Cisco Secure ACS: question for NIC

Unanswered Question
Feb 18th, 2010


how i can find out how the NIC is configurtion?

When i connect with the cli then i see only the ip adresse gateway netmask not more. How i can found maybe is 100 full or half or autoneg?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marvin Rhoads Thu, 02/18/2010 - 06:55

How do this this on a client PC varies according to whether you are using Windows or Unix.

Under Windows, you typically need to go into your network connections (in Control Panel or alternately via Network and Sharing Center in Vista/Windows 7) and choose the network adapter you are interested in. Right click on it to manage its properties. Choose "Configure" button and then select the "Advanced" tab. In that window should be a setting labelled "Speed and Duplex". You specific interface may vary since the exact layout can be modified by the adapter vendors driver files.

Under Solaris OS, use the "ndd" command:

If you have ce or bge interfaces, use kstat ce and kstat bge,  respectively, to return NIC settings. All other interfaces may use ndd to determine NIC settings.

ndd example with hme0, assuming "instance" is 0:

# ndd -get /dev/hme link_mode

0 -- half-duplex
1 -- full-duplex

# ndd -get /dev/hme  link_speed
0 -- 10 Mbit
1 -- 100 Mbit
1000 -- 1 Gbit

To query a different NIC,  such as hme1, set the  "instance" to 1, and then perform the link_mode and link_speed queries  above.

#  ndd -set /dev/hme instance 1

Note: the ndd commands above must be run as  root. Otherwise, you will receive errors such as "couldn't push module  'hme0', No such device or address."

Of course at the switch end, you can execute "show interface status" from the CLI and get a reply like:

#sh int status

Port      Name               Status       Vlan       Duplex  Speed Type
Te1/1                        notconnect   routed       full    10G 10GBase-LR

If the duplex or speed were auto, there would be an "a-" in the appropriate column.

muratayas Mon, 02/22/2010 - 00:42

Hi mklemovitch,

thank you for your answer but i have a ACS appliance with windows but i can only connect with cli and i have only this command:

?                    List commands
backup               Backup Appliance
dbcompact            Datbase Compact
download             Download ACS Install Package
exit                 Log off
exportgroups         Export group information to an FTP server
exportlogs           Export appliance diagnostic logs to FTP server
exportusers          Export user information to an FTP server
help                 List commands
ntpsync              NTP synch with predefined NTP servers
ping                 Verify connections to remote computers
reboot               Soft reboot appliance
restart              Restart ACS services
restore              Restore Appliance

rollback             Rollback patched package
set                  Set commands
set admin            Set administrator's name
set domain           Set DNS domain
set hostname         Set appliance's hostname
set ip               Set IP configuration
set password         Set administrator's password
set time             Set timezone, enable NTP synch or set date and time
set timeout          Set the timeout for serial console with no activity
show                 Show appliance status
shutdown             Shutdown appliance
start                Start ACS services
stop                 Stop ACS services
support              Collect logs, registry and other useful information
tracert              Determine the route taken to a destination
upgrade              Upgrade appliance ( stage II )

With show command i have this:

Cisco Secure ACS:
Appliance Management Software:
Appliance Base Image:
CSA build (Patch: 4_0_1_543)
Session Timeout: 10
Last Reboot Time: Mon Apr 14 13:19:31 2008

Current Date & Time: 2/22/2010 09:39:51
Time Zone: (GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
NTP Server(s): xxx.xx.xx.x

CPU Load                Free Disk               Free Physical Memory
0.00%                   19.0 GB                 143 MB

Appliance IP Configuration
    DHCP Enabled. . . . . . . . . . .: No
    IP Address. . . . . . . . . . . .: xxx.xx.xx.xx
    Subnet Mask . . . . . . . . . . .:
    Default Gateway . . . . . . . . .: xxx.xx.xx.xx
    DNS Servers . . . . . . . . . . .: xxx.xx.xx.x

CSAdmin        running
CSAuth         running
CSDbSync       running
CSLog          running
CSMon          running
CSRadius       stopping
CSTacacs       running

CSAgent        running

on the Switch site i see the configuration but on the ACS site not.



Marvin Rhoads Tue, 02/23/2010 - 06:21

On the appliance, you are limited as to what you can do or configure by design. The thought is to mask features that don't specifically relate to the device's function as a security product.

You should be coming up as auto speed and auto duplex. "show interface [interface id] status" at the switch will confirm the link status.


This Discussion