Monitor Cisco ISE appliance in SolarWinds

Version 1

    So you wanna add your ISE appliance in SolarWInds and monitor it via SNMPv3. Sounds straight forward enough, right? Well, not so much.

     

    Here’s how I got my ISE appliances added to SolarWinds.

     

    First you need to access the CLI of your ISE appliance.

     

    You can view SNMP info in the CLI using this command: sh run | inc snmp

     

    You need to add in your SNMP if it isn’t already enabled.

    Go into config mode then run:

    snmp-server enable

     

    Next you will need to know your ‘EngineID’. This is the EngineID in SolarWinds.

    This can be found by going to your SolarWinds main server.

    Open SolarWinds Database Manager

    Drill down in the SolarWinds DB and look for “AllEngines”

    Execute the query there and it will display your EngineID.

    (Or you can run this as a SQL query: SELECT TOP 1000 * FROM [dbo].[AllEngines])

     

    Once you have your EngineID you need to go back to your ISE CLI

    Get back in enable mode and run:

    snmp-server engineID 0x2

    (this assumes your EngineID is ‘2’)

    Your EngineID must be put in HEX format.

     

    Next you need to enter in your SNMPv3 creds

    snmp-server host [IP ADDRESS OF YOUR SW SERVER] version 3 [SNMPv3 USERNAME] 0x2 plain authpassword privpassword

    (You can use hash instead of plain if you wish)

     

    Also:

    snmp-server user [SNMPv3 USERNAME] v3 plain authpassword privpassword

    (Again, you can use hash instead of plain here)

     

    So now you need to exit out of enable mode and wr mem

    You may want to verify your edits by running sh run | inc snmp again

     

    Once you have your creds in your ISE appliance(s), now we have to get them into SolarWinds.

     

    Now, here’s the REAL trick.

    Instead of manually ADDING the node into SolarWInds, you need to do a Network Discovery for your nodes.

    You can run the discovery on just the IP address or range of IP’s your ISE appliances are on.

     

    To do this, go to: Settings > Network Discovery

    Click on ‘Add New Discovery’

    Follow the wizard and do a scan on either the individual IP addresses of each node one at a time, or enter the IP subnet the appliances are on.

     

    The discovery should pick up the appliances and add them as managed nodes using SNMPv3

     

    I ran into this issue and had to open a ticket with Cisco TAC. We messed with this for far too long. We kept manually adding the nodes and they would fail to use SNMPv3. Once we did a network discovery, using the exact same creds, it just worked.

     

    I hope this helps someone avoid the headache of getting your ISE appliances monitored by SolarWinds.