Enabling MAC move

MAC move allows 802.1X or MAC authenticated users to move between ports on a device. For example, if an authenticated 802.1X user moves to another 802.1X-enabled port on the device, the authentication session is deleted from the first port. The user is reauthenticated on the new port.

If MAC move is disabled and an online 802.1X or MAC authenticated user moves to another port, the user cannot be reauthenticated and come online on the new port.

802.1X or MAC authenticated users cannot move between ports on a device if the number of online users on the authentication server has reached the upper limit.

As a best practice, enable MAC move for wireless users that roam between ports to access the network.

To enable MAC move:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable MAC move.

port-security mac-move permit

By default, MAC move is disabled.