need go between switch to connect between gigabit and ethernet interface

Hello everyone,

I have new T1 10.5 mbps (7 T1 line)circuit is made live yesterday.The circuit is looks like

Local network-------switch(DELL 2724)-----Cisco router(1600 series0-----cisco PIX 506E firewall---Cisco 3800 series broadband router----ISP provider--

Even though it is 10.5 mbps circuit i am getting only 5 mbps download and 2.9 mbps upload speed.After working with ATT technical person i found out that the cisco 3800 series router has all gigabit ethernet switch which is set to 10mbps half duplex mode.
while on cisco firewall it is ethernet switch which also set in 10 mbps half duplex mode.and he suggested me to upgrade firewall ethernet swith to fast ethernet switch or buy go-between switch and connect between broadband router and firewall.

i would like to go and buy go-between switch but how to find out correct switch for this is confusing me.I am not sure if this kind switch available in market.

if you know about this kind of switch please let me know.

also i am attaching firewall ethernet interface output.....

cmretail(config)# show interface
interface ethernet0 "outside" is up, line protocol is up
Hardware is i82559 ethernet, address is 0016.46e8.c337
IP address x.x.x.x, subnet mask 255.255.255.128
MTU 1500 bytes, BW 10000 Kbit half duplex
4943192 packets input, 1078710978 bytes, 0 no buffer
Received 65342 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
5459964 packets output, 3816886272 bytes, 0 underruns
0 output errors, 124540 collisions, 0 interface resets
0 babbles, 0 late collisions, 25508 deferred
505 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/3)
output queue (curr/max blocks): hardware (0/36) software (0/1)
interface ethernet1 "inside" is up, line protocol is up
Hardware is i82559 ethernet, address is 0016.46e8.c338
IP address x.x.x.x, subnet mask 255.255.255.0
MTU 1500 bytes, BW 10000 Kbit half duplex
5452014 packets input, 3809875762 bytes, 0 no buffer
Received 25343 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
4840754 packets output, 1065329481 bytes, 0 underruns
0 output errors, 88994 collisions, 0 interface resets
0 babbles, 0 late collisions, 65156 deferred
1 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/8)
output queue (curr/max blocks): hardware (0/12) software (0/1)
cmretail(config)#


From above output one can easily see there is collision and lost carrier kind of errors.


Thanks for all yr support in advance.

Thanks,
Bharat

IIRC the default speed for the interface on a PIX is going to be auto but you can force that to be whatever you want as long as the HW supports it and your PIX has 2 10/100 ethernet ports so something was not configured correctly.But to set the speed of interface manually use the following command
interface ethernet1 <speed>
substitute <speed> for the speed and if you do not know the options just use a ? in place of speed and it will list all possible options.
But if your ISP is the one who configured it I would leave it up to them to change unless you feel your up to doing it yourself.

Thanks EVIL for yr prompt reply.

But my question is i had earlier 6 mbps T1 connection with another ISP provider .with them there was no problem with the same setting.Now with ATT they are saying because of their router has gigabit ethernet card and on my side firewall has ethernet crd only.

does this create any issue if both side ethernet are set on 10 mbps half duplex mode?

Thanks for all yr efforts.

Thanks,
Bharat.

I would set both sides to the full they are able to do. The slowdown will happen in the router then. If the PIX can do 100Mb full, then set it to 100Mb full. Have AT&T set their end for either 100Mb full or Auto.

As an aside, AT&T told me that If I wanted 10MB I would have to go to a partial T3 since 6MB was the most they would want to do with T1s. At least in my area.

Thanks Ianshot for yr suggestion.

AT & T side is now set up with auto.only i have to change this on firewall.does my fireall support 100mbps full duplex.
do i need to restart the firewall after this settings or the changes will be updated without reboot of firewall.

please let me know yr suggestion on this query.

Thanks once again for yr valuable suggestion and time.


Thanks,
Bharat

once you change that setting theinterface will go down and then come back up and you should be in business but you will need to save the config but that command escapes me atm
EDIT: i think it is write memory but not sure

Dr.Evil said:

EDIT: i think it is write memory but not sure

Click to expand...

Yes, it's "write mem" or "write memory" to save the config on the Cisco router.

jpochedl said:

Yes, it's "write mem" or "write memory" to save the config on the Cisco router.

Click to expand...

unless they did something new with the routers I am sure that is for the pix only

Yeah Dr.Evil that's pix's command to save the config.
All you need to do is set both devices to 100mb Full and you should be fine. Is the cisco 3800 yours or the ISP's?
It's always a good idea to set your speed and duplexing manually, don't try to let the autoneg do it for it more often then not it won't do it right. If you need help with the commands let us know.

Hi Stinn,

Thanks for yr valuable suggestion.
The cisco router 3800 is ISP's router and managed by them only.so i have to take and look upto firewall.
This is my network digrams.

Local network-------switch(DELL 2724)-----Cisco router(1600 series0-----cisco PIX 506E firewall---Cisco 3800 series broadband router----ISP provider--

if you have seen my network architecture someone suggested me to remove cisco 1600 router.as this router does not support 100 mbps full duplex mode and if it is in network then also i am not able to achieve with 100 mbps full duplex.

but i am not sure if i remove that router and connect firewall directly to switch will that work?.Though router is just to forward loacal request ot firewall.

if i can remove that then please what changes i need on firewall can you make a list for me.

after setting firewall to 100 mbps full duplex and cisco 3800(ISP) router to auto mode will work or if i set them to the same as firewall and all collision error will be reduced?

please guide me i need yr help in this regard.

Thanks,
Bharat.

AT&T won't set their device to 100 full? I would put that request in. I"m not sure why but whenever i have autoneg problems it's cisco -> cisco, this is why i've gotten into the habit of setting all my speeds and duplexes.
If the 1600 series is only capable of 10 Full then set it to that and set your pix inside int to 10 full. I don't know all the details of your network so I can't say if you need the 1600 or not. What's the router do for you? Do you have more than 1 internal network?
Without knowing the different networks running around your environment i couldn't suggest the needed changes. Does it work something like this:

Local Net(10.10.10.0/24) -> 1600 -> Intermidate (172.16.0.0/24) -> Pix -> Public (1.1.1.0/27)
?

Or are there multiple local networks?

Hi Stinn,

once again i am thankful to you for your prompt and valuable reply.

We have only one network inside router 1600.that is our local network.Actuall we have kept databse server inside this local network.


and please if you know the firewall command for setting this 10 mb full duplex mode command just post it here.


Thanks,
Bharat.
I

The command was posted by Dr.Evil.
interface ethernet0 <speed>
I don't run pix software 6.3 so i can't remember exactly what the commands are.

You can probably get rid of the 1600 then, I can't think of any reason to keep it.

Do not set one side to AUTO and the other to full. Auto negotiation is a protocol (in the general sense). If you set one side to auto and the other to Full duplex it typically results in a duplex mismatch. Make both sides the same no matter what.


Also from the WIKI on AutoNEg

"Parallel detection is used when a device that is capable of autonegotiation is connected to one that is not. This happens if the other device does not support autonegotiation or autonegotiation is disabled via software. In this condition, the device that is capable of autonegotiation can determine the speed of the other device, and choose itself the same speed. This procedure cannot determine the presence of full duplex, so half duplex is always assumed. A duplex mismatch will result. if the other device is in full duplex mode, that is, one device is using full duplex while the other one is using half duplex. The typical effect of duplex mismatch is that the connection is working but at a very low speed."