junipermist.site.Wlan
Explore with Pulumi AI
This resource manages the Site Wlans. The WLAN object contains all the required configuration to broadcast an SSID (Authentication, VLAN, …)
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as junipermist from "@pulumi/juniper-mist";
const wlanOne = new junipermist.site.Wlan("wlan_one", {
ssid: "wlan_one",
siteId: terraformTest.id,
bands: [
"5",
"6",
],
vlanEnabled: true,
vlanId: "143",
wlanLimitUp: 10000,
wlanLimitDown: 20000,
clientLimitUp: 512,
clientLimitDown: 1000,
auth: {
type: "psk",
psk: "secretpsk",
},
"interface": "all",
});
import pulumi
import pulumi_juniper_mist as junipermist
wlan_one = junipermist.site.Wlan("wlan_one",
ssid="wlan_one",
site_id=terraform_test["id"],
bands=[
"5",
"6",
],
vlan_enabled=True,
vlan_id="143",
wlan_limit_up=10000,
wlan_limit_down=20000,
client_limit_up=512,
client_limit_down=1000,
auth={
"type": "psk",
"psk": "secretpsk",
},
interface="all")
package main
import (
"github.com/pulumi/pulumi-junipermist/sdk/go/junipermist/site"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := site.NewWlan(ctx, "wlan_one", &site.WlanArgs{
Ssid: pulumi.String("wlan_one"),
SiteId: pulumi.Any(terraformTest.Id),
Bands: pulumi.StringArray{
pulumi.String("5"),
pulumi.String("6"),
},
VlanEnabled: pulumi.Bool(true),
VlanId: pulumi.String("143"),
WlanLimitUp: pulumi.Int(10000),
WlanLimitDown: pulumi.Int(20000),
ClientLimitUp: pulumi.Int(512),
ClientLimitDown: pulumi.Int(1000),
Auth: &site.WlanAuthArgs{
Type: pulumi.String("psk"),
Psk: pulumi.String("secretpsk"),
},
Interface: pulumi.String("all"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using JuniperMist = Pulumi.JuniperMist;
return await Deployment.RunAsync(() =>
{
var wlanOne = new JuniperMist.Site.Wlan("wlan_one", new()
{
Ssid = "wlan_one",
SiteId = terraformTest.Id,
Bands = new[]
{
"5",
"6",
},
VlanEnabled = true,
VlanId = "143",
WlanLimitUp = 10000,
WlanLimitDown = 20000,
ClientLimitUp = 512,
ClientLimitDown = 1000,
Auth = new JuniperMist.Site.Inputs.WlanAuthArgs
{
Type = "psk",
Psk = "secretpsk",
},
Interface = "all",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.junipermist.site.Wlan;
import com.pulumi.junipermist.site.WlanArgs;
import com.pulumi.junipermist.site.inputs.WlanAuthArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var wlanOne = new Wlan("wlanOne", WlanArgs.builder()
.ssid("wlan_one")
.siteId(terraformTest.id())
.bands(
"5",
"6")
.vlanEnabled(true)
.vlanId(143)
.wlanLimitUp(10000)
.wlanLimitDown(20000)
.clientLimitUp(512)
.clientLimitDown(1000)
.auth(WlanAuthArgs.builder()
.type("psk")
.psk("secretpsk")
.build())
.interface_("all")
.build());
}
}
resources:
wlanOne:
type: junipermist:site:Wlan
name: wlan_one
properties:
ssid: wlan_one
siteId: ${terraformTest.id}
bands:
- '5'
- '6'
vlanEnabled: true
vlanId: 143
wlanLimitUp: 10000
wlanLimitDown: 20000
clientLimitUp: 512
clientLimitDown: 1000
auth:
type: psk
psk: secretpsk
interface: all
Create Wlan Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Wlan(name: string, args: WlanArgs, opts?: CustomResourceOptions);
@overload
def Wlan(resource_name: str,
args: WlanArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Wlan(resource_name: str,
opts: Optional[ResourceOptions] = None,
site_id: Optional[str] = None,
ssid: Optional[str] = None,
acct_immediate_update: Optional[bool] = None,
acct_interim_interval: Optional[int] = None,
acct_servers: Optional[Sequence[WlanAcctServerArgs]] = None,
airwatch: Optional[WlanAirwatchArgs] = None,
allow_ipv6_ndp: Optional[bool] = None,
allow_mdns: Optional[bool] = None,
allow_ssdp: Optional[bool] = None,
ap_ids: Optional[Sequence[str]] = None,
app_limit: Optional[WlanAppLimitArgs] = None,
app_qos: Optional[WlanAppQosArgs] = None,
apply_to: Optional[str] = None,
arp_filter: Optional[bool] = None,
auth: Optional[WlanAuthArgs] = None,
auth_server_selection: Optional[str] = None,
auth_servers: Optional[Sequence[WlanAuthServerArgs]] = None,
auth_servers_nas_id: Optional[str] = None,
auth_servers_nas_ip: Optional[str] = None,
auth_servers_retries: Optional[int] = None,
auth_servers_timeout: Optional[int] = None,
band_steer: Optional[bool] = None,
band_steer_force_band5: Optional[bool] = None,
bands: Optional[Sequence[str]] = None,
block_blacklist_clients: Optional[bool] = None,
bonjour: Optional[WlanBonjourArgs] = None,
cisco_cwa: Optional[WlanCiscoCwaArgs] = None,
client_limit_down: Optional[int] = None,
client_limit_down_enabled: Optional[bool] = None,
client_limit_up: Optional[int] = None,
client_limit_up_enabled: Optional[bool] = None,
coa_servers: Optional[Sequence[WlanCoaServerArgs]] = None,
disable11ax: Optional[bool] = None,
disable_ht_vht_rates: Optional[bool] = None,
disable_uapsd: Optional[bool] = None,
disable_v1_roam_notify: Optional[bool] = None,
disable_v2_roam_notify: Optional[bool] = None,
disable_wmm: Optional[bool] = None,
dns_server_rewrite: Optional[WlanDnsServerRewriteArgs] = None,
dtim: Optional[int] = None,
dynamic_psk: Optional[WlanDynamicPskArgs] = None,
dynamic_vlan: Optional[WlanDynamicVlanArgs] = None,
enable_local_keycaching: Optional[bool] = None,
enable_wireless_bridging: Optional[bool] = None,
enable_wireless_bridging_dhcp_tracking: Optional[bool] = None,
enabled: Optional[bool] = None,
fast_dot1x_timers: Optional[bool] = None,
hide_ssid: Optional[bool] = None,
hostname_ie: Optional[bool] = None,
hotspot20: Optional[WlanHotspot20Args] = None,
inject_dhcp_option82: Optional[WlanInjectDhcpOption82Args] = None,
interface: Optional[str] = None,
isolation: Optional[bool] = None,
l2_isolation: Optional[bool] = None,
legacy_overds: Optional[bool] = None,
limit_bcast: Optional[bool] = None,
limit_probe_response: Optional[bool] = None,
max_idletime: Optional[int] = None,
mist_nac: Optional[WlanMistNacArgs] = None,
mxtunnel_ids: Optional[Sequence[str]] = None,
mxtunnel_names: Optional[Sequence[str]] = None,
no_static_dns: Optional[bool] = None,
no_static_ip: Optional[bool] = None,
portal: Optional[WlanPortalArgs] = None,
portal_allowed_hostnames: Optional[Sequence[str]] = None,
portal_allowed_subnets: Optional[Sequence[str]] = None,
portal_denied_hostnames: Optional[Sequence[str]] = None,
qos: Optional[WlanQosArgs] = None,
radsec: Optional[WlanRadsecArgs] = None,
roam_mode: Optional[str] = None,
schedule: Optional[WlanScheduleArgs] = None,
sle_excluded: Optional[bool] = None,
use_eapol_v1: Optional[bool] = None,
vlan_enabled: Optional[bool] = None,
vlan_id: Optional[str] = None,
vlan_ids: Optional[Sequence[str]] = None,
vlan_pooling: Optional[bool] = None,
wlan_limit_down: Optional[int] = None,
wlan_limit_down_enabled: Optional[bool] = None,
wlan_limit_up: Optional[int] = None,
wlan_limit_up_enabled: Optional[bool] = None,
wxtag_ids: Optional[Sequence[str]] = None,
wxtunnel_id: Optional[str] = None,
wxtunnel_remote_id: Optional[str] = None)
func NewWlan(ctx *Context, name string, args WlanArgs, opts ...ResourceOption) (*Wlan, error)
public Wlan(string name, WlanArgs args, CustomResourceOptions? opts = null)
type: junipermist:site:Wlan
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var junipermistWlanResource = new JuniperMist.Site.Wlan("junipermistWlanResource", new()
{
SiteId = "string",
Ssid = "string",
AcctImmediateUpdate = false,
AcctInterimInterval = 0,
AcctServers = new[]
{
new JuniperMist.Site.Inputs.WlanAcctServerArgs
{
Host = "string",
Secret = "string",
KeywrapEnabled = false,
KeywrapFormat = "string",
KeywrapKek = "string",
KeywrapMack = "string",
Port = 0,
},
},
Airwatch = new JuniperMist.Site.Inputs.WlanAirwatchArgs
{
ApiKey = "string",
ConsoleUrl = "string",
Password = "string",
Username = "string",
Enabled = false,
},
AllowIpv6Ndp = false,
AllowMdns = false,
AllowSsdp = false,
ApIds = new[]
{
"string",
},
AppLimit = new JuniperMist.Site.Inputs.WlanAppLimitArgs
{
Apps =
{
{ "string", 0 },
},
Enabled = false,
WxtagIds =
{
{ "string", 0 },
},
},
AppQos = new JuniperMist.Site.Inputs.WlanAppQosArgs
{
Apps =
{
{ "string", new JuniperMist.Site.Inputs.WlanAppQosAppsArgs
{
Dscp = 0,
DstSubnet = "string",
SrcSubnet = "string",
} },
},
Enabled = false,
Others = new[]
{
new JuniperMist.Site.Inputs.WlanAppQosOtherArgs
{
Dscp = 0,
DstSubnet = "string",
PortRanges = "string",
Protocol = "string",
SrcSubnet = "string",
},
},
},
ApplyTo = "string",
ArpFilter = false,
Auth = new JuniperMist.Site.Inputs.WlanAuthArgs
{
AnticlogThreshold = 0,
EapReauth = false,
EnableMacAuth = false,
KeyIdx = 0,
Keys = new[]
{
"string",
},
MultiPskOnly = false,
Owe = "string",
Pairwises = new[]
{
"string",
},
PrivateWlan = false,
Psk = "string",
Type = "string",
WepAsSecondaryAuth = false,
},
AuthServerSelection = "string",
AuthServers = new[]
{
new JuniperMist.Site.Inputs.WlanAuthServerArgs
{
Host = "string",
Secret = "string",
KeywrapEnabled = false,
KeywrapFormat = "string",
KeywrapKek = "string",
KeywrapMack = "string",
Port = 0,
},
},
AuthServersNasId = "string",
AuthServersNasIp = "string",
AuthServersRetries = 0,
AuthServersTimeout = 0,
BandSteer = false,
BandSteerForceBand5 = false,
Bands = new[]
{
"string",
},
BlockBlacklistClients = false,
Bonjour = new JuniperMist.Site.Inputs.WlanBonjourArgs
{
AdditionalVlanIds = new[]
{
"string",
},
Services =
{
{ "string", new JuniperMist.Site.Inputs.WlanBonjourServicesArgs
{
DisableLocal = false,
RadiusGroups = new[]
{
"string",
},
Scope = "string",
} },
},
Enabled = false,
},
CiscoCwa = new JuniperMist.Site.Inputs.WlanCiscoCwaArgs
{
AllowedHostnames = new[]
{
"string",
},
AllowedSubnets = new[]
{
"string",
},
BlockedSubnets = new[]
{
"string",
},
Enabled = false,
},
ClientLimitDown = 0,
ClientLimitDownEnabled = false,
ClientLimitUp = 0,
ClientLimitUpEnabled = false,
CoaServers = new[]
{
new JuniperMist.Site.Inputs.WlanCoaServerArgs
{
Ip = "string",
Secret = "string",
DisableEventTimestampCheck = false,
Enabled = false,
Port = 0,
},
},
Disable11ax = false,
DisableHtVhtRates = false,
DisableUapsd = false,
DisableV1RoamNotify = false,
DisableV2RoamNotify = false,
DisableWmm = false,
DnsServerRewrite = new JuniperMist.Site.Inputs.WlanDnsServerRewriteArgs
{
Enabled = false,
RadiusGroups =
{
{ "string", "string" },
},
},
Dtim = 0,
DynamicPsk = new JuniperMist.Site.Inputs.WlanDynamicPskArgs
{
DefaultPsk = "string",
DefaultVlanId = "string",
Enabled = false,
ForceLookup = false,
Source = "string",
VlanIds = new[]
{
"string",
},
},
DynamicVlan = new JuniperMist.Site.Inputs.WlanDynamicVlanArgs
{
DefaultVlanIds = new[]
{
"string",
},
Enabled = false,
LocalVlanIds = new[]
{
"string",
},
Type = "string",
Vlans =
{
{ "string", "string" },
},
},
EnableLocalKeycaching = false,
EnableWirelessBridging = false,
EnableWirelessBridgingDhcpTracking = false,
Enabled = false,
FastDot1xTimers = false,
HideSsid = false,
HostnameIe = false,
Hotspot20 = new JuniperMist.Site.Inputs.WlanHotspot20Args
{
DomainNames = new[]
{
"string",
},
Enabled = false,
NaiRealms = new[]
{
"string",
},
Operators = new[]
{
"string",
},
Rcois = new[]
{
"string",
},
VenueName = "string",
},
InjectDhcpOption82 = new JuniperMist.Site.Inputs.WlanInjectDhcpOption82Args
{
CircuitId = "string",
Enabled = false,
},
Interface = "string",
Isolation = false,
L2Isolation = false,
LegacyOverds = false,
LimitBcast = false,
LimitProbeResponse = false,
MaxIdletime = 0,
MistNac = new JuniperMist.Site.Inputs.WlanMistNacArgs
{
Enabled = false,
},
MxtunnelIds = new[]
{
"string",
},
MxtunnelNames = new[]
{
"string",
},
NoStaticDns = false,
NoStaticIp = false,
Portal = new JuniperMist.Site.Inputs.WlanPortalArgs
{
AmazonClientId = "string",
AmazonClientSecret = "string",
AmazonEmailDomains = new[]
{
"string",
},
AmazonEnabled = false,
AmazonExpire = 0,
Auth = "string",
AzureClientId = "string",
AzureClientSecret = "string",
AzureEnabled = false,
AzureExpire = 0,
AzureTenantId = "string",
BroadnetPassword = "string",
BroadnetSid = "string",
BroadnetUserId = "string",
BypassWhenCloudDown = false,
ClickatellApiKey = "string",
CrossSite = false,
EmailEnabled = false,
Enabled = false,
Expire = 0,
ExternalPortalUrl = "string",
FacebookClientId = "string",
FacebookClientSecret = "string",
FacebookEmailDomains = new[]
{
"string",
},
FacebookEnabled = false,
FacebookExpire = 0,
Forward = false,
ForwardUrl = "string",
GoogleClientId = "string",
GoogleClientSecret = "string",
GoogleEmailDomains = new[]
{
"string",
},
GoogleEnabled = false,
GoogleExpire = 0,
GupshupPassword = "string",
GupshupUserid = "string",
MicrosoftClientId = "string",
MicrosoftClientSecret = "string",
MicrosoftEmailDomains = new[]
{
"string",
},
MicrosoftEnabled = false,
MicrosoftExpire = 0,
PassphraseEnabled = false,
PassphraseExpire = 0,
Password = "string",
PredefinedSponsorsEnabled = false,
PredefinedSponsorsHideEmail = false,
Privacy = false,
PuzzelPassword = "string",
PuzzelServiceId = "string",
PuzzelUsername = "string",
SmsEnabled = false,
SmsExpire = 0,
SmsMessageFormat = "string",
SmsProvider = "string",
SponsorAutoApprove = false,
SponsorEmailDomains = new[]
{
"string",
},
SponsorEnabled = false,
SponsorExpire = 0,
SponsorLinkValidityDuration = "string",
SponsorNotifyAll = false,
SponsorStatusNotify = false,
Sponsors =
{
{ "string", "string" },
},
SsoDefaultRole = "string",
SsoForcedRole = "string",
SsoIdpCert = "string",
SsoIdpSignAlgo = "string",
SsoIdpSsoUrl = "string",
SsoIssuer = "string",
SsoNameidFormat = "string",
TelstraClientId = "string",
TelstraClientSecret = "string",
TwilioAuthToken = "string",
TwilioPhoneNumber = "string",
TwilioSid = "string",
},
PortalAllowedHostnames = new[]
{
"string",
},
PortalAllowedSubnets = new[]
{
"string",
},
PortalDeniedHostnames = new[]
{
"string",
},
Qos = new JuniperMist.Site.Inputs.WlanQosArgs
{
Class = "string",
Overwrite = false,
},
Radsec = new JuniperMist.Site.Inputs.WlanRadsecArgs
{
CoaEnabled = false,
Enabled = false,
IdleTimeout = 0,
MxclusterIds = new[]
{
"string",
},
ProxyHosts = new[]
{
"string",
},
ServerName = "string",
Servers = new[]
{
new JuniperMist.Site.Inputs.WlanRadsecServerArgs
{
Host = "string",
Port = 0,
},
},
UseMxedge = false,
UseSiteMxedge = false,
},
RoamMode = "string",
Schedule = new JuniperMist.Site.Inputs.WlanScheduleArgs
{
Enabled = false,
Hours = new JuniperMist.Site.Inputs.WlanScheduleHoursArgs
{
Fri = "string",
Mon = "string",
Sat = "string",
Sun = "string",
Thu = "string",
Tue = "string",
Wed = "string",
},
},
SleExcluded = false,
UseEapolV1 = false,
VlanEnabled = false,
VlanId = "string",
VlanIds = new[]
{
"string",
},
VlanPooling = false,
WlanLimitDown = 0,
WlanLimitDownEnabled = false,
WlanLimitUp = 0,
WlanLimitUpEnabled = false,
WxtagIds = new[]
{
"string",
},
WxtunnelId = "string",
WxtunnelRemoteId = "string",
});
example, err := site.NewWlan(ctx, "junipermistWlanResource", &site.WlanArgs{
SiteId: pulumi.String("string"),
Ssid: pulumi.String("string"),
AcctImmediateUpdate: pulumi.Bool(false),
AcctInterimInterval: pulumi.Int(0),
AcctServers: site.WlanAcctServerArray{
&site.WlanAcctServerArgs{
Host: pulumi.String("string"),
Secret: pulumi.String("string"),
KeywrapEnabled: pulumi.Bool(false),
KeywrapFormat: pulumi.String("string"),
KeywrapKek: pulumi.String("string"),
KeywrapMack: pulumi.String("string"),
Port: pulumi.Int(0),
},
},
Airwatch: &site.WlanAirwatchArgs{
ApiKey: pulumi.String("string"),
ConsoleUrl: pulumi.String("string"),
Password: pulumi.String("string"),
Username: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
AllowIpv6Ndp: pulumi.Bool(false),
AllowMdns: pulumi.Bool(false),
AllowSsdp: pulumi.Bool(false),
ApIds: pulumi.StringArray{
pulumi.String("string"),
},
AppLimit: &site.WlanAppLimitArgs{
Apps: pulumi.IntMap{
"string": pulumi.Int(0),
},
Enabled: pulumi.Bool(false),
WxtagIds: pulumi.IntMap{
"string": pulumi.Int(0),
},
},
AppQos: &site.WlanAppQosArgs{
Apps: site.WlanAppQosAppsMap{
"string": &site.WlanAppQosAppsArgs{
Dscp: pulumi.Int(0),
DstSubnet: pulumi.String("string"),
SrcSubnet: pulumi.String("string"),
},
},
Enabled: pulumi.Bool(false),
Others: site.WlanAppQosOtherArray{
&site.WlanAppQosOtherArgs{
Dscp: pulumi.Int(0),
DstSubnet: pulumi.String("string"),
PortRanges: pulumi.String("string"),
Protocol: pulumi.String("string"),
SrcSubnet: pulumi.String("string"),
},
},
},
ApplyTo: pulumi.String("string"),
ArpFilter: pulumi.Bool(false),
Auth: &site.WlanAuthArgs{
AnticlogThreshold: pulumi.Int(0),
EapReauth: pulumi.Bool(false),
EnableMacAuth: pulumi.Bool(false),
KeyIdx: pulumi.Int(0),
Keys: pulumi.StringArray{
pulumi.String("string"),
},
MultiPskOnly: pulumi.Bool(false),
Owe: pulumi.String("string"),
Pairwises: pulumi.StringArray{
pulumi.String("string"),
},
PrivateWlan: pulumi.Bool(false),
Psk: pulumi.String("string"),
Type: pulumi.String("string"),
WepAsSecondaryAuth: pulumi.Bool(false),
},
AuthServerSelection: pulumi.String("string"),
AuthServers: site.WlanAuthServerArray{
&site.WlanAuthServerArgs{
Host: pulumi.String("string"),
Secret: pulumi.String("string"),
KeywrapEnabled: pulumi.Bool(false),
KeywrapFormat: pulumi.String("string"),
KeywrapKek: pulumi.String("string"),
KeywrapMack: pulumi.String("string"),
Port: pulumi.Int(0),
},
},
AuthServersNasId: pulumi.String("string"),
AuthServersNasIp: pulumi.String("string"),
AuthServersRetries: pulumi.Int(0),
AuthServersTimeout: pulumi.Int(0),
BandSteer: pulumi.Bool(false),
BandSteerForceBand5: pulumi.Bool(false),
Bands: pulumi.StringArray{
pulumi.String("string"),
},
BlockBlacklistClients: pulumi.Bool(false),
Bonjour: &site.WlanBonjourArgs{
AdditionalVlanIds: pulumi.StringArray{
pulumi.String("string"),
},
Services: site.WlanBonjourServicesMap{
"string": &site.WlanBonjourServicesArgs{
DisableLocal: pulumi.Bool(false),
RadiusGroups: pulumi.StringArray{
pulumi.String("string"),
},
Scope: pulumi.String("string"),
},
},
Enabled: pulumi.Bool(false),
},
CiscoCwa: &site.WlanCiscoCwaArgs{
AllowedHostnames: pulumi.StringArray{
pulumi.String("string"),
},
AllowedSubnets: pulumi.StringArray{
pulumi.String("string"),
},
BlockedSubnets: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
},
ClientLimitDown: pulumi.Int(0),
ClientLimitDownEnabled: pulumi.Bool(false),
ClientLimitUp: pulumi.Int(0),
ClientLimitUpEnabled: pulumi.Bool(false),
CoaServers: site.WlanCoaServerArray{
&site.WlanCoaServerArgs{
Ip: pulumi.String("string"),
Secret: pulumi.String("string"),
DisableEventTimestampCheck: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Port: pulumi.Int(0),
},
},
Disable11ax: pulumi.Bool(false),
DisableHtVhtRates: pulumi.Bool(false),
DisableUapsd: pulumi.Bool(false),
DisableV1RoamNotify: pulumi.Bool(false),
DisableV2RoamNotify: pulumi.Bool(false),
DisableWmm: pulumi.Bool(false),
DnsServerRewrite: &site.WlanDnsServerRewriteArgs{
Enabled: pulumi.Bool(false),
RadiusGroups: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
Dtim: pulumi.Int(0),
DynamicPsk: &site.WlanDynamicPskArgs{
DefaultPsk: pulumi.String("string"),
DefaultVlanId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
ForceLookup: pulumi.Bool(false),
Source: pulumi.String("string"),
VlanIds: pulumi.StringArray{
pulumi.String("string"),
},
},
DynamicVlan: &site.WlanDynamicVlanArgs{
DefaultVlanIds: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
LocalVlanIds: pulumi.StringArray{
pulumi.String("string"),
},
Type: pulumi.String("string"),
Vlans: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
EnableLocalKeycaching: pulumi.Bool(false),
EnableWirelessBridging: pulumi.Bool(false),
EnableWirelessBridgingDhcpTracking: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
FastDot1xTimers: pulumi.Bool(false),
HideSsid: pulumi.Bool(false),
HostnameIe: pulumi.Bool(false),
Hotspot20: &site.WlanHotspot20Args{
DomainNames: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
NaiRealms: pulumi.StringArray{
pulumi.String("string"),
},
Operators: pulumi.StringArray{
pulumi.String("string"),
},
Rcois: pulumi.StringArray{
pulumi.String("string"),
},
VenueName: pulumi.String("string"),
},
InjectDhcpOption82: &site.WlanInjectDhcpOption82Args{
CircuitId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
Interface: pulumi.String("string"),
Isolation: pulumi.Bool(false),
L2Isolation: pulumi.Bool(false),
LegacyOverds: pulumi.Bool(false),
LimitBcast: pulumi.Bool(false),
LimitProbeResponse: pulumi.Bool(false),
MaxIdletime: pulumi.Int(0),
MistNac: &site.WlanMistNacArgs{
Enabled: pulumi.Bool(false),
},
MxtunnelIds: pulumi.StringArray{
pulumi.String("string"),
},
MxtunnelNames: pulumi.StringArray{
pulumi.String("string"),
},
NoStaticDns: pulumi.Bool(false),
NoStaticIp: pulumi.Bool(false),
Portal: &site.WlanPortalArgs{
AmazonClientId: pulumi.String("string"),
AmazonClientSecret: pulumi.String("string"),
AmazonEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
AmazonEnabled: pulumi.Bool(false),
AmazonExpire: pulumi.Float64(0),
Auth: pulumi.String("string"),
AzureClientId: pulumi.String("string"),
AzureClientSecret: pulumi.String("string"),
AzureEnabled: pulumi.Bool(false),
AzureExpire: pulumi.Float64(0),
AzureTenantId: pulumi.String("string"),
BroadnetPassword: pulumi.String("string"),
BroadnetSid: pulumi.String("string"),
BroadnetUserId: pulumi.String("string"),
BypassWhenCloudDown: pulumi.Bool(false),
ClickatellApiKey: pulumi.String("string"),
CrossSite: pulumi.Bool(false),
EmailEnabled: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Expire: pulumi.Float64(0),
ExternalPortalUrl: pulumi.String("string"),
FacebookClientId: pulumi.String("string"),
FacebookClientSecret: pulumi.String("string"),
FacebookEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
FacebookEnabled: pulumi.Bool(false),
FacebookExpire: pulumi.Float64(0),
Forward: pulumi.Bool(false),
ForwardUrl: pulumi.String("string"),
GoogleClientId: pulumi.String("string"),
GoogleClientSecret: pulumi.String("string"),
GoogleEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
GoogleEnabled: pulumi.Bool(false),
GoogleExpire: pulumi.Float64(0),
GupshupPassword: pulumi.String("string"),
GupshupUserid: pulumi.String("string"),
MicrosoftClientId: pulumi.String("string"),
MicrosoftClientSecret: pulumi.String("string"),
MicrosoftEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
MicrosoftEnabled: pulumi.Bool(false),
MicrosoftExpire: pulumi.Float64(0),
PassphraseEnabled: pulumi.Bool(false),
PassphraseExpire: pulumi.Float64(0),
Password: pulumi.String("string"),
PredefinedSponsorsEnabled: pulumi.Bool(false),
PredefinedSponsorsHideEmail: pulumi.Bool(false),
Privacy: pulumi.Bool(false),
PuzzelPassword: pulumi.String("string"),
PuzzelServiceId: pulumi.String("string"),
PuzzelUsername: pulumi.String("string"),
SmsEnabled: pulumi.Bool(false),
SmsExpire: pulumi.Float64(0),
SmsMessageFormat: pulumi.String("string"),
SmsProvider: pulumi.String("string"),
SponsorAutoApprove: pulumi.Bool(false),
SponsorEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
SponsorEnabled: pulumi.Bool(false),
SponsorExpire: pulumi.Float64(0),
SponsorLinkValidityDuration: pulumi.String("string"),
SponsorNotifyAll: pulumi.Bool(false),
SponsorStatusNotify: pulumi.Bool(false),
Sponsors: pulumi.StringMap{
"string": pulumi.String("string"),
},
SsoDefaultRole: pulumi.String("string"),
SsoForcedRole: pulumi.String("string"),
SsoIdpCert: pulumi.String("string"),
SsoIdpSignAlgo: pulumi.String("string"),
SsoIdpSsoUrl: pulumi.String("string"),
SsoIssuer: pulumi.String("string"),
SsoNameidFormat: pulumi.String("string"),
TelstraClientId: pulumi.String("string"),
TelstraClientSecret: pulumi.String("string"),
TwilioAuthToken: pulumi.String("string"),
TwilioPhoneNumber: pulumi.String("string"),
TwilioSid: pulumi.String("string"),
},
PortalAllowedHostnames: pulumi.StringArray{
pulumi.String("string"),
},
PortalAllowedSubnets: pulumi.StringArray{
pulumi.String("string"),
},
PortalDeniedHostnames: pulumi.StringArray{
pulumi.String("string"),
},
Qos: &site.WlanQosArgs{
Class: pulumi.String("string"),
Overwrite: pulumi.Bool(false),
},
Radsec: &site.WlanRadsecArgs{
CoaEnabled: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
IdleTimeout: pulumi.Int(0),
MxclusterIds: pulumi.StringArray{
pulumi.String("string"),
},
ProxyHosts: pulumi.StringArray{
pulumi.String("string"),
},
ServerName: pulumi.String("string"),
Servers: site.WlanRadsecServerArray{
&site.WlanRadsecServerArgs{
Host: pulumi.String("string"),
Port: pulumi.Int(0),
},
},
UseMxedge: pulumi.Bool(false),
UseSiteMxedge: pulumi.Bool(false),
},
RoamMode: pulumi.String("string"),
Schedule: &site.WlanScheduleArgs{
Enabled: pulumi.Bool(false),
Hours: &site.WlanScheduleHoursArgs{
Fri: pulumi.String("string"),
Mon: pulumi.String("string"),
Sat: pulumi.String("string"),
Sun: pulumi.String("string"),
Thu: pulumi.String("string"),
Tue: pulumi.String("string"),
Wed: pulumi.String("string"),
},
},
SleExcluded: pulumi.Bool(false),
UseEapolV1: pulumi.Bool(false),
VlanEnabled: pulumi.Bool(false),
VlanId: pulumi.String("string"),
VlanIds: pulumi.StringArray{
pulumi.String("string"),
},
VlanPooling: pulumi.Bool(false),
WlanLimitDown: pulumi.Int(0),
WlanLimitDownEnabled: pulumi.Bool(false),
WlanLimitUp: pulumi.Int(0),
WlanLimitUpEnabled: pulumi.Bool(false),
WxtagIds: pulumi.StringArray{
pulumi.String("string"),
},
WxtunnelId: pulumi.String("string"),
WxtunnelRemoteId: pulumi.String("string"),
})
var junipermistWlanResource = new Wlan("junipermistWlanResource", WlanArgs.builder()
.siteId("string")
.ssid("string")
.acctImmediateUpdate(false)
.acctInterimInterval(0)
.acctServers(WlanAcctServerArgs.builder()
.host("string")
.secret("string")
.keywrapEnabled(false)
.keywrapFormat("string")
.keywrapKek("string")
.keywrapMack("string")
.port(0)
.build())
.airwatch(WlanAirwatchArgs.builder()
.apiKey("string")
.consoleUrl("string")
.password("string")
.username("string")
.enabled(false)
.build())
.allowIpv6Ndp(false)
.allowMdns(false)
.allowSsdp(false)
.apIds("string")
.appLimit(WlanAppLimitArgs.builder()
.apps(Map.of("string", 0))
.enabled(false)
.wxtagIds(Map.of("string", 0))
.build())
.appQos(WlanAppQosArgs.builder()
.apps(Map.of("string", Map.ofEntries(
Map.entry("dscp", 0),
Map.entry("dstSubnet", "string"),
Map.entry("srcSubnet", "string")
)))
.enabled(false)
.others(WlanAppQosOtherArgs.builder()
.dscp(0)
.dstSubnet("string")
.portRanges("string")
.protocol("string")
.srcSubnet("string")
.build())
.build())
.applyTo("string")
.arpFilter(false)
.auth(WlanAuthArgs.builder()
.anticlogThreshold(0)
.eapReauth(false)
.enableMacAuth(false)
.keyIdx(0)
.keys("string")
.multiPskOnly(false)
.owe("string")
.pairwises("string")
.privateWlan(false)
.psk("string")
.type("string")
.wepAsSecondaryAuth(false)
.build())
.authServerSelection("string")
.authServers(WlanAuthServerArgs.builder()
.host("string")
.secret("string")
.keywrapEnabled(false)
.keywrapFormat("string")
.keywrapKek("string")
.keywrapMack("string")
.port(0)
.build())
.authServersNasId("string")
.authServersNasIp("string")
.authServersRetries(0)
.authServersTimeout(0)
.bandSteer(false)
.bandSteerForceBand5(false)
.bands("string")
.blockBlacklistClients(false)
.bonjour(WlanBonjourArgs.builder()
.additionalVlanIds("string")
.services(Map.of("string", Map.ofEntries(
Map.entry("disableLocal", false),
Map.entry("radiusGroups", "string"),
Map.entry("scope", "string")
)))
.enabled(false)
.build())
.ciscoCwa(WlanCiscoCwaArgs.builder()
.allowedHostnames("string")
.allowedSubnets("string")
.blockedSubnets("string")
.enabled(false)
.build())
.clientLimitDown(0)
.clientLimitDownEnabled(false)
.clientLimitUp(0)
.clientLimitUpEnabled(false)
.coaServers(WlanCoaServerArgs.builder()
.ip("string")
.secret("string")
.disableEventTimestampCheck(false)
.enabled(false)
.port(0)
.build())
.disable11ax(false)
.disableHtVhtRates(false)
.disableUapsd(false)
.disableV1RoamNotify(false)
.disableV2RoamNotify(false)
.disableWmm(false)
.dnsServerRewrite(WlanDnsServerRewriteArgs.builder()
.enabled(false)
.radiusGroups(Map.of("string", "string"))
.build())
.dtim(0)
.dynamicPsk(WlanDynamicPskArgs.builder()
.defaultPsk("string")
.defaultVlanId("string")
.enabled(false)
.forceLookup(false)
.source("string")
.vlanIds("string")
.build())
.dynamicVlan(WlanDynamicVlanArgs.builder()
.defaultVlanIds("string")
.enabled(false)
.localVlanIds("string")
.type("string")
