Filter
Top Products
Configuring Switching
35
SonicOS 5.7: Advanced Switching Feature Guide and Screencast Tutorial
Step 4 Type the desired ingress rate limit in kilobits per second into the Ingress Rate field. To turn off the ingress
rate limit and allow unlimited traffic, type 0 (zero). The value you type will be rounded to the nearest
increment, depending on the the granularity available for that rate. The granularities are different depending
on the range of rates:
• 128kbps ~ 1Mbps – increments of 64kbps
• 1Mbps ~ 100Mbps – increments of 1Mbps
• 100Mbps ~ 1000Mbps – increments of 10Mbps (for gigabit ports)
Step 5 Type the desired egress rate limit in kilobits per second into the Egress Rate field. To turn off the egress
rate limit and allow unlimited traffic, type 0 (zero). The value you type will be rounded to the nearest
increment, depending on the the granularity available for that rate. The granularities are the same as for the
ingress rate.
Step 6 Click OK.
Configuring Port Security
On the Switching > Port Security page, each port can be configured to enable or disable the Discard
Tagged option. When it is enabled, all frames with a 802.3ac tag (or “Q-tag”) are discarded. IEEE 802.3ac
specifies an extension of 4 bytes to the Ethernet frame size, allowing 1522 bytes per frame. The additional
4 bytes are for the “Q-tag”, which includes 802.1Q VLAN information and 802.1p priority information.
A secure port is meant to receive untagged frames. If a frame has a tag, even when its Security Association
(SA) is trusted, it will be discarded.
Only static port security is supported. This means that the SonicWALL NSA 2400MX administrator must
create MAC address objects for the trusted MAC addresses and bind the MAC address objects to specific
ports. Frames whose source addresses are not contained in the table will be dropped.
MAC address objects are one type of address object in SonicOS. Address objects allow for entities to be
defined one time and then re-used in multiple referential instances throughout the SonicOS interface.
Address objects can be selected from a drop-down menu in many configuration screens throughout the user
interface.
A VLAN trunk port or a port currently configured for link aggregation as part of a Logical Link cannot be
a secure port at the same time. This prevents a non-trunk port from connecting to a trunk port.
Figure 20 shows part of the Switching > Port Security page, with one secure port configured.
Figure 20 Switching > Port Security Page