Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 4.0)
Preface
Download this chapter
PrefacePreface
Download the complete book
Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 4.0) Book-Length PDFCisco Traffic Anomaly Detector Module Configuration Guide (Software Version 4.0) Book-Length PDF (PDF - 2 MB)
give_us_feedback

Table Of Contents

Preface

Audience

Organization

Conventions

Obtaining Documentation, Obtaining Support, and Security Guidelines


Preface

This guide provides instructions for the Cisco Traffic Anomaly Detector Module (Detector module). It describes how to perform administration tasks, the general operations needed for the Detector operation and explains how to use Detector module.

This preface describes the audience, organization, and conventions of this publication, and provides information on how to obtain related documentation.

This preface contains the following major sections:

Audience

Organization

Conventions

Obtaining Documentation, Obtaining Support, and Security Guidelines

Audience

The Catalyst 6500 Series Switch Traffic Anomaly Detector Module Configuration Guideis aimed at:

Network administrators

Engineers

Operators

Network security professionals

This guide assumes a thorough knowledge of networking and networking security.

Organization

This guide is divided into the following chapters:

Chapter
Description

Chapter 1, "Introduction"

Provides an overview of the Cisco Traffic Anomaly Detector Module (Detector module) and generally outlines the Detector module operation mode and components.

Chapter 2, "Configuring the Detector Module on the Supervisor Module"

Provides information on how to configure the Detector module on a Catalyst 6500 series switch.

Chapter 3, "Initializing the Detector Module"

Provides information on the initial procedures required to connect and configure the Detector module. The chapter outlines the Detector module CLI environment and authentication methods.

Chapter 4, "Configuring the Detector Module"

Provides information on Detector module interface configuration and default remote Guard list. This chapter also details the SSH management and activation configuration procedures.

Chapter 5, "Configuring Zones"

Describes how to create and manage zones.

Chapter 6, "Configuring Zone Filters"

Provides information on the Detector module filters and describes how to perform advanced configuration tasks for zones on the Detector module.

Chapter 7, "Configuring Policy Templates and Policies"

Provides information on the Detector module policies and policy templates and describes how to configure them.

Chapter 8, "Interactive Recommendations Mode"

Provides information on the Interactive Recommendation operation mode. The chapter details the Detector module recommendations, the user decision options, and the policy interactive status.

Chapter 9, "Attack Reports"

Provides information on the Detector module attack reports, the report structure, and viewing options.


Conventions

This guide uses the following conventions:

Style or Symbol
Description

boldface

Enter bold text exactly as shown. Commands and keywords are in boldface.

Italics

Indicates a variable for which you supply the value. 

Plain text

Plain text represents the screen display, such as a prompt. Do not enter plain text as part of the command.

[x]

Keywords in square brackets are optional.

[x | y]

Keywords in square brackets separated by vertical bars indicate an optional keyword with a choice between values.

{x | y | z}

A choice of required keywords appear in braces separated by vertical bars. You must select one.

[x {y | z}]

Braces and vertical bars within square brackets indicate a required choice within an optional element. You do not need to select one. If you do, you have some required choices.


This guide uses the zone name scannet and the prompt admin@DETECTOR-conf-zone-scannet# in examples.

This guide uses the following symbols and conventions to identify different types of information.

Caution A caution means that a specific action you take could cause a loss of data or adversely impact use of the equipment.

Warning A warning describes an action that could cause you physical harm or damage the equipment.

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual.

Tip Means the following information will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information.

Timesaver Means the described action saves time. You can save time by performing the action described in the paragraph.

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html