Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
381382383384385386387388389390
This example shows two intrusions for port A3 and one intrusion for port A1. In this case, only
the most recent intrusion at port A3 has not been acknowledged (reset). This is indicated by
the following:
Because the Port Status screen “Port status screen with intrusion alert on port A3” (page 385)
does not indicate an intrusion for port A1, the alert flag for the intrusion on port A1 has
already been reset.
Since the switch can show only one uncleared intrusion per port, the alert flag for the
older intrusion for port A3 in this example has also been previously reset.
The intrusion log holds up to 20 intrusion records and deletes an intrusion record
only when the log becomes full and a new intrusion is subsequently detected.
NOTE: The "prior to " text in the record for the earliest intrusion means that a switch reset
occurred at the indicated time and that the intrusion occurred prior to the reset.
3. To acknowledge the most recent intrusion entry on port A3 and enable the switch to enter a
subsequently detected intrusion on this port, type
[R]
For Reset alert flags.
Note that if there are unacknowledged intrusions on two or more ports, this step resets the
alert flags for all such ports.
If you then re-display the port status screen, you will see that the Intrusion Alert entry for port A3
has changed to "No". That is, your evidence that the Intrusion Alert flag has been acknowledged
(reset) is that the Intrusion Alert column in the port status display no longer shows "Yes" for the
port on which the intrusion occurred (port A3 in this example). (Because the Intrusion Log provides
a history of the last 20 intrusions detected by the switch, resetting the alert flags does not change
its content. Thus, displaying the Intrusion Log again will result in the same display as in figure The
intrusion log display” (page 385), above.)
Using the event log to find intrusion alerts CLI
The Event Log lists port security intrusions as:
W MM/DD/YY HH:MM:SS FFI: port A3 — Security Violation
where "W" is the severity level of the log entry and FFI is the system module that generated the
entry. For further information, display the Intrusion Log, as shown below.
From the Manager or Configuration level:
Syntax:
log search-text
For search-text , use ffi, security, or violation.
386 Port Security