Help
FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
magarwal
Staff
Staff

Created on ‎07-16-2023 10:46 PM Edited on ‎07-16-2023 10:47 PM By Community Manager

Article Id 264309

Trobleshooting Tip: How to troubleshoot SNMP v3 not working on FortiAP

Description This article describes how to troubleshoot SNMP v3 issues on FortiAP.
Scope

FortiAP-S and FortiAP-W2 version 6.2.0 and later.

FortiAP 6.4.3 and later.

FortiAP-U 6.0.4 and later.

All SNMP versions (v1, v2, and v3) are supported.
Solution
  1. Verify that:
  • SNMP is allowed on the AP VLAN.  
  • SNMP should be allowed on  FortiGate Interface (where SNMP Manager is connected).
  • SNMP should be allowed in the FortiAP profile.
  • Make sure that the firewall policy towards the SNMP server allows SNMP.

Logs to collect from FortiAP end:

 

# ps | grep snmpd: To check SNMP process ID.

# snmplog: To see SNMP  communication requests and response

# diag_sniffer any ‘port 161’ 6 0 a: To collect sniffer on FortiAP for SNMP port 161.

 

  1. Verify using SNMP walk on the FortiAP:
  • Download the SNMP walk tool on a test laptop:

https://ezfive.com/snmpsoft-tools/snmp-walk/

 

  • Connect the laptop to the same network as the FortiAP and give the laptop an IP in the same range as the FortiAP.
  • Make sure to be able able to ping the FortiAP IP from the test laptop.
  • Now run the below command in the command prompt and see if the response for the related MIB appears:

SnmpWalk.exe -r:10.0.103.2 -v:3 -sn:OPM -ap:sha -aw:P@$$w0rd -pp:aes256 -pw:P@$$w0rd1 -os:1.3 -q

 

10.0.103.2:  AP IP.

OPM: SNMP security name for SNMPv3.

sha: Authentication protocol used.

P@$$w0rd: Authentication password (SNMPv3) used. 

aes256: Privacy protocol. Supported: DES, IDEA, AES128, AES192, AES256, 3DES (SNMPv3).

P@$$w0rd1: Privacy password (SNMPv3). 

 

In the above scenario, tests were done for all the OIDs starting from 1.3.

 

  1. Verify using a MIB browser:
  • Install a MIB browser in a test PC that has reachability to the FortiAP:

https://www.manageengine.com/products/mibbrowser-free-tool/download.html

 

  • Set the host IP (FortiAP IP) and the SNMP community name in Community and Write Community.

 

magarwal_0-1689571644873.png

 

  • Go to Edit -> Settings, select snmpv3 and choose ADD user.

 

magarwal_1-1689571644893.png

 

magarwal_2-1689571644912.png

 

  • Select a MIB from the left panel and Go to Operations on the top menu and do a SNMPWalk:

 

magarwal_3-1689571644942.png

 

 

 

Related documents:
config wireless-controller snmp
Technical Tip: FortiAP SNMP configuration
805
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.