Security

Reply
Highlighted

Clearpass SNMP OID to show number of connected subscribers

Hi,

 

I have a number of Clearpass appliances in different parts of the world with sometimes questionable WAN connectivity. Therefore from time to time, a subscriber will go offline, and therefore be kicked from the cluster.

 

My issue is that I need to notify IT staff when this happens. How can this be accomplished?

 

I would prefer to have our monitoring tool look at the publisher via snmp and when the number of online subscribers falls below a certain number it can send an alert.

 

However looking at the MIBS and using a SNMP walker I cannot seem to find an OID that provides this information.

 

Do anyone have any insight to this, or have an alternative way to monitor this?

 

Thanks.


Accepted Solutions
Highlighted
Aruba Employee

Re: Clearpass SNMP OID to show number of connected subscribers

Hi Martin,

 

If you want, check this ClearPass API Guide https://www.slideshare.net/ArubaNetworks/emea-airheads-getting-started-with-the-clearpass-rest-api-cppm or if you prefer a video format check this session to better understand ClearPass APIs https://www.brighttalk.com/webcast/16725/339965/airheads-tech-talks-getting-started-with-the-clearpass-rest-api-cppm

 

In brief, you need to

1) Create an API CLIENT and get a client_id and client_secret. You assign it an operator profile role that has API access. You control what is allowed for this profile depending on your requirements.  For your requirements, you need at least read access to the platform – servers

 

ayman_mukaddam_0-1589483976303.png

 

ayman_mukaddam_1-1589483976337.png

 

2) You then get an access token by accessing https://YOUR_CLEARPASS:443/api/oauth and passing in the needed parameters (Grant Type, Client_ID, CLIENT_SECRET..etc depending on the grant_type you decide to use). For example, for grant_type client_credentials, you can use

{

"grant_type": "client_credentials",

"client_id": "<YOUR_CLIENT_ID>",

"client_secret": "<YOUR_CLIENT_SECRET>"

}

 

ayman_mukaddam_5-1589484129430.png

 

 

You should get Response Code 200 and get an access token

ayman_mukaddam_2-1589483976355.png

 

3) You use this access token to pass it any API call and part of HTTP headers. For example, calling https://<YOUR_CLEARPASS>:443/api/cluster/server

 

Authorization: Bearer <access_token>

 

ayman_mukaddam_3-1589483976364.png

 

 The data that you need is shown below. This can be easily extracted since it is in JSON format.

ayman_mukaddam_0-1589484622527.png

 

Once you have this working from ClearPass, you can then write a code for the same...

 

Hope you find this useful..

 

View solution in original post


All Replies
Highlighted
MVP Expert

Re: Clearpass SNMP OID to show number of connected subscribers

 This is 6.5 code file, not sure if it help but you can try.
cppmClusterOutOfSyncMinutes OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"
This object represents the number of mimutes since the node is
out of synchronization with ClearPass cluster

cppmNumClusterNodes OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of nodes in the ClearPass cluster"
::= { cppmSystemTableEntry 7 }


Pavan Arshewar | ACCP

If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted

Re: Clearpass SNMP OID to show number of connected subscribers

Hi Pavan

 

That seems like what I need.

 

Thank you so much.

Moderator

Re: Clearpass SNMP OID to show number of connected subscribers

Martin,

 

/cluster/server REST API might be a better option; here is the body-response for one of my subscribers in my cluster, data like last replication time, replication_status might provide better context.

