Viewing Statistics - Broadcom NetXtreme BCM57 Series User Manual

NetXtreme User Guide
Note: If an intermediate driver is managing the network adapter for VLAN tagging, the Priority &
VLAN Disabled and Priority Enabled settings should not be used. Use the Priority & VLAN
Enabled setting and change the VLAN ID to 0 (zero).
Enables VLAN tagging and configures the VLAN ID when Priority & VLAN Enabled is selected as the
VLAN ID.
Priority & VLAN setting. The range for the VLAN ID is 1 to 4094 and must match the VLAN tag value on the
connected switch. A value of 0 (default) in this field disables VLAN tagging.
Risk Assessment of VLAN Tagging through the NDIS Miniport Driver
Broadcom's NDIS 6.0 miniport driver provides the means to allow a system containing a Broadcom adapter
to connect to a tagged VLAN. Unlike BASP, however, the NDIS 6 driver's support for VLAN participation is
only for a single VLAN ID.
Also unlike BASP, the NDIS 6.0 driver only provides VLAN tagging of the outbound packet, but does not
provide filtering of incoming packets based on VLAN ID membership. This is the default behavior of all
miniport drivers. While the lack of filtering packets based on VLAN membership may present a security
issue, the following provides a risk assessment based on this driver limitation for an IPv4 network:
A properly configured network that has multiple VLANs should maintain separate IP segments for each
VLAN. This is necessary since outbound traffic relies on the routing table to identify which adapter (virtual
or physical) to pass traffic through and does not determine which adapter based on VLAN membership.
Since support for VLAN tagging on Broadcom's NDIS 6.0 driver is limited to transmit (Tx) traffic only, there
is a risk of inbound traffic (Rx) from a different VLAN being passed up to the operating system. However,
based on the premise of a properly configured network above, the IP segmentation and/or the switch
VLAN configuration may provide additional filtration to limit the risk.
In a back-to-back connection scenario, two computers on the same IP segment may be able to
communicate regardless of their VLAN configuration since no filtration of VLAN membership is occurring.
However, this scenario assumes that the security may already be breached since this connection type is
not typical in a VLAN environment.
If the risk above is not desirable and filtering of VLAN ID membership is required, then support through an
intermediate driver would be necessary.

Viewing Statistics

The information provided on the Statistics tab allows you to view traffic statistics for both Broadcom network
adapters and network adapters made by others. Statistical information and coverage are more comprehensive
for Broadcom adapters.
To view Statistics information for any installed network adapter, click the name of the adapter listed in the
Explorer View pane, then click the Statistics tab.
Click Refresh to get the most recent values for each statistic. Click Reset to change all values to zero.
Notes:
• Team statistics are not compiled for a Broadcom network adapter if it is disabled.
• Some statistics may not be available for all Broadcom network adapters.
Broadcom ®
April 2017 • 2CS57XX-CDUM514-R
Using Broadcom Advanced Control Suite 4
Page 68