You could setup multiple instances of nTop on the same box. Each instance would re ..... wait, this might not work as easy as I thought....
OK.... Multiple instances of nTop on the same box. Each instance has a unique port for http/https you give to each manager - each instance has it's own password. I think each instance will need it's own netflow device and your core router will send to three destinations - I THINK... Not sure on this one. Here's the key. Use a filter on each instance to process the discrete network ranges for said instance. Ntop1 sees network1, Ntop2 sees network 2, etc. I haven't tried using the filter with a netflow device, so not sure if this is even possible. The only other way I can think of is custom html/jscript that hides data based on login. Depending on what version of IOS you have you MAY be able to do some filtering at the source as well. I've seen some crazy things done with loopback interfaces and PBR to get netflow to meet specific requirements - so there's some trickery that is possible. Gary -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Redder,Greg Sent: Tuesday, November 06, 2007 12:04 AM To: [EMAIL PROTECTED] Subject: [Ntop] Authentication or acccess control to data... I am feeding flows from a core router into an ntop box. Thus, this ntop box has data in it for several departmental networks here at the University. Each department has its own network manager. I'm interested in providing access for each network manager to his/her data, but not to other networks. I'm having a hard time figuring out a way to do this, if there even is a way, such that a user logs in and is only able to see the data corresponding their specific /24 and not other /24 networks they don't manage. I could do this by having one ntop box per network, but that's not too practical ;-) Is anyone doing something like this or have any creative ideas? Thank you -Greg Redder Network Analyst Colorado State University ======================================================================== ======= Greg Redder Academic Computing & Networking Services Colorado State University, ACNS Phone:(970)491-7222 FAX: (970)491-1958 601 S. Howes, Room 625 E-mail: [EMAIL PROTECTED] Fort Collins, CO 80523 PGP Fprint:CD62EAE6227D96FC7C232B16DFE3B5D9B2F64352 ======================================================================== ======= _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
