Filter
Top Products
Chapter 4 Zone Configuration
Zone Traffic Learning
4-18
Cisco Traffic Anomaly Detector User Guide
OL-6109-01
Aborting Learning Phase 2 – Tuning Threshold
The user may wish to abort the second phase of learning procedure. In this case
the Detector stops the process and erases the data learned on the second phase.
The data gathered on the first learning phase and on the previous learning phase
2 remain unchanged. This results in a situation in which newly constructed
policies have thresholds that were obtained according to past traffic
characteristics.
To abort the second Learning phase perform the following:
1. From the Global command group level type the following:
admin@DETECTOR# no learning <zone-name> reject
Or alternatively:
From the Global command group level type the following:
admin@DETECTOR-conf-zone-<zone-name># no learning reject
Where zone-name specifies a zone name.
Note that the Detector enables the use of an asterisk (*) as a wildcard
denoting either of the following options:
–
All of the Detector’s zones. Issuing no learning* reject means aborting
the learning phase for all of the Detector’s zones.
–
A wildcard denoting zone names (i.e. OBL*).
2. Choose ENTER.
Learning Phase Verification
The user may wish to verify whether the Detector has undergone its learning
phase (with its detection policies functioning properly) has succeeded. The
indication would be a display of the policies functioning properly.
The user launches the detect command see the “Zone Detection” section for
further details.
To verify the status of the learning phase perform the following:
1. From the Zone command group level type the following:
admin@DETECTOR-conf-zone-<zone-name># show policy statistics