Fortinet black logo

Configuring Traps for MAC Notification

Home FortiNAC-F 7.2.0 Configuring Traps for MAC Notification
7.2.0
7.4.0
7.2.0

Requirements

Requirements

  • FortiNAC supports SNMP versions 1, 2 and 3 for MAC Notification traps. For a list of supported traps by vendor, see SNMP trap support in the Administration Guide.

  • Some switches in this document do not support MAC Notification traps. If this capability has been added in newer switch firmware, see KB article Requesting SNMP Trap Support to submit a request for support.

  • Switches sending traps must be modeled in FortiNAC. Switches are added in Topology using the “Start Discovery” or “Add Device” option. See Online Help topics “Discover Devices” and “Add/Modify a Device” for instructions.

  • Traps should be configured on the following port types:

    • Access ports (ports for endpoint connections or IP Phones)

    • Ports connecting to Access Points (ensures NAC is notified of an endpoint connection if the AP is replaced with an endpoint device)

  • For best performance, do not enable traps on the following:

    • Ports connecting to network infrastructure (e.g. switches, firewalls, controllers)

    • Aggregate ports

    • Any port with a Connection State of "User Defined Uplink" in FortiNAC Topology

      Traps sent from these ports cause unnecessary processing in FortiNAC and will generate events.

FortiNAC handles MAC Notification traps from IP Phones based on an attribute set on the server. The default is to ignore these traps in order to alleviate excessive traffic and improve server performance. However, trap handling for IP phones can be re-enabled by changing the Ignore MAC Notification Traps for IP Phones option setting in the Administration UI. For details, see section Network device of the Administration Guide.

Previous
Next

Requirements

  • FortiNAC supports SNMP versions 1, 2 and 3 for MAC Notification traps. For a list of supported traps by vendor, see SNMP trap support in the Administration Guide.

  • Some switches in this document do not support MAC Notification traps. If this capability has been added in newer switch firmware, see KB article Requesting SNMP Trap Support to submit a request for support.

  • Switches sending traps must be modeled in FortiNAC. Switches are added in Topology using the “Start Discovery” or “Add Device” option. See Online Help topics “Discover Devices” and “Add/Modify a Device” for instructions.

  • Traps should be configured on the following port types:

    • Access ports (ports for endpoint connections or IP Phones)

    • Ports connecting to Access Points (ensures NAC is notified of an endpoint connection if the AP is replaced with an endpoint device)

  • For best performance, do not enable traps on the following:

    • Ports connecting to network infrastructure (e.g. switches, firewalls, controllers)

    • Aggregate ports

    • Any port with a Connection State of "User Defined Uplink" in FortiNAC Topology

      Traps sent from these ports cause unnecessary processing in FortiNAC and will generate events.

FortiNAC handles MAC Notification traps from IP Phones based on an attribute set on the server. The default is to ignore these traps in order to alleviate excessive traffic and improve server performance. However, trap handling for IP phones can be re-enabled by changing the Ignore MAC Notification Traps for IP Phones option setting in the Administration UI. For details, see section Network device of the Administration Guide.

Previous
Next