I'm going to restate your questions so I'm sure I understand.
Question 1: Can you configure a switch in such a way that it blocks traffic from a specified IP address if that IP does not resolve to a specified MAC address?
The 3550 supports something like that. The command is:
ip source binding vlan interface
Although like the above suggestion that would be per-port, and it sounds like your concern is that another device might be plugged into your switch with the same IP as your server, right? I don't know why that would happen (it sounds like your server room needs better locks), but you could probably stop that by setting a static ARP entry on your switch, so your server's MAC would always resolve to its IP. Then hopefully your other switches would be on different VLANs, so a device impersonating your server would hit your core router and its IP wouldn't make any sense, so it couldn't go anywhere.
Question 2: Can you block wireless access by IP?
Sort of? You are right about the VLAN idea - set up a wireless access VLAN, assign it to a completely separate subnet, and then you can control access with ACLs. All wirless clients would be on, say, 10.1.x.x/16, and anyone on a different subnet would get dropped by the router.
Of course, if you're just assigning your wireless client addresses with DHCP, then this won't help you at all. If you really want the AP to filter - most of them filter by MAC alone, since they're generally pretty layer-2 devices. If you want something a little more flexible, there's always 802.1x, which integrates pretty with Active Directory through RADIUS and EAP.
