We are still speaking about the Layer2 security features, there is a nice feature which is Layer 2 Firewall. As on Layer3, Layer2 has also firewall possibility. That’s something we can see under the bridge filter. Most engineers like to use this feature to disallow some hosts MAC address to enter to a network or maybe to use some protocol. As you use Layer3 Firewall, on Layer2 firewall the top entries are treated before the ones down and once one entry is matched then the other entries after the matched one will not be checked.
On CRS3xx series, Layer2 Firewall rules will work on the Switch Chip.
Here an example to disallow one PC MAC address, who is abusing our traffic, to work on our network:
As you can see, we have different Matchers and Actions to be used.
That’s all about Layer2 Firewall.