When the controller sees the MAC address AP via wireless (WiFi) and Wireless (LAN), it is classified as a Rogue AP.
and since the MAC address belong to Layer 2 (VLAN), as said before, you must have at least one AP in each VLAN or better AM trunked with all VLANs to be able to detect Rogue AP