Setting a subnet scope zone

Set a subnet scope zone when one of your managed regions is made up of a complete subnet.

A subnet scope zone can be an inclusion zone, an area of the network to be included in the discovery process, or an exclusion zone, an area of the network to be excluded from the discovery process. Let's suppose that your managed regions include the following subnet scope zones: the entire Class B subnet, 10.40.0.0/16 (inclusion zone), except for the Class C subnet 10.40.2.0/24 (exclusion zone). This can be represented graphically as follows. Only devices in the darker area are included in the discovery.

Note: The exclusion zone must be a subset of an inclusion zone otherwise you may find that the discovery has no boundaries. If you make the exclusion zone a subset of the inclusion zone then everything outside the exclusion zone becomes in scope.

To create the exclusion zone within the inclusion zone, first add the Class B subnet, 10.40.0.0/16 as an inclusion zone, and then add the Class C subnet 10.40.2.0/24 as an exclusion zone.

1. Click Scope.
   This takes you back to the Scope Configuration section of the GUI, where you can configure the subnet scopes.
2. To add a new scope zone, click New .
   The Scope Properties page is displayed.
3. Leave the Protocol setting at IPv4.
   This is the required protocol setting as the Class B subnet inclusion zone 10.40.0.0/16 is an IPv4 address.
4. Ensure that Scope By *Subnet is selected, and type the IP address 10.40.0.0 in the Subnet field. In the adjacent field following the slash sign, /, type the subnet mask 16.
5. Ensure that the Action setting is set to Include.
   This defines the Class B subnet scope zone, 10.40.0.0/16 as an inclusion zone.
6. Ensure that Add to Ping Seed List is checked.

   Clicking this option automatically adds all the devices in the Class B subnet scope zone to the ping seed list. The discovery process will therefore attempt to ping every single device in this scope zone. This is known as ping sweeping.

   Ping sweeping results in long discoveries, as the discovery process has to try every single possible IP address in the subnet. Class B subnets can take up to two to three hours to ping sweep. Class A networks can take a day or more to ping sweep. However, ping sweeping takes minimal effort to configure and is useful when you are configuring initial discoveries as it enables the system to automatically discover all devices within scope. Later, when you have successfully discovered your managed network and want to schedule more efficient production discoveries, you can generate a list of discovered IP addresses, and use this as the ping seed list rather than ping sweeping.

   Restriction: The Add to Ping Seed List option is not available for IPv6 scope zones. This prevents ping sweeping of IPv6 subnets, which can potentially contain billions of devices to be pinged. Ping sweeping of IPv6 subnets can therefore result in a non-terminating discovery.

   Ping sweeping relies on an active Ping finder. The discovery process uses the Ping finder to find devices specified in the ping seed list. You will enable the Ping finder as part of one of the next tasks.

7. Click OK to add this scope zone.
8. To add the Class C subnet 10.40.2.0/24 exclusion zone, click New .
9. Ensure that Scope By *Subnet is selected, and type the IP address 10.40.2.0 in the Subnet field. In the adjacent field following the slash sign, /, type the subnet mask 24.
10. Under Action click Exclude.
    This defines the Class C subnet 10.40.2.0/24 as an exclusion zone.
11. Click OK to add this scope zone.
12. Click Save to save your discovery configuration settings.