mirror/archived-netvisor
1
0
Fork 0
mirror of https://github.com/mayanayza/netvisor.git synced 2025-12-10 08:24:08 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev
archived-netvisor/docs/MULTI_VLAN_GUIDE.md
Maya Ferrandiz ca99c141cf fix: topology auto-reload works for options changes
2025-12-09 17:47:15 -05:00

145 lines
5.5 KiB
Markdown
Raw Permalink Blame History

# Multi-VLAN Deployment Guide
Guide for deploying NetVisor across multiple VLANs and network segments.
## Table of Contents
- [Overview](#overview)
- [When You Need Multiple Daemons](#when-you-need-multiple-daemons)
- [Deployment Strategies](#deployment-strategies)
- [Step-by-Step Setup](#step-by-step-setup)
- [Network Requirements](#network-requirements)
## Overview
NetVisor uses daemons to discover hosts and services. The integrated daemon can scan networks it has direct access to, but isolated VLANs require additional daemons.
```
┌─────────────────────────────────────────────────────────────┐
│ NetVisor Server │
│ (192.168.1.10:60072) │
└─────────────────────────┬───────────────────────────────────┘
┌─────────────────┼─────────────────┐
│ │ │
▼ ▼ ▼
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ VLAN 1 │ │ VLAN 2 │ │ VLAN 3 │
│ Production │ │ IoT │ │ Guest │
│ 192.168.1.0/24│ │ 192.168.2.0/24│ │ 192.168.3.0/24│
│ [Daemon 1] │ │ [Daemon 2] │ │ [Daemon 3] │
└───────────────┘ └───────────────┘ └───────────────┘
```
## When You Need Multiple Daemons
### Single Daemon is Sufficient When:
- All hosts are on the same subnet as the daemon
- You have a management host with routes to all VLANs
- Your firewall allows the daemon to reach all subnets
- You don't need MAC addresses from isolated networks
### Multiple Daemons Required When:
- VLANs are isolated by firewall rules
- You need accurate MAC address collection (requires Layer 2 access)
- Different networks have different security requirements
## Deployment Strategies
### Strategy 1: Daemon Per VLAN (Recommended)
Deploy a lightweight daemon on each VLAN.
**Pros:** Full Layer 2 access (MAC addresses, ARP), no inter-VLAN firewall rules needed, best discovery accuracy
**Cons:** More daemons to manage, requires a host on each VLAN
**Best for:** Production environments, security-conscious deployments
### Strategy 2: Central Daemon with Routing
Use a single daemon on a host that can route to all VLANs.
**Pros:** Single daemon to manage
**Cons:** No MAC address collection for remote subnets, requires firewall rules, Layer 3 only
**Best for:** Small networks, lab environments, quick setup
### Strategy 3: Hybrid Approach
Central daemon for routable networks, dedicated daemons for isolated segments.
## Step-by-Step Setup
### Step 1: Plan Your Deployment
| VLAN | Subnet | Purpose | Daemon Location |
|------|--------|---------|-----------------|
| 1 | 192.168.1.0/24 | Production | netvisor-server host |
| 10 | 192.168.10.0/24 | IoT | IoT management VM |
| 20 | 192.168.20.0/24 | Guest | Guest network AP |
### Step 2: Create Daemon in NetVisor UI
1. Navigate to **Manage > Daemons**
2. Click **"Create Daemon"**
3. Select the target network
4. Choose daemon mode:
- **Push**: Server initiates scans (daemon must be reachable from server)
- **Pull**: Daemon polls for work (daemon only needs outbound access to server)
5. Click **"Generate Key"**
6. Copy the installation command
### Step 3: Deploy Daemon
Follow the installation instructions in [INSTALLATION.md - Additional Daemons](INSTALLATION.md#additional-daemons).
For Docker container discovery on the daemon host, see [DOCKER_PROXY_GUIDE.md](DOCKER_PROXY_GUIDE.md).
### Step 4: Configure Discovery
1. Navigate to **Discover > Scheduled**
2. Click **"Create Discovery"**
3. Select the daemon you deployed
4. Choose **Network Scan**
5. Select subnets to scan
6. Set schedule or run manually
### Step 5: Verify
1. Run a manual discovery from **Discover > Sessions**
2. Check **Manage > Hosts** for discovered devices
3. Verify **Topology** shows hosts from all VLANs
For consolidating hosts that appear on multiple VLANs, see [USER_GUIDE.md - Consolidating Hosts](USER_GUIDE.md#consolidating-hosts).
## Network Requirements
### Firewall Rules for Pull Mode (Recommended)
Daemon initiates all connections. Minimal firewall changes needed.
| Source | Destination | Port | Protocol | Purpose |
|--------|-------------|------|----------|---------|
| Daemon | Server | 60072 | TCP | API communication |
| Daemon | Local subnet | * | TCP | Network scanning |
### Firewall Rules for Push Mode
Server initiates scan requests. Daemon must be reachable.
| Source | Destination | Port | Protocol | Purpose |
|--------|-------------|------|----------|---------|
| Server | Daemon | 60073 | TCP | Push scan requests |
| Daemon | Server | 60072 | TCP | Report results |
| Daemon | Local subnet | * | TCP | Network scanning |
---
For troubleshooting daemon and discovery issues, see [INSTALLATION.md - Troubleshooting](INSTALLATION.md#troubleshooting).
**Need help?** Join our [Discord](https://discord.gg/b7ffQr8AcZ) or [open an issue](https://github.com/mayanayza/netvisor/issues/new).
Reference in New Issue View Git Blame Copy Permalink