System information
7-22
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access
Configuring and Monitoring Port Security
Using Passwords, Port
Security, and Authorized IP
To access the web-based Help provided for the switch, click on [?] in the web
browser screen.
Reading Intrusion Alerts and Resetting Alert Flags
Notice of Security Violations
When the switch detects an intrusion on a port, it sets an “alert flag” for that
port and makes the intrusion information available as described below. While
the switch can detect additional intrusions for the same port, it does not list
the next chronological intrusion for that port in the Intrusion Log until the
alert flag for that port has been reset.
When a security violation occurs on a port configured for Port Security, the
switch responds in the following ways to notify you:
■ The switch sets an alert flag for that port. This flag remains set until:
• You use either the CLI, menu interface, or web browser interface to
reset the flag.
• The switch is reset to its factory default configuration.
■ The switch enables notification of the intrusion through the following
means:
• In the CLI:
– The
show intrusion-log command displays the Intrusion Log
– The
log command displays the Event Log
• In the menu interface:
– The Port Status screen includes a per-port intrusion alert
– The Event Log includes per-port entries for security violations
• In the web browser interface:
– The Alert Log’s Status | Overview window includes entries for per-
port security violations
– The Intrusion Log in the Security | Intrusion Log window lists per-
port security violation entries
• In HP TopTools for Hubs & Switches via an SNMP trap sent to a net
management station
How the Intrusion Log Operates
When the switch detects an intrusion attempt on a port, it enters a record of
this event in the Intrusion Log. No further intrusion attempts on that port will
appear in the Log until you acknowledge the earlier intrusion event by reset-
ting the alert flag.