AAA, NAC, Guest Access & BYOD

How to Monitor ClearPass server performance through SNMP private MIB

Aruba Employee
Requirement:

How to Monitor ClearPass server performance through SNMP private MIB?



Solution:

First, What are MIBs?

A Management Information Base (MIB) is a virtual database that contains information that is used for network management. Each managed device contains MIBs that define the properties of that device.

MIB objects, such as a MIB table or a specific element of data in a MIB table, are identified with Object Identifiers (OIDs). The OIDs are designated by text strings and integer sequences.

 

For example, Aruba and 1.3.6.1.4.1.14832 both represent the private enterprise node Aruba. The numerical string lists the nodes of the Aruba enterprise MIB hierarchy, as shown in below Table 1:

 

ClearPass server supports Private MIB from the version 6.5.0.  On prior versions, CPPM provides only native SNMP support from the UC Davis ‘net-SNMP’  (Universal) MIB package.

 

For monitoring ClearPass Server performance in a detailed view, you can use the private MIB for the following information:

 

  1. Total time taken (ms) for policy evaluation from RADIUS server perspective.
  2. Total time taken (ms) for RADIUS request end-to-end  (Also separately for TACACS+ and web authentications). 
  3. Total number of Successful and failed RADIUS request count (Also separately for TACACS+ and web authentications). 
  4. Time taken (ms) to authenticate against an authentication source.
  5. Time taken (ms) for the evaluation of service policies (also separately for role mapping policies, posture policies, audit policies, restriction policies, enforcement policies).
  6. Time taken (ms) for the evaluation of role mapping policies.
  7. Percentage of disk space remaining in the ClearPass Server.
  8. Total memory and disk space available in the ClearPass Server.
  9. Percentage of memory remaining in the ClearPass Server.
  10. number of days remaining prior to the server certificate expiry
  11. Total license installed and number licenses consumed.
  12. Number of days remaining prior  to an activation expiry of ClearPass license.
  13.  Total number of service policies evaluated (also separately for role mapping policies, posture policies, audit policies, restriction policies, enforcement policies).

Sample OIDs:

1.3.6.1.4.1.14832.1.6.1.1.1.1.1.3.0 = To find OS version running on the server.

1.3.6.1.4.1.14832.1.6.1.1.1.1.1.4.0 = To find  the configured Hostname of the server.

1.3.6.1.4.1.14832.1.6.1.1.1.1.1.8.0 = To find the configured IP address.

 

Note: we can still use Universal MIBs to monitor following information of the ClearPass server:

1.  CPU Load average in 5/10/15 minutes.

2.  Number of Services running in the and their status.

3. Number of processes running and their uptime.etc.,



Configuration:

 

We need to download and run CPPM Private MIB along with ARUBA MIB, as the CPPM MIB is dependent on Aruba MIB:

These MIBs can be downloaded by logging in to https://support.arubanetworks.com then by navigating to ClearPass-->Tools-->SNMP Private MIB

URL: https://support.arubanetworks.com/DownloadSoftware/tabid/75/DMXModule/510/EntryId/16480/Default.aspx

 

 

 

 



Verification


[root@localhost mercury]# snmpget -v1 -c public 10.17.164.133 cppmSystemModel
CPPM-MIB::cppmSystemModel.0 = STRING: CP-VA-5K


[root@localhost mercury]#  snmpget -v1 -c public 10.17.164.133  cppmSystemMemoryFree
CPPM-MIB::cppmSystemMemoryFree.0 = Counter64: 3952254976


[root@localhost mercury]# snmpget -v1 -c public 10.17.164.133 cppmClusterNodeType
CPPM-MIB::cppmClusterNodeType.0 = STRING: Publisher


[root@localhost mercury]# snmpget -v1 -c public 10.17.164.133 psAutzSourceName
CPPM-MIB:Smiley TonguesAutzSourceName.1 = STRING: [Local User Repository]
CPPM-MIB:Smiley TonguesAutzSourceName.2 = STRING: [Guest User Repository]
CPPM-MIB:Smiley TonguesAutzSourceName.3 = STRING: [Guest Device Repository]
CPPM-MIB:Smiley TonguesAutzSourceName.4 = STRING: [Endpoints Repository]
CPPM-MIB:Smiley TonguesAutzSourceName.5 = STRING: [Onboard Devices Repository]
CPPM-MIB:Smiley TonguesAutzSourceName.6 = STRING: [Admin User Repository]
CPPM-MIB:Smiley TonguesAutzSourceName.7 = STRING: [Blacklist User Repository]
CPPM-MIB:Smiley TonguesAutzSourceName.8 = STRING: [Time Source]
CPPM-MIB:Smiley TonguesAutzSourceName.9 = STRING: [Social Login Repository]
CPPM-MIB:Smiley TonguesAutzSourceName.10 = STRING: [Insight Repository]


Attachments:
Download location.jpg
Version history
Revision #:
2 of 2
Last update:
‎03-17-2017 09:16 AM
Updated by:
 
Labels (1)
Contributors
Comments
gfirth77

Hi, So I have looked at the above and have some questions. I have a CPPM v6.6.4 and running the snmpwalk I get the usual stuff. If I extend the snmpwalk to start with the private MIB I get the additional data however, the private MIB mentioned above of 1.3.6.1.4.1.14832. I am unsure is actually correct. It does not work for me, but 1.3.6.1.4.1.14823. does work. Note the last digits are different.

Second to that, what is the actual snmp string that relates to each of the additional fields. For example

  1. Total license installed and number licenses consumed.

Thanks

Glenn

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: