Fortinet black logo

Configuring Traps for MAC Notification

Home FortiNAC-F 7.2.0 Configuring Traps for MAC Notification
7.2.0
7.4.0
7.2.0

HP

HP

SNMP v1/2

  1. Enable MAC Notification traps globally on the switch with an interval of 2 seconds.

    snmp-server enable traps mac-notify trap-interval 2

    snmp-server enable traps mac-notify

    snmp-server enable traps mac-notify mac-move

  2. Enable MAC Notification traps on the access ports.

    mac-notify traps <PORT-LIST> learned

    mac-notify traps <PORT-LIST> removed

  3. Display MAC Notification Trap configuration:

    show mac-notify traps

  4. Remove linkUp and linkDown traps on ports MAC Notification traps are added.

    no snmp-server enable traps link-change <PORT-LIST>

  5. Display Link-Change traps configuration:

    show snmp-server traps

  6. Configure each switch with the IP address of eth0 on the FortiNAC Server or Control Server as the destination for trap information (i.e., trap receiver).

    snmp-server host <FortiNAC IP Address> community <community-name>

    Note: community name must be created in switch.

  7. L3 switches: specify the IP address from which to source the traps and respond to SNMP requests. If SNMP traffic is sourced from an IP other than the one used to model the switch in Topology, FortiNAC will not process the traffic:

    snmp-server trap-source <switch IP Address used in Topology>

    snmp-server response-source <switch IP Address used in Topology>

  8. Display trap receivers:

    show snmp-server traps

Example: Mac Notification traps configured for ports 12-14 and sending to FortiNAC IP 15.255.133.236 using community string “public.”

snmp-server enable traps mac-notify trap-interval 2

mac-notify traps 12-14 learned

mac-notify traps 12-14 removed

no snmp-server enable traps link-change 12-14

snmp-server community "public" Unrestricted

snmp-server host 15.255.133.236 "public"

SNMP v3

  1. Enable MAC Notification traps globally on the switch with an interval of 2 seconds.

    snmp-server enable traps mac-notify trap-interval 2

    snmp-server enable traps mac-notify

    snmp-server enable traps mac-notify mac-move

  2. Enable MAC Notification traps on the access ports.

    mac-notify traps <PORT-LIST> learned

    mac-notify traps <PORT-LIST> removed

  3. Display MAC Notification Trap configuration:

    show mac-notify traps

  4. Remove linkUp and linkDown traps on ports MAC Notification traps are added.

    no snmp-server enable traps link-change <PORT-LIST>

  5. Display Link-Change traps configuration:

    show snmp-server traps

  6. Configure each switch with the IP address of eth0 on the FortiNAC Server or Control Server as the destination for trap information (i.e., trap receiver).

    snmpv3 enable

    snmpv3 only

    snmpv3 restricted-access

    snmpv3 group managerauth user "<username>" sec-model ver3

    snmpv3 notify "<name>" tagvalue "<tag value>"

    snmpv3 targetaddress "<target name>" params "<parameter name>" < FortiNAC IP Address> taglist "<tag value>"

    snmpv3 params "<parameter name>" user "<username>" sec-model ver3 message-processing ver3 auth

    snmpv3 user "<username>" auth sha " < Authentication password> "

  7. L3 switches: specify the IP address from which to source the traps and respond to SNMP requests. If SNMP traffic is sourced from an IP other than the one used to model the switch in Topology, FortiNAC will not process the traffic:

    snmp-server trap-source <switch IP Address used in Topology>

    snmp-server response-source <switch IP Address used in Topology>

  8. Display trap receivers:

    show snmp-server traps

Example:

  • Mac Notification traps configured for ports 12-14

  • Sending to FortiNAC Primary IP 15.42.133.236 and Secondary IP 15.42.150.236 (High Availability configuration)

snmp-server enable traps mac-notify trap-interval 2

snmp-server enable traps mac-notify

snmp-server enable traps mac-notify mac-move

mac-notify traps 12-14 learned

mac-notify traps 12-14 removed

no snmp-server enable traps link-change 12-14

snmpv3 enable

snmpv3 only

snmpv3 restricted-access

snmpv3 group managerauth user "nactrapsnmp" sec-model ver3

snmpv3 notify "FortiNAC" tagvalue "FortiNAC_tag"

snmpv3 targetaddress "CT_FortiNAC" params "FortiNAC_params" 15.255.133.236 taglist "FortiNAC_tag"

snmpv3 targetaddress "EG_FortiNAC" params "FortiNAC_params" 15.255.150.236 taglist "FortiNAC_tag"

snmpv3 params "FortiNAC_params" user "nactrapsnmp" sec-model ver3 message-processing ver3 auth

snmpv3 user "nactrapsnmp" auth sha "AUTHENTICATION_PASSWORD"

