set security l2-restrict 115
mode — Enables or disables restriction of Layer 2 forwarding.
{enable | disable}
permit-mac mac-addr — MAC addresses to which clients are
[
mac-addr] allowed to forward data at Layer 2. You
can specify up to four addresses.
Defaults — Layer 2 restriction is disabled by default.
Access — Enabled.
History —Introduced in MSS Version 4.1.
Usage — You can specify multiple addresses by listing them on the same
command line or by entering multiple commands. To change a MAC
address, use the clear security 12-restrict command to remove it, then
use the set security 12-restrict command to add the correct address.
Restriction of client traffic does not begin until you enable the permitted
MAC list. Use the mode enable option with this command
Examples — The following command restricts Layer 2 forwarding of
client data in VLAN abc_air to the gateway routers with MAC address
aa:bb:cc:dd:ee:ff and 11:22:33:44:55:66:
WX4400# set security 12-restrict vlan abc_air mode enable
permit-mac aa:bb:cc:dd:ee:ff 11:22:33:44:55:66
success: change accepted.
See Also
clear security 12-restrict on page 99
clear security 12-restrict counters on page 100
display security 12-restrict on page 109
