Question
Why is the interface at Half-Duplex even though both sides are set to Full-Duplex?
Symptoms
Both the switch and appliance are set to use Full-Duplex, but the appliance shows Half-Duplex when viewing etherconfig -> media.
For example:
1. Data 1 (100baseTX full-duplex: <100baseTX half-duplex>) 00:0f:1f:6a:ed:7a
Environment
Cisco Email Security Appliance (ESA), Web Security Appliance (WSA), Security Management Appliance (SMA), and all versions of AsyncOS.
This will happen if Full-Duplex cannot be negotiated in a timely manner and the network card on the appliance falls back to half-duplex. Even when you set your email/web security appliance to use Full-Duplex, it must still "confirm" that it can communicate in Full-Duplex mode with the Ethernet card it is connected to on the switch. Despite disabling Autonegotiate, if either side cannot confirm the setting, it will always fall back to the slower, though more universally acceptable "Half-Duplex" setting.
In most cases, a reboot of the appliance will bring it back to Full-Duplex. If the switch is a Cisco Catalyst, use Autoselect so that a longer negotiation can take place and successfully bring you to Full-Duplex every time the system comes up.
Refer to Troubleshooting Cisco Catalyst Switches to NIC Compatibility Issues for more information.
We have seen Autoselect work more reliably with some other network devices as well.
Feedback