beautypg.com

Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 875

background image

Brocade Mobility RFS Controller System Reference Guide

863

53-1003099-01

15

The DHCP Snooping screen displays the following:

VPN

Controller Statistics

IPSec VPN provides a secure tunnel between two networked peer controllers or service platforms.
Administrators can define which packets are sent within the tunnel, and how they are protected.
When a tunnelled peer sees a sensitive packet, it creates a secure tunnel and sends the packet
through the tunnel to its remote peer destination.

Tunnels are sets of security associations (SA) between two peers. SAs define the protocols and
algorithms applied to sensitive packets and specify the keying mechanisms used by tunnelled
peers. SAs are unidirectional and exist in both the inbound and outbound direction. SAs are
established per the rules and conditions of defined security protocols (AH or ESP).

Crypto maps combine the elements comprising IPSec SAs. Crypto maps also include transform
sets. A transform set is a combination of security protocols, algorithms and other settings applied
to IPSec protected traffic. One crypto map is utilized for each IPsec peer, however for remote VPN
deployments one crypto map is used for all the remote IPsec peers.

Internet Key Exchange (IKE) protocol is a key management protocol standard used in conjunction
with IPSec. IKE enhances IPSec by providing additional features, flexibility, and configuration
simplicity for the IPSec standard. IKE automatically negotiates IPSec SAs, and enables secure
communications without time consuming manual pre-configuration.

VPN statistics are partitioned into the following:

IKESA

IPSec

MAC Address

Displays the MAC address of the client.

Node Type

Displays the NetBios node with an IP pool from which IP addresses can be issued to client requests
on this interface.

IP Address

Displays the IP address used for DHCP discovery and requests between the DHCP server and DHCP
clients.

Netmask

Displays the subnet mask used for DHCP discovery and requests between the DHCP server and
DHCP clients.

VLAN

Displays the controller or service platform virtual interface ID used for a new DHCP configuration.

Lease Time

When a DHCP server allocates an address for a DHCP client, the client is assigned a lease (which
expires after a designated interval defined by the administrator). The lease is the time an IP
address is reserved for re-connection after its last use. Using short leases, DHCP can dynamically
reconfigure networks in which there are more computers than available IP addresses. This is
useful, for example, in education and customer environments where client users change frequently.
Use longer leases if there are fewer users.

Time Elapsed Since
Last Updated

Displays the amount of time elapsed since the DHCP server was last updated.

Clear All

Select Clear All to revert the counters to zero and begin a new data collection.

Refresh

Select the Refresh button to update the screen’s counters to their latest values

See also other documents in the category Brocade Computer Accessories: