Security

Reply
Frequent Contributor I

Clearpass 6.7 and SNMP monitoring

I upgraded our 2-node cluster last week and everything upgraded and worked as expected.  But later I noticed our monitoring system (Nagios) couldn't connect to either node and query the CPU load variable via SNMP.  I verified the SNMP connection was timing out, so I re-entered the community and the SNMP process restarted.  I was then able to walk the SNMP tree until it reached a point and failed:

 

[...]

IF-MIB::ifOperStatus.1 = INTEGER: up(1)

IF-MIB::ifOperStatus.2 = INTEGER: up(1)

IF-MIB::ifOperStatus.3 = INTEGER: up(1)

IF-MIB::ifOperStatus.4 = INTEGER: down(2)

Timeout: No Response from clearpass

 

This failure happens on both nodes.  If I re-enter the community it will work a single time, then fail.  There's no errors in the Events Viewer nor indications anywhere that I can find that the SNMP daemon is down.

 

 

 

Mike Davis
Network Engineer
University of Delaware
Guru Elite

Re: Clearpass 6.7 and SNMP monitoring

Best to work with Aruba TAC.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: Clearpass 6.7 and SNMP monitoring

Same with us. Airwave now reports SNMP get failed.

When I restart the ClearPass, the first message is received:

"Status changed to 'Unexpected LAN MAC address (aa:bb:cc:ab:cd:ef) found at this device's IP address'"

because after the upgrade from 6.6.9 to 6.7, the CentOS kernel swapped the two NICs (Management with Data ports). And 5 minutes later:

"Status changed to 'SNMP get failed'"

Frequent Contributor I

Re: Clearpass 6.7 and SNMP monitoring

We were advised by TAC not to upgrade our other CPPM systems

to 6.7 until the many SNMP issues can be patched.  I'm currently

taking my primary CPPM cluster to 6.6.9.

Mike Davis
Network Engineer
University of Delaware
New Contributor

Re: Clearpass 6.7 and SNMP monitoring

Hi Mike,

Thank you for sharing.

Regards

Stefan Toshev

ACCP, ACMP, MASE

New Contributor

Re: Clearpass 6.7 and SNMP monitoring

Hi,

 

Does anyone know if this issue CPPM could seen himself down?

 

I mean, in Administration > Server Manager > Server Configuration > 

Appears an message "Error in processing request. Please retry... "

It looks that is working requesting radius request, but can't see services of each server.

Issue.png

Frequent Contributor I

Re: Clearpass 6.7 and SNMP monitoring

I have not noticed that behavior on my small CPPM cluster.  The only "self" issue I observe is that the System Monitors all report No Activity (

Monitoring -> Live Monitoring -> System Monitor).  Otherwise the CPPM appears to be operating normally.

 

(The Services do take an extraordinary long time to complete their status read, but it does complete for me..)

Mike Davis
Network Engineer
University of Delaware
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: