I assume you mean: how do you identify "malicious" wifi clients that have cloned the mac addresses of other authorized clients.
This can happen in MAC auth bypass scenarios.
One way to deal with this is by using a product/service like nessus.
For example, if you were using packetfence to onboard / "authenticate" / register devices on your network, you could integrate packetfence with nessus.
Nessus would create a "fingerprint" of the wifi client, and (hopefully) detect that the identity of the client using that mac address/IP had changed on a subsequent scan.