Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

VLANs and QoS

SonicWALL includes VLAN functionality for the TZ 190 with their PortShield feature. PortShields are user-created virtual interfaces that enable control over the switch ports on the TZ 190. The TZ 190 has eight switch ports, which in default configuration are all part of a single VLAN. Separating the eight switch ports into different VLANs requires first creating a new Zone, which is as simple as going into the Network Zones menu, clicking Add, and giving your new Zone a name. With a new Zone created, a PortShield Interface can then be added in the Network Interface menu and assigned to the new Zone.

I tested the TZ 190's VLAN functionality by creating a Zone called LAN2, and then added a PortShield Interface called VLAN2 assigned to my new LAN2 Zone. As you can see below, I gave the PortShield interface an IP address in a different subnet (192.168.5.1/24 as opposed to the LAN interface of 192.168.168.168/24) and assigned one of the eight switch ports to be a member of my VLAN2 PortShield interface. A DHCP service was automatically set up by the SonicOS to provide IP addresses to clients off this port in the 192.168.5.0/24 network. I tested this feature by then plugging my laptop into the switch port I assigned to this new VLAN, and verified I was assigned an IP address from the 192.168.5.0/24 network and was able to surf the Internet.

VLAN PortShield

Figure 17: A VLAN PortShield

Recall from the Firewall discussion above the SonicWALL’s ability to control traffic between the wireless LAN and the wired LAN Zones. SonicWALL provides the same control with my newly added Zone. I verified I can Allow or Deny traffic between the LAN Zone and my LAN2 Zone. Further, since I've separated the two zones into different subnets, I have automatically protected each zone from the other's Layer 2 broadcasts, a key value of VLANs.

The TZ 190 also allows for allocating bandwidth to different traffic types, an element of QoS. To ensure sensitive traffic flows, such as VoIP, are allocated sufficient bandwidth, the first step is to define the bandwidth of the WAN interface. I was able to do this by going into the Network Interface menu and setting the capacity (Figure 18) of my Internet service, in this case Verizon FiOS, which runs at 5 Mbps down and about 1.5 Mbps up.

Bandwidth settings

Figure 18: Bandwidth management settings

Once defined, Access Rules in the Firewall can be set up to allocate percentages of bandwidth to specific traffic types. In Figure 19, you can see that I've allocated a minimum or guaranteed bandwidth percentage of 10% and maximum of 15% to VoIP traffic going from my LAN subnets to the WAN interface. Another Access Rule can be set up for the WAN-to-LAN direction. Setting bandwidth allocations ensures activities like web surfing or downloading won't affect delay-sensitive traffic flows.

QoS settings
Click to enlarge image

Figure 19: Assigning bandwidth to specific access rules

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I've had this issue with several different models over the years and it still occurs today all running merlin. It seems mostly related to the DPI inps...
Hi, First, I am running several ac68's with VLAN trunking on the LAN side to separate SSIDs to bridge groups with the VLANS... but Ive been doing that...
I am also a newbie here at this forum. My question is that when I review my logs every now and then is that I only see the last six or eight hours wor...
TOR, not as safe as most think it should be. https://www.tomshardware.com/news/russia-intelligence-agency-hacked-breach-tor,39994.html
Hello,I have an Apple TV on one of my guest wireless networks and would like to allow iOS devices that reside on my main LAN to Airplay to to the Appl...

Don't Miss These

  • 1
  • 2
  • 3