SNMP Configuration
The SNMP agent in the controller must be properly configured for the following:
- The read and write community strings must be configured before the Web UI can be used to view and update any of the components of the controller.
- The trap manager must be configured so that traps are sent to the correct SNMP manager.
- The contact and location information should also be correctly configured so that the SNMP manager can access this information and know who to contact in case of problems.
SNMP Community Strings
SNMP community strings authenticate access to MIB objects. They determine whether the
SNMP manager has read and/or write access to particular MIB objects, if at all. Before the SNMP manager can access a controller, it must supply a community string that matches at least one of the community string definitions of the controller, with the same access privileges.
A community string can have one of these attributes:
- Read-only. Management stations with the community string can view all objects in the MIB, but cannot modify them.
- Read-write. This gives read and write access to authorized management stations to all objects in the MIB.
To configure community strings, enter privileged EXEC mode, and follow these steps: TABLE 30: Configuring SNMP Community Strings
| Command | Purpose |
| configure terminal | Enter global configuration mode. |
| snmp-server community string host {ro|rw} | Creates a new SNMP community string with the specified host and privileges. The host can either be a host name or an IP address in the format 255.255.255.255. The access privileges can be either read-only (ro) or read-write (rw). |
| end | Return to privileged EXEC mode |
| show running-config | Verify your entries. |
| copy running-config startup-config | (Optional) Save your entries in the configuration file. |
Trap Managers
A trap manager is a management station that receives and processes traps. The controller can have an unlimited number of trap managers. Trap managers are grouped into communities. A single community may have one or more hosts, which are specified as IP addresses.
TABLE 31: Configure SNMP Trap Managers
| Command | Purpose |
| configure terminal | Enter global configuration mode. |
| snmp-server trap community-string hostIP | Specify the recipient of the trap message:
For community-string, specify the string to send with the notification operation. For hostIP, specify the name or address of the host (the targeted recipient). |
| end | Return to privileged EXEC mode. |
TABLE 31: Configure SNMP Trap Managers
| Command | Purpose |
| show running-config | Verify your entries. |
| copy running-config startup-config | (Optional) Save your entries in the configuration file. |
SNMP Traps
These are important traps for the Fortinet Wireless LAN System:
| No | Case | Trap ID | Scenario |
| 1 | Controller Down | SNMP Poll | When a controller goes down or loses IP connectivity, SNMP Manager detects that the controller is down with an SNMP polling mechanism. |
| 2 | Controller Up | Cold Start trap | When a controller comes up, the SNMP Agent generates a <Cold Start> trap on the SNMP server. |
| 3 | NPlus1 Master Down | mwlMasterDown in meruwlanmib. my | When a master controller with NPlus1 goes down, SNMP generates a MasterDown trap. |
| 4 | NPlus1 Master Up | mwlMasterUp in meru-wlanmib.
my |
When a master controller with NPlus1 comes up, SNMP generates a MasterUp trap. |
| 5 | AP Down | mwlAtsDown in meru-wlanmib.
my |
When an AP goes down, SNMP generates an AP_DOWN trap. |
| 6 | AP Up | mwlAtsUp in meru-wlanmib. my | When an AP comes up, SNMP generates an AP_UP trap. |
| 7 | Rogue AP detected | mwlRogueApDetected in meru-wlanmib.my | When the system detects a rogue device, SNMP generates a <RogueAPDetected> trap. |
| 8 | Rogue AP Removed | mwlRogueApRemoved in meru-wlanmib.my | When the system detects a rogue device has disappeared from the network, SNMP generates a <RogueAPRemoved> trap. |
The following chart lists all traps that exist for the Fortinet Wireless LAN System:
| mwlRogueApDetected mwlRogueApRemoved mwlAtsDown mwlAtsUp mwlWatchdogFailure mwlWatchdogUp
mwlCertificateError mwlCertificateInstalled mwlApSoftwareVersionMismatch mwlApSoftwareVersionMatch mwlApInitFailure mwlApInitFailureCleared mwlApRadioCardFailure mwlApRadioCardFailureCleared mwlAuthFailure mwlRadiusServerSwitchover mwlRadiusServerSwitchoverFailure mwlRadiusServerRestored mwlAcctRadiusServerSwitchover mwlAcctRadiusServerSwitchoverFailure mwlMicFailure mwlMicCounterMeasureActivated mwlHardwareDiagnostic mwlHardwareDiagnosticCleared mwlCacLimitReached mwlRadarDetected mwlOperationalChannelChange |
