Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Wi-Fi Router Charts

Click for Wi-Fi Router Charts

Mesh System Charts

Click for Wi-Fi Mesh System Charts

VLANs and QoS

SonicWALL includes VLAN functionality for the TZ 190 with their PortShield feature. PortShields are user-created virtual interfaces that enable control over the switch ports on the TZ 190. The TZ 190 has eight switch ports, which in default configuration are all part of a single VLAN. Separating the eight switch ports into different VLANs requires first creating a new Zone, which is as simple as going into the Network Zones menu, clicking Add, and giving your new Zone a name. With a new Zone created, a PortShield Interface can then be added in the Network Interface menu and assigned to the new Zone.

I tested the TZ 190's VLAN functionality by creating a Zone called LAN2, and then added a PortShield Interface called VLAN2 assigned to my new LAN2 Zone. As you can see below, I gave the PortShield interface an IP address in a different subnet ( as opposed to the LAN interface of and assigned one of the eight switch ports to be a member of my VLAN2 PortShield interface. A DHCP service was automatically set up by the SonicOS to provide IP addresses to clients off this port in the network. I tested this feature by then plugging my laptop into the switch port I assigned to this new VLAN, and verified I was assigned an IP address from the network and was able to surf the Internet.

VLAN PortShield

Figure 17: A VLAN PortShield

Recall from the Firewall discussion above the SonicWALL’s ability to control traffic between the wireless LAN and the wired LAN Zones. SonicWALL provides the same control with my newly added Zone. I verified I can Allow or Deny traffic between the LAN Zone and my LAN2 Zone. Further, since I've separated the two zones into different subnets, I have automatically protected each zone from the other's Layer 2 broadcasts, a key value of VLANs.

The TZ 190 also allows for allocating bandwidth to different traffic types, an element of QoS. To ensure sensitive traffic flows, such as VoIP, are allocated sufficient bandwidth, the first step is to define the bandwidth of the WAN interface. I was able to do this by going into the Network Interface menu and setting the capacity (Figure 18) of my Internet service, in this case Verizon FiOS, which runs at 5 Mbps down and about 1.5 Mbps up.

Bandwidth settings

Figure 18: Bandwidth management settings

Once defined, Access Rules in the Firewall can be set up to allocate percentages of bandwidth to specific traffic types. In Figure 19, you can see that I've allocated a minimum or guaranteed bandwidth percentage of 10% and maximum of 15% to VoIP traffic going from my LAN subnets to the WAN interface. Another Access Rule can be set up for the WAN-to-LAN direction. Setting bandwidth allocations ensures activities like web surfing or downloading won't affect delay-sensitive traffic flows.

QoS settings
Click to enlarge image

Figure 19: Assigning bandwidth to specific access rules

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Don't Miss These

  • 1
  • 2