4250XL auto negotiate or fullduplex
Does anyone out there using 4250XL on:
1. span port of switch configured as 10/100/1000 fullduplex?
2. Toplayer taps?
We are unable to get the sniffing port going as it does not recognize the tap nor the span port. Upon speaking with Cisco, we were advised that the span port has to be configured as "AUTO NEGOTIATE" for any Cisco IDS to work. We currently have a 4235 running without any problem.
We were advised against making the config change on the sensor as it is not supported.
A smart IDS should be able to recognize whatever mode on the switch, don't you agree?
Are we missing something? Can anyone clarify please.
Thanks,
Simone.
Does anyone out there using 4250XL on:
1. span port of switch configured as 10/100/1000 fullduplex?
MC> The sensor does not support configuration of the speed/duplex on the sensor or switch. It should be left auto negotiate for both speed and duplex.
When hardcoding speed/duplex, you must either hard code both devices to the same speed/duplex, or hardcode one device to the default speed/duplex of the second device.
In the case of the IDS-4250-XL running version 4.1 software, there is no support for speed/duplex setting of the interface so it is best to leave the switch in auto negotiation as well.
(NOTE: In version 5.0 support is being added so the sensor interfaces may have their speed/duplex configured by the user. With 5.0 the command and control could be set to 10 or 100 or 1000 for the speed and half or full for the duplex. With 5.0 the sniffing interfaces of the IDS-4250-XL can be configured to 1000 Full duplex. 10/100 speeds and half duplex settings will not be supported on the Gig fiber sniffing interfaces.)
2. Toplayer taps?
MC> The IDS-4250-XL does not currently work with Fiber TAPs. The Fiber taps do not provide a valid link to the fiber sniffing ports of the IDS-4250-XL so the sniffing ports are not brought up for monitoring.
We are unable to get the sniffing port going as it does not recognize the tap nor the span port. Upon speaking with Cisco, we were advised that the span port has to be configured as "AUTO NEGOTIATE" for any Cisco IDS to work. We currently have a 4235 running without any problem.
MC> If you happened to set the switch to match the 4235's default settings then you got lucky and it worked (it won't always work). It is best to leave the switch configured for auto negotiate.
We were advised against making the config change on the sensor as it is not supported.
MC> Correct that this is not supported in version 4.1. (NOTE: The feature is being added in 5.0)
A smart IDS should be able to recognize whatever mode on the switch, don't you agree?
MC> No, When settings the speed and duplex on one device you need to set the speed and duplex on the other device as well. Or you could wind up with mismatches in speed and duplex settings that would prevent you from establishing a link. If the speed/duplex is only set on one device, that device does not advertise it's speed and duplex to the other device. Sometimes you get lucky and the default on the other device works, but you can't always count on this.
Are we missing something? Can anyone clarify please.
Similar Messages
-
Does my Intel PRO/100 VE Desktop Adapter have auto-negotiate?
My two desktops have all but identical hardware & software (both run XP Pro SP2). I use no router or hub (at least not between these two computers) and for security and other reasons, connect PC 1 to a CAT 6 cable for web surfing and downloading. Occasionally, however, I'll want to back up those youtube videos I download to PC1 onto PC2. I've been using flash drives to do this, but I was curious whether this could also be done via the Intel Pro/100VE NICs in both pcs. Once this simple pc-to-pc network is set up, I thought that during a backup session, I'd just have to disconnect PC2's CAT cable from the house Internet jack, connect the cable between both NICs make a copy of the file(s) that I want to send from the C drive of PC2 to that of PC1 and click send.
However, I've read that the first step is to have valid connectivity between the NICs. That is, you need a CAT crossover cable, not the CAT patch cable I have. OR one, if not both NICs need to have auto-negotiate capability. During a file sharing session, auto-negotiate (which I think is the same as auto-detect, ditto Auto-MDIX, ditto Auto-MID-X) senses that the cable is a patch configuration and electrically re-routes the connections as a crossover (for what I think the Wikipedia calls Full Duplex data communication).
Thus, I connected both NICs with the patch cable. But in Explorer on both PCs, when I click on Network Connections, click the NICs icon, click Configure, click Advanced click Link Speed and Duplex scroll to Auto Detect and click OK, I can't get the NICs to communicate (ie. the red X stays on the icons and the LEDs on the NICs don't light).
So does anyone know if 1.) The Intel Pro/100VE NICs have auto-negotiate. 2.) If yes, how do I enable it or is it done automatically when I connect a patch cable instead of a crossover cable? 3.) If these NICs do have auto-negotiate and if it's fully plug & play, what else has to be done to get these NICs to talk to each other?
Can this kind of NIC to NIC card file sending via CAT 5 cable be done without having to load the Windows XP CD every time I want to transfer files from the hard drive of one pc to that of the other?
And does this involve little more than creating a unique IP address for each of the pcs. If yes, can someone please provide a step-by-step procedure?
Message Edited by chane on 02-16-2009 06:31 PMHello,
Try the following URL for help on this interface:
http://www.opensolaris.org/os/community/laptop/wireless/;jsessionid=D977D56D1808AFBA7DD28EB0CA3FF6D6
HTH
Tom -
2500 WLC ports auto negotiate?
I see the 2500 porst are 1 Gigabit ports.
Are they 10/100/1000 ports though?
Have an older switch that only has 10/100 ports.
ThanksAs per the datasheet I'd say 10/100/1000....
http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html
Wired/Switching/Routing
IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX specification, 1000BASE-T, and IEEE 802.1Q VLAN tagging. -
Auto Configure not prompting for credentials
Hi Folks,
I've a problem where users of Outlook on XenApp cannot configure an email profile. It just times out. I access the same XenApp server/user account from a Published Desktop or RDP the profile configures fine.
The Outlook Auto Configuration tool works identically in both scenarios except for the last step. On the Published Desktop I am prompted for domain credentials and then sent the Autodiscover XML file. However, over a XenApp session Auto Configuration never
prompts for login details, although the log say differently, and the attempt fails.
