3com WX2200 3CRWX220095A User Manual

Restricts Layer 2 forwarding between clients in the same VLAN. When 
you restrict Layer 2 forwarding in a VLAN, MSS allows Layer 2 forwarding 
only between a client and a set of MAC addresses, generally the VLAN’s 
gateway routers. Clients within the VLAN are not permitted to 
communicate among themselves directly. To communicate with another 
client, the client must use one of the specified gateway routers.

Syntax — 

set security l2-restrict vlan vlan-id

[mode {enable | disable}] [permit-mac mac-addr [mac-addr]]

„

 — VLAN name or number.

„

 — Enables or disables restriction of Layer 2 forwarding.

„

permit-mac mac-addr 

— MAC addresses to which clients are 

[

]

allowed to forward data at Layer 2. You
can specify up to four addresses.

Defaults — Layer 2 restriction is disabled by default.

Access — Enabled.

History —Introduced in MSS Version 4.1.

Usage — You can specify multiple addresses by listing them on the same 
command line or by entering multiple commands. To change a MAC 
address, use the clear security 12-restrict command to remove it, then 
use the set security 12-restrict command to add the correct address.

Restriction of client traffic does not begin until you enable the permitted 
MAC list. Use the mode enable option with this command

Examples — The following command restricts Layer 2 forwarding of 
client data in VLAN abc_air to the gateway routers with MAC address 
aa:bb:cc:dd:ee:ff and 11:22:33:44:55:66:

WX4400# set security 12-restrict vlan abc_air mode enable 

success: change accepted.

„

„

„