A Rogue AP is an access point that has been installed on a secure network without explicit authorization from a system administrator. Rogue access points pose a security threat because anyone with access to the premises can ignorantly or maliciously install an inexpensive wireless AP that can potentially allow unauthorized parties to access the network.

Several Rogue AP types are undetectable by wire side only
scanning, examples:
• Bridging APs on a subnet inconsistent with their wired IP
address (default configuration)
• Soft APs
• Router (NAT) APs with cloned wire side MAC address

Please check the below links for more information on Rogue AP.

http://www.cisco.com/assets/sol/sb/AP541N_Emulators/AP541N_Emulator_v1.9.2/help_Rogue_AP_Detection.htm

http://www.cisco.com/c/en/us/td/docs/wireless/technology/roguedetection_deploy/Rogue_Detection.html#wp44450

Attached is the PDF file for more information.

Any device that shares your spectrum and is not managed by you can be considered a rogue. A rogue becomes dangerous in the following scenarios:

•When the Rogue AP uses the same SSID as your network (honeypot).

•When the Rougue AP device is detected on wired network also.

•Ad-hoc rogues are also a big threat.

•Setup by an outsider with malicious intent.

There are three main phases of rogue device management in Cisco Unified Wireless Network (UWN) solution:

•Detection - Radio Resource Management (RRM) scanning is used to detect the presence of rogue devices.

•Classification - Rogue Location Discovery Protocol (RLDP), Rogue Detectors and switch port tracing are used to identify if the rogue device is connected to the wired network. Rogue classification rules also assist in filtering rogues into specific categories based on their characteristics.

•Mitigation - Switch port Trace and shutting down, rogue location, and rogue containment are used to track down physical location and nullify the threat of rogue devices.

http://www.cisco.com/c/en/us/td/docs/wireless/technology/roguedetection_deploy/Rogue_Detection.html