Using Broadcom Advanced Control Suite 2: Broadcom NetXtreme® 57XX User Guide

Broadcom Advanced Control Suite 2 (BACS2) is an integrated utility that provides useful information about each Broadcom NetXtreme Gigabit Ethernet adapter that is installed in your system. BACS2 also enables you to perform detailed tests, diagnostics, and analyses on each adapter, as well as to view and modify its property values and view traffic statistics. BACS2 contains three panes:

In the Information/Task pane, users can view available information and perform certain tests, diagnostics, and analyses on a selected adapter by clicking a specific tab.

A third pane contains the Menu bar.

Types of Information Provided by Broadcom Advanced Control Suite 2

Broadcom Advanced Control Suite 2 lists all of the network adapters in your system, and provides the following information (if available) about each adapter:

MAC Address IP Address Driver Status Network Status Bus Type Slot Number	Bus Speed Bus Width Bus Number Device Number Function Number Interrupt Request Memory Address	ASIC Version Firmware Version Vendor ID Device ID Subsystem Vendor ID Subsystem ID

Note: Some tabs, properties, or options are not available for all Broadcom adapters or operating systems.

Advanced. Shows the available properties and their values for the selected adapter.

Testing, Diagnostics, Analyses

Cable Analysis. Determines if your network cable is too long for optimum network performance.

Installing the Broadcom Advanced Control Suite 2 Software

The Broadcom Advanced Control Suite 2 (BACS2) software and related management applications can be installed from the . Both a graphical interactive installation mode (see Using the InstallShield Installer) and a command-line silent mode for unattended installation (see Using Silent Installation) are available.

Before you begin the installation, close all applications, windows, or dialog boxes.

Using the InstallShield Installer

Insert the into the CD-ROM drive.

Open the folder on the that contains the BACS Setup.exe file.

Double-click Setup.exe.

Click Next in Broadcom Management Programs - InstallShield Wizard.

After you read the license agreement, click I accept the terms in the license agreement, and then click Next to continue.

Click Install.

At the end of the installation process, click OK, and then click Finish to close the wizard.

Using Silent Installation

Updating Broadcom Advanced Control Suite 2

Note: Before you begin the update, close all applications, windows, or dialog boxes.

Removing Broadcom Advanced Control Suite 2

In Control Panel, click Add or Remove Programs.

Click Broadcom Advanced Control Suite 2 and click Change/Remove.

In InstallShield Wizard, click Remove, and then click Next.

Click OK to remove the application and all of its features.

Click OK.

Restart your computer.

Starting Broadcom Advanced Control Suite 2

Using Broadcom Advanced Control Suite 2

Start BACS2. Click the tab that provides the information of interest or from which you can perform a desired test, diagnostic, analysis, or set adapter properties.

Vital Sign

The Vital Sign tab shows useful information about the Broadcom NetXtreme Gigabit Ethernet adapter and other network adapters that are installed in your system. Such information includes the link status of the adapter and network connectivity. To view this information for any installed network adapter, click the name of the adapter listed in the Name pane.

Note: Information about network adapters made by others is less comprehensive than the information provided for Broadcom network adapters.

MAC Address. This is a physical MAC (media access control) address that is assigned to the adapter by the manufacturer. The physical address is never all 0s.

Permanent MAC Address. The unique hardware address assigned to the network adapter.

IP Address. The network address that is associated with the adapter. If the IP address is all 0s, this means that the associated driver has not been bound with Internet Protocol (IP).

IPv6 Address. The network address that is associated with the adapter in the IPv6 protocol.

Driver Status. The status of the driver that is associated with the selected adapter.

Loaded. Normal operating mode. The driver that is associated with the adapter has been loaded by Windows and is functioning.

Not Loaded. The driver that is associated with the adapter has not been loaded by Windows.

Information Not Available. The value is not obtainable from the driver that is associated with the adapter.

Driver Name/Version/Date. The file name, version, and creation date of the software driver that is associated with the adapter.

LSO. Large Send Offload prevents an upper level protocol such as TCP from breaking a large data packet into a series of smaller packets with headers appended to them.

CO. Checksum Offload allows the TCP/IP/UDP checksums for send and receive traffic to be calculated by the adapter hardware rather than by the host CPU.

Link Status. The indicator is green if a link is established. A red indicator means that a link is not established.

Resources

Slot No. The PCI slot number on the system board occupied by the adapter. This item is not available for PCI Express™ type adapters.

Bus Speed (MHz). The bus clock signal frequency used by the adapter. This item is not available for PCI Express type adapters.

