Developer

 View Only
Back to discussions
Expand all | Collapse all

New Central API - WLAN Profile - What is a "gw-profile" and where are the guardrails?

This thread has been viewed 22 times

  • 1.  New Central API - WLAN Profile - What is a "gw-profile" and where are the guardrails?

    Posted Dec 29, 2025 04:50 PM
    Edited by Fajoozy Jan 02, 2026 12:16 PM

    Background information:
    I created a WLAN profile called "My-Tunnel-SSID" in the New Central Config UI.
    After some initial testing, I figured I would delete and start fresh, but hit a bug that was preventing me from deleting the WLAN profile altogether.


    So I turned to the New Central Config API to see if I could further troubleshoot the issue, delete the profiles, etc...
    Here's snippet of the Campus Access Point's WLAN Profile...

    GET /v1alpha1/wlan-ssids/My-Tunnel-SSID

    {
  "ssid": "My-Tunnel-SSID",
  "forward-mode": "FORWARD_MODE_L2",
  "gw-profile": "My-Tunnel-SSID_1766034791835377384_",
  "vlan-selector": "VLAN_RANGES",
  "vlan-id-range": ["10"],
}


    There is a system generated "gw-profile" from when the SSID was created in the New Central UI.
    From what I can tell, the "gw-profile" is a "aaa-profile" that would tell this WLAN profile to tunnel to specific gateway cluster(s).
    However, when I GET that config, there's no mention or reference to gateway clusters there either? So where would this be reflected in the API?

    GET /v1alpha1/aaa-profile/name/My-Tunnel-SSID_1766034791835377384_

    {
  "name": "My-Tunnel-SSID_1766034791835377384_",
  "authorization": {
    "pre-auth-role": My-Tunnel-SSID-Role",
    "default-vlan-type": "VLAN_RANGES",
    "default-vlan-id": 10
  }
}



    Now slightly confused, I tried to edit/delete the AAA profile in the Web UI, but I could not delete it as it was system generated.
    I decided I would create a new one and update the WLAN profile.

    PUT /v1alpha1/aaa-profiles/My-Tunnel-SSID_TEST

    PATCH /v1alpha1/wlan-ssids/My-Tunnel-SSID 
    --data '{"gw-profile": "My-Tunnel-SSID_TEST"}'

    This worked and was reflected upon a new GET of the WLAN Profile.

    GET /v1alpha1/wlan-ssids/My-Tunnel-SSID

    {
  "ssid": "My-Tunnel-SSID",
  "forward-mode": "FORWARD_MODE_L2",
  "gw-profile": "My-Tunnel-SSID_TEST",
  "vlan-selector": "VLAN_RANGES",
  "vlan-id-range": ["10"],
}


    Out of curiosity, I tested deleting the system-generated profile, but I still could not.

    However, I WAS able to delete the new "My-Tunnel-SSID-TEST" gw-profile (aaa profile). 

    It seems like there would be guardrails around this, but for whatever reason, I could delete the gw-profile (aaa profile) while still referencing it in the WLAN profile.
    But I still could not delete the WLAN profile - which got the following error.


    DELETE  / v1alpha1/wlan-ssids/My-Tunnel-SSID

    {
  "message": "Overlay WLAN SSID 'My-Tunnel-SSID' exists. Delete the overlay WLAN SSID before deleting WLAN SSID.",
  "debugId": "6211ced80e2a69e356d17718e878ad5e",
  "errorCode": "HPE_GL_ERROR_BAD_REQUEST",
  "httpStatusCode": 400
}


    So I'm left with some questions...
    What is the Overlay WLAN SSID and where do I find this in the API documentation?
    What exactly is a "gw-profile" in the WLAN profile config and why doesn't it reference any gateways?
    Also, why are there guardrails around deleted system-generated profiles even when I've removed the reference from the WLAN Profile?
    And why are there NOT guardrails around deleting the user-generated gw-profile that is actively referenced by the WLAN Profile?
    Would it be better to create ALL profiles via API so there is nothing system generated?



  • 2.  RE: New Central API - WLAN Profile - What is a "gw-profile" and where are the guardrails?
    Best Answer

    Posted Dec 30, 2025 10:01 AM
    Edited by Fajoozy Jan 02, 2026 12:06 PM

    Error after error after error just trying to unassign and delete the WLAN profile...






    {
      "message": "Overlay WLAN SSID 'xxxxxxxx' exists. Delete the overlay WLAN SSID before deleting WLAN SSID.",
      "debugId": "6211ced80e2a69e356d17718e878ad5e",
      "errorCode": "HPE_GL_ERROR_BAD_REQUEST",
      "httpStatusCode": 400
    }



    I overcame this bug by checking "Override the default role" and using the same default system-created role.
    After that, I was able to unassign and delete the WLAN profile.
    So, consider this solved, I guess?





  • 3.  RE: New Central API - WLAN Profile - What is a "gw-profile" and where are the guardrails?

    Posted Jan 07, 2026 05:52 AM

    've had a similar issue before. It's best to open a TAC case for this.

    My recommendation is to create custom roles only at the library level and assign them at the correct place in the hierarchy. Avoid overriding local profiles at any level, especially at the global level.

    Also, always assign a new role to both access points and gateways at the same time.

    There are some known issues with gateways, particularly related to overlay WLAN SSIDs.



    ------------------------------
    Marcel Koedijk | MVP Expert 2024 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------

    Original Message


Related Content