.. _adding-deleting-network-sensors:

Adding And Deleting Network Sensors
===================================

.. note:: Many common issues can be resolved by rebooting the appliance, which
          reloads your configurations, and purges outdated settings. After
          verifying configurations, rebooting is a good next step in
          troubleshooting.
          
As your network changes, you may add or delete sensors.

* If you add additional remote locations you can add Network Sensor Appliances
  to the sites.
* To monitor additional broadcast domains with an existing sensor, you may use
  multiple wired interfaces on that appliance if supported.
* For an Appliance with a single wired interface, you can monitor multiple
  VLANS over a 802.1Q trunk port by configuring sub interfaces.

Add Network Sensor Hardware
---------------------------

If you have added a new remote location, here are the steps to adding an
additional Network Sensor hardware to your Policy Server.

#. Go to :ref:`installing-network-sensor`. (*During the Installation, you
   will be prompted to link the Sensor with a Policy server IP or FQDN*)
#. After Installation, you should see **Network Sensor** in the UI Management
   pane under **System > System > Sensor**.

Delete Network Sensor Hardware
------------------------------

.. note:: | If you delete the network sensor, the connected VLAN and all node information are deleted together.

#. Disconnect **Network Sensor** hardware from the network and power down.
#. Access **Policy Server Webconsole** to delete Network Sensor.
#. Go to **System** in the top panel.
#. Go to **System > System** in the System Management panel.
#. Find and click on the **Checkbox** of desired Network Sensor.
#. Go to **Tasks > Delete System**.
#. Click **OK** to confirm.

Add Interfaces on an Existing Sensor
------------------------------------

This option allows you to monitor separate LANs or VLANs on a single sensor
appliance without the use of a trunk port. **One wired interface is required
for each network.**

**Network Sensors cannot be added through Webconsole, Administrator must be configured through
CLI by adding sub-interfaces to the existing eth0 or eth1 interface.**

#. Connect through **SSH client** to Network Sensor. See: :ref:`console` .
#. Enter the following commands below for each Network Sensor to be added:

For this example, interface eth0 is already configured. The interface eth1 will
be configured to monitor a separate LAN:

.. code-block:: bash

 genian> enable
 genian# configure terminal
 genian(config)# interface eth1 address X.X.X.X X.X.X.X
 genian(config)# interface eth1 gateway X.X.X.X
 genian(config)# exit

Or setup the interface as a DHCP client:

.. code:: bash

 genian> enable
 genian# configure terminal
 genian(config)# interface eth1 dhcp enable
 genian(config)# exit

Delete A Specific Network Sensor Interface
------------------------------------------

.. note:: | This deletes a single Network Sensor and all Nodes and Node information

#. Connect through **SSH client** to Network Sensor: :ref:`console`
#. Enter the following commands below for each Network Sensor interface to be
   removed:

.. code:: bash

 genian> enable
 genian# configure terminal
 genian(config)# no interface eth1 address X.X.X.X X.X.X.X
 genian(config)# no interface eth1 gateway X.X.X.X
 genian(config)# exit

If the interface is configured as a dhcp client , use the following method:

.. code:: bash

 genian> enable
 genian# configure terminal
 genian(config)# no interface eth1 dhcp enable
 genian(config)# exit

#. Go to **System** in the top panel
#. Go to **System > Sensor** in the System Management panel.
#. Find and click on the **IP Address** of desired Network Sensor.
#. Find and click **Delete** in General tab.
#. Click **OK** to confirm.

Add VLANs (Sub-Interfaces) to an Existing Interface
---------------------------------------------------

This option is used when the Network Sensor is installed in trunk port mode. By
configuring sub interfaces off of the main physical interface,up to 128 VLANs(Recommended 64 VLANs)configured on that trunk port may be monitored through a single physical
interface. When added, a sub interface will show up in the Genians Web Console
as a separate sensor/node. This is because for every VLAN that is monitored,
an IP address will be assigned to the sensor within that VLAN.

.. note:: | Up to 128 VLANs can be added to Genian NAC, and more than 128 VLANS cannot be set. Genians recommends to set 64 VLANs.

- Ensure the Genians Network Sensor is connected to a properly configured
  .1q trunk port. See *"VLANs" in* :doc:`/deploying/preparing-network`
- Connect through **SSH client** to Network Sensor. See: :ref:`console`.
- Enter **ALL** VLANs you wish to monitor using commas to separate values and
  hyphens to denote ranges. Note that each Vlan ID will determine the suffix
  after ``eth0.`` in the sub interface name.

.. code:: bash

 genian> enable
 genian# configure terminal
 genian(config)# interface eth0 vlan 10,20,30-50

- Enter the following commands below for each Network Sensor to be added:

.. code-block:: bash

 genian> enable
 genian# configure terminal
 genian(config)# interface eth0.30 address X.X.X.X X.X.X.X
 genian(config)# interface eth0.30 gateway X.X.X.X
 genian(config)# exit

- Or configure the interface as a DHCP client.

.. code:: bash

 genian> enable
 genian# configure terminal
 genian(config)# interface eth0.30 dhcp enable
 genian(config)# exit

.. note:: If you want to monitor an untagged vlan, including the Native VLAN
          on a trunk/dot1q port, this can only be done on interface eth0.
          Specific VLAN interfaces (eth0.x) only monitor tagged traffic.

Delete A Specific VLAN Network Sensor
-------------------------------------

.. note:: | This deletes a single VLAN Network Sensor and all Nodes and Node information.

- Connect through **SSH client** to Network Sensor. :ref:`console`.
- Enter ALL VLANs you wish to monitor, and exclude the Vlan to be deleted.

.. code:: bash

 genian> enable
 genian# configure terminal
 genian(config)# interface eth0 vlan 10,20,40-50

- Enter the following commands below for the Vlan Sensor Interface to be
  removed:

.. code-block:: bash

 genian> enable
 genian# configure terminal
 genian(config)# no interface eth0.30 address X.X.X.X X.X.X.X
 genian(config)# no interface eth0.30 gateway X.X.X.X
 genian(config)# exit

- If the interface is configured as a DHCP client , use the following method:

.. code:: bash

 genian> enable
 genian# configure terminal
 genian(config)# no interface eth1 dhcp enable
 genian(config)# exit

#. Go to **System** in the top panel.
#. Go to **System > Sensor** in the System Management panel.
#. Find and click on the **IP Address** of desired Network Sensor.
#. Find and click **Delete** in General tab.
#. Click **OK** to confirm.