Checking for intrusions, listing intrusion alerts, and resetting alert flags (Menu)
The menu interface indicates per-port intrusions
in the Port Status screen, and provides details and the reset function
in the Intrusion Log screen.
Procedure
From the Main Menu select:
1. Status and Counters
4. Port Status
Type
[I]
(Intrusion log)
to
display the Intrusion Log.
This example shows two intrusions for port A3
and one intrusion for port A1. In this case, only the most recent
intrusion at port A3 has not been acknowledged (reset). This is indicated
by the following:
Since the switch can show only one uncleared intrusion
per port, the alert flag for the older intrusion for port A3 in this
example has also been previously reset.
The intrusion log holds up to 20 intrusion records
and deletes an intrusion record only when the log becomes full and
a new intrusion is subsequently detected.
NOTE:
The "prior to "
text in the record for the earliest intrusion means that a switch
reset occurred at the indicated time and that the intrusion occurred
prior to the reset.
To acknowledge the most
recent intrusion entry on port A3 and enable the switch to enter a
subsequently detected intrusion on this port, type
[R]
For Reset alert flags.
Note that if there are unacknowledged intrusions
on two or more ports, this step resets the alert flags for all such
ports.
If you then re-display the port status screen,
you see that the Intrusion Alert entry for port A3 is changed to "No".
That is, your evidence that the Intrusion Alert flag has been acknowledged
(reset) is that the Intrusion Alert column in the port status display
no longer shows "Yes"
for the port on which the intrusion occurred (port A3 in this example).
(Because the Intrusion Log provides a history of the last 20 intrusions
detected by the switch, resetting the alert flags does not change
its content. Thus, displaying the Intrusion Log again results in the
same display as in The intrusion log display.