Home » McAfee Manuals » Networking » McAfee M4050 » Manual Viewer

McAfee M4050 Troubleshooting Guide - Page 27

Gigabit auto-negotiation (no link to connected device)

UPC - 731944582832

Add to My Manuals
Save this manual to your list of manuals

Page 27 highlights

McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Network Security Platform Configuration 10/100/1000 port (Speed/Duplex) Configuration of Switch Resulting Resulting (Speed/Duplex) Sensor Catalyst (Speed/Duplex) (Speed/Duplex) Comments 100 Mbps Full-duplex 100 Mbps Full-duplex 100 Mbps Full-duplex 100 Mbps Half-duplex 10 Mbps Half-duplex 10 Mbps Half-duplex 1000 Mbps Full-duplex AUTO 1000 Mbps Full-duplex AUTO AUTO 1000 Mbps Half-duplex No Link 100 Mbps Full-duplex 100 Mbps Full-duplex 100 Mbps Half-duplex 100 Mbps Half-duplex No Link No Link 100 Mbps Full-duplex 100 Mbps Full-duplex 100 Mbps Half-duplex 100 Mbps Half-duplex No Link Neither side establishes link, due to speed mismatch Correct configuration Correct Manual Configuration Link is established, but switch does not see any autonegotiation information from McAfee Network Security Platform and defaults to halfduplex when operating at 10/100 Mbps. Link is established, but switch does not see Fast Link Pulse (FLP) and defaults to 10 Mbps half-duplex. Neither side establishes link, due to speed mismatch. Gigabit auto-negotiation (no link to connected device) Gigabit Ethernet has an auto-negotiation procedure that is more extensive than that which is used for 10/100 Mbps Ethernet (per Gigabit auto-negotiation specification IEEE 802.3z1998). The Gigabit auto-negotiation negotiates flow control, duplex mode, and remote fault information. You must either enable or disable link negotiation on both ends of the link. Both ends of the link must be set to the same value or the link will not connect. If either device does not support Gigabit auto-negotiation, disabling Gigabit autonegotiation forces the link up. Troubleshooting a Duplex Mismatch with Cisco Devices When troubleshooting connectivity issues with Cisco switches or routers, verify that the Sensor and the switch/routers are using a valid configuration. The show intfport command on the Sensor CLI will help reveal errors. 18

