Cisco Tetration - Hands-On Lab

Module02: Collection Rules

In this module we will configure Collection Rules. Collection Rules govern what endpoints will be considered for inclusion in inventory. Typically this should be any internal IP address space of an organization. It may also make sense to configure public IP address space that is used by an organization, such as DMZ or public cloud address space.

When configuring Collection rules, we must first delete the IPv6 and IPv4 rules that are configured by default in a new Tetration deployment. Then we can create our own specific rules to match the internal IP space. In the lab, we’ll assume the customer uses all RFC1918 private address space inside their organization.

Click here to view a video of the tasks being performed to configure Collection Rules.

Steps for this Module

Perform the following tasks to configure Collection Rules.

Step 001 - Navigate to Collection Rules
Step 002 - Edit the Collection Rules
Step 003 - Delete the default IPv6 rule
Step 004 - Delete the default IPv4 rule
Step 005 - Enter a new exclude rule for IPv6
Step 006 - Enter a new exclude rule for IPv4
Step 007 - Enter a rule for 10.0.0.0/8
Step 008 - Enter a rule for 172.16.0.0/12
Step 009 - Enter a rule for 192.168.0.0/16
Step 010 - View the final ruleset

Click on the gear icon in the upper right hand corner and select Collection Rules.

Click on Edit.

Click Delete to remove the default ::/0: IPv6 rule.

Click Delete to remove the default 0.0.0.0/0 IPv4 rule.

Enter ::/0: in the Subnet field, select “Exclude traffic” and then Add Rule.

Enter 0.0.0.0/0 in the Subnet field, Select “Exclude traffic” and then Add Rule.

Enter 10.0.0.0/8 in the Subnet field, Select “include traffic” and then Add Rule.

Enter 172.16.0.0/12 in the Subnet field, Select “include traffic” and then Add Rule.

Enter 192.168.0.0/16 in the Subnet field, Select “include traffic” and then Add Rule.

Below is what the ruleset should look like when finished.