cc/td/doc/product/vpn/vpn3000/4_0
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

System Status
Monitoring | System Status
Monitoring | System Status | Memory Status
Memory Detail Report
Monitoring | System Status | Ethernet Interface
Monitoring | System Status | Power
Monitoring | System Status | SEP
Monitoring | System Status | LED Status

System Status


Monitoring | System Status

This screen shows the status of several software and hardware variables at the time the screen displays. From this screen you can also display the status and statistics for SEP modules, system power supplies, memory, and network interfaces.


Figure 15-1   Monitoring | System Status Screen (Model 3005)



Figure 15-2   Monitoring | System Status Screen (Models 3015-3080)


Refresh

To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.

VPN Concentrator Type

The type, or model number, of this VPN Concentrator.

Bootcode Rev

The version name, number, and date of the VPN Concentrator bootcode software file. When you boot or reset the system, the bootcode software runs system diagnostics, and it loads and executes the system software image. The bootcode is installed at the factory.

For instructions on upgrading the bootcode, refer to Upgrading Memory to 512 MB in the VPN 3000 Series Concentrator.

Software Rev

The version name, number, and date of the VPN Concentrator system software image file. You can update this image file from the Administration | Software Update screen.

Up For

The amount of time since the VPN Concentrator was last booted or reset.

Up Since

The date and time that the VPN Concentrator was last booted or reset.

RAM Size

The total amount of SDRAM memory installed in the VPN Concentrator. Memory Status is a link to a table that displays information about memory use on the VPN Concentrator; it includes information about block size, with data about used and free blocks, bytes, and percentages.

Front Panel

On models 3015-3080, the front panel image is an active link. Put the mouse pointer anywhere within the image and click. The Manager displays the Monitoring | System Status | LED Status screen.

Back Panel

The back panel image includes active links for configurable modules installed in the VPN Concentrator: Ethernet interfaces, power supplies, and SEP or SEP-E modules. Use the mouse pointer to select a module on the back-panel image and click anywhere in the highlighted area. The Manager displays the appropriate Monitoring | System Status | Interface, Power, or SEP screen.


Tip To find out if you have a SEP or SEP-E module installed, move the mouse pointer over the module in the back panel image. A pop-up appears that describes the type of module installed.

The VPN Concentrator does not support simultaneous SEP and SEP-E modules. If both are installed, the VPN Concentrator disables the SEP module and uses only the SEP-E. In this case, the back panel image shows the SEP module as "DISABLED."

Fan 1, Fan 2

The VPN Concentrator includes two cooling fans. In the Model 3005, they are on the rear of the chassis, with Fan 1 on the left as you face the rear. In the Model 3015-3080, they are on the right side of the chassis as you face the front, with Fan 1 closest to the front. This table shows the RPM for both fans. The nominal value is 5000 RPM for the Model 3005 and 3800 RPM for the Model 3015-3080, with an acceptable minimum of 3000 RPM for both. Values below this minimum trigger a hardware event.

CPU, Cage

The VPN Concentrator Model 3015-3080 includes two temperature sensors on the main printed circuit board: one near the CPU and one near the power supply cage. The Model 3005 has one sensor near the CPU. This table shows the temperature at the sensor(s). Temperatures between 0° and 50°C (32° and 122°F) are acceptable. Values outside this range trigger a hardware event.

CPU Utilization

This usage graph shows the CPU load as a percentage of the maximum possible load. Each segment represents ten percent of the maximum possible load.

Active Sessions

This usage graph shows the number of active sessions as a percentage of the maximum possible sessions. For example, if 5000 sessions is the maximum, each segment represents 500 sessions. The first segment lights with the first session, the second segment lights with 10 percent plus one session, etc.

Throughput

This usage graph shows current throughput (measured in LAN packets) as a percentage of the maximum possible system throughput. For example, if two interfaces are set for 100 Mbps, the maximum possible throughput is 200 Mbps and each segment represents 20 Mbps.

Monitoring | System Status | Memory Status

This screen displays status and data for the VPN Concentrator system memory.


Figure 15-3   Monitoring | System Status | Memory Status Screen


Refresh

To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.

System Memory Summary

This section summarizes memory use on the VPN Concentrator.

Total Memory

Total amount of system memory, in megabytes, on the VPN Concentrator.

Memory Status

Green: Sufficient memory resources are available for normal VPN Concentrator operations.

Red: Memory resources are critically low; new IPSec, PPTP and L2TP connections are prevented.


Note   It is possible for Memory Status to be Red, preventing new connections, even while total memory usage is significantly less than 100%. This is because some VPN Concentrator functions and features require specific block sizes to operate, and those block sizes are critically low. If this occurs, follow the instructions in the section, "Memory Detail Report" that follows.

Total Block Usage

Memory use in total percent of blocks currently in use.

Block Usage List

Provides a list of blocks by size and number, both used and free.

Block Size (Bytes)

The number of blocks by size of block in bytes.

