Technical Note: Troubleshooting SNMP Communication Issues
Products
FortiNAC
Description
Troubleshooting SNMP Communication Issues
Solution
SNMP v1

1.  Confirm community string is correct.  Click the "Validate Credentials" button under the Credentials tab for the device model in Topology.

2.  Confirm community string used has read-write permissions. Read-only permissions will still pass credential validation, yet will be unable to change configurations.

3.  Determine the nature of the failure by looking for SNMP errors using one or both of the following methods:
snmpwalk:  Perform snmpwalk of the System OID in the CLI of Network Sentry (or some other device with this SNMP tool).   Linux syntax to use in Network Sentry CLI:
snmpwalk -v 1 -c <Read/Write Community string> <ip address> system

If the following response is returned, Network Sentry does not have all the required permissions:
SNMPv2-SMI::mib-x.x.x.x.x.x.= No more variables left in this MIB View (It is past the end of the MIB tree)

Administrative UI:  Check for "SNMP Failure" and "SNMP Read Error" events and review details for cause of failure.   To view events, either right click on the device in Topology and select Show Events, or navigate to Logs > Events.


SNMP v3

1.  Confirm credentials are correct.  Click the "Validate Credentials" button under the Credentials tab for the device model in Topology.

2.  Confirm the settings in the model configuration match those of the device:
    SNMP Protocol (SNMPv3-AuthPriv or SNMPv3-AuthNoPriv)
    User Name
    Authentication Protocol (MD5 or SHA1)
    Authentication Password
    Privacy Protocol (DES or AES-128. Used only for AuthPriv)
    Privacy Password (Used only for AuthPriv)

3.  Determine the nature of the failure by looking for SNMP errors using one or both of the following methods:
snmpwalk:  Perform snmpwalk of the System OID in the CLI of Network Sentry (or some other device with this SNMP tool) to determine the nature of the SNMP failure.  Linux syntax to use in Network Sentry CLI:
snmpwalk -v3 -u <username> -l <AuthPriv or authNoPriv> -a <MD5 or SHA> -A <password> -x <DES or AES> -X <password> <ip_address> system

If the following response is returned, Network Sentry does not have all the required permissions:
SNMPv2-SMI::mib-x.x.x.x.x.x.= No more variables left in this MIB View (It is past the end of the MIB tree)

Administrative UI:  Check for "SNMP Failure" and "SNMP Read Error" events and review details for cause of failure.   To view events, either right click on the device in Topology and select Show Events, or navigate to Logs > Events.
- SNMP Failure event result when Engine ID doesn't match Network Sentry's cache would contain the message "Received engine Id <id string> is not correct."
 - SNMP Failure event result when device is not responding to SNMP would contain the message "<ip address> Timed out."  Refer to KB article: Troubleshooting SNMP v3 Timeout Errors. 

4.  Cisco wired switches (and potentially other switches using VLAN contexts) must define SNMPv3 context values for every VLAN created in the switch.  If this is not done, Network Sentry may not be able to switch VLANs consistently.  

If the above steps do not resolve the behavior, then there may be an issue with the SNMP stack.  Refer to KB article "SNMPv3 Communication Fails for Certain Devices".
Last Modified Date: 09-21-2018 Document ID: FD41793