Enable L2 Discovery

L2 Discovery enables the system to keep track of device metrics, records, and detections even after the device IP address is changed. In previous versions of the ExtraHop system, devices were discovered and tracked by their IP address (L3 Discovery). New ExtraHop 8.0 systems are configured to discover and track devices by their MAC addresses (L2 Discovery).

Learn more about device discovery in the ExtraHop system

Here are some important considerations about switching to L2 Discovery:

  • If you do not reset the local datastore, the system retains previous device entries with associated metrics, but future metrics are accumulated for new device entries that are based on the MAC address. The previous devices that were discovered by IP address eventually become inactive.
  • If you reset the local datastore, you lose the historical metric data associated with the device entries that were discovered by IP address.
  • Devices that are discovered by MAC address through L2 Discovery count towards the system capacity for analysis priorities.

Here are some good opportunities to change to L2 Discovery:

  • An ExtraHop system that has not been deployed and is on a firmware version previous to 8.0. Upgrade the system to firmware version 8.0 and then deploy to your environment.
  • An ExtraHop system that is scheduled to be reset and does not have metric data that must be saved.
  • If the devices in your environment frequently change IP addresses and you are willing to lose historical metric data to improve metrics about devices in the future.
  1. Create a system backup file and store the file in a secure location.
  2. Clear the selection for Enable L3 Discovery.
  3. Reset the local datastore.
    Optionally, you can save and restore existing customizations.
Published 2020-03-26 01:03