Troubleshooting PIX Cabling
After you accept absolute that the PIX accouterments is functional, your abutting step
in troubleshooting should be to approve cabling. Unlike routers, which use a
wide array of cables, the PIX firewall has a almost bound cardinal of cable
types that we affliction about in the ambience of troubleshooting: Ethernet and failover
cables.
Certain models of the PIX firewall abutment Token Ring and FDDI networks
in earlier software versions (up to adaptation 5.3). Cisco has discontinued the auction of
Token Ring and FDDI for PIX firewalls starting August 2001 and June 2001,
respectively. Abutment is slated to cease in August 2006 and June 2006, respectively.
We do not altercate Token Ring or FDDI cables in this book.
Regardless of the cables you are troubleshooting, you should accept a structured
approach.Table 10.2 summarizes some accomplish you should aboriginal booty to check
your cabling. Ensure that you accomplish these accomplish to abstain missing a minor
cabling annihilate that could be causing a above problem.
www.syngress.com
568 Chapter 10 • Troubleshooting and Performance Monitoring
Table 10.2 Cable Troubleshooting Checklist
Problem Troubleshooting Step
Correct cable affiliated to the Analysis cable and verify aperture and port
correct interface? number.
Correct end of cable affiliated Failover cable only: Primary end to the
to actual interface? primary firewall and accessory end to the
secondary firewall.
Correct cable blazon affiliated Cross cables, rollover cables, and so on to
to equipment? the actual ports.
Cable pinouts correct? Visually audit and analysis with cable tester.
Cable absolute as good? Analysis with a cable tester or bandy with known
good accessories and test.
All PIX firewalls abutment 10Mbps or 100Mbps Ethernet, but alone the highend
models such as 525 and 535 abutment Gigabit Ethernet.This makes sense
when you accede the accommodation accessible on anniversary model:The lower-end models
would be afflicted by the accession of alike a distinct Gigabit Ethernet interface.
As of this writing, the PIX 535 provides 9Gbps of clear-text throughput, the
525 provides 360Mbps, the 515 provides 188Mbps, the 506 provides 20Mbps, and
the 501 provides 10Mbps. At the concrete layer, the primary affair you will face is
to ensure that the actual Ethernet cables are actuality acclimated and that they are wired
correctly. Figure 10.7 shows the pinouts that you should be application for Ethernet
and Fast Ethernet cables.
www.syngress.com
Figure 10.7 Ethernet Cable Pinouts
White-Green
Green
White-Orange
Blue
White-Blue
Orange
White-Brown
Brown
568A
Cable
White-Orange
Orange
White-Green
Blue
White-Blue
Green
White-Brown
Brown
568B
RJ45 10/100Base Ethernet
Pin 1
Cable
Pin 1
Troubleshooting and Performance Monitoring • Chapter 10 569
Two base schemes for the RJ45 accepted are acclimated for 10/100 Ethernet:
TA568A and TA568B credible in Figure 10.7. It is important that your cable
adhere to one of these standards to anticipate arrest (crosstalk). If you were to
dismantle a RJ45 cable, you would see that there are four pairs of wires. In each
pair, the two affairs are askance about anniversary added to abbreviate crosstalk. If you
were to aces affairs at accidental and coil them into the RJ45 adapter to make
an Ethernet cable, affairs are you would acquaintance problems with your cables.
The base arrangement of the TA568A/B accepted is optimized to anticipate such
interference.
The action of troubleshooting cabling is almost accessible because there are
numerous cable testers on the market, alignment from simple pin-checking devices
(like the ones you can acquisition at www.copperandfibertools.com/testers.asp) to
expensive, full-featured testers such as those offered by Accident (www.fluke.com).
The time that these accessories save able-bodied justifies their antecedent cost.
The aboriginal footfall in acceptance 10/100 Ethernet chestnut cables is to visually inspect
the cable for breaks. Analysis the base pinouts adjoin Figure 10.7. If they match
and arise to be in acceptable concrete shape, the abutting footfall is to analysis the cable application a
cable tester. Most cable testers will acquiesce you to map the wiring; pin mismatches
are a accepted problem. If you still accept problems with afterwards it passes the cable
tester, try application a altered cable. Affairs are, you accept a attenuate bad mix of plastic
and metal agreement that went into the authoritative of that cable and it is interfering
with the cable’s adeptness to carriage electrons. If you do not accept a cable
tester and are not abiding of the cable, alter it.
PIX firewall models 525 and 535 abutment full-duplex Gigabit Ethernet (GE).
The GE interfaces use SC multimode cilia optic cables: one cilia for receive
and the added for transmit, as credible in Figure 10.8. It is important that you cable
the wire with the actual cable to the actual connector.
www.syngress.com
Figure 10.8 Gigabit Ethernet SC Cilia Optic Connector
Multimode Cilia Optic Cable
Usually orange.
Marked with 62.5/125
TX
LINK
RX
Notched and slotted
connectors
570 Chapter 10 • Troubleshooting and Performance Monitoring
Fortunately, the SC adapter Cisco uses prevents us from inserting the cable
incorrectly.The adapter on the cable is alveolate to fit the slotted jack on the
interface card.You charge to accept a little about cilia optic cables to effectively
use them with your PIX firewall. Cilia optic is either distinct approach or
multimode.The PIX firewall GE interfaces use multimode fiber, which refracts
light, as credible in Figure 10.9.
The cilia optic industry adheres actual carefully to its standards. As a result, usually
you can visually actuate whether you accept a multimode or single-mode
fiber optic cable absorbed by its color. Single-mode cables are chicken and have
markings bottomward their abandon advertence their amplitude in microns. Multimode fiber
optic cable acclimated by PIX firewalls is orange and is numerated with either 50 or
62.5 microns, advertence the admeasurement of its bottle amount bottomward which ablaze is sent.The
cladding arranged in the bottle amount is the aforementioned admeasurement for both cables: 125 microns.
This is a accepted aphorism of deride only; some manufacturers action custom colors or
do not attach to the accepted blush scheme.
As with twisted-pair cable for Ethernet and Fast Ethernet, you can use a cable
tester to verify your cilia optic cable. Unlike chestnut cables, cilia optic cables are
very cruel of abortion to attach to bound specifications. If you fabricated the cable
that you are application and it is not working, allowance are actual acceptable that you fabricated an
error (poor crimping, bereft polishing, or the like). It is in such situations
that the amount of a acceptable cable tester becomes apparent. Unless you are a certified
fiber optic technician, it is a acceptable abstraction to leave the cilia optic cable authoritative to
the professionals who specialize in it.