Network Detector Setup and Configuration



Similar documents
Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

TotalCloud Phone System

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

Lab Use Network Inspector to Observe STP Behavior

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

Device Interface IP Address Subnet Mask Default Gateway

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Configuring WAN Failover with a Cisco 881 Router and an AirLink ES440

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Using Cisco UC320W with Windows Small Business Server

CyberData VoIP V2 Speaker with VoIP Clock Kit Configuration Guide for OmniPCX Enterprise

Configuring a customer owned router to function as a switch with Ultra TV

Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example

ALOHA Load Balancer Quickstart guide

Chapter 7 Lab 7-1, Configuring Switches for IP Telephony Support

Security Considerations in IP Telephony Network Configuration

Lab 7-1 Configuring Switches for IP Telephony Support

Switch Quick Configuration CLI Guide for

Installation of the On Site Server (OSS)

AP6511 First Time Configuration Procedure

MAX T1/E1. Quick Start Guide. VoIP Gateway. Version 1.0

Layer 2 / Layer 3 switches and multi-ssid multi-vlan network with traffic separation

How to Create VLANs Within a Virtual Switch in VMware ESXi

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Configuring EtherChannel and 802.1Q Trunking Between Catalyst L2 Fixed Configuration Switches and Catalyst Switches Running CatOS

Configuring IPS High Bandwidth Using EtherChannel Load Balancing

Lab Organizing CCENT Objectives by OSI Layer

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

PC/POLL SYSTEMS Version 7 Polling SPS2000 Cash Register TCP/IP Communications

VLANs. Application Note

Chapter 1 Configuring Basic Connectivity

Mobility System Software Quick Start Guide

Meraki MX50 Hardware Installation Guide

AT-S41 Version Management Software for the AT-8326 and AT-8350 Series Fast Ethernet Switches. Software Release Notes

3.5 EXTERNAL NETWORK HDD. User s Manual

IP Phone Configuration and Troubleshooting Guide

StarMOBILE Network Configuration Guide. A guide to configuring your StarMOBILE system for networking

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Debugging Network Communications. 1 Check the Network Cabling

The Trivial Cisco IP Phones Compromise

How To Set Up A Netvanta For A Pc Or Ipad (Netvanta) With A Network Card (Netvina) With An Ipa (Net Vanta) And A Ppl (Netvi) (Netva)

Unified Access Point Administrator's Guide

Deployment Guide: Cisco Guest Access Using the Cisco Wireless LAN Controller

Procedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Router & Switch

IntraVUE Plug Scanner/Recorder Installation and Start-Up

Lab 3.5.1: Basic VLAN Configuration (Instructor Version)

6.0. Getting Started Guide

Connecting the DG-102S VoIP Gateway to your network

Optimum Business SIP Trunk Set-up Guide

CT5760 Controller and Catalyst 3850 Switch Configuration Example

Chapter 1 Configuring Internet Connectivity

MS Series: VolP Deployment Guide

Alteon Basic Firewall Load Balancing. Sample Configuration

Quick Installation Guide

Objectives. Router as a Computer. Router components and their functions. Router components and their functions

Application Notes for the Ingate SIParator with Avaya Converged Communication Server (CCS) - Issue 1.0

SNMP Manager User s Manual

Applicazioni Telematiche

How To Configure Voice Vlan On An Ip Phone

Cisco CallManager configuration for BLU-103

UBIQUITI BRIDGE CONFIGURATION PROCEDURE (PowerStation & NanoStation Units ONLY)

Install Guide for JunosV Wireless LAN Controller

Elastix Server VoIP Intercom Setup Guide

Lab Configuring the PIX Firewall as a DHCP Server

This techno knowledge paper can help you if: You need to setup a WAN connection between a Patton Router and a NetGuardian.

