Add Sensor Interface on Trunk Port2018-05-15T16:33:35-04:00
2.11K views
0

Is it possible to add a network sensor from the Genians NAC web gui to monitor on a trunk port?  I see that the admin guide explains doing this in the initial configuration, but is it possible to add an additional network sensor after you have stood up the server/sensor.
I attempted to do this by using the cli command: interface eth1 vlan
Then adding the vlan id’s on the trunk port, but this does not seem to have worked for monitoring network traffic on those vlans.  Additionally I added IP addresses for the different subnets on those vlans for the interface, but again this does not seem to have worked.
Thanks

Answered question
0

Yes, It is possible to add a Network Sensor. Each Network Sensor can handle up to 128 VLANs.
Once configured you can add New Network Sensors by configuring them in the CLI.
You will need to configure an additional sub-interface, and VLAN ID for interface eth0.
configure terminal
interface eth0 vlan 1,10,15 (*Adding VLAN 15 for network 10.1.3.5)
interface eth0.3 address 10.1.3.5 255.255.255.0
write
exit
Below is what your configs should look like.
# interface eth0.10 address 10.1.10.5 255.255.255.0
# interface eth0.15 address 10.1.15.5 255.255.255.0
# interface eth0 address 10.1.1.5 255.255.255.0
# interface eth0 gateway 10.1.1.1
# interface eth0 vlan 1,10,15
# interface eth0 management-server enable
# interface eth0 node-server enable
# interface eth0 radius-server enable
# interface wlan0 mode monitor
# ip default-gateway 10.1.1.1
# ip name-server 8.8.8.8
# log-server enable
# log-server cluster-name GENIAN
# ntp server pool.ntp.org
# system-locale en

Changed status to publish
0

Thanks Bill, it seems to be working now.  One thing I noticed is the eth1 address (in my case I added another interface so its eth1 not eth0 that I am trying to do this on) does not seem to be reachable and not monitoring the subnet it is in.  The trunk port has 3 vlan’s (100,101,102) – eth1 is in 100 vlan.  So my config currently looks like this:

interface eth1.101 address xxx.xxx.xxx.xxx 255.255.255.0
interface eth1.102 address xxx.xxx.xxx.xxx.255.255.255.0
interface eth1 address xxx.xxx.xxx.xxx 255.255.255.0
interface eth1 vlan 100,101,102

vlan 100 is not a mangement vlan – do I need to add another interface IP to be able to monitor vlan 100 subnet?
i.e. – interface eth1.100 address xxx.xxx.xxx.xxx 255.255.255.0

Answered question
0

Just to clarify – the eth1.101 and eth1.102 are working properly and monitoring the subnets/vlans that they are assigned and identifying nodes in their subnets.  The eth1 address does not seem to be reachable (i.e. address does not respond to pings and not monitoring and identifying nodes in the subnet).

Answered question
0

If VLAN 100 is not your management VLAN then yes you will need to change its configuration to be
interface eth1.100 address xxx.xxx.xxx.xxx 255.255.255.0

Answered question
0

I made that change and my config now looks like this:
interface eth1.100 address 192.168.0.254 255.255.255.0
interface eth1.101 address xxx.xxx.xxx.xxx 255.255.255.0
interface eth1.102 address xxx.xxx.xxx.xxx.255.255.255.0
interface eth1 address 192.168.0.100 255.255.255.0
interface eth1 vlan 100,101,102
So now eth1.100 and eth1 both have an address within the same subnet – is this the way it should be or should I remove/change the IP on eth1 since it is really eth1.100 that I want to be monitoring the subnet?

Thanks

Answered question