Alcatel-Lucent 6850-48 Network Guide
Configuring Network Security
Network Security Overview
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 47-5
Monitoring Group
A monitoring-group is used by Network Security to configure the anomaly detection on sets of ports. A
monitoring-group is identified by a name and has a set of ports as its members. A monitoring-group is
created by adding a set of ports to the group or by configuring an anomaly parameter for the group. A
monitoring-group exists as long as it has a member port or has at least one of its anomaly parameters
configured.
monitoring-group is identified by a name and has a set of ports as its members. A monitoring-group is
created by adding a set of ports to the group or by configuring an anomaly parameter for the group. A
monitoring-group exists as long as it has a member port or has at least one of its anomaly parameters
configured.
The network security configurations are applied according to the monitoring-groups. The anomaly detec-
tion parameters of monitoring-groups can be configured by the user. Also, the user can add or remove a
port in the monitoring-group. A port can be moved from one monitoring-group to another, but it cannot
exist in more than one monitoring-group at a time. Network security is disabled on a port that is not a
member of a monitoring-group.
tion parameters of monitoring-groups can be configured by the user. Also, the user can add or remove a
port in the monitoring-group. A port can be moved from one monitoring-group to another, but it cannot
exist in more than one monitoring-group at a time. Network security is disabled on a port that is not a
member of a monitoring-group.
Network Security changes an anomaly parameter configuration across all monitoring-groups in the follow-
ing ways:
ing ways:
• Group-name “all”, overwrites the configuration for all the monitoring-groups.
• Anomaly “all”, overwrites the configuration for all the anomalies.
Network Security has a predefined monitoring-group “default”, and allows a maximum of 32 monitoring-
groups including "default" at a time. Network Security applies the rules to match the specific packets
when a port is in a monitoring-group. These rules exist as long as the port is a member of any monitoring-
group.
groups including "default" at a time. Network Security applies the rules to match the specific packets
when a port is in a monitoring-group. These rules exist as long as the port is a member of any monitoring-
group.
The statistics for the packets are maintained on a per-port basis and are available when a port is a member
of the monitoring-group. When a port is removed from the monitoring-group, the statistics for the packets
are cleared. If a monitoring port is moved from one monitoring-group to another, the statistics of the port
do not get cleared. A port's anomaly statistics are tracked when that anomaly is configured to be moni-
tored on that port, and are cleared when monitoring is stopped for that anomaly.
of the monitoring-group. When a port is removed from the monitoring-group, the statistics for the packets
are cleared. If a monitoring port is moved from one monitoring-group to another, the statistics of the port
do not get cleared. A port's anomaly statistics are tracked when that anomaly is configured to be moni-
tored on that port, and are cleared when monitoring is stopped for that anomaly.
Fin Scan
Occurs when a host receives a burst of FIN packets.
Fin-Ack Diff
Occurs when a host sees more or fewer FINACK packets than it sent.
Rst Count
Occurs when a host receives a flood of RST packets.