Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

High cpu due to high amount of unknown devices

This thread has been viewed 21 times

  • 1.  High cpu due to high amount of unknown devices

    Posted May 13, 2019 08:28 AM

    Hi,

     

    We have 5k of unknow devices in clearpass. Due to the high number the system is having CPU issues.

    We tried to clear the unknow devices by using the cleanup tool but that didn't work.

    Does anyone have any tips on how to remove the unknown devices?

     

    We already changed the responsible network scan task. So the number isn't increasing.



  • 2.  RE: High cpu due to high amount of unknown devices

    Posted May 13, 2019 08:33 AM
    A high number of unknow endpoints doesn't result in high CPU utilization.

    High CPU can be a result of high number of authentications or maybe not enough CPU's or not enough SWAP space.
    I recommend to open a TAC case for this.


  • 3.  RE: High cpu due to high amount of unknown devices

    Posted May 13, 2019 08:35 AM

    At the moment the system isn't handling any authentication. We are building up the environment. See the image below for the CPU / devices.2019-05-13 14_34_14-Window.png

    Any other ideas. And off course we were planning to open a TAC case but wanted to ask here first.



  • 4.  RE: High cpu due to high amount of unknown devices

    Posted May 13, 2019 08:38 AM
    Is this a VM or hardware machine?


  • 5.  RE: High cpu due to high amount of unknown devices

    Posted May 13, 2019 08:44 AM

    Based on the screenshots it looks like there are more than 5.000.000 devices in the network?

     

    Are you using DHCP profiling? I suppose that the profiling deamon consume all the CPU power for this. With this amount of devices you maybe need multiple ClearPass nodes to do the profiling.



  • 6.  RE: High cpu due to high amount of unknown devices

    Posted May 13, 2019 08:51 AM

    This machine is a VM.

    2019-05-13 14_42_32-Window.png



  • 7.  RE: High cpu due to high amount of unknown devices

    Posted May 13, 2019 08:54 AM

    * How many endpoints do you have?

    * How are you doing profiling?

    * What is the VM type? Is it a C1000v/C2000v/C3000v?

    * In most cases 16GB RAM is recommended 



  • 8.  RE: High cpu due to high amount of unknown devices

    Posted May 13, 2019 08:59 AM

    * How many endpoints do you have?

    Officialy arround 2000 devices

    * How are you doing profiling?

    True dhcp and subnetscan

    * What is the VM type? Is it a C1000v/C2000v/C3000v?

    C2000v

     



  • 9.  RE: High cpu due to high amount of unknown devices

    Posted May 13, 2019 09:01 AM

    I see more than 5.000.000 devices in the endpoint database. I suppose that the subnet scanning has created this endpoints.

    Is the subnet scan still running?

     

    Advisable is to upgrade to 16GB of RAM. 



  • 10.  RE: High cpu due to high amount of unknown devices

    Posted May 13, 2019 09:06 AM

    The job responsible for the arp scan has been removed.

    At the moment only limited scopes are in place for scans. Wich are defined in such a way that they only include existing ip subnets that are in use.

    At the moment no scans are running but the CPU still is running in high usage.

    When looking at the "Event Viewer" we see a lot of errors on Os(CPU) and on the profiler.

    High load average(5 min) {Load1:19.99 Load5:20.41 Load15:21.52}

    Profiler ip: unstable

     



  • 11.  RE: High cpu due to high amount of unknown devices
    Best Answer

    Posted May 13, 2019 09:46 AM

    I suppose that there are still a lot of database queries because of the IP scan, but not sure.

     

    Steps to taken:

    • Contact TAC
    • Upgrade to 16GB of RAM


  • 12.  RE: High cpu due to high amount of unknown devices

    Posted May 21, 2019 03:40 AM

    TAC is busy with a support case. So now we have to wait.



  • 13.  RE: High cpu due to high amount of unknown devices

    Posted Feb 24, 2021 10:44 AM
    Hi 

    I have the same issue that you had and I opened a ticket with the TAC team.

    Did you remember the root cause for this issue and the solve for it

    ------------------------------
    Yazan Omar
    ------------------------------

    Original Message


  • 14.  RE: High cpu due to high amount of unknown devices

    Posted Mar 05, 2021 02:38 AM
    2 weeks back, I'm having this issue with Os(CPU) high utilization load

    Os(Cpu): High load average(5 min) {Load1:29.28 Load5:44.95 Load15:22.33}

    After some troubleshooting took place, we found out it is due to the faulty  sdd disk in one of our cluster Nutanix box that CPPM is hosted.

    Original Message