Configuring and Monitoring Port Security

Reading Intrusion Alerts and Resetting Alert Flags

clear intrusion-flags

Clear intrusion flags on all ports.

port-security [e] < port-number > clear-intrusion-flag

Clear the intrusion flag on one or more specific ports.

In the following example, executing show interfaces brief lists the switch’s port status, which indicates an intrusion alert on port A1.

Intrusion Alert on port

Figure 11-14.Example of an Unacknowledged Intrusion Alert in a Port Status Display

If you wanted to see the details of the intrusion, you would then enter the show port-securityintrusion-logcommand. For example:

MAC Address of latest Intruder on Port A1

Earlier intrusions on port A1 that have already been cleared (that is, the Alert Flag has been reset at least twice before the most recent intrusion

Datesand Timesof Intrusions

Figure 11-15.Example of the Intrusion Log with Multiple Entries for the Same Port

The above example shows three intrusions for port A1. Since the switch can show only one uncleared intrusion per port, the older two intrusions in this example have already been cleared by earlier use of the clear intrusion-log or the port-security < port-list> clear-intrusion-flag command. (The intrusion log holds up to 20 intrusion records, and deletes intrusion records only when the log becomes full and new intrusions are subsequently added.) The “prior to” text in the record for the third intrusion means that a switch reset occurred at the indicated time and that the intrusion occurred prior to the reset.

11-35