AT-S84 Version ( ) Management Software for the AT-9000/24 Gigabit Ethernet Switch Software Release Notes

School of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management. Lab 4: Remote Monitoring (RMON) Operations

Lab Configuring Access Policies and DMZ Settings

NetLINE Wireless Broadband Gateway

Chapter 2 Lab 2-2, Configuring EtherChannel Instructor Version

Interoperability between Mitel IP Phones and ProCurve Switches

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX

Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME. Scenario

Pre-lab and In-class Laboratory Exercise 10 (L10)

UTM10 in multi-ssid, multi-vlan network with WMS5316. Network diagram

NAC Guest. Lab Exercises

Unified Access Point Administrator s Guide

Chapter 4 Management. Viewing the Activity Log

Overview of WebMux Load Balancer and Live Communications Server 2005

Management Software. User s Guide AT-S84. For the AT-9000/24 Layer 2 Gigabit Ethernet Switch. Version Rev. B

CCT vs. CCENT Skill Set Comparison

IP Addressing and Subnetting. 2002, Cisco Systems, Inc. All rights reserved.

ON HOLD ANNOUNCER. Once you receive your audio announcer, check the packaging to ensure that all of the following items are enclosed:

AlienVault. Unified Security Management (USM) x Initial Setup Guide

What is VLAN Routing?

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Installation & Operations Manual. VoIP Interface 2100-VOIPLC VoIPLC

IP Address and Pre-configuration Information

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

V310 Support Note Version 1.0 November, 2011

Shield Pro. Quick Start Guide

Configuring the Switch with the CLI Setup Program

Extending the range of a wireless network by using mesh topology

Quick Installation Guide Network Management Card

DSA-1000 / PRT-1000 Device Server / Thermal Printer

PePWave Surf Series PePWave Surf Indoor Series: Surf 200, AP 200, AP 400

CounterACT 7.0 Single CounterACT Appliance

Cisco Unified Communications 500 Series

Actiontec V1000W VDSL Gateway Static Business Class

Securely manage data center and network equipment from anywhere in the world.

Transcription:

339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net

MODE SYST RPS MASTR STAT SPEDUPLX STACK 1 2 3 4 5 6 7 8 91 0 11 12 1X 2X 11X 12X 13 14 15 16 1718 19 20 2122 23 24 13X 14X 23X 24X Catalyst 1 2 3 4 3750 SERIES Network Detector Setup Technical Brief: Configuring Network Detector Scope It is common practice to partition networks into Virtual LANs (VLANs) which eases management and allows for segregation and security within a corporation. In the case of monitoring these networks for intrusion prevention and security; a security device would need a presence on each of these network segments (VLANs) in order to have visibility to accurately categorize devices and potential threats. In networks where there are a large number of VLANs, management and the costs to provide this functionality can increase quickly. Airtight Networks has taken an approach to minimize the amount of network hardware, cost and overhead by creating the concept of Network Detector. Network Detector is an AirTight Networks sensor configured in a special mode, which supports 802.1q trunking, for visibility into multiple wired networks simultaneously. VLAN or managed switches use 801.1Q open standard encapsulation technique for carrying multiple data VLANs over a single physical port. This mode allows for a decreased number of sensors, decrease number of switch ports and visibility of multiple subnets on a single port. Typically you would need a sensor per subnet to have visibility to the wired network in order to deterministically categorize Access Points (as rogue, external, authorized, or mis-configured). In a network with a large amount of VLANs, this can create additional management and expense. It might look something like this: Vlans: Wireless Wired Sales Wired Marketing Wired Engineering Page 1 of 8

MODE SYST MASTRPS STAT SPEDUPLX STACK 1 2 3 4 5 6 7 8 9 10 11 12 1X 2X 11X 12X 13 14 15 16 1718 19 20 2122 23 24 13X 14X 23X 24X Catalyst 1 2 3 4 3750 SERIES Network Detector Setup However network detector can greatly decrease the amount of physical sensors deployed, for example: Vlans: Wireless Wired Sales Wired Marketing Wired Engineering Configuration There are three modes of operation for Sensors: Sensor Mode (single VLAN and wireless visibility), Sensor/Network Detector Combo mode (up to 4 VLANs monitored and wireless visibility), and Network Detector mode (up to 32 VLANs monitored and no wireless visibility). You should choose a mode that best suits your environment. Both Combo and Network detector modes are configured in the same manner. You can use the sample configuration for either. Best Practices: Architecture Airtight Network s sensor has three modes that provide the following coverage options: 1. Sensor Only: RF Monitoring: [ON] VLAN Monitoring: [OFF] VLAN Detection: [OFF] 2. Sensor/ND Combo: RF Monitoring: [ON] VLAN Monitoring: [Up to 4 VLANs] VLAN Detection: [Up to 16 VLANs] 3. Network Detector (ND): RF Monitoring: [OFF] VLAN Monitoring: [Up to 32 VLANs] VLAN Detection: [Up to 64 VLANs] These three modes allow for many different deployment scenarios based on the architecture of the network. Here a few possible examples for deployment. Page 2 of 8

