7 Replies Latest reply on Feb 26, 2016 8:50 AM by prachi19

    Monitor Cisco NAC

    jeff.stewart

      I would like to monitor some more things with our Cisco NAC system and wanted to see if anyone else was already doing something.  I have the current MIBs and wanted to see if I could get SWs to add them so I can either create a UdP or get one created. 

      [View:/cfs-file.ashx/__key/CommunityServer.Components.UserFiles/00.00.01.49.67/CLEAN_2D00_ACCESS_2D00_MANAGER_2D00_MIBS.tar.gz]

        • Re: Monitor Cisco NAC
          denny.lecompte

          If you want to add them to the MIB database, please open a Support ticket and attach the MIBs.  Note that you can manage the device without adding it to the MIB database.  You only need the OID.  The MIB will just help pre-populate the values for the poller.

              • Re: Monitor Cisco NAC

                Jeff,

                What exactly are you looking to monitor with NAC?  I have spent alot of time working to get our NAC servers and managers monitored.  I would be happy to help you out if you let me know what you are intrested in getting from the devices.  One other item you may be intrested in is I have wrote some queries that run against the postgress database and return the number of users in a particular role, then I use a custom poller in orion I graph the data.

                 

                Let me konw if you still need help.

                 

                Cassidy

                  • Re: Monitor Cisco NAC
                    jeff.stewart

                    Cassidy,

                    Thanks for the response.  I wasn't sure what was possible to monitor with Orion.  Sounds like you have added some pretty good stuff.  Would you care to share some of those?  Also are you monitoring just you CAM servers or the CAS boxes also?

                    Thanks.

                      • Re: Monitor Cisco NAC

                        Jeff,

                        We do monitor our CAS and CAMs, I will be happy to share the info with you.  There are a few steps involved and I am not sure how familiar you are with linux and the command line but with some basic knowlege or googling you should not have too much trouble getting them to monitor.  One thing I would like to let you konw up front is that I will do the best I can to help you get this up and going but I do not provide any type of support beyond that or any warranty that what I have created will not break anything.  (Highly unlikely anyways)

                         

                        One other thing to note I wrote this entire document and then realized the solarwinds website would not accept some of the attachments so just download the ZIP file attached and work from there, disregard any steps that request you to download indiviual files.  They are all contained in the ZIP.

                         

                        Good Luck and let me konw your results!

                         

                        To get CAS and CAMs to monitor via SNMP

                        ---------------------------------------------------

                        1. Download the attached CAS - snmpd.conf file to your computer and edit it.  In the file search for the following lines and Change the feilds to match your needs:

                        *** Note the IP address you enter in the field with the xxx.xxx.xxx.xxx is the IP of the solarwinds server ***

                                       com2sec     SolarWindsSec     xxx.xxx.xxx.xxx YOURCOMMUNITYSTRING
                                       com2sec LocalSec     localhost     YOURCOMMUNITYSTRING

                                       syslocation "Location of your device"
                                       syscontact "Your Contact Info"

                        2.  After you have made the changes to the listed fields save the file as snmpd.conf (make sure you keep the CAS and CAM snmpd.conf files seprate becasue they will be different)

                        3.  Connect to your CAS via SFTP using something like filezilla (login using root cridentials and port 22) navigate to /etc/snmp/ directory and rename the existing snmpd.conf file to snmpd.conf.old (right click on the existing file on the CAS and choose rename)

                        4.  Upload your new snmpd.conf file you have modified for your CAS and place it into the /etc/snmp/ directory.  To verify you have it correct, you should have your original snmp config file (snmpd.conf.old) as well as your new one (snmpd.conf) in the /etc/snmp/ directory.

