MAC lockout and lockdown
The Rogue AP isolation feature uses the MAC lockout
feature to block MACs in hardware. Therefore, any MAC blocked with
the Rogue AP isolation feature cannot be added with the lockout-mac or static-mac command if the action type is
set to block.
For example:
switch# lockout-mac 247703-7a8950
Cannot add the entry for the MAC address 247703-7a8950 because it is already
blocked by rogue-ap-isolation.
switch# static-mac 247703-7a8950 vlan 1 interface 1
Cannot add the entry for the MAC address 247703-7a8950 because it is already
blocked by rogue-ap-isolation.
Similarly, any MAC that was added with the lockout-mac or static-mac command and
that is being detected as rogue will be logged, but not blocked in
hardware as it already is set to block. If the MAC is removed from lockout-mac or static-mac but is still
in the rogue device list, it will be blocked back in hardware if the
action type is block.