Managing Segments

ClearPass Device Insight uses segments to group subnets Subnet is the logical division of an IP network.. When you create a new segment, you assign it to a collector and then you associate it to one or more subnets. There is no subnet hierarchy within a segment. You cannot have overlapping subnets within a segment. You also cannot associate a segment to another segment. After the segment is created, you have the option to associate it to one or more augmentation methods (SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. , SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. , WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification., and NMAP). Following is an example of multiple segments:

Figure 1  Segments Example

In the example above, the enterprise has locations in Santa Clara, California and London, England. There network expands both locations. Each of those locations is a segment. In their Santa Clara, California location they have Building 1 and a Laboratory. Building 1 is a segment and it is associated with two subnets and two augmentation methods. Laboratory is a segment and it is associated with one subnet and one augmentation method.

ClearPass Device Insight is delivered with a segment titled "Catch All Segments". This segment is configured with these default RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss. 1918 subnet subnets:

  • 10.0.0.0/8
  • 192.168.0.0/16
  • 172.16.0.0/12

When you initially log in to ClearPass Device Insight, you have the option to accept these default subnets for the Catch All Segments segment or you can edit the segment and add additional subnets to this segment.

Segments and their associated augmentation methods are used by the collectors during active scans (Discovery or Subnet) for device discovery. You can schedule the collectors to run Subnet scans by segment. Creating multiple segments with manageable levels of subnets can improve the performance of Subnet scans. Plus, with multiple segments you can run several Subnet scans at different times that are more convenient for your environment.

For more information on augmentation methods, see Managing Augmentation Methods.

For more information on active scanning, see Managing Collectors.

Overlapping Segments

Overlapping segments occur when you add the same subnet to different segments. We recommend that you do not have overlapping segments and that you correct this issue.

When you are creating a segment and you add a subnet that has already been added to another segment, an Overlapping Segments card is provided on the Edit Subnet Segment page enabling you to view where the overlap occurs. From that segment you can edit and correct the overlapping subnets. Plus, using the All Segments page - Overlapping tab you can view the overlap information for each segment that overlaps.

For more information, see