ip source check user-bind enable
Usage Guidelines
Users can configure static IP addresses for their clients and connect to the Internet after passing 802.1X authentication. To defend against source IP address spoofing attacks, you need to enable IP source guard on APs.
To prevent IP packets of unauthorized users from entering external networks through an AP, enable IP source guard in a VAP profile and bind the VAP profile to an AP or AP group. The IP source guard function can filter incoming packets on an AP radio interface, preventing unauthorized packets from passing through the AP.
If STA address learning is enabled on an AP using the undo learn-client-address disable command, DHCP users are allowed to access the AP. Before the users who are assigned IP addresses statically access an AP, the administrator needs to manually configure static binding entries for the users. That is, the administrator configures an IP network segment and binds it to the MAC addresses of the users so that the users can access the AP.