Previous
Next

HP

SNMP v1/2

  1. Enable MAC Notification traps globally on the switch with an interval of 2 seconds.

    snmp-server enable traps mac-notify trap-interval 2

    snmp-server enable traps mac-notify

    snmp-server enable traps mac-notify mac-move

  2. Enable MAC Notification traps on the access ports.

    mac-notify traps <PORT-LIST> learned

    mac-notify traps <PORT-LIST> removed

  3. Display MAC Notification Trap configuration:

    show mac-notify traps

  4. Remove linkUp and linkDown traps on ports MAC Notification traps are added.

    no snmp-server enable traps link-change <PORT-LIST>

  5. Display Link-Change traps configuration:

    show snmp-server traps

  6. Configure each switch with the IP address of eth0 on the FortiNAC Server or Control Server as the destination for trap information (i.e., trap receiver).

    snmp-server host <FortiNAC IP Address> community <community-name>

    Note: community name must be created in switch.

  7. L3 switches: specify the IP address from which to source the traps and respond to SNMP requests. If SNMP traffic is sourced from an IP other than the one used to model the switch in Topology, FortiNAC will not process the traffic:

    snmp-server trap-source <switch IP Address used in Topology>

    snmp-server response-source <switch IP Address used in Topology>

  8. Display trap receivers:

    show snmp-server traps

Example: Mac Notification traps configured for ports 12-14 and sending to FortiNAC IP 15.255.133.236 using community string “public.”

snmp-server enable traps mac-notify trap-interval 2

mac-notify traps 12-14 learned

mac-notify traps 12-14 removed

no snmp-server enable traps link-change 12-14

snmp-server community "public" Unrestricted

snmp-server host 15.255.133.236 "public"

SNMP v3

  1. Enable MAC Notification traps globally on the switch with an interval of 2 seconds.

    snmp-server enable traps mac-notify trap-interval 2

    snmp-server enable traps mac-notify

    snmp-server enable traps mac-notify mac-move

  2. Enable MAC Notification traps on the access ports.

    mac-notify traps <PORT-LIST> learned

    mac-notify traps <PORT-LIST> removed

  3. Display MAC Notification Trap configuration:

    show mac-notify traps

  4. Remove linkUp and linkDown traps on ports MAC Notification traps are added.

    no snmp-server enable traps link-change <PORT-LIST>

  5. Display Link-Change traps configuration:

    show snmp-server traps

  6. Configure each switch with the IP address of eth0 on the FortiNAC Server or Control Server as the destination for trap information (i.e., trap receiver).

    snmpv3 enable

    snmpv3 only

    snmpv3 restricted-access

    snmpv3 group managerauth user "<username>" sec-model ver3

    snmpv3 notify "<name>" tagvalue "<tag value>"

    snmpv3 targetaddress "<target name>" params "<parameter name>" < FortiNAC IP Address> taglist "<tag value>"

    snmpv3 params "<parameter name>" user "<username>" sec-model ver3 message-processing ver3 auth

    snmpv3 user "<username>" auth sha " < Authentication password> "

  7. L3 switches: specify the IP address from which to source the traps and respond to SNMP requests. If SNMP traffic is sourced from an IP other than the one used to model the switch in Topology, FortiNAC will not process the traffic:

    snmp-server trap-source <switch IP Address used in Topology>

    snmp-server response-source <switch IP Address used in Topology>

  8. Display trap receivers:

    show snmp-server traps

Example:

  • Mac Notification traps configured for ports 12-14

  • Sending to FortiNAC Primary IP 15.42.133.236 and Secondary IP 15.42.150.236 (High Availability configuration)

snmp-server enable traps mac-notify trap-interval 2

snmp-server enable traps mac-notify

snmp-server enable traps mac-notify mac-move

mac-notify traps 12-14 learned

mac-notify traps 12-14 removed

no snmp-server enable traps link-change 12-14

snmpv3 enable

snmpv3 only

snmpv3 restricted-access

snmpv3 group managerauth user "nactrapsnmp" sec-model ver3

snmpv3 notify "FortiNAC" tagvalue "FortiNAC_tag"

snmpv3 targetaddress "CT_FortiNAC" params "FortiNAC_params" 15.255.133.236 taglist "FortiNAC_tag"

snmpv3 targetaddress "EG_FortiNAC" params "FortiNAC_params" 15.255.150.236 taglist "FortiNAC_tag"

snmpv3 params "FortiNAC_params" user "nactrapsnmp" sec-model ver3 message-processing ver3 auth

snmpv3 user "nactrapsnmp" auth sha "AUTHENTICATION_PASSWORD"

Previous
Next