.vlans(Map.of("string", "string"))
.build())
.enableLocalKeycaching(false)
.enableWirelessBridging(false)
.enableWirelessBridgingDhcpTracking(false)
.enabled(false)
.fastDot1xTimers(false)
.hideSsid(false)
.hostnameIe(false)
.hotspot20(WlanHotspot20Args.builder()
.domainNames("string")
.enabled(false)
.naiRealms("string")
.operators("string")
.rcois("string")
.venueName("string")
.build())
.injectDhcpOption82(WlanInjectDhcpOption82Args.builder()
.circuitId("string")
.enabled(false)
.build())
.interface_("string")
.isolation(false)
.l2Isolation(false)
.legacyOverds(false)
.limitBcast(false)
.limitProbeResponse(false)
.maxIdletime(0)
.mistNac(WlanMistNacArgs.builder()
.enabled(false)
.build())
.mxtunnelIds("string")
.mxtunnelNames("string")
.noStaticDns(false)
.noStaticIp(false)
.portal(WlanPortalArgs.builder()
.amazonClientId("string")
.amazonClientSecret("string")
.amazonEmailDomains("string")
.amazonEnabled(false)
.amazonExpire(0)
.auth("string")
.azureClientId("string")
.azureClientSecret("string")
.azureEnabled(false)
.azureExpire(0)
.azureTenantId("string")
.broadnetPassword("string")
.broadnetSid("string")
.broadnetUserId("string")
.bypassWhenCloudDown(false)
.clickatellApiKey("string")
.crossSite(false)
.emailEnabled(false)
.enabled(false)
.expire(0)
.externalPortalUrl("string")
.facebookClientId("string")
.facebookClientSecret("string")
.facebookEmailDomains("string")
.facebookEnabled(false)
.facebookExpire(0)
.forward(false)
.forwardUrl("string")
.googleClientId("string")
.googleClientSecret("string")
.googleEmailDomains("string")
.googleEnabled(false)
.googleExpire(0)
.gupshupPassword("string")
.gupshupUserid("string")
.microsoftClientId("string")
.microsoftClientSecret("string")
.microsoftEmailDomains("string")
.microsoftEnabled(false)
.microsoftExpire(0)
.passphraseEnabled(false)
.passphraseExpire(0)
.password("string")
.predefinedSponsorsEnabled(false)
.predefinedSponsorsHideEmail(false)
.privacy(false)
.puzzelPassword("string")
.puzzelServiceId("string")
.puzzelUsername("string")
.smsEnabled(false)
.smsExpire(0)
.smsMessageFormat("string")
.smsProvider("string")
.sponsorAutoApprove(false)
.sponsorEmailDomains("string")
.sponsorEnabled(false)
.sponsorExpire(0)
.sponsorLinkValidityDuration("string")
.sponsorNotifyAll(false)
.sponsorStatusNotify(false)
.sponsors(Map.of("string", "string"))
.ssoDefaultRole("string")
.ssoForcedRole("string")
.ssoIdpCert("string")
.ssoIdpSignAlgo("string")
.ssoIdpSsoUrl("string")
.ssoIssuer("string")
.ssoNameidFormat("string")
.telstraClientId("string")
.telstraClientSecret("string")
.twilioAuthToken("string")
.twilioPhoneNumber("string")
.twilioSid("string")
.build())
.portalAllowedHostnames("string")
.portalAllowedSubnets("string")
.portalDeniedHostnames("string")
.qos(WlanQosArgs.builder()
.class_("string")
.overwrite(false)
.build())
.radsec(WlanRadsecArgs.builder()
.coaEnabled(false)
.enabled(false)
.idleTimeout(0)
.mxclusterIds("string")
.proxyHosts("string")
.serverName("string")
.servers(WlanRadsecServerArgs.builder()
.host("string")
.port(0)
.build())
.useMxedge(false)
.useSiteMxedge(false)
.build())
.roamMode("string")
.schedule(WlanScheduleArgs.builder()
.enabled(false)
.hours(WlanScheduleHoursArgs.builder()
.fri("string")
.mon("string")
.sat("string")
.sun("string")
.thu("string")
.tue("string")
.wed("string")
.build())
.build())
.sleExcluded(false)
.useEapolV1(false)
.vlanEnabled(false)
.vlanId("string")
.vlanIds("string")
.vlanPooling(false)
.wlanLimitDown(0)
.wlanLimitDownEnabled(false)
.wlanLimitUp(0)
.wlanLimitUpEnabled(false)
.wxtagIds("string")
.wxtunnelId("string")
.wxtunnelRemoteId("string")
.build());
junipermist_wlan_resource = junipermist.site.Wlan("junipermistWlanResource",
site_id="string",
ssid="string",
acct_immediate_update=False,
acct_interim_interval=0,
acct_servers=[{
"host": "string",
"secret": "string",
"keywrap_enabled": False,
"keywrap_format": "string",
"keywrap_kek": "string",
"keywrap_mack": "string",
"port": 0,
}],
airwatch={
"api_key": "string",
"console_url": "string",
"password": "string",
"username": "string",
"enabled": False,
},
allow_ipv6_ndp=False,
allow_mdns=False,
allow_ssdp=False,
ap_ids=["string"],
app_limit={
"apps": {
"string": 0,
},
"enabled": False,
"wxtag_ids": {
"string": 0,
},
},
app_qos={
"apps": {
"string": {
"dscp": 0,
"dst_subnet": "string",
"src_subnet": "string",
},
},
"enabled": False,
"others": [{
"dscp": 0,
"dst_subnet": "string",
"port_ranges": "string",
"protocol": "string",
"src_subnet": "string",
}],
},
apply_to="string",
arp_filter=False,
auth={
"anticlog_threshold": 0,
"eap_reauth": False,
"enable_mac_auth": False,
"key_idx": 0,
"keys": ["string"],
"multi_psk_only": False,
"owe": "string",
"pairwises": ["string"],
"private_wlan": False,
"psk": "string",
"type": "string",
"wep_as_secondary_auth": False,
},
auth_server_selection="string",
auth_servers=[{
"host": "string",
"secret": "string",
"keywrap_enabled": False,
"keywrap_format": "string",
"keywrap_kek": "string",
"keywrap_mack": "string",
"port": 0,
}],
auth_servers_nas_id="string",
auth_servers_nas_ip="string",
auth_servers_retries=0,
auth_servers_timeout=0,
band_steer=False,
band_steer_force_band5=False,
bands=["string"],
block_blacklist_clients=False,
bonjour={
"additional_vlan_ids": ["string"],
"services": {
"string": {
"disable_local": False,
"radius_groups": ["string"],
"scope": "string",
},
},
"enabled": False,
},
cisco_cwa={
"allowed_hostnames": ["string"],
"allowed_subnets": ["string"],
"blocked_subnets": ["string"],
"enabled": False,
},
client_limit_down=0,
client_limit_down_enabled=False,
client_limit_up=0,
client_limit_up_enabled=False,
coa_servers=[{
"ip": "string",
"secret": "string",
"disable_event_timestamp_check": False,
"enabled": False,
"port": 0,
}],
disable11ax=False,
disable_ht_vht_rates=False,
disable_uapsd=False,
disable_v1_roam_notify=False,
disable_v2_roam_notify=False,
disable_wmm=False,
dns_server_rewrite={
"enabled": False,
"radius_groups": {
"string": "string",
},
},
dtim=0,
dynamic_psk={
"default_psk": "string",
"default_vlan_id": "string",
"enabled": False,
"force_lookup": False,
"source": "string",
"vlan_ids": ["string"],
},
dynamic_vlan={
"default_vlan_ids": ["string"],
"enabled": False,
"local_vlan_ids": ["string"],
"type": "string",
"vlans": {
"string": "string",
},
},
enable_local_keycaching=False,
enable_wireless_bridging=False,
enable_wireless_bridging_dhcp_tracking=False,
enabled=False,
fast_dot1x_timers=False,
hide_ssid=False,
hostname_ie=False,
hotspot20={
"domain_names": ["string"],
"enabled": False,
"nai_realms": ["string"],
"operators": ["string"],
"rcois": ["string"],
"venue_name": "string",
},
inject_dhcp_option82={
"circuit_id": "string",
"enabled": False,
},
interface="string",
isolation=False,
l2_isolation=False,
legacy_overds=False,
limit_bcast=False,
limit_probe_response=False,
max_idletime=0,
mist_nac={
"enabled": False,
},
mxtunnel_ids=["string"],
mxtunnel_names=["string"],
no_static_dns=False,
no_static_ip=False,
portal={
"amazon_client_id": "string",
"amazon_client_secret": "string",
"amazon_email_domains": ["string"],
"amazon_enabled": False,
"amazon_expire": 0,
"auth": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"azure_enabled": False,
"azure_expire": 0,
"azure_tenant_id": "string",
"broadnet_password": "string",
"broadnet_sid": "string",
"broadnet_user_id": "string",
"bypass_when_cloud_down": False,
"clickatell_api_key": "string",
"cross_site": False,
"email_enabled": False,
"enabled": False,
"expire": 0,
"external_portal_url": "string",
"facebook_client_id": "string",
"facebook_client_secret": "string",
"facebook_email_domains": ["string"],
"facebook_enabled": False,
"facebook_expire": 0,
"forward": False,
"forward_url": "string",
"google_client_id": "string",
"google_client_secret": "string",
"google_email_domains": ["string"],
"google_enabled": False,
"google_expire": 0,
"gupshup_password": "string",
"gupshup_userid": "string",
"microsoft_client_id": "string",
"microsoft_client_secret": "string",
"microsoft_email_domains": ["string"],
"microsoft_enabled": False,
"microsoft_expire": 0,
"passphrase_enabled": False,
"passphrase_expire": 0,
"password": "string",
"predefined_sponsors_enabled": False,
"predefined_sponsors_hide_email": False,
"privacy": False,
"puzzel_password": "string",
"puzzel_service_id": "string",
"puzzel_username": "string",
"sms_enabled": False,
"sms_expire": 0,
"sms_message_format": "string",
"sms_provider": "string",
"sponsor_auto_approve": False,
"sponsor_email_domains": ["string"],
"sponsor_enabled": False,
"sponsor_expire": 0,
"sponsor_link_validity_duration": "string",
"sponsor_notify_all": False,
"sponsor_status_notify": False,
"sponsors": {
"string": "string",
},
"sso_default_role": "string",
"sso_forced_role": "string",
"sso_idp_cert": "string",
"sso_idp_sign_algo": "string",
"sso_idp_sso_url": "string",
"sso_issuer": "string",
"sso_nameid_format": "string",
"telstra_client_id": "string",
"telstra_client_secret": "string",
"twilio_auth_token": "string",
"twilio_phone_number": "string",
"twilio_sid": "string",
},
portal_allowed_hostnames=["string"],
portal_allowed_subnets=["string"],
portal_denied_hostnames=["string"],
qos={
"class_": "string",
"overwrite": False,
},
radsec={
"coa_enabled": False,
"enabled": False,
"idle_timeout": 0,
"mxcluster_ids": ["string"],
"proxy_hosts": ["string"],
"server_name": "string",
"servers": [{
"host": "string",
"port": 0,
}],
"use_mxedge": False,
"use_site_mxedge": False,
},
roam_mode="string",
schedule={
"enabled": False,
"hours": {
"fri": "string",
"mon": "string",
"sat": "string",
"sun": "string",
"thu": "string",
"tue": "string",
"wed": "string",
},
},
sle_excluded=False,
use_eapol_v1=False,
vlan_enabled=False,
vlan_id="string",
vlan_ids=["string"],
vlan_pooling=False,
wlan_limit_down=0,
wlan_limit_down_enabled=False,
wlan_limit_up=0,
wlan_limit_up_enabled=False,
wxtag_ids=["string"],
wxtunnel_id="string",
wxtunnel_remote_id="string")
const junipermistWlanResource = new junipermist.site.Wlan("junipermistWlanResource", {
siteId: "string",
ssid: "string",
acctImmediateUpdate: false,
acctInterimInterval: 0,
acctServers: [{
host: "string",
secret: "string",
keywrapEnabled: false,
keywrapFormat: "string",
keywrapKek: "string",
keywrapMack: "string",
port: 0,
}],
airwatch: {
apiKey: "string",
consoleUrl: "string",
password: "string",
username: "string",
enabled: false,
},
allowIpv6Ndp: false,
allowMdns: false,
allowSsdp: false,
apIds: ["string"],
appLimit: {
apps: {
string: 0,
},
enabled: false,
wxtagIds: {
string: 0,
},
},
appQos: {
apps: {
string: {
dscp: 0,
dstSubnet: "string",
srcSubnet: "string",
},
},
enabled: false,
others: [{
dscp: 0,
dstSubnet: "string",
portRanges: "string",
protocol: "string",
srcSubnet: "string",
}],
},
applyTo: "string",
arpFilter: false,
auth: {
anticlogThreshold: 0,
eapReauth: false,
enableMacAuth: false,
keyIdx: 0,
keys: ["string"],
multiPskOnly: false,
owe: "string",
pairwises: ["string"],
privateWlan: false,
psk: "string",
type: "string",
wepAsSecondaryAuth: false,
},
authServerSelection: "string",
authServers: [{
host: "string",
secret: "string",
keywrapEnabled: false,
keywrapFormat: "string",
keywrapKek: "string",
keywrapMack: "string",
port: 0,
}],
authServersNasId: "string",
authServersNasIp: "string",
authServersRetries: 0,
authServersTimeout: 0,
bandSteer: false,
bandSteerForceBand5: false,
bands: ["string"],
blockBlacklistClients: false,
bonjour: {
additionalVlanIds: ["string"],
services: {
string: {
disableLocal: false,
radiusGroups: ["string"],
scope: "string",
},
},
enabled: false,
},
ciscoCwa: {
allowedHostnames: ["string"],
allowedSubnets: ["string"],
blockedSubnets: ["string"],
enabled: false,
},
clientLimitDown: 0,
clientLimitDownEnabled: false,
clientLimitUp: 0,
clientLimitUpEnabled: false,
coaServers: [{
ip: "string",
secret: "string",
disableEventTimestampCheck: false,
enabled: false,
port: 0,
}],
disable11ax: false,
disableHtVhtRates: false,
disableUapsd: false,
disableV1RoamNotify: false,
disableV2RoamNotify: false,
disableWmm: false,
dnsServerRewrite: {
enabled: false,
radiusGroups: {
string: "string",
},
},
dtim: 0,
dynamicPsk: {
defaultPsk: "string",
defaultVlanId: "string",
enabled: false,
forceLookup: false,
source: "string",
vlanIds: ["string"],
},
dynamicVlan: {
defaultVlanIds: ["string"],
enabled: false,
localVlanIds: ["string"],
type: "string",
vlans: {
string: "string",
},
},
enableLocalKeycaching: false,
enableWirelessBridging: false,
enableWirelessBridgingDhcpTracking: false,
enabled: false,
fastDot1xTimers: false,
hideSsid: false,
hostnameIe: false,
hotspot20: {
domainNames: ["string"],
enabled: false,
naiRealms: ["string"],
operators: ["string"],
rcois: ["string"],
venueName: "string",
},
injectDhcpOption82: {
circuitId: "string",
enabled: false,
},
"interface": "string",
isolation: false,
l2Isolation: false,
legacyOverds: false,
limitBcast: false,
limitProbeResponse: false,
maxIdletime: 0,
mistNac: {
enabled: false,
},
mxtunnelIds: ["string"],
mxtunnelNames: ["string"],
noStaticDns: false,
noStaticIp: false,
portal: {
amazonClientId: "string",
amazonClientSecret: "string",
amazonEmailDomains: ["string"],
amazonEnabled: false,
amazonExpire: 0,
auth: "string",
azureClientId: "string",
azureClientSecret: "string",
azureEnabled: false,
azureExpire: 0,
azureTenantId: "string",
broadnetPassword: "string",
broadnetSid: "string",
broadnetUserId: "string",
bypassWhenCloudDown: false,
clickatellApiKey: "string",
crossSite: false,
emailEnabled: false,
enabled: false,
expire: 0,
externalPortalUrl: "string",
facebookClientId: "string",
facebookClientSecret: "string",
facebookEmailDomains: ["string"],
facebookEnabled: false,
facebookExpire: 0,
forward: false,
forwardUrl: "string",
googleClientId: "string",
googleClientSecret: "string",
googleEmailDomains: ["string"],
googleEnabled: false,
googleExpire: 0,
gupshupPassword: "string",
gupshupUserid: "string",
microsoftClientId: "string",
microsoftClientSecret: "string",
microsoftEmailDomains: ["string"],
