FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 197689
Description
Device fails CLI credential validation in Administration UI.  SSH access via CLI, however, is successful using the same credentials.      

With TelnetServer debug enabled, logs show the following:

error reading sysDescr from <vendor> device <device ip address>
telnet server getfailed

The appliance must be able to read the sysDescription OID (1.3.6.1.2.1.1.1.0). This OID contains certain information (such as IOS version for Cisco devices) which is used to determine how to characterize and manage the device.  If the device does not respond to queries for this OID, then the appropriate set of CLI commands to use cannot be determined.     


To determine if the sysDescription can be read, query the OID via the appliance CLI using the snmpwalk tool:
snmpwalk -v 3 -u <username> -l <AuthPriv or NoAuthPriv> -a <MD5 or SHA> -A <password> -x <DES or AES> -X <password> <device ip_address> 1.3.6.1.2.1.1.1.0


Example of a normal response:

SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(2)S3, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Fri 25-Mar-16 16:59 by mcpre



Example of failed response:

SNMPv2-MIB::sysDescr.0 = No Such Object available on this agent at this OID
Solution
Ensure the SNMP v3 permissions on the device allow for access to sysDescription OID (1.3.6.1.2.1.1.1.0).

Related Articles

Technical Note: Troubleshooting CLI credential failure

Contributors