WLC Policy Commands

Synopsis

netapi wlc policy-profiles
netapi wlc run "show wireless profile policy detailed <POLICY_NAME>"

Commands

policy-profiles

List all policy profiles.

netapi wlc policy-profiles
Sample Output
Profile Name                        Status
--------------------------------------------------
Number                              6
IoT-Policy                          ENABLED
Guest-Policy                        ENABLED
VLAN10-Policy                       ENABLED
POLICY-DOMUS_IoT                    ENABLED
POLICY-DOMUS_SECURE                 ENABLED
default-policy-profile              ENABLED

Show Policy Details with VLAN

To see VLAN assignments, use the raw SSH command:

netapi wlc run "show wireless profile policy detailed POLICY-DOMUS_SECURE"

Get VLAN for Specific Policy

netapi wlc run "show wireless profile policy detailed POLICY-DOMUS_SECURE" | grep -i vlan
Sample Output
VLAN                                : 10
Multicast VLAN                      : 0

Get VLANs for All Policies

for p in IoT-Policy Guest-Policy POLICY-DOMUS_IoT POLICY-DOMUS_SECURE; do
  echo "=== $p ==="
  netapi wlc run "show wireless profile policy detailed $p" | grep -i "^VLAN"
done

Current VLAN Mappings (Domus Home Network)

Policy Profile VLAN SSID Purpose

POLICY-DOMUS_SECURE

10

Domus-Secure

802.1X EAP-TLS (DATA_VLAN)

Guest-Policy

30

HomeRF (guest mode)

Guest WiFi (GUEST_VLAN)

IoT-Policy

40

n/a

IoT legacy (IOT_VLAN)

POLICY-DOMUS_IoT

40

Domus-IoT

iPSK IoT devices (IOT_VLAN)

VLAN assignments are in the policy profile, not the WLAN profile. On Cisco 9800 WLC, the WLAN-to-VLAN mapping flows through:

WLAN ProfilePolicy TagPolicy ProfileVLAN

Configuration via YAML

policy:
  name: POLICY-DOMUS_SECURE
  description: "802.1X EAP-TLS for corporate devices"
  vlan: 10
  aaa_override: true
  central_switching: true
  central_dhcp: true
  radius:
    accounting: true
    server_group: ISE_SERVERS