VLAN and Trunked Environments

Hardware Requirements

There are several requirements for using WiSentry Remote Agents in VLAN environments.

• VLAN Mode requires an Intel Pro/1000 Ethernet Adapter with driver version 8.0 and higher. 
  Due to driver incompatibility, WiSentry has not been tested with other cards and may or may not work.  If you have a card that is not listed, please Contact WiMetrics to see if additional adapters have been added.
• The adapter VLAN, including IP address, must be setup before installing a WiSentry Remote Agent in VLAN mode.
  This is because the WiSentry Remote agents binds with the adapter when installed.  If you have not previously installed you VLAN, the WiSentry Remote Agent will bind with the physical adapter and as a result, will not see the VLAN (s).

F Failure to observe the above requirements will result in invalid device discovery in WiSentry.

Server and Switch VLAN Setup

Server Setup

WiSentry can function on a port configured for a single VLAN or on a trunk containing multiple VLANs. There is an Intel adapter limit of 64 VLANs per physical adapter so monitoring more than 64 VLANs will require multiple adapters. Each VLAN to be monitored must have a corresponding virtual network adapter configured.  (Refer to the documentation provided with the Intel Pro Adapter for additional information about configuring VLANs.) Since WiSentry uses TCP/IP packets to detect access points, be sure and configure appropriate TCP/IP parameters for each VLAN.

F If only one VLAN needs to be monitored, WiSentry can be setup in standard (non-VLAN) mode. In this case, configure the switch port that WiSentry will use to belong to the desired VLAN. In a standard mode configuration such as this, it is not necessary to use the Intel Pro Adapter or setup VLANs on the WiSentry server machine.

Switch Setup

To monitor multiple VLANs with WiSentry, it is necessary to configure a trunk port on the switch. (Refer to your switch manufacturers documentation for more information about setting up trunk ports.) The trunk port should contain the VLANs to be monitored and the configuration should match the Intel Pro Adapter VLAN setup as described above. Define the trunk port to use 802.1Q encapsulation.

F It may be necessary to separate the management VLAN and the native VLAN on some switches since the switch may remove the management VLAN tags on a trunk port where the management and native VLANs are the same. (The native VLAN is the VLAN where all non-tagged traffic, i.e. traffic that does not belong to a VLAN, is sent.) On some switches it is possible configure the port to add tags to the untagged traffic on the native VLAN. In this case it is not necessary to separate the VLANs.

WiSentry VLAN Setup

To enable VLAN support for WiSentry, select the “Enable VLAN Mode” option while installing the product. VLAN support can also be enabled after installation by selecting the agent in the administration console, then either right-clicking or selecting “Actions” from the menu, and selecting “Configure Service…”.  Enable VLAN mode by selecting “Enable VLAN Mode”.

Monitoring VLANs with WiSentry

After WiSentry has been properly configured and started, each suspected access point will be displayed on the administration console. Since more than one VLAN can be monitored from a single agent, the VLAN ID for each suspected access point is displayed in the “VLAN” column of the console.

Top