I would need some clarifications about rogue AP detection. First, in order to configure the passive rogue detection is it necessary to just setup a rogue detector AP or I also need to enable RLDP? Second, in your experience how much is it reliable?
Passive rogue detection is just on--no rogue detector AP required! Just like anything else in life, the more resources you put toward something, the better it's going to be. If you have AP Authentication or MFP configured (which you should anyway), you'll have fewer false alarms and the routines will know not to call your own APs rogues. RLDP will tell you if a rogue AP is just cabled up in your network but doesn't have any clients yet and will allow you to do switchport tracing to find one from the switch side. Rogue Detector APs don't handle client traffic, they just dedicate themselves to listening and reporting rogue activity back to the controller. In a world where budgets are tight, we hear that it can be tough to get funding for APs that don't service clients. Again, you don't *have* to do any of it, just the more you put in, the more accurate your results will be.
As for inaccuracies, that usually comes from folks having things misconfigured in their network or not having enough configured (i.e. choosing to not do RLDP or Rogue Detectors.)
Network Management Systems Team