clear security l2-restrict
Removes one or more MAC addresses from the list of destination MAC addresses to which clients in a VLAN are allowed to send traffic at Layer 2.
Syntax: clear security l2-restrict vlan vlan-id [permit-mac mac-addr [mac-addr] | all]
VLAN name or number.
List of MAC addresses. MSS no longer allows clients in the VLAN to
mac-addr [mac-addr] send traffic to the MAC addresses at Layer 2.
Removes all MAC addresses from the list.
Defaults: If you do not specify a list of MAC addresses or all, all addresses are removed.
Usage: If you clear all MAC addresses, Layer 2 forwarding is no longer restricted in the VLAN.
Clients within the VLAN will be able to communicate directly. There can be a slight delay before functions such as pinging between clients become available again after Layer 2 restrictions are lifted. Even though packets are passed immediately once Layer 2 restrictions are gone, it can take 10 seconds or more for upper-layer protocols to update their ARP caches and regain their functionality.
To clear the statistics counters without removing any MAC addresses, use the clear security l2- restrict counters command instead.
Examples: The following command removes MAC address aa:bb:cc:dd:ee:ff from the list of addresses to which clients in VLAN abc_air are allowed to send traffic at Layer 2:
DWS-1008# clear security l2-restrict vlan abc_air permit-mac aa:bb:cc:dd:ee:ff success: change accepted.
• clear security l2-restrict counters
• set security l2-restrict
• show security l2-restrict