Filter
Top Products
Viewing and Configuring VLANs 217
Restricting Layer 2
Traffic Among Clients
in a VLAN
By default, clients within a VLAN are able to communicate with one
another directly at Layer 2. You can enhance network security by
restricting Layer 2 forwarding among clients in the same VLAN. When
you restrict Layer 2 forwarding in a VLAN, MSS allows Layer 2 forwarding
only between a client and a set of MAC addresses, generally the VLAN’s
gateway routers. Clients within the VLAN are not permitted to
communicate among themselves directly. To communicate with another
client, the client must use one of the specified gateway routers.
You can specify up to four gateway MAC addresses. The addresses must
be unicast (not multicast or broadcast).
For networks with IP-only clients, you can restrict client-to-client
forwarding using ACLs. Use the Restrict L3 Traffic option. (See
“Restricting Layer 3 Traffic Among Clients in a VLAN”.)
1 Access the VLAN table:
a Select the Configuration tool bar option.
b In the Organizer panel, click the plus sign next to the WX switch.
c Click the plus sign next to System.
d Select VLANs.
2 In the Content panel, select the VLAN.
3 In the Task List panel, select Restrict L2 Traffic.
4 Select Restrict L2 Traffic to enable the feature for the VLAN.
5 Click Create.
6 In a Permitted MAC Address box, edit the address to be the MAC address
of the VLAN’s gateway.
7 Click Finish.
8 Click OK.