Cisco Systems OL-6109-01 User Manual
Zone Configuration
This chapter describes zone configuration. It includes the following major
sections:
• Basic Zone Configuration
• Zone Remote Guard List
• Zone Traffic Learning
• Zone Detection
Basic Zone Configuration
This section describes the initial Zone configuration procedures that relate to zone
parameters such as: zone name, description, and zone IP address.
CHA PT ER
4
OL-6109-01
It describes the following procedures:
• Defining a New Zone
• Duplicating a Zone
• Removing a Zone
• Removing All Zones
• Displaying Zone Templates
• Entering a Zone Command Level
• Describing a Zone
• Defining the Zone IP Address
Cisco Traffic Anomaly Detector User Guide
4-1
Basic Zone Configuration
• Removing a Zone IP Address
• Removing all Zone IP Addresses
Defining a New Zone
The Detector enables the user to define a new zone based on a variety of
templates.
To define a new zone perform the following:
1. From the Configuration command group level type the following:
admin@DETECTOR-conf# zone <new-zone-name> [<template>|copy-from
<base-zone-name>][interactive]
Where:
–
new-zone-name—A zone name string. An alphanumeric string should
start with a letter, hold no spaces, and should be limited to a length of up
to 63 characters. The string may contain underscores.
–
template—(Optional) A template that defines the zone configuration.
Options are:
Default —The Guard default zone template
Chapter 4 Zone Configuration
4-2
Bandwidth-limited Link Templates—Templates designed and
specifically tailored for detection of large subnets segmented according
to zones with known bandwidth. Detection on zones defined by these
templates can be assumed without undergoing the learning process. It is
recommended to define such a zone with protect-ip-state of only-dest-ip
(see the “Guard-Protection Activation Forms” section for further details).
The following bandwidth-limited link templates are available for 128K,
1M, 4M, and 512K links respectively: LINK_128K, LINK_1M,
LINK_4M, and LINK_512K.
Note Learning Phase 1, policy construction, cannot be performed for
these templates.
Cisco Traffic Anomaly Detector User Guide
OL-6109-01
Chapter 4 Zone Configuration
2. Choose ENTER. Below is an example of the zone command implementation:
Basic Zone Configuration
Note If no zone template is specified, the zone will be defined using
the Detector DEFAULT zone template.
–
base-zone-name—(Optional) The name of a desired zone used as a
template for the new zone.
–
interactive—(Optional) The operation mode of the new zone is set to
interactive (see the “Interactive Recommendations Mode” section for
further details).
Note Choosing Enter without specifying the zone template defines a zone
by the Detector default zone template.
admin@DETECTOR-conf# zone scannet
admin@DETECTOR-conf-zone-scannet#
Duplicating a Zone
The user may duplicate a desired zone and define a new, identically- configured,
zone.
To duplicate a zone from the Configuration command group level perform the
following:
1. From the Configuration command group level type the following:
admin@DETECTOR-conf# zone <new-zone-name> copy-from
<base-zone-name>
Where:
–
–
OL-6109-01
new-zone-name—A zone name string. An alphanumeric string should
start with a letter, hold no spaces, and should be limited to a length of up
to 63 characters. The string may contain underscores.
base-zone-name—The name of a desired zone used as a template for the
new zone.
Cisco Traffic Anomaly Detector User Guide
4-3
Basic Zone Configuration
2. Choose ENTER. The following prompt appears:
To duplicate a zone from the zone command group level perform the following:
1. From the Zone command group level of the desired zone type the following:
2. Choose ENTER. Below is an example of the zone command implementation:
Removing a Zone
The user may remove a desired zone.
Chapter 4 Zone Configuration
admin@DETECTOR–conf-zone-<new-zone-name>#
admin@DETECTOR–conf-zone-<zone-name># zone <new-zone-name>
copy-from–this
Where new-zone-name specifies a zone name string. An alphanumeric string
should start with a letter, hold no spaces, and should be limited to a length of
up to 63 characters. The string may contain underscores.
admin@DETECTOR-conf-zone-scannet# zone mailserver copy-from-this
admin@DETECTOR-conf-zone-mailserver#
4-4
Caution Removing a zone eliminates its DDoS detection.
