Re: Auto-sensing for IPS devices

I disagree that it is *always* a good idea.  I think that it's 
*occasionally* a good idea.  Either the standard for auto-sensing works 
or it doesn't.  If you have defective hardware that doesn't work right, 
then it's better to know about it than to patch around the problem---are 
you going to set every single port on a flakey switch?  Or should you 
get rid of the switch?

However, if you decide that it *is* a good idea, just a reminder that 
you MUST set BOTH speed and duplex settings and you MUST set BOTH 
settings on BOTH sides.  There is no concept in 802.3 of having only one 
side autonegotiate and 'learn' what the other side wants.

If you take one side out of auto-negotiate mode and hard code a 
speed/duplex setting, the other side has no way of figuring out what you 
did.

I have seen people who think that they're making things more reliable 
actually break their networks by only setting one side of the connection 
and assuming that the other will follow along magically.

jms

--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
jms@Opus1.COM    http://www.opus1.com/jms    Opus One

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------