ClearPass discovery

Andy_Stranks · 27 November 2019 13:04

Hi,

New(ish) to LibreNMS but not to Linux SNMP monitoring tools, I think I’ve tried most of them but using LibreNMS with InfluxDB/Grafana with great success at the moment.

I’m trying to add a pair of Aruba ClearPass (aka CPPM) nodes but LibreNMS is identifying them as Aruba WiFi Controllers (4 of which I also have in monitoring). I notice from the Forum and from the discovery folder that ClearPass is a device type that has been ‘built in’ to LibreNMS now so am confused as to why I’m getting this problem.

Output of the discovery.php and poller.php checks below…

Discovery.php - https://p.libren.ms/view/688197a9
Poller.php - https://p.libren.ms/view/0b20df8e

Any ideas?

Andy

cjwbath · 28 November 2019 15:08

I had this problem too. With the newer versions of ClearPass, Aruba have changed the SNMP MIB they are using to one that shares an OID root with other Aruba products. LibreNMS code has not kept up so the new ClearPass versions identify as wireless controllers.

I hacked this in our installation by updating /opt/librenms/includes/definitions/clearpass.yaml to match sysObjectId: .1.3.6.1.4.1.14823.1.6. instead of the old .1.3.6.1.4.1.8072.3.2.10

And also in /opt/librenms/includes/definitions/arubaos.yaml added .1.3.6.1.4.1.14823.1.6 under sysObjectID_except to exclude it from that definition that otherwise matches anything under .1.3.6.1.4.1.14823

Then need to remove /opt/librenms/cache/os_defs.cache to refresh the definitions. This then allowed them to detect as ClearPass. However, it’s almost not worth it (or maybe I haven’t fixed it 100%) since:

you still don’t get much useful application-specific monitoring (e.g. no authentication stats)
Access Points tab still appears to display for me
Network interfaces are enumerated but no traffic data
Inventory is gibberish

You do get CPU/Memory/Disk stats, Serial Number and ClearPass version though.

Chris

Andy_Stranks · 28 November 2019 15:13

Yep - really after the authenticate rate and wait time information for Radius. Trying to work out the OIDs manually is also proving to be a pain.

PipoCanaja · 28 November 2019 21:51

@cjwbath & @Andy_Stranks
Please share your updates/patches to the community with Pull Requests. LibreNMS is community based, so LibreNMS can only “keep up” if the users we all are share the patches to follow the vendors SNMP implementations.
And if you open a PR (even before you have a finalized patch) we can help you in github to find the best solution.

cjwbath · 29 November 2019 16:57

Ok I have submitted https://github.com/librenms/librenms/pull/10892 for this (hopefully correctly, it’s the first time I contributed anything to a public Git repo!)