Operation Manual
VLAN Commands
VLAN Commands
6 – 69
Defaults
If you do not specify a list of MAC addresses or all, all addresses are removed.
Access
Enabled.
History
Introduced in MSS Version 4.1.
Usage
If you clear all MAC addresses, Layer 2 forwarding is no longer restricted in the VLAN.
Clients within the VLAN can communicate directly.
There can be a slight delay before functions such as pinging between clients become available
again after Layer 2 restrictions are lifted. Even though packets are passed immediately once
Layer 2 restrictions are gone, it can take 10 seconds or more for upper-layer protocols to update
their ARP caches and regain their functionality.
To clear the statistics counters without removing any MAC addresses, use the clear security
l2-restrict counters command instead.
Examples
The following command removes MAC address aa:bb:cc:dd:ee:ff from the list of
addresses that clients in VLAN abc_air are allowed to send traffic at Layer 2:
MX# clear security l2-restrict vlan abc_air permit-mac aa:bb:cc:dd:ee:ff
success: change accepted.
See Also
● clear security l2-restrict counters on page 6-69
● set security l2-restrict on page 6-72
● show security l2-restrict on page 6-80
clear security l2-restrict counters
Clear statistics counters for Layer 2 forwarding restriction.
Syntax
clear security l2-restrict counters [vlan vlan-id | all]
Defaults
If you do not specify a VLAN or all, counters for all VLANs are cleared.
Access
Enabled.
History
Introduced in MSS Version 4.1.
Usage
To clear MAC addresses from the list of addresses that clients are allowed to send data,
use the clear security l2-restrict command instead.
Examples
The following command clears Layer 2 forwarding restriction statistics for VLAN
abc_air:
MX# clear security l2-restrict counters vlan abc_air
success: change accepted.
See Also
● clear security l2-restrict on page 6-68
● set security l2-restrict on page 6-72
● show security l2-restrict on page 6-80
permit-mac mac-addr
[mac-addr]
List of MAC addresses. MSS no longer allows clients in the VLAN to send traffic to
the MAC addresses at Layer 2.
all Removes all MAC addresses from the list.
vlan-id VLAN name or number.
all Clears Layer 2 forwarding restriction counters for all VLANs.