Solved: host-4215-3725 no link

tar_mynastyr · ‎10-22-2007

Good day Everyone! I've read all of cisco guides but I can't figure out why I'm experiencing the following problem:

1. I have'got 4215 in inline mode

2. Windows host with 10.0.3.1/24,10.0.3.254 (ip\mask, gateway) is on fa0/1 interface and Cisco 3725 is on fa1/0 port of the sensor.

3. I've got the following configuration on Cisco 3725 interface:

!

interface FastEthernet2/12

switchport access vlan 23

!

interface Vlan23

ip address 10.0.3.254 255.255.255.0

ip access-group IDS_vlan23_out_1 out

ip nat inside

ip virtual-reassembly

!

4. the sensor has the following configuration:

----

inline-interfaces pair-0

no description

interface1 FastEthernet0/1

interface2 FastEthernet1/0

----

service analysis-engine

virtual-sensor vs0

logical-interface pair-0

------

5. if I issue "packet display FastEthernet0/1" of "packet display FastEthernet1/0" on the sensor I see the same:

traffic from Cisco 3725 OSPF hellos:

-------------------------------

18:57:32.329981 802.1d config 8000.00:0b:46:fc:95:50.805d root 8000.00:0b:46:fc:95:50 pathcost 0 age 0 max 20 hello 2 fdelay 15

--------------------------------

BUT! The problem is I do not have a physical link on my Windows host to the network (the red cross on network connection Icon on the bottom right side of the toolbar)

Can anyone please give me a hint what I've done wrong?

Thanks in Advance!

marcabal · ‎10-22-2007

What type of cable are you using to connect the Host with the sensor?

Are you using a crossover cable?

With 10/100 ports, a crossover cable is needed when connecting 2 Hosts.

When planning the cabling remember that the IDS-4215 acts like an end host (as do routers) instead of a switch or hub.

Normally the switch or hub does the crossover internally so a straight through cable is used when connecting a Host to a switch or hub. BUT when connecting a Host to a Host (or sensor, or router) the cross over must be externally by using a cross over cable.

If you are already using a crossover cable, then the next thing to determine is if there is a problem with speed and duplex negotiation.

You might try hard coding both the Host and sensor to use 100 Mbps Full Duplex. Bu hardcoding both sides you won't have to worry about auto negotiation.

NOTE: If using 10/100/1000 interfaces on both the Host and Sensor you likely could have used a straight through cable. The When neogiating to 1 Gbps the NICs can detect the difference between a straight through and cross over cable and adjust to use either type in most circumstances.

BUT most 10/100 interfaces generally lack this capability and require a cross over cable when connecting from Host to Host.

View solution in original post

marcabal · ‎10-22-2007