In FlexConnect local switching scenarios, where clients from the same sites may share the same address range, there is a possibility of multiple clients being allocated or registered with the same IP address. The controller receives IP address information from the AP, and if more than one client attempts to use the same IP address, the controller discards the last device trying to register an already-used address as an IP theft event, potentially resulting in client exclusion.

The Disabling IP learning in FlexConnect mode feature utilizes the no ip mac-binding command to ensure that no device tracking is done for clients, thus preventing the IP theft error.

Note	This feature is applicable only for IPv4 addresses. Configuring ip overlap in FlexConnect Profile assists overlapping IP address support for clients across different sites in FlexConnect local switching.

• The wireless client ip deauthenticate command works by referring to the IP table binding entries directly. It does not work for client whose IPs are not learnt.

• Overlapping IP addresses within a single site tag and across different site tags require different settings. Furthermore, if a single site tag contains overlapping IP addresses, L3 web authentication is necessary. However, L3 web authentication relies on IP addresses, and ensuring the uniqueness of IP addresses cannot be guaranteed, making this combination incorrect.

• When IP Source Guard (IPSG) is enabled and multiple binding information is sent with the same IP and preference level (such as DHCP, ARP, and so on) to CPP, the CPP starts to ignore the later bindings after the first binding creation. Hence, you should not configure IPSG and disable IP MAC binding together. If IPSG and no ip mac-binding are configured together then IPSG does not work.