cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2731
Views
10
Helpful
9
Replies

PSN profiling SNMP query timers question

Dave Lewis
Level 1
Level 1

Hello,

 

Please could someone explain exactly what is meant by the following two fields:

 

- Timeout

- EventTimeout

 

In the SNMP query profiling configuration page?  Also, are both fields in seconds?

 

This is on ISE 2.2 patch 9. We have a number of 3850 switches with multiple units in a stack and I have a suspicion they're timing out.

 

Thanks,


Dave

 

 

1 Accepted Solution

Accepted Solutions

howon
Cisco Employee
Cisco Employee

Timeout: How long ISE waits for network device to respond in milliseconds.

EventTimeout: How long ISE waits to perform targeted SNMP poll for specific interface after linkup/new MAC shows up in seconds.

 

What is the symptom you are experiencing? If you suspect delayed response from the 3850, you can try increasing the Timeout value to see if it helps. Also, suggest looking into profiling debug as well.

View solution in original post

9 Replies 9

howon
Cisco Employee
Cisco Employee

Timeout: How long ISE waits for network device to respond in milliseconds.

EventTimeout: How long ISE waits to perform targeted SNMP poll for specific interface after linkup/new MAC shows up in seconds.

 

What is the symptom you are experiencing? If you suspect delayed response from the 3850, you can try increasing the Timeout value to see if it helps. Also, suggest looking into profiling debug as well.

Perfect, thank you.

 

So is EventTimeout only used if ISE receives an SNMP trap from the NAD? Or do other events also trigger a poll of a particular interface? I don't have SNMP traps being sent to PSNs currently. 

 

Symptom is "Profiler SNMP Request Failure : Server= xxxx; NAD Address=10.x.y.z" frequently (around every 5 or 10 minutes) on multiple endpoints. I know the credentials etcetera are correct so I suspect a timeout.

 

I have disabled the NMAP probe and I no longer see the errors about endpoints but I still receive these NAD failures.

 

I haven't tried enabling debugs of profiling - would we expect a significant impact on the performance of the ISE nodes if we enable that?

 

On a related note - in NAD configuration - if I set a 'preferred' SNMP polling PSN what happens if that PSN is out of service (e.g. due to an upgrade or a network issue)? Does it fail-back to using any other PSN or does it just fail?

 

Thanks,

 

Dave

RADIUS accounting will also trigger SNMP poll.

 

Yes, it should fall back to another PSN for polling.

Ah okay thanks, that makes sense then as we're also experiencing an issue where the NADs are sending accounting updates too frequently (despite having the correct update newinfo periodic command). I have a TAC case open on that.

 

Dave

I shut off that alarm as well. :)


Hi Dave, Did you get a reply from TAC about the accounting updates?

Thanks Michael

Hi Michael,

 

I think the accounting updates was in a separate thread but I gave up on that with TAC, partly because it seems cosmetic and not having a significant detrimental impact and partly because I believe the problem (in our case) is caused by printers. Specifically HP printers running old firmware that initiate and respond to dot1x EAPoL frames even when you've disabled the setting. Thus these printers each try and fail to authenticate to ISE once per minute which triggers the ISE alerts, a firmware update on the printers fixes it. I've upgraded all printer firmware in our of our offices and am no longer receiving the 'too frequent accounting updates' message from those switches.

 

Kind regards,

 

Dave

paul
Level 10
Level 10

What is triggering you suspicion?  ISE alarms for SNMP profiler?  That alarm is mostly useless because ISE doesn't distinguish between an SNMP failure (we would care about this) to a NAD vs. SNMP failure to a client device (which is normal and we don't care about).  In all my installs I shut off the SNMP failure alarm.

Hi Paul,

 

We are seeing frequent SNMP profiler alarms specifically to NADs. We were previously receiving the alarms about endpoints but since disabling NMAP probe we only get the NAD alarms now.

 

I know the credentials are correct so I suspect a timeout as my experience of 3850's is their control plane performance degrades exponentially the more switches you have in a stack.

 

Thanks,


Dave