The authentication no-ip-check command disables the device from creating an IP hash table for client IP addresses.
The undo authentication no-ip-check command allows the device to create an IP hash table for client IP addresses.
By default, the device creates an IP hash table for client IP addresses.
Usage Scenario
After users obtain IP addresses, the device creates an IP hash table. If the hash value of a client IP address conflicts with a value in the IP hash table on the device, the client cannot be authenticated. When two branches are connected to the device, the address pools of the branches may overlap. As a result, two clients in different branches may have the same IP address. When the device detects conflicting IP addresses, the clients fail to go online. To address this problem, you can run the authentication no-ip-check command to disable the device from creating an IP hash table for client IP addresses.
Precautions
You are advised not to configure the authentication no-ip-check command. If this command is configured and two clients with the same IP address go online through the same interface, the rules (such as ACL rules and static UCL groups) configured based on this IP address may be mismatched.
This function cannot be used with Portal authentication together.
This function cannot be configured with ip-static-user enable together.
After this function is enabled, network access permissions are granted only to users in the ARP table.
After the authentication no-ip-check command is run, IP address–based CoA cannot be implemented.