                        5.  SSH to the server you have copied the config file to and login as root.

                        6.  Usually (from my experiances) the snmpd service is not usually configured to start on boot up so we need to check how it is configured type the following command:

                                  chkconfig --list | grep snmpd

                        The output should look like the following:     

                                  snmpd           0:off   1:off   2:off 3:off    4:off    5:off    6:off         (if it shows  on for levels 2 - 5 thats ok just skip to step 8)

                         7.  If the output shows snmpd service is off for all levles 1-6 we need to tell the service to startup on boot up.  Issue the following command:

                                 chkconfig snmpd on

                        Now run the following command to verify that the service is set to start on levels 2 - 5:

                                  chkconfig --list | grep snmpd

                        The output should look as follows:

                                  snmpd           0:off   1:off   2:on 3:on    4:on    5:on    6:off

                        8.   Now you need to start the snmpd service or restart it if it is already running to read our new config file (you need to restart the snmpd service any time you make changes to the snmpd.conf file) by using the following command:

                                  service snmpd restart

                        9.  To verify the service started correctly you can run the following command:

                                  service snmpd status

                        It should return  that the service snmpd is running and give its process ID.

                        10.  Now if you have followed the above instructions  you should be able to use solarwinds to Add the server using the community string you entered in the config file and you should see resources for CPU, Memory, Network interfaces, and Disk Volumes.!

                         

                        If you have troubles getting this far let me konw and I can see what I can do to help.  If this works repeat the process for any other CASes you have.

                        ------------------------------------------------------------------------------------

                         

                         

                        Configuring your CAMs:

                        -----------------------------------

                         Configuring SNMP on your CAMs are going to be very similar to your CAS except the CAM - snmpd.conf file has some modifications I have made to provide the user counts and return them to your solarwinds server.  In addition to the snmpd.conf file changes there are query files and a script to execute each query that must be placed on EACH CAM, in case of a CAM failover the secondary CAM has the scripts and can continue to provide user stats.

                        ***If you do not want to use this feature just follow the steps above as stated for the CASes to get SNMP working on your CAM.****

                         

                        ************One thing to note, I recently found out when a CAM reboots that it replaces the SNMP config information with its own. I am currently working on a fix but I have not had time to research this yet *************

                         

                        Lets get started....

                         

                        1.  Download the NACstats.zip attachment and decompress it to a directory on your computer.  Contained in the zip file is a NACstats.sh file which is used to clean up the output of the postgress query so it only returns the numeric results without all of the other junk.   The sub folder NACqueries contains all of the queries that are ran against the CAM database to return the user accounts.

                        2.  I would recomend you look through the queries, delete any queries that are not useful (keep a list of what you delete you will need it later) or if you need to add new quries for your roles here is the process:

                                 A.  Copy an existing query file and rename it to the role name you would like to query

                                 B.  Within the new file you have created change the value role_name='yourrolename'

                                      (Get the role name from your CAM GUI)

                                 C.  Save the file and note the new file name you will need it later.

                        3.  I have also included  two other queries that report the total number of users connected to each of our CASes (we are loadbalancing users to multiple CASes) if you wish to use these stats you just need to edit the files and change the IP address value in the query.

                        4.   Copy the script and query files to the CAMs, to do so SFTP to the CAM like before on the CASes using something like filezilla on port 22.  Once connected navigate to the /root/ directory and create a directory NACstats.  In the NACstats directory place the NACstats.sh file, then create a NACqueries sub directory and place all of the query files into that sub directory.

                                    The directory structure should look like this:

                                            /root/NACstats/NACstats.sh

                                           /root/NACstats/NACqueries/queries.sql

                        5.  Open an SSH session to the CAM, we need to make the NACstats.sh file executable before we forget ;-).  Navigate to the /root/NACstats directory and execute the following command:

                                      chmod +x NACstats.sh

                        6.  If you would like to test the script to make sure it works properly use the following command:  (substitue any query name if you like)

                                     ./NACstats.sh  Student.sql

                        This should yeild the number of students in that particular role.

