Symptom
Clients get added to exclusion list due to MAC theft, but excluded MAC is the same address and same IP as "original" MAC.
Conditions
9800 WLC running 17.3.4
> APs in Local mode
Workaround
Disable MAC theft on 9800:
9800[config)#no wireless wps client-exclusion ip-theft
Alternatively, reduce exclusion list timeout on policy profile so client is able to recover faster.
Further Problem Description
A sample of how an RA trace logs would look like on this instances is:
2021/11/09 14:02:24.720696 {wncd_x_R0-5}{1}: [client-iplearn] [21880]: (debug): MAC: aaaa.bbbb.cccc IP: 10.0.0.20, MAC_THEFT_ATTEMPT blacklisting, legitimate client MAC: aaaa.bbbb.cccc , IP: 10.0.0.20
