Security

 View Only
last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass sends SNMPv3 Inform Request without security user or auth/priv data

This thread has been viewed 6 times
  • 1.  Clearpass sends SNMPv3 Inform Request without security user or auth/priv data

    Posted Jul 30, 2024 01:03 AM

    Hello

    I am testing SNMPv3 Inform Requests across a lot of vendor products, including Aruba. So far I have had success with Aruba Mobility Controllers on v 8.6 - a textbook example of how it should work.  But I have had no success of ArubaOS CX (the device sends no UDP packet at all when Informs are configured) , and now also, no joy with ClearPass.

    The issue with ClearPass is that it sends an Inform Request to my SNMP trap receiver, but the securityName (aka "user name") and all the auth/priv data is missing from the UDP packet. However, snmptrapd sends back a report to ClearPass, informing it of the authoritative EngineID to use ... but ClearPass doesn't use it in subsequent informs.  .

     

    I use Net-SNMP version 5.9.1 and my /etc/snmp/snmptrapd.conf file looks as follows

    # SNMPv3 Informs
    createUser SNMPV3_RO_NETMON SHA testing123 AES testing123
    #
    authUser log SNMPV3_RO_NETMON

    Here is what clearpass is sending - there is no auth/priv data supplied in the UDP packet



  • 2.  RE: Clearpass sends SNMPv3 Inform Request without security user or auth/priv data

    Posted Jul 31, 2024 03:06 AM

    I'm not sure if you will get an answer to such a detailed question on the community. It seems that you found specific behavior of the product, which is better to report to Aruba Support/TAC. They can work with the engineers to find out if this is by design, or if this specific use case just never came up before.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Clearpass sends SNMPv3 Inform Request without security user or auth/priv data

    Posted Jul 31, 2024 06:10 AM

    Thanks for the honest reply. But I guess there is potential for someone who has got this to work, since it's an option in the config and it's defined in the same RFC as regular traps. I am slowly realising that hardly anyone uses or even knows of the existence of informs. 
    I will see if the customer has a support contract and I will open a ticket.