Scenario 1 Small enterprise: Our small enterprise will consist of one floors that will require approximately 3 sensors per floor. The enterprise has 9 VLANs (one wireless) which would need to be monitored as they are physically accessible. Example: Deploy the 3 sensors as Sensor/ND Combo mode, and add different VLANs tagged to each of the 3 sensors (i.e Sensor 1 VLANs 1-3, Sensor 2 VLANs 4-6, Sensor 3 VLANs 7-9.) This will allow for full visibility of the VLANs as well as Air Coverage for the entire building. Scenario 2 large enterprise: Our large enterprise will consist of 7 floors that will require approximately 3 sensors per floor. The enterprise has 96 VLANs (4 wireless) which would need to be monitored as they are physically accessible. ( 1 floor Pictured with 2 network switches and one Network Detector x 32 VLANs) Page 3 of 8

Example: Deploy the 21 sensors in Sensor only mode across the 4 wireless VLANs. Using 3 more sensors in Network Detector Mode, deploy these in the Aggregation or core layer of the network (wherever the VLANs collapse) to monitor the remaining 92 VLANs. Scenario 3 Enterprise with Remote Offices The enterprise with remote office scenario is a combination of one of the previous two with the remote office piece added. Example 1: If the remote office is a single VLAN, just adding the required number of sensors in sensor only mode to that VLAN will provide protection. Example 2: If the remote office has 3 VLANs that need to be monitored and 3 sensors are being deployed for coverage of that office. To provide complete coverage, a sensor in sensor only mode can be added to each of the 3 VLANs, and full coverage will be provided. Example 3: If there are more VLANs than sensors, the sensors can be configured in Sensor combo mode which will allow for up to 4 VLANs per sensor. So if there were 8 VLANs, and 3 sensors were being deployed for air coverage, configuring these in combo mode and tagging the VLANs to them would provide complete coverage. Configuration Commands: A standard AirTight Networks Sensor can be easily configured for network detector mode. It is done via the command line interface, and merely changes the Sensors identity. To change the sensor to Network detector follow these steps: Plug the sensor in using the AC power source or an Ethernet cable with available 802.3af. Connect a straight thru DB9 console cable to the DB9 port on the sensor. Using your choice of serial applications (Hyperterm, SecureCRT, TeraTerm, etc.) make sure your settings are 9600, 8, none, 1. Watching the sensor boot up, at the login prompt enter the user name of config and the password of config. To access a list of menu options type help and hit the return key. The first command to enter will be get mode. After entering this command you will see the following: [config]$ get mode Displays the Sensor mode. Mode: [Sensor only] VLAN Monitoring: [OFF] VLAN Detection: [OFF] RF Monitoring: [ON] Page 4 of 8

This shows the current operating mode. To change this you will type set mode and you will see the following: [config]$ set mode Sets the Sensor mode. Select Sensor Mode. This command requires reboot. 1. Sensor Only: RF Monitoring: [ON] VLAN Monitoring: [OFF] VLAN Detection: [OFF] 2. Sensor/ND Combo: RF Monitoring: [ON] VLAN Monitoring: [Up to 4 VLANs] VLAN Detection: [Up to 16 VLANs] 3. Network Detector (ND): RF Monitoring: [OFF] VLAN Monitoring: [Up to 32 VLANs] VLAN Detection: [Up to 64 VLANs] 4. Quit? Select the mode you would like to use and hit return and you will see this:? 2 Sensor Mode: [Sensor/ND Combo] RF Monitoring: [ON] VLAN Monitoring: [Up to 4 VLANs] VLAN Detection: [Up to 16 VLANs] Confirm mode settings to save and reboot Sensor. If you select n, exit without saving. Confirm? ([y]/n): Type y and hit return. The sensor will reboot and you will see the following: y Rebooting Sensor... +Ethernet eth0: MAC address 00:11:74:00:03:d8 IP: 0.0.0.0/255.255.255.0, Gateway: 0.0.0.0 Default server: 0.0.0.0, DNS server IP: 0.0.0.0 RedBoot(tm) bootstrap and debug environment [ROM] Non-certified release, version v2_0 - built 12:21:54, Apr 21 2004 Copyright (C) 2000, 2001, 2002, Red Hat, Inc...etc. Page 5 of 8

