Followed the WIP wizard and configured the containment to deauth, however, this is affecting all our production SSID's broadcasting from our Aruba AP's. I have 1 airmonitor within reach of the non-valid SSID that is broadcasting. I am using the "default" WIP policy and have it applied to all my AP Groups.. is this where I am configuring it incorrectly? When enabled and containment set to deauth only, no one is able to connect to any production SSID. I am not configuring those SSID's in the WIP wizard.