I turned on Outlook logging and captured Autodiscover logs for both scenarios (identifying information is changed to NWTraders)
Log of Autodiscover failure over a XenApp session
11676 0x0073AF1C
02/05/15 13:13:07 Autodiscover to https://mail.nwtraders.com/autodiscover/autodiscover.xml starting 11676
0x0073B22A 02/05/15 13:13:08
GetLastError=0; httpStatus=401. 11676
0x0073B22A 02/05/15 13:13:08
AutoDiscover disabled auth schemes: 11676
0x0073B22A 02/05/15 13:13:08
<NONE> 11676
0x0073B22A 02/05/15 13:13:08
AutoDiscover supported auth schemes: 11676
0x0073B22A 02/05/15 13:13:08
Negotiate 11676 0x0073B22A
02/05/15 13:13:08 NTLM 11676
0x0073B22A 02/05/15 13:13:08
Basic 11676 0x0073B22A
02/05/15 13:13:08 AutoDiscover attempting Auto-Negotiate with Desktop Credentials. 11676
0x0073B22A 02/05/15 13:13:08
AutoDiscover USING pcreds->dwAuthScheme: 11676
0x0073B22A 02/05/15 13:13:08
Negotiate 11676 0x0073B258
02/05/15 13:13:08 GetLastError=0; httpStatus=401. 11676
0x0073B258 02/05/15 13:13:08
AutoDiscover attempting NTLM with Desktop Credentials. 11676
0x0073B258 02/05/15 13:13:08
AutoDiscover USING pcreds->dwAuthScheme: 11676
0x0073B258 02/05/15 13:13:08
NTLM 11676 0x0073B287
02/05/15 13:13:08 GetLastError=0; httpStatus=401. 11676
0x0073B287 02/05/15 13:13:08
AutoDiscover attempting supplied Credentials. 11676
0x0073B287 02/05/15 13:13:08
[email protected] 11676
0x0073B287 02/05/15 13:13:08
AutoDiscover USING pcreds->dwAuthScheme: 11676
0x0073B287 02/05/15 13:13:08
Negotiate 11676 0x0073C563
02/05/15 13:13:13 GetLastError=0; httpStatus=401. 11676
0x0073C563 02/05/15 13:13:13
AutoDiscover attempting Basic auth with the Supplied Credentials. 11676
0x0073C563 02/05/15 13:13:13
[email protected] 11676
0x0073C563 02/05/15 13:13:13
AutoDiscover USING pcreds->dwAuthScheme: 11676
0x0073C563 02/05/15 13:13:13
Basic 11676 0x0073CE7C
02/05/15 13:13:15 GetLastError=0; httpStatus=401. 11676
0x0073CE9B 02/05/15 13:13:15
AutoDiscover attempting AutoDiscover Credentials. 11676
0x0073CE9B 02/05/15 13:13:15
[email protected] 11676
0x0073CE9B 02/05/15 13:13:15
AutoDiscover USING pcreds->dwAuthScheme: 11676
0x0073CE9B 02/05/15 13:13:15
Negotiate 11676 0x0073D84F
02/05/15 13:13:17 GetLastError=0; httpStatus=401. 11676
0x0073D85F 02/05/15 13:13:17
AutoDiscover attempting AutoDiscover Credentials. 11676
0x0073D85F 02/05/15 13:13:17
[email protected] 11676
0x0073D86E 02/05/15 13:13:17
AutoDiscover USING pcreds->dwAuthScheme: 11676
0x0073D86E 02/05/15 13:13:17
Negotiate 11676 0x0073E204
02/05/15 13:13:20 GetLastError=0; httpStatus=401. 11676
0x0073E204 02/05/15 13:13:20
AutoDiscover prompting for Exchange credentials. 11676
0x0073E213 02/05/15 13:13:20
Autodiscover to https://mail.nwtraders.com/autodiscover/autodiscover.xml Failed (0x80040113) 11676
0x0073E213 02/05/15 13:13:20
AutoDiscover Warning: ExcludeHttpRedirect is ON. 11676
0x0073E213 02/05/15 13:13:20
AutoDiscover Warning: ExcludeSrvRecord is ON. 11676
0x0073E213 02/05/15 13:13:20
AUTODISCOVER GET SETTINGS END 11676
0x0073E213 02/05/15 13:13:20
Log of Autodiscover success over Published Desktop (works same over RDP)
02/05/15 13:11:40 Autodiscover to https://mail.nwtraders.com/autodiscover/autodiscover.xml starting 12244
0x00725EBF 02/05/15 13:11:41
GetLastError=0; httpStatus=401. 12244
0x00725EBF 02/05/15 13:11:41
AutoDiscover disabled auth schemes: 12244
0x00725EBF 02/05/15 13:11:41
<NONE> 12244
0x00725EBF 02/05/15 13:11:41
AutoDiscover supported auth schemes: 12244
0x00725EBF 02/05/15 13:11:41
Negotiate 12244 0x00725EBF
02/05/15 13:11:41 NTLM 12244
0x00725EBF 02/05/15 13:11:41
Basic 12244 0x00725EBF
02/05/15 13:11:41 AutoDiscover attempting Auto-Negotiate with Desktop Credentials. 12244
0x00725EBF 02/05/15 13:11:41
AutoDiscover USING pcreds->dwAuthScheme: 12244
0x00725EBF 02/05/15 13:11:41
Negotiate 12244 0x00725EEE
02/05/15 13:11:41 GetLastError=0; httpStatus=401. 12244
0x00725EEE 02/05/15 13:11:41
AutoDiscover attempting NTLM with Desktop Credentials. 12244
0x00725EEE 02/05/15 13:11:41
AutoDiscover USING pcreds->dwAuthScheme: 12244
0x00725EEE 02/05/15 13:11:41
NTLM 12244 0x00725F1D
02/05/15 13:11:41 GetLastError=0; httpStatus=401. 12244
0x00725F2C 02/05/15 13:11:41
AutoDiscover attempting supplied Credentials. 12244
0x00725F2C 02/05/15 13:11:41
[email protected] 12244
0x00725F2C 02/05/15 13:11:41
AutoDiscover USING pcreds->dwAuthScheme: 12244
0x00725F2C 02/05/15 13:11:41
Negotiate 12244 0x0072719B
02/05/15 13:11:46 GetLastError=0; httpStatus=401. 12244
0x007271AB 02/05/15 13:11:46
AutoDiscover attempting Basic auth with the Supplied Credentials. 12244
0x007271AB 02/05/15 13:11:46
[email protected] 12244
0x007271AB 02/05/15 13:11:46
AutoDiscover USING pcreds->dwAuthScheme: 12244
0x007271AB 02/05/15 13:11:46
Basic 12244 0x00727AC3
02/05/15 13:11:48 GetLastError=0; httpStatus=401. 12244
0x00727AF2 02/05/15 13:11:48
AutoDiscover attempting AutoDiscover Credentials. 12244
0x00727AF2 02/05/15 13:11:48
[email protected] 12244
0x00727AF2 02/05/15 13:11:48
AutoDiscover USING pcreds->dwAuthScheme: 12244
0x00727AF2 02/05/15 13:11:48
Negotiate 12244 0x007285CF
02/05/15 13:11:51 GetLastError=0; httpStatus=401. 12244
0x007285EE 02/05/15 13:11:51
AutoDiscover attempting AutoDiscover Credentials. 12244
0x007285EE 02/05/15 13:11:51
[email protected] 12244
0x007285EE 02/05/15 13:11:51
AutoDiscover USING pcreds->dwAuthScheme: 12244
0x007285EE 02/05/15 13:11:51
Negotiate 12244 0x00728F93
02/05/15 13:11:53 GetLastError=0; httpStatus=401.12244
0x00728F93 02/05/15 13:11:53
AutoDiscover prompting for Exchange credentials. 12244
0x0072B25D 02/05/15 13:12:02
corpNWTraders\jsmith 12244
0x0072B25D 02/05/15 13:12:02
AutoDiscover USING pcreds->dwAuthScheme: 12244
0x0072B25D 02/05/15 13:12:02
Negotiate 12244 0x0072BB95
02/05/15 13:12:05 GetLastError=0; httpStatus=200. 12244
0x0072BB95 02/05/15 13:12:05
Autodiscover XML Received
12244 ---BEGIN XML---
I have the Autodiscover methods which use Active Directory turned off because the Exchange service is not on my domain or a Trusted domain. So we are relying on the HTTPS method only
11588 0x00404E76
02/05/15 12:17:01 AutoDiscover Warning: ExcludeScpLookup is ON.
