3com 5500-ei pwr Reference Guide
3-10
Description
Use the ip check dot1x enable command to enable IP filtering based on IP-to-MAC mappings of
authenticated 802.1x clients.
Use the undo ip check dot1x enable command to disable the function.
By default, IP filtering based on IP-to-MAC mappings of authenticated 802.1x clients is disabled.
Note that the ip check dot1x enable and the ip check source ip-address mac-address commands
are mutually exclusive.
Examples
# Enable IP filtering based on IP-to-MAC mappings of authenticated 802.1x clients on Ethernet 1/0/2.
<Sysname> system-view
[Sysname] interface ethernet1/0/2
[Sysname-Ethernet1/0/2] ip check dot1x enable
ip check source ip-address
Syntax
ip check source ip-address [ mac-address ]
undo ip check source ip-address [ mac-address ]
View
Ethernet port view
Parameters
mac-address: Enables IP filtering based on source MAC addresses of the packets.
Description
Use the ip check source ip-address command to enable IP filtering based on the DHCP-snooping
table and the IP static binding table.
Use the undo ip check source ip-address command to disable the function.
z
If no parameter is specified, IP packets are filtered based on source IP addresses.
z
If only the mac-address keyword is specified, the IP packets are filtered based on source IP and
source MAC addresses.
By default, IP filtering based on the DHCP-snooping table and the IP static binding table is disabled.
Note that the ip check source ip-address command and the ip check dot1x enable command are
mutually exclusive.
Examples
# Enable the filtering of the IP packets received through port Ethernet 1/0/11 based on the source IP
address of the packets.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/11
[Sysname-Ethernet1/0/11] ip check source ip-address