User guide
User Guide NetXtreme II
September 2013
Broadcom Corporation
Document INGSRVT78-CDUM100-R Managing the LAN Device Page 259
• Tx Enabled. Enables transmit TCP/IP/UDP checksum offload.
• TX & Rx Enabled (default). Enables transmit and receive TCP/IP/UDP checksum offload.
Priority & VLAN. Allows enabling both the prioritization of network traffic and VLAN tagging. VLAN tagging only occurs
when the VLAN ID setting is configured with a value other than 0 (zero).
• Priority & VLAN Enabled (default). Allows for packet prioritization and VLAN tagging.
• Priority & VLAN Disabled. Prevents packet prioritization and VLAN tagging.
• Priority Enabled. Allows packet prioritization only.
• VLAN Enabled. Allows VLAN tagging only.
NOTE: If an intermediate driver is managing the network adapter for VLAN tagging, the Priority & VLAN Disabled
and Priority Enabled settings should not be used. Use the Priority & VLAN Enabled setting and change the
VLAN ID to 0 (zero).
VLAN ID. Enables VLAN tagging and configures the VLAN ID when Priority & VLAN Enabled is selected as the Priority
& VLAN setting. The range for the VLAN ID is 1 to 4094 and must match the VLAN tag value on the connected switch. A
value of 0 (default) in this field disables VLAN tagging.
Risk Assessment of VLAN Tagging through the NDIS Miniport Driver
Broadcom's NDIS 6.0 miniport driver provides the means to allow a system containing a Broadcom adapter to connect
to a tagged VLAN. On Windows XP systems, this support was only provided through the use of an intermediate driver
(e.g., Broadcom Advanced Server Program - BASP). Unlike BASP, however, the NDIS 6 driver's support for VLAN
participation is only for a single VLAN ID.
Also unlike BASP, the NDIS 6.0 driver only provides VLAN tagging of the outbound packet, but does not provide filtering
of incoming packets based on VLAN ID membership. This is the default behavior of all miniport drivers. While the lack
of filtering packets based on VLAN membership may present a security issue, the following provides a risk assessment
based on this driver limitation for an IPv4 network:
A properly configured network that has multiple VLANs should maintain separate IP segments for each VLAN. This
is necessary since outbound traffic relies on the routing table to identify which adapter (virtual or physical) to pass
traffic through and does not determine which adapter based on VLAN membership.
Since support for VLAN tagging on Broadcom's NDIS 6.0 driver is limited to transmit (Tx) traffic only, there is a risk
of inbound traffic (Rx) from a different VLAN being passed up to the operating system. However, based on the
premise of a properly configured network above, the IP segmentation and/or the switch VLAN configuration may
provide additional filtration to limit the risk.
In a back-to-back connection scenario, two computers on the same IP segment may be able to communicate
regardless of their VLAN configuration since no filtration of VLAN membership is occurring. However, this scenario
assumes that the security may already be breached since this connection type is not typical in a VLAN environment.
If the risk above is not desirable and filtering of VLAN ID membership is required, then support through an intermediate
driver would be necessary.
iSCSI Crash Dump. Crash dump is used to collect information on adapters that were booted remotely using iSCSI. To
enable crash dump, set to Enable and reboot the system. If you perform an upgrade of the device drivers, re-enable iSCSI
Crash Dump. If iSCSI Boot is configured to boot in the HBA path, then this parameter cannot be changed.
Interrupt Moderation. Enables interrupt moderation, which limits the rate of interrupt to the CPU during packet transmission
and packet reception. The disabled option allows one interrupt for every packet transmission and packet reception. Enable
is the default option.
Number of RSS Queues. Allows configuring RSS queues. For 1 Gbps network adapters, the RSS queue options are Auto
(default), 2, 4, and 8. For 10 Gbps network adapters, the RSS queue options are Auto (default), 2, 4, 8, and 16.