Solved: ISE Alarm : Critical : Profiler SNMP Request Failure : Server

Clark Willms · ‎11-11-2013

Ok, so this alarm is coming in repeatedly and is now on my projects list. I get email alerts from the server that list thr NAD IP as the endpoint device and the Endpoint IP address is correct. I've checked the settings and the endpoint is not listed as a NAD in ISE (ver 1.2).

Profiler SNMP Request Failure

Details :

Profiler SNMP Request Failure : Server=xxx-xxx-xxx; NAD Address=10.253.124.194; Endpoint IP Address=10.253.124.194

Description :

SNMP request times out, or SNMP community/user auth data is incorrect.

Suggested Actions :

Please ensure if SNMP is running on the NAD and verify that SNMP configuration on ISE matches on NAD

*** This message is generated by Cisco Identity Services Engine (ISE) ***

Has anyone seen this come in before?

PS - Why is the IOS for ISE so cut down? Looks like something you would get from an Apple product.

Thanks,

Clark

Cristopher Bohde · ‎04-29-2014

I ended up opening a TAC case on this. Apparently there's some bug when both SNMP and NMAP profiling are turned on. The TAC engineer had me disable NMAP since we weren't really using it for profiling (as DHCP, RADIUS, SNMP, etc provide much more information and are a higher priority in ISE profiling). Disabling NMAP profiling worked, and the SNMP alerts stopped.

View solution in original post

Jason Kunst · ‎12-23-2019

@pnowikow wrote:

We use V1 & V2. I'll get a TAC case open if this upgrade to 2.6 scheduled for next month doesn't fix it.

Thanks,

Pete

I'd recommend opening a tac case before hand to make sure its a bug fixed in 2.6, that's a bigger move then getting a hotfix or patch.

View solution in original post

blenka · ‎11-17-2013

Alarm Name :- Profiler SNMP Request Failure

Alarm Description :- Either the SNMP request timed out or the SNMP community or user authentication data is incorrect.

Alarm Resolution :- Ensure that SNMP is running on the NAD and verify that SNMP configuration on Cisco ISE matches with NAD.

luisq · ‎06-22-2015

I have this behavior too with an ISE 1.4! It is amazing such an old bug still appears on the latest version of the product. But this is not the only case:

NAM PAC renewal Anyconnect 4.1.28
HA Replication ISE 1.4

sahseth · ‎11-18-2013

Hello,

Please follow below CiscoLink:

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_mnt.html

Profiler SNMP Request Failure

Either the SNMP request timed out or the SNMP community or user authentication data is incorrect.

Ensure that SNMP is running on the NAD and verify that SNMP configuration on Cisco ISE matches with NAD.

Also ensure what snmp version device is using.

Thanks,

Cristopher Bohde · ‎04-04-2014

I have this issue also. The previous replies do not answer the question, simply restate the confusing alert message and generic alert description from Cisco.

I'm getting this message 20+ times a day, and have verified that the NAD IP that is being reported in the alarm are NOT NADs. They are end clients.

David A · ‎04-08-2014

I am having the same issue as well, and there is definitely a duplicating of the NAD and / or Client IP into the respective fields.

In addition, I see Clients bring labeled with the SNMP trap under the "Endpoint" as the source, however when I click on the interface inside the Authentication Monitor it returns with a blank report that only says "SNMP information is not configured for this device in ISE." inside the status field.

Any suggestions?

Please assist,

David

Justin bollinger · ‎04-29-2014

I have this issue too. I believe that ISE is actually trying to do an SNMP Query against the IP address of the client instead of the IP address of the NAD.

Cristopher Bohde · ‎04-29-2014

I ended up opening a TAC case on this. Apparently there's some bug when both SNMP and NMAP profiling are turned on. The TAC engineer had me disable NMAP since we weren't really using it for profiling (as DHCP, RADIUS, SNMP, etc provide much more information and are a higher priority in ISE profiling). Disabling NMAP profiling worked, and the SNMP alerts stopped.

lmediavilla · ‎07-06-2016

Same problem here on 2.1

TIM JUDGE · ‎06-18-2018

We have the same problem. We've checked ACLs, firewalls, config of the NAD, retyped SNMP variables and so on. but still it comes.....

pnowikow · ‎12-20-2019

Are there any updates on this post? I'm about to upgrade to 2.6 next month and hopefully it goes away. I made sure on all my routers and switches that SNMP is running and my access list allows read only access to ISE servers.

Damien Miller · ‎12-20-2019

Which version of SNMP are you using? There are quite a few SNMP caveats and TAC would still be the best bet for determining which specific one you are hitting.

pnowikow · ‎12-23-2019

We use V1 & V2. I'll get a TAC case open if this upgrade to 2.6 scheduled for next month doesn't fix it.

Thanks,

Pete

Jason Kunst · ‎12-23-2019

@pnowikow wrote:

We use V1 & V2. I'll get a TAC case open if this upgrade to 2.6 scheduled for next month doesn't fix it.

Thanks,

Pete

I'd recommend opening a tac case before hand to make sure its a bug fixed in 2.6, that's a bigger move then getting a hotfix or patch.

sinady · ‎06-22-2021

Hi all,

I'm currently facing the same issue.

Note: we use ISE 2.7

Could please help to share how to fix this issue.

Thank in advance.