Re: WLC "rogue containment" - What does it actually do?
One other little tid bit I mentioned earlier. Do NOT contain local businesses that are not a direct threat to your network. This is a direct violation of the FCC good neighbor policy. When you send deauth packets all clients attached to the rogue get those and are dropped. Not just your clients. Contain with care my friend. If the local coffee shop is a problem then set your clients to only attach to a particular list of APs by mac address. This will keep them home where they need to stay and will not get the FCC and a bunch of lawyers on your case.
look at this discussion for a description what is and what is not possible. look at this document under Rogue Detection – Configuration Steps for configuration steps needed. and this document Rogue Management in an Unified Wireless Network