Notice of security violations

When the switch detects an intrusion on a port, it sets an "alert flag" for that port and makes the intrusion information available as described below. While the switch can detect additional intrusions for the same port, it does not list the next chronological intrusion for that port in the Intrusion Log until the alert flag for that port has been reset.

When a security violation occurs on a port configured for Port Security, the switch responds in the following ways to notify you:
  • The switch sets an alert flag for that port. This flag remains set until:
    • You use either the CLI, menu interface, or WebAgent to reset the flag.

    • The switch is reset to its factory default configuration.

  • The switch enables notification of the intrusion through the following means:
    • In the CLI:
      • The show port-security intrusion-log command displays the Intrusion Log.

      • The log command displays the Event Log.

    • In the menu interface:
      • The Port Status screen includes a per-port intrusion alert.

      • The Event Log includes per-port entries for security violations.

    • In the WebAgent:
      • The Alert Log includes entries for per-port security violations.

      • The Intrusion Log lists per-port security violation entries.

    • In network management applications using an SNMP trap sent to a network management station.