BugZero | Cisco BugID CSCvu47560 - Client moves to “Exclusionlist” when WPS and WLAN ...

Loading...

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

©2025 BugZero. All Rights Reserved.

Privacy Policy Terms of Service

BugZero | Cisco BugID CSCvu47560 - Client moves to “Exclusionlist” when WPS and WLAN ...

ODD
Cisco
CSCvu47560

Cisco - Defect ID: CSCvu47560

Client moves to “Exclusionlist” when WPS and WLAN policy “Client Exclusion Policy” are disabled

ODD
Cisco
CSCvu47560

Cisco - Defect ID: CSCvu47560

Client moves to “Exclusionlist” when WPS and WLAN policy “Client Exclusion Policy” are disabled

Last updated on October 9th, 2025

BugZero Risk Score
6.1 Medium

Overall: 6.1

Severity: 6.4

Lifecycle: 9.1

Popularity: 5.1

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Bug Details

Views: 12

Description

Symptom

If the client enters wrong PSK a couple of times, the user gets added to Wireless Client Exclusionlist even if the "global client Exclusion Policy is Disabled & WLAN policy profile too has "client exclusion" - Disabled, it has no effect. Looks like this feature is broken. #show wireless exclusionlist client mac-address aaaa.bbbb.cccc detail Client State : Excluded Client MAC Address : aaaa.bbbb.cccc Client IPv4 Address: N/A Client IPv6 Address: N/A Client Username: N/A Exclusion Reason : Wrong PSK Authentication Method : None Protocol: 802.11n - 2.4 GHz AP MAC Address : aaaa.bbbb.cccc AP Name: APaaaa.bbbb.cccc AP slot : 0 Wireless LAN Id : N/A VLAN Id : 39

Conditions

Client Exclusion feature is not working on 16.12.3 & 17.2.1.

Workaround

Configure exclusion-list timeout to be lowest 1s. exclusionlist timeout 1

Further Problem Description

Even if we have "wps Client Exclusion Policy" globally disabled, the client still gets excluded. Excessive 802.11-association failures : Disabled Excessive 802.1x-authentication : Disabled Mac and IP-theft : Disabled Excessive Web authentication failure : Disabled Failed Qos Policy : Disabled wireless profile policy Test_PSK exclusionlist timeout 0 But the client will be found in Exclusionlist if the user enters the wrong key multiple times,

Change history

2025-10-09 Added: 16.12.3, 17.2.1

Relevant Products

Click on a version to see all relevant bugs

Affected versions:16.12.3, 17.2.1

Fixed versions: 16.12.10, 16.12.10a, 16.12.11, 16.12.12, 16.12.5, 16.12.5a, 16.12.5b, 16.12.6, 16.12.6a, 16.12.7, 16.12.8, 16.12.9, 17.05.01c, 17.10.1, 17.10.1a, 17.10.1b, 17.11.1, 17.11.1a, 17.12.02a, 17.12.1, 17.12.1w, 17.12.1x, 17.12.1y, 17.12.1z, 17.12.1z1, 17.12.2, 17.12.2a, 17.12.3, 17.12.3a, 17.12.4, 17.13.1, 17.13.1a, 17.14.1, 17.14.1a, 17.15.1, 17.15.1a, 17.15.1b, 17.15.1w, 17.3.1, 17.3.1a, 17.3.1w, 17.3.1x, 17.3.1z, 17.3.2, 17.3.2a, 17.3.3, 17.3.3a, 17.3.4, 17.3.4a, 17.3.4b, 17.3.4c, 17.3.5, 17.3.5a, 17.3.5b, 17.3.6, 17.3.7, 17.3.8, 17.3.8a, 17.4.1, 17.4.1a, 17.4.1b, 17.4.1c, 17.4.2, 17.4.2a, 17.5.1, 17.5.1a, 17.5.1b, 17.5.1c, 17.6.1, 17.6.1a, 17.6.1w, 17.6.1x, 17.6.1y, 17.6.1z, 17.6.1z1, 17.6.2, 17.6.3, 17.6.3a, 17.6.4, 17.6.5, 17.6.5a, 17.6.6, 17.6.6a, 17.6.7, 17.6.8, 17.6.8a, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.8.1, 17.8.1a, 17.9.1, 17.9.1a, 17.9.1w, 17.9.1x, 17.9.1x1, 17.9.1y, 17.9.1y1, 17.9.2, 17.9.2a, 17.9.3, 17.9.3a, 17.9.4, 17.9.4a, 17.9.5, 17.9.5a, 17.9.5b, 17.9.5c, 17.9.5d, 17.9.6, 17.9.6a, Amsterdam-17.3.1, Bengaluru-17.4.1, Gibraltar-16.12.5

Relevant Products

Click on a version to see all relevant bugs

Affected versions:16.12.3, 17.2.1

Fixed versions: 16.12.10, 16.12.10a, 16.12.11, 16.12.12, 16.12.5, 16.12.5a, 16.12.5b, 16.12.6, 16.12.6a, 16.12.7, 16.12.8, 16.12.9, 17.05.01c, 17.10.1, 17.10.1a, 17.10.1b, 17.11.1, 17.11.1a, 17.12.02a, 17.12.1, 17.12.1w, 17.12.1x, 17.12.1y, 17.12.1z, 17.12.1z1, 17.12.2, 17.12.2a, 17.12.3, 17.12.3a, 17.12.4, 17.13.1, 17.13.1a, 17.14.1, 17.14.1a, 17.15.1, 17.15.1a, 17.15.1b, 17.15.1w, 17.3.1, 17.3.1a, 17.3.1w, 17.3.1x, 17.3.1z, 17.3.2, 17.3.2a, 17.3.3, 17.3.3a, 17.3.4, 17.3.4a, 17.3.4b, 17.3.4c, 17.3.5, 17.3.5a, 17.3.5b, 17.3.6, 17.3.7, 17.3.8, 17.3.8a, 17.4.1, 17.4.1a, 17.4.1b, 17.4.1c, 17.4.2, 17.4.2a, 17.5.1, 17.5.1a, 17.5.1b, 17.5.1c, 17.6.1, 17.6.1a, 17.6.1w, 17.6.1x, 17.6.1y, 17.6.1z, 17.6.1z1, 17.6.2, 17.6.3, 17.6.3a, 17.6.4, 17.6.5, 17.6.5a, 17.6.6, 17.6.6a, 17.6.7, 17.6.8, 17.6.8a, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.8.1, 17.8.1a, 17.9.1, 17.9.1a, 17.9.1w, 17.9.1x, 17.9.1x1, 17.9.1y, 17.9.1y1, 17.9.2, 17.9.2a, 17.9.3, 17.9.3a, 17.9.4, 17.9.4a, 17.9.5, 17.9.5a, 17.9.5b, 17.9.5c, 17.9.5d, 17.9.6, 17.9.6a, Amsterdam-17.3.1, Bengaluru-17.4.1, Gibraltar-16.12.5

Top Cisco Defects

No bugs this month

Ready to prevent the next vendor outage?

Links

Original Vendor Announcement

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise