Showing results for 
Search instead for 
Did you mean: 
Level 9
Report Inappropriate Content
Message 1 of 1

Communications disruption when switching in and out of bypass mode

When switching in and out of bypass mode on the IPS, there is a temporary disruption of communications through the IPS.

Under normal conditions, you will experience between 0 and 3 seconds of communications loss switching into bypass mode. You will experience about 18 seconds of communications loss switching back out of bypass mode.

If you attach the IPS to certain switches, you will experience a longer communications loss, about 33 seconds switching into or out of bypass mode. We have seen this in Cisco Catalyst switches. If this is the case, you can reduce the communications loss time back to normal. To do so, enable port fast on the switch port that the IPS is attached to and manually set the speed and duplex. You must set the speed and duplex on all four interfaces (switch interface, both IPS interfaces, interface on the second device) to matching settings or you may experience negotiation problems when switching into bypass mode.

Note: If you only enable port fast without manually setting the speed and duplex, the communications loss time going into bypass mode will go back to normal, but the communications loss time coming out of bypass mode will only reduce to 22 seconds instead of 18.

With the Silicom cards plugged into a cisco switch it may take 30 seconds for traffic to begin flowing after the IPS falls into bypass mode.

This is an issue with the Cisco Switch.

Enable 'PortFast' on the Cisco switch port the IPS will be plugged into to resolve the problem.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.