Adding and Deleting Network Sensors

As your network changes, you may add or delete sensors.

  • If you add a new remote management segment, you can install a Network Sensor device at the remote site for management.

  • If a management segment is added to an existing Network Sensor, you can add another interface to the existing Network Sensor.

  • For single-interface appliances, you can manage multiple VLANs via an 802.1Q trunk port.

Add a New Network Sensor

When a new remote management segment is added, you need to connect the Network Sensor to the Policy Server. For instructions on adding a new Network Sensor, refer to Installing Network Sensor.

Once installation is complete, you can verify the Network Sensor in the Web Console menu under System > System Management > Sensor Management.

Delete an Existing Network Sensor

Note

Deleting a Network Sensor will also delete all connected VLANs and node information.

  1. Disconnect the Network Sensor device from the network and power it off.

  2. Access the Policy Server Web Console.

  3. Go to System in the top menu.

  4. In the System Management section, go to System > System Management.

  5. Click the Checkbox for the desired Network Sensor.

  6. Click Select Task > Delete Device.

  7. Click OK to confirm.

Add Interfaces to an Existing Network Sensor

This option allows you to monitor separate LANs or VLANs on a single sensor appliance without using a trunk port. One wired interface is required for each network.

Network Sensors cannot be added through the Web Console; you must configure sub-interfaces on the existing eth0 or eth1 interface using the CLI console.

  1. Connect to the Network Sensor via SSH client. See Administration Console for CLI access instructions.

  2. Enter the following commands for each Network Sensor to be added:

    In the example below, eth0 is already configured. eth1 will be configured to monitor a separate LAN.

     $ sudo su -    # Gain root privileges
 $ cd /etc/netplan    # Move to the netplan directory for network settings
 $ vim *.yaml    # Edit the network configuration file under netplan

 # *.yaml
 # network:
 # version: 2
 # renderer: NetworkManager
 # ethernets:
 #          eth0:
 #                dhcp4: false
 #                addresses: [IP address/CIDR]
 #                gateway4: Gateway IP
 #                nameservers:
 #                        addresses: [IP address]
 #
 #          eth1:
 #                dhcp4: false
 #                addresses: [IP address/CIDR]
 #                gateway4: Gateway IP
 #                nameservers:
 #                       addresses: [IP address]

$ netplan apply    # Apply the modified *.yaml file
$ cd /usr/geni     # Move to the directory to reboot DKNS
$ ./compose restart dkns    # Reboot DKNS

Example of editing the yaml file:

../_images/netplan2.png

If you do not use a static IP, configure DHCP:

 $ vim /etc/netplan/*.yaml    # Edit the *.yaml file

 # *.yaml
 # ...
 #          eth0:
 #                dhcp4: false
 #                addresses: []

$ netplan apply    # Apply the modified *.yaml file
$ cd /usr/geni     # Move to the directory to reboot DKNS
$ ./compose restart dkns    # Reboot DKNS

Delete an Existing Network Sensor Interface

Note

This function deletes a single Network Sensor and all nodes and node information.

  1. Connect to the Network Sensor via SSH client. See Administration Console for CLI access instructions.

  2. Enter the following commands for each Network Sensor to be deleted:

    $ sudo su -    # Gain root privileges
$ cd /etc/netplan    # Move to the netplan directory for network settings
$ vim *.yaml    # Edit the network configuration file under netplan
# *.yaml - Delete the configured interface
# ...
#          eth0:
#                dhcp4: false
#                addresses: [IP address/CIDR]
#                gateway4: Gateway IP
#                nameservers:
#                        addresses: [IP address]

$ netplan apply    # Apply the modified *.yaml file

  3. In the Web Console, go to System in the top menu.

  4. In the System Management panel, go to System Management > Sensor Management.

  5. Click the IP Address of the Network Sensor to be modified.

  6. Click Node Task > Delete.

  7. Click OK to confirm.

Add VLANs (Sub-Interfaces) to an Existing Trunk Interface

This option is used when the Network Sensor is installed in trunk port mode. You can add up to 128 VLANs per device, but it is recommended to use up to 64 VLANs.

Network Sensors cannot be added through the Web Console; you must configure sub-interfaces on the existing eth0 or eth1 interface using the CLI console.

  1. Connect to the Ubuntu device where the Network Sensor is installed via SSH client. See Administration Console for CLI access instructions.

  2. Add all VLAN interfaces to be monitored.

  3. Set the IP and Gateway for each added VLAN interface.

    The suffix after eth0 for each VLAN is determined by the VLAN ID. Below is an example of adding sensors to VLANs 109 and 114. Repeat the process for all VLANs to be monitored.

    $ sudo su -    # Gain root privileges
$ cd /etc/netplan    # Move to the netplan directory for VLAN settings
$ vim *.yaml    # Edit the network configuration yaml file

# *.yaml
# network:
# version: 2
# renderer: NetworkManager
# ethernets:
#      eth0:
#              dhcp4: false
#              addresses: [IP address/CIDR]
#              gateway4: Gateway IP
#              nameservers:
#                      addresses: [IP address]
#
#
# vlans:
#
#      eth0.VLANID:
#                id: VLANID
#                link: eth0
#                addresses: [IP address/CIDR]
#
#      eth0.VLANID:
#                id: VLANID
#                link: eth0
#                addresses: [IP address/CIDR]

$ netplan apply    # Apply the modified *.yaml file
$ cd /usr/geni     # Move to the directory to reboot DKNS
$ ./compose restart dkns    # Reboot DKNS

Example of editing the yaml file:

../_images/netplan_vlan.png

If you do not use a static IP, configure DHCP:

 $ vim /etc/netplan/*.yaml    # Edit the *.yaml file

 # *.yaml
 # ...
 #          eth0.VLANID:
 #                    dhcp4: false
 #                    addresses: []

$ netplan apply    # Apply the modified *.yaml file
$ cd /usr/geni     # Move to the directory to reboot DKNS
$ ./compose restart dkns    # Reboot DKNS

Note

For CISCO switches, be careful not to add the Native VLAN to the sensor. The Native VLAN (default: VLAN 1) cannot be monitored by a sensor configured on a trunk port.

Delete VLANs from an Existing Trunk Interface

Note

This function deletes a single Network Sensor and all nodes and node information.

  1. Connect to the Network Sensor via SSH client. See Administration Console for CLI access instructions.

  2. Delete the existing trunk VLAN settings from the configuration file.

  3. To remove the VLAN sensor interface, enter the following commands:

    $ sudo su -    # Gain root privileges
$ cd /etc/netplan    # Move to the netplan directory for network settings
$ vim *.yaml    # Edit the network configuration file under netplan
# *.yaml - Delete the configured VLANs
# ...
# vlans:
#
#      eth0.VLANID:
#                id: VLANID
#                link: eth0
#                addresses: [IP address/CIDR]

$ netplan apply    # Apply the modified *.yaml file

  4. In the Web Console, go to System in the top menu.

  5. In the System Management panel, go to System Management > Sensor Management.

  6. Click the IP Address of the Network Sensor to be modified.

  7. Click Node Task > Delete.

  8. Click OK to confirm.