microsoftEnabled: false,
microsoftExpire: 0,
passphraseEnabled: false,
passphraseExpire: 0,
password: "string",
predefinedSponsorsEnabled: false,
predefinedSponsorsHideEmail: false,
privacy: false,
puzzelPassword: "string",
puzzelServiceId: "string",
puzzelUsername: "string",
smsEnabled: false,
smsExpire: 0,
smsMessageFormat: "string",
smsProvider: "string",
sponsorAutoApprove: false,
sponsorEmailDomains: ["string"],
sponsorEnabled: false,
sponsorExpire: 0,
sponsorLinkValidityDuration: "string",
sponsorNotifyAll: false,
sponsorStatusNotify: false,
sponsors: {
string: "string",
},
ssoDefaultRole: "string",
ssoForcedRole: "string",
ssoIdpCert: "string",
ssoIdpSignAlgo: "string",
ssoIdpSsoUrl: "string",
ssoIssuer: "string",
ssoNameidFormat: "string",
telstraClientId: "string",
telstraClientSecret: "string",
twilioAuthToken: "string",
twilioPhoneNumber: "string",
twilioSid: "string",
},
portalAllowedHostnames: ["string"],
portalAllowedSubnets: ["string"],
portalDeniedHostnames: ["string"],
qos: {
"class": "string",
overwrite: false,
},
radsec: {
coaEnabled: false,
enabled: false,
idleTimeout: 0,
mxclusterIds: ["string"],
proxyHosts: ["string"],
serverName: "string",
servers: [{
host: "string",
port: 0,
}],
useMxedge: false,
useSiteMxedge: false,
},
roamMode: "string",
schedule: {
enabled: false,
hours: {
fri: "string",
mon: "string",
sat: "string",
sun: "string",
thu: "string",
tue: "string",
wed: "string",
},
},
sleExcluded: false,
useEapolV1: false,
vlanEnabled: false,
vlanId: "string",
vlanIds: ["string"],
vlanPooling: false,
wlanLimitDown: 0,
wlanLimitDownEnabled: false,
wlanLimitUp: 0,
wlanLimitUpEnabled: false,
wxtagIds: ["string"],
wxtunnelId: "string",
wxtunnelRemoteId: "string",
});
type: junipermist:site:Wlan
properties:
acctImmediateUpdate: false
acctInterimInterval: 0
acctServers:
- host: string
keywrapEnabled: false
keywrapFormat: string
keywrapKek: string
keywrapMack: string
port: 0
secret: string
airwatch:
apiKey: string
consoleUrl: string
enabled: false
password: string
username: string
allowIpv6Ndp: false
allowMdns: false
allowSsdp: false
apIds:
- string
appLimit:
apps:
string: 0
enabled: false
wxtagIds:
string: 0
appQos:
apps:
string:
dscp: 0
dstSubnet: string
srcSubnet: string
enabled: false
others:
- dscp: 0
dstSubnet: string
portRanges: string
protocol: string
srcSubnet: string
applyTo: string
arpFilter: false
auth:
anticlogThreshold: 0
eapReauth: false
enableMacAuth: false
keyIdx: 0
keys:
- string
multiPskOnly: false
owe: string
pairwises:
- string
privateWlan: false
psk: string
type: string
wepAsSecondaryAuth: false
authServerSelection: string
authServers:
- host: string
keywrapEnabled: false
keywrapFormat: string
keywrapKek: string
keywrapMack: string
port: 0
secret: string
authServersNasId: string
authServersNasIp: string
authServersRetries: 0
authServersTimeout: 0
bandSteer: false
bandSteerForceBand5: false
bands:
- string
blockBlacklistClients: false
bonjour:
additionalVlanIds:
- string
enabled: false
services:
string:
disableLocal: false
radiusGroups:
- string
scope: string
ciscoCwa:
allowedHostnames:
- string
allowedSubnets:
- string
blockedSubnets:
- string
enabled: false
clientLimitDown: 0
clientLimitDownEnabled: false
clientLimitUp: 0
clientLimitUpEnabled: false
coaServers:
- disableEventTimestampCheck: false
enabled: false
ip: string
port: 0
secret: string
disable11ax: false
disableHtVhtRates: false
disableUapsd: false
disableV1RoamNotify: false
disableV2RoamNotify: false
disableWmm: false
dnsServerRewrite:
enabled: false
radiusGroups:
string: string
dtim: 0
dynamicPsk:
defaultPsk: string
defaultVlanId: string
enabled: false
forceLookup: false
source: string
vlanIds:
- string
dynamicVlan:
defaultVlanIds:
- string
enabled: false
localVlanIds:
- string
type: string
vlans:
string: string
enableLocalKeycaching: false
enableWirelessBridging: false
enableWirelessBridgingDhcpTracking: false
enabled: false
fastDot1xTimers: false
hideSsid: false
hostnameIe: false
hotspot20:
domainNames:
- string
enabled: false
naiRealms:
- string
operators:
- string
rcois:
- string
venueName: string
injectDhcpOption82:
circuitId: string
enabled: false
interface: string
isolation: false
l2Isolation: false
legacyOverds: false
limitBcast: false
limitProbeResponse: false
maxIdletime: 0
mistNac:
enabled: false
mxtunnelIds:
- string
mxtunnelNames:
- string
noStaticDns: false
noStaticIp: false
portal:
amazonClientId: string
amazonClientSecret: string
amazonEmailDomains:
- string
amazonEnabled: false
amazonExpire: 0
auth: string
azureClientId: string
azureClientSecret: string
azureEnabled: false
azureExpire: 0
azureTenantId: string
broadnetPassword: string
broadnetSid: string
broadnetUserId: string
bypassWhenCloudDown: false
clickatellApiKey: string
crossSite: false
emailEnabled: false
enabled: false
expire: 0
externalPortalUrl: string
facebookClientId: string
facebookClientSecret: string
facebookEmailDomains:
- string
facebookEnabled: false
facebookExpire: 0
forward: false
forwardUrl: string
googleClientId: string
googleClientSecret: string
googleEmailDomains:
- string
googleEnabled: false
googleExpire: 0
gupshupPassword: string
gupshupUserid: string
microsoftClientId: string
microsoftClientSecret: string
microsoftEmailDomains:
- string
microsoftEnabled: false
microsoftExpire: 0
passphraseEnabled: false
passphraseExpire: 0
password: string
predefinedSponsorsEnabled: false
predefinedSponsorsHideEmail: false
privacy: false
puzzelPassword: string
puzzelServiceId: string
puzzelUsername: string
smsEnabled: false
smsExpire: 0
smsMessageFormat: string
smsProvider: string
sponsorAutoApprove: false
sponsorEmailDomains:
- string
sponsorEnabled: false
sponsorExpire: 0
sponsorLinkValidityDuration: string
sponsorNotifyAll: false
sponsorStatusNotify: false
sponsors:
string: string
ssoDefaultRole: string
ssoForcedRole: string
ssoIdpCert: string
ssoIdpSignAlgo: string
ssoIdpSsoUrl: string
ssoIssuer: string
ssoNameidFormat: string
telstraClientId: string
telstraClientSecret: string
twilioAuthToken: string
twilioPhoneNumber: string
twilioSid: string
portalAllowedHostnames:
- string
portalAllowedSubnets:
- string
portalDeniedHostnames:
- string
qos:
class: string
overwrite: false
radsec:
coaEnabled: false
enabled: false
idleTimeout: 0
mxclusterIds:
- string
proxyHosts:
- string
serverName: string
servers:
- host: string
port: 0
useMxedge: false
useSiteMxedge: false
roamMode: string
schedule:
enabled: false
hours:
fri: string
mon: string
sat: string
sun: string
thu: string
tue: string
wed: string
siteId: string
sleExcluded: false
ssid: string
useEapolV1: false
vlanEnabled: false
vlanId: string
vlanIds:
- string
vlanPooling: false
wlanLimitDown: 0
wlanLimitDownEnabled: false
wlanLimitUp: 0
wlanLimitUpEnabled: false
wxtagIds:
- string
wxtunnelId: string
wxtunnelRemoteId: string
Wlan Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Wlan resource accepts the following input properties:
- Site
Id string - Ssid string
- the name of the SSID
- Acct
Immediate boolUpdate - enable coa-immediate-update and address-change-immediate-update on the access profile.
- Acct
Interim intInterval - how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- Acct
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Acct Server> - list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- Airwatch
Pulumi.
Juniper Mist. Site. Inputs. Wlan Airwatch - airwatch wlan settings
- Allow
Ipv6Ndp bool - only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- Allow
Mdns bool - only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- Allow
Ssdp bool - only applicable when
limit_bcast
==true
, which allows SSDP - Ap
Ids List<string> - list of device ids
- App
Limit Pulumi.Juniper Mist. Site. Inputs. Wlan App Limit - bandwidth limiting for apps (applies to up/down)
- App
Qos Pulumi.Juniper Mist. Site. Inputs. Wlan App Qos - app qos wlan settings
- Apply
To string - enum:
aps
,site
,wxtags
- Arp
Filter bool - whether to enable smart arp filter
- Auth
Pulumi.
Juniper Mist. Site. Inputs. Wlan Auth - authentication wlan settings
- Auth
Server stringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered
,unordered
- Auth
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Auth Server> - list of RADIUS authentication servers, at least one is needed if
auth type
==eap
, order matters where the first one is treated as primary - Auth
Servers stringNas Id - optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- Auth
Servers stringNas Ip - optional, NAS-IP-ADDRESS to use
- Auth
Servers intRetries - radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- Auth
Servers intTimeout - radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- Band
Steer bool - whether to enable band_steering, this works only when band==both
- Band
Steer boolForce Band5 - force dual_band capable client to connect to 5G
- Bands List<string>
- list of radios that the wlan should apply to. enum:
24
,5
,6
- Block
Blacklist boolClients - whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Pulumi.
Juniper Mist. Site. Inputs. Wlan Bonjour - bonjour gateway wlan settings
- Cisco
Cwa Pulumi.Juniper Mist. Site. Inputs. Wlan Cisco Cwa - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- Client
Limit intDown - kbps
- Client
Limit boolDown Enabled - if downlink limiting per-client is enabled
- Client
Limit intUp - kbps
- Client
Limit boolUp Enabled - if uplink limiting per-client is enabled
- Coa
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Coa Server> - list of COA (change of authorization) servers, optional
- Disable11ax bool
- some old WLAN drivers may not be compatible
- Disable
Ht boolVht Rates - to disable ht or vht rates
- Disable
Uapsd bool - whether to disable U-APSD
- Disable
V1Roam boolNotify - disable sending v2 roam notification messages
- Disable
V2Roam boolNotify - disable sending v2 roam notification messages
- Disable
Wmm bool - whether to disable WMM
- Dns
Server Pulumi.Rewrite Juniper Mist. Site. Inputs. Wlan Dns Server Rewrite - for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- Dtim int
- Dynamic
Psk Pulumi.Juniper Mist. Site. Inputs. Wlan Dynamic Psk - for dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on
context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
AP sends client MAC as username ans password (i.e.
enable_mac_auth
is assumed) * AP sends BSSID:SSID as Caller-Station-ID *auth_servers
is required * PSK will come from cloud WLC if source is cloud_psks * default_psk will be used if cloud WLC is not available *multi_psk_only
andpsk
is ignored *pairwise
can only be wpa2-ccmp (for now, wpa3 support on the roadmap) - Dynamic
Vlan Pulumi.Juniper Mist. Site. Inputs. Wlan Dynamic Vlan - for 802.1x
- Enable
Local boolKeycaching - enable AP-AP keycaching via multicast
- Enable
Wireless boolBridging - by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wireless_bridging can be enabled
- Enable
Wireless boolBridging Dhcp Tracking - if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- if this wlan is enabled
- Fast
Dot1x boolTimers - if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- Hide
Ssid bool - whether to hide SSID in beacon
- Hostname
Ie bool - include hostname inside IE in AP beacons / probe responses
- Hotspot20
Pulumi.
Juniper Mist. Site. Inputs. Wlan Hotspot20 - hostspot 2.0 wlan settings
- Inject
Dhcp Pulumi.Option82 Juniper Mist. Site. Inputs. Wlan Inject Dhcp Option82 - Interface string
- where this WLAN will be connected to. enum:
all
,eth0
,eth1
,eth2
,eth3
,mxtunnel
,site_mxedge
,wxtunnel
- Isolation bool
- whether to stop clients to talk to each other
- L2Isolation bool
- if isolation is enabled, whether to deny clients to talk to L2 on the LAN
- Legacy
Overds bool - legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- Limit
Bcast bool - whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- Limit
Probe boolResponse - limit probe response base on some heuristic rules
- Max
Idletime int - max idle time in seconds
- Mist
Nac Pulumi.Juniper Mist. Site. Inputs. Wlan Mist Nac - Mxtunnel
Ids List<string> - when
interface
=mxtunnel
, id of the Mist Tunnel - Mxtunnel
Names List<string> - when
interface
=site_medge
, name of the mxtunnel that in mxtunnels under Site Setting - No
Static boolDns - whether to only allow client to use DNS that we’ve learned from DHCP response
- No
Static boolIp - whether to only allow client that we’ve learned from DHCP exchange to talk
- Portal
Pulumi.
Juniper Mist. Site. Inputs. Wlan Portal - portal wlan settings
- Portal
Allowed List<string>Hostnames - list of hostnames without http(s):// (matched by substring)
- Portal
Allowed List<string>Subnets - list of CIDRs
- Portal
Denied List<string>Hostnames - list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- Qos
Pulumi.
Juniper Mist. Site. Inputs. Wlan Qos - Radsec
Pulumi.
Juniper Mist. Site. Inputs. Wlan Radsec - Radsec settings
- Roam
Mode string - enum:
11r
,OKC
,NONE
- Schedule
Pulumi.
Juniper Mist. Site. Inputs. Wlan Schedule - WLAN operating schedule, default is disabled
- Sle
Excluded bool - whether to exclude this WLAN from SLE metrics
- Use
Eapol boolV1 - if
auth.type
==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices - Vlan
Enabled bool - if vlan tagging is enabled
- Vlan
Id string - Vlan
Ids List<string> - vlan_ids to use when there’s no match from RA
- Vlan
Pooling bool - vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- Wlan
Limit intDown - kbps
- Wlan
Limit boolDown Enabled - if downlink limiting for whole wlan is enabled
- Wlan
Limit intUp - kbps
- Wlan
Limit boolUp Enabled - if uplink limiting for whole wlan is enabled
- Wxtag
Ids List<string> - list of wxtag_ids
- Wxtunnel
Id string - when
interface
=wxtunnel
, id of the WXLAN Tunnel - Wxtunnel
Remote stringId - when
interface
=wxtunnel
, remote tunnel identifier
- Site
Id string - Ssid string
- the name of the SSID
- Acct
Immediate boolUpdate - enable coa-immediate-update and address-change-immediate-update on the access profile.
