clear security l2-restrict

Removes one or more MAC addresses from the list of destination MAC addresses to which clients in a VLAN are allowed to send traffic at Layer 2.

Syntax: clear security l2-restrict vlan vlan-id [permit-mac mac-addr [mac-addr] | all]


VLAN name or number.


List of MAC addresses. MSS no longer allows clients in the VLAN to

mac-addr [mac-addr] send traffic to the MAC addresses at Layer 2.


Removes all MAC addresses from the list.

Defaults: If you do not specify a list of MAC addresses or all, all addresses are removed.

Access: Enabled.

Usage: If you clear all MAC addresses, Layer 2 forwarding is no longer restricted in the VLAN.

Clients within the VLAN will be able to communicate directly. There can be a slight delay before functions such as pinging between clients become available again after Layer 2 restrictions are lifted. Even though packets are passed immediately once Layer 2 restrictions are gone, it can take 10 seconds or more for upper-layer protocols to update their ARP caches and regain their functionality.

To clear the statistics counters without removing any MAC addresses, use the clear security l2- restrict counters command instead.

Examples: The following command removes MAC address aa:bb:cc:dd:ee:ff from the list of addresses to which clients in VLAN abc_air are allowed to send traffic at Layer 2:

DWS-1008# clear security l2-restrict vlan abc_air permit-mac aa:bb:cc:dd:ee:ff success: change accepted.

See Also:

• clear security l2-restrict counters

• set security l2-restrict

• show security l2-restrict