Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Gold

5.x force 100Mbit/Full duplex

I've configured the management interface of a 5.x 4235 sensor to be 100Mbit/full. It is still HALF duplex according to dmesg output and I am still seeing collisions in proc/net/cisco/ge0_1.info. Does anybody know if setting this via the CLI actually works (you can't set the management interface settings via GUI..only the sensing interface)?

TIA,

Matt

  • Intrusion Prevention Systems/IDS
6 REPLIES
Gold

Re: 5.x force 100Mbit/Full duplex

I found what seems to be a pretty elegant way to do this with 5.x, although whether Cisco supports this is doubtful. I have a ticket open on why the actual "conf t" way does not work, but in the interim here is what I am doing:

The /etc/init.d/ids_functions script sources the file /etc/options.conf. You can enter your options here.

I added the following lines to /etc/options.conf for each type of sensor (YMMV with regards to interface configuration on your sensors):

IDS-4235: E1000_OPTIONS="Speed=0,100 Duplex=0,2"

IDS-4240: E100_OPTIONS="e100_speed_duplex=4,0"

IDS-4250: E1000_OPTIONS="Speed=0,100 Duplex=0,2"

IDS-4250-SX: E1000_OPTIONS="Speed=0,100,0 Duplex=0,2,0"

IDS-4255-K9: E100_OPTIONS="e100_speed_duplex=4,0"

New Member

Re: 5.x force 100Mbit/Full duplex

How do I access this file to change these settings?

Gold

Re: 5.x force 100Mbit/Full duplex

You must get access to the filesystem via a normal shell. Here are the high-level steps...don't forget what I said about support;-)

1) create a user account with the "service" role.

2) login via ssh.

3) su to root

4) vi /etc/options.conf and add entry

5) reboot

Gold

Re: 5.x force 100Mbit/Full duplex

I certainly hope this is my last post regarding this issue, especially given the probable lack of interest by the group. I don't have (and probably won't) the time to figure out why, but in order to force full duplex in 5.0(4) you must do the above AND configure the interface as such using "conf t". Doing either one alone won't get the job done. (The exception seems to be the newer appliances, /etc/options.conf was working fine for those).

Matt

Bronze

Re: 5.x force 100Mbit/Full duplex

Sorry if I'm asking an obvious question, but did you configure the interface on the (I'll assume) switch you connected your sensor to in a likewise fashion?

When ever this happens to us, it's because we didn't configure both ends of the link to the same speed and duplex settings...

I hope this helps,

Alex Arndt

Gold

Re: 5.x force 100Mbit/Full duplex

I didn't have our netadmin group verify, but our standard is 100/Full...no autoneg. Since I was seeing late collisions on the interface, I assumed it was configured as such. The collisions have gone away since changing to 100/Full but you're right, I should verify with our netadmin group.

Matt

143
Views
4
Helpful
6
Replies