Configuring and Monitoring Port Security

Reading Intrusion Alerts and Resetting Alert Flags

The switch enables notification of the intrusion through the following means:

In the CLI:

The show port-security intrusion-log command displays the Intrusion Log

The log command displays the Event Log

In the menu interface:

The Port Status screen includes a per-port intrusion alert

The Event Log includes per-port entries for security viola- tions

In the web browser interface:

The Alert Log’s Status Overview window includes entries for per-port security violations

The Intrusion Log in the Security Intrusion Log window lists per-port security violation entries

In network management applications such as ProCurve Manager via an SNMP trap sent to a network management station

How the Intrusion Log Operates

When the switch detects an intrusion attempt on a port, it enters a record of this event in the Intrusion Log. No further intrusion attempts on that port will appear in the Log until you acknowledge the earlier intrusion event by resetting the alert flag.

The Intrusion Log lists the 20 most recently detected security violation attempts, regardless of whether the alert flags for these attempts have been reset. This gives you a history of past intrusion attempts. Thus, for example, if there is an intrusion alert for port A1 and the Intrusion Log shows two or more entries for port 1, only the most recent entry has not been acknowledged (by resetting the alert flag). The other entries give you a history of past intrusions detected on port A1.

Figure 11-11. Example of Multiple Intrusion Log Entries for the Same Port

11-31