Bridge GUI Guide: Monitoring
182
5.6.3
VLAN Statistics
The Bridge tracks VLAN traffic and displays the information, by
VLAN ID, for each configured VLAN ID, in
Monitoring
->
Statistics
->
VLAN Statistics
.
Figure 5.17.
Statistics
screen,
VLAN Statistics
frame, all platforms
For each of packets received (
RX
) and packets sent (
TX
) on
each VLAN configured on the Bridge, the screen displays:
Clear -
unencrypted packets received/sent
Encrypted
- encrypted packets received/sent
Config. -
configuration packets received/sent
Key Exch. -
key exchange packets received/sent
In addition, for packets received (
RX
),
under VLAN Mgmt.
, the
number of VLAN management packets received on the VLAN
are shown.
5.7 IPsec SAs Monitoring
The Security Associations established between the Bridge and
its IPsec peers are displayed on
Monitor
->
IPsec Status
.
Except for the
Remaining Time
countdown,
Inbound SPI
and
Outbound SPI
(Security Parameter Index), the parameters
shown here are configured, globally or per SPD (Security
Policy Database) entry, with the settings accessed through
Configure
->
IPsec
(refer to Section 4.2).
NOTE:
If both data
and time limits are
configured, an SA will
expire at whichever
comes first, potentially
when
Remaining Time
still shows a positive
value.
Lifetime KB
- optionally, a limit on the amount of data an
SA can pass before being deleted can be globally set, in
kilobytes, and the value displayed on
IPsec Status
. The
default global setting configures no data limit for SAs, as
indicated by the displayed value:
unlimited
.
Remaining Time
and
Lifetime Seconds
- a global SA time
limit can also be specified and the value displayed on
IPsec
Status
, in seconds, for all SAs present. The
Remaining Time
displayed is a countdown from this value, also in seconds.
Local Address
and
Local Mask
- identify the subnet of local
IP addresses defined in the SPD entry used by the SA (the
outbound source subnet or inbound destination subnet).
Inbound SPI
and
Outbound SPI
- the 32-bit Security
Parameter Index included in an IPsec packet, together with
the destination IP address and IPsec protocol, uniquely
identifies the SA. SPIs are pseudorandomly derived during
IKE transactions.