Exclude source or destination IP from PurView ?

Userlevel 2
Our Custerom uses a S8 as his Core Device, where is connected to all sublevel switches and directly to PurView Sensor and a VM Cluster of 2 maschines with more then 8 connections on the Core Switch.

We have enabled PurView redirect Policy on all Ports as it should be.

But, the have also solution based on 2 virtual maschines to check the status of Servers, Switches Printers and many other things that is able to handle SNMP. One of this virtual maschines defines when and what devices will be connected next (=Server) and the other one is working as a "Agent" that really handle all this polling jobs.

There are so many poll's from and between this 2 virtual servers that we run into a licence violation of PurView.

Is there a possibiltiy to leave the related physical Interfaces in Policy mirror state but will exclude traffic from and to the virtual servers/agents?

5 replies

Userlevel 6
Rainer, this should be possible.
But to be clear-you want to exclude two IP addresses from all reporting, or those IP only for certain protocols?
Please advice.
Userlevel 2
Hey Mike

It would be great if we could exclude the IP addresses completely. We don't want to see any traffic from that specific devices/ip addresses.

Could you please advice me how we can do this?
Userlevel 6
So, I will start off with this - the exclusion commands below will not assist in the FPM count. They are all still there coming into the appliance. We are just choosing to not report on them.

So from Oneview -> Applications -> Purview Appliance -> Configuration ->Configuration Properties
From there, add in your exclusions, and then enforce them.

Userlevel 2
If I would use a firewall (iptables) on the PurView Appliance this should assist the FPM count, right?
Userlevel 6
Rainer, that will not work, as we are measuring based on the inbound Netflow data coming into the appliance, so there is no easy way to filter out that data from within the Netflow records themselves.