Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Sending SNMP Traps to ClearPass

This thread has been viewed 16 times

  • 1.  Sending SNMP Traps to ClearPass

    Posted Oct 03, 2018 11:22 AM

    Hi,

     

    I'm trying to setup ClearPass to receive SNMP trap messages from our Cisco switches for MAC Address changes on switch ports. We are using SNMPv3 on all our switches and we are using authNoPriv with SHA as out auth protocol.

     

    In ClearPass we have the correct SNMPV3 Trap username, Auth Protocol and Auth key set correctly with Encryption disabled and no Encryption protocol set. When I go to test sending traps to ClearPass all I can see are Warnings under Monitoring -> Even Viewer. For every trap that is sent from any switch I get this warning message:

     

    Ignore bad SNMP trap from <SWITCH_IP>/64604. Error=Unknown security name (1404)

     

    I've tried looking online and in the CPPM User guide for this event message and error code, but I've been unsuccessful. I'm not sure where to look next or what to do.

     

    Thanks!



  • 2.  RE: Sending SNMP Traps to ClearPass

    Posted Mar 05, 2019 01:52 PM

    Same issue here, and when I asked support about it they asked me why I want to send snmp traps to clearpass. I asked if I should be sending traps to CP or not and they kept askin gwhy I wanted to.

     

    Pretty frustrating.



  • 3.  RE: Sending SNMP Traps to ClearPass

    EMPLOYEE
    Posted Mar 05, 2019 02:26 PM
    Are you trying to use OnConnect?


  • 4.  RE: Sending SNMP Traps to ClearPass

    Posted Dec 06, 2019 12:27 PM

    Hi, Tim

     

    No, I am not trying to use OnConnect.

    Captu12e.PNG

    Regards



  • 5.  RE: Sending SNMP Traps to ClearPass

    Posted Feb 26, 2020 02:12 PM

    Did you get anywhere with this? Same issue.



  • 6.  RE: Sending SNMP Traps to ClearPass

    Posted Feb 08, 2022 12:00 PM
    Same here, did anyone got to know root cause ?


    ------------------------------
    David Sanchez
    ------------------------------

    Original Message


  • 7.  RE: Sending SNMP Traps to ClearPass

    Posted Dec 20, 2022 05:34 AM
    Is there any fix on this? why does we need to report mac change to clearpass? something to do with endpoint update?
    Original Message


  • 8.  RE: Sending SNMP Traps to ClearPass

    EMPLOYEE
    Posted Dec 20, 2022 09:42 AM
    You should not configure/send SNMP Traps to ClearPass, except if you deploy OnConnect for switches that don't support RADIUS. And if you have switches that don't support RADIUS, I would rather look for different switches as they must be really old.

    If you want to deploy OnConnect, and see the traps being denied, it may be best to work with Aruba Support.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message