Security

Hi

 

I'm integrating a CPPM v6.0 and a Cisco WLC in one customer of ours and am having some trouble with the endpoint profiling.

 

I know we should relay DHCP traffic to the CPPM in order to profile endpoints. However, due to some limitations in our customer's network, we will probably have to rely exclusively on SNMP queries from CPPM to WLC. Is that even possible?

 

If so, I think I've configured it correctly (I've configured the device as Airespace) but I can't find any command to check if the SNMP/SSH query is reaching the controller and what information is being obtained from it. Do any of you guys know how to do this?

 

Thanks a lot

 

Regards

 

Samuel

 

 

Unfortunately, SNMP only works if devices are configured with an SNMP read string.

 

What kind of network is this, enterprise encrypted?

 

I've done that, my CPPM is supposed to be checking ARP tables and so on from my controller. Unfortunately, dev profiling isn't yet working.

 

regards

I'm still having trouble with it :(

 

I've done the following:

 

• SNMP read enabled towards Cisco WLC management IP address
• DHCP relayed from Cisco WLC towards CPPM
• Subnet scan configured for the WLAN-Employee subnet

Sadly, when I go to "Endpoint profiler", I still get "ClearPass Profile has not received any endpoint information"

 

Any idea?

 

Thanks

It's up and running :)

---

@samuel.perez wrote:

It's up and running :)

---

could you explain what you did to make it working? might be useful for other people in this situation.

Curious as well to know what you did to get it working.

Hum, sorry for the delay.

 

I didn't do anything special, just double checked my config and corrected some silly mistakes.

 

summarising:

• dhcp relay sent to the CPPM
• CPPM snmp-checking the controller

worked like magic :)

 

 

I know this post is dated, but i am having the same exact problem.  I enabled SNMP Read, DHCP forwarding to CPPM, and subnet scan; yet there is 0 entries discovered.  

 

When you got it to work, you said you double checked your settings; were there mistakes, or did it just start working?

 

thank you

Clembo,

What is doing the forwarding, the WLC? Is that WLC also doing DHCP? If that is the case it will not forward.

If it is an external dhcp server, we need to make sure those packets can truly get to the CPPM.

It is external (Windows); WLC is not giving out IPs.    I agree that perhaps the information is not getting there; I eneabled some debugging on CPPM, but don't see anything in the logs (frankly, not sure which log to look in).  Is there any tell tale way to know on the CPPM side.   We are also looking at debugging the WLC side.

I would check to see that "Async network services" is running.  If it is, put Async Network Services into debug mode, then profile your devices.

 

After that, go to the server and click on Collect Logs.

 

In the /PolicyManagerLogs/ivconnector/netevents/dhcp folder, you should find a file netevents.<date>.log.  There you should find your profiled devices:

 

1378918892,ipmac,{"mac":"705681b2cc15","ip":"192.168.1.79"}
1378919054,ipmac,{"mac":"e892a4966f43","ip":"192.168.1.110"}
1378919066,ipmac,{"mac":"f8f1b62b8d65","ip":"192.168.1.64"}
1378919108,ipmac,{"mac":"18b4300777f1","ip":"192.168.1.102"}
1378919159,ipmac,{"mac":"705681b2cc15","ip":"192.168.1.79"}
1378919786,ipmac,{"mac":"18b4300777f1","ip":"192.168.1.102"}
1378919794,ipmac,{"mac":"d0e7827b65ca","ip":"192.168.1.125"}
1378919794,ipmac,{"mac":"b0ee45496fb6","ip":"192.168.1.124"}
1378919810,ipmac,{"mac":"e892a4966f43","ip":"192.168.1.110"}
1378919826,ipmac,{"mac":"f8f1b62b8d65","ip":"192.168.1.64"}
1378919857,ipmac,{"mac":"9c04eb755fc0","ip":"192.168.1.105"}
 

 

 That of course is Epoch time, so you would have to convert to regular time on a *nix machine like this:

 

[root@localhost mercury]# date -d@1378919857
Wed Sep 11 12:17:37 CDT 2013

 

 

 

Thanks for the help Colin.  Turned out to a be ACL that the custumer was not aware of.  Sorry to waste your time; but thank you.