Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Duplex Setting on C&C and Monitoring Interface

On a 4210 sensor, Does the Duplex and Speed setting of the C&C as well as Monitoring Interface need to be specified for better throughput/performance? I noticed that sometimes the interface links go down and up again for no apparent reason.

  • Other Security Subjects
3 REPLIES
New Member

Re: Duplex Setting on C&C and Monitoring Interface

The interface settings cannot be hard coded at this time. The auto-negotiate feature should set the speed and duplex appropriately.

Cisco Employee

Re: Duplex Setting on C&C and Monitoring Interface

My usual reccomendation is to set both interfaces as 100MB Half Duplex.

The difference in performance between Half and Full Duplex is negligible, we haven't even been able to measure any performance difference in our in house tests.

Since the command and control is only sending IDS communication traffic, the difference between half and full duplex has no affect on the ability ofthe sensor to send/receive traffic.

The monitoring interface is generally only receiving traffic (occasionally sends out TCP resets), so the difference between half and full duplex is not really measurable in most circumstances.

The only times that half vs. full duplex is really an issue is when both machines that are connected are trying to send more than 100MB on that single connection.

Since neither command and control or the sniffing interface should be dealing with more than 100MB then half duplex is fine.

So try setting it to 100MB Half Duplex on the switch (not configurable on the sensor side), and see if the port stops going up and down.

New Member

Re: Duplex Setting on C&C and Monitoring Interface

That did not help either.

Some other things we did:

1. Set to 10/Half.

2. Put in a hub instead.

Above did not work either.

This happens with more than one sensor. If you reboot the CSPM box (NT 4.0 SP6A, One NIC), communication establishes again. Then after a random time period, goes down again with another sensor.

93
Views
0
Helpful
3
Replies