IPv6 Simple Network Management Protocol
Simple Network Management Protocol (SNMP) in IPv6 is similar to IPv4, with the main difference being the address format. Despite this, SNMP's principles and functionalities, including network management, device monitoring, and performance information gathering, remain consistent across both versions. See SNMP for more information.
SNMP for monitoring interface status example
In this example, SNMP manager (2001:db8:d0c:2::1) is configured to receive notifications when a FortiGate port either goes down or is brought up. Additionally, the SNMP manager has the capability to query the current status of the FortiGate port.
Please note that the IPv6 addresses used in this example are for illustrative purposes only and should not be used in your environment. The 2001:db8::/32 prefix is a special IPv6 prefix designated for use in documentation examples. See RFC 3849 for more information. |
To configure SNMP for monitoring interface status in the GUI:
-
Configure the Interface access:
-
Go to Network > Interfaces and edit port1.
-
In the Administrative Access options, enable SNMP under IPv6.
-
Click OK.
-
-
Configure the SNMP agent:
-
Go to System > SNMP.
-
Enable SNMP Agent.
-
Configure the following fields:
Description Branch Location Burnaby Contact Info Jane Doe -
Click Apply.
-
-
Configure an SNMP v3 user:
-
Go to System > SNMP.
-
In the SNMP v3 table, click Create New.
-
Configure the following fields:
User Name Interface_Status Security Level Authentication Authentication Algorithm SHA1 Password ******* IPv6 Hosts > IP Address 2001:db8:d0c:2::1 - Click OK.
-
Click Apply.
-
To configure SNMP for monitoring interface status in the CLI:
-
Configure the Interface access:
config system interface edit port1 config ipv6 append ip6-allowaccess snmp end next end
-
Configure the SNMP agent:
config system snmp sysinfo set status enable set description Branch set contact-info "Jane Doe" set location Burnaby end
-
Configure an SNMP v3 user:
config system snmp user edit "Interface_Status" set notify-hosts6 2001:db8:d0c:2::1 set security-level auth-no-priv set auth-proto sha set auth-pwd ******************** next end
Verification
To verify the SNMP configuration:
-
Start the packet capture on interface port1 with the filter set to port 162. See Using the packet capture tool for more information.
-
Turn off one of the FortiGate interface statuses to down; in this case, port2.
-
Save the packet capture.
The SNMP v3 trap is observed to be transmitted from port1 to the SNMP manager. It's also noteworthy that the msgAuthenticationParameters are configured, signifying that authentication is active. However, the absence of msgPrivacyParameters suggests that encryption is not in place, a fact further corroborated by the plaintext nature of the msgData.
-
Verify that the SNMP manager has received the trap. See Important SNMP traps for an example of a trap.
-
Verify that the SNMP manager can successfully query and receive a response on the current status of the FortiGate ports.
# snmpwalk -v3 -u Interface_Status -l authNoPriv -a SHA -A xxxxxxxx udp6:2001:db8:d0c:2::f 1.3.6.1.2.1.2.2.1.8 iso.3.6.1.2.1.2.2.1.8.1 = INTEGER: 1 iso.3.6.1.2.1.2.2.1.8.2 = INTEGER: 2 iso.3.6.1.2.1.2.2.1.8.3 = INTEGER: 1 iso.3.6.1.2.1.2.2.1.8.4 = INTEGER: 1 iso.3.6.1.2.1.2.2.1.8.5 = INTEGER: 1 iso.3.6.1.2.1.2.2.1.8.6 = INTEGER: 1 iso.3.6.1.2.1.2.2.1.8.7 = INTEGER: 1 iso.3.6.1.2.1.2.2.1.8.8 = INTEGER: 1 iso.3.6.1.2.1.2.2.1.8.9 = INTEGER: 1 iso.3.6.1.2.1.2.2.1.8.10 = INTEGER: 1