- Acct
Interim intInterval - how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- Acct
Servers []WlanAcct Server Args - list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- Airwatch
Wlan
Airwatch Args - airwatch wlan settings
- Allow
Ipv6Ndp bool - only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- Allow
Mdns bool - only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- Allow
Ssdp bool - only applicable when
limit_bcast
==true
, which allows SSDP - Ap
Ids []string - list of device ids
- App
Limit WlanApp Limit Args - bandwidth limiting for apps (applies to up/down)
- App
Qos WlanApp Qos Args - app qos wlan settings
- Apply
To string - enum:
aps
,site
,wxtags
- Arp
Filter bool - whether to enable smart arp filter
- Auth
Wlan
Auth Args - authentication wlan settings
- Auth
Server stringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered
,unordered
- Auth
Servers []WlanAuth Server Args - list of RADIUS authentication servers, at least one is needed if
auth type
==eap
, order matters where the first one is treated as primary - Auth
Servers stringNas Id - optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- Auth
Servers stringNas Ip - optional, NAS-IP-ADDRESS to use
- Auth
Servers intRetries - radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- Auth
Servers intTimeout - radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- Band
Steer bool - whether to enable band_steering, this works only when band==both
- Band
Steer boolForce Band5 - force dual_band capable client to connect to 5G
- Bands []string
- list of radios that the wlan should apply to. enum:
24
,5
,6
- Block
Blacklist boolClients - whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Wlan
Bonjour Args - bonjour gateway wlan settings
- Cisco
Cwa WlanCisco Cwa Args - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- Client
Limit intDown - kbps
- Client
Limit boolDown Enabled - if downlink limiting per-client is enabled
- Client
Limit intUp - kbps
- Client
Limit boolUp Enabled - if uplink limiting per-client is enabled
- Coa
Servers []WlanCoa Server Args - list of COA (change of authorization) servers, optional
- Disable11ax bool
- some old WLAN drivers may not be compatible
- Disable
Ht boolVht Rates - to disable ht or vht rates
- Disable
Uapsd bool - whether to disable U-APSD
- Disable
V1Roam boolNotify - disable sending v2 roam notification messages
- Disable
V2Roam boolNotify - disable sending v2 roam notification messages
- Disable
Wmm bool - whether to disable WMM
- Dns
Server WlanRewrite Dns Server Rewrite Args - for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- Dtim int
- Dynamic
Psk WlanDynamic Psk Args - for dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on
context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
AP sends client MAC as username ans password (i.e.
enable_mac_auth
is assumed) * AP sends BSSID:SSID as Caller-Station-ID *auth_servers
is required * PSK will come from cloud WLC if source is cloud_psks * default_psk will be used if cloud WLC is not available *multi_psk_only
andpsk
is ignored *pairwise
can only be wpa2-ccmp (for now, wpa3 support on the roadmap) - Dynamic
Vlan WlanDynamic Vlan Args - for 802.1x
- Enable
Local boolKeycaching - enable AP-AP keycaching via multicast
- Enable
Wireless boolBridging - by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wireless_bridging can be enabled
- Enable
Wireless boolBridging Dhcp Tracking - if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- if this wlan is enabled
- Fast
Dot1x boolTimers - if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- Hide
Ssid bool - whether to hide SSID in beacon
- Hostname
Ie bool - include hostname inside IE in AP beacons / probe responses
- Hotspot20
Wlan
Hotspot20Args - hostspot 2.0 wlan settings
- Inject
Dhcp WlanOption82 Inject Dhcp Option82Args - Interface string
- where this WLAN will be connected to. enum:
all
,eth0
,eth1
,eth2
,eth3
,mxtunnel
,site_mxedge
,wxtunnel
- Isolation bool
- whether to stop clients to talk to each other
- L2Isolation bool
- if isolation is enabled, whether to deny clients to talk to L2 on the LAN
- Legacy
Overds bool - legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- Limit
Bcast bool - whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- Limit
Probe boolResponse - limit probe response base on some heuristic rules
- Max
Idletime int - max idle time in seconds
- Mist
Nac WlanMist Nac Args - Mxtunnel
Ids []string - when
interface
=mxtunnel
, id of the Mist Tunnel - Mxtunnel
Names []string - when
interface
=site_medge
, name of the mxtunnel that in mxtunnels under Site Setting - No
Static boolDns - whether to only allow client to use DNS that we’ve learned from DHCP response
- No
Static boolIp - whether to only allow client that we’ve learned from DHCP exchange to talk
- Portal
Wlan
Portal Args - portal wlan settings
- Portal
Allowed []stringHostnames - list of hostnames without http(s):// (matched by substring)
- Portal
Allowed []stringSubnets - list of CIDRs
- Portal
Denied []stringHostnames - list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- Qos
Wlan
Qos Args - Radsec
Wlan
Radsec Args - Radsec settings
- Roam
Mode string - enum:
11r
,OKC
,NONE
- Schedule
Wlan
Schedule Args - WLAN operating schedule, default is disabled
- Sle
Excluded bool - whether to exclude this WLAN from SLE metrics
- Use
Eapol boolV1 - if
auth.type
==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices - Vlan
Enabled bool - if vlan tagging is enabled
- Vlan
Id string - Vlan
Ids []string - vlan_ids to use when there’s no match from RA
- Vlan
Pooling bool - vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- Wlan
Limit intDown - kbps
- Wlan
Limit boolDown Enabled - if downlink limiting for whole wlan is enabled
- Wlan
Limit intUp - kbps
- Wlan
Limit boolUp Enabled - if uplink limiting for whole wlan is enabled
- Wxtag
Ids []string - list of wxtag_ids
- Wxtunnel
Id string - when
interface
=wxtunnel
, id of the WXLAN Tunnel - Wxtunnel
Remote stringId - when
interface
=wxtunnel
, remote tunnel identifier
- site
Id String - ssid String
- the name of the SSID
- acct
Immediate BooleanUpdate - enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim IntegerInterval - how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct
Servers List<WlanAcct Server> - list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
Wlan
Airwatch - airwatch wlan settings
- allow
Ipv6Ndp Boolean - only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow
Mdns Boolean - only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow
Ssdp Boolean - only applicable when
limit_bcast
==true
, which allows SSDP - ap
Ids List<String> - list of device ids
- app
Limit WlanApp Limit - bandwidth limiting for apps (applies to up/down)
- app
Qos WlanApp Qos - app qos wlan settings
- apply
To String - enum:
aps
,site
,wxtags
- arp
Filter Boolean - whether to enable smart arp filter
- auth
Wlan
Auth - authentication wlan settings
- auth
Server StringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered
,unordered
- auth
Servers List<WlanAuth Server> - list of RADIUS authentication servers, at least one is needed if
auth type
==eap
, order matters where the first one is treated as primary - auth
Servers StringNas Id - optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers StringNas Ip - optional, NAS-IP-ADDRESS to use
- auth
Servers IntegerRetries - radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth
Servers IntegerTimeout - radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band
Steer Boolean - whether to enable band_steering, this works only when band==both
- band
Steer BooleanForce Band5 - force dual_band capable client to connect to 5G
- bands List<String>
- list of radios that the wlan should apply to. enum:
24
,5
,6
- block
Blacklist BooleanClients - whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour - bonjour gateway wlan settings
- cisco
Cwa WlanCisco Cwa - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client
Limit IntegerDown - kbps
- client
Limit BooleanDown Enabled - if downlink limiting per-client is enabled
- client
Limit IntegerUp - kbps
- client
Limit BooleanUp Enabled - if uplink limiting per-client is enabled
- coa
Servers List<WlanCoa Server> - list of COA (change of authorization) servers, optional
- disable11ax Boolean
- some old WLAN drivers may not be compatible
- disable
Ht BooleanVht Rates - to disable ht or vht rates
- disable
Uapsd Boolean - whether to disable U-APSD
- disable
V1Roam BooleanNotify - disable sending v2 roam notification messages
- disable
V2Roam BooleanNotify - disable sending v2 roam notification messages
- disable
Wmm Boolean - whether to disable WMM
- dns
Server WlanRewrite Dns Server Rewrite - for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim Integer
- dynamic
Psk WlanDynamic Psk - for dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on
context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
AP sends client MAC as username ans password (i.e.
enable_mac_auth
is assumed) * AP sends BSSID:SSID as Caller-Station-ID *auth_servers
is required * PSK will come from cloud WLC if source is cloud_psks * default_psk will be used if cloud WLC is not available *multi_psk_only
andpsk
is ignored *pairwise
can only be wpa2-ccmp (for now, wpa3 support on the roadmap) - dynamic
Vlan WlanDynamic Vlan - for 802.1x
- enable
Local BooleanKeycaching - enable AP-AP keycaching via multicast
- enable
Wireless BooleanBridging - by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wireless_bridging can be enabled
- enable
Wireless BooleanBridging Dhcp Tracking - if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- if this wlan is enabled
- fast
Dot1x BooleanTimers - if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid Boolean - whether to hide SSID in beacon
- hostname
Ie Boolean - include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20 - hostspot 2.0 wlan settings
- inject
Dhcp WlanOption82 Inject Dhcp Option82 - interface_ String
- where this WLAN will be connected to. enum:
all
,eth0
,eth1
,eth2
,eth3
,mxtunnel
,site_mxedge
,wxtunnel
- isolation Boolean
- whether to stop clients to talk to each other
- l2Isolation Boolean
- if isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds Boolean - legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast Boolean - whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe BooleanResponse - limit probe response base on some heuristic rules
- max
Idletime Integer - max idle time in seconds
- mist
Nac WlanMist Nac - mxtunnel
Ids List<String> - when
interface
=mxtunnel
, id of the Mist Tunnel - mxtunnel
Names List<String> - when
interface
=site_medge
, name of the mxtunnel that in mxtunnels under Site Setting - no
Static BooleanDns - whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static BooleanIp - whether to only allow client that we’ve learned from DHCP exchange to talk
- portal
Wlan
Portal - portal wlan settings
- portal
Allowed List<String>Hostnames - list of hostnames without http(s):// (matched by substring)
- portal
Allowed List<String>Subnets - list of CIDRs
- portal
Denied List<String>Hostnames - list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- qos
Wlan
Qos - radsec
Wlan
Radsec - Radsec settings
- roam
Mode String - enum:
11r
,OKC
,NONE
- schedule
Wlan
Schedule - WLAN operating schedule, default is disabled
- sle
Excluded Boolean - whether to exclude this WLAN from SLE metrics
- use
Eapol BooleanV1 - if
auth.type
==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled Boolean - if vlan tagging is enabled
- vlan
Id String - vlan
Ids List<String> - vlan_ids to use when there’s no match from RA
- vlan
Pooling Boolean - vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- wlan
Limit IntegerDown - kbps
- wlan
Limit BooleanDown Enabled - if downlink limiting for whole wlan is enabled
- wlan
Limit IntegerUp - kbps
- wlan
Limit BooleanUp Enabled - if uplink limiting for whole wlan is enabled
- wxtag
Ids List<String> - list of wxtag_ids
- wxtunnel
Id String - when
interface
=wxtunnel
, id of the WXLAN Tunnel - wxtunnel
Remote StringId - when
interface
=wxtunnel
, remote tunnel identifier
- site
Id string - ssid string
- the name of the SSID
- acct
Immediate booleanUpdate - enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim numberInterval - how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct
Servers WlanAcct Server[] - list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
Wlan
Airwatch - airwatch wlan settings
- allow
Ipv6Ndp boolean - only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow
Mdns boolean - only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow
Ssdp boolean - only applicable when
limit_bcast
==true
, which allows SSDP - ap
Ids string[] - list of device ids
- app
Limit WlanApp Limit - bandwidth limiting for apps (applies to up/down)
- app
Qos WlanApp Qos - app qos wlan settings
- apply
To string - enum:
aps
,site
,wxtags
- arp
Filter boolean - whether to enable smart arp filter
- auth
Wlan
Auth - authentication wlan settings
- auth
Server stringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered
,unordered
- auth
Servers WlanAuth Server[] - list of RADIUS authentication servers, at least one is needed if
auth type
==eap
, order matters where the first one is treated as primary - auth
Servers stringNas Id - optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers stringNas Ip - optional, NAS-IP-ADDRESS to use
- auth
Servers numberRetries - radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth
Servers numberTimeout - radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band
Steer boolean - whether to enable band_steering, this works only when band==both
- band
Steer booleanForce Band5 - force dual_band capable client to connect to 5G
- bands string[]
- list of radios that the wlan should apply to. enum:
24
,5
,6
- block
Blacklist booleanClients - whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour - bonjour gateway wlan settings
- cisco
Cwa WlanCisco Cwa - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client
Limit numberDown - kbps
- client
Limit booleanDown Enabled - if downlink limiting per-client is enabled
- client
Limit numberUp - kbps
- client
Limit booleanUp Enabled - if uplink limiting per-client is enabled
- coa
Servers WlanCoa Server[] - list of COA (change of authorization) servers, optional
- disable11ax boolean
- some old WLAN drivers may not be compatible
- disable
Ht booleanVht Rates - to disable ht or vht rates
- disable
Uapsd boolean - whether to disable U-APSD
- disable
V1Roam booleanNotify - disable sending v2 roam notification messages
- disable
V2Roam booleanNotify - disable sending v2 roam notification messages
- disable
Wmm boolean - whether to disable WMM
- dns
Server WlanRewrite Dns Server Rewrite - for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim number
- dynamic
Psk WlanDynamic Psk - for dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on
context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
AP sends client MAC as username ans password (i.e.
enable_mac_auth
is assumed) * AP sends BSSID:SSID as Caller-Station-ID *auth_servers
is required * PSK will come from cloud WLC if source is cloud_psks * default_psk will be used if cloud WLC is not available *multi_psk_only
andpsk
is ignored *pairwise
can only be wpa2-ccmp (for now, wpa3 support on the roadmap) - dynamic
Vlan WlanDynamic Vlan - for 802.1x
- enable
Local booleanKeycaching - enable AP-AP keycaching via multicast
- enable
Wireless booleanBridging - by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wireless_bridging can be enabled
- enable
Wireless booleanBridging Dhcp Tracking - if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled boolean
- if this wlan is enabled
- fast
Dot1x booleanTimers - if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid boolean - whether to hide SSID in beacon
- hostname
Ie boolean - include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20 - hostspot 2.0 wlan settings
- inject
Dhcp WlanOption82 Inject Dhcp Option82 - interface string
- where this WLAN will be connected to. enum:
all
,eth0
,eth1
,eth2
,eth3
,mxtunnel
,site_mxedge
,wxtunnel
- isolation boolean
- whether to stop clients to talk to each other
- l2Isolation boolean
- if isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds boolean - legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast boolean - whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe booleanResponse - limit probe response base on some heuristic rules
- max
Idletime number - max idle time in seconds
- mist
Nac WlanMist Nac - mxtunnel
Ids string[] - when
interface
=mxtunnel
, id of the Mist Tunnel - mxtunnel
Names string[] - when
interface
=site_medge
, name of the mxtunnel that in mxtunnels under Site Setting - no
Static booleanDns - whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static booleanIp - whether to only allow client that we’ve learned from DHCP exchange to talk
- portal
Wlan
Portal - portal wlan settings
- portal
Allowed string[]Hostnames - list of hostnames without http(s):// (matched by substring)
- portal
Allowed string[]Subnets - list of CIDRs
- portal
Denied string[]Hostnames - list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- qos
Wlan
Qos - radsec
Wlan
Radsec - Radsec settings
- roam
Mode string - enum:
11r
,OKC
,NONE
- schedule
Wlan
Schedule - WLAN operating schedule, default is disabled
- sle
Excluded boolean - whether to exclude this WLAN from SLE metrics
- use
Eapol booleanV1 - if
auth.type
==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled boolean - if vlan tagging is enabled
- vlan
Id string - vlan
Ids string[] - vlan_ids to use when there’s no match from RA
- vlan
Pooling boolean - vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- wlan
Limit numberDown - kbps
- wlan
Limit booleanDown Enabled - if downlink limiting for whole wlan is enabled
- wlan
Limit numberUp - kbps
- wlan
Limit booleanUp Enabled - if uplink limiting for whole wlan is enabled
- wxtag
Ids string[] - list of wxtag_ids
- wxtunnel
Id string - when
interface
=wxtunnel
, id of the WXLAN Tunnel - wxtunnel
Remote stringId - when
interface
=wxtunnel
, remote tunnel identifier
- site_
id str - ssid str
- the name of the SSID
- acct_
immediate_ boolupdate - enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct_
interim_ intinterval - how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct_
servers Sequence[WlanAcct Server Args] - list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
Wlan
Airwatch Args - airwatch wlan settings
- allow_
ipv6_ boolndp - only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow_
mdns bool - only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow_
ssdp bool - only applicable when
limit_bcast
==true
, which allows SSDP - ap_
ids Sequence[str] - list of device ids
- app_
limit WlanApp Limit Args - bandwidth limiting for apps (applies to up/down)
- app_
qos WlanApp Qos Args - app qos wlan settings
- apply_
to str - enum:
aps
,site
,wxtags
- arp_
filter bool - whether to enable smart arp filter
- auth
Wlan
Auth Args - authentication wlan settings
- auth_
server_ strselection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered
,unordered
- auth_
servers Sequence[WlanAuth Server Args] - list of RADIUS authentication servers, at least one is needed if
auth type
==eap
, order matters where the first one is treated as primary - auth_
servers_ strnas_ id - optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth_
servers_ strnas_ ip - optional, NAS-IP-ADDRESS to use
- auth_
servers_ intretries - radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth_
servers_ inttimeout - radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band_
steer bool - whether to enable band_steering, this works only when band==both
- band_
steer_ boolforce_ band5 - force dual_band capable client to connect to 5G
- bands Sequence[str]
- list of radios that the wlan should apply to. enum:
24
,5
,6
- block_
blacklist_ boolclients - whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour Args - bonjour gateway wlan settings
- cisco_
cwa WlanCisco Cwa Args - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client_
limit_ intdown - kbps
- client_
limit_ booldown_ enabled - if downlink limiting per-client is enabled
- client_
limit_ intup - kbps
- client_
limit_ boolup_ enabled - if uplink limiting per-client is enabled
- coa_
servers Sequence[WlanCoa Server Args] - list of COA (change of authorization) servers, optional
- disable11ax bool
- some old WLAN drivers may not be compatible
- disable_
ht_ boolvht_ rates - to disable ht or vht rates
- disable_
uapsd bool - whether to disable U-APSD
- disable_
v1_ boolroam_ notify - disable sending v2 roam notification messages
- disable_
v2_ boolroam_ notify - disable sending v2 roam notification messages
- disable_
wmm bool - whether to disable WMM
- dns_
server_ Wlanrewrite Dns Server Rewrite Args - for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim int
- dynamic_
psk WlanDynamic Psk Args - for dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on
context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
AP sends client MAC as username ans password (i.e.
