3com 5500-ei pwr Reference Guide

 

3-10 

Use the ip check dot1x enable command to enable IP filtering based on IP-to-MAC mappings of 

authenticated 802.1x clients.  

Use the undo ip check dot1x enable command to disable the function.  

By default, IP filtering based on IP-to-MAC mappings of authenticated 802.1x clients is disabled.  

Note that the ip check dot1x enable and the ip check source ip-address mac-address commands 

are mutually exclusive.  

Examples 

# Enable IP filtering based on IP-to-MAC mappings of authenticated 802.1x clients on Ethernet 1/0/2.  

<Sysname> system-view 

[Sysname] interface ethernet1/0/2 

[Sysname-Ethernet1/0/2] ip check dot1x enable 

ip check source ip-address [ mac-address ]  

undo ip check source ip-address [ mac-address ] 

Ethernet port view 

mac-address: Enables IP filtering based on source MAC addresses of the packets. 

Use the ip check source ip-address command to enable IP filtering based on the DHCP-snooping 

table and the IP static binding table. 

Use the undo ip check source ip-address command to disable the function. 

z 

If no parameter is specified, IP packets are filtered based on source IP addresses. 

z 

If only the mac-address keyword is specified, the IP packets are filtered based on source IP and 

source MAC addresses. 

By default, IP filtering based on the DHCP-snooping table and the IP static binding table is disabled. 

Note that the ip check source ip-address command and the ip check dot1x enable command are 

mutually exclusive. 

# Enable the filtering of the IP packets received through port Ethernet 1/0/11 based on the source IP 

address of the packets. 

<Sysname> system-view 

System View: return to User View with Ctrl+Z. 

[Sysname] interface Ethernet 1/0/11 

[Sysname-Ethernet1/0/11] ip check source ip-address