Security

last person joined: 7 days ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

  • 1.  Portnox(NAC) SNMP issue

    Posted 01-18-2016 00:28

    Hi,

     

    We have a problem trying to manage EX switch through NAC

    For some reason it shows the following

    Screenshot_1.jpg

     

    So I configured SNMP traceoptions as the following :

    Pro_sw> show configuration snmp traceoptions
    file snmp.tr size 5m files 5 world-readable;
    flag all;

     

    And it shows this output:

     

    Jan 18 10:23:56 snmpd[490] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    Jan 18 10:23:56 snmpd[490] >>> Get-Request
    Jan 18 10:23:56 snmpd[490] >>>  Source:      100.10.101.20
    Jan 18 10:23:56 snmpd[490] >>>  Destination: 100.10.100.252
    Jan 18 10:23:56 snmpd[490] >>>  Version:     SNMPv2
    Jan 18 10:23:56 snmpd[490] >>>  Request_id:  0x490
    Jan 18 10:23:56 snmpd[490] >>>  Community:   portnox
    Jan 18 10:23:56 snmpd[490] >>>  Error:       status=0 / vb_index=0
    Jan 18 10:23:56 snmpd[490] >>>   OID  : sysObjectID.0
    Jan 18 10:23:56 snmpd[490] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    Jan 18 10:23:56 snmpd[490]  <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
    Jan 18 10:23:56 snmpd[490]  <<< Get-Response
    Jan 18 10:23:56 snmpd[490]  <<<  Source:      100.10.101.20
    Jan 18 10:23:56 snmpd[490]  <<<  Destination: 100.10.100.252
    Jan 18 10:23:56 snmpd[490]  <<<  Version:     SNMPv2
    Jan 18 10:23:56 snmpd[490]  <<<  Request_id:  0x490
    Jan 18 10:23:56 snmpd[490]  <<<  Community:   portnox
    Jan 18 10:23:56 snmpd[490]  <<<  Error:       status=0 / vb_index=0
    Jan 18 10:23:56 snmpd[490]  <<<   OID  : sysObjectID.0
    Jan 18 10:23:56 snmpd[490]  <<<   type : Object
    Jan 18 10:23:56 snmpd[490]  <<<   value: jnxProductNameEX2200
    Jan 18 10:23:56 snmpd[490]  <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
    Jan 18 10:24:52 ping_icmp_read_msg: wrong process, 0

     

    Does any body has a solution for this ?



  • 2.  RE: Portnox(NAC) SNMP issue

    Posted 01-19-2016 01:19
    Hi,

    What does those messages means :

    Jan 19 11:10:25 ping_icmp_read_msg: wrong process, 0
    Jan 19 11:10:35 ping_icmp_read_msg: wrong process, 0
    Jan 19 11:11:19 ping_icmp_read_msg: wrong process, 0
    Jan 19 11:13:05 ping_icmp_read_msg: wrong process, 0
    Jan 19 11:14:04 ping_icmp_read_msg: wrong process, 0
    Jan 19 11:15:26 ping_icmp_read_msg: wrong process, 0
    Jan 19 11:15:35 ping_icmp_read_msg: wrong process, 0
    Jan 19 11:16:19 ping_icmp_read_msg: wrong process, 0


  • 3.  RE: Portnox(NAC) SNMP issue
    Best Answer

    Posted 01-20-2016 00:45

    OK so issue finally resolved !!

    This has nothing to do with the juniper switch . It was server issue .

     

    As part of troubleshooting Portnox (NAC) logging shows an error related to the following Microsoft Fix :

    https://support.microsoft.com/en-us/kb/935434

     

    But microsoft has a broken link , so we fix it manually :

     

    This security setting affects the following registry value in Windows Server 2008 and in Windows Vista: HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled
    This registry value reflects the current FIPS setting. If this setting is enabled, the value is 1. If this setting is disabled, the value is 0.
    This security setting affects the following registry value in Windows Server 2003 and in Windows XP: HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy
    This registry value reflects the current FIPS setting. If this setting is enabled, the value is 1. If this setting is disabled, the value is 0.

     

    111.PNG