Bus Width (bit). The number of bits that the bus can transfer at a single time to and from the adapter. This item is not available for PCI Express type adapters.

Function No. The port number of the adapter. For a single-port adapter, the function number is 0. For a two-port adapter, the function number for the first port is 0, and the function number for the second port is 1.

Interrupt Request. The interrupt line number that is associated with the adapter. Valid numbers range from 2 to 25.

Memory Address. The memory mapped address that is assigned to the adapter. This value can never be 0.

Hardware

ASIC Version. The chip version of the Broadcom adapter (this information is not available for adapters made by others).

Firmware Version. The firmware version of the Broadcom adapter (this information is not available for adapters made by others).

Advanced

The Advanced tab allows you to view and change the values of the available properties of the selected adapter. The potentially available properties and their respective settings are described below. To view the value of a property, click the name of the property in the Property list. The property value is displayed in the Value box. To change the value, click an item in the Value list or type a new value, as appropriate (selection options are different for different properties).

You must have administrator privileges to change the values for a property.

The list of available properties for your particular adapter or operating system may be different.

Some properties may not be available for all Broadcom network adapters.

802.1p QOS

The 802.1p QOS property enables quality of service, which is an Institute of Electrical and Electronics Engineering (IEEE) specification that treats different types of network traffic differently to ensure required levels or reliability and latency according to the type of traffic. This property is disabled by default. Unless the network infrastructure supports QoS, do not enable QoS. Otherwise, problems may occur.

Flow Control

The Flow Control property enables or disables the receipt or transmission of PAUSE frames. PAUSE frames enable the network adapter and a switch to control the transmit rate. The side that is receiving the PAUSE frame momentarily stops transmitting.

Speed & Duplex

The Speed & Duplex property sets the connection speed and mode to that of the network. Note that Full-Duplex mode allows the adapter to transmit and receive network data simultaneously. This property is not available for fiber adapters.

Auto (default). Sets the speed and mode for optimum network connection (recommended).

Auto is the recommended setting. This setting allows the network adapter to dynamically detect the line speed of the network. Whenever the network capability changes, the network adapter automatically detects and adjusts to the new line speed and duplex mode. A speed of 1 Gbit/s is enabled by selecting Auto, when that speed is supported.

10 Mb Half and 100 Mb Half settings force the network adapter to connect to the network in Half-Duplex mode. Note that the network adapter may not function if the network is not configured to operate at the same mode.

10 Mb Full and 100 Mb Full settings force the network adapter to connect to the network in Full-Duplex mode. The network adapter may not function if the network is not configured to operate at the same mode.

Wake Up Capabilities

The Wake Up Capabilities property enables the network adapter to wake up from a low-power mode when it receives a network wake-up frame. Two types of wake-up frames are possible: Magic Packet™ and Wake Up Frame.

Wake Up Frame. Selects Wake Up Frame as the wake-up frame and allows the network adapter to wake the system when an event such as a ping or an Address Resolution Protocol (ARP) request is received.

Priority & VLAN

The Priority & VLAN property allows for enabling both the prioritization of network traffic and VLAN tagging. VLAN tagging only occurs when the VLAN ID setting is configured with a value other than 0 (zero).

Priority & VLAN Enabled (default). Allows for packet prioritization and VLAN tagging.

Priority & VLAN Disabled. Prevents from packet prioritization and VLAN tagging.

Note: If an intermediate driver is managing the network adapter for VLAN tagging, the Priority & VLAN Disabled and Priority Enabled settings should not be used. Use the Priority & VLAN Enabled setting and change the VLAN ID to 0 (zero).

VLAN ID

Enables VLAN tagging and configures the VLAN ID when Priority & VLAN Enabled are selected as the Priority & VLAN setting. The range for the VLAN ID is 1 to 4094 and must match the VLAN tag value on the connected switch. A value of 0 (default) in this field disables VLAN tagging.

Risk Assessment of VLAN Tagging through the NDIS Miniport Driver

Broadcom's NDIS 6.0 miniport driver provides the means to allow a system containing a Broadcom adapter to connect to a tagged VLAN. On Window XP systems, this support was only provided through the use of an intermediate driver (e.g., Broadcom Advanced Server Program - BASP). Unlike BASP, however, the NDIS 6 driver's support for VLAN participation is only for a single VLAN ID.

