Viewing and Configuring VLANs 217

Restricting Layer 2 By default, clients within a VLAN are able to communicate with one Traffic Among Clients another directly at Layer 2. You can enhance network security by

in a VLAN restricting Layer 2 forwarding among clients in the same VLAN. When you restrict Layer 2 forwarding in a VLAN, MSS allows Layer 2 forwarding only between a client and a set of MAC addresses, generally the VLAN’s gateway routers. Clients within the VLAN are not permitted to communicate among themselves directly. To communicate with another client, the client must use one of the specified gateway routers.

You can specify up to four gateway MAC addresses. The addresses must be unicast (not multicast or broadcast).

For networks with IP-only clients, you can restrict client-to-client forwarding using ACLs. Use the Restrict L3 Traffic option. (See “Restricting Layer 3 Traffic Among Clients in a VLAN”.)

1Access the VLAN table:

a Select the Configuration tool bar option.

b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to System.

d Select VLANs.

2In the Content panel, select the VLAN.

3In the Task List panel, select Restrict L2 Traffic.

4Select Restrict L2 Traffic to enable the feature for the VLAN.

5Click Create.

6In a Permitted MAC Address box, edit the address to be the MAC address of the VLAN’s gateway.

7Click Finish.

8Click OK.

Page 217
Image 217
3Com 3CRWX120695A WXR100, 3CRWXR10095A, WX4400 3CRWX440095A WX1200 manual Viewing and Configuring VLANs