Used/Free Blocks

The number of used blocks and free blocks.

Used/Free Bytes

The number of uesd bytes and free bytes.

Usage

The percentage of blocks in use.

Memory Detail Report

Click this button to generate a text file that displays in a new window.

Memory Detail Report

This screen displays a text file that summarizes memory use on the VPN Concentrator. You can view, copy, save, or delete "Memory.txt" using file management. If necessary, you can send this file to the Cisco TAC by email to help with trouble-shooting.


Figure 15-4   Memory Detail Report


Monitoring | System Status | Ethernet Interface

This screen displays status and statistics for a VPN Concentrator Ethernet interface. To configure an interface, see Configuration | Interfaces.


Figure 15-5   Monitoring | System Status | Ethernet Interface Screen


Reset

To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.

Restore

To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.

Refresh

To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.

Back

To return to the Monitoring | System Status screen, click Back.

Interface

The VPN Concentrator Ethernet interface number:

IP Address

The IP address configured on this interface.

Status

The operational status of this interface:

Rx Unicast

The number of unicast packets that were received by this interface since the VPN Concentrator was last booted or reset. Unicast packets are those addressed to a single host.

Tx Unicast

The number of unicast packets that were routed to this interface for transmission since the VPN Concentrator was last booted or reset, including those that were discarded or not sent. Unicast packets are those addressed to a single host.

Rx Multicast

The number of multicast packets that were received by this interface since the VPN Concentrator was last booted or reset. Multicast packets are those addressed to a specific group of hosts.

Tx Multicast

The number of multicast packets that were routed to this interface for transmission since the VPN Concentrator was last booted or reset, including those that were discarded or not sent. Multicast packets are those addressed to a specific group of hosts.

Rx Broadcast

The number of broadcast packets that were received by this interface since the VPN Concentrator was last booted or reset. Broadcast packets are those addressed to all hosts on a network.

Tx Broadcast

The number of broadcast packets that were routed to this interface for transmission since the VPN Concentrator was last booted or reset, including those that were discarded or not sent. Broadcast packets are those addressed to all hosts on a network.

Monitoring | System Status | Power

This screen displays status and data for VPN Concentrator power supplies and voltage sensors in the system. To configure alarm thresholds for system voltages, see the Configuration | Interfaces | Power screen.


Figure 15-6   Monitoring | System Status | Power Screen (Model 3005)



Figure 15-7   Monitoring | System Status | Power Screen (Models 3015-3080)


Refresh

To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.

Back

To return to the Monitoring | System Status screen, click Back.

CPU

Voltage and status for the voltage sensor on the CPU chip. The screen shows either 1.9 or 2.5 volts, depending on the CPU chip in the system.

Power Supply A, B

Voltages and status of the 3.3- and 5-volt outputs from the power supplies.

Board

Voltages and status of the 3.3- and 5-volt sensors on the main circuit board.

1.9/2.5V Status, 3.3V Status, 5V Status

The status of voltages relative to the configured thresholds:

Monitoring | System Status | SEP


Note   This screen appears on models 3015-3080 only.

This screen displays status and statistics for a VPN Concentrator SEP (Scalable Encryption Processing) or a SEP-E (Enhanced SEP) module, which performs hardware-based cryptographic functions:

The screen shows cumulative data since the system was last booted or reset.

SEP Redundancy

The VPN Concentrator can contain up to four SEP or SEP-E modules for maximum system throughput and redundancy. Two SEP modules provide maximum throughput; additional modules provide redundancy in case of module failure.

SEP redundancy requires no configuration: it is always enabled and completely automatic; no administrator action is required. If a SEP module fails, the VPN Concentrator automatically switches active sessions to another SEP module. If the system has only one SEP module and it fails, the sessions automatically use software cryptographic functions. Even if a SEP module fails, the VPN Concentrator supports the number of sessions for which it is licensed.


Note   Only SEPs of the same type provide redundancy. For example, if a SEP fails, the VPN Concentrator can switch sessions only to another SEP, not to a SEP-E.

If a SEP module fails, the system generates an event of severity level 2. It continues to generate an event every 10 minutes until the failed module is removed or replaced and the VPN Concentrator is rebooted. The front- and back-panel Status LEDs also indicate the failed module, as does this screen.


Figure 15-8   Monitoring | System Status | SEP Screen (For SEP-E)


Reset

To reset, or start anew, the screen contents, click Reset. The system temporarily resets a counter for the chosen statistics without affecting the operation of the device. You can then view statistical information without affecting the actual current values of the counters or other management sessions. The function is like that of a vehicle's trip odometer, versus the regular odometer.

Restore

To restore the screen contents to their actual statistical values, click Restore. This icon displays only if you previously clicked the Reset icon.

Refresh

To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.

Back

To return to the Monitoring | System Status screen, click Back.

Type

The type of SEP module installed in this slot:

Status

The functional state of this SEP module:

DSP Code Version

The version of DSP (Digital Signal Processing) microcode running on this SEP module. This information might be useful during troubleshooting.

