MAC lockout and lockdown

The Rogue AP isolation feature uses the MAC lockout feature to block MACs in hardware. Therefore, any MAC blocked with the Rogue AP isolation feature cannot be added with the lockout-mac or static-mac command if the action type is set to block

For example:
switch# lockout-mac 247703-7a8950 
Cannot add the entry for the MAC address 247703-7a8950 because it is already 
blocked by rogue-ap-isolation. 
      
switch# static-mac 247703-7a8950 vlan 1 interface 1 
Cannot add the entry for the MAC address 247703-7a8950 because it is already 
blocked by rogue-ap-isolation. 
      

Similarly, any MAC that was added with the lockout-mac or static-mac command and that is being detected as rogue will be logged, but not blocked in hardware as it already is set to block. If the MAC is removed from lockout-mac or static-mac but is still in the rogue device list, it will be blocked back in hardware if the action type is block.