 

{
        "name": "cppm162",
        "local_server": false,
        "server_uuid": "db7bc428-23a8-48e6-8425-dcda7e08eef2",
        "server_dns_name": "cppm162",
        "fqdn": null,
        "server_ip": null,
        "management_ip": "10.2.100.162",
        "ipv6_server_ip": "",
        "ipv6_management_ip": "",
        "is_master": false,
        "extras": null,
        "is_insight_enabled": false,
        "is_insight_master": false,
        "replication_status": "ENABLED",
        "last_replication_timestamp": "2020-05-13 16:35:19-07",
        "is_profiler_enabled": true,
        "_links": {
          "self": {
            "href": "https://10.2.100.161/api/cluster/server/db7bc428-23a8-48e6-8425-dcda7e08eef2"
          }

. Data 


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Highlighted

Re: Clearpass SNMP OID to show number of connected subscribers

Hi Pavan,

 

I tried walking the controllers using that OID, but its not working. They will return "No such instance"

As far as I can tell from the .my file, these are only descriptions for snmp traps? I'm a beginner in SNMP so sorry for my ignorance.

 

The other OIDs in the MIB are working fine. Like the info on success or failed RADIUS requests, CPU og mem usage an so.

But no info on the state of the cluster. I can get the number of nodes in the cluster, but that does not change when a node becomes disconnected from the cluster, so its of no help to me.

 

Thank you for your contribution anyway.

Highlighted

Re: Clearpass SNMP OID to show number of connected subscribers

Hi Danny,

 

That looks very promising. I will go ahead and test it out, and give feedback here. If this works you are an absolute hero.

Highlighted

Re: Clearpass SNMP OID to show number of connected subscribers

Hi Danny,

 

I'm afraid I have some trouble getting communication with the REST API.

 

Im on 6.7.12 at the moment. Planning on 6.8 in near future.

 

First question: Should I be able to use basic authentication or do I need oauth2?

 

Second: How do I get the string ID of each controller? In your example you seem to request using an ID, but when I try to get for instance https://servername/api/cluster/server I get a 403 even using and admin account and basic authentication.

I tried to use oauth2 but this seem to only work with the guest portal? The guide I found mentions API administration, but I do not have this option in the tips, only in the guest portal. (And I dont want to control anything in the guest portal)

 

Third: Some documents mention the API /tipsapi instead of just /api

 

Hope you can push me in the right direction, I really appreciate the help.

 

Thanks.

Highlighted
Aruba Employee

Re: Clearpass SNMP OID to show number of connected subscribers

Hi Martin,

 

If you want, check this ClearPass API Guide https://www.slideshare.net/ArubaNetworks/emea-airheads-getting-started-with-the-clearpass-rest-api-cppm or if you prefer a video format check this session to better understand ClearPass APIs https://www.brighttalk.com/webcast/16725/339965/airheads-tech-talks-getting-started-with-the-clearpass-rest-api-cppm

 

In brief, you need to

1) Create an API CLIENT and get a client_id and client_secret. You assign it an operator profile role that has API access. You control what is allowed for this profile depending on your requirements.  For your requirements, you need at least read access to the platform – servers

 

ayman_mukaddam_0-1589483976303.png

 

ayman_mukaddam_1-1589483976337.png

 

2) You then get an access token by accessing https://YOUR_CLEARPASS:443/api/oauth and passing in the needed parameters (Grant Type, Client_ID, CLIENT_SECRET..etc depending on the grant_type you decide to use). For example, for grant_type client_credentials, you can use

{

"grant_type": "client_credentials",

"client_id": "<YOUR_CLIENT_ID>",

"client_secret": "<YOUR_CLIENT_SECRET>"

}

 

ayman_mukaddam_5-1589484129430.png

 

 

You should get Response Code 200 and get an access token

ayman_mukaddam_2-1589483976355.png

 

3) You use this access token to pass it any API call and part of HTTP headers. For example, calling https://<YOUR_CLEARPASS>:443/api/cluster/server

 

Authorization: Bearer <access_token>

 

ayman_mukaddam_3-1589483976364.png

 

 The data that you need is shown below. This can be easily extracted since it is in JSON format.

ayman_mukaddam_0-1589484622527.png

 

Once you have this working from ClearPass, you can then write a code for the same...

 

Hope you find this useful..

 

View solution in original post

Highlighted

Re: Clearpass SNMP OID to show number of connected subscribers

Hi  

 

 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: