Chapter 4 Zone Configuration
Zone Traffic Learning
Aborting Learning Phase 2 – Tuning Threshold
The user may wish to abort the second phase of learning procedure. In this case the Detector stops the process and erases the data learned on the second phase. The data gathered on the first learning phase and on the previous learning phase 2 remain unchanged. This results in a situation in which newly constructed policies have thresholds that were obtained according to past traffic characteristics.
To abort the second Learning phase perform the following:
1.From the Global command group level type the following:
admin@DETECTOR# no learning
Or alternatively:
From the Global command group level type the following:
Where
Note that the Detector enables the use of an asterisk (*) as a wildcard denoting either of the following options:
–All of the Detector’s zones. Issuing no learning* reject means aborting the learning phase for all of the Detector’s zones.
–A wildcard denoting zone names (i.e. OBL*).
2.Choose ENTER.
Learning Phase Verification
The user may wish to verify whether the Detector has undergone its learning phase (with its detection policies functioning properly) has succeeded. The indication would be a display of the policies functioning properly.
The user launches the detect command see the “Zone Detection” section for further details.
To verify the status of the learning phase perform the following:
1.From the Zone command group level type the following:
| Cisco Traffic Anomaly Detector User Guide |