Allied Telesis AT-9900 Series Release Note page 39

Securing a Single VLAN through Switch Filters (CR00011271)
On AT-8824, Rapier 24i, AT-8724XL and AT-8624 switches, this enhancement enables you to use switch filters to secure only the current VLAN, instead of
securing all VLANs on the switch. To turn on this feature, a new command disables "vlansecure" for filters (see
this enhancement (the default situation) a switch filter only allows a host to access the network through a particular port on the switch. For example, if you have
a PC connected to port 15 in vlan2, and define the following filter, the PC can only communicate when it is connected to port 15:
add switch filter entry=0 dest=pc-mac-address vlan=2 port=15 action=forward
With this enhancement, the above filter limits the host to accessing vlan2 through port 15, but does not prevent the host from accessing other VLANs through
other ports in vlan2. For example, if the above filter exists and you move the PC to another port in vlan2, this enhancement prevents the PC from
communicating with devices in vlan2 but allows it access to other VLANs on the switch. The following figure shows a PC that has been moved from port 15 to
port 16 to illustrate the effect.
Version 276-03
C613-10474-00 REV B
Default behaviour
(vlansecure enabled)
port 15 port 16
vlan2
vlan1
Securing a Single VLAN through Switch Filters (CR00011271)
"Configuring vlansecure" on page
Securing only the VLAN
(vlansecure disabled)
port 15 port 16
vlan2
vlan1
39
40). Without
swi-filter