KB.15.15

show port-security intrusion-log

List intrusion log content.

clear intrusion-flags

Clear intrusion flags on all ports.

port-security [e] <port number> clear-intrusion-flag

Clear the intrusion flag on one or more specific ports.

Example

In the following example, executing show interfaces brief lists the switch port status, indicating

an intrusion alert on port A1.

Figure 284 An unacknowledged intrusion alert in a port status display

To see the details of the intrusion, enter the show port-security intrusion-log command.

For example:

Figure 285 The intrusion log with multiple entries for the same port

The above example shows three intrusions for port A1. Since the switch can show only one uncleared

intrusion per port, the older two intrusions in this example have already been cleared by earlier

use of the clear intrusion-log or the port-security < port-list > clear-intrusion-flag command. The

intrusion log holds up to 20 intrusion records, and deletes intrusion records only when the log

becomes full and new intrusions are subsequently added. The "prior to" text in the record for the

third intrusion means that a switch reset occurred at the indicated time and that the intrusion occurred

prior to the reset.

To clear the intrusion from port A1 and enable the switch to enter any subsequent intrusion for port

A1 in the Intrusion Log, execute the port-security clear-intrusion-flag command. If you then re-display

the port status screen, you will see that the Intrusion Alert entry for port A1 has changed to "No".

(Executing show port-security intrusion-log again will result in the same display as above, and does

not include the Intrusion Alert status.)

384 Port Security