How to Monitor ClearPass server performance through SNMP private MIB?
First, What are MIBs?
A Management Information Base (MIB) is a virtual database that contains information that is used for network management. Each managed device contains MIBs that define the properties of that device.
MIB objects, such as a MIB table or a specific element of data in a MIB table, are identified with Object Identifiers (OIDs). The OIDs are designated by text strings and integer sequences.
For example, Aruba and 184.108.40.206.4.1.14832 both represent the private enterprise node Aruba. The numerical string lists the nodes of the Aruba enterprise MIB hierarchy, as shown in below Table 1:
ClearPass server supports Private MIB from the version 6.5.0. On prior versions, CPPM provides only native SNMP support from the UC Davis ‘net-SNMP’ (Universal) MIB package.
For monitoring ClearPass Server performance in a detailed view, you can use the private MIB for the following information:
- Total time taken (ms) for policy evaluation from RADIUS server perspective.
- Total time taken (ms) for RADIUS request end-to-end (Also separately for TACACS+ and web authentications).
- Total number of Successful and failed RADIUS request count (Also separately for TACACS+ and web authentications).
- Time taken (ms) to authenticate against an authentication source.
- Time taken (ms) for the evaluation of service policies (also separately for role mapping policies, posture policies, audit policies, restriction policies, enforcement policies).
- Time taken (ms) for the evaluation of role mapping policies.
- Percentage of disk space remaining in the ClearPass Server.
- Total memory and disk space available in the ClearPass Server.
- Percentage of memory remaining in the ClearPass Server.
- number of days remaining prior to the server certificate expiry
- Total license installed and number licenses consumed.
- Number of days remaining prior to an activation expiry of ClearPass license.
- Total number of service policies evaluated (also separately for role mapping policies, posture policies, audit policies, restriction policies, enforcement policies).
220.127.116.11.4.1.14818.104.22.168.22.214.171.124.3.0 = To find OS version running on the server.
126.96.36.199.4.1.148188.8.131.52.184.108.40.206.4.0 = To find the configured Hostname of the server.
220.127.116.11.4.1.14818.104.22.168.22.214.171.124.8.0 = To find the configured IP address.
Note: we can still use Universal MIBs to monitor following information of the ClearPass server:
1. CPU Load average in 5/10/15 minutes.
2. Number of Services running in the and their status.
3. Number of processes running and their uptime.etc.,
We need to download and run CPPM Private MIB along with ARUBA MIB, as the CPPM MIB is dependent on Aruba MIB:
These MIBs can be downloaded by logging in to https://support.arubanetworks.com then by navigating to ClearPass-->Tools-->SNMP Private MIB
[root@localhost mercury]# snmpget -v1 -c public 10.17.164.133 cppmSystemModel
CPPM-MIB::cppmSystemModel.0 = STRING: CP-VA-5K
[root@localhost mercury]# snmpget -v1 -c public 10.17.164.133 cppmSystemMemoryFree
CPPM-MIB::cppmSystemMemoryFree.0 = Counter64: 3952254976
[root@localhost mercury]# snmpget -v1 -c public 10.17.164.133 cppmClusterNodeType
CPPM-MIB::cppmClusterNodeType.0 = STRING: Publisher
[root@localhost mercury]# snmpget -v1 -c public 10.17.164.133 psAutzSourceName
CPPM-MIB::psAutzSourceName.1 = STRING: [Local User Repository]
CPPM-MIB::psAutzSourceName.2 = STRING: [Guest User Repository]
CPPM-MIB::psAutzSourceName.3 = STRING: [Guest Device Repository]
CPPM-MIB::psAutzSourceName.4 = STRING: [Endpoints Repository]
CPPM-MIB::psAutzSourceName.5 = STRING: [Onboard Devices Repository]
CPPM-MIB::psAutzSourceName.6 = STRING: [Admin User Repository]
CPPM-MIB::psAutzSourceName.7 = STRING: [Blacklist User Repository]
CPPM-MIB::psAutzSourceName.8 = STRING: [Time Source]
CPPM-MIB::psAutzSourceName.9 = STRING: [Social Login Repository]
CPPM-MIB::psAutzSourceName.10 = STRING: [Insight Repository]