New in version 3.6: mwlCacLimitReached mwlRadarDetected mwlMasterDown mwlMasterUp mwlSoftwareLicenseExpired mwlSoftwareLicenseInstalled mwlTopoStaAtsAdd mwlAtsNeighborLoss mwlAtsNeighborLossCleared mwlHandoffFail mwlHandoffFailCleared mwlResourceThresholdExceed mwlResourceThresholdExceedCleared mwlSystemFailure mwlSystemFailureCleared mwlApBootimageVersionMismatch mwlApBootimageVersionMatch mwlMacFilterDeny mwlMacFilterDenyCleared mwlApTemperature mwlApTemperatureCleared |
Objects That Monitor System Status Through SNMP/OID
Use the SNMP get operation to monitor these objects:
| No | Case | OID | Shows |
| 1 | System Uptime | mwWncVarsUpTime in mwConfigController.my | system uptime |
| 2 | System Operational
Status |
mwWncVarsOperationalS tate in mwConfigController.my | system’s current operational status |
| 3 | System
Availability Status |
mwWncVarsAvailabilityStatus in mwConfigController.my | system’s current available status. |
| 4 | AP Uptime | mwApUpTime in mwConfigAp.my | AP’s uptime |
| 5 | AP Operational
Status |
mwApOperationalState in mwConfigAp.my | AP’s current operational status |
| 6 | AP Availability
Status |
mwApAvailabilityStatus in mwConfigAp.my | AP’s current available status |
Agent Contact and Location Commands
The following are the commands to set the system description, contact and location of the SNMP agent:
TABLE 32: Configure SNMP Description, Contact and Location
| Command | Purpose |
| configure terminal | Enter global configuration mode. |
| snmp-server contact text | Sets the system contact string.
For example: snmp-server contact support@fortinet.com |
| snmp-server location text | Sets the system location string.
For example: snmp-server location Tower Building, IT Department |
| snmp-server description text | Sets the system description string.
For example: snmp-server description main controller |
| end | Return to privileged EXEC mode |
TABLE 32: Configure SNMP Description, Contact and Location
| Command | Purpose |
| show running-config | Verify your entries. |
| copy running-config startup-config | (Optional) Save your entries in the configuration file. |
Configure SNMP Service on a Forti WLC With the CLI
Set up the SNMP server community with a specific IP address with these commands:
default# configure terminal default(config)#
default(config)# snmp‐server community public 0.0.0.0 rw default(config)# end default# show snmp‐community SNMP Community Client IP Privilege public 0.0.0.0 read‐write
SNMP Community Management(1 entry) default#
Set up the trap community with a specific IP address with these commands:
default# configure terminal default(config)# snmp‐server trap public 10.0.220.30 default(config)# end default# show snmp‐trap Trap Community Destination IP public 10.0.220.30
SNMP Trap Management(1 entry)
Configure SNMP Service on a Forti WLC With the Web UI
Set up the SNMP server community with a specific IP address by following these steps:
- Open a Web Browser(IE or Firefox), enter the system IP address (example: https:// 172.29.0.133) and then enter a user name and password (factory default user name/ password is admin/admin).
- Click Configuration > SNMP > Setup > SNMP Community Management > Add.
- Provide an SNMP Community Name, Client IP Address, and select a privilege level such as read-write.
- Click OK.
Set up the trap community with a specific IP address with these commands:
- Click Configuration > SNMP > Setup > SNMP Trap Management > Add.
- Provide a Trap Community and Trap Destination IP Address.
- Click OK.
Set up 3rd Party Vendors
Fortinet MIB files should be compiled and loaded on SNMP manager to be used with Forti WLC. SNMP Manager has to have Fortinet MIB file and compile to access Fortinet OIDs through SNMP. To download the Fortinet MIB file from the controller, follow these steps:
- Open an MIB Compiler. Load and compile all MIBs.
- Access the Forti WLC from the Web UI.
- From the MIB tree browser expand ios -> org -> dod -> internet -> private -> enterprise -> meru -> meru-wlan -> mwConfiguration -> mwWncVars>.
- Activate a walk operation. This will query all OIDs under mwWncVars tree.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!