Auto-Negotiation is essential in larger networks. When you are talking about 1000's of switch ports and PC's connecting/disconnecting constantly (think public campus) how could you ever enforce a rule like "OK, Set your NIC to 100/Full before you connect".
However for servers I believe it is a best practice to manually set the ports at whatever they need to be. Sap On 9/15/05, McKinley, Jackson <[EMAIL PROTECTED]> wrote: > I agree with Lachlan. > Auto neg is the best bet in larger networks I find from personal > experience. I cant count the number of times ive seen Foundry and cisco > miss-match when attempting to auto neg. Working from past exp when a > customer plugs into your network with a "no brand" switch / device > (Think colo datacentre's) the first thing I always looked for was stupid > MTU settings and duplex miss-match. > > Altho in a nice all cisco or all foundry or all > whateverotherbrandyoulike enviroment im sure auto neg would work much > better. Ive just never had the pleasure of working in a centre like > that ;) hahaha > > Cheers, > > Jack. > > -----Original Message----- > From: Joel M Snyder [mailto:[EMAIL PROTECTED] > Sent: Thursday, 15 September 2005 4:36 PM > To: Lachlan Bowes > Cc: [email protected] > Subject: Re: Auto-sensing for IPS devices > > I disagree that it is *always* a good idea. I think that it's > *occasionally* a good idea. Either the standard for auto-sensing works > or it doesn't. If you have defective hardware that doesn't work right, > then it's better to know about it than to patch around the problem---are > you going to set every single port on a flakey switch? Or should you > get rid of the switch? > > However, if you decide that it *is* a good idea, just a reminder that > you MUST set BOTH speed and duplex settings and you MUST set BOTH > settings on BOTH sides. There is no concept in 802.3 of having only one > side autonegotiate and 'learn' what the other side wants. > > If you take one side out of auto-negotiate mode and hard code a > speed/duplex setting, the other side has no way of figuring out what you > did. > > I have seen people who think that they're making things more reliable > actually break their networks by only setting one side of the connection > and assuming that the other will follow along magically. > > jms > > -- > Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 > Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX) > [EMAIL PROTECTED] http://www.opus1.com/jms Opus One > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it with real-world attacks from > CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