enable_mac_auth
is assumed) * AP sends BSSID:SSID as Caller-Station-ID *auth_servers
is required * PSK will come from cloud WLC if source is cloud_psks * default_psk will be used if cloud WLC is not available *multi_psk_only
andpsk
is ignored *pairwise
can only be wpa2-ccmp (for now, wpa3 support on the roadmap) - dynamic_
vlan WlanDynamic Vlan Args - for 802.1x
- enable_
local_ boolkeycaching - enable AP-AP keycaching via multicast
- enable_
wireless_ boolbridging - by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wireless_bridging can be enabled
- enable_
wireless_ boolbridging_ dhcp_ tracking - if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled bool
- if this wlan is enabled
- fast_
dot1x_ booltimers - if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide_
ssid bool - whether to hide SSID in beacon
- hostname_
ie bool - include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20Args - hostspot 2.0 wlan settings
- inject_
dhcp_ Wlanoption82 Inject Dhcp Option82Args - interface str
- where this WLAN will be connected to. enum:
all
,eth0
,eth1
,eth2
,eth3
,mxtunnel
,site_mxedge
,wxtunnel
- isolation bool
- whether to stop clients to talk to each other
- l2_
isolation bool - if isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy_
overds bool - legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit_
bcast bool - whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit_
probe_ boolresponse - limit probe response base on some heuristic rules
- max_
idletime int - max idle time in seconds
- mist_
nac WlanMist Nac Args - mxtunnel_
ids Sequence[str] - when
interface
=mxtunnel
, id of the Mist Tunnel - mxtunnel_
names Sequence[str] - when
interface
=site_medge
, name of the mxtunnel that in mxtunnels under Site Setting - no_
static_ booldns - whether to only allow client to use DNS that we’ve learned from DHCP response
- no_
static_ boolip - whether to only allow client that we’ve learned from DHCP exchange to talk
- portal
Wlan
Portal Args - portal wlan settings
- portal_
allowed_ Sequence[str]hostnames - list of hostnames without http(s):// (matched by substring)
- portal_
allowed_ Sequence[str]subnets - list of CIDRs
- portal_
denied_ Sequence[str]hostnames - list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- qos
Wlan
Qos Args - radsec
Wlan
Radsec Args - Radsec settings
- roam_
mode str - enum:
11r
,OKC
,NONE
- schedule
Wlan
Schedule Args - WLAN operating schedule, default is disabled
- sle_
excluded bool - whether to exclude this WLAN from SLE metrics
- use_
eapol_ boolv1 - if
auth.type
==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan_
enabled bool - if vlan tagging is enabled
- vlan_
id str - vlan_
ids Sequence[str] - vlan_ids to use when there’s no match from RA
- vlan_
pooling bool - vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- wlan_
limit_ intdown - kbps
- wlan_
limit_ booldown_ enabled - if downlink limiting for whole wlan is enabled
- wlan_
limit_ intup - kbps
- wlan_
limit_ boolup_ enabled - if uplink limiting for whole wlan is enabled
- wxtag_
ids Sequence[str] - list of wxtag_ids
- wxtunnel_
id str - when
interface
=wxtunnel
, id of the WXLAN Tunnel - wxtunnel_
remote_ strid - when
interface
=wxtunnel
, remote tunnel identifier
- site
Id String - ssid String
- the name of the SSID
- acct
Immediate BooleanUpdate - enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim NumberInterval - how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct
Servers List<Property Map> - list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch Property Map
- airwatch wlan settings
- allow
Ipv6Ndp Boolean - only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow
Mdns Boolean - only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow
Ssdp Boolean - only applicable when
limit_bcast
==true
, which allows SSDP - ap
Ids List<String> - list of device ids
- app
Limit Property Map - bandwidth limiting for apps (applies to up/down)
- app
Qos Property Map - app qos wlan settings
- apply
To String - enum:
aps
,site
,wxtags
- arp
Filter Boolean - whether to enable smart arp filter
- auth Property Map
- authentication wlan settings
- auth
Server StringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered
,unordered
- auth
Servers List<Property Map> - list of RADIUS authentication servers, at least one is needed if
auth type
==eap
, order matters where the first one is treated as primary - auth
Servers StringNas Id - optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers StringNas Ip - optional, NAS-IP-ADDRESS to use
- auth
Servers NumberRetries - radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth
Servers NumberTimeout - radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band
Steer Boolean - whether to enable band_steering, this works only when band==both
- band
Steer BooleanForce Band5 - force dual_band capable client to connect to 5G
- bands List<String>
- list of radios that the wlan should apply to. enum:
24
,5
,6
- block
Blacklist BooleanClients - whether to block the clients in the blacklist (up to first 256 macs)
- bonjour Property Map
- bonjour gateway wlan settings
- cisco
Cwa Property Map - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client
Limit NumberDown - kbps
- client
Limit BooleanDown Enabled - if downlink limiting per-client is enabled
- client
Limit NumberUp - kbps
- client
Limit BooleanUp Enabled - if uplink limiting per-client is enabled
- coa
Servers List<Property Map> - list of COA (change of authorization) servers, optional
- disable11ax Boolean
- some old WLAN drivers may not be compatible
- disable
Ht BooleanVht Rates - to disable ht or vht rates
- disable
Uapsd Boolean - whether to disable U-APSD
- disable
V1Roam BooleanNotify - disable sending v2 roam notification messages
- disable
V2Roam BooleanNotify - disable sending v2 roam notification messages
- disable
Wmm Boolean - whether to disable WMM
- dns
Server Property MapRewrite - for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim Number
- dynamic
Psk Property Map - for dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on
context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
AP sends client MAC as username ans password (i.e.
enable_mac_auth
is assumed) * AP sends BSSID:SSID as Caller-Station-ID *auth_servers
is required * PSK will come from cloud WLC if source is cloud_psks * default_psk will be used if cloud WLC is not available *multi_psk_only
andpsk
is ignored *pairwise
can only be wpa2-ccmp (for now, wpa3 support on the roadmap) - dynamic
Vlan Property Map - for 802.1x
- enable
Local BooleanKeycaching - enable AP-AP keycaching via multicast
- enable
Wireless BooleanBridging - by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wireless_bridging can be enabled
- enable
Wireless BooleanBridging Dhcp Tracking - if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- if this wlan is enabled
- fast
Dot1x BooleanTimers - if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid Boolean - whether to hide SSID in beacon
- hostname
Ie Boolean - include hostname inside IE in AP beacons / probe responses
- hotspot20 Property Map
- hostspot 2.0 wlan settings
- inject
Dhcp Property MapOption82 - interface String
- where this WLAN will be connected to. enum:
all
,eth0
,eth1
,eth2
,eth3
,mxtunnel
,site_mxedge
,wxtunnel
- isolation Boolean
- whether to stop clients to talk to each other
- l2Isolation Boolean
- if isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds Boolean - legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast Boolean - whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe BooleanResponse - limit probe response base on some heuristic rules
- max
Idletime Number - max idle time in seconds
- mist
Nac Property Map - mxtunnel
Ids List<String> - when
interface
=mxtunnel
, id of the Mist Tunnel - mxtunnel
Names List<String> - when
interface
=site_medge
, name of the mxtunnel that in mxtunnels under Site Setting - no
Static BooleanDns - whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static BooleanIp - whether to only allow client that we’ve learned from DHCP exchange to talk
- portal Property Map
- portal wlan settings
- portal
Allowed List<String>Hostnames - list of hostnames without http(s):// (matched by substring)
- portal
Allowed List<String>Subnets - list of CIDRs
- portal
Denied List<String>Hostnames - list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- qos Property Map
- radsec Property Map
- Radsec settings
- roam
Mode String - enum:
11r
,OKC
,NONE
- schedule Property Map
- WLAN operating schedule, default is disabled
- sle
Excluded Boolean - whether to exclude this WLAN from SLE metrics
- use
Eapol BooleanV1 - if
auth.type
==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled Boolean - if vlan tagging is enabled
- vlan
Id String - vlan
Ids List<String> - vlan_ids to use when there’s no match from RA
- vlan
Pooling Boolean - vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- wlan
Limit NumberDown - kbps
- wlan
Limit BooleanDown Enabled - if downlink limiting for whole wlan is enabled
- wlan
Limit NumberUp - kbps
- wlan
Limit BooleanUp Enabled - if uplink limiting for whole wlan is enabled
- wxtag
Ids List<String> - list of wxtag_ids
- wxtunnel
Id String - when
interface
=wxtunnel
, id of the WXLAN Tunnel - wxtunnel
Remote StringId - when
interface
=wxtunnel
, remote tunnel identifier
Outputs
All input properties are implicitly available as output properties. Additionally, the Wlan resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Msp
Id string - Org
Id string - Portal
Api stringSecret - api secret (auto-generated) that can be used to sign guest authorization requests
- Portal
Image string - Url of portal background image
- Portal
Sso stringUrl - Portal
Template stringUrl - N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
- Thumbnail string
- Url of portal background image thumbnail
- Id string
- The provider-assigned unique ID for this managed resource.
- Msp
Id string - Org
Id string - Portal
Api stringSecret - api secret (auto-generated) that can be used to sign guest authorization requests
- Portal
Image string - Url of portal background image
- Portal
Sso stringUrl - Portal
Template stringUrl - N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
- Thumbnail string
- Url of portal background image thumbnail
- id String
- The provider-assigned unique ID for this managed resource.
- msp
Id String - org
Id String - portal
Api StringSecret - api secret (auto-generated) that can be used to sign guest authorization requests
- portal
Image String - Url of portal background image
- portal
Sso StringUrl - portal
Template StringUrl - N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
- thumbnail String
- Url of portal background image thumbnail
- id string
- The provider-assigned unique ID for this managed resource.
- msp
Id string - org
Id string - portal
Api stringSecret - api secret (auto-generated) that can be used to sign guest authorization requests
- portal
Image string - Url of portal background image
- portal
Sso stringUrl - portal
Template stringUrl - N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
- thumbnail string
- Url of portal background image thumbnail
- id str
- The provider-assigned unique ID for this managed resource.
- msp_
id str - org_
id str - portal_
api_ strsecret - api secret (auto-generated) that can be used to sign guest authorization requests
- portal_
image str - Url of portal background image
- portal_
sso_ strurl - portal_
template_ strurl - N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
- thumbnail str
- Url of portal background image thumbnail
- id String
- The provider-assigned unique ID for this managed resource.
- msp
Id String - org
Id String - portal
Api StringSecret - api secret (auto-generated) that can be used to sign guest authorization requests
- portal
Image String - Url of portal background image
- portal
Sso StringUrl - portal
Template StringUrl - N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
- thumbnail String
- Url of portal background image thumbnail
Look up Existing Wlan Resource
Get an existing Wlan resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WlanState, opts?: CustomResourceOptions): Wlan
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
acct_immediate_update: Optional[bool] = None,
acct_interim_interval: Optional[int] = None,
acct_servers: Optional[Sequence[WlanAcctServerArgs]] = None,
airwatch: Optional[WlanAirwatchArgs] = None,
allow_ipv6_ndp: Optional[bool] = None,
allow_mdns: Optional[bool] = None,
allow_ssdp: Optional[bool] = None,
ap_ids: Optional[Sequence[str]] = None,
app_limit: Optional[WlanAppLimitArgs] = None,
app_qos: Optional[WlanAppQosArgs] = None,
apply_to: Optional[str] = None,
arp_filter: Optional[bool] = None,
auth: Optional[WlanAuthArgs] = None,
auth_server_selection: Optional[str] = None,
auth_servers: Optional[Sequence[WlanAuthServerArgs]] = None,
auth_servers_nas_id: Optional[str] = None,
auth_servers_nas_ip: Optional[str] = None,
auth_servers_retries: Optional[int] = None,
auth_servers_timeout: Optional[int] = None,
band_steer: Optional[bool] = None,
band_steer_force_band5: Optional[bool] = None,
bands: Optional[Sequence[str]] = None,
block_blacklist_clients: Optional[bool] = None,
bonjour: Optional[WlanBonjourArgs] = None,
cisco_cwa: Optional[WlanCiscoCwaArgs] = None,
client_limit_down: Optional[int] = None,
client_limit_down_enabled: Optional[bool] = None,
client_limit_up: Optional[int] = None,
client_limit_up_enabled: Optional[bool] = None,
coa_servers: Optional[Sequence[WlanCoaServerArgs]] = None,
disable11ax: Optional[bool] = None,
disable_ht_vht_rates: Optional[bool] = None,
disable_uapsd: Optional[bool] = None,
disable_v1_roam_notify: Optional[bool] = None,
disable_v2_roam_notify: Optional[bool] = None,
disable_wmm: Optional[bool] = None,
dns_server_rewrite: Optional[WlanDnsServerRewriteArgs] = None,
dtim: Optional[int] = None,
dynamic_psk: Optional[WlanDynamicPskArgs] = None,
dynamic_vlan: Optional[WlanDynamicVlanArgs] = None,
enable_local_keycaching: Optional[bool] = None,
enable_wireless_bridging: Optional[bool] = None,
enable_wireless_bridging_dhcp_tracking: Optional[bool] = None,
enabled: Optional[bool] = None,
fast_dot1x_timers: Optional[bool] = None,
hide_ssid: Optional[bool] = None,
hostname_ie: Optional[bool] = None,
hotspot20: Optional[WlanHotspot20Args] = None,
inject_dhcp_option82: Optional[WlanInjectDhcpOption82Args] = None,
interface: Optional[str] = None,
isolation: Optional[bool] = None,
l2_isolation: Optional[bool] = None,
legacy_overds: Optional[bool] = None,
limit_bcast: Optional[bool] = None,
limit_probe_response: Optional[bool] = None,
max_idletime: Optional[int] = None,
mist_nac: Optional[WlanMistNacArgs] = None,
msp_id: Optional[str] = None,
mxtunnel_ids: Optional[Sequence[str]] = None,
mxtunnel_names: Optional[Sequence[str]] = None,
no_static_dns: Optional[bool] = None,
no_static_ip: Optional[bool] = None,
org_id: Optional[str] = None,
portal: Optional[WlanPortalArgs] = None,
portal_allowed_hostnames: Optional[Sequence[str]] = None,
portal_allowed_subnets: Optional[Sequence[str]] = None,
portal_api_secret: Optional[str] = None,
portal_denied_hostnames: Optional[Sequence[str]] = None,
portal_image: Optional[str] = None,
portal_sso_url: Optional[str] = None,
portal_template_url: Optional[str] = None,
qos: Optional[WlanQosArgs] = None,
radsec: Optional[WlanRadsecArgs] = None,
roam_mode: Optional[str] = None,
schedule: Optional[WlanScheduleArgs] = None,
site_id: Optional[str] = None,
sle_excluded: Optional[bool] = None,
ssid: Optional[str] = None,
thumbnail: Optional[str] = None,
use_eapol_v1: Optional[bool] = None,
vlan_enabled: Optional[bool] = None,
vlan_id: Optional[str] = None,
vlan_ids: Optional[Sequence[str]] = None,
vlan_pooling: Optional[bool] = None,
wlan_limit_down: Optional[int] = None,
wlan_limit_down_enabled: Optional[bool] = None,
wlan_limit_up: Optional[int] = None,
wlan_limit_up_enabled: Optional[bool] = None,
wxtag_ids: Optional[Sequence[str]] = None,
wxtunnel_id: Optional[str] = None,
wxtunnel_remote_id: Optional[str] = None) -> Wlan
func GetWlan(ctx *Context, name string, id IDInput, state *WlanState, opts ...ResourceOption) (*Wlan, error)
public static Wlan Get(string name, Input<string> id, WlanState? state, CustomResourceOptions? opts = null)
public static Wlan get(String name, Output<String> id, WlanState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Acct
Immediate boolUpdate - enable coa-immediate-update and address-change-immediate-update on the access profile.
- Acct
Interim intInterval - how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- Acct
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Acct Server> - list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- Airwatch
Pulumi.
Juniper Mist. Site. Inputs. Wlan Airwatch - airwatch wlan settings
- Allow
Ipv6Ndp bool - only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- Allow
Mdns bool - only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- Allow
Ssdp bool - only applicable when
limit_bcast
==true
, which allows SSDP - Ap
Ids List<string> - list of device ids
- App
Limit Pulumi.Juniper Mist. Site. Inputs. Wlan App Limit - bandwidth limiting for apps (applies to up/down)
- App
Qos Pulumi.Juniper Mist. Site. Inputs. Wlan App Qos - app qos wlan settings
- Apply
To string - enum:
aps
,site
,wxtags
- Arp
Filter bool - whether to enable smart arp filter
- Auth
Pulumi.
Juniper Mist. Site. Inputs. Wlan Auth - authentication wlan settings
- Auth
Server stringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered
,unordered
- Auth
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Auth Server> - list of RADIUS authentication servers, at least one is needed if
auth type
==eap
, order matters where the first one is treated as primary - Auth
Servers stringNas Id - optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- Auth
Servers stringNas Ip - optional, NAS-IP-ADDRESS to use
- Auth
Servers intRetries - radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- Auth
Servers intTimeout - radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- Band
Steer bool - whether to enable band_steering, this works only when band==both
- Band
Steer boolForce Band5 - force dual_band capable client to connect to 5G
- Bands List<string>
- list of radios that the wlan should apply to. enum:
24
,5
,6
- Block
Blacklist boolClients - whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Pulumi.
Juniper Mist. Site. Inputs. Wlan Bonjour - bonjour gateway wlan settings
- Cisco
Cwa Pulumi.Juniper Mist. Site. Inputs. Wlan Cisco Cwa - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- Client
Limit intDown - kbps
- Client
Limit boolDown Enabled - if downlink limiting per-client is enabled
- Client
Limit intUp - kbps
- Client
Limit boolUp Enabled - if uplink limiting per-client is enabled
- Coa
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Coa Server> - list of COA (change of authorization) servers, optional
- Disable11ax bool
- some old WLAN drivers may not be compatible
- Disable
Ht boolVht Rates - to disable ht or vht rates
- Disable
Uapsd bool - whether to disable U-APSD
- Disable
V1Roam boolNotify - disable sending v2 roam notification messages
- Disable
V2Roam boolNotify - disable sending v2 roam notification messages
- Disable
Wmm bool - whether to disable WMM
- Dns
Server Pulumi.Rewrite Juniper Mist. Site. Inputs. Wlan Dns Server Rewrite - for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- Dtim int
- Dynamic
Psk Pulumi.Juniper Mist. Site. Inputs. Wlan Dynamic Psk - for dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on
context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
AP sends client MAC as username ans password (i.e.
enable_mac_auth
is assumed) * AP sends BSSID:SSID as Caller-Station-ID *auth_servers
is required * PSK will come from cloud WLC if source is cloud_psks * default_psk will be used if cloud WLC is not available *multi_psk_only
andpsk
is ignored *pairwise
can only be wpa2-ccmp (for now, wpa3 support on the roadmap) - Dynamic
Vlan Pulumi.Juniper Mist. Site. Inputs. Wlan Dynamic Vlan - for 802.1x
- Enable
Local boolKeycaching - enable AP-AP keycaching via multicast
- Enable
Wireless boolBridging - by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wireless_bridging can be enabled
- Enable
Wireless boolBridging Dhcp Tracking - if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- if this wlan is enabled
- Fast
Dot1x boolTimers - if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- Hide
Ssid bool - whether to hide SSID in beacon
- Hostname
Ie bool - include hostname inside IE in AP beacons / probe responses
- Hotspot20
Pulumi.
Juniper Mist. Site. Inputs. Wlan Hotspot20 - hostspot 2.0 wlan settings
- Inject
Dhcp Pulumi.Option82 Juniper Mist. Site. Inputs. Wlan Inject Dhcp Option82 - Interface string
- where this WLAN will be connected to. enum:
all
,eth0
,eth1
,eth2
,eth3
,mxtunnel
,site_mxedge
,wxtunnel
- Isolation bool
- whether to stop clients to talk to each other
- L2Isolation bool
- if isolation is enabled, whether to deny clients to talk to L2 on the LAN
- Legacy
Overds bool - legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- Limit
Bcast bool - whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- Limit
Probe boolResponse - limit probe response base on some heuristic rules
- Max
Idletime int - max idle time in seconds
- Mist
Nac Pulumi.Juniper Mist. Site. Inputs. Wlan Mist Nac - Msp
Id string - Mxtunnel
Ids List<string> - when
interface
=mxtunnel
, id of the Mist Tunnel - Mxtunnel
Names List<string> - when
interface
=site_medge
, name of the mxtunnel that in mxtunnels under Site Setting - No
Static boolDns - whether to only allow client to use DNS that we’ve learned from DHCP response
- No
Static boolIp - whether to only allow client that we’ve learned from DHCP exchange to talk
- Org
Id string - Portal
Pulumi.
Juniper Mist. Site. Inputs. Wlan Portal - portal wlan settings
- Portal
Allowed List<string>Hostnames - list of hostnames without http(s):// (matched by substring)
- Portal
Allowed List<string>Subnets - list of CIDRs
- Portal
Api stringSecret - api secret (auto-generated) that can be used to sign guest authorization requests
- Portal
Denied List<string>Hostnames - list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- Portal
Image string - Url of portal background image
- Portal
Sso stringUrl - Portal
Template stringUrl - N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
- Qos
Pulumi.
Juniper Mist. Site. Inputs. Wlan Qos - Radsec
Pulumi.
Juniper Mist. Site. Inputs. Wlan Radsec - Radsec settings
- Roam
Mode string - enum:
11r
,OKC
,NONE
- Schedule
Pulumi.
Juniper Mist. Site. Inputs. Wlan Schedule - WLAN operating schedule, default is disabled
- Site
Id string - Sle
Excluded bool - whether to exclude this WLAN from SLE metrics
- Ssid string
- the name of the SSID
- Thumbnail string
- Url of portal background image thumbnail
- Use
Eapol boolV1 - if
auth.type
==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices - Vlan
Enabled bool - if vlan tagging is enabled
- Vlan
Id string - Vlan
Ids List<string> - vlan_ids to use when there’s no match from RA
- Vlan
Pooling bool - vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- Wlan
Limit intDown - kbps
- Wlan
Limit boolDown Enabled - if downlink limiting for whole wlan is enabled
- Wlan
Limit intUp - kbps
- Wlan
Limit boolUp Enabled - if uplink limiting for whole wlan is enabled
- Wxtag
Ids List<string> - list of wxtag_ids
- Wxtunnel
Id string - when
interface
=wxtunnel
, id of the WXLAN Tunnel - Wxtunnel
Remote stringId - when
interface
=wxtunnel
, remote tunnel identifier
- Acct
Immediate boolUpdate - enable coa-immediate-update and address-change-immediate-update on the access profile.
- Acct
Interim intInterval - how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- Acct
Servers []WlanAcct Server Args - list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- Airwatch
Wlan
Airwatch Args - airwatch wlan settings
- Allow
Ipv6Ndp bool - only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- Allow
Mdns bool - only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- Allow
Ssdp bool - only applicable when
limit_bcast
==true
, which allows SSDP - Ap
Ids []string - list of device ids
- App
Limit WlanApp Limit Args - bandwidth limiting for apps (applies to up/down)
- App
Qos WlanApp Qos Args - app qos wlan settings
- Apply
To string - enum:
aps
,site
,wxtags
- Arp
Filter bool - whether to enable smart arp filter
- Auth
Wlan
Auth Args - authentication wlan settings
- Auth
Server stringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered
,unordered
- Auth
Servers []WlanAuth Server Args - list of RADIUS authentication servers, at least one is needed if
auth type
==eap
, order matters where the first one is treated as primary - Auth
Servers stringNas Id - optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- Auth
Servers stringNas Ip - optional, NAS-IP-ADDRESS to use
- Auth
Servers intRetries - radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- Auth
Servers intTimeout - radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- Band
Steer bool - whether to enable band_steering, this works only when band==both
- Band
Steer boolForce Band5 - force dual_band capable client to connect to 5G
- Bands []string
- list of radios that the wlan should apply to. enum:
24
,5
,6
- Block
Blacklist boolClients - whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Wlan
Bonjour Args - bonjour gateway wlan settings
- Cisco
Cwa WlanCisco Cwa Args - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- Client
Limit intDown - kbps
- Client
Limit boolDown Enabled - if downlink limiting per-client is enabled
- Client
Limit intUp - kbps
- Client
Limit boolUp Enabled - if uplink limiting per-client is enabled
- Coa
Servers []WlanCoa Server Args - list of COA (change of authorization) servers, optional
- Disable11ax bool
- some old WLAN drivers may not be compatible
- Disable
Ht boolVht Rates - to disable ht or vht rates
- Disable
Uapsd bool - whether to disable U-APSD
- Disable
V1Roam boolNotify - disable sending v2 roam notification messages
- Disable
V2Roam boolNotify - disable sending v2 roam notification messages
- Disable
Wmm bool - whether to disable WMM
- Dns
Server WlanRewrite Dns Server Rewrite Args - for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- Dtim int
- Dynamic
Psk WlanDynamic Psk Args - for dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on
context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
AP sends client MAC as username ans password (i.e.
enable_mac_auth
is assumed) * AP sends BSSID:SSID as Caller-Station-ID *auth_servers
is required * PSK will come from cloud WLC if source is cloud_psks * default_psk will be used if cloud WLC is not available *multi_psk_only
andpsk
is ignored *pairwise
can only be wpa2-ccmp (for now, wpa3 support on the roadmap) - Dynamic
Vlan WlanDynamic Vlan Args - for 802.1x
- Enable
Local boolKeycaching - enable AP-AP keycaching via multicast
- Enable
Wireless boolBridging - by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wireless_bridging can be enabled
- Enable
Wireless boolBridging Dhcp Tracking - if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- if this wlan is enabled
- Fast
Dot1x boolTimers - if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- Hide
Ssid bool - whether to hide SSID in beacon
- Hostname
Ie bool - include hostname inside IE in AP beacons / probe responses
- Hotspot20
Wlan
Hotspot20Args - hostspot 2.0 wlan settings
- Inject
Dhcp WlanOption82 Inject Dhcp Option82Args - Interface string
- where this WLAN will be connected to. enum:
all
,eth0
,eth1
,eth2
,eth3
,mxtunnel
,site_mxedge
,wxtunnel
- Isolation bool
- whether to stop clients to talk to each other
- L2Isolation bool
- if isolation is enabled, whether to deny clients to talk to L2 on the LAN
- Legacy
Overds bool - legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- Limit
Bcast bool - whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- Limit
Probe boolResponse - limit probe response base on some heuristic rules
- Max
Idletime int - max idle time in seconds
- Mist
Nac WlanMist Nac Args - Msp
Id string - Mxtunnel
Ids []string - when
interface
=mxtunnel
, id of the Mist Tunnel - Mxtunnel
Names []string - when
interface
=site_medge
, name of the mxtunnel that in mxtunnels under Site Setting - No
Static boolDns - whether to only allow client to use DNS that we’ve learned from DHCP response
- No
Static boolIp - whether to only allow client that we’ve learned from DHCP exchange to talk
- Org
Id string - Portal
Wlan
Portal Args - portal wlan settings
- Portal
Allowed []stringHostnames - list of hostnames without http(s):// (matched by substring)
- Portal
Allowed []stringSubnets - list of CIDRs
- Portal
Api stringSecret - api secret (auto-generated) that can be used to sign guest authorization requests
- Portal
Denied []stringHostnames - list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- Portal
Image string - Url of portal background image
- Portal
Sso stringUrl - Portal
Template stringUrl - N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
- Qos
Wlan
Qos Args - Radsec
Wlan
Radsec Args - Radsec settings
- Roam
Mode string - enum:
11r
,OKC
,NONE
- Schedule
Wlan
Schedule Args - WLAN operating schedule, default is disabled
- Site
Id string - Sle
Excluded bool - whether to exclude this WLAN from SLE metrics
- Ssid string
- the name of the SSID
- Thumbnail string
- Url of portal background image thumbnail
- Use
Eapol boolV1 - if
auth.type
==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices - Vlan
Enabled bool - if vlan tagging is enabled
- Vlan
Id string - Vlan
Ids []string - vlan_ids to use when there’s no match from RA
- Vlan
Pooling bool - vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- Wlan
Limit intDown - kbps
- Wlan
Limit boolDown Enabled - if downlink limiting for whole wlan is enabled
- Wlan
Limit intUp - kbps
- Wlan
Limit boolUp Enabled - if uplink limiting for whole wlan is enabled
- Wxtag
Ids []string - list of wxtag_ids
- Wxtunnel
Id string - when
interface
=wxtunnel
, id of the WXLAN Tunnel - Wxtunnel
Remote stringId - when
interface
=wxtunnel
, remote tunnel identifier
- acct
Immediate BooleanUpdate - enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim IntegerInterval - how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct
Servers List<WlanAcct Server> - list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
Wlan
Airwatch - airwatch wlan settings
- allow
Ipv6Ndp Boolean - only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow
Mdns Boolean - only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow
Ssdp Boolean - only applicable when
limit_bcast
==true
, which allows SSDP - ap
Ids List<String> - list of device ids
- app
Limit WlanApp Limit - bandwidth limiting for apps (applies to up/down)
- app
Qos WlanApp Qos - app qos wlan settings
- apply
To String - enum:
aps
,site
,wxtags
- arp
Filter Boolean - whether to enable smart arp filter
- auth
Wlan
Auth - authentication wlan settings
- auth
Server StringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered
,unordered
- auth
Servers List<WlanAuth Server> - list of RADIUS authentication servers, at least one is needed if
auth type
==eap
, order matters where the first one is treated as primary - auth
Servers StringNas Id - optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers StringNas Ip - optional, NAS-IP-ADDRESS to use
- auth
Servers IntegerRetries - radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth
Servers IntegerTimeout - radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band
Steer Boolean - whether to enable band_steering, this works only when band==both
- band
Steer BooleanForce Band5 - force dual_band capable client to connect to 5G
- bands List<String>
- list of radios that the wlan should apply to. enum:
24
,5
,6
- block
Blacklist BooleanClients - whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour - bonjour gateway wlan settings
- cisco
Cwa WlanCisco Cwa - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client
Limit IntegerDown - kbps
- client
Limit BooleanDown Enabled - if downlink limiting per-client is enabled
- client
Limit IntegerUp - kbps
- client
Limit BooleanUp Enabled - if uplink limiting per-client is enabled
- coa
Servers List<WlanCoa Server> - list of COA (change of authorization) servers, optional
- disable11ax Boolean
- some old WLAN drivers may not be compatible
- disable
Ht BooleanVht Rates - to disable ht or vht rates
- disable
Uapsd Boolean - whether to disable U-APSD
- disable
V1Roam BooleanNotify - disable sending v2 roam notification messages
- disable
V2Roam BooleanNotify - disable sending v2 roam notification messages
- disable
Wmm Boolean - whether to disable WMM
- dns
Server WlanRewrite Dns Server Rewrite - for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim Integer
- dynamic
Psk WlanDynamic Psk - for dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on
context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
AP sends client MAC as username ans password (i.e.