                        ***Minimize your SSH session for now we will use it more later in step 10.

                         

                        7.  Now we need to download and modify the CAM - snmpd.conf attchment, make the changes listed in step 1 from the CAS SNMP configuration guide above and then we need to make a few additional changes to the file.  Scroll down to almost the bottom of the configuration file and locate the lines that look like:

                                    exec .1.3.6.1.4.1.2021.50.1 NACstats /bin/sh /root/NACstats/NACstats.sh NACserver1.sql

                                    exec .1.3.6.1.4.1.2021.50.2 NACstats /bin/sh /root/NACstats/NACstats.sh NACserver2.sql

                        There are a number of these lines listed, this is just a sample.  How they work, the 1.3.6...... part is the SNMP OID number you will query with solarwinds for the results of that query.  If you deleted query files earlier just remove the line in the config file so that the objects do not return errors. (you did write down what files you deleted right!?)

                        8.  If you created new queries follow my entries as an example and make your own entry for your queries.  For a new query you need to incriment the OID number (note this as well) so if the last entry is .1.3.6.1.4.1.2021.50.13 your entry would look like this:

                                    exec .1.3.6.1.4.1.2021.50.14 NACstats /bin/sh /root/NACstats/NACstats.sh yourquery.sql

                         9.  Once you have made your changes if any save the file with the name snmpd.conf  (you are remebering to keep the CAM and CAS snmpd.conf files seprate right!?)

                        10.  After you have made all of your SNMP config file changes you need to go back up to the CAS guide, starting at step 3 follow all of the steps to get SNMP configured on your CAM.  After you have completed those steps return back here to continue onto step 11.

                        11.  After you have SNMP all configured on your CAM you need to download the NAC Manager.UnDP attachment and save it to your SolarWinds server.

                        12.  Open the SolarWinds Universal Device Poller, click the file menu and click Import Universal Device Pollers.  Click the open button and choose the NAC Manager.UnDP file and click open.  Under the Pollers section click on the NAC Manager folder and click the import button and then click the OK button.

                         13.  Under all defined pollers expand the NAC Manager folder and you can see all of the objects that get polled (each object is a query that gets ran).  Again remove any that you had previously deleted.

                        14.  If you created new queries you need to now create a new poller for that object.  If you did not create any new queries and are using the ones I sent you skip to

                               step 16.  I recomend you right click on an existing poller and choose Duplicate Poller.  A new window will open and you will need to modify the OID.

                        *** Note the OID is just a little bit different than what you were seeing earlier ***  

                        If the OID you specified in the snmpd.conf file was   .1.3.6.1.4.1.2021.50.14 before in the Universal Device poller you need to make it look like this:   .1.3.6.1.4.1.2021.50.14.101.1    The additional numbers just reference the output of the command (the 101.1 part)

                        After changing the OID make sure you change the NAM of the poller to what ever you like as well as the description.

                        15.  When the changes are complete follow the steps to finsh the device poller choosing your CAMs (or service IP if you like) as a device to assgin the poller to once you have selected the CAM (or CAMs) click the test button to see if it returns a value (which it should).  The CAMs and CAS servers are located under the Net-SNMP grouping just incase you were having a hard time finding them.  Choose how you want to display the data for the CAMs and click through the rest of the wizzard.

                        16.  Now to assign existing pollers that I have created to the CAMs, click the Assign Pollers button.

                        17.  Expand the All pollers folder and put a check box next to the NAC Manager folder and click next.

                        18.  Expand the All nodes folder and put check boxes next to any of the CAMs you would like to monitor, click the test button and it should return values for the pollers.  Once that is successfull click Finish.

                        19.  Now you should be able to go to your orion web console, go to the device detials view and scroll to the very bottom you should see your stats show up.  You should be all set

                          • Re: Monitor Cisco NAC
                            jeff.stewart

                            Perfect!  Thanks so much and great job on this!  I've attached a picture of just a few of the gauges I've added.  Cheers!

                            • Re: Monitor Cisco NAC
                              prachi19

                              Hi Miles,

                               

                              I am trying to add cisco CAS and CAM to SolarWinds for monitoring.I have followed the steps for CAS  that you have provided placed the updated snmpd.conf file in /etc/snmp directory and started the snmp server on CAS .But still while i am trying to add node in solar winds the test is getting failed and i am not able to add.Please let me know if i need to anything else as in from GUI of CAS.We are using snmpv2c in our environment.

                              Thanks in advance.