Enforce from NAC fails with message saying invalid vlan
"Policy Manager can not manage Wireless Controller (x.x.x.x) with a configuration using an EWC physical VLAN (1[INTERNAL PHYSICAL3]). Change the domain configuration to use a different VLAN (1[DEFAULT VLAN]), and be sure the 'Always write to device' option is not selected for this VLAN. Right-click the VLAN in the Access Control Configuration view and select 'Role/Service Usage to see/edit where the VLAN is used."
Vlan 1 is a reserved internal vlan. Physical 1 or the management topology is set to vlan 1
Change the management topology from vlan 1 to any other vlan. In most deployments the management topology is set to an untagged vlan, allowing us to select any vlan number in the controller with no change in controller behavior.