11588 0x00404E76
02/05/15 12:17:01 AutoDiscover Warning: ExcludeHttpsRootDomain is ON.
11588 0x00404E76
02/05/15 12:17:01 AutoDiscover Warning: ExcludeHttpsAutoDiscoverDomain is ON.
Regards - MicHi,
Based on the information you provided, the issue was caused by an Autodiscover failure. To troubleshoot the issue, I suggest you post the question in Exchange forum:
https://social.technet.microsoft.com/Forums/office/en-US/home?category=exchangeserver
Regards,
Melon Chen
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please click
here -
Auto negotiation of codec in AS5350
My gateway (AS5350) can not do autonegotation of codec. Can anyone tell me how to do. I'm using c5350-is-mz.122-15.T14.bin in my gateway. I have config:
voice class codec 1
codec preference 1 g729r8
codec preference 2 g729br8
codec preference 3 g723r63
codec preference 4 g723r53
But I can not auto negotiate codec and always use g729.Within Cisco's best practices for the large L3 switches (http://www.cisco.com/en/US/products/hw/switches/ps700/products_white_paper09186a00801b49a4.shtml), they recommend for 100 Mbps "As a rule, first use autonegotiation for any type of link partner." but also recommend if there's a problem configure for 100/full. For gig, they have "Enable Gigabit negotiation on all switch-to-switch links and, generally, on all GE devices."
My experience has been with current gen equipment, there's often less issues with auto working correctly vs. someone forgeting to properly configure both sides of the connection expecially when for some reason they connect to a different port (like when dealing with a hardware failure). -
I am trying to connect a Cat 500 Express to a 2950, using a stright-through cable.
If I enable auto-mdix on the Cat 500, I have to enable auto speed and duplex settings.
If I do this, I get a duplex mismatch.
Can i set the auto-mdix to work, without having to auto-negotiate the speed and duplex settings ?
On the 2950, the settings are 100/full
ThanksBY default CE-500 is auti-mdix & u need not make any changes on duplex settingz. bcoz i never faced such problem by connecting my CE-500 to 2950, juz a straight cable connecting from CE-500 gigabit to 2950 gigabit. thatz it, i didn't get any duplux mismatch, try to check once again in 2950 that every thing is set auto(duplex & speed)
-
NEW THREAD: 10G SFP+ Auto-Negotiating to 1G?
Can a 10G SFP+ SR optic plugged into switch "A" AUTO-NEGOTIATE to 1G to support a 1G SFP SR optic plugged into switch "B" at the other end of the fiber cable?
In short, what I am asking is whether a 10G SFP+ optic (SR/LR - doesn't matter) can be connected with fiber (of course) to a 1G optic and negotiate DOWN?
If not, how do I connect that 1G sfp+ optic to a 10G sfp+ switch port?
NOTE: I know Cisco SFP+ optics only operate at 10G and Cisco SFP optics operate only at 1G. But my question is a general question about SFP/SFP+. From my understanding, SFP+ CANNOT (regardless of vendor) negotiate down to 1G because the SFP+ standard defines a speed range between 4.25 Gbps to 16Gbps. Can someone verify?Here is one common Optic SFP that does do both 1G and 10G:
Intel E10GSFPSR and
Intel E10GSFPLR
http://www.intel.com/content/dam/doc/product-brief/ethernet-sfp-optics-brief.pdf
http://www.intel.com/support/network/adapter/pro100/sb/CS-030612.htm (expand section 1)
I know for certain that they do support both 1G and 10G as for quite a while I ran these SFPs with Cisco GLC-SX-MMD, and eventually (now) Cisco SFP-10G-SRs. No config changes or modifications were required to support this functionality.
This was in a UCS server with a supported Cisco UCS Intel X520 card. -
Speed/Duplex are not advertising correctly with configured values
Hi,
I have a gateway which runs on Windows Embedded Standard 7 which has Intel NIC Card.
I have connected this gateway and a switch in a network where switch has configured speed/duplex as 1000Mbps/Full.
When I set the Speed/Duplex on my gateway's NIC to Auto-Negotiate or 1000Mbps/Full, it negotiating/advertising the speed and duplex properly.
But when Speed/Duplex sets to 100Mbps/Full on gateway's NIC, in the Switch it shows that my gateway is advertising the Speed/Duplex as 100Mbps/Half Duplex.
I have checked the registry entries which sets when we configure the Speed/Duplex at adapter properties, registry entries are fine. I am not able to understand how exactly it negotiates Speed/Duplex and why it is advertising with 100Mbps/Half Duplex when
it is configured for 100Mbps/Full.
Thanks,
ChallaskHi Andy,
Thanks for the reply.
I have checked that the configured value on the adapter is 100Mbps/FullDuplex. I am checking these configured values through the registry entry
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\00NN\*SpeedDuplex. It shows the configured value.
The doubt have here is that i have checked the enum values for this *SpeedDuplex entry, it shows in the following way:
0 - Autonegotiation
1- 10Mbps HalfDuplex
2 - 10Mbps FullDuplex
3 - 100Mbps HalfDuplex
4 - 100Mbps FullDuplex
6 - 1000Mbps
Why don't have here the value 5?
I have checked this registry in other Windows Operating systems, it shows correctly. Only in this Windows Embedded Standard 7 OS it shows this way. Will it create any issue? While performing the Speed/Duplex advertisement/Negotiation will it use these enum
values? If so how can I resolve this issue?
Thanks,
Challask -
Hello Experts,
I tried SNMP walk from LMS for below OIDS but getting the error as attached..
MIB Name :- c2900PortDuplexState
OID's : 1.3.6.1.4.1.9.9.87.1.4.1.1.31
1.3.6.1.4.1.9.9.87.1.4.1.1.32
But while i do with OID 1.3.6.1.4.1.9.5.1.4.1.1.10 its showing the results.
