Host Limit
The system adds a host to the network map when it detects activity associated with an IP address in your monitored network (as defined in your network discovery policy). The number of hosts a Cisco Defense Orchestrator can monitor, and therefore store in the network map, depends on its model.
CDO Model |
Hosts |
---|---|
MC750 |
2,000 |
MC1500 |
50,000 |
MC2000 |
150,000 |
MC3500 |
300,000 |
MC4000 |
600,000 |
virtual |
50,000 |
You cannot view contextual data for hosts not in the network map. However, you can perform access control. For example, you can perform application control on traffic to and from a host not in the network map, even though you cannot use a compliance allow list to monitor the host's network compliance.
Note | The system counts MAC-only hosts separately from hosts identified by both IP addresses and MAC addresses. All IP addresses associated with a host are counted together as one host. |
Reaching the Host Limit and Deleting Hosts
The network discovery policy controls what happens when you detect a new host after you reach the host limit; you can drop the new host, or replace the host that has been inactive for the longest time. You can also set the period after which the system removes a host from the network map due to inactivity. Although you can manually delete a host, an entire subnet, or all of your hosts from the network map, if the system detects activity associated with a deleted host, it re-adds the host.
In a multidomain deployment, each leaf domain has its own network discovery policy. Therefore, each leaf domain governs its own behavior when the system discovers a new host.