To remove a desired zone perform the following:
1. From the Configuration command group level type the following:
admin@DETECTOR-conf# no zone <zone-name>
Where zone-name identifies the zone name. Use ‘*’ to remove all zones.
2. Choose ENTER.
Note The Detector allows inserting an asterisk (*) as a wildcard character at the end of
a zone name. Thus, a user may use the wildcard character (*) to remove several
zones with the same prefix in one command.
Cisco Traffic Anomaly Detector User Guide
OL-6109-01
Chapter 4 Zone Configuration
Removing All Zones
The user may remove all the Detector’s zones.
Caution Removing all zones eliminates their DDoS detection.
To remove all zones perform the following:
1. From the Configuration command group level type the following:
admin@DETECTOR-conf# no zone *
2. Choose ENTER.
Displaying Zone Templates
The Detector enables the user to display a specific zone template or all zone
templates.
To display all zone templates perform the following:
Basic Zone Configuration
OL-6109-01
1. From the Configuration command group level type the following:
admin@DETECTOR-conf# show templates
2. Choose ENTER. The following (sample) screen appears:
admin@DETECTOR# show templates
DEFAULT
LINK_1M
LINK_4M
LINK_128K
LINK_512K
admin@DETECTOR#
To display a specific zone template perform the following:
1. From the Configuration command group level type the following:
admin@DETECTOR-conf# show templates [<template-name> [policies]]
Cisco Traffic Anomaly Detector User Guide
4-5
Basic Zone Configuration
Chapter 4 Zone Configuration
Where:
–
template-name—A zone template. Options include:
Default —The Guard default zone template
LINK_128K—A template designed for bandwidth-limited Links
LINK_1M—A template designed for bandwidth-limited Links
LINK_4M—A template designed for bandwidth-limited Links
LINK_512K— A template designed for bandwidth-limited Links
Note If no template name is specified, the list of zone templates is
displayed.
2. Choose ENTER. The following sample screen appears:
admin@DETECTOR-conf# show templates DEFAULT
Zone is INACTIVE
Operation Mode: AUTOMATIC
Description:
Zone ID: 0
Template: DEFAULT
PROTECT IP STATE: all-zone
FLEX-FILTER:
FLEX-FILTER ACTION: disable
admin@DETECTOR-conf#
Entering a Zone Command Level
The user should enter a zone command level to perform zone specific operations
and procedures.
To enter a zone command level perform the following:
1. From the Configuration command group level type the following:
admin@DETECTOR-conf# zone <zone-name>
Or alternatively:
From the Global command group level type the following:
admin@DETECTOR# configure <zone-name>
Cisco Traffic Anomaly Detector User Guide
4-6
OL-6109-01
Chapter 4 Zone Configuration
Where zone-name specifies the desired zone name.
2. Choose ENTER. Below is an example of the zone command implementation:
admin@DETECTOR-conf# zone scannet
admin@DETECTOR-conf-zone-scannet#
Describing a Zone
The user may add a description to a zone for identification purposes.
To add a description to a zone perform the following:
1. From the Zone command level type the following:
admin@DETECTOR-conf-zone-<zone-name># description <string>
Where string specifies a string that describes the zone. The string length is
limited to a maximum of 80 characters.
2. Choose ENTER. Below is an example of the description command
implementation:
admin@DETECTOR-conf-zone-scannet# description Scannet Zone used
for demonstration purposes
admin@DETECTOR-conf-zone-scannet#
Basic Zone Configuration
Note To modify a zone’s description repeat the zone description procedure. The new
description overrides the former.
Defining the Zone IP Address
The user must define a zone IP address to enable the Detector to perform traffic
learning and detection procedures.
To define the zone IP address perform the following:
1. From the Zone command level type the following:
admin@DETECTOR-conf-zone-<zone-name># ip address <ip-addr>
[<ip-mask>]
Where:
–
ip-addr—The zone IP address.
OL-6109-01
Cisco Traffic Anomaly Detector User Guide
4-7
Loading...