diagnosing/replacing dead PIX interface

[Dooling37]

I bought a used PIX 506E off ebay several months ago. Immediately after I received it, I powered it on, and checked the version by console connection. Everything seemed to be in order, so I put it aside until I could work on it. Now that I'm ready to install/configure it, unfortunately, it appears the ethernet1 interface is dead -- when I connect any system to it via Cat5 cable, there is no link or activity light on either end. I've tried connecting different systems, and different cables, but get nothing.

So my question is: is there a way to diagnose/confirm that this is the case? (likely using the CLI)
To complicate things, I currently only have user exec mode access to the PIX -- it came with an enable password set that I don't know. I may be able to reset the password following the directions located here for 'PIX without a Floppy drive', if I can communicate with the PIX via the external (eth0) interface.

If the interface is dead, is there any way to replace it? (I doubt it, having just opened up the box) If not, I assume this PIX is now worthless..?


thanks in advance for any help..


[edit: P.S. -- yes, I will be immediately checking interface connectivity on all future ebay purchases..}

 

[jlazzaro]

have you tried the common passwords? cisco/cisco, pix/cisco, blank, etc? get full access and confirm ethernet1 isn't shutdown with "show interface ethernet1".

if its a physical hardware problem, you're probably out of luck. check with Cisco, it might still be covered under SMARTNet...

 

[spidey07]

Those interfaces are meant to be attached to a switch, not an end station. If an end station you will need a crossover cable.

"Show controllers" could give you info on the physical interface.

 

[Dooling37]

Thanks for the responses.
I have tried a few basic username/password combinations, without luck.

I hadn't thought of the fact that the interface might be shutdown -- I'll try to check that if/when I get access.

I also hadn't thought of the fact that the interface might need to be connected to a switch -- but I have tried connecting it to a hub, without any link activity. Also, some documentation, such as the quick start guide, suggests that the interface should be able to connect directly to an end system:
"If you have not already done so, use an Ethernet cable to connect your PC to the inside port (Ethernet 1) on the rear panel of the PIX Firewall. "
.. or am I mis-understanding?

Thanks again for the responses. I'm going to give the password reset a try to gain full access now.

 

[Dooling37]

I was able to reset the password by accessing monitor mode, and configuring the external interface (eth0) to pull the reset file from a TFTP server on the same network segment. I've now reset the device to factory defaults, and the internal interface (eth1) appears to be working, from what I can tell from the command line. I haven't been able to test connectivity yet, but when I plugged the cable into a hub's regular (downlink) port, I did get a link light. My original plan was:

-> eth0-PIX-eth1 -> uplink port of hub -> multiple internal systems

However, I don't get a link light plugging into the uplink port of the hub. Would this connection require a cross-over cable also (as with directly connecting the PIX to an end system)? If so, is this a viable setup? Or, should I buy a cheap switch to connect eth1 to?


Thanks again...

 

[drebo]

Uplink on a hub is typically wired in a crossover fashion. The PIX should have an auto-MDIX port. Also, check your speed and duplex settings on the PIX.

Question, though...why are you using a hub?

 

[Dooling37]

Originally posted by: drebo
Uplink on a hub is typically wired in a crossover fashion. The PIX should have an auto-MDIX port. Also, check your speed and duplex settings on the PIX.

Question, though...why are you using a hub?

I would like to have easy sniffing/monitoring capability inside the firewall. This is only for a home network (consisting of 2-3 internal systems), so I'm not too worried about speed/performance. If the hub setup becomes problematic though, I would switch over to a cheap switch for this segment.

Thank you for the info re: crossover / auto-MDIX -- I hadn't heard of that before. I'll check the interface settings this evening.

 

[Dooling37]

Crossover cable to hub uplink port produces link & activity lights, and connectivity appears to be working well..

so, false alarm on the hardware failure speculation due to ebay purchase paranoia and lack of understanding of basic Pix networking.

thanks very much for the help, folks.
(more Pix questions sure to come in the future..)