Also unlike BASP, the NDIS 6.0 driver only provides VLAN tagging of the outbound packet, but does not provide filtering of incoming packets based on VLAN ID membership. This is the default behavior of all miniport drivers. While the lack of filtering packets based on VLAN membership may present a security issue, the following provides a risk assessment based on this driver limitation for an IPv4 network:

A properly configured network that has multiple VLANs should maintain separate IP segments for each VLAN. This is necessary since outbound traffic relies on the routing table to identify which adapter (virtual or physical) to pass traffic through and does not determine which adapter based on VLAN membership.

Since support for VLAN tagging on Broadcom's NDIS 6.0 driver is limited to transmit (Tx) traffic only, there is a risk of inbound traffic (Rx) from a different VLAN being passed up to the operating system. However, based on the premise of a properly configured network above, the IP segmentation and/or the switch VLAN configuration may provide additional filtration to limit the risk.

In a back-to-back connection scenario, two computers on the same IP segment may be able to communicate regardless of their VLAN configuration since no filtration of VLAN membership is occurring. However, this scenario assumes that the security may already be breached since this connection type is not typical in a VLAN environment.

If the risk above is not desirable and filtering of VLAN ID membership is required, then support through an intermediate driver would be necessary.

Network Test

From the Network Test tab, you can verify IP network connectivity. This test verifies if the driver is installed correctly and tests connectivity to a gateway or other specified IP address on the same subnet. Network Test uses TCP/IP. The network test sends ICMP packets to remote systems and waits for a response. If a gateway is configured, the test automatically sends packets to that system. If a gateway is not configured or if the gateway is unreachable, the test prompts you for a destination IP address.

Diagnostics

From the Diagnostics tab you can perform diagnostic tests on the physical components of a Broadcom NetXtreme Gigabit Ethernet adapter. The tests are continuously performed. The number of passes and fails in the Pass/Fail column increments each time the tests are performed. For example, if a test is performed four times and there are no fails, the value in the Pass/Fail column is 4/0. If there were 3 passes and 1 fail, however, the value in the Pass/Fail column is 3/1.

You must have administrator privileges to perform diagnostics.

The network connection is temporarily lost when these tests are running

Control Registers. This test verifies the read and write capabilities of the network adapter registers by writing various values to the registers and verifying the results. The device driver uses these registers to perform network functions such as sending and receiving information. A test failure indicates that the adapter may not be working properly.

MII Registers. This test verifies the read and write capabilities of the registers of the physical layer (PHY). The physical layer is used to control the electrical signals on the wire and for configuring network speeds such as 1000 Mbit/s.

EEPROM. This test verifies the content of the electrically erasable programmable read-only memory (EEPROM) by reading a portion of the EEPROM and computing the checksum. The test fails if the computed checksum is different from the checksum stored in the EEPROM. An EEPROM image upgrade does not require a code change for this test.

Internal Memory. This test verifies that the internal memory of the adapter is functioning properly. The test writes patterned values to the memory and reads back the results. The test fails if an erroneous value is read back. The adapter cannot function if its internal memory is not functioning properly.

On-Chip CPU. This test verifies the operation of the internal CPUs in the adapter.

Interrupt. This test verifies that the Network Device Driver Interface Specification (NDIS) driver is able to receive interrupts from the adapter.

Loopback MAC and Loopback PHY. These tests verify that the NDIS driver is able to send packets to and receive packets from the adapter.

Test LED. This test causes all of the LEDs to blink 5 times for the purpose of identifying the adapter.

Cable Analysis

From the Cable Analysis tab, you can monitor the conditions of each wire pair in an Ethernet Category 5 cable connection within an Ethernet network. The analysis measures the cable quality and compares it against the IEEE 802.3ab specification for compliance.

You must have administrator privileges to run the cable analysis test.

The network connection is temporarily lost during an analysis.

This tab is not available for all Broadcom network adapters.

Connect the cable to a port on a switch where the port is set to "auto" and the Speed & Duplex driver settings are also set to "auto".

Click the Broadcom NetXtreme Gigabit Ethernet adapter listed in the Name pane.

Click Test. The Test Status reveals one of two options: Completed or Failed. See below for test result descriptions.

Link partner—Various switch and hub manufacturers implement different PHYs. Some PHYs are not IEEE compliant.

Cable quality—Category 3, 4, 5, and 6 may affect the test results.

Electrical interference—The testing environment may affect the test results.

Statistics

On the Statistics tab, you can view traffic statistics for both Broadcom network adapters and network adapters made by others. Statistical information and coverage are more comprehensive for Broadcom adapters.

General Statistics

Frames Tx OK. A count of the frames that are successfully transmitted. This counter is incremented when the transmit status is reported as Transmit OK.

