Checking for intrusions, listing intrusion alerts, and resetting alert flags (CLI)
The following commands display port status, including whether there are intrusion alerts for any ports, list the last 20 intrusions, and either reset the alert flag on all ports or for a specific port for which an intrusion was detected. The record of the intrusion remains in the log. For more information, see Operating notes for port security.
Syntax
show interfaces brief
List intrusion alert status (and other port status information)'.
show port-security intrusion-log
List intrusion log content.
clear intrusion-flags
Clear intrusion flags on all ports.
port-security [e] <port number> clear-intrusion-flag
Clear the intrusion flag on one or more specific ports.
Example
In the following example, executing show
interfaces
brief lists the switch port status, indicating
an intrusion alert on port A1.
To see the details of the intrusion, enter the show
port-security intrusion-log
command. For example:
The above example shows three intrusions for port A1. Since the switch can show only one uncleared intrusion per port, the older two intrusions in this example have already been cleared by earlier use of the clear intrusion-log or the port-security <port-list> clear-intrusion-flag command. The intrusion log holds up to 20 intrusion records, and deletes intrusion records only when the log becomes full and new intrusions are subsequently added. The "prior to" text in the record for the third intrusion means that a switch reset occurred at the indicated time and that the intrusion occurred prior to the reset.
To clear the intrusion from port A1 and enable the switch to enter any subsequent intrusion for port A1 in the Intrusion Log, execute the port-security clear-intrusion-flag command. If you then re-display the port status screen, you see that the Intrusion Alert entry for port A1 is changed to "No". (Executing show port-security intrusion-log again results in the same display as above, and does not include the Intrusion Alert status.)
switch(config)# port-security a1 clear-intrusion-flag
switch(config)# show interfaces brief
For more on clearing intrusions, see Keeping the intrusion log current by resetting alert flags.