Manuals / Cisco Systems / Computer Equipment / Computer Hardware

Cisco Systems OL-6109-01 manual Zone Detection, 4-19

Models: OL-6109-01

1 22

Download 22 pages 56.21 Kb

Page 19

Chapter 4 Zone Configuration

Zone Detection

2.Choose ENTER. The following (partial sample) screen appears:

admin@DETECTOR-conf-zone-scannet# show policies statistics

Key	Rate	Policy
192.168.100.34	73.17	http/80/analysis/syns/dst_ip
N/A	0.17	http/80/analysis/syns/global
Key	Ratio	Policy
192.168.100.34	1.44
tcp_ratio/any/analysis/syn_by_fin/dst_ip_ratio
80	1.44
tcp_ratio/any/analysis/syn_by_fin/dst_port_ratio
Key	Connections	Policy
N/A	429.00

tcp_connections/any/analysis/in_nodata_conns/global

The sample screen displays that the detector policies are receiving traffic and functioning properly.

Zone Detection

After learning the zone traffic characteristics the Detector is ready for zone detection. The user may wish to command the Detector to detect right after completing the zone configurations. The Detector would then begin applying its detection policies.

To detect the zone perform the following:

1.From the Global command group level type the following:

admin@DETECTOR# detect <zone-name>

Or alternatively:

From the Zone command group level type the following:

admin@DETECTOR-conf-zone-<zone-name># detect

Where zone-namespecifies a zone name.

		Cisco Traffic Anomaly Detector User Guide
		Cisco Traffic Anomaly Detector User Guide
	OL-6109-01			4-19
	OL-6109-01			4-19

Image 19

Cisco Systems OL-6109-01 manual Zone Detection, 4-19

Contents

Zone Configuration Basic Zone ConfigurationC H A P T E R Defining a New Zone admin@DETECTOR-conf# zone new-zone-name copy-from base-zone-name Duplicating a Zonecopy-from-this Removing a Zoneadmin@DETECTOR-conf# show templates Removing All ZonesDisplaying Zone Templates admin@DETECTOR-conf# no zonePROTECT IP STATE all-zone FLEX-FILTER FLEX-FILTER ACTION disable Entering a Zone Command Leveladmin@DETECTOR-conf# show templates DEFAULT Zone is INACTIVE Operation Mode AUTOMATIC Description Zone ID Template DEFAULTDefining the Zone IP Address Describing a Zonefor demonstration purposes admin@DETECTOR-conf-zone-zone-name# no ip address ip-addr Removing a Zone IP AddressRemoving all Zone IP Addresses Zone Remote Guard ListAdding a Guard to the Zone Remote Guard List Adding a Guard to the Zone Remote Guard ListRemoving a Guard from the Zone Remote Guard List 4-10Activating the Interactive Recommendation Mode Interactive Recommendations Mode4-11 Deactivating the Interactive Recommendation Mode Zone Traffic Learning4-12 4-13 Learning Phase 1 - Policy Construction4-14 Terminating Learning Phase 1 -Policy Constructionadmin@DETECTOR# no learning zone-name accept Accepting Learning Phase 1 - Policy ConstructionAborting Learning Phase 1 - Policy Construction 4-154-16 Learning Phase 2 - Threshold Tuningadmin@DETECTOR# learning threshold-tuning zone-name Accepting Learning Phase 2 - Threshold Tuning Terminating Learning Phase 2 - Threshold Tuning4-17 Aborting Learning Phase 2 - Tuning Threshold Learning Phase Verification4-18 4-19 Zone Detection4-20 Guard-Protection Activation Formsonly-dest-ip policy-type 4-21 Zone Detection Verificationadmin@DETECTOR-conf-zone-zone-name# no detect Ending the Zone Detection4-22 admin@DETECTOR# no detect zone-name