switchingOverview
This section describes how to configure and manage the Layer 2 (data link layer) switching functionality feature on SonicOS.
Note Switching is not available on the NSA2600.
Topics:
• Glossary
This section provides an introduction to the Switching feature. This section contains the following subsections:
SonicOS provides Layer 2 (data link layer) switching functionality. The functionality supports the following switching features:
• VLAN Trunking – Provides the ability to trunk different VLANs between multiple switches.
• Layer 2 Network Discovery – Uses IEEE 802.1AB (LLDP) and Microsoft LLTD protocols and switch forwarding table to discover devices visible from a port.
• Link Aggregation – Provides the ability to aggregate ports for increased performance and redundancy.
Note On the NSA 2600, Link Aggregation for Network Interfaces is a separate feature from Link Aggregation for Switching. The NSA 2600 does support Link Aggregation for Network Interfaces (see Configuring Link Aggregation and Port Redundancy), but the NSA 2600 does not support Switching and, therefore, does not support Link Aggregation for Switching.
• Port Mirroring – Allows you to assign a mirror port to mirror ingress, egress or bidirectional packets coming from a group of ports.
• Jumbo Frames – Supporting jumbo frames allows the SonicOS to process Ethernet frames with payloads ranging from 1500-9000 bytes.
Note The NSA 2600 does not support Jumbo frames.
SonicOS provides a combined security and switching solution. Layer 2 switching features enhance the deployment and interoperability of SonicWALL devices within existing Layer-2 networks.
The advanced switching features on a network security appliance provide the following benefits:
• Increased port density – With one appliance providing 26 interfaces, including 24 switch ports, you can decrease the number of devices on your internal network.
• Increased security across multiple switch ports – The PortShield architecture provides the flexibility to configure all 26 LAN switch ports into separate security zones such as LANs, WLANs and DMZs, providing protection not only from the WAN and DMZ, but also between devices inside the LAN. Effectively, each security zone has its own wire-speed “mini-switch” that benefits from the protection of a dedicated deep packet inspection firewall.
• VLAN Trunking – Simplifies VLAN management and configuration by reducing the need to configure VLAN information on every switch; provides the ability to trunk different VLANs between multiple switches.
• Layer 2 Network Discovery – Provides Layer 2 network information for all devices attached to the appliance; uses IEEE 802.1AB (LLDP) and Microsoft LLTD protocols and switch forwarding table to discover devices visible from a port.
• Link Aggregation – Aggregated ports provide increased performance through load balancing when connected to a switch that supports aggregation, and provide redundancy when connected to a switch or server that supports aggregation.
• Port Security – Allows you to bind a trusted MAC address or multiple MAC addresses to a specific port to decrease unauthorized access on that port.
• Port Mirroring – Allows you to easily monitor and inspect network traffic on one or more ports and to assign a mirror port to mirror ingress, egress or bidirectional packets coming from a group of ports.
• Jumbo Frames – Allows increased throughput and reduces the number of Ethernet frames to be processed by allowing SonicWALL SuprMassive appliances to process Ethernet frames with payloads ranging from 1500-9000 bytes. Throughput increase may not be seen in some cases. However, there will be some improvement in throughput if the packets traversing are really jumbo size.
Note The NSA 2600 does not support Jumbo frames.
The switching features have their own menu group in the left navigation pane of the SonicOS management interface.
Some switching features operate on PortShield Groups and require preliminary configuration on the Network > PortShield Groups page. Some operate on existing Network > Interface configurations. The Port Security feature uses MAC address objects. For more information about configuring these related features in SonicOS, see the corresponding sections:
For details about the operation of each switching feature, see the related section under Configuring Switching.
Topics:
• Configuring Layer 2 Discovery