Security

last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass 6.7 and SNMP monitoring

This thread has been viewed 18 times

  • 1.  Clearpass 6.7 and SNMP monitoring

    Posted Jan 08, 2018 07:39 AM

    I upgraded our 2-node cluster last week and everything upgraded and worked as expected.  But later I noticed our monitoring system (Nagios) couldn't connect to either node and query the CPU load variable via SNMP.  I verified the SNMP connection was timing out, so I re-entered the community and the SNMP process restarted.  I was then able to walk the SNMP tree until it reached a point and failed:

     

    [...]

    IF-MIB::ifOperStatus.1 = INTEGER: up(1)

    IF-MIB::ifOperStatus.2 = INTEGER: up(1)

    IF-MIB::ifOperStatus.3 = INTEGER: up(1)

    IF-MIB::ifOperStatus.4 = INTEGER: down(2)

    Timeout: No Response from clearpass

     

    This failure happens on both nodes.  If I re-enter the community it will work a single time, then fail.  There's no errors in the Events Viewer nor indications anywhere that I can find that the SNMP daemon is down.

     

     

     



  • 2.  RE: Clearpass 6.7 and SNMP monitoring

    EMPLOYEE
    Posted Jan 08, 2018 08:09 AM
    Best to work with Aruba TAC.


  • 3.  RE: Clearpass 6.7 and SNMP monitoring

    Posted Jan 25, 2018 04:38 AM

    Same with us. Airwave now reports SNMP get failed.

    When I restart the ClearPass, the first message is received:

    "Status changed to 'Unexpected LAN MAC address (aa:bb:cc:ab:cd:ef) found at this device's IP address'"

    because after the upgrade from 6.6.9 to 6.7, the CentOS kernel swapped the two NICs (Management with Data ports). And 5 minutes later:

    "Status changed to 'SNMP get failed'"



  • 4.  RE: Clearpass 6.7 and SNMP monitoring

    Posted Jan 25, 2018 06:24 AM

    We were advised by TAC not to upgrade our other CPPM systems

    to 6.7 until the many SNMP issues can be patched.  I'm currently

    taking my primary CPPM cluster to 6.6.9.



  • 5.  RE: Clearpass 6.7 and SNMP monitoring

    Posted Jan 25, 2018 07:43 AM

    Hi Mike,

    Thank you for sharing.

    Regards

    Stefan Toshev

    ACCP, ACMP, MASE



  • 6.  RE: Clearpass 6.7 and SNMP monitoring

    Posted Jan 31, 2018 07:21 AM

    Hi,

     

    Does anyone know if this issue CPPM could seen himself down?

     

    I mean, in Administration > Server Manager > Server Configuration > 

    Appears an message "Error in processing request. Please retry... "

    It looks that is working requesting radius request, but can't see services of each server.

    Issue.png



  • 7.  RE: Clearpass 6.7 and SNMP monitoring

    Posted Jan 31, 2018 07:25 AM

    I have not noticed that behavior on my small CPPM cluster.  The only "self" issue I observe is that the System Monitors all report No Activity (

    Monitoring -> Live Monitoring -> System Monitor).  Otherwise the CPPM appears to be operating normally.

     

    (The Services do take an extraordinary long time to complete their status read, but it does complete for me..)



  • 8.  RE: Clearpass 6.7 and SNMP monitoring

    Posted Dec 13, 2018 09:01 AM

    Connected to the Clearpass VIP and made the snmp changes.  This allowed airwave to gain snmp feedback