My requirement is the pull the current negotiated Duplex status of interfaces, but with the OID 1.3.6.1.4.1.9.5.1.4.1.1.10 its only showing the configured values [ Auto , full or Half] not the negotiated duplex status if the port is in auto state. Please suggest.
Regards
DebenTopping up on Rolf's from cisco Object Navigator:
Object
c2900PortDuplexState
OID
1.3.6.1.4.1.9.9.87.1.4.1.1.31
Type
INTEGER
Permission
read-write
Status
current
Values
1 : fullduplex
2 : halfduplex
3 : autoNegotiate
MIB
CISCO-C2900-MIB ; - View Supporting Images
Description
"Set to fullduplex(1) to operate in full duplex mode, port
will allow simultaneous transmit and receive which can
double its bandwidth.
Set to halfduplex(2) to operate in half duplex mode.
Set to autoNegotiate(3) to allow the switch to negoti-
ate with the other end of the connection.
The status of duplex mode on a port is available with
c2900PortDuplexStatus object."
Object
c2900PortDuplexStatus
OID
1.3.6.1.4.1.9.9.87.1.4.1.1.32
Type
INTEGER
Permission
read-only
Status
current
Values
1 : fullduplex
2 : halfduplex
MIB
CISCO-C2900-MIB ; - View Supporting Images
Description
"The status of duplex mode on this port.
When linkbeat is not present, halfduplex is always
reported.
When linkbeat is present, the result of full duplex
auto-negotiation is reported if c2900PortDuplexState is
set to auto-negotiate, otherwise it reports fullduplex
if c2900PortDuplexState is set to fullduplex or
halfduplex if c2900PortDuplexState is set to
halfduplex."
Object
portDuplex
OID
1.3.6.1.4.1.9.5.1.4.1.1.10
Type
INTEGER
Permission
read-write
Status
current
Values
1 : half
2 : full
3 : disagree
4 : auto
MIB
CISCO-STACK-MIB ; - View Supporting Images
Description
"Indicates whether the port is operating in half-
duplex, full-duplex, disagree or auto negotiation
mode. If the port could not agree with the far end
on port duplex, the port will be in disagree(3)
mode."
Object
dot3StatsDuplexStatus
OID
1.3.6.1.2.1.10.7.2.1.19
Type
INTEGER
Permission
read-only
Status
current
Values
1 : unknown
2 : halfDuplex
3 : fullDuplex
MIB
EtherLike-MIB ; - View Supporting Images
Description
"The current mode of operation of the MAC
entity. 'unknown' indicates that the current
duplex mode could not be determined.
Management control of the duplex mode is
accomplished through the MAU MIB. When
an interface does not support autonegotiation,
or when autonegotiation is not enabled, the
duplex mode is controlled using
ifMauDefaultType. When autonegotiation is
supported and enabled, duplex mode is controlled
using ifMauAutoNegAdvertisedBits. In either
case, the currently operating duplex mode is
reflected both in this object and in ifMauType.
Note that this object provides redundant
information with ifMauType. Normally, redundant
objects are discouraged. However, in this
instance, it allows a management application to
determine the duplex status of an interface
without having to know every possible value of
ifMauType. This was felt to be sufficiently
valuable to justify the redundancy."
-Thanks -
Time Capsule will not recognize physical Ethernet connection
I recently purchased a Third Generation 2TB Time Capsule (MC343LL/A). Last night, I attempted to utilize the Time Capsule's internal Base Station to create a new wireless network for home usage via both AirPort Utility on my MacBook, and upon failure, additionally with the AirPort Utility app on my iPhone 4 . After using AirPort Utility to initialize the Time Capsule's primary settings, I was then met with an error upon restart of the Time Capsule, stating "Problem 1 of 1: Ethernet Unplugged". Enter the issue, as the Ethernet cable is in fact physically connected to the WAN port on the back of the Time Capsule. Subsequently, this results in the infamous flashing yellow status LED on the unit, and no network creation. Now, if I take that exact Ethernet cable end and plug it into my AirPort Express' (M9470LL/A and MB321LL/A) they recognize it. An older D-Link wireless router that I have kicking around also recognizes said Ethernet cable and connection, as well as both of my MacBooks (MB402*/B), and my Apple TV (Second Generation). I have attempted to both hard reset and soft reset the Time Capsule a myriad of times, and powered my cable modem on and off an equal number of times. All to no avail. And yes, I have tested all of the above with a plethora of different physical cables. Any and all ideas or suggestions are greatly appreciated.
In your normal setup.. is the TC connected via a wall ethernet port directly back to the modem? Have you plugged the TC directly into the modem with a short 1M patch cable?
We do see occasional instances of gigabit not exchanging auto speed info correctly with fast ethernet. Somewhere you need to be able to lock the speed at one end.. so the auto speed is removed.
That is not possible in the TC.. perhaps the modem offers some way to lock the speed.
Putting a switch inbetween is often the way to fix the problem.. which is exactly what you are doing with the dlink router.. they correctly auto-negotiate the speed. Can you please check if the dlink is 10/100 which speed it linked at. If it linked at 10mbit I would say there could be issues with the WAN port of the TC. -
Hi,
I need help please. Did anyone do a whole page animation in Edge Animate and place the OAM file into Muse, and somehow all the menu and social media icon buttons in Muse are blocked by the placed animation? All my menu buttons, social media icon buttons and a link are not working (blocked by the transparent AN stage). I can't go to any other pages because of this issue when previewed in browser. My animation is a slide-open page from center of the page to both right and left side, also text moved up to the top. All are moved out of the stage once animation finished to show the home page with contents, including menu and social media icon buttons. Thanks for your help in advance!!
Thanks,
mykw123That answers why the two G4's talk normally! I do
have the TCP/IP settings set up manually.
Well, if they are already set manually, maybe you should change them to Auto-negotiate. You shouldn't have to use the Manual setting at all. If you so, then someone, usually the people who wrote the driver for the network card, have screwed something up. It then becomes your job to fix it.
The problems are just very slow document/file
transfer from either new to old or old to new
computer over network, which usually is great with
the two G4's.
That is probably the problem. You may want to go ahead and setup the new machine with manual settings to match the G4s. Otherwise, even the Internet will be noticeably slower.
As for Target Disk Mode...so reboot the old G4
holding the T key and the hard drive should show up
on the desktop of the new computer?
That will do it. It is the best and fastest option to transfer large amounts of data. But even target disk mode is kind of slow. A real, external firewire hard drive will be the fastest of all. It is an excellent idea for backups and this kind of thing. -
Ls -lrt command taking much time to display the O/P
HI Folks,
Very freequently i am facing the slow response issue in my environment eventhough i am having enough memory in the environment.