Frames Rx OK. A count of the frames that are successfully received. This does not include frames received with frame-too-long, frame check sequence (FCS), length, or alignment errors, or frames lost due to internal MAC sublayer errors. This counter is incremented when the receive status is reported as Receive OK.

Directed Frames Tx. A count of directed data frames that are successfully transmitted.

Multicast Frames Tx. A count of frames that are successfully transmitted (as indicated by the status value Transmit OK) to a group destination address other than a broadcast address.

Broadcast Frames Tx. A count of frames that were successfully transmitted (as indicated by the transmit status Transmit OK) to the broadcast address. Frames transmitted to multicast addresses are not broadcast frames and therefore, are excluded.

Directed Frames Rx. A count of directed data frames that are successfully received.

Multicast Frames Rx. A count of frames that are successfully received and are directed to an active nonbroadcast group address. This does not include frames received with frame-too-long, FCS, length, or alignment errors, or frames lost due to internal MAC sublayer errors. This counter is incremented as indicated by the Receive OK status.

Broadcast Frames Rx. A count of frames that are successfully received and are directed to a broadcast group address. This count does not include frames received with frame-too-long, FCS, length, or alignment errors, or frames lost due to internal MAC sublayer errors. This counter is incremented as indicated by the Receive OK status.

ASF Configuration Utility

Overview

The Broadcom ASF Configuration utility can be used to configure the Alert Standard Format (ASF)-related operating parameters of Broadcom network adapters in workstations and servers running Microsoft Windows. A system with an ASF-enabled network adapter is called an ASF managed client. An ASF managed client can communicate with and be remotely controlled from an ASF management console.

The ASF Configuration utility is accessed from the OOB Mgmt tab on the BACS2 interface.

Starting the ASF Configuration Utility

Settings

To inspect or configure the basic ASF operating parameters for a network adapter, select the name of the ASF-capable network adapter you want to configure, and then click the Settings tab from the BACS2 OOB Mgmt tab.

To enable or disable the ASF functionality in the selected network adapter, select the ASF Enabled check box. If there is more than one network adapter in your computer, be sure that you enable ASF functionality in only one network adapter at a time.

Note: Enabling ASF functionality in more than one network adapter in a system results in unpredictable behavior.

To enable or disable the receipt and handling of Remote Management Control Protocol (RMCP) messages by the selected network adapter, select the Remote Management check box.

An ASF management console uses RMCP messages to communicate with an ASF managed client. When remote management is enabled, the network adapter acknowledges and responds to the following RMCP message types:

Presence Ping

Capabilities Request

System State Request

If secure management is also enabled, the network adapter acknowledges and responds to the following secure RMCP message types:

Open Session Request

RAKP Message 1

RAKP Message 3

Close Session Request

If allowed by the remote control capabilities and security profile for the network adapter, the following operations can be performed remotely:

Reset

Power-up

Power-down

Power-reset

When remote management is disabled, the network adapter does not acknowledge or respond to RMCP messages.

To configure the network adapter to wake the computer upon receiving ARP or RMCP traffic while the computer is in low-power mode, select the Wake on ARP or RMCP Traffic check box.

Most Windows PCs today have the capability to conserve power by entering a low-power mode (stand-by, hibernate, or sleep). These computers also have the capability to wake up when an external event occurs. One such external event is when a network adapter receives an interesting packet. Typically, the computer wakes up if a network adapter receives one of the following types of interesting packets:

Direct-IP

Unicast

NetBEUI name query

This Wake on LAN (WOL) behavior conflicts with the way an ASF-enabled network adapter operates. When the computer enters low-power mode, an ASF-enabled network adapter is still operational, sending PET messages and receiving and responding to RMCP messages and ARP requests. Received ARP and RMCP packets are direct-IP packets and would normally wake up the system, but this is not desirable behavior for most ASF managed clients. By enabling or disabling wake on ARP or RMCP traffic, you can choose whether or not to wake-up the system when the network adapter receives an ARP or RMCP packet. When wake on ARP or RMCP traffic is enabled, the ASF-enabled network adapter attempts to wake up the computer if the network adapter receives an ASF or RMCP packet.

The IP address, subnet mask, and default gateway of the network adapter are displayed in the Adapter IP Address box, Subnet Mask box, and Default Gateway box, respectively. The displayed values are automatically updated whenever the network adapter IP address, subnet mask, or default gateway is changed via DHCP or manual configuration. The Broadcom ASF IP Monitor, which is a process that runs in the background as a Windows NT service and has no user interface, automatically detects these changes and updates the properties in the ASF Configuration Table in the network adapter nonvolatile memory.

