Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NTop: Users

Ntop + Cisco Setup - Newbie

  

 
NTop users RSS feed   Index | Next | Previous | View Threaded


stevei at paonline

May 30, 2006, 7:03 AM

Post #1 of 4 (1007 views)
Permalink
Ntop + Cisco Setup - Newbie
Just recently installed ntop to do some preliminary testing. Ntop is connected to Cisco Catalyst 2950 switch with port spanning configured to mirror all data to ntop. However, I cannot seem to connect to ntop sensor via web interface. I had verified the installation prior to putting it into the LAN and everything was working fine.

My question is in this configuration, do I need to install a second NIC card in my ntop box? I thought that since all data is being mirrored to the existing NIC, I may need a second card which would then plug into a non-spanned (mirrored) port on the switch which would give me access to the ntop interface. Or is it that I may have simply configured the switch incorrectly?

Thank you.
_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop


Burton at ntopSupport

May 30, 2006, 7:07 AM

Post #2 of 4 (983 views)
Permalink
RE: Ntop + Cisco Setup - Newbie [In reply to]
Using the second NIC is required - I'm pretty sure Cisco dumps packets
coming INTO a span port on the switch.

You want to make sure that you know which nic is which and set the -i
(interface) and -w (web server) correctly. The defaults (everything and
everything) might work, but probably won't do what you want.

Say eth0 is the span port NIC (configure this without an IP address for
safety) and eth1 is the access NIC, ip 192.168.1.12... Then you want to
configure ntop to listen on eth0 and talk on eth1:

-i eth0 -w 192.168.1.12:3000

-----Burton


-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Steve Ickes
Sent: Tuesday, May 30, 2006 9:04 AM
To: ntop [at] unipi
Subject: [Ntop] Ntop + Cisco Setup - Newbie

Just recently installed ntop to do some preliminary testing. Ntop is
connected to Cisco Catalyst 2950 switch with port spanning configured to
mirror all data to ntop. However, I cannot seem to connect to ntop sensor
via web interface. I had verified the installation prior to putting it into
the LAN and everything was working fine.

My question is in this configuration, do I need to install a second NIC card
in my ntop box? I thought that since all data is being mirrored to the
existing NIC, I may need a second card which would then plug into a
non-spanned (mirrored) port on the switch which would give me access to the
ntop interface. Or is it that I may have simply configured the switch
incorrectly?

Thank you.
_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop


wshuffman at gmail

May 30, 2006, 7:12 AM

Post #3 of 4 (992 views)
Permalink
Re: Ntop + Cisco Setup - Newbie [In reply to]
Steve,
You will have to put on an ingress filter to allow your outside traffic to
get to the ntop server. I have 2 vlans on a cisco 3560, one for the
customer. Vlan 40 is the link to our data center, and 41 the user link.
Below are the commands that I use.

monitor session 11 source interface Fa0/1
monitor session 11 destination interface fa0/12 ingress untagged vlan 40

This allows me to access the ntop server.


On 5/30/06, Steve Ickes <stevei [at] paonline> wrote:
>
> Just recently installed ntop to do some preliminary testing. Ntop is
> connected to Cisco Catalyst 2950 switch with port spanning configured to
> mirror all data to ntop. However, I cannot seem to connect to ntop sensor
> via web interface. I had verified the installation prior to putting it into
> the LAN and everything was working fine.
>
> My question is in this configuration, do I need to install a second NIC
> card in my ntop box? I thought that since all data is being mirrored to the
> existing NIC, I may need a second card which would then plug into a
> non-spanned (mirrored) port on the switch which would give me access to the
> ntop interface. Or is it that I may have simply configured the switch
> incorrectly?
>
> Thank you.
> _______________________________________________
> Ntop mailing list
> Ntop [at] unipi
> http://listgateway.unipi.it/mailman/listinfo/ntop
>


stevei at paonline

May 30, 2006, 6:47 PM

Post #4 of 4 (982 views)
Permalink
Re: Ntop + Cisco Setup - Newbie [In reply to]
Thanks for the reply. I did add the 2nd NIC (no IP) and configured as
suggested. So far so good.

Burton Strauss wrote:

>Using the second NIC is required - I'm pretty sure Cisco dumps packets
>coming INTO a span port on the switch.
>
>You want to make sure that you know which nic is which and set the -i
>(interface) and -w (web server) correctly. The defaults (everything and
>everything) might work, but probably won't do what you want.
>
>Say eth0 is the span port NIC (configure this without an IP address for
>safety) and eth1 is the access NIC, ip 192.168.1.12... Then you want to
>configure ntop to listen on eth0 and talk on eth1:
>
>-i eth0 -w 192.168.1.12:3000
>
>-----Burton
>
>
>-----Original Message-----
>From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
>Steve Ickes
>Sent: Tuesday, May 30, 2006 9:04 AM
>To: ntop [at] unipi
>Subject: [Ntop] Ntop + Cisco Setup - Newbie
>
>Just recently installed ntop to do some preliminary testing. Ntop is
>connected to Cisco Catalyst 2950 switch with port spanning configured to
>mirror all data to ntop. However, I cannot seem to connect to ntop sensor
>via web interface. I had verified the installation prior to putting it into
>the LAN and everything was working fine.
>
>My question is in this configuration, do I need to install a second NIC card
>in my ntop box? I thought that since all data is being mirrored to the
>existing NIC, I may need a second card which would then plug into a
>non-spanned (mirrored) port on the switch which would give me access to the
>ntop interface. Or is it that I may have simply configured the switch
>incorrectly?
>
>Thank you.
>_______________________________________________
>Ntop mailing list
>Ntop [at] unipi
>http://listgateway.unipi.it/mailman/listinfo/ntop
>
>_______________________________________________
>Ntop mailing list
>Ntop [at] unipi
>http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
>
_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop

NTop users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.