ClearPass discovery

Tags: #<Tag:0x00007f064cd74d40>


New(ish) to LibreNMS but not to Linux SNMP monitoring tools, I think I’ve tried most of them but using LibreNMS with InfluxDB/Grafana with great success at the moment.

I’m trying to add a pair of Aruba ClearPass (aka CPPM) nodes but LibreNMS is identifying them as Aruba WiFi Controllers (4 of which I also have in monitoring). I notice from the Forum and from the discovery folder that ClearPass is a device type that has been ‘built in’ to LibreNMS now so am confused as to why I’m getting this problem.

Output of the discovery.php and poller.php checks below…

Discovery.php -
Poller.php -

Any ideas?


I had this problem too. With the newer versions of ClearPass, Aruba have changed the SNMP MIB they are using to one that shares an OID root with other Aruba products. LibreNMS code has not kept up so the new ClearPass versions identify as wireless controllers.

I hacked this in our installation by updating /opt/librenms/includes/definitions/clearpass.yaml to match sysObjectId: . instead of the old .

And also in /opt/librenms/includes/definitions/arubaos.yaml added . under sysObjectID_except to exclude it from that definition that otherwise matches anything under .

Then need to remove /opt/librenms/cache/os_defs.cache to refresh the definitions. This then allowed them to detect as ClearPass. However, it’s almost not worth it (or maybe I haven’t fixed it 100%) since:

  • you still don’t get much useful application-specific monitoring (e.g. no authentication stats)
  • Access Points tab still appears to display for me
  • Network interfaces are enumerated but no traffic data
  • Inventory is gibberish

You do get CPU/Memory/Disk stats, Serial Number and ClearPass version though.


1 Like

Yep - really after the authenticate rate and wait time information for Radius. Trying to work out the OIDs manually is also proving to be a pain.

@cjwbath & @Andy_Stranks
Please share your updates/patches to the community with Pull Requests. LibreNMS is community based, so LibreNMS can only “keep up” if the users we all are share the patches to follow the vendors SNMP implementations.
And if you open a PR (even before you have a finalized patch) we can help you in github to find the best solution.

Ok I have submitted for this (hopefully correctly, it’s the first time I contributed anything to a public Git repo!)