The first step is to create a list of MAC addresses to be protected. The second step is to prevent access using these source addresses inside an SHG or a SAP.
The following example displays a partial BSA configuration with some protected MAC addresses on any SAP created inside the SHG.
A:ALA-48>config>service# info
----------------------------------------------
vpls 800 customer 6001 create
no shutdown
split-horizon-group "mygroup" create
restrict-protected-src
exit
description "VPLS with residential split horizon for DSL"
mac-protect
mac 00:00:17:FE:82:D8
mac 93:33:00:00:BF:92
exit
----------------------------------------------
A:ALA-48>config>service#