My WLC has detected (via 15 detecting radios) a rogue AP with a client connected to it. The infrastructure has not determined that the AP is plugged into the local network. I'm trying to contain the AP - I classify it as "Malicious", update its status to "Contain" & assign 2 APs (though the number of APs don't matter here) to contain the rogue.
Everything looks right, as the WLC shows that the rogue AP is in a "Contained" status. However, after about a minute the WLC shows the rogue having been reverted to an "Alert" status. I've contain other rogues before but have yet to see one not have the "Contained" status stick.
Anyone seen this? Or know why it's happening? Thanks!