11-35
Configuring Advanced Threat Protection
Using the Instrumentation Monitor
Configuring Instrumentation Monitor
The following commands and parameters are used to configure the opera-
tional thresholds that are monitored on the switch. By default, the instrumen-
tation monitor is disabled.
Syntax:  [no] instrumentation monitor [parameterName|all] [<low|med|high|limitValue>] 
[log] : Enables/disables instrumentation monitoring log so that event log messages 
are generated every time there is an event which exceeds a configured threshold.
(Default threshold setting when instrumentation monitoring is enabled: enabled)
[all] : Enables/disables all counter types on the switch but does not enable/disable 
instrumentation monitor logging.
(Default threshold setting when enabled: see parameter listings below)
[arp-requests] : The number of arp requests that are processed each minute.
(Default threshold setting when enabled: 1000 (med))
[ip-address-count]: The number of destination IP addresses learned in the IP 
forwarding table.
(Default threshold setting when enabled: 1000 (med))
[learn-discards]: The number of MAC address learn events per minute discarded to 
help free CPU resources when busy.
(Default threshold setting when enabled: 100 (med))
[login-failures]: The count of failed CLI login attempts or SNMP management authen-
tication failures per hour.
(Default threshold setting when enabled: 10 (med))
[mac-address-count] : The number of MAC addresses learned in the forwarding table. 
You must enter a specific value in order to enable this feature.
(Default threshold setting when enabled: 1000 (med))
[mac-moves] : The average number of MAC address moves per minute from one port 
to another. 
(Default threshold setting when enabled: 100 (med))
[pkts-to-closed-ports] : The count of packets per minute sent to closed TCP/UDP ports.
(Default threshold setting when enabled: 10 (med))
[port-auth-failures] : The count of times per minute that a client has been unsuccessful 
logging into the network.
(Default threshold setting when enabled: 10 (med))
[system-resource-usage]: The percentage of system resources in use.
(Default threshold setting when enabled: 50 (med
)))
[system-delay] : The response time, in seconds, of the CPU to new network events such 
as BPDU packets or packets for other network protocols.
(Default threshold setting when enabled: 3 seconds (med))
[trap] : Enables or disables SNMP trap generation.
(Default setting when instrumentation monitoring is enabled: disabled)