Even if i tried to execute ls -lrt command it is taking couple of mins to display the o/p. Can you guys please help me in debugging this issue.
I am using Red Hat Enterprise Linux Server release 5.3 (Tikanga).
Cheers, Jani Shaik.Promiscuous mode of a network card means that the card passes all traffic it receives to the CPU rather than just frames addressed to it. The error "serial8250: too much work for irq4" usually means the serial port is stuck, which might indicate the CPU is overloaded.
Question will be why your NIC is in promiscuous mode — a feature normally used for packet sniffing, and bridged networking for hardware virtualization.
Other things you should check is to make sure you have good network cabling and run in full duplex mode, meaning either fixed or auto-negotiate on both ends, your card and NAS server or swtich port. What is your output using ethtool on the interface you are using to connect to the NAS server e.g. # ethtool eth0
You should also check your NFS setup. Do you mount NFS using /etc/fstab? -
Problem with D-link DFE 520 TX NIC.
Hi,
I got a internet connection (ADSL) recently.
I can browse using Windows, but I cannot browse using Solaris 10 x86
(6/06).
I have a Gigabyte 8LD 533 Motherboard with 512 MB RAM, a D-link 520
TX ( I did not have much options. Rest were either D-link cards that
didnt look like they were
supported by Solaris at all, or other cards that were way too
expensive) and dual boot Windows XP SP2 and Solaris 10 x86 (6/06).
I googled a bit and found that Realtec drivers seem to work for some D-
link NICs so downloaded the RTLS211.zip file and unzipped the file.
This file created rtls (which is
32 bit executable), rtls.conf, Install (Installation script file) and
the read me file for Solaris.Followed the instructions and added
"pci1186,1405" in the Install file.
Then rebooted Solaris. Got the following message:
Notice:
RTLS: version 2.1.1 (640909)
RTLS Attach: Vendor ID: : 0x1106 Device ID: : 0x3106.
Mar 22, 06:12:04 svc.startd[7]: svc:/network/physical/:default
Method "/lib/svc/method/net-physical" failed with exit status 96.
[network/physical.default misconfigured. (see svcs -x for details).
However, ifconfig -a shows rtls0 with the correct MAC Address of the
NIC, but IP Address was set to 0.0.0.0.
( I hope I followed the readme file correctly, cause the first time I
tried it, it said it could not attach a driver to it, but the next
time when I tried it using the IDs after
doublechecking the output of prtconf and then ran the install file, it
said it had installed the driver).
Hence tried manually setting the IP Address using the following
command
ipconfig rtls0 (I used the same IP Address which was shown by
executing a ipconfig command in Windows XP).
Trying ipconfig -a again, it had taken the IP Address, the broadcast
IP Address too had been assigned automatically, yet I could not ping.
So googled again by typing the error message in search field and after
that did the following:
Updated the hosts file and the ipnodes file as shown:
hosts file
# Internet host table
127.0.0.1 localhost loghost ugrankar
192.168.1.100 rtls0 loghost ugrankar
ipnodes file:
# Internet host table
::1 localhost loghost ugrankar 127.0.0.1 localhost loghost
ugrankar
::2 rtls0 loghost ugrankar 192.168.1.100
rtls0 loghost ugrankar
Then ran the command svcadm clear network/physical.
Still no go.
Am I doing something wrong here? May be a very basic mistake? This is
my first time trying to get online with Solaris 10. Please let me
know.
Also see below some more files that might make things clearer.
Here is how my Install file looks:
#!/bin/sh
basedir="/"
drvname=rtls
drvconf=rtls.conf
set -x
# install driver
cp rtls ${basedir}/kernel/drv/${drvname}
cp rtls.conf ${basedir}/kernel/drv/${drvconf}
chmod 755 ${basedir}/kernel/drv/${drvname}
chown root:sys ${basedir}/kernel/drv/${drvname}
# update
# /etc/driver_aliases
# /etc/name_to_major
# grep "^${drvname}\>" /etc/name_to_major > /dev/null 2>&1 \
&& rem_drv -b ${basedir} ${drvname}
#add_drv -v -b ${basedir} -i '"pci1186,1301" "pci10ec,8139"' $
{drvname}
add_drv -v -i '"pci1186,1405" "pci10ec,8139" "pci1113,1211"' $
{drvname}
exit 0
And this is how my rtls.conf file looks:
#Driver.conf file for the RealTek 8139 chip
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#ident "@(#)rtls.conf 1.1 04/07/26 SMI"
# ForceSpeedDuplex: set nic speed and duplex mode
# 5: auto-negotiate
# 4: 100 FDX
# 3: 100 HDX
# 2: 10 FDX
# 1: 10 HDX
ForceSpeedDuplex=5,5,5,5,5,5;
Here is the svcs -x output:
svc:/network/physical:default (physical network interfaces) State:
maintenance since Thu Mar 22 08:01:46 2007 Reason: Start method
exited with
$SMF_EXIT_ERR_CONFIG. See: http://sun.com/msg/SMF-8000-KS
See: ifconfig(1M) See: /etc/svc/volatile/network-
physical:default.log Impact: 7
dependent services are not running. (Use -v for list.) svc:/
application/print/server:default (LP print server) State: disabled
since Thu Mar 22 08:01:41 2007 Reason:
Disabled by an administrator. See: http://sun.com/msg/SMF-8000-05
See: lpsched(1M) Impact: 2 dependent services are not running.
(Use -v for list.)
svc:/milestone/multi-user:default (multi-user milestone) State:
offline since Thu Mar 22 08:02:06 2007 Reason: Start method is
running. See:
http://sun.com/msg/SMF-8000-C4 See: init(1M) See: /var/svc/
log/milestone-multi-user:default.log Impact: 2 dependent services
are not running. (Use -v for list.)
/etc/svc/volatile/network-physical:default.log ouput:
[ Mar 22 08:01:37 Enabled. ] [ Mar 22 08:01:41 Executing start
method ("/lib/svc/method/net-physical") ] [ Mar 22 08:01:42 Timeout
override by svc.startd. Using
infinite timeout ] configuring IPv4 interfaces: rtls0. [ Mar 22
08:01:46 Method "start" exited with status 96 ]
dmesg output:
Mar 22 08:01:43 ugrankar gld: [ID 944156 kern.info] rtls0: RealTek
8139 driver v2.1.1: type "ether" mac address 00:19:5b:7d:7b:82 Mar
22 08:01:43 ugrankar pci_pci: [ID
370704 kern.info] PCI-device: pci1186,1405@1, rtls0 Mar 22 08:01:43
ugrankar genunix: [ID 936769 kern.info] rtls0 is /pci@0,0/
pci8086,244e@1e/pci1186,1405@1
Is this happening because there is no driver for D-link DFE 520 TX on
Solaris 10?