When the ASF management console is located on a different subnet and is connected via a gateway router, the network adapter uses the subnet mask and default gateway values in the ASF Configuration Table to communicate with the ASF management console.

The System ASF! Description Table defines the ASF-related capabilities and operating parameters of the computer, as defined by the computer manufacturer. This table is stored as an ACPI System Description Table in the computer firmware nonvolatile memory. The Broadcom ASF Configuration Utility automatically imports this table into the nonvolatile memory of each ASF-enabled network adapter.

To view the System ASF! Description Table, click View ASF! from the Settings tab.

Alerting

The controls on the Alerting tab are used to configure the settings related to SNMP platform event trap (PET) messages.

When the Transmit Platform Event Trap (PET) Messages check box is selected, the network adapter transmits PET messages.

To have the network adapter transmit periodic system heartbeat or entity presence messages to the ASF management console, select the Transmit System Heartbeat Messages check box. System heartbeat messages indicate to the ASF management console that the managed client is "alive."

To specify the IP address of the remote ASF management console, type the IP address of the remote ASF management console in the Management Console IP Address box. An ASF-enabled network adapter sends all PET messages to this IP address.

The management console IP address is usually statically assigned and is seldom changed. If the management console IP address is changed, type the new IP address in the Management Console IP Address box.

To specify the time interval (in seconds) at which system heartbeat messages are sent, type the desired time interval in the Heartbeat Transmit Interval box.

To specify the SNMP community name that is included in transmitted PET messages, type the desired community name in the SNMP Community Name box. The default SNMP community name is public.

To specify the time interval (in seconds) between retransmissions of a PET message, type the desired time interval in the PET Retransmission Interval box.

According to the ASF standard, each PET message (except the system heartbeat message) must be retransmitted three times to ensure successful delivery to the ASF management console. The default PET retransmission interval is 10 seconds.

System Management Bus (SMBus)

The controls on the SMBus tab are used to configure the settings related to the System Management Bus (SMBus).

To specify the interval (in seconds) at which the network adapter monitors legacy SMBus devices, such as the chassis intrusion sensor, type the desired time interval in the Legacy Sensor Poll Interval box. The default legacy poll interval is 4 seconds.

To specify the time delay (in seconds) before the first legacy SMBus device poll is made, type the desired time delay period in the Legacy Sensor Poll Delay box.

The SMBus address (in hexadecimal notation) used by the network adapter is displayed in the Adapter Address box. This address is set by the manufacturer.

Security

The properties on the Security tab are used to configure the settings related to secure remote management (introduced in ASF 2.0).

To configure the network adapter to receive and respond to secure RMCP (ASF 2.0) messages on UDP port 298h (664 decimal), select the Secure Management (ASF 2.0) check box.

To configure the network adapter to receive and respond to insecure RMCP (ASF 1.0) messages on UDP port 26Fh (623 decimal), select the ASF 1.0 Compatibility check box. If Secure Management (ASF 2.0) is disabled, the network adapter automatically operates in ASF 1.0 compatibility mode, regardless of this check box setting.

To specify the amount of a time (in seconds) that a secure session must be inactive before it times out, type the desired timeout period in the Session Timeout box. The network adapter supports a maximum of two simultaneous secure sessions, so it is important that inactive secure sessions time out after a reasonable period of time. The default secure session timeout period is 300 seconds (5 minutes).

The value in the Generation Key box is the shared secret key used for key generation operations (KG). Type the generation key in the Generation Key box. If the generation key is in hexadecimal notation, select the Hex check box.

There are two types of authenticated user roles: Operator and Administrator. Each role has an associated authentication key, KO and KA, respectively. Each role also has an associated set of rights that determines which RMCP Remote Control commands it has the right to execute on the managed client. These Remote Control commands include Reset, Power-Up, Power-Down, and Power-Reset. The set of configured operator and administrator rights determines the managed client security policy. To assign rights to an authenticated operator or administrator, select the appropriate check boxes on the Operator and Administrator tabs.

Type the authentication key in the Authentication Key box. If the authentication key is in hexadecimal notation, select the Hex check box.

Note: Each security key (generation key, authentication key) may be typed as a set of up to 20 ASCII characters or as a set of hexadecimal bytes with each byte represented by 2 hexadecimal digits (0–F), with a maximum total length of 40 hexadecimal digits (20 bytes).