cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

7937
Views
44
Helpful
13
Replies
Highlighted
Beginner

ISE Alarm : Critical : Profiler SNMP Request Failure : Server

Ok, so this alarm is coming in repeatedly and is now on my projects list.  I get email alerts from the server that list thr NAD IP as the endpoint device and the Endpoint IP address is correct.  I've checked the settings and the endpoint is not listed as a NAD in ISE (ver 1.2).

Profiler SNMP Request Failure

Details :

Profiler SNMP Request Failure : Server=xxx-xxx-xxx; NAD Address=10.253.124.194; Endpoint IP Address=10.253.124.194

Description :

SNMP request times out, or SNMP community/user auth data is incorrect.

Suggested Actions :

Please ensure if SNMP is running on the NAD and verify that SNMP configuration on ISE matches on NAD

*** This message is generated by Cisco Identity Services Engine (ISE) ***

Has anyone seen this come in before?

PS - Why is the IOS for ISE so cut down?  Looks like something you would get from an Apple product.

Thanks,

Clark

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

I ended up opening a TAC case on this.  Apparently there's some bug when both SNMP and NMAP profiling are turned on.  The TAC engineer had me disable NMAP since we weren't really using it for profiling (as DHCP, RADIUS, SNMP, etc provide much more information and are a higher priority in ISE profiling).  Disabling NMAP profiling worked, and the SNMP alerts stopped. 

View solution in original post

Highlighted


@pnowikow wrote:

We use V1 & V2.  I'll get a TAC case open if this upgrade to 2.6 scheduled for next month doesn't fix it.

Thanks,

Pete


I'd recommend opening a tac case before hand to make sure its a bug fixed in 2.6, that's a bigger move then getting a hotfix or patch. 

View solution in original post

13 REPLIES 13
Highlighted
Participant

Alarm Name :- Profiler SNMP Request Failure

Alarm Description :- Either the SNMP request timed out or the SNMP community or user authentication data is incorrect.

Alarm Resolution :- Ensure that SNMP is running on the NAD and verify that SNMP configuration on Cisco ISE matches with NAD.

Highlighted

I have this behavior too with an ISE 1.4! It is amazing such an old bug still appears on the latest version of the product. But this is not the only case:

  • NAM PAC renewal Anyconnect 4.1.28
  • HA Replication ISE 1.4
Highlighted
Beginner

Hello,

Please follow below CiscoLink:

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_mnt.html

Profiler SNMP Request Failure

Either the SNMP request timed out or the SNMP community or user authentication data is incorrect.

Ensure that SNMP is running on the NAD and verify that SNMP configuration on Cisco ISE matches with NAD.

Also ensure what snmp version device is using.

Thanks,

Highlighted

I have this issue also.  The previous replies do not answer the question, simply restate the confusing alert message and generic alert description from Cisco.

I'm getting this message 20+ times a day, and have verified that the NAD IP that is being reported in the alarm are NOT NADs.  They are end clients.

Highlighted

I am having the same issue as well, and there is definitely a duplicating of the NAD and / or Client IP into the respective fields.

 

In addition, I see Clients bring labeled with the SNMP trap under the "Endpoint" as the source, however when I click on the interface inside the Authentication Monitor it returns with a blank report that only says "SNMP information is not configured for this device in ISE." inside the status field.

 

Any suggestions?

Please assist,

David

Highlighted

I have this issue too.  I believe that ISE is actually trying to do an SNMP Query against the IP address of the client instead of the IP address of the NAD.  

 

Highlighted

I ended up opening a TAC case on this.  Apparently there's some bug when both SNMP and NMAP profiling are turned on.  The TAC engineer had me disable NMAP since we weren't really using it for profiling (as DHCP, RADIUS, SNMP, etc provide much more information and are a higher priority in ISE profiling).  Disabling NMAP profiling worked, and the SNMP alerts stopped. 

View solution in original post

Highlighted
Beginner

Same problem here on 2.1

Highlighted

We have the same problem. We've checked ACLs, firewalls, config of the NAD, retyped SNMP variables and so on. but still it comes.....

Highlighted

Are there any updates on this post?  I'm about to upgrade to 2.6 next month and hopefully it goes away.  I made sure on all my routers and switches that SNMP is running and my access list allows read only access to ISE servers.

Highlighted

Which version of SNMP are you using? There are quite a few SNMP caveats and TAC would still be the best bet for determining which specific one you are hitting.
Highlighted

We use V1 & V2.  I'll get a TAC case open if this upgrade to 2.6 scheduled for next month doesn't fix it.

Thanks,

Pete

Highlighted


@pnowikow wrote:

We use V1 & V2.  I'll get a TAC case open if this upgrade to 2.6 scheduled for next month doesn't fix it.

Thanks,

Pete


I'd recommend opening a tac case before hand to make sure its a bug fixed in 2.6, that's a bigger move then getting a hotfix or patch. 

View solution in original post

Content for Community-Ad