Advertisement
Quick Links
Basic Zone Configuration
OL-6109-01
Zone Configuration
This chapter describes zone configuration. It includes the following major
sections:
Basic Zone Configuration
•
Zone Remote Guard List
•
Zone Traffic Learning
•
•
Zone Detection
This section describes the initial Zone configuration procedures that relate to zone
parameters such as: zone name, description, and zone IP address.
It describes the following procedures:
Defining a New Zone
•
Duplicating a Zone
•
Removing a Zone
•
•
Removing All Zones
Displaying Zone Templates
•
Entering a Zone Command Level
•
Describing a Zone
•
Defining the Zone IP Address
•
C H A P T E R
Cisco Traffic Anomaly Detector User Guide
4
4-1
Advertisement
Related Manuals for Cisco OL-6109-01
Summary of Contents for Cisco OL-6109-01
- Page 1 Removing a Zone • • Removing All Zones Displaying Zone Templates • Entering a Zone Command Level • Describing a Zone • Defining the Zone IP Address • OL-6109-01 C H A P T E R Cisco Traffic Anomaly Detector User Guide...
- Page 2 The following bandwidth-limited link templates are available for 128K, 1M, 4M, and 512K links respectively: LINK_128K, LINK_1M, LINK_4M, and LINK_512K. Learning Phase 1, policy construction, cannot be performed for Note these templates. Chapter 4 Zone Configuration section for further details). OL-6109-01...
- Page 3 From the Configuration command group level type the following: admin@DETECTOR-conf# zone <new-zone-name> copy-from <base-zone-name> Where: – – OL-6109-01 If no zone template is specified, the zone will be defined using Note the Detector DEFAULT zone template. —(Optional) The name of a desired zone used as a base-zone-name template for the new zone.
- Page 4 Thus, a user may use the wildcard character (*) to remove several zones with the same prefix in one command. Cisco Traffic Anomaly Detector User Guide specifies a zone name string. An alphanumeric string new-zone-name identifies the zone name. Use ‘*’ to remove all zones. zone-name Chapter 4 Zone Configuration OL-6109-01...
- Page 5 DEFAULT LINK_1M LINK_4M LINK_128K LINK_512K admin@DETECTOR# To display a specific zone template perform the following: From the Configuration command group level type the following: admin@DETECTOR-conf# show templates [<template-name> [policies]] OL-6109-01 Basic Zone Configuration Cisco Traffic Anomaly Detector User Guide...
- Page 6 LINK_128K—A template designed for bandwidth-limited Links LINK_1M—A template designed for bandwidth-limited Links LINK_4M—A template designed for bandwidth-limited Links LINK_512K— A template designed for bandwidth-limited Links If no template name is specified, the list of zone templates is displayed. Chapter 4 Zone Configuration OL-6109-01...
- Page 7 To define the zone IP address perform the following: From the Zone command level type the following: admin@DETECTOR-conf-zone-<zone-name># ip address <ip-addr> [<ip-mask>] Where: – OL-6109-01 specifies the desired zone name. zone-name specifies a string that describes the zone. The string length is string —The zone IP address.
- Page 8 If no mask is specified, the Detector assumes the default subnet Note mask 255.255.255.255. —The zone IP address. Use ‘*’ to remove all zone IP addresses. ip-addr —(Optional) The zone IP subnet mask. ip-mask Chapter 4 Zone Configuration OL-6109-01...
- Page 9 If the Detector does not find a Guard on the list it refers to the remote Guard (or Guards) on the Detector default list (see the Chapter 3, “Detector Configuration” OL-6109-01 If no mask is specified, the Detector assumes the default subnet Note mask 255.255.255.255.
- Page 10 From the Zone command group level type the following: admin@DETECTOR-conf-zone-<zone-name># no remote-guard <remote-guard-address> Cisco Traffic Anomaly Detector User Guide 4-10 —The desired remote Guard IP address. remote-guard-address —(Optional) The remote Guard description (a maximum of description 63 characters). Chapter 4 Zone Configuration OL-6109-01...
- Page 11 To activate the interactive recommendation mode perform the following: From the Zone command group level type the following (sample): admin@DETECTOR-conf-zone-<zone-name># interactive Choose ENTER. OL-6109-01 specifies the remote Guard IP address. Use ‘*’ remote-guard-address “Default Remote Guard List” for further details).
- Page 12 Detector must be connected to a router using an optical splitter. Cisco Traffic Anomaly Detector User Guide 4-12 “Defining a New Zone” section in this chapter), the Detector learns the zone’s (zones’) Chapter 4 Zone Configuration section for “Learning Phase 1 – Policy OL-6109-01...
- Page 13 From the Global command group level type the following: admin@DETECTOR# learning policy-construction <zone-name> Or alternatively: From the zone command group level type the following: admin@DETECTOR-conf-zone-<zone-name># learning policy-construction OL-6109-01 Chapter 7, “Policy Procedures” for further details). Chapter 7, “Policy Procedures” Procedures”.
- Page 14 All of the Guard’s zones. Issuing learning policy-construction* means setting the policy construction phase for all of the Detector’s zones. A wildcard denoting zone names (i.e. OBL*). “Zone and Learning Phase Snapshot” for further details. Chapter 4 Zone Configuration section in Chapter 7, OL-6109-01...
- Page 15 Or alternatively: From the Zone command group level type the following: admin@DETECTOR-conf-zone-<zone-name># no learning reject Where OL-6109-01 specifies a zone name. zone-name All of the Detector’s zones. Issuing no learning* accept means ending and accepting the learning results for all of the Detector’s zones.
- Page 16 Note that the Detector enables the use of an asterisk (*) as a wildcard denoting either of the following options: – – Choose ENTER. Cisco Systems recommends letting the Learning Phase 2 - Threshold Tuning Note continue for 24 hours before concluding. Cisco Traffic Anomaly Detector User Guide 4-16 All of the Detector’s zones.
- Page 17 – Choose ENTER. The Detector is now tuned to the zone traffic characteristics and ready to detect the zone (a procedure launched by issuing the detect command). OL-6109-01 “Zone and Learning Phase Snapshot” for further details. specifies a zone name.
- Page 18 All of the Detector’s zones. Issuing no learning* reject means aborting the learning phase for all of the Detector’s zones. A wildcard denoting zone names (i.e. OBL*). Chapter 4 Zone Configuration “Zone Detection” section for OL-6109-01...
-
Page 19: Zone Detection
To detect the zone perform the following: From the Global command group level type the following: admin@DETECTOR# detect <zone-name> Or alternatively: From the Zone command group level type the following: admin@DETECTOR-conf-zone-<zone-name># detect Where OL-6109-01 Rate Policy 73.17 http/80/analysis/syns/dst_ip 0.17 http/80/analysis/syns/global... - Page 20 {all-zone | only-dest-ip | policy-type} Cisco Traffic Anomaly Detector User Guide 4-20 All of the Detector’s zones. Issuing detect * means beginning detection for all of the Detector’s zones. A wildcard denoting zone names (i.e. OBL*). Chapter 4 Zone Configuration OL-6109-01...
- Page 21 Oct 23 2003 00:56:53 148744 Oct 23 2003 00:55:54 148744 ..admin@DETECTOR-conf-zone-scannet# OL-6109-01 —The Detector activates the Guard to assume protection over all-zone the overall zone whenever a traffic abnormality is detected (see this section’s explanation for further details).
- Page 22 A wildcard denoting zone names (i.e. OBL*). • To know more about the Detector filter system, filter types, and filter configuration refer to Cisco Traffic Anomaly Detector User Guide 4-22 specifies a zone name. Chapter 6, “Filter Procedures” Chapter 4 Zone Configuration for further details. OL-6109-01...