cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Monitor Cisco ISE appliance in SolarWinds

So you wanna add your ISE appliance in SolarWInds and monitor it via SNMPv3. Sounds straight forward enough, right? Well, not so much.

Here’s how I got my ISE appliances added to SolarWinds.

First you need to access the CLI of your ISE appliance.

You can view SNMP info in the CLI using this command: sh run | inc snmp

You need to add in your SNMP if it isn’t already enabled.

Go into config mode then run:

snmp-server enable

Next you will need to know your ‘EngineID’. This is the EngineID in SolarWinds.

This can be found by going to your SolarWinds main server.

Open SolarWinds Database Manager

Drill down in the SolarWinds DB and look for “AllEngines”

Execute the query there and it will display your EngineID.

(Or you can run this as a SQL query: SELECT TOP 1000 * FROM [dbo].[AllEngines])

Once you have your EngineID you need to go back to your ISE CLI

Get back in enable mode and run:

snmp-server engineID 0x2

(this assumes your EngineID is ‘2’)

Your EngineID must be put in HEX format.

Next you need to enter in your SNMPv3 creds

snmp-server host [IP ADDRESS OF YOUR SW SERVER] version 3 [SNMPv3 USERNAME] 0x2 plain authpassword privpassword

(You can use hash instead of plain if you wish)

Also:

snmp-server user [SNMPv3 USERNAME] v3 plain authpassword privpassword

(Again, you can use hash instead of plain here)

So now you need to exit out of enable mode and wr mem

You may want to verify your edits by running sh run | inc snmp again

Once you have your creds in your ISE appliance(s), now we have to get them into SolarWinds.

Now, here’s the REAL trick.

Instead of manually ADDING the node into SolarWInds, you need to do a Network Discovery for your nodes.

You can run the discovery on just the IP address or range of IP’s your ISE appliances are on.

To do this, go to: Settings > Network Discovery

Click on ‘Add New Discovery’

Follow the wizard and do a scan on either the individual IP addresses of each node one at a time, or enter the IP subnet the appliances are on.

The discovery should pick up the appliances and add them as managed nodes using SNMPv3

I ran into this issue and had to open a ticket with Cisco TAC. We messed with this for far too long. We kept manually adding the nodes and they would fail to use SNMPv3. Once we did a network discovery, using the exact same creds, it just worked.

I hope this helps someone avoid the headache of getting your ISE appliances monitored by SolarWinds.

Labels (1)
Tags (1)
Comments

What version of ISE are you running?

At the time of this writing, version 2.2.0.470

How was the authentication configured in Solarwinds? AES128, 192, or 256?

Nevermind. Just confirmed on the ISE server with: "show snmp-server user". Auth is SHA and Priv is AES-128. It's now working and I was able to add it manually without using Network Discovery. Running ISE Version 2.3.0.298

User: SNMPUSER

  EngineID: XXXXXXXXXXXXXXX

  Auth Protocol: sha

  Priv Protocol: aes-128

I think this is a bit misleading. I'm not sure what changed to make it work for you (possibly just the discovery process?), but the SolarWinds Engine ID and SNMP Engine ID on the ISE server have nothing in common except in name.

No need for the engine ID configuration, just:

snmp-server enable

snmp-server user <username> v3 plain <Auth Password> <Priv Password>

This sets up SNMP with SHA1 Auth and AES-128 Priv.

Also no need for discovery.  Manually adding is fine.

(as noted in other comments)

I've tried this on a clean node. Still doesn't allow me to add it to solarwinds. when i added the user and enabled the server it created a random engineID. I even changed it back to my SW EngineID.

admin# show snmp-server user

User: User

  EngineID: HND6FFKJBHH

  Auth Protocol: sha

  Priv Protocol: aes-128

I ran the discovery and the manual. I tested the credentials and returns =  Test Failed.

---Just to be clear, this can be added to any policy or admin nodes right? stand alone and vm?

We are using the same version with patches

2.2.0.470

4,7,9

Nice Post!
I just want to share that monitoring CISCO ISE via SNMP is limited.

If you want to get more data like devices get disconnected (authentication failed) etc., you can integrate it by forwarding the SYSLOG of ISE to your Orion NPM.

You can do this by going to Administration > Logging > Remote Logging Targets and add your Solarwinds NPM (dont forget to set the Maximum Length to 8192). Then go to Logging Categories and select which type of Message Category you want to select. Then you can create an alert or custom table view depending on your needs, when you are already receiving the syslog messages from ISE.

pastedImage_6.png

Don't hate the player. I was simply following the advice of SolarWinds AND Cisco tech support to get to this resolution. If it works for you otherwise, great. I fought this for quite a while before we finally got it to work. Ultimately, I hope this serves to help people solve the problem and/or get SolarWinds to put it on their radar as a pain point for ISE users.

Thank you for this article. I found other ones that discussed the engine ID but did not give out the format like you did below.  Thanks again!!

The syslog option is helpful but unfortunately NPM is limited to 1024 bytes in the message field (RFC 3164).  If you have Kiwi, you can change the settings to accept larger than 1024.

I was told by Solarwinds support that NPM (legacy) and likely OLV do not support larger than 1024.  If someone knows differently, please update and how to change it.

I don't know if this is different because we have Log Analyzer, but I found some settings in the advanced settings (CAUTION, while you can maverick this stuff, it is usually recommended to only adjust these settings with the guidance of Support):

https://<your server here>/Orion/Admin/AdvancedConfiguration/Global.aspx

pastedImage_1.png

I just searched for syslog and it looks like the default length is 8192 and you can adjust it.

Version history
Revision #:
1 of 1
Last update:
‎10-10-2017 08:39 AM
Updated by: