Not exactly what I am looking for.
Here is the description from the Belair Manual
"When configured in secure port mode, the AP forwards to the associated wireless clients only those Layer 2 (Ethernet) frames for which the source MAC address and VLAN matches an entry its white list. The white list can contain up to 32 entries. If a VLAN is not specified, it is assumed to have a value of zero. In effect, while in this mode the AP acts as a firewall for all Layer 2 frames arriving from inside the network for the wireless clients. The secure MAC white list should only contain the MAC addresses of the gateway interfaces. Thus, wireless clients associated to other APs in the network are prevented from communicating with locally associated clients.
Note 1: The secure MAC white list is different from the list described in “Wireless Client Access Control List” on page 90. In a client ACL, only the listed MAC addresses are allowed to associate with an AP. The secure MAC white list controls data forwarding to the wireless clients from remote entities in the network. The content of the secure MAC white list takes effect only when the AP secure port mode is enabled."