Rogue detection is enabled by default on a Wireless LAN Controller & you can view detected Rogue APs in “Monitor > Rogue > Unclassified APs
In normal campus environments there are lots of other APs. Some of them are not posing threat and can classified as friendly. Most of them are belongs to other organization sharing the premises. So these AP you can categorized as “Friendly External“. Another category of friendly APs are “internal” which mean those are belong to your organization, but not managed by your WLCs. You can categorized them as “Friendly Internal
And you can create a Rogue Rule to classify certain APs which advertize known SSIDs (belong to another organization in your premises) as Friendly External. You can do this via GUI in “Security > Wireless Protection Policies > Rogue Rules