Googled once again and found out the following link:
http://opensolaris.org/os/community/device_drivers/files/vfe.iso.tgz
Followed the instructions, but even that does not work.
Please let me know.
Sorry for such a long post.
Regards,
PriteshSee: http://www.opensolaris.org/jive/thread.jspa?threadID=29381&tstart=150
Best Regards -
ASA 5505 Speed Issue - Help Requested if possible
Hi All,
I am wondering if anybody here can shed some light on any potential configuration issues with the configuration below (Sanitized). Current State:
1. SIte to Site VPN is up and running perfectly.
2. Client to Site VPNs work through L2PT/IPSEC and through mobile devices such as IPhone.
3. The outside interface is at line speed - approximately 5-6MBits per second.
4. When performing a download of a service pack from microsoft - Bit rate on the inside interface is approximately 1/3rd of the outside interface (A lot of loss). Interface shows no CRC errors and no input errors.
5. The outside interface shows CRC errors and INPUT errors but due to the line speed being optimal (as the client experienced via their WAN router direct (with the ASA out of the mix), have not looked in to this further. I suspect the device it is directly attached to does not auto negotiate correctly even though the interface is set to 100Mb Full Duplex.
6. Outside interface MTU is set to 1492, purposely set this way due to PPPOE over head (Please correct me if I am wrong). (Approx 8 bytes)
7. Inside Interface MTU is set to 1500, no drops or loss detected on that interface so have left it as is.
8. All inspection has been disabled on the ASA as I thought that scans on the traffic could have impaired performance.
Current Environment Traffic Flow:
1. All hosts on the network have there DNS pointed to external IP addresses currently as the DNS server is out of the mix. This usually points to DNS servers in the US. If the hosts use this, the DNS queries are performed over the site-to-site VPN but the internet traffic is routed around the VPN as the traffic is a seperate established session. Split tunneling is enabled on the ASA to only trust the internal hosts from accessing the US hosts. Everything else uses the default route.
2. The version of software on this ASA is 8.2(1). I have checked and there does not seem to be any underlying issues that would cause this type of behaviour.
3. Memory is stable at roughly 190Mb out of 512Mb
4. CPU is constant at approximately 12%.
5. WAN and INSIDE switch are Fast Ethernet and the ASA interfaces are all Ethernet - Potential compatibility issue between standards? I'm aware they should be compatible - any body that has experienced any issues regarding this would be greatly apprecaited.
Current Issues:
1. Speed on the inside interface is approximately 1/3rd of the WAN/Outside interface - download speeds are sitting at approximately 250 - 300kb (should be sitting at approximately 700-800kb).
2. Noticed that when the DC is pointed to the USA Root Domain Controller (Across the tunnel) latency is approximately 400ms average. (Performed using host name).
3. I ping the IP address of the exact same server and the latency is still 400ms.
4. Changing the DCs DNS address to 8.8.8.8, I perform the same ping to the same servers. Still 400ms.
5. I ping google.co.nz and I still get 400ms (You would expect it to route out the default gateway but session is still active for that IP on the ASA).
6. I ping 74.x.x.x (The IP from the resolution from step 5) and I get the same result.
7. I flush dns, same issue for 5/6.
8. I clear xlate on the ASA and the same issue persists.
9. I close command line, repen it, and perform the test again - latency is now back to 40 - 50ms as we would expect for non-vpn traffic.
I am currently out of ideas and would like some advice on what I have actually missed.
Things I suspect that I may need to do:
1. Upgrade IOS to latest version (Other than that - I'm out of ideas).
ASA Version 8.2(1)
hostname BLAH
enable password x.x.x.x encrypted
passwd x.x.x.x encrypted
names
name x.x.x.x BLAHPC
name 8.8.8.8 Google-DNS description Google-DNS
name 202.27.184.3 Telecom-Alien-Pri description Telecom-Alien-Pri
name 202.27.184.5 Telecom-Terminator-Sec description Telecom-Terminator-Sec
name 203.96.152.4 TelstraClearPri description TCL-PRI
name 203.96.152.12 TelstraClearSec description TCL-Sec
name x.x.x.x BLAH_Network description BLAH-Internal
name x.x.x.x DC description DC VPN Access
name x.x.x.x Management-Home description Allow RDP Access from home
name x.x.x.x SentDC description BLAHDC
name x.x.x.x Outside-Intf
dns-guard
interface Vlan1
nameif inside
security-level 100
ip address x.x.x.x 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group pppoex
ip address pppoe setroute
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
banner exec [BLAH MANAGED DEVICE] - IF YOU ARE UNAUTHORIZED TO USE THIS DEVICE, LEAVE NOW!!!
banner login If you are Unauthorized to use this device, leave now. Prosecution will follow if you are found to access this device without being Authorized.
banner asdm [BLAH MANAGED DEVICE] - IF YOU ARE UNAUTHORIZED TO USE THIS DEVICE, LEAVE NOW!!!