Once the system has rebooted you will be at the login prompt. Enter your credentials, and type the command get mode to verify that it is running the mode you have selected: config]$ get mode Displays the Sensor mode. Mode: [Sensor/ND Combo] VLAN Monitoring: [Up to 4 VLANs] VLAN Detection: [Up to 16 VLANs] RF Monitoring: [ON] [config]$ When using Combo or Network detector modes, the sensor will discover VLANs that are available on the port. It is very important when configuring the switch port, that you are attaching the Network detector to, that you prune the VLANs. It is a best practice to have no more than 4 VLANs on a port for combo mode, and no more than 32 on a port for Network detector. When using Combo or Network detector modes, the sensor by default will use an untagged VLAN to connect to the server. If the untagged VLAN is not switched or routed to the server, you will need to configure one of the tagged to reach the server. There are two steps to configure this: the first is to configure a VLAN and ID, as well as DHCP or static addressing for that VLAN by typing the command set VLAN config : [config]$ set vlan config Configures the monitoring information for all VLANs in Network Detector(ND) or Sensor/ND Combo mode. Mode: [Sensor/ND Combo] VLAN Monitoring: [Up to 4 VLANs] VLAN Detection: [Up to 16 VLANs] RF Monitoring: [ON] VLANs: Fetching VLAN table. Please wait up to 30 seconds... VLAN for Communication with Server : Untagged VLAN VLAN_ID Mon? Discovered? Type IP Address/Mask Untagged Yes Yes static 192.168.1.245/255.255.255.0 10 Yes No dhcp = Sensor_Status Not Connected Modify VLAN Table? (y/[n]): Page 6 of 8

Type y to modify the table, and then it will prompt you to input the VLAN ID you wish to modify. Type the VLAN ID you wish to use. Change the VLAN monitoring to on and then set the ip address to either DHCP or STATIC (if set to static you will have to configure the subnet mask and gateway address here as well): Modify VLAN Table? (y/[n]): y Enter VLAN ID to edit [u=untagged,1-4096]: 10 VLAN ID [20] VLAN Monitoring [Off]: on IP Type (d=dhcp, s=static) [dhcp]:d Set: VLAN Monitoring: [On] Sensor must be rebooted for the new VLAN settings to take effect. Reboot now? (y/[n]): y Select y to reboot the sensor. When the system comes back up, enter credentials and type get VLAN config to view that your changes are in effect. [config]$ get vlan config Displays information for all VLANs monitored or discovered in Network Detector (ND) or Sensor/ND Combo mode. Settings for VLAN: Fetching VLAN table. Please wait up to 30 seconds... VLAN for Communication with Server : Untagged VLAN VLAN_ID Mon? Discovered? Type IP Address/Mask Untagged Yes Yes static 192.168.1.245/255.255.255.0 10 Yes No dhcp = Sensor_Status In the second step, you need to configure the management VLAN that the server will be using To configure this, type the command set mgmnt VLAN [config]$ set mgmnt vlan Settings of management VLAN used to communicate with the Server. Note that the untagged VLAN is also known as the Native VLAN. Settings for Management VLAN: Management VLAN ID (u=untagged VLAN,1-4096)[u]: 10 Setting the management VLAN to a tagged VLAN will disable the autoupgrade facility for this Sensor. This Sensor must be upgraded manually through Upgrade Manager. Confirm Management VLAN ID = [10]? (y/[n]): y Page 7 of 8