Section	Page
Preface	5
Introducing McAfee Network Security Platform	5
About this Guide	5
Audience	5
Conventions used in this book	6
Related Documentation	7
Contacting Technical Support	8
Information requested for Troubleshooting	8
General information	8
Manager-specific information	9
Sensor issues	9
Signature set issues	9
Before You Install	10
Pre-installation recommendations	10
Planning for installation	10
Functional requirements	11
Install a desktop firewall	11
Using anti-virus software with the Manager	13
McAfee VirusScan and SMTP notification	13
User interface responsiveness	14
Hardening the Manager Server for Windows 2003	15
Introduction	15
Install a desktop firewall	15
Harden the MySQL installation	15
Remove test database	16
Remove local anonymous users	16
Remove remote anonymous users	16
Secure MySQL remote access	17
Remove individual users’ remote access	17
Remove ALL remote access	17
Rolling back your changes	18
Remove debug shell at port 9001	18
Other best practices for securing Manager	18
Hardening the Manager Server for Windows 2008	19
Pre-installation	19
Installation	19
Post Installation	19
Disabling non-required Services	20
Setting System Policies	20
Setting User Policies	20
Setting a Desktop Firewall	20
Configuring Audit Events	21
Troubleshooting Network Security Platform	23
Facilitating troubleshooting	23
Starting your troubleshooting	24
Difficulties connecting Sensor and Manager	24
Network connectivity	24
Inconsistency in Sensor and Manager configuration	24
Software or signature set incompatibility	24
Firewall between the devices	25
Management port configuration	25
Setting the management port speed and duplex mode	26
Connectivity issues between the Sensor and other network devices	26
Duplex mismatches	26
Valid auto-negotiation and speed configurations	26
Gigabit auto-negotiation (no link to connected device)	27
Cisco PIX® Firewall	28
Cisco CSS 11000	28
Cisco Catalyst® 2900XL, 3500XL Series (Hybrid)	28
Cisco Catalyst 4000, 5000, 6000 Series (Native)	28
Connectivity issues with Cisco 3750-12S switch	28
Cisco IOS® for Catalyst 4000, 6000 Series	28
Explanation of CatOS show port Command Counters	29
Auto-negotiation	30
Situations that may lead to Auto-negotiation issues	31
Checking Sensor health	31
Pinging a Sensor	31
Ensuring that the Sensor is receiving traffic	31
Checking Sensor failover status	32
Cabling failover through a network device	32
Checking whether a signature or software update was successful	33
Checking status of a download or upload	33
Conditions requiring a Sensor reboot	33
Rebooting a Sensor via the Manager	34
Rebooting a Sensor using the reboot command	34
Sensor doesn’t boot	34
Debugging critical Sensor issues	34
Loss of connectivity between the Sensor and Manager	38
How Sensor handles new alerts during connectivity loss	39
Manager connectivity to the database	39
Manager database is full	40
Error on accessing the Configuration page	40
Sensor response if its throughput is exceeded	40
MySQL issues	41
How Sensors handle various types of traffic	41
Jumbo Ethernet frames	41
ISL frames	41
Sensor failover issues	42
External fail-open kit issues in connecting to the monitoring port	42
XC cable connection issues for M8000 Sensors	42
Determining False Positives	43
Reducing false positives	43
Tune your policies	43
About false positives and “noise”	44
Incorrect identification	44
Correct identification; significance subject to usage policy	44
Correct identification; significance subject to user sensitivity (also known as noise)	45
Determining a false positive versus noise	45
System Fault Messages	47
Critical faults	47
Error faults	64
Warning faults	70
Informational faults	74
Other faults	85
Error Messages	86
Error messages for RADIUS servers	86
Error messages for LDAP server	87
Using the InfoCollector tool	88
Introduction	88
Running the InfoCollector	89
Using InfoCollector	89
Automatically restarting a failed Manager with Manager Watchdog	90
Introduction	90
How the Manager Watchdog Works	90
Installing Manager Watchdog	91
Starting Manager Watchdog	91
Using Manager Watchdog with Manager in an MDR configuration	91
Tracking Manager Watchdog activities	91
Utilizing the McAfee Knowledge Base	93

Match case Limit results 1 per page

McAfee® Network Security Platform 6.0

Troubleshooting Network Security Platform

Network Security

Platform Configuration

10/100/1000 port

(Speed/Duplex)

Configuration of Switch

(Speed/Duplex)

Resulting

Sensor

(Speed/Duplex)

Resulting

Catalyst

(Speed/Duplex)

Comments

100 Mbps

Full-duplex

1000 Mbps

Full-duplex

No Link

Neither side

establishes link, due

to speed mismatch

100 Mbps

Full-duplex

AUTO

100 Mbps

Full-duplex

100 Mbps

Full-duplex

Correct configuration

100 Mbps

Full-duplex

1000 Mbps

Full-duplex

100 Mbps

Full-duplex

100 Mbps

Full-duplex

Correct Manual

Configuration

100 Mbps

Half-duplex

AUTO

100 Mbps

Half-duplex

100 Mbps

Half-duplex

Link is established,

but switch does not

see any auto-

negotiation

information from

McAfee Network

Security Platform and

defaults to half-

duplex when

operating at 10/100

Mbps.

10 Mbps

Half-duplex

AUTO

100 Mbps

Half-duplex

100 Mbps

Half-duplex

Link is established,

but switch does not

see Fast Link Pulse

(FLP) and defaults to

10 Mbps half-duplex.

10 Mbps

Half-duplex

1000 Mbps

Half-duplex

No Link

Neither side

establishes link, due

to speed mismatch.

Gigabit auto-negotiation (no link to connected device)

Gigabit Ethernet has an auto-negotiation procedure that is more extensive than that which

is used for 10/100 Mbps Ethernet (per Gigabit auto-negotiation specification IEEE 802.3z-

1998). The Gigabit auto-negotiation negotiates flow control, duplex mode, and remote fault

information. You must either enable or disable link negotiation on both ends of the link.

Both ends of the link must be set to the same value or the link will not connect.

If either device does not support Gigabit auto-negotiation, disabling Gigabit auto-

negotiation forces the link up.

Troubleshooting a Duplex Mismatch with Cisco Devices

When troubleshooting connectivity issues with Cisco switches or routers, verify that the

Sensor and the switch/routers are using a valid configuration. The show intfport <port>

command on the Sensor CLI will help reveal errors.