 	SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.9.0 = INTEGER: 1 SNMPv2-SMI::enterprises.9.9.513.1.1.1.1.5.0 = STRING: "AP03-3.rdu2" SNMPv2-SMI::enterprises.9.9.615.1.2.1.0 = INTEGER: 1 SNMPv2-SMI::enterprises.9.9.615.1.2.2.0 = INTEGER: 5000 SNMPv2-SMI::enterprises.9.9.615.1.2.3.0 = INTEGER: 1 SNMPv2-SMI::enterprises.9.9.615.1.2.4.0 = INTEGER: 31 SNMPv2-SMI::enterprises.9.9.615.1.2.5.0 = INTEGER: -60 SNMPv2-SMI::enterprises.9.9.615.1.2.6.0 = INTEGER: -90 SNMPv2-SMI::enterprises.9.9.615.1.2.7.0 = STRING: "0,0,0,0,1,20,24,28,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0" SNMPv2-SMI::enterprises.9.9.615.1.2.8.0 = INTEGER: 2 SNMPv2-SMI::enterprises.9.9.615.1.2.9.0 = STRING: "6c:50:4d:7d:ac:50,e8:04:62:0b:b5:f0" SNMPv2-SMI::enterprises.9.9.615.1.2.10.0 = STRING: "-83,-85" SNMPv2-SMI::enterprises.9.9.615.1.2.11.0 = STRING: "1,1" SNMPv2-SMI::enterprises.9.9.512.1.1.1.1.11.5 = INTEGER: 1

Settings for Access Credentials

SNMP Access Credentials for All Devices

Set these Access Method Definition values to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

Setting Value
Name <set name>
Device Type Generic
Access Protocol SNMP
Community String <your own>

 

Cisco Wireless LAN

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP

Controller host name, Controller hardware model, Controller network interfaces, Associated WLAN Access Points

Controller Uptime, Controller CPU and Memory utilization, Controller Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths)

Availability and Performance Monitoring

SNMP Trap

Controller device type

All system logs: User authentication, Admin authentication, WLAN attacks, Wireless link health

Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "cisco wireless" to see the event types associated with this device. 

Rules

There are no predefined rules for this device. 

Reports

There are no predefined reports for this device. 

Configuration

SNMP V1/V2c and SNMP Traps
  1. Log in to your Cisco wireless LAN controller with administrative privileges.
  2. Go to MANAGEMENT > SNMP > General
  3. Set both SNMP v1 Mode and SNMP v2c Mode to Enable.
  4. Go to SNMP > Communities
  5. Click New and create a public community string with Read-Only privileges. 
  6. Click Apply
  7. Go to SNMP > Trap Controls
  8. Select the event traps you want to sent to FortiSIEM. 
  9. Click Apply
  10. Go to SNMP > Trap Receivers
  11. Click New and enter the IP address of your FortiSIEM virtual appliance as a trap receiver. 
  12. Click Apply
Sample SNMP Trap

2008-06-09 08:59:50 192.168.20.9 [192.168.20.9]:SNMPv2-MIB::sysUpTime.0 = Timeticks: (86919800) 10 days, 1:26:38.00     SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.14179.2.6.3.2  SNMPv2-SMI::enterprises.14179.2.6.2.35.0 = Hex-STRING: 00 21 55 4D 66 B0        SNMPv2-SMI::enterprises.14179.2.6.2.36.0 = INTEGER: 0   SNMPv2-SMI::enterprises.14179.2.6.2.37.0 = INTEGER: 1   SNMPv2-SMI::enterprises.14179.2.6.2.34.0 = Hex-STRING: 00 12 F0 0A 3F 15

2010-11-01 12:59:57 0.0.0.0(via UDP: [172.22.2.25]:32769) TRAP2, SNMP v2c, community 1n3t3ng . Cold Start Trap (0) Uptime: 0:00:00.00 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (9165100) 1 day, 1:27:31.00 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.9.9.599.0.4 SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.1.0 = Hex-STRING: 00 24 D7 36 A0 00  SNMPv2-SMI::enterprises.9.9.513.1.1.1.1.5.0 = STRING: "AP-2" SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.8.0 = Hex-STRING: 00 25 45 B7  66 70  SNMPv2-SMI::enterprises.9.9.513.1.2.1.1.1.0 = INTEGER: 0 SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.10.0 = IpAddress: 172.22.4.54 SNMPv2-SMI::enterprises.9.9.599.1.2.1.0 = STRING: "IE\brouse" SNMPv2-SMI::enterprises.9.9.599.1.2.2.0 = STRING: "IE"2011-04-05 10:37:42 0.0.0.0(via UDP: [10.10.81.240]:32768) TRAP2, SNMP v2c, community FortiSIEM	. Cold Start Trap (0) Uptime: 0:00:00.00 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1672429600) 193 days, 13:38:16.00	SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.9.9.615.0.1 SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.1.0 = Hex-STRING: 00 25 BC 80 E8 77 	SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.8.0 = Hex-STRING: 6C 50 4D 7D AC 50 	SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.9.0 = INTEGER: 1 SNMPv2-SMI::enterprises.9.9.513.1.1.1.1.5.0 = STRING: "AP03-3.rdu2" SNMPv2-SMI::enterprises.9.9.615.1.2.1.0 = INTEGER: 1 SNMPv2-SMI::enterprises.9.9.615.1.2.2.0 = INTEGER: 5000 SNMPv2-SMI::enterprises.9.9.615.1.2.3.0 = INTEGER: 1 SNMPv2-SMI::enterprises.9.9.615.1.2.4.0 = INTEGER: 31 SNMPv2-SMI::enterprises.9.9.615.1.2.5.0 = INTEGER: -60 SNMPv2-SMI::enterprises.9.9.615.1.2.6.0 = INTEGER: -90 SNMPv2-SMI::enterprises.9.9.615.1.2.7.0 = STRING: "0,0,0,0,1,20,24,28,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0" SNMPv2-SMI::enterprises.9.9.615.1.2.8.0 = INTEGER: 2 SNMPv2-SMI::enterprises.9.9.615.1.2.9.0 = STRING: "6c:50:4d:7d:ac:50,e8:04:62:0b:b5:f0" SNMPv2-SMI::enterprises.9.9.615.1.2.10.0 = STRING: "-83,-85" SNMPv2-SMI::enterprises.9.9.615.1.2.11.0 = STRING: "1,1" SNMPv2-SMI::enterprises.9.9.512.1.1.1.1.11.5 = INTEGER: 1

Settings for Access Credentials

SNMP Access Credentials for All Devices

Set these Access Method Definition values to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

Setting Value
Name <set name>
Device Type Generic
Access Protocol SNMP
Community String <your own>