Filter
Top Products
Network > Interfaces
197
SonicOS 5.8.1 Administrator Guide
Multiple Subnets in L2 Bridge Mode
L2 Bridge Mode is capable of handling any number of subnets across the bridge, as described
above. The default behavior is to allow all subnets, but Access Rules can be applied to control
traffic as needed.
Non-IPv4 Traffic in L2 Bridge Mode
Unsupported traffic will, by default, be passed from one L2 Bridge interface to the Bridge-
Partner interface. This allows the SonicWALL to pass other traffic types, including LLC packets
such as Spanning Tree, other EtherTypes, such as MPLS label switched packets (EtherType
0x8847), Appletalk (EtherType 0x809b), and the ever-popular Banyan Vines (EtherType
0xbad). These non-IPv4 packets will only be passed across the Bridge, they will not be
inspected or controlled by the packet handler. If these traffic types are not needed or desired,
the bridging behavior can be changed by enabling the Block all non-IPv4 traffic option on the
Secondary Bridge Interface configuration page.
Comparison of L2 Bridge Mode to Transparent Mode
Attribute Layer 2 Bridge Mode Transparent Mode
Layer of Operation Layer 2 (MAC) Layer 3 (IP)
ARP behavior ARP (Address Resolution Protocol)
information is unaltered. MAC addresses
natively traverse the L2 bridge. Packets that
are destined for SonicWALL’s MAC
addresses will be processed, others will be
passed, and the source and destinations
will be learned and cached.
ARP is proxied by the interfaces operating
in Transparent Mode.
Path determination Hosts on either side of a Bridge-Pair are
dynamically learned. There is no need to
declare interface affinities.
The Primary WAN interface is always the
master ingress/egress point for
Transparent mode traffic, and for subnet
space determination. Hosts transparently
sharing this subnet space must be
explicitly declared through the use of
Address Object assignments.
Maximum interfaces Two interfaces, a Primary Bridge Interface
and a Secondary Bridge Interface.
Two or more interfaces. The master
interface is always the Primary WAN.
There can be as many transparent
subordinate interfaces as there are
interfaces available.
Maximum pairings The maximum number of Bridge-Pairs
allowed is limited only by available physical
interfaces. This can be described as “many
One-to-One pairings”.
Transparent Mode only allows the Primary
WAN subnet to be spanned to other
interfaces, although it allows for multiple
interfaces to simultaneously operate as
transparent partners to the Primary WAN.
This can be described as “a single One-to-
One” or “a single One-to-Many pairing”.
Zone restrictions The Primary Bridge Interface can be
Untrusted, Trusted, or Public. The
Secondary Bridge Interface can be Trusted
or Public.
Interfaces in a Transparent Mode pair
must consist of one Untrusted interface
(the Primary WAN, as the master of the
pair’s subnet) and one or more Trusted/
Public interface (e.g. LAN or DMZ).