4-11
Cisco Traffic Anomaly Detector User Guide
OL-6109-01
Chapter 4 Zone Configuration
Zone Remote Guard List
Where
remote-guard-address
specifies the remote Guard IP address. Use ‘*’
to remove all remote Guards from the remote Guard list.
Caution
The user should verify that the Detector has at least one remote Guard on its
default remote Guard list (see the
“Default Remote Guard List”
section in
Chapter 3, “Detector Configuration”
for further details).
2.
Choose
ENTER
.
3.
Repeat steps one and two as many times as required.
Below is an example of the
no remote-guard
command implementation:
admin@DETECTOR-conf-zone-scannet#
no remote-guard 192.168.100.33
admin@DETECTOR-conf-zone-scannet#
Interactive Recommendations Mode
In the Interactive Recommendation mode the Detector enables the user to decide
on the activation of the filters the policies launch (see the
“Interactive
Recommendations Mode”
section in
Chapter 6, “Filter Procedures”
for details).
The Detector functions in accordance with the user’s decision to accept, ignore,
or time the filter’s activation. In this way the Detector lets the user decide on the
production of its detection measures in real time.
Activating the Interactive Recommendation Mode
The user may activate the interactive recommendations mode for any desired zone
and continue to apply the procedure over a number of zones. The user may
activate the interactive mode when a zone is defined, or later, either before or after
initiating zone detection. The Detector enables the user to apply the interactive
recommendations mode from the Configuration or from the desired zone’s
command group levels.
To activate the interactive recommendation mode perform the following:
1.
From the Zone command group level type the following (sample):
admin@DETECTOR-conf-zone-<
zone-name
>#
interactive
2.
Choose
ENTER
.