Filter
Top Products
108 Configuring and managing ports and VLANs
NN47250-500 (320657-F Version 02.01)
To completely remove VLAN ecru, type the following command:
WSS# clear vlan ecru
This may disrupt user connectivity. Do you wish to continue? (y/n) [n]y
success: change accepted.
Changing tunneling affinity
To change the tunneling affinity, use the following command:
set vlan vlan-id tunnel-affinity num
Specify a value from 1 through 10. The default is 5.
Restricting layer 2 forwarding among clients
By default, clients within a VLAN are able to communicate with one another directly at Layer 2. You can
enhance network security by restricting Layer 2 forwarding among clients in the same VLAN. When you
restrict Layer 2 forwarding in a VLAN, WSS Software allows Layer 2 forwarding only between a client and a
set of MAC addresses, generally the VLAN’s default routers. Clients within the VLAN are not permitted to
communicate among themselves directly. To communicate with another client, the client must use one of the
specified default routers.
To restrict Layer 2 forwarding in a VLAN, use the following command:
set security l2-restrict vlan vlan-id
[mode {enable | disable}] [permit-mac mac-addr [mac-addr]]
You can specify multiple addresses by listing them on the same command line or by entering multiple
commands.
Restriction of client traffic does not begin until you enable the permitted MAC list. Use the mode enable
option with this command.
To change a MAC address, use the clear security l2-restrict command to remove it, then use the set security
l2-restrict command to add the correct address.
clear security l2-restrict vlan vlan-id
[permit-mac mac-addr [mac-addr] | all]
Note. You cannot remove the default VLAN (VLAN 1). However, you can add and
remove ports. You can also rename the default VLAN, but Nortel recommends against it.
Note. For networks with IP-only clients, you can restrict client-to-client forwarding using
ACLs. (See “Restricting client-to-client forwarding among IP-only clients” (page 441).)