Why would someone use authentication mac-move permit when dot1x authentication is not performed by the switch?
Note that there are APs attached to the switch, which are being authenticated by a WLC.
Cisco – authentication mac-move permit
authenticationciscomac addresswireless
Best Answer
If there is no 802.1x, port-security or other network access control configurations on this switch, then either someone did not understand the purpose of this command, or it was left over from a previous configuration. I have often seen people replace/move/'borrow'/etc. switches in enterprise networks where they do not wipe out the old config and just apply the config from the switch that is being replaced. In those scenarios you end up with all sorts of extra configuration, like have a bunch of 'switchport trunk' config on a port that was changed to an access port.
Also depending on the configuration of the APs and the WLC, the underlying switch never sees any client traffic, as it is all being encapsulated back to the controller. So the only MAC addresses that the switch sees in that case are the MAC addresses of the APs and the WLC interface that they are tunneling the traffic to.