content:en_us:7_ug_network_map

Network Map

The Network Map app provides a way to map devices to specific users. Some of the benefits of using this app:

  • Simplifies Reports - usernames instead of IP/MAC address
  • Provides IP-based Content Filter Policies - no user-authentication required
  • Facilitates MAC-based Access Control
There is no limit for mapped devices on ClearOS 7 Business edition. However, there is a limit of 20 mapped devices on Community edition and 50 mapped devices on Home edition.

Installation

If your system does not have this app available, you can install it via the Marketplace.

You can find this feature in the menu system at the following location:

<navigation>Network|Device Management|Network Map</navigation>

Configuration

Network Scan

Once the Network Map app is installed, it starts to scan your network for devices. As soon as a device makes a connection to ClearOS, it leaves a fingerprint in the network map scan. A summary of the number of unknown devices is shown in the web-based interface as shown in the screenshot below:

ClearOS Network Map - Scan Summary

Clicking on Show Details takes you to a list of unmapped devices seen on the network:

ClearOS Network Map - Unmapped Summary

Along with the MAC address, IP and the timestamp of the last time the device was seen on the network, Vendor information is shown. In the screenshot shown, it is easier for an administrator to identify devices based on vendor information:

  • An HPE server
  • An IgniteNet switch
  • A Huawei cell phone
  • An Apple device

Once a device has been identified, it is simply a matter of hitting the Map button.

Mapping

Whether you make a selection from the network scan list or manually add a device, you can create a network map entry for a particular MAC address. The map includes:

  • MAC Address
  • Username
  • IP Address

You can also specify optional information to help identify and sort devices:

  • Nickname - an easy to remember name of your choosing
  • Vendor - hardware vendor tag
  • Device Type - laptop, tablet, router, etc.
Although you can change the Vendor, it is recommended that you don't or you'll end up with your mapped device as intended, but you'll also get an unmapped device showing with the original Vendor. There is a bug filed for this.

ClearOS Network Map - Mapping Devices

Arpwatch e-mails

The underlying program, arpwatch, is set up to send out an e-mail to root every time it detects a change in the network. This can be useful but it can also be a PITA. If you want to receive them you should alias “root” to a valid user in /etc/aliases. If you don't want to receive them, you need to edit /etc/sysconfig/arpwatch, change:

OPTIONS="-u arpwatch -N -e root -s 'root (Arpwatch)'"

to:

OPTIONS="-u arpwatch -N -e -"

then restart arpwatch with:

SERVICES=$(ls /etc/systemd/system/multi-user.target.wants/arpwatch*)
for SERVICE in $SERVICES; do
    true
    /bin/systemctl condrestart $(basename $SERVICE) > /dev/null 2>&1
done

Also check /var/spool/mail/root and possibly delete the file if you don't want the e-mails it contains. The file will be recreated automatically if it is needed by other programs.

content/en_us/7_ug_network_map.txt · Last modified: 2020/07/31 09:08 by 84.9.57.48