Alcatel-Lucent 6850-48 Network Guide
Configuring Network Security
Configuring Network Security
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 47-7
To configure the anomaly to be monitored, enter netsec group, the group name, anomaly, the anomaly
name, and the optional keywords shown in the table below:
name, and the optional keywords shown in the table below:
For example, to enable or disable the anomaly parameter log of the monitoring-group “group1”, enter:
-> netsec group group1 anomaly arp-flood log enable
-> netsec group group1 anomaly arp-flood log disable
For example, to configure the anomaly parameter period of the monitoring-group “ad”, enter:
-> netsec group ad anomaly tcp-port-scan period 30
To reset to its default value, enter:
-> no netsec group ad anomaly tcp-port-scan period
tcp-port-scan
tcp-addr-scan
syn-flood
syn-failure
syn-ack-scan
fin-scan
fin-ack-diff
rst-count
Anomaly parameters Description
state
Specifies the status of anomaly detection.
trap
Sends a trap when an anomaly is detected.
log
Logs detected anomalies.
quarantine
Quarantines the port on which an anomaly is detected. If an anomaly
is detected, then the source port will be quarantined. The
is detected, then the source port will be quarantined. The
command displays the quarantined ports and use
command to clear the port violation.
count
The number of packets that must be seen during the period to trigger
anomaly detection.
anomaly detection.
period
The time duration to observe traffic pattern, in seconds.
sensitivity
Sensitivity of anomaly detection to deviation from the expected traf-
fic pattern.
fic pattern.
anomaly name