FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 195364
Description
Access to certain SNMP OIDs on Juniper Switches are required in order to allow for proper management.   Otherwise, functions such as Layer 2 and Layer 3 polling, reading and changing VLANs, etc will not work properly.


Scope
Version:  8.x
Solution
If restricting access, grant the proper permissions using a similar configuration as below on the switch:

set snmp view NAC-View oid sysDescr.0 include
set snmp view NAC-View oid sysObjectID.0 include
set snmp view NAC-View oid sysUpTime.0 include
set snmp view NAC-View oid sysContact.0 include
set snmp view NAC-View oid sysName.0 include
set snmp view NAC-View oid sysLocation.0 include
set snmp view NAC-View oid sysServices.0 include
set snmp view NAC-View oid 1.3.6.1.2.1.1.8 include
set snmp view NAC-View oid 1.3.6.1.2.1.2.2.1 include
set snmp view NAC-View oid jnxExVlanTag include
set snmp view NAC-View oid jnxExVlanName include
set snmp view NAC-View oid 1.3.6.1.2.1.17.4.3.1 include
set snmp view NAC-View oid 1.3.6.1.2.1.17.1.4 include
set snmp view NAC-View oid 1.3.6.1.2.1.17.7.1.4.5.1.1 include
set snmp view NAC-View oid 1.3.6.1.2.1.31.1.1.1 include
set snmp view NAC-View oid 1.3.6.1.2.1.17.7.1.2.2 include
set snmp view NAC-View oid 1.3.6.1.2.1.4.22.1.2 include


To verify access, use the appropriate snmpwalk command to test access or display the data contents of each individual SNMP OID table in the appliance CLI:

snmpwalk -v1 -c <R/W Community String> <ip address> <SNMP OID>

snmpwalk -v3 -u <username> -l <authpriv/authnopriv> -a <MD5/SHA> -A <password> -x <DES/AES> -X <password> <ipAddressOfDevice> <SNMP OID>



SNMP OID Use Descriptions

Switch system information:
sysDescr.0 (1.3.6.1.2.1.1.1)
sysObjectID.0  (1.3.6.1.2.1.1.2)
sysUpTime.0 (1.3.6.1.2.1.1.3)
sysContact.0 (1.3.6.1.2.1.1.4)
sysName.0 (1.3.6.1.2.1.1.5)
sysLocation.0 (1.3.6.1.2.1.1.6)
sysServices.0 (1.3.6.1.2.1.1.7)
sysORLastChange (1.3.6.1.2.1.1.8)


Populating Interface information:

1.3.6.1.2.1.2.2.1
jnxExVlanTag
jnxExVlanName
dot1dTpFdbEntry (1.3.6.1.2.1.17.4.3.1)
dot1dBasePortTable (1.3.6.1.2.1.17.1.4)

Reading VLANS:
dot1qPvid (1.3.6.1.2.1.17.7.1.4.5.1.1)
ifXEntry (1.3.6.1.2.1.31.1.1.1)
1.3.6.1.4.1.2636.3

Layer 2 Polling:
dot1qTpFdbTable (1.3.6.1.2.1.17.7.1.2.2)

Layer 3 Polling:
ipNetToMediaPhysAddress (1.3.6.1.2.1.4.22.1.2)










Contributors