Network > Interfaces
195
SonicOS 5.8.1 Administrator Guide
VLAN Support in L2 Bridge Mode
On SonicWALL NSA series appliances, L2 Bridge Mode provides fine control over 802.1Q
VLAN traffic traversing an L2 Bridge. The default handling of VLANs is to allow and preserve
all 802.1Q VLAN tags as they pass through an L2 Bridge, while still applying all firewall rules,
and stateful and deep-packet inspection to the encapsulated traffic. It is further possible to
specify white/black lists for allowed/disallowed VLAN IDs through the L2 Bridge.
This allows a SonicWALL operating in L2 Bridge Mode to be inserted, for example, inline into
a VLAN trunk carrying any number of VLANs, and to provide full security services to all IPv4
traffic traversing the VLAN without the need for explicit configuration of any of the VLAN IDs or
subnets. Firewall Access Rules can also, optionally, be applied to all VLAN traffic passing
through the L2 Bridge Mode because of the method of handling VLAN traffic.
L2 Bridge IP Packet Path
The following sequence of events describes the above flow diagram:
1. 802.1Q encapsulated frame enters an L2 Bridge interface (this first step, the next step, and
the final step apply only to 802.1Q VLAN traffic, supported on SonicWALL NSA series
appliances).
2. The 802.1Q VLAN ID is checked against the VLAN ID white/black list:
–
If the VLAN ID is disallowed, the packet is dropped and logged.