Configuring SNMP
Simple Network Management Protocol (SNMP) enables you to monitor hardware on your network.
The managed FortiSwitch SNMP implementation is read-only. SNMP v1-compliant and v2c-compliant SNMP managers have read-only access to FortiSwitch system information through queries and can receive trap messages from the managed FortiSwitch unit.
To monitor FortiSwitch system information and receive FortiSwitch traps, you must first compile the Fortinet and FortiSwitch management information base (MIB) files. A MIB is a text file that describes a list of SNMP data objects that are used by the SNMP manager. These MIBs provide information that the SNMP manager needs to interpret the SNMP trap, event, and query messages sent by the FortiSwitch SNMP agent.
FortiSwitch core MIB files are available for download by going to System > Config > SNMP > Settings and selecting the FortiSwitch MIB File download link.
You configure SNMP on a global level so that all managed FortiSwitch units use the same settings. If you want one of the FortiSwitch units to use different settings from the global settings, configure SNMP locally.
This section covers the following topics:
Configuring SNMP globally
To configure SNMP globally, configure the following settings:
- Configure the SNMP system information.
- Configure the SNMP community.
- Configure the SNMP trap threshold values.
- Configure the SNMP user.
To configure the SNMP system information globally:
config switch-controller snmp-sysinfo
set status enable
set engine-id <local_SNMP_engine_ID (the maximum is 24 characters)>
set description <system_description>
set contact-info <contact_information>
set location <FortiGate_location>
end
To configure the SNMP community globally:
config switch-controller snmp-community
edit <SNMP_community_ID>
set status enable
set query-v1-status enable
set query-v1-port <0-65535; the default is 161>
set query-v2c-status enable
set query-v2c-port <0-65535; the default is 161>
set trap-v1-status enable
set trap-v1-lport <0-65535; the default is 162>
set trap-v1-rport <0-65535; the default is 162>
set trap-v2c-status enable
set trap-v2c-lport <0-65535; the default is 162>
set trap-v2c-rport <0-65535; the default is 162>
set events {cpu-high mem-low log-full intf-ip ent-conf-change}
config hosts
edit <host_entry_ID>
set ip <IPv4_address_of_the_SNMP_manager>
end
end
To configure the SNMP trap threshold values globally:
config switch-controller snmp-trap-threshold
set trap-high-cpu-threshold <percentage_value; the default is 80>
set trap-low-memory-threshold <percentage_value; the default is 80>
set trap-log-full-threshold <percentage_value; the default is 90>
end
To configure the SNMP user globally:
config switch-controller snmp-user
edit <SNMP_user_name>
set queries enable
set query-port <0-65535; the default is 161>
set security-level {auth-priv | auth-no-priv | no-auth-no-priv}
set auth-proto {md5 | sha}
set auth-pwd <password_for_authentication_protocol>
set priv-proto {aes | des}
set priv-pwd <password_for_encryption_protocol>
end
Configuring SNMP locally
To configure SNMP for a specific FortiSwitch unit, configure the following settings:
- Configure the SNMP system information.
- Configure the SNMP community.
- Configure the SNMP trap threshold values.
- Configure the SNMP user.
To configure the SNMP system information locally:
config switch-controller managed-switch
set override-snmp-sysinfo enable
config snmp-sysinfo
set status enable
set engine-id <local_SNMP_engine_ID (the maximum is 24 characters)>
set description <system_description>
set contact-info <contact_information>
set location <FortiGate_location>
end
end
To configure the SNMP community locally:
config switch-controller managed-switch
set override-snmp-community enable
config snmp-community
edit <SNMP_community_ID>
set status enable
set query-v1-status enable
set query-v1-port <0-65535; the default is 161>
set query-v2c-status enable
set query-v2c-port <0-65535; the default is 161>
set trap-v1-status enable
set trap-v1-lport <0-65535; the default is 162>
set trap-v1-rport <0-65535; the default is 162>
set trap-v2c-status enable
set trap-v2c-lport <0-65535; the default is 162>
set trap-v2c-rport <0-65535; the default is 162>
set events {cpu-high mem-low log-full intf-ip ent-conf-change}
config hosts
edit <host_entry_ID>
set ip <IPv4_address_of_the_SNMP_manager>
end
end
To configure the SNMP trap threshold values locally:
config switch-controller managed-switch
set override-snmp-trap-threshold enable
config snmp-trap-threshold
set trap-high-cpu-threshold <percentage_value; the default is 80>
set trap-low-memory-threshold <percentage_value; the default is 80>
set trap-log-full-threshold <percentage_value; the default is 90>
end
end
To configure the SNMP user locally:
config switch-controller managed-switch
set override-snmp-user enable
config snmp-user
edit <SNMP_user_name>
set queries enable
set query-port <0-65535; the default is 161>
set security-level {auth-priv | auth-no-priv | no-auth-no-priv}
set auth-proto {md5 | sha}
set auth-pwd <password_for_authentication_protocol>
set priv-proto {aes | des}
set priv-pwd <password_for_encryption_protocol>
end
end