Mailing List Archive

Hi,

> On 1 Aug 2018, at 10:44, Victor Hooi <victorhooi@yahoo.com> wrote:
>
> Hi,
>
> Ntopng Edge looks really awesome!
>
> I'm reading through the documentation at https://www.ntop.org/guides/nedge/ <https://www.ntop.org/guides/nedge/>.
>
> Our plan is to use Ntopng Edge in bridge mode.
>
> We have a pfSense router, and we use VLANs to segment up our LAN. The router is configured to give different DHCP addresses range for each VLAN.
>

Ok, so you don't have to worry about overlapping IP addresses on different VLANs that are not handled by nEdge as described in the guide.

> However, the docs mention that neither captive portal or DNS portal will work. Is there a specific reason for this limitation?

Currently this is not supported for simplicity. Those features involve redirects and that can become cumbersome with VLANs. If you have special requirements, please tell us a use casa and we will consider it for implementation.

>
> Also, what other configuration is necessary for ntopng edge to work in a VLAN network?

Assuming you are on a VLAN trunk, that is written on the readme (https://www.ntop.org/guides/nedge/bridging.html?highlight=vlan <https://www.ntop.org/guides/nedge/bridging.html?highlight=vlan>). If you have VLAN-interfaces on the host, there's nothing special to do. You will see them appearing in the nEdge UI.

>
> And are there other limitations as well, if we use VLANs?
>
> Thanks,
> Victor
>
> PS: If I notice any typos in the documentation - is there some way I can submit PRs or fixes?
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Hi,

> On 1 Aug 2018, at 10:44, Victor Hooi <victorhooi@yahoo.com> wrote:
>
> Hi,
>
> Ntopng Edge looks really awesome!
>
> I'm reading through the documentation at https://www.ntop.org/guides/nedge/ <https://www.ntop.org/guides/nedge/>.
>
> Our plan is to use Ntopng Edge in bridge mode.
>
> We have a pfSense router, and we use VLANs to segment up our LAN. The router is configured to give different DHCP addresses range for each VLAN.
>

Ok, so you don't have to worry about overlapping IP addresses on different VLANs that are not handled by nEdge as described in the guide.

> However, the docs mention that neither captive portal or DNS portal will work. Is there a specific reason for this limitation?

Currently this is not supported for simplicity. Those features involve redirects and that can become cumbersome with VLANs. If you have special requirements, please tell us a use casa and we will consider it for implementation.

>
> Also, what other configuration is necessary for ntopng edge to work in a VLAN network?

Assuming you are on a VLAN trunk, that is written on the readme (https://www.ntop.org/guides/nedge/bridging.html?highlight=vlan <https://www.ntop.org/guides/nedge/bridging.html?highlight=vlan>). If you have VLAN-interfaces on the host, there's nothing special to do. You will see them appearing in the nEdge UI.

>
> And are there other limitations as well, if we use VLANs?
>
> Thanks,
> Victor
>
> PS: If I notice any typos in the documentation - is there some way I can submit PRs or fixes?
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Hi,

For the VLAN limitations - having the captive portal would actually be nice.

My understanding is that we need the captive portal - so that when an
unrecognised device connects, the user can login with a username/password,
and we can assign that traffic to the correct user, right?

Without that - they would automatically just go to the "Not assigned" user
- or we'd need to make sure each device was manually added beforehand via
it's MAC address.

We use VLANs to separate out different types of traffic in our network - so
it would be good to have that, and still allow people to register devices
via Ntopng Edge.

Also - are there any differences in the monitoring/analytics features of
Ntopng vs Ntopng edge? Or put another way, is there any advantage to having
traffic go in-line via Ntopng Edge, and then also mirror that traffic to
Ntopng for analysis?

Regards,
Victor

On Wed, Aug 1, 2018 at 10:32 PM Simone Mainardi <mainardi@ntop.org> wrote:

> Hi,
>
> On 1 Aug 2018, at 10:44, Victor Hooi <victorhooi@yahoo.com> wrote:
>
> Hi,
>
> Ntopng Edge looks really awesome!
>
> I'm reading through the documentation at
> https://www.ntop.org/guides/nedge/.
>
> Our plan is to use Ntopng Edge in bridge mode.
>
> We have a pfSense router, and we use VLANs to segment up our LAN. The
> router is configured to give different DHCP addresses range for each VLAN.
>
>
> Ok, so you don't have to worry about overlapping IP addresses on different
> VLANs that are not handled by nEdge as described in the guide.
>
> However, the docs mention that neither captive portal or DNS portal will
> work. Is there a specific reason for this limitation?
>
>
> Currently this is not supported for simplicity. Those features involve
> redirects and that can become cumbersome with VLANs. If you have special
> requirements, please tell us a use casa and we will consider it for
> implementation.
>
>
> Also, what other configuration is necessary for ntopng edge to work in a
> VLAN network?
>
>
> Assuming you are on a VLAN trunk, that is written on the readme (
> https://www.ntop.org/guides/nedge/bridging.html?highlight=vlan). If you
> have VLAN-interfaces on the host, there's nothing special to do. You will
> see them appearing in the nEdge UI.
>
>
> And are there other limitations as well, if we use VLANs?
>
> Thanks,
> Victor
>
> PS: If I notice any typos in the documentation - is there some way I can
> submit PRs or fixes?
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Hi,

For the VLAN limitations - having the captive portal would actually be nice.

My understanding is that we need the captive portal - so that when an
unrecognised device connects, the user can login with a username/password,
and we can assign that traffic to the correct user, right?

Without that - they would automatically just go to the "Not assigned" user
- or we'd need to make sure each device was manually added beforehand via
it's MAC address.

We use VLANs to separate out different types of traffic in our network - so
it would be good to have that, and still allow people to register devices
via Ntopng Edge.

Also - are there any differences in the monitoring/analytics features of
Ntopng vs Ntopng edge? Or put another way, is there any advantage to having
traffic go in-line via Ntopng Edge, and then also mirror that traffic to
Ntopng for analysis?

Regards,
Victor

On Wed, Aug 1, 2018 at 10:32 PM Simone Mainardi <mainardi@ntop.org> wrote:

> Hi,
>
> On 1 Aug 2018, at 10:44, Victor Hooi <victorhooi@yahoo.com> wrote:
>
> Hi,
>
> Ntopng Edge looks really awesome!
>
> I'm reading through the documentation at
> https://www.ntop.org/guides/nedge/.
>
> Our plan is to use Ntopng Edge in bridge mode.
>
> We have a pfSense router, and we use VLANs to segment up our LAN. The
> router is configured to give different DHCP addresses range for each VLAN.
>
>
> Ok, so you don't have to worry about overlapping IP addresses on different
> VLANs that are not handled by nEdge as described in the guide.
>
> However, the docs mention that neither captive portal or DNS portal will
> work. Is there a specific reason for this limitation?
>
>
> Currently this is not supported for simplicity. Those features involve
> redirects and that can become cumbersome with VLANs. If you have special
> requirements, please tell us a use casa and we will consider it for
> implementation.
>
>
> Also, what other configuration is necessary for ntopng edge to work in a
> VLAN network?
>
>
> Assuming you are on a VLAN trunk, that is written on the readme (
> https://www.ntop.org/guides/nedge/bridging.html?highlight=vlan). If you
> have VLAN-interfaces on the host, there's nothing special to do. You will
> see them appearing in the nEdge UI.
>
>
> And are there other limitations as well, if we use VLANs?
>
> Thanks,
> Victor
>
> PS: If I notice any typos in the documentation - is there some way I can
> submit PRs or fixes?
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop