Filter
Top Products
4-17
Cisco Traffic Anomaly Detector User Guide
OL-6109-01
Chapter 4 Zone Configuration
Zone Traffic Learning
Terminating Learning Phase 2 – Threshold Tuning
After a sufficient period of time (see the above note) the user ends the Threshold
Tuning phase. The user may accept the Detector’s suggested policies or decide to
abort the second phase of the learning process. The Detector would stop the
Threshold Tuning phase and adopt the Policy Construction Phase results and the
former thresholds results the Detector has. This results in a situation in which
newly constructed policies have thresholds that were obtained according to past
traffic characteristics.
The user may decide to view the learning process outcomes prior to making a
decision. See the “Zone and Learning Phase Snapshot” section in Chapter 7,
“Policy Procedures” for further details.
Accepting Learning Phase 2 – Threshold Tuning
The user may accept the Detector’s suggested thresholds.
To accept the results of the Threshold Tuning phase perform the following:
1. From the Global command group level type the following:
admin@DETECTOR# no learning <zone-name> accept
Or alternatively:
From the Zone command group level type the following:
admin@DETECTOR-conf-zone-<zone-name># no learning accept
Where zone-name specifies a zone name.
Note that the Detector enables the use of an asterisk (*) as a wildcard
denoting either of the following options:
–
All of the Detector’s zones. Issuing no learning* accept means ending
and accepting the learning results for all of the Detector’s zones.
–
A wildcard denoting zone names (i.e. OBL*).
2. Choose ENTER.
The Detector is now tuned to the zone traffic characteristics and ready to detect
the zone (a procedure launched by issuing the detect command).