Справочник Пользователя для SonicWALL 5.8.1
Network > Interfaces
187
SonicOS 5.8.1 Administrator Guide
Subinterfaces
VLAN support on SonicOS Enhanced is achieved by means of subinterfaces, which are logical
interfaces nested beneath a physical interface. Every unique VLAN ID requires its own
subinterface. For reasons of security and control, SonicOS does not participate in any VLAN
trunking protocols, but instead requires that each VLAN that is to be supported be configured
and assigned appropriate security characteristics.
interfaces nested beneath a physical interface. Every unique VLAN ID requires its own
subinterface. For reasons of security and control, SonicOS does not participate in any VLAN
trunking protocols, but instead requires that each VLAN that is to be supported be configured
and assigned appropriate security characteristics.
Note
Dynamic VLAN Trunking protocols, such as VTP (VLAN Trunking Protocol) or GVRP
(Generic VLAN Registration Protocol), should not be used on trunk links from other devices
connected to the SonicWALL.
(Generic VLAN Registration Protocol), should not be used on trunk links from other devices
connected to the SonicWALL.
Trunk links from VLAN capable switches are supported by declaring the relevant VLAN ID’s as
a subinterface on the SonicWALL, and configuring them in much the same way that a physical
interface would be configured. In other words, only those VLANs which are defined as
subinterfaces will be handled by the SonicWALL, the rest will be discarded as uninteresting.
This method also allows the parent physical interface on the SonicWALL to which a trunk link
is connected to operate as a conventional interface, providing support for any native (untagged)
VLAN traffic that might also exist on the same link. Alternatively, the parent interface may
remain in an ‘unassigned’ state.
a subinterface on the SonicWALL, and configuring them in much the same way that a physical
interface would be configured. In other words, only those VLANs which are defined as
subinterfaces will be handled by the SonicWALL, the rest will be discarded as uninteresting.
This method also allows the parent physical interface on the SonicWALL to which a trunk link
is connected to operate as a conventional interface, providing support for any native (untagged)
VLAN traffic that might also exist on the same link. Alternatively, the parent interface may
remain in an ‘unassigned’ state.
VLAN subinterfaces have most of the capabilities and characteristics of a physical interface,
including zone assignability, security services, GroupVPN, DHCP server, IP Helper, routing,
and full NAT policy and Access Rule controls. Features excluded from VLAN subinterfaces at
this time are WAN dynamic client support and multicast support. The following table lists the
maximum number of subinterfaces supported on each platform.
including zone assignability, security services, GroupVPN, DHCP server, IP Helper, routing,
and full NAT policy and Access Rule controls. Features excluded from VLAN subinterfaces at
this time are WAN dynamic client support and multicast support. The following table lists the
maximum number of subinterfaces supported on each platform.
SonicOS Enhanced Secure Objects
The SonicOS Enhanced scheme of interface addressing works in conjunction with network
zones and address objects. This structure is based on secure objects, which are utilized by
rules and policies within SonicOS Enhanced.
zones and address objects. This structure is based on secure objects, which are utilized by
rules and policies within SonicOS Enhanced.
Secured objects include interface objects that are directly linked to physical interfaces and
managed in the Network > Interfaces page. Address objects are defined in the Network >
Address Objects page. Service and Scheduling objects are defined in the Firewall section of
the SonicWALL security appliance Management Interface, and User objects are defined in the
Users section of the SonicWALL security appliance Management Interface.
managed in the Network > Interfaces page. Address objects are defined in the Network >
Address Objects page. Service and Scheduling objects are defined in the Firewall section of
the SonicWALL security appliance Management Interface, and User objects are defined in the
Users section of the SonicWALL security appliance Management Interface.
Platform
Number of Subinterfaces
Supported
Supported
NSA 240
10
NSA 2400
25
NSA 3500
50
NSA 4500
200
NSA E5000
300
NSA E5500
400
NSA E6500
500
NSA E7500
512