Page tree

The Zone Networks tab displays labeling and control information associated with each of your zones. This information is the Known, Eligible, Internal and Avoid Lists. Of these,  Eligible, Avoid, and to a limited extent Known control and limit discovery by collectors. Internal plays a role in post-discovery reporting and analysis.

The Zone Network settings apply to any and all collectors operating in a zone.

To prepare for discovery, you'll need select a zone and specify members of that zone's lists (i.e., IPs and CIDRs), which describe a "kick-off" set of devices Lumeta will use to discover the comprehensive universe of network devices in that zone. It may be helpful to think of the Zone Networks as your "starter set" of networks to discover. 

Eligible Zone Networks

When a device discovered by any collector in a zone is listed in Eligible, that device is interrogated by the current collector and all others collectors in the zone.  Any device (IP or CIDR) your collector discovers via Lumeta's target becomes available for other collectors to target when and only when that device is also listed in Eligible. Because of this, the Eligible list serves as a bridge between collectors–sharing discovered information with other collectors in the zone. 

Those Lumeta-discovered subnets---the ones your organization didn't know about originally—become authorized for further investigation by Lumeta when your organization adds them to the Eligible list. As you come to understand these subnets better, you will take ownership of some of them by labeling them as Internal Zone Networks.

The Eligible list is the set of networks you give Lumeta permission to probe. If an Lumeta collector discovers an IP or CIDR that is not included on the Target list, it then checks the Eligible list. If the element is on the Eligible list, it is interrogated; otherwise, it proceeds to the Avoid list. If it is not included on the Avoid list, the element is interrogated. If a network you didn't know about was discovered via SNMP, for example, you might choose to add that network to the Eligible list to ensure that it is included in subsequent explorations.

When you enable TargetDiscoveredRoutes in Host Discovery,  Lumeta goes after all Host-discovered devices that are in the Eligible List. When you enable TargetDiscoveredRoutes in Path Discovery, Lumeta traces to all of the Eligible networks and can display the findings in a map. Discovery types SNMP, Port, Profile, and Leak can be configured to run on Eligible-discovered subnets.

Known Zone Networks

IPs and CIDRs that you recognize and are aware of are recorded in your Known list. These are subnets about which you are superficially acquainted. You do not own them or manage them. You may or may not want more information about them. The Known list enables you to define and label devices via associated CIDR blocks as "known" for reporting and analysis purposes.

The Known list does not control discovery processes. It is used to label data and therefore affects how data is reported. It may be helpful to think of the
 Known list as "networks your company knows about."

When you change the designation (i.e., label) of a network element from unknown to known, Lumeta recommends that you add that element to your Eligible list, so that from that point forward, all collectors in the zone (and not just the current, selected collector) will interrogate it.

Internal Zone Networks

Subnets in a zone that your organization owns and manages. Internal subnets are those belonging to the zone. Lumeta uses the list of Internal subnets to define the perimeter of your network. The last forwarding devices -- the "hop" before a packet lands beyond Internal space–these are defined as perimeter routers and the network edge. The Internal Zone Networks list enables you to define and label devices via associated CIDR blocks as "Internal" for the purposes of reporting, mapping, and analysis. The Internal list affects reporting only and not discovery. By interrogating your Internal list, you can be apprised when an element in your zone goes inactive. 

As an aside, a handy way to force your 'preferred' reference IP is to use the  Internal List.  For example, if you use a management network of 10.1.0.0/16 for router management and that is how they should be identified on the map, put 10.1.0.0/16 in your Internal List. 

Preference order for reference Ip is:

  1. mac
  2. ipv4
  3. internal
  4. trusted
  5. known



  • No labels