This field appears for SEP modules only; it does not appear for SEP-E modules.

Inbound Hash: Octets

The number of inbound octets (bytes) to which this SEP applied a hashing algorithm for authentication.

Inbound Hash: Packets

The number of inbound authentication-only hashed packets processed by this SEP. Only hashing algorithms are applied to authentication-only traffic; there is no encryption or decryption.

Outbound Hash: Octets

The number of outbound octets (bytes) to which this SEP applied a hashing algorithm for authentication.

Outbound Hash: Packets

The number of outbound authentication-only hashed packets processed by this SEP. Only hashing algorithms are applied to authentication-only traffic; there is no encryption or decryption.

Encrypted: Octets

The number of octets (bytes) that this SEP encrypted.

Encrypted: Packets

The number of encryption-only packets processed by this SEP. Only encryption algorithms are applied to encryption-only traffic; there is no hashing or authentication.

Decrypted: Octets

The number of octets (bytes) that this SEP decrypted.

Decrypted: Packets

The number of decryption-only packets processed by this SEP. Only encryption algorithms are applied to encryption-only traffic; there is no hashing or authentication.

Hash Encrypted: Packets

The number of packets that this SEP processed using both hashing (authentication) and encryption algorithms. This is typical processing for tunneled traffic.

Hash Decrypted: Packets

The number of packets that this SEP processed using both hashing (authentication) and decryption algorithms.

Drops: Packets

The number of packets intended for processing by this SEP, but dropped due to the SEP being overloaded.

Random Requests

The number of requests to this SEP to generate random numbers. When needed (requested), the SEP generates a 2-KB block of random numbers and caches them on the VPN Concentrator. Various cryptographic functions require random numbers of different sizes, and they get them from the cache.

Random Replenishments

The number of times this SEP fulfilled a request to generate a block of random numbers, to replenish the cache.

Random Bytes Available

The number of bytes currently available in the random-number cache on the VPN Concentrator.

Random Cache Empty

The number of times the VPN Concentrator received a request for random numbers and the random-number cache was empty. Since the VPN Concentrator monitors this cache and communicates with the SEP to replenish it, this number should be zero or very small.

DH Keys Generated

The number of times this SEP generated a new Diffie-Hellman key pair. IPSec Security Associations use the Diffie-Hellman algorithm to generate encryption keys, for example.

DH Derived Secret Keys

The number of times this SEP has derived the Diffie-Hellman secret key. In public-key cryptography, the VPN Concentrator receives a remote public key, and the SEP uses the local private key to generate the secret key.

RSA Digital Keys Generated

The number of times this SEP has generated a new RSA encryption-key pair.

RSA Digital Signings

The number of times this SEP has generated an RSA (Rivest, Shamir, Adelman algorithm) digital signature. The VPN Concentrator generates a digital signature when it creates a digital certificate.

RSA Digital Verifications

The number of times this SEP has verified an RSA digital signature. When the VPN Concentrator receives a signed digital certificate for authentication, it must verify the digital signature by computing a hash of the certificate and comparing it with the received-certificate hash.

RSA Encryptions: Octets / Packets

The number of RSA-encrypted octets (bytes) / packets this SEP has generated.

RSA Decryptions: Octets / Packets

The number of RSA-encrypted octets (bytes) / packets this SEP has received and decrypted.

DSA Digital Keys Generated

The number of times this SEP has generated a new DSA (Digital Signature Algorithm) encryption-key pair.

DSA Digital Signings

The number of times this SEP has generated a DSA digital signature. The VPN Concentrator generates a digital signature when it creates a digital certificate.

DSA Digital Verifications

The number of times this SEP has verified a DSA digital signature. When the VPN Concentrator receives a signed digital certificate for authentication, it must verify the digital signature by computing a hash of the certificate and comparing it with the received-certificate hash.

Monitoring | System Status | LED Status


Note   This screen appears on models 3015-3080 only.

This screen shows the status of VPN Concentrator front-panel LED indicators, exactly as they appear on the unit itself. LED indicators on the VPN Concentrator are normally green, and the usage graph LEDs are blue. LEDs that are amber, red, or off might indicate an error condition. See "Troubleshooting and System Errors" for descriptions of the LEDs.

The usage graph displays CPU Utilization, Active Sessions, or Throughput, in accordance with the selection you make using the front-panel button. You can "press" the front-panel button either physically—on the unit itself—or logically—on this screen. See Monitoring | System Status for an explanation of usage graph units.


Figure 15-9   Monitoring | System Status | LED Status Screen


Refresh

To update the screen and its data, click Refresh. The date and time indicate when the screen was last updated.

[LED Selector Button]

To toggle the usage graph LEDs, click the front-panel button on this screen. Clicking the button here also changes the selection on the VPN Concentrator itself.


hometocprevnextglossaryfeedbacksearchhelp
Posted: Fri Apr 18 17:29:07 PDT 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.