Configuration / Advanced administration
Introduction to Initial Configuration
Advanced administration is group together in several sub-tabs within the "Administration" tab (version 2.2 RC2 and later). This tab is only visible to Administration (users with nac_rights=99), and not read-only or write users.
There are several tabs:
To get running initially,
- an administrator needs to be configured in the Users tab, with nac_rights=99.
- the vlan names and numbers need to be defined in the 'vlan' tab.
- appropriate modules and configuration options need to be enabled in the 'config tab'
Optionally, for better documentation and device tracking, the Location, DeviceTabs and OperatingSystems tabs should be examines.
The config table contains a list of settings on the server, that can be changed via this GUI. Do not make changes here, unless you understand the consequences.
Each entry has a type, name, value, comment (explaining what the variable is) and a date indicating when it was last changed.
Some key entries are listed below:
- DemoMode: Allows the GUI to be used by anyone without rights checking (value='1'), for initial testing. This should be set to '0' in production.
- Disable or enable server side modules.
e.g. AntiVirusEnabled, check_for_expire, detect_hubs, lastseen_sms, NmapEnabled, PatchCableEnabled, StaticInvEnabled.
==> It is recommended to disable all of these after an initial install, to keep the system as simple as possible. Then enable each option one by one and test.
- GUI user authentication: guidomain
- default_vlan: what is the DB index of the global default valn to be used for unknown end-devices?
- set_vlan_for_unknowns: When unknowns are added to the DB automatically, what vlan index should they be assigned? This is typically the same as default_vlan.
- router_*: Router relevant configuration.
To do: references to documentation where all of these options are described!