ftp mode passive
clock timezone WFT 12
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server Google-DNS
name-server Telecom-Alien-Pri
name-server Telecom-Terminator-Sec
name-server TelstraClearPri
name-server TelstraClearSec
object-group service RDP tcp
description RDP
port-object eq 3389
object-group network BLAH-US
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
object-group network x.x.x.x
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
object-group service Management_Access_Secure
description Management Access - SECURE
service-object tcp eq https
service-object tcp eq ssh
service-object tcp eq 4434
object-group service FileTransfer tcp
description Allow File Transfer
port-object eq ftp
port-object eq ssh
object-group service WebAccess tcp
description Allow Web Access
port-object eq www
port-object eq https
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service AD_Access udp
description Allow Active Directory AD ports - UDP Only
port-object eq 389
port-object eq 445
port-object eq netbios-ns
port-object eq 636
port-object eq netbios-dgm
port-object eq domain
port-object eq kerberos
object-group network DM_INLINE_NETWORK_2
group-object x.x.x.x
group-object x.x.x.x
object-group network DM_INLINE_NETWORK_3
group-object x.x.x.x
group-object x.x.x.x
object-group network BLAH_DNS
description External DNS Servers
network-object host Telecom-Alien-Pri
network-object host Telecom-Terminator-Sec
network-object host TelstraClearSec
network-object host TelstraClearPri
network-object host Google-DNS
object-group service AD_Access_TCP tcp
description Active Directory TCP protocols
port-object eq 445
port-object eq ldap
port-object eq ldaps
port-object eq netbios-ssn
port-object eq domain
port-object eq kerberos
port-object eq 88
object-group network DM_INLINE_NETWORK_4
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
object-group network DM_INLINE_NETWORK_5
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
object-group network DM_INLINE_NETWORK_6
group-object x.x.x.x
group-object x.x.x.x
object-group network DM_INLINE_NETWORK_1
group-object x.x.x.x
group-object x.x.x.x
access-list inside_access_in remark Allow Internal ICMP from BLAH
access-list inside_access_in extended permit icmp Sentinel_Network 255.255.255.0 object-group DM_INLINE_NETWORK_2
access-list inside_access_in remark Allow Internal ICMP to BLAH
access-list inside_access_in extended permit icmp object-group DM_INLINE_NETWORK_3 BLAH 255.255.255.0
access-list inside_access_in remark External DNS
access-list inside_access_in extended permit object-group TCPUDP BLAH 255.255.255.0 object-group BLAH_DNS eq domain
access-list inside_access_in remark Allows Web Access
access-list inside_access_in extended permit tcp BLAH 255.255.255.0 any object-group WebAccess
access-list inside_access_in remark Allow Remote Desktop Connections to the Internet
access-list inside_access_in extended permit tcp BLAH 255.255.255.0 any object-group RDP
access-list inside_access_in remark Allow File Transfer Internet
access-list inside_access_in extended permit tcp BLAH 255.255.255.0 any object-group FileTransfer
access-list inside_access_in remark ldap, 445, 137, 636, dns, kerberos
access-list inside_access_in extended permit udp BLAH 255.255.255.0 object-group DM_INLINE_NETWORK_4 object-group AD_Access
access-list inside_access_in remark ldap, 445, 137, 636, dns, kerberos
access-list inside_access_in extended permit tcp BLAH 255.255.255.0 object-group DM_INLINE_NETWORK_5 object-group AD_Access_TCP
access-list inside_access_in extended permit ip any any
access-list outside_cryptomap_65535.1 extended permit ip BLAH 255.255.255.0 object-group DM_INLINE_NETWORK_6
access-list nonat extended permit ip BLAH 255.255.255.0 object-group BLAH-US
access-list nonat extended permit ip BLAH 255.255.255.0 object-group BLAH-USA
access-list nonat extended permit ip BLAH 255.255.255.0 x.x.x.x 255.255.255.0
access-list tekvpn extended permit ip BLAH 255.255.255.0 object-group BLAH-US
access-list tekvpn extended permit ip BLAH 255.255.255.0 object-group BLAH-USA
access-list tekvpn extended permit ip BLAH 255.255.255.0 x.x.x.x 255.255.255.0
access-list inbound extended permit icmp any any
access-list inside_nat0_outbound extended permit ip BLAH 255.255.255.0 10.1.118.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip BLAH 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list outside_1_cryptomap extended permit ip BLAH 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list outside_access_in extended permit icmp any any
pager lines 24
logging enable
logging monitor informational
logging buffered notifications
logging trap informational
logging asdm informational
logging class auth monitor informational trap informational asdm informational
mtu inside 1500
mtu outside 1492
ip local pool ipsec_pool x.x.x.x-x.x.x.x mask 255.255.255.0
ip local pool Remote-Access-DHCP x.x.x.x-x.x.x.x mask 255.255.255.0
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 BLAH 255.255.255.0
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
reval-period 36000
sq-period 300
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authorization command LOCAL
aaa authorization exec authentication-server
http server enable RANDOM PORT
http 0.0.0.0 0.0.0.0 outside
http x.x.x.x x.x.x.x inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection tcpmss 1428
sysopt connection tcpmss minimum 48
auth-prompt prompt You are now authenticated. All actions are monitored! if you are Unauthorized, Leave now!!!
auth-prompt accept Accepted
auth-prompt reject Denied
service resetoutside
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 1 set transform-set TRANS_ESP_3DES_SHA TRANS_ESP_3DES_MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer x.x.x.x
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 2
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
client-update enable
telnet timeout 5
ssh x.x.x.x 255.255.255.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
ssh version 2
console timeout 0
management-access inside
vpdn group pppoex request dialout pppoe
vpdn group pppoex localname **************
vpdn group pppoex ppp authentication pap
vpdn username ************** password PPPOE PASSPHRASE HERE
dhcpd auto_config outside
dhcpd address x.x.x.x/x inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server x.x.x.x source outside prefer
tftp-server outside x.x.x.x /HOSTNAME
webvpn
group-policy DfltGrpPolicy attributes
banner value Testing ONE TWO THREE
vpn-idle-timeout 300
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value outside_cryptomap_65535.1
user-authentication enable
nem enable
address-pools value Remote-Access-DHCP
webvpn
svc keepalive none
svc dpd-interval client none
USER CREDENTIALS HERE
vpn-tunnel-protocol l2tp-ipsec
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key SITETOSITE PSK
peer-id-validate nocheck
tunnel-group DefaultRAGroup general-attributes
authorization-server-group LOCAL
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key CLIENTTOSITE PSK
peer-id-validate nocheck
isakmp keepalive disable
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
no authentication chap
no authentication ms-chap-v1
authentication ms-chap-v2
authentication eap-proxy
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
pre-shared-key *
tunnel-group-map default-group DefaultL2LGroup
class-map inspect_default
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
Cryptochecksum:894474af5fe446eeff5bd9e7f629fc4f
: endHi all, this post can be officially closed. The issue had nothing to do with the ASA but required a firmware upgrade on the WAN router which boosted the throughput on the external interface on the ASA to 10Mbps and the inside throughput naturally corrected itself to what was expected.
Thanks to everybody who looked at this issue.
Andrew -
DPC latency + audio/mouse skip and stutter on t420s
Hello fellow thinkpad owners,
I have a new t420s (41717FU) core i7, 8GB RAM, and NVS 4200M discrete, win 7 64-bit pro. I use the minidock with 2 external 28" displays on DVI out.
I discovered major issues with latency with this machine; very noticeable loss of control for about half a second, plus annoying audio stutter, especially concurrent with network activity. This is quite frustrating, especially for a machine that is supposed to be high end core i7 with discrete graphics. I had a t410s previously and also had latency problems, and I know this is a real problem with several different models (just search 'annoying audio') on the forums.
I have used dpc latency checker as well as latency mon and narrowed the probable culprit to the network drivers associated with the gigabit ethernet. It took me a while to discover the relationship to the Intel 82579LM, since LatencyMon will identify the problem with NDIS.sys or NETIO.sys, giving sporadic latencies over 20000 microsecs, which made me think it was a Win 7 tcp stack issue or maybe some internal windows firewall blocking. During these spikes, the audio stutters, the mouse won't move, everything on the system just stalls for a split second. Temps on CPU seem within normal limits at about 70-80C. I've read everything I could find about this issue, including problems with NVIDIA drivers, ACPI, firewall/antivirus, etc etc, and tried most of those suggestions.
