03-27-2008 03:35 AM - edited 03-05-2019 10:00 PM
Hi everyone,
One of my cisco 3550 switchport (fastEthernet)is connected to an ASA firewal gig port. Settings are as follows:
@Switch: Full duplex / 100 mbps
@fw: auto / auto
Now the problem is that the FW interface is negotiating to half duplex / 100 mbps rather that full duplex. Where does the problem lie, we want it to be ful duplex? can a bad cable or bad port also create such duplex mismatch.
--gaurav
Solved! Go to Solution.
03-27-2008 03:03 PM
you will find that if you have a duplex mismatch on two cisco devices that support CDP you will get messages stating that there is a duplex mis-match right away (FW probably doesn't have cdp on by default) this is because Cisco can read both sides of the connection and tell if there is a mis-match. not sure that I want a message popping up every time I hard code a speed/duplex.
03-27-2008 04:26 AM
Hi Gaurav ,
If you change switch port to auto and auto what is the status of FW gig port.
If possible change the speed and duplex to full and 100Mbps on FW Gig interface.
Thanks,
Satish
03-27-2008 04:40 AM
gaurav
Both devices should be set the same way for speed and duplex: if 1 is set for auto they should both be set for auto and if 1 is set manually then both should be set manually.
What is happening to you is an example of this principle. You have set the switch duplex setting manually so it will not negotiate. And if a device does not negotiate duplex and the other device is attempting to negotiate duplex then the other device will default to half duplex. So I suggest that either you change the firewall to set speed and duplex or you change the switch to auto auto.
HTH
Rick
03-27-2008 04:52 AM
I can't believe people still do this...
Cisco should add a warning message to Catalyst IOS if the speed or duplex is manually set saying that the connected device must be hard-coded or a duplex mismatch may occur.
Andy
03-27-2008 05:46 AM
I agree that there should be some warning message
Often i have seen this issue cropping up when a desktop is connected via an IP phone. Ports on the IP phone are set to auto while they are hard coded on the switch resulting poor performance
Narayan
03-27-2008 06:37 AM
I like this Topic, Plz anyone Provide Right sOlution
03-27-2008 07:32 AM
There are two right solutions:
1. Auto on the host, auto on the switch
2. Fixed on the host, same fixed on the switch.
There are two wrong solutions:
1. Auto on the host, fixed on the switch
2. Any fixed on the host, auto on the switch
This is the No 1 candidate for an FAQ.
Kevin Dorrell
Luxembourg
03-27-2008 02:21 PM
The firewall is working as designed . When you hardcoded the switch and left the FW as auto you created a speed/duplex mismatch . Auto can always sense the speed ok but it cannot correctly sense the farend for duplex unless the far end is also auto so it will default the interface which is half duplex so the FW actually worked as expected , just match the ends if the switch is hardcoded then the FW must be hardcoded otherwise change the switch to auto for speed and duplex.
03-27-2008 02:27 PM
thanks a lot gys........
I'm feeling like committed injustice to your intelligence by asking this question, really...... will never forget the fundamental now.
--gaurav
03-27-2008 03:03 PM
you will find that if you have a duplex mismatch on two cisco devices that support CDP you will get messages stating that there is a duplex mis-match right away (FW probably doesn't have cdp on by default) this is because Cisco can read both sides of the connection and tell if there is a mis-match. not sure that I want a message popping up every time I hard code a speed/duplex.
03-27-2008 03:23 PM
Gaurav, don't worry about it. It's just that it is probably the most frequently asked question here. That's not your fault - it just means that we, or Cisco, have not made a good enough job of getting the message across.
Someone suggested that the software should warn you of the incompatibility. I agree - that would be a great idea. What about it Cisco? - it should be easy enough to implement a warning message.
Kevin Dorrell
Luxembourg
03-27-2008 03:36 PM
No please, Cisco IOS is not Microsoft :-).
If i want to code a ports speed/duplex i really don't want to be reminded everytime that this may create a problem - it will be like when you try and delete a file off windows and it keeps asking you if you are really really sure. It's bad enough when you have to configure a port as portfast !
I guess it's different strokes for different folks but coming from a Unix background originally, one of the things i love about IOS is that it just lets you get on with it.
I suspect a fair few will disagree :-)
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide