Description
This command indicates how the system will forward packets destined to an unprotected MAC
address. While enabled all packets entering the configured SAP will be verified to contain a protected
destination MAC address. If the packet is found to contain a non-protected destination MAC, it will
be discarded. Detecting a non-protected destination MAC on the SAP will not cause the SAP to be
placed in the operationally down state.
If a MAC is defined with a static address, after that MAC was already learned by the system on a
restricted SAP, the system will bring the SAP to an operationally down state, flush the MAC and
generate a trap.
If the destination MAC address of a packet entering a restricted SAP with restrict-unprotected-dst
enabled, and if it is not a protected MAC, the packet will be discarded.
If the destination MAC address is unknown, even if the packet is entering a restricted SAP, with
restrict-unprotected-dst enabled, it will be flooded.
You can specify a static MAC in the mac-protect list. This action fails if the static MAC is defined
under a restricted SAP. If the MAC is protected first, the system does not allow it to be added as static
under a restricted SAP.
Default
no restrict-unprotected-dst
tod-suite
Syntax
tod-suite tod-suite-name
no tod-suite
Context
config>service>vpls>sap
Description
This command applies a time-based policy (filter or QoS policy) to the service SAP. The suite name
must already exist in the config>cron context.
Default
no tod-suite
Parameters
tod-suite-name — Specifies collection of policies (ACLs, QoS) including time-ranges that define the
7750 SR OS Services Guide
full or partial behavior of a SAP. The suite can be applied to more than one SAP.
Virtual Private LAN Services
Page 473