Solved: Re: Configuring speed and duplex settings of monitoring NIC unde

a.arndt · ‎07-29-2005

Good day,

While I know that, unlike IPS v5.0 where you can configure interface-specific settings via IDM, you cannot adjust interface settings using IDM in v4.1.

I was wondering if it was possible to set these things, however, via the service account?

Can someone share their suggestions, supported or not, on how to do this? Is it just a simple Google for "NIC settings Red Hat Linux 9" or is it more involved?

Thanks in advance to any who reply,

Alex Arndt

bkubesh · ‎08-08-2005

Using the service account you can create a file "/etc/options.conf" with a line that looks like:

E1000_OPTIONS='Duplex=0,0,1,2 Speed=1000,1000,100,0'

After a reboot, this will manually configure Nic1=Auto,1000 Nic2=Auto,1000 Nic3=half,100 Nic4=full,auto

Duplex: 0=auto, 1=half, 2=full

Speed: 0(auto), 10,100,1000

View solution in original post

rwassom · ‎08-01-2005

It is possible to temporarily configure interface speed/duplex using the service account in 4.x, but all changes will be overwritten by the default settings after a reboot. Hard coding these values is not recommended or supported on any sensor running 4.x software since a reboot could leave the sensor in an inaccessible state due to a speed/duplex mis-match.

-Rusty

a.arndt · ‎08-08-2005

What about a situation where you will be connecting the monitoring port of a v4.1 sensor to a passive TAP that is inline on a link with hard-coded interfaces?

It is my understanding that any device connected to a passive TAP, that is one that has two network ports and two monitoring ports (one for each TX pair), must be configured the same. So, if the two devices at either end of the tapped line are forced to specific speed and duplex settings, so should the NIC cards on the device(s) connected to the monitoring ports of the TAP.

Given this, can you provide the best practice for a v4.1 sensor? Could you also provide specifics on how to force-set the speed and duplex on the monitoring NIC, not the command and control interface, in such a way that it will survive a reboot?

Thanks in advance,

Alex Arndt

marcabal · ‎08-08-2005

This is why we don't officially support monitoring a tap with version 4.1.

Hardcoding speed and duplex is supported in 5.0.

You would need to upgrade to 5.0 if you plan on monitoring with a tap.

a.arndt · ‎08-08-2005

OK, thanks. I guess I'll have to "engineer" the solution on my own again...

Unfortunately, we're not in a position to run v5.0 yet, so I have to make due with what I have, which is v4.1

I imagine it's just a case of fiddling with the OS via the 'service account' again, but I won't ask for a response to this rhetorical question. =)

If anyone is interested, I can post my work-around, assuming I'm successful in coming up with one...

Alex Arndt

bkubesh · ‎08-08-2005

Using the service account you can create a file "/etc/options.conf" with a line that looks like:

E1000_OPTIONS='Duplex=0,0,1,2 Speed=1000,1000,100,0'

After a reboot, this will manually configure Nic1=Auto,1000 Nic2=Auto,1000 Nic3=half,100 Nic4=full,auto

Duplex: 0=auto, 1=half, 2=full

Speed: 0(auto), 10,100,1000

a.arndt · ‎08-09-2005

Thank you very much.

Alex Arndt

a.arndt · ‎08-09-2005

If I'm running a Cisco IDS-4235 with version 4.1 installed, would the following be appropriate for the "/etc/options.conf" file?

E1000_OPTIONS='Duplex=2,0 Speed=100,0'

This of course assumes that the first NIC (int0) is the monitoring interface and the second NIC (int1) is the command and control interface.

Will this work?

Alex Arndt

Configuring speed and duplex settings of monitoring NIC under IDS v4.1