Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access
Configuring and Monitoring Port Security
Log Listing with
SMC6624M(config)# log security
Security Violation
Keys:
Detected
----
W 01/01/90 00:40:30 FFI: port 2 - Security Violation
----
Log Listing with No
SMC6624M(config)# log security
Security Violation
Keys:
Detected
----
----
Figure 7-12. Example of Log Listing With and Without Detected Security Violation
From the Menu Interface: In the Main Menu, click on
Next page and Prev page to review the Event Log contents.
For More Event Log Information. See "Using the Event Log To Identify
Problem Sources" on page 11-10.
Web: Checking for Intrusions, Listing Intrusion Alerts, and
Resetting Alert Flags
1.
Operating Notes for Port Security
Identifying the IP Address of an Intruder. The Intrusion Log lists
detected intruders by MAC address. If you are using EliteView to manage your
network, you can use reports to link MAC addresses to their corresponding
IP addresses.
Proxy Web Servers. If you are using the switch's web browser interface
through a switch port configured for Static port security, and your browser
access is through a proxy web server, then it is necessary to do the following:
7-26
W=Warning
I=Information
M=Major
D=Debug
Event Log listing: Events Since Boot
Bottom of Log : Events Listed = 1
W=Warning
I=Information
M=Major
D=Debug
Event Log listing: Events Since Boot
Bottom of Log : Events Listed = 0
Check the Alert Log by clicking on the Status tab and the [Overview]
button. If there is a "Security Violation" entry, do the following:
Click on the Security tab.
a.
b. Click on [Intrusion Log]. "Ports with Intrusion Flag" indicates any
ports for which the alert flag has not been cleared.
c.
To clear the current alert flags, click on [Reset Alert Flags].
----
----
----
----
4. Event Log
Log Command
with
"security" for
Search String
and use