RE: [Netpass-users] NetPass installation?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Okay.  I now understand much better how things fit together.  Thanks Jeff! 
Here's answers to the questions you asked:

> did we put something in the doc about endace?

That was on Part 2c which gives instructions to "Configure Snort to work
with endace cards".  I guess that is really more of an add-on to NetPass.

> what equipment(switches & routers) are you using? 

We're currently just implementing this on a small satellite campus of
K-State University.  The dorms are connected directly to the campus network
through Cisco 2924 switches.  There is no router between the dorms and the
campus network.  All SNMP traffic is currently isolated on a separate VLAN.
I guess that means that we'll need three interfaces on the NetPass server:
Quar, Unquar, and SNMP VLAN.  Does that sound reasonable?

Thanks again,
Troy

-----Original Message-----
From: net...@li...
[mailto:net...@li...]On Behalf Of Jeff
Murphy
Sent: Tuesday, June 07, 2005 10:02 PM
To: net...@li...
Subject: Re: [Netpass-users] NetPass installation?

Harding, Troy wrote:
> Thanks!  From reading through the guide it looks like I'll need an Endace
> card.  Is that right?  So for a 100Base-T network I should get something
> like a DAG 3.6EP.
> 

hmm. no. did we put something in the doc about endace?

> I'm still a little fuzzy on the configuration... so I will have a NetPass
> server inline between the quarantined VLAN and the campus network, right?

no, it works out-of-band... sort of. it is inline for the quarantine 
vlans. but once the client is outside of quarantine, the netpass server 
is no longer inline.

http://netpass.sf.net/ov/

has some diagrams. check out "np1.png"

> But don't I also need to be able to analyze traffic on all the dorm switch
> ports, so the NetPass server will also need to be connected to a SPAN
> monitoring port on the switches? 

no, you'll bridge the vlans back to the netpass server. what equipment 
(switches & routers) are you using? how many ports total?

  Do I need another network card in the
> NetPass server or will the Endace card be adequate.  Or maybe I'm just
> thinking about this all wrong.
> 
> Sorry about the newbie questions.

what you'll need is roughly 1 CPU, 1G ram per 1000 users (ports) in 
order to handle startup and mass-quarantining. for 6000-8000 users, 
we've had success with 2 dual 2.8ghz machines with 3-4G ram each. we're 
running in a load-balancing configuration.

each machine has 2 nics, which is pretty much standard these days on 
rackable servers.

the inside nic (eth1), as shown in np1.png, sits in the quarantine vlan 
and is configured with the IP address of the client's subnet gateway. 
either using gratuitous arp, or by having the appropriate cisco gear, 
you can convince the clients to quickly pickup any change in the gateway 
as they swing between the quar and unquar vlans.

when in the unquar vlan, the netpass servers are out of the picture. the 
client is routed as normal thru your network.

-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you
shotput
a projector? How fast can you ride your desk chair down the office luge
track?
If you want to score the big prize, get to know the little guy.  
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
Netpass-users mailing list
Net...@li...
https://lists.sourceforge.net/lists/listinfo/netpass-users