Cisco Catalyst Center Rogue Management and aWIPS Application Quick Start Guide, Release 3.1.x

Cisco Rogue AP Containment Actions Compatibility Matrix

Updated: December 15, 2025

Want to summarize with AI?

Overview

After the rogue BSSID containment request is submitted, the wireless controller puts the rogue BSSID containment either in Containment or Containment Pending state because of the three rogue BSSIDs per radio limitation for client-serving radios, and six rogue BSSIDs per radio limitation for monitor mode.

The table provides the behavior of rogue AP containment actions for the current state of rogue APs in the Threat 360 window.

Table 1. Rogue AP Containment Actions Compatibility Matrix
Rogue AP threat Type	Rogue AP current Containment Status	Start containment option in actions drop-down list	Stop containment option in actions drop-down list
Beacon Wrong Channel	Open	Disabled	Disabled
Beacon Wrong Channel	Contained/Pending/Partial	Disabled	Enabled
Beacon DS Attack	Open	Disabled	Disabled
Beacon DS Attack	Contained/Pending/Partial	Disabled	Enabled
AP Impersonation	Open	Disabled	Disabled
AP Impersonation	Contained/Pending/Partial	Disabled	Enabled
Rogue on Wire	Open/Contained/Pending/Partial	Not Visible Shutdown Switchport is shown	Not Visible Shutdown Switchport is shown
Allowed List	Open	Disabled	Disabled
Allowed List	Contained/Pending/Partial	Disabled	Enabled
Honeypot	Open	Enabled	Disabled
Honeypot	Contained/Pending/Partial	Disabled	Enabled
Interferer	Open	Enabled	Disabled
Interferer	Contained/Pending/Partial	Disabled	Enabled
Friendly	Open	Disabled	Disabled
Friendly	Contained/Pending/Partial	Disabled	Enabled
Neighbor	Open	Enabled	Disabled
Neighbor	Contained/Pending/Partial	Disabled	Enabled
Custom Rule (High, Potential)	Open	Enabled	Disabled
Custom Rule (High, Potential)	Contained/Pending/Partial	Disabled	Enabled
Custom Rule (Informational)	Open	Disabled	Disabled
Custom Rule (Informational)	Contained/Pending/Partial	Disabled	Enabled

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.