Question

549 viewsFebruary 14, 2020

0

Joshua Romme 7 May 15, 2018 0 Comments

Is it possible to add a network sensor from the Genians NAC web gui to monitor on a trunk port? I see that the admin guide explains doing this in the initial configuration, but is it possible to add an additional network sensor after you have stood up the server/sensor.
I attempted to do this by using the cli command: interface eth1 vlan
Then adding the vlan id’s on the trunk port, but this does not seem to have worked for monitoring network traffic on those vlans. Additionally I added IP addresses for the different subnets on those vlans for the interface, but again this does not seem to have worked.
Thanks

6 Answers

1 2 Next »

score 0 · Answer 1 · 2018-05-16T14:10:28+00:00

Now you will have to remove the eth 1 address with the following command
no interface eth1 address 192.168.0.100 255.255.255.0

score 0 · Answer 2 · 2018-05-16T13:49:17+00:00

I made that change and my config now looks like this:
interface eth1.100 address 192.168.0.254 255.255.255.0
interface eth1.101 address xxx.xxx.xxx.xxx 255.255.255.0
interface eth1.102 address xxx.xxx.xxx.xxx.255.255.255.0
interface eth1 address 192.168.0.100 255.255.255.0
interface eth1 vlan 100,101,102
So now eth1.100 and eth1 both have an address within the same subnet – is this the way it should be or should I remove/change the IP on eth1 since it is really eth1.100 that I want to be monitoring the subnet?

Thanks

score 0 · Answer 3 · 2018-05-16T13:43:25+00:00

If VLAN 100 is not your management VLAN then yes you will need to change its configuration to be
interface eth1.100 address xxx.xxx.xxx.xxx 255.255.255.0

score 0 · Answer 4 · 2018-05-16T12:48:10+00:00

Just to clarify – the eth1.101 and eth1.102 are working properly and monitoring the subnets/vlans that they are assigned and identifying nodes in their subnets. The eth1 address does not seem to be reachable (i.e. address does not respond to pings and not monitoring and identifying nodes in the subnet).

score 0 · Answer 5 · 2018-05-16T12:40:55+00:00

Thanks Bill, it seems to be working now. One thing I noticed is the eth1 address (in my case I added another interface so its eth1 not eth0 that I am trying to do this on) does not seem to be reachable and not monitoring the subnet it is in. The trunk port has 3 vlan’s (100,101,102) – eth1 is in 100 vlan. So my config currently looks like this:

interface eth1.101 address xxx.xxx.xxx.xxx 255.255.255.0
interface eth1.102 address xxx.xxx.xxx.xxx.255.255.255.0
interface eth1 address xxx.xxx.xxx.xxx 255.255.255.0
interface eth1 vlan 100,101,102

vlan 100 is not a mangement vlan – do I need to add another interface IP to be able to monitor vlan 100 subnet?
i.e. – interface eth1.100 address xxx.xxx.xxx.xxx 255.255.255.0

6 Answers

Next-Gen NAC

Products

Get Started

Company

Follow Us