Chapter 4 Zone Configuration
Zone Traffic Learning
4-12
Cisco Traffic Anomaly Detector User Guide
OL-6109-01
To create a new zone with interactive recommendations mode perform the
following:
1.
From the Configuration command group level type the following:
admin@DETECTOR-conf#
zone
<
new-zone-name
>
interactive
2.
Choose
ENTER
.
The new zone is created with a DEFAULT zone template configured for
interactive recommendations mode. See the
“Defining a New Zone”
section for
further details.
Deactivating the Interactive Recommendation Mode
The user may deactivate the interactive recommendations mode for any desired
zone or zones at any time. Deactivating this mode results in the Detector
disregarding any recommendations and assuming an automatic detection
functioning such as automatically producing dynamic filters, etc. The user may
deactivate the interactive recommendations mode from the desired zone’s
command group level.
To deactivate the interactive recommendation mode perform the following:
1.
Type the following (sample):
admin@DETECTOR-conf-zone-<
zone-name
>#
no interactive
2.
Choose
ENTER
.
Zone Traffic Learning
As the user initializes the Learning phase (see the
“Learning Phase 1 – Policy
Construction”
section in this chapter), the Detector learns the zone’s (zones’)
traffic characteristics. The results of this stage will be translated into detection
policies. The Learning system constructs the Detector detection policies that
instruct the Detector detection system as for how to regard the zone traffic flows.
Note
For the learning phases to take place port mirroring must be configured on the
switch or the Detector must be connected to a router using an optical splitter.