I spent a long time doing all kinds of testing, putting the machine on AC power and max performance, shut down various devices, disabled any component power-off states, disabled NVIDIA and displays, changed bios settings etc.
After all of this, I *know* my issue is related to the Intel Ethernet component, because if I disable it and use wireless connectivity (or no network at all) the problem simply goes away. Surprisingly, the wireless Centrino adapter, though slower, functions without any problem affecting DPC latency and I have no stutter with that (many have previously identified the wireless adapter being a problem especially related to power mgt).
Unfortunately, I require an ethernet connection. So just disabling that adapter is not an option. Here is what I've done to workaround the issue, though I wish it would be fixed for good with some kind of update from Lenovo, though I've called and emailed them and they seem to be ignoring this issue.
**** UPDATE 3/1/2012 ****
SOLUTION RIGHT HERE: INSTALL AN OLDER NETWORK DRIVER FROM HP (sounds crazy, but it works). See below link to driver download.
I (and many other owners of T420, 520, etc - see other posts if you doubt it) have *no* latency after installing this older driver from HP. But as soon as I install the Lenovo-provided driver 11.12.38.* or any later one from Microsoft or the Intel generic driver (intel no longer publishes the old driver), I see *immediate* problems with latency, mouse and audio stutter. But use the driver published by HP (specifically version 11.12.36.0, published 5/4/2011) -- Problem solved! I tested with streaming and browsing for several hours and no spiking or stutter.
Here's where to get the english language download from HP: >> DRIVER DOWNLOAD PAGE HERE <<
Lenovo, PLEASE: this is strong evidence of a faulty driver for those of us with a t420s (and other thinkpad users out there using the intel 82579LM chip under x64). I encourage you to review this solution and engineer an update for the Intel gigabit adapter, or at minimum, roll back to the older driver or some Lenovo approved derivative so it doesn't cause all of us notebook users such a major headache. It's very bizarre that we would need to go to another manufacturer to get a working driver...I was ready to return the machine over this issue!
Aside from that adapter problem, I've been pleased with the t420s performance and features. Thanks again lopiuh for this workaround.
Mojojojo in Austin TX
ADMIN EDIT - Lenovo is testing a beta ethernet driver. If you are willing to try it, please see the link below, and my post on page 6 of this thread. - mark
https://www.dropbox.com/s/llcgjaf45xpuoam/83rw20w1.zip
***** END UPDATE *****
**** OLDER STUFF I TRIED, which somewhat helped, but the real solution is to use the old HP DRIVER above. ******
Basically, my approach was to reduce the 'auto' parameters for the adapter, to reduce the amount of logic running on the adapter itself.
1. Install the PRO set extension tools on this adapter, so you can more easily manage advanced settings. I think Lenovo offers a version in the driver downloads area which adds this management extension, but it is not the standard one offered by the system update utility, and the intel site has a later driver, so I gambled and downloaded the latest version from Intel for this adapter. It installed without issue, but I'm sure Lenovo would prefer you stick with their OEM packages. Anyway, here's the one I used: http://www.intel.com/support/ethernetcomponents/controllers/82579/sb/CS-032239.htm (link near the top for the download). You may want to make a system restore point before you install any drivers outside of OEM approved.
2. Change the default settings for the adapter in Device Manager. Right click properties for the Intel 82579LM in Network Adapters. Change the link speed (if the extension was installed properly, you'll see the intel logo on the tab for Link Speed, and a choice for Speed and Duplex. Change this from 'Auto Negotiate' to whatever speed your network is. I have gigabit full duplex, and that worked for me. This by itself was the biggest improvement with DPC latency.
3. Go to the Advanced tab. I took the approach that I wanted to disable as much 'auto' stuff as possible, and force the adapter to use a particular setting. Thus:
Interrupt Moderation: Disabled
Jumbo Packet: 9014 bytes (I have several devices that can use bigger packets on network, such as readynas)
Performance Options: click properties: Flow control - Disabled; Interrupt Moderation Rate - Off; and then double the receive and transmit buffer sizes (for me this was 512 and 1024 respectively).
I hope this may be helpful to some other owners, but I don't work for Lenovo or Intel so please don't blame me if something goes wrong during your tweaking. This worked (for me) to significantly reduce stuttering problems, though they are not completely gone; your mileage may vary. If you have this same problem, I'd appreciate if you would post about it so I can understand if it is a more widespread problem.
Good luck, mojojojo
Austin, TX
Solved!
Go to Solution.Hi mojojoj0
For my W520, up till now I do not have latency issues. My set of configuration for Intel NIC is slight different.
2. This may cause connection problems when you are connecting to different network. Different network (switches, routers) have different configuration. Previously I set it to Gigabit Full Duplex, I can't connect to any 10/100 network until I change it back to Auto negotiation.
I would suggest changing back to auto negotiation when you are connecting to outside network, not all places are using gigabit switches.
3. Interesting, I guess I would try it and feedback and see how much improvement for network performance.
From what I know, increasing receive and transmit buffer improve NIC and network card performance, but computer may slightly more memory.
Maybe you can try this, part of my settings:
Large Send Offload (IPv4) & (IPv6) Enabled
TCP & UDP Checksum Offload (IPv4) & (IPv6) Tx & Rx Enabled
IPv4 Checksum Offload Tx & Rx Enabled
Hope this helps!
Cheers
Peter
(Current: W520 4284-A99) (Refunded: W510 4876-A11)
=============================================
Does someone’s post help you? Give them kudos as a reward, as they will do better to improve
Mark it as solved if the solution works for you, so it could be reference for others in the future
Dolby Home Theater v4 (ThinkMix V2)!
http://forums.lenovo.com/t5/W-Series-ThinkPad-Laptops/W520-Sound-Enhancement-Thread/m-p/451401#M155...
Maybe you are looking for
-
Can I share apps with another user account on our mac even though its a different apple ID?
Husband and I have just bought a new Mac to share, but we've both got iphones and itunes of our own. I thought the best way to deal with this would be to have a user account each on the new Mac with our own iTunes, but this obviously means that each
-
Ipod nano and new laptop now cant see library
Good evening all, Purchased Ipod nano in march worked ok and could se all my songs on the itunes library got a new laptop downloaded the stuff. Now can't see any of my previous tunes paid for a tune this evening but not on my nano nor in my library n
-
Image capture from avi vfw device can't find video modes
Hello Here my issu, i have implemented image capture from a video device using jmf 2.1.1e performancepack, using a webcam everything is fine but when i use the video capture source i want to use i can only work with format 720x480 pal and i require 7
-
hi, is there a way to find the levels of hierarchy in a generic XML, i mean a way to find root, its children, their children ..... thx in advance
-
I have 2 i phone 5 i want to separte the id infor how do i do this they have the same od now
i have 2 apple i phone 5's i want to separte the icloud accout they are they same now how d i do this?