Manuals / Cisco Systems / Computer Equipment / Computer Hardware

Cisco Systems OL-6109-01 manual Defining a New Zone

Models: OL-6109-01

1 22

Download 22 pages 56.21 Kb

Page 2

Defining a New Zone

Chapter 4 Zone Configuration

Basic Zone Configuration

•Removing a Zone IP Address

•Removing all Zone IP Addresses

Defining a New Zone

The Detector enables the user to define a new zone based on a variety of templates.

To define a new zone perform the following:

1.From the Configuration command group level type the following:

admin@DETECTOR-conf# zone <new-zone-name> [<template>copy-from<base-zone-name>][interactive]

Where:

–new-zone-name—A zone name string. An alphanumeric string should start with a letter, hold no spaces, and should be limited to a length of up to 63 characters. The string may contain underscores.

–template—(Optional) A template that defines the zone configuration. Options are:

Default —The Guard default zone template

Bandwidth-limited Link Templates—Templates designed and specifically tailored for detection of large subnets segmented according to zones with known bandwidth. Detection on zones defined by these templates can be assumed without undergoing the learning process. It is recommended to define such a zone with protect-ip-state of only-dest-ip (see the “Guard-Protection Activation Forms” section for further details). The following bandwidth-limited link templates are available for 128K, 1M, 4M, and 512K links respectively: LINK_128K, LINK_1M, LINK_4M, and LINK_512K.

Note Learning Phase 1, policy construction, cannot be performed for these templates.

	Cisco Traffic Anomaly Detector User Guide
4-2	OL-6109-01

Image 2

Cisco Systems OL-6109-01 manual Defining a New Zone

Contents

C H A P T E R Basic Zone ConfigurationZone Configuration Defining a New Zone Duplicating a Zone admin@DETECTOR-conf# zone new-zone-name copy-from base-zone-nameRemoving a Zone copy-from-thisadmin@DETECTOR-conf# no zone Removing All ZonesDisplaying Zone Templates admin@DETECTOR-conf# show templatesOperation Mode AUTOMATIC Description Zone ID Template DEFAULT Entering a Zone Command Leveladmin@DETECTOR-conf# show templates DEFAULT Zone is INACTIVE PROTECT IP STATE all-zone FLEX-FILTER FLEX-FILTER ACTION disablefor demonstration purposes Describing a ZoneDefining the Zone IP Address Removing a Zone IP Address admin@DETECTOR-conf-zone-zone-name# no ip address ip-addrZone Remote Guard List Removing all Zone IP Addresses4-10 Adding a Guard to the Zone Remote Guard ListRemoving a Guard from the Zone Remote Guard List Adding a Guard to the Zone Remote Guard List4-11 Interactive Recommendations ModeActivating the Interactive Recommendation Mode 4-12 Zone Traffic LearningDeactivating the Interactive Recommendation Mode Learning Phase 1 - Policy Construction 4-13Terminating Learning Phase 1 -Policy Construction 4-144-15 Accepting Learning Phase 1 - Policy ConstructionAborting Learning Phase 1 - Policy Construction admin@DETECTOR# no learning zone-name acceptadmin@DETECTOR# learning threshold-tuning zone-name Learning Phase 2 - Threshold Tuning4-16 4-17 Terminating Learning Phase 2 - Threshold TuningAccepting Learning Phase 2 - Threshold Tuning 4-18 Learning Phase VerificationAborting Learning Phase 2 - Tuning Threshold Zone Detection 4-19only-dest-ip policy-type Guard-Protection Activation Forms4-20 Zone Detection Verification 4-21admin@DETECTOR# no detect zone-name Ending the Zone Detection4-22 admin@DETECTOR-conf-zone-zone-name# no detect