Chapter 4 Zone Configuration
Zone Traffic Learning
Terminating Learning Phase 2 – Threshold Tuning
After a sufficient period of time (see the above note) the user ends the Threshold Tuning phase. The user may accept the Detector’s suggested policies or decide to abort the second phase of the learning process. The Detector would stop the Threshold Tuning phase and adopt the Policy Construction Phase results and the former thresholds results the Detector has. This results in a situation in which newly constructed policies have thresholds that were obtained according to past traffic characteristics.
The user may decide to view the learning process outcomes prior to making a decision. See the “Zone and Learning Phase Snapshot” section in Chapter 7, “Policy Procedures” for further details.
Accepting Learning Phase 2 – Threshold Tuning
The user may accept the Detector’s suggested thresholds.
To accept the results of the Threshold Tuning phase perform the following:
1.From the Global command group level type the following:
admin@DETECTOR# no learning
Or alternatively:
From the Zone command group level type the following:
Where
Note that the Detector enables the use of an asterisk (*) as a wildcard denoting either of the following options:
–All of the Detector’s zones. Issuing no learning* accept means ending and accepting the learning results for all of the Detector’s zones.
–A wildcard denoting zone names (i.e. OBL*).
2.Choose ENTER.
The Detector is now tuned to the zone traffic characteristics and ready to detect the zone (a procedure launched by issuing the detect command).
|
| Cisco Traffic Anomaly Detector User Guide |
|
|
|
|
| ||
|
|
|
| |
|
|
|
