Discussion:
[Ntop] Ntopng Edge and VLANs - limitations?
Victor Hooi
2018-08-01 08:44:42 UTC
Permalink
Hi,

Ntopng Edge looks really awesome!

I'm reading through the documentation at https://www.ntop.org/guides/nedge/.

Our plan is to use Ntopng Edge in bridge mode.

We have a pfSense router, and we use VLANs to segment up our LAN. The
router is configured to give different DHCP addresses range for each VLAN.

However, the docs mention that neither captive portal or DNS portal will
work. Is there a specific reason for this limitation?

Also, what other configuration is necessary for ntopng edge to work in a
VLAN network?

And are there other limitations as well, if we use VLANs?

Thanks,
Victor

PS: If I notice any typos in the documentation - is there some way I can
submit PRs or fixes?
Victor Hooi
2018-08-06 03:22:13 UTC
Permalink
Hi,

For the VLAN limitations - having the captive portal would actually be nice.

My understanding is that we need the captive portal - so that when an
unrecognised device connects, the user can login with a username/password,
and we can assign that traffic to the correct user, right?

Without that - they would automatically just go to the "Not assigned" user
- or we'd need to make sure each device was manually added beforehand via
it's MAC address.

We use VLANs to separate out different types of traffic in our network - so
it would be good to have that, and still allow people to register devices
via Ntopng Edge.

Also - are there any differences in the monitoring/analytics features of
Ntopng vs Ntopng edge? Or put another way, is there any advantage to having
traffic go in-line via Ntopng Edge, and then also mirror that traffic to
Ntopng for analysis?

Regards,
Victor
Post by Victor Hooi
Hi,
Hi,
Ntopng Edge looks really awesome!
I'm reading through the documentation at
https://www.ntop.org/guides/nedge/.
Our plan is to use Ntopng Edge in bridge mode.
We have a pfSense router, and we use VLANs to segment up our LAN. The
router is configured to give different DHCP addresses range for each VLAN.
Ok, so you don't have to worry about overlapping IP addresses on different
VLANs that are not handled by nEdge as described in the guide.
However, the docs mention that neither captive portal or DNS portal will
work. Is there a specific reason for this limitation?
Currently this is not supported for simplicity. Those features involve
redirects and that can become cumbersome with VLANs. If you have special
requirements, please tell us a use casa and we will consider it for
implementation.
Also, what other configuration is necessary for ntopng edge to work in a
VLAN network?
Assuming you are on a VLAN trunk, that is written on the readme (
https://www.ntop.org/guides/nedge/bridging.html?highlight=vlan). If you
have VLAN-interfaces on the host, there's nothing special to do. You will
see them appearing in the nEdge UI.
And are there other limitations as well, if we use VLANs?
Thanks,
Victor
PS: If I notice any typos in the documentation - is there some way I can
submit PRs or fixes?
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
Loading...