Specifications

5-10 VLAN Commands

set security l2-restrict

RestrictsLayer2forwardingbetween clientsinthesameVLAN.WhenyourestrictLayer2

forwardinginaVLAN,MSSallowsLayer2forwardingonlybetweenaclientandasetofMAC

addresses,generallytheVLAN’sdefaultrouters.ClientswithintheVLANarenotpermittedto

communicateamongthemselvesdirectly.

Tocommunicatewithanotherclient,theclientmustuse

oneofthespecifieddefaultrouters.

Syntax

setsecurityl2‐restrictvlanvlan‐id[mode{enable|disable}][permit-macmac‐addr[mac‐addr]]

Parameters

Defaults

Layer2restrictionisdisabledbydefault.

Mode

Enabled.

Usage

Youcanspecifymultipleaddressesbylistingthemonthesamecommandlineorbyentering

multiplecommands.TochangeaMACaddress,usetheclearsecurityl2‐restrictcommandto

removeit,thenusethesetsecurityl2‐restrictcommandtoaddthecorrectaddress.

Restrictionofclienttrafficdoes

notbeginuntilyouenablethepermittedMAClist.Usethemode

enableoptionwiththiscommand.

Example

ThefollowingcommandrestrictsLayer2forwardingofclientdatainVLANabc_airtothedefault

routerswithMACaddressaa:bb:cc:dd:ee:ffand11:22:33:44:55:66:

RBT-8100# set security l2-restrict vlan abc_air mode enable permit-mac

aa:bb:cc:dd:ee:ff 11:22:33:44:55:66

success: change accepted.

vlan‐id VLANnameornumber.

mode

{enable|disable}

EnablesordisablesrestrictionofLayer2forwarding.

permit-macmac‐addr

[mac‐addr]

MACaddressestowhichclientsareallowedtoforwarddataatLayer

2.Youcanspecifyuptofouraddresses.