Configuring and Monitoring Port Security

Operating Notes for Port Security

Web: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags

1.Check the Alert Log by clicking on the Status tab and the [Overview] button. If there is a “Security Violation” entry, do the following:

a.Click on the Security tab.

b.Click on [Intrusion Log]. “Ports with Intrusion Flag” indicates any ports for which the alert flag has not been cleared.

c.To clear the current alert flags, click on [Reset Alert Flags].

To access the web-based Help provided for the switch, click on [?] in the web browser screen.

Operating Notes for Port Security

Identifying the IP Address of an Intruder. The Intrusion Log lists detected intruders by MAC address. Proxy Web Servers

If you are using the switch’s web browser interface through a switch port configured for Static port security, and your browser access is through a proxy web server, then it is necessary to do the following:

Enter your PC or workstation MAC address in the port’s Authorized Addresses list.

Enter your PC or workstation’s IP address in the switch’s IP Autho- rized Managers list. See chapter 10, “Using Authorized IP Managers”.)

Without both of the above configured, the switch detects only the proxy server’s MAC address, and not your PC or workstation MAC address, and interprets your connection as unauthorized.

“Prior To” Entries in the Intrusion Log. If you reset the switch (using the Reset button, Device Reset, or Reboot Switch), the Intrusion Log will list the time of all currently logged intrusions as “prior to” the time of the reset.

Alert Flag Status for Entries Forced Off of the Intrusion Log. If the Intrusion Log is full of entries for which the alert flags have not been reset, a new intrusion will cause the oldest entry to drop off the list, but will not change

9-25