Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4430
Views
1
Helpful
4
Replies

Can Prime manage ISE?

Go to solution
Abhishek Kumar
Cisco Employee
Cisco Employee

‎06-22-2016 08:56 AM

As far as I understand the SNMP Agent on the Cisco ISE provides read-only SNMP v1 and SNMP v2c access to the following MIBs:

·        SNMPv2-MIB

·        RFC1213-MIB(MIB II)

·        IF-MIB

·        IP-MIB

·        IP-FORWARD-MIB

·        TCP-MIB

·        UDP-MIB

·        HOST-RESOURCES-MIB

·        ENTITY-MIB —Only 3 MIB variables are supported on the ENTITY-MIB:

•        Product ID: entPhysicalModelName

•        Version ID: entPhysicalHardwareRev

•        Serial Number: entPhysicalSerialNumber

·        DISMAN-EVENT-MIB

·        NOTIFICATION-LOG-MIB

·        CISCO-CDP-MIB

For Prime Infrastructure you would then need to configure polling for a 3rd party MIB’s as per the below link.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/mon-pol-thresh.html#34113

Now, I have a customer saying Prime 3.0 reports ISE as “unsupported Cisco devices” and the answer from our Cisco support (TAC) is that Prime can’t (and won’t ever!) report on these things.

Can someone please confirm if the basic stats could be managed by Prime or not?

Thanks,
Abhi

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-22-2016 12:59 PM

Abhi,

Most likely the problem the customer is experiencing is from the documented ISE and Prime Infrastructure integration problem from our Common Criteria requirement for TLS 1.1 which was not supported by Prime Infrastructure 3.0. Prime Infrastructure 3.1 now supports TLS v1.1 and it works with ISE 2.x releases.

According to the ISE 2.1 Compatibility Guide under Supported Cisco Prime Infrastructure Release:

Cisco Prime Infrastructure, Release 3.1 integrates with Cisco ISE, Release 2.1 to leverage the monitoring and reporting capabilities of Cisco ISE.

The official list of SNMP MIBs supported by ISE 2.1 is in the ISE Administrator Guide 2.1:

I don't know and cannot comment on what the TAC meant about "Prime can’t (and won’t ever!) report on these things" since there are insufficient details about the case.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-22-2016 12:59 PM

Abhi,

Most likely the problem the customer is experiencing is from the documented ISE and Prime Infrastructure integration problem from our Common Criteria requirement for TLS 1.1 which was not supported by Prime Infrastructure 3.0. Prime Infrastructure 3.1 now supports TLS v1.1 and it works with ISE 2.x releases.

According to the ISE 2.1 Compatibility Guide under Supported Cisco Prime Infrastructure Release:

Cisco Prime Infrastructure, Release 3.1 integrates with Cisco ISE, Release 2.1 to leverage the monitoring and reporting capabilities of Cisco ISE.

The official list of SNMP MIBs supported by ISE 2.1 is in the ISE Administrator Guide 2.1:

I don't know and cannot comment on what the TAC meant about "Prime can’t (and won’t ever!) report on these things" since there are insufficient details about the case.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-22-2016 01:15 PM

The list in your post is for ISE profiling features. I believe TAC is correct as PI is to monitor network devices but not management servers, such as ISE. ISE has two types of integrations with PI. One is for PI to cross launch reports available in ISE and the other is associated with MSE.

For a SNMP monitoring system, please see snmp-server community (in ISE CLI reference guide) for the list of MIBs. If ISE hardware appliances, such as SNS 34xx or SNS 35xx, then it's possible to configure SNMP in CIMC and monitor it that way.

Go to solution
Abhishek Kumar
Cisco Employee
Cisco Employee
In response to hslai

‎06-23-2016 01:00 PM

Thanks Hsing. So when you say "If ISE hardware appliances, such as SNS 34xx or SNS 35xx, then it's possible to configure SNMP in CIMC and monitor it that way."...Can the basic operational stats (like CPU, Memory, ifstats etc) can be polled for and reported on in Prime using CIMC? If yes, that would be of great help...Would need help in pointing out how to do it please...

Also, If Prime can’t do this – I’d like to know what product we should propose the customer use to get basic health data from its boxes...

I have told them already to leverage ISE's comprehensive reporting capability but it appears to me that they need the basic health checks to be monitored from Prime.

Abhi

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Abhishek Kumar

‎06-23-2016 10:17 PM

Please consult the support and/or product teams for PI.

Data Center Monitoring with Cisco Prime Infrastructure - YouTube

might help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents