Adding and Deleting Network Sensors

As your network changes, you may add or delete sensors.

• If you add a new remote management segment, you can install a Network Sensor device at the remote site for management.

• If a management segment is added to an existing Network Sensor, you can add another interface to the existing Network Sensor.

• For single-interface appliances, you can manage multiple VLANs via an 802.1Q trunk port.

Add a New Network Sensor

When a new remote management segment is added, you need to connect the Network Sensor to the Policy Server. For instructions on adding a new Network Sensor, refer to Installing Network Sensor.

Once installation is complete, you can verify the Network Sensor in the Web Console menu under System > System Management > Sensor Management.

Delete an Existing Network Sensor

Note

Deleting a Network Sensor will also delete all connected VLANs and node information.

1. Disconnect the Network Sensor device from the network and power it off.

2. Access the Policy Server Web Console.

3. Go to System in the top menu.

4. In the System Management section, go to System > System Management.

5. Click the Checkbox for the desired Network Sensor.

6. Click Select Task > Delete Device.

7. Click OK to confirm.

Add Interfaces to an Existing Network Sensor

This option allows you to monitor separate LANs or VLANs on a single sensor appliance without using a trunk port. One wired interface is required for each network.

Network Sensors cannot be added through the Web Console; you must configure sub-interfaces on the existing eth0 or eth1 interface using the CLI console.

1. Connect to the Network Sensor via SSH client. See Administration Console for CLI access instructions.

2. Enter the following commands for each Network Sensor to be added:

   In the example below, eth0 is already configured. eth1 will be configured to monitor a separate LAN.

   genian> enable
   genian# configure terminal
   genian(config)# interface eth1 address X.X.X.X X.X.X.X
   genian(config)# interface eth1 gateway X.X.X.X
   genian(config)# exit
   

   If you do not use a static IP, configure DHCP:

   genian> enable
   genian# configure terminal
   genian(config)# interface eth1 dhcp enable
   genian(config)# exit
   

Delete an Existing Network Sensor Interface

Note

This function deletes a single Network Sensor and all nodes and node information.

1. Connect to the Network Sensor via SSH client. See Administration Console for CLI access instructions.

2. Enter the following commands for each Network Sensor to be deleted:

   genian> enable
   genian# configure terminal
   genian(config)# no interface eth1 address X.X.X.X X.X.X.X
   genian(config)# no interface eth1 gateway X.X.X.X
   genian(config)# exit
   

If DHCP is configured, disable it:

genian> enable
genian# configure terminal
genian(config)# no interface eth1 dhcp enable
genian(config)# exit

3. In the Web Console, go to System in the top menu.

4. In the System Management panel, go to System Management > Sensor Management.

5. Click the IP Address of the Network Sensor to be modified.

6. Click Node Task > Delete.

7. Click OK to confirm.

Add VLANs (Sub-Interfaces) to an Existing Trunk Interface

This option is used when the Network Sensor is installed in trunk port mode. You can add up to 128 VLANs per device, but it is recommended to use up to 64 VLANs.

Network Sensors cannot be added through the Web Console; you must configure sub-interfaces on the existing eth0 or eth1 interface using the CLI console.

1. Connect to the Ubuntu device where the Network Sensor is installed via SSH client. See Administration Console for CLI access instructions.

2. Add all VLAN interfaces to be monitored.

   genian> enable
   genian# configure terminal
   genian(config)# interface eth0 vlan 10,20,30-50
   

3. Set the IP and Gateway for each added VLAN interface.

   The suffix after eth0 for each VLAN is determined by the VLAN ID. Below is an example of adding a sensor to VLAN 30. Repeat the process for all VLANs to be monitored.

   genian> enable
   genian# configure terminal
   genian(config)# interface eth0.30 address X.X.X.X X.X.X.X
   genian(config)# interface eth0.30 gateway X.X.X.X
   genian(config)# exit
   

If you do not use a static IP, configure DHCP:

genian> enable
genian# configure terminal
genian(config)# interface eth0.30 dhcp enable
genian(config)# exit

Note

For CISCO switches, be careful not to add the Native VLAN to the sensor. The Native VLAN (default: VLAN 1) cannot be monitored by a sensor configured on a trunk port.

Delete VLANs from an Existing Trunk Interface

Note

This function deletes a single Network Sensor and all nodes and node information.

1. Connect to the Network Sensor via SSH client. See Administration Console for CLI access instructions.

2. Add all VLANs to be monitored and exclude the VLANs to be deleted.

   genian> enable
   genian# configure terminal
   genian(config)# interface eth0 vlan 10,20,40-50
   

3. To remove the VLAN sensor interface, enter the following commands:

   genian> enable
   genian# configure terminal
   genian(config)# no interface eth0.30 address X.X.X.X X.X.X.X
   genian(config)# no interface eth0.30 gateway X.X.X.X
   genian(config)# exit
   

   To remove an interface configured with DHCP, enter the following commands:

genian> enable
genian# configure terminal
genian(config)# no interface eth0.30 dhcp enable
genian(config)# exit

4. In the Web Console, go to System in the top menu.

5. In the System Management panel, go to System Management > Sensor Management.

6. Click the IP Address of the Network Sensor to be modified.

7. Click Node Task > Delete.

8. Click OK to confirm.