Enter the VLAN ID that was used in the previous step, and hit return. The sensor will ask a confirmation of this, select y and hit return. The sensor will reboot, and to verify that your configuration type the command get mgmnt VLAN [config]$ get mgmnt vlan Displays information about the management VLAN used by Sensor to communicate with Server. Settings for Management VLAN: VLAN ID:[10] IP Type: [dhcp] IP Address: [192.168.1.245] Subnet Mask: [255.255.255.0] Gateway: [192.168.1.1] [config]$ Using Network Detector: At this point, you have completed the setup for Network Detector. Now you can go to the SpectraGuard enterprise web browser and select the devices tab and then the sensors tab to view the network detector. You can right click and select either properties or details to get additional information on this device. This device will discover multiple VLANs, and the policies for those VLANs can be configured on the administration tab under security policy. Sample Configurations for Extreme Networks and Cisco Switches A Cisco Networks sample configuration: Cisco Switch Port configuration: interface FastEthernet0/17 switchport trunk encapsulation dot1q switchport mode trunk Comptt-SW#sh int fastethernet 0/17 switchport Name: Fa0/17 Switchport: Enabled Administrative mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Disabled Access Mode VLAN: 0 ((Inactive)) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Trunking VLANs Active: 1,10,20,30,50,192 Pruning VLANs Enabled: 2-1001 Priority for untagged frames: 0 Override VLAN tag priority: FALSE Voice VLAN: none Appliance trust: none Comptt-SW# Page 8 of 8

AirTight SpectraGuard Network Detector Configuration: config]$ set mode (select 2 for combo and 3 for network detector) If the DNS entry wif-security-server is not configured for your network, you will need to point the Sensor to the server and to do this issue the command: [config]$ set server discovery (enter IP address of server) 192.168.1.246 This has the sensor point to the server. Notes Cisco Catalyst switch needs to be configured for 802.1Q trunking Cisco Catalyst switch does NOT tag frames on native VLAN - In the above configuration native VLAN is 1 (default native VLAN for all trunks on Cisco Catalyst switches) - In the above configuration, VLANs 10,20,30, 50, and 192 are the active wired VLANs Set VLAN ID for the SpectraGuard to communicate with the Enterprise server for a VLAN where tagging is ENABLED! (i.e. should be a non-native VLAN) - In the above configuration, VLAN-ID 30 (tagged) is chosen as the VLAN for the Network Detector to communicate with the SpectraGuard server An Extreme Networks sample configuration: From a switch with factory default configuration (ExtremeWare 7.3.X), these should be all the commands needed to build a test lab utilizing network detector. Extreme Networks Switch Configuration Configure default delete ports all Create VLAN server1 Configure VLAN server1 ipaddress 192.168.1.1/24 Configure VLAN server1 add ports 1-2 Create VLAN user10 Configure VLAN user10 ipaddress 192.168.10.1/24 Configure VLAN user10 add ports 5-6 Configure VLAN user10 tag 10 Configure VLAN user10 add port 3 tag Create VLAN user20 Configure VLAN user20 ipaddress 192.168.20.1/24 Configure VLAN user20 add ports 7-8 Page 9 of 8

Configure VLAN user20 tag 20 Configure VLAN user20 add port 3 tag Create VLAN user30 Configure VLAN user30 ipaddress 192.168.30.1/24 Configure VLAN user30 add ports 9-10 Configure VLAN user30 tag 30 Configure VLAN user30 add port 3 tag Enable IPforwarding Configure ospf add VLAN all area 0.0.0.0 Enable ospf Enable bootprelay Configure bootprelay add 192.168.1.5 {the ipaddress of dhcp server} AirTight SpectraGuard Network Detector Configuration: [config]$ set mode (select 2 for combo and 3 for network detector) If the DNS entry wif-security-server is not configured for your network, you will need to point the Sensor to the server and to do this issue the command: [config]$ set server discovery (enter IP address of server) 192.168.1.246 This has the sensor point to the server. Notes: Plug the Network detector into port 3 as this is a trunk port. Page 10 of 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information