Configuring and Monitoring Port Security

Reading Intrusion Alerts and Resetting Alert Flags

To clear the intrusion from port A1 and enable the switch to enter any subsequent intrusion for port A1 in the Intrusion Log, execute the port-security clear-intrusion-flagcommand. If you then re-display the port status screen, you will see that the Intrusion Alert entry for port A1 has changed to “No”. (Executing show port-securityintrusion-logagain will result in the same display as above, and does not include the Intrusion Alert status.)

ProCurve(config)# port-security a1 clear-intrusion-flag ProCurve(config)# show interfaces brief

Intrusion Alert on port A1 is now

Figure 11-16.Example of Port Status Screen After Alert Flags Reset

For more on clearing intrusions, see “Note on Send-Disable Operation” on page 11-32

Using the Event Log To Find Intrusion Alerts

The Event Log lists port security intrusions as:

W MM/DD/YY HH:MM:SS FFI: port A3 — Security Violation

where “W” is the severity level of the log entry and FFI is the system module that generated the entry. For further information, display the Intrusion Log, as shown below.

From the CLI. Type the log command from the Manager or Configuration level.

Syntax: log < search-text >

For < search-text>, you can use ffi, security, or violation. For example:

11-36