enable_mac_auth
is assumed) * AP sends BSSID:SSID as Caller-Station-ID *auth_servers
is required * PSK will come from cloud WLC if source is cloud_psks * default_psk will be used if cloud WLC is not available *multi_psk_only
andpsk
is ignored *pairwise
can only be wpa2-ccmp (for now, wpa3 support on the roadmap) - dynamic
Vlan WlanDynamic Vlan - for 802.1x
- enable
Local BooleanKeycaching - enable AP-AP keycaching via multicast
- enable
Wireless BooleanBridging - by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wireless_bridging can be enabled
- enable
Wireless BooleanBridging Dhcp Tracking - if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- if this wlan is enabled
- fast
Dot1x BooleanTimers - if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid Boolean - whether to hide SSID in beacon
- hostname
Ie Boolean - include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20 - hostspot 2.0 wlan settings
- inject
Dhcp WlanOption82 Inject Dhcp Option82 - interface_ String
- where this WLAN will be connected to. enum:
all
,eth0
,eth1
,eth2
,eth3
,mxtunnel
,site_mxedge
,wxtunnel
- isolation Boolean
- whether to stop clients to talk to each other
- l2Isolation Boolean
- if isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds Boolean - legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast Boolean - whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe BooleanResponse - limit probe response base on some heuristic rules
- max
Idletime Integer - max idle time in seconds
- mist
Nac WlanMist Nac - msp
Id String - mxtunnel
Ids List<String> - when
interface
=mxtunnel
, id of the Mist Tunnel - mxtunnel
Names List<String> - when
interface
=site_medge
, name of the mxtunnel that in mxtunnels under Site Setting - no
Static BooleanDns - whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static BooleanIp - whether to only allow client that we’ve learned from DHCP exchange to talk
- org
Id String - portal
Wlan
Portal - portal wlan settings
- portal
Allowed List<String>Hostnames - list of hostnames without http(s):// (matched by substring)
- portal
Allowed List<String>Subnets - list of CIDRs
- portal
Api StringSecret - api secret (auto-generated) that can be used to sign guest authorization requests
- portal
Denied List<String>Hostnames - list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- portal
Image String - Url of portal background image
- portal
Sso StringUrl - portal
Template StringUrl - N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
- qos
Wlan
Qos - radsec
Wlan
Radsec - Radsec settings
- roam
Mode String - enum:
11r
,OKC
,NONE
- schedule
Wlan
Schedule - WLAN operating schedule, default is disabled
- site
Id String - sle
Excluded Boolean - whether to exclude this WLAN from SLE metrics
- ssid String
- the name of the SSID
- thumbnail String
- Url of portal background image thumbnail
- use
Eapol BooleanV1 - if
auth.type
==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled Boolean - if vlan tagging is enabled
- vlan
Id String - vlan
Ids List<String> - vlan_ids to use when there’s no match from RA
- vlan
Pooling Boolean - vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- wlan
Limit IntegerDown - kbps
- wlan
Limit BooleanDown Enabled - if downlink limiting for whole wlan is enabled
- wlan
Limit IntegerUp - kbps
- wlan
Limit BooleanUp Enabled - if uplink limiting for whole wlan is enabled
- wxtag
Ids List<String> - list of wxtag_ids
- wxtunnel
Id String - when
interface
=wxtunnel
, id of the WXLAN Tunnel - wxtunnel
Remote StringId - when
interface
=wxtunnel
, remote tunnel identifier
- acct
Immediate booleanUpdate - enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim numberInterval - how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct
Servers WlanAcct Server[] - list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
Wlan
Airwatch - airwatch wlan settings
- allow
Ipv6Ndp boolean - only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow
Mdns boolean - only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow
Ssdp boolean - only applicable when
limit_bcast
==true
, which allows SSDP - ap
Ids string[] - list of device ids
- app
Limit WlanApp Limit - bandwidth limiting for apps (applies to up/down)
- app
Qos WlanApp Qos - app qos wlan settings
- apply
To string - enum:
aps
,site
,wxtags
- arp
Filter boolean - whether to enable smart arp filter
- auth
Wlan
Auth - authentication wlan settings
- auth
Server stringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered
,unordered
- auth
Servers WlanAuth Server[] - list of RADIUS authentication servers, at least one is needed if
auth type
==eap
, order matters where the first one is treated as primary - auth
Servers stringNas Id - optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers stringNas Ip - optional, NAS-IP-ADDRESS to use
- auth
Servers numberRetries - radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth
Servers numberTimeout - radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band
Steer boolean - whether to enable band_steering, this works only when band==both
- band
Steer booleanForce Band5 - force dual_band capable client to connect to 5G
- bands string[]
- list of radios that the wlan should apply to. enum:
24
,5
,6
- block
Blacklist booleanClients - whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour - bonjour gateway wlan settings
- cisco
Cwa WlanCisco Cwa - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client
Limit numberDown - kbps
- client
Limit booleanDown Enabled - if downlink limiting per-client is enabled
- client
Limit numberUp - kbps
- client
Limit booleanUp Enabled - if uplink limiting per-client is enabled
- coa
Servers WlanCoa Server[] - list of COA (change of authorization) servers, optional
- disable11ax boolean
- some old WLAN drivers may not be compatible
- disable
Ht booleanVht Rates - to disable ht or vht rates
- disable
Uapsd boolean - whether to disable U-APSD
- disable
V1Roam booleanNotify - disable sending v2 roam notification messages
- disable
V2Roam booleanNotify - disable sending v2 roam notification messages
- disable
Wmm boolean - whether to disable WMM
- dns
Server WlanRewrite Dns Server Rewrite - for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim number
- dynamic
Psk WlanDynamic Psk - for dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on
context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
AP sends client MAC as username ans password (i.e.
enable_mac_auth
is assumed) * AP sends BSSID:SSID as Caller-Station-ID *auth_servers
is required * PSK will come from cloud WLC if source is cloud_psks * default_psk will be used if cloud WLC is not available *multi_psk_only
andpsk
is ignored *pairwise
can only be wpa2-ccmp (for now, wpa3 support on the roadmap) - dynamic
Vlan WlanDynamic Vlan - for 802.1x
- enable
Local booleanKeycaching - enable AP-AP keycaching via multicast
- enable
Wireless booleanBridging - by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wireless_bridging can be enabled
- enable
Wireless booleanBridging Dhcp Tracking - if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled boolean
- if this wlan is enabled
- fast
Dot1x booleanTimers - if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid boolean - whether to hide SSID in beacon
- hostname
Ie boolean - include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20 - hostspot 2.0 wlan settings
- inject
Dhcp WlanOption82 Inject Dhcp Option82 - interface string
- where this WLAN will be connected to. enum:
all
,eth0
,eth1
,eth2
,eth3
,mxtunnel
,site_mxedge
,wxtunnel
- isolation boolean
- whether to stop clients to talk to each other
- l2Isolation boolean
- if isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds boolean - legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast boolean - whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe booleanResponse - limit probe response base on some heuristic rules
- max
Idletime number - max idle time in seconds
- mist
Nac WlanMist Nac - msp
Id string - mxtunnel
Ids string[] - when
interface
=mxtunnel
, id of the Mist Tunnel - mxtunnel
Names string[] - when
interface
=site_medge
, name of the mxtunnel that in mxtunnels under Site Setting - no
Static booleanDns - whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static booleanIp - whether to only allow client that we’ve learned from DHCP exchange to talk
- org
Id string - portal
Wlan
Portal - portal wlan settings
- portal
Allowed string[]Hostnames - list of hostnames without http(s):// (matched by substring)
- portal
Allowed string[]Subnets - list of CIDRs
- portal
Api stringSecret - api secret (auto-generated) that can be used to sign guest authorization requests
- portal
Denied string[]Hostnames - list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- portal
Image string - Url of portal background image
- portal
Sso stringUrl - portal
Template stringUrl - N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
- qos
Wlan
Qos - radsec
Wlan
Radsec - Radsec settings
- roam
Mode string - enum:
11r
,OKC
,NONE
- schedule
Wlan
Schedule - WLAN operating schedule, default is disabled
- site
Id string - sle
Excluded boolean - whether to exclude this WLAN from SLE metrics
- ssid string
- the name of the SSID
- thumbnail string
- Url of portal background image thumbnail
- use
Eapol booleanV1 - if
auth.type
==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled boolean - if vlan tagging is enabled
- vlan
Id string - vlan
Ids string[] - vlan_ids to use when there’s no match from RA
- vlan
Pooling boolean - vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- wlan
Limit numberDown - kbps
- wlan
Limit booleanDown Enabled - if downlink limiting for whole wlan is enabled
- wlan
Limit numberUp - kbps
- wlan
Limit booleanUp Enabled - if uplink limiting for whole wlan is enabled
- wxtag
Ids string[] - list of wxtag_ids
- wxtunnel
Id string - when
interface
=wxtunnel
, id of the WXLAN Tunnel - wxtunnel
Remote stringId - when
interface
=wxtunnel
, remote tunnel identifier
- acct_
immediate_ boolupdate - enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct_
interim_ intinterval - how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct_
servers Sequence[WlanAcct Server Args] - list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
Wlan
Airwatch Args - airwatch wlan settings
- allow_
ipv6_ boolndp - only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow_
mdns bool - only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow_
ssdp bool - only applicable when
limit_bcast
==true
, which allows SSDP - ap_
ids Sequence[str] - list of device ids
- app_
limit WlanApp Limit Args - bandwidth limiting for apps (applies to up/down)
- app_
qos WlanApp Qos Args - app qos wlan settings
- apply_
to str - enum:
aps
,site
,wxtags
- arp_
filter bool - whether to enable smart arp filter
- auth
Wlan
Auth Args - authentication wlan settings
- auth_
server_ strselection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered
,unordered
- auth_
servers Sequence[WlanAuth Server Args] - list of RADIUS authentication servers, at least one is needed if
auth type
==eap
, order matters where the first one is treated as primary - auth_
servers_ strnas_ id - optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth_
servers_ strnas_ ip - optional, NAS-IP-ADDRESS to use
- auth_
servers_ intretries - radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth_
servers_ inttimeout - radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band_
steer bool - whether to enable band_steering, this works only when band==both
- band_
steer_ boolforce_ band5 - force dual_band capable client to connect to 5G
- bands Sequence[str]
- list of radios that the wlan should apply to. enum:
24
,5
,6
- block_
blacklist_ boolclients - whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour Args - bonjour gateway wlan settings
- cisco_
cwa WlanCisco Cwa Args - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client_
limit_ intdown - kbps
- client_
limit_ booldown_ enabled - if downlink limiting per-client is enabled
- client_
limit_ intup - kbps
- client_
limit_ boolup_ enabled - if uplink limiting per-client is enabled
- coa_
servers Sequence[WlanCoa Server Args] - list of COA (change of authorization) servers, optional
- disable11ax bool
- some old WLAN drivers may not be compatible
- disable_
ht_ boolvht_ rates - to disable ht or vht rates
- disable_
uapsd bool - whether to disable U-APSD
- disable_
v1_ boolroam_ notify - disable sending v2 roam notification messages
- disable_
v2_ boolroam_ notify - disable sending v2 roam notification messages
- disable_
wmm bool - whether to disable WMM
- dns_
server_ Wlanrewrite Dns Server Rewrite Args - for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim int
- dynamic_
psk WlanDynamic Psk Args - for dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on
context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
AP sends client MAC as username ans password (i.e.
enable_mac_auth
is assumed) * AP sends BSSID:SSID as Caller-Station-ID *auth_servers
is required * PSK will come from cloud WLC if source is cloud_psks * default_psk will be used if cloud WLC is not available *multi_psk_only
andpsk
is ignored *pairwise
can only be wpa2-ccmp (for now, wpa3 support on the roadmap) - dynamic_
vlan WlanDynamic Vlan Args - for 802.1x
- enable_
local_ boolkeycaching - enable AP-AP keycaching via multicast
- enable_
wireless_ boolbridging - by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wireless_bridging can be enabled
- enable_
wireless_ boolbridging_ dhcp_ tracking - if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled bool
- if this wlan is enabled
- fast_
dot1x_ booltimers - if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide_
ssid bool - whether to hide SSID in beacon
- hostname_
ie bool - include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20Args - hostspot 2.0 wlan settings
- inject_
dhcp_ Wlanoption82 Inject Dhcp Option82Args - interface str
- where this WLAN will be connected to. enum:
all
,eth0
,eth1
,eth2
,eth3
,mxtunnel
,site_mxedge
,wxtunnel
- isolation bool
- whether to stop clients to talk to each other
- l2_
isolation bool - if isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy_
overds bool - legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit_
bcast bool - whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit_
probe_ boolresponse - limit probe response base on some heuristic rules
- max_
idletime int - max idle time in seconds
- mist_
nac WlanMist Nac Args - msp_
id str - mxtunnel_
ids Sequence[str] - when
interface
=mxtunnel
, id of the Mist Tunnel - mxtunnel_
names Sequence[str] - when
interface
=site_medge
, name of the mxtunnel that in mxtunnels under Site Setting - no_
static_ booldns - whether to only allow client to use DNS that we’ve learned from DHCP response
- no_
static_ boolip - whether to only allow client that we’ve learned from DHCP exchange to talk
- org_
id str - portal
Wlan
Portal Args - portal wlan settings
- portal_
allowed_ Sequence[str]hostnames - list of hostnames without http(s):// (matched by substring)
- portal_
allowed_ Sequence[str]subnets - list of CIDRs
- portal_
api_ strsecret - api secret (auto-generated) that can be used to sign guest authorization requests
- portal_
denied_ Sequence[str]hostnames - list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- portal_
image str - Url of portal background image
- portal_
sso_ strurl - portal_
template_ strurl - N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
- qos
Wlan
Qos Args - radsec
Wlan
Radsec Args - Radsec settings
- roam_
mode str - enum:
11r
,OKC
,NONE
- schedule
Wlan
Schedule Args - WLAN operating schedule, default is disabled
- site_
id str - sle_
excluded bool - whether to exclude this WLAN from SLE metrics
- ssid str
- the name of the SSID
- thumbnail str
- Url of portal background image thumbnail
- use_
eapol_ boolv1 - if
auth.type
==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan_
enabled bool - if vlan tagging is enabled
- vlan_
id str - vlan_
ids Sequence[str] - vlan_ids to use when there’s no match from RA
- vlan_
pooling bool - vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- wlan_
limit_ intdown - kbps
- wlan_
limit_ booldown_ enabled - if downlink limiting for whole wlan is enabled
- wlan_
limit_ intup - kbps
- wlan_
limit_ boolup_ enabled - if uplink limiting for whole wlan is enabled
- wxtag_
ids Sequence[str] - list of wxtag_ids
- wxtunnel_
id str - when
interface
=wxtunnel
, id of the WXLAN Tunnel - wxtunnel_
remote_ strid - when
interface
=wxtunnel
, remote tunnel identifier
- acct
Immediate BooleanUpdate - enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim NumberInterval - how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct
Servers List<Property Map> - list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch Property Map
- airwatch wlan settings
- allow
Ipv6Ndp Boolean - only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow
Mdns Boolean - only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow
Ssdp Boolean - only applicable when
limit_bcast
==true
, which allows SSDP - ap
Ids List<String> - list of device ids
- app
Limit Property Map - bandwidth limiting for apps (applies to up/down)
- app
Qos Property Map - app qos wlan settings
- apply
To String - enum:
aps
,site
,wxtags
- arp
Filter Boolean - whether to enable smart arp filter
- auth Property Map
- authentication wlan settings
- auth
Server StringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered
,unordered
- auth
Servers List<Property Map> - list of RADIUS authentication servers, at least one is needed if
auth type
==eap
, order matters where the first one is treated as primary - auth
Servers StringNas Id - optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers StringNas Ip - optional, NAS-IP-ADDRESS to use
- auth
Servers NumberRetries - radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth
Servers NumberTimeout - radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band
Steer Boolean - whether to enable band_steering, this works only when band==both
- band
Steer BooleanForce Band5 - force dual_band capable client to connect to 5G
- bands List<String>
- list of radios that the wlan should apply to. enum:
24
,5
,6
- block
Blacklist BooleanClients - whether to block the clients in the blacklist (up to first 256 macs)
- bonjour Property Map
- bonjour gateway wlan settings
- cisco
Cwa Property Map - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client
Limit NumberDown - kbps
- client
Limit BooleanDown Enabled - if downlink limiting per-client is enabled
- client
Limit NumberUp - kbps
- client
Limit BooleanUp Enabled - if uplink limiting per-client is enabled
- coa
Servers List<Property Map> - list of COA (change of authorization) servers, optional
- disable11ax Boolean
- some old WLAN drivers may not be compatible
- disable
Ht BooleanVht Rates - to disable ht or vht rates
- disable
Uapsd Boolean - whether to disable U-APSD
- disable
V1Roam BooleanNotify - disable sending v2 roam notification messages
- disable
V2Roam BooleanNotify - disable sending v2 roam notification messages
- disable
Wmm Boolean - whether to disable WMM
- dns
Server Property MapRewrite - for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim Number
- dynamic
Psk Property Map - for dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on
context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
AP sends client MAC as username ans password (i.e.
enable_mac_auth
is assumed) * AP sends BSSID:SSID as Caller-Station-ID *auth_servers
is required * PSK will come from cloud WLC if source is cloud_psks * default_psk will be used if cloud WLC is not available *multi_psk_only
andpsk
is ignored *pairwise
can only be wpa2-ccmp (for now, wpa3 support on the roadmap) - dynamic
Vlan Property Map - for 802.1x
- enable
Local BooleanKeycaching - enable AP-AP keycaching via multicast
- enable
Wireless BooleanBridging - by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wireless_bridging can be enabled
- enable
Wireless BooleanBridging Dhcp Tracking - if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- if this wlan is enabled
- fast
Dot1x BooleanTimers - if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid Boolean - whether to hide SSID in beacon
- hostname
Ie Boolean - include hostname inside IE in AP beacons / probe responses
- hotspot20 Property Map
- hostspot 2.0 wlan settings
- inject
Dhcp Property MapOption82 - interface String
- where this WLAN will be connected to. enum:
all
,eth0
,eth1
,eth2
,eth3
,mxtunnel
,site_mxedge
,wxtunnel
- isolation Boolean
- whether to stop clients to talk to each other
- l2Isolation Boolean
- if isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds Boolean - legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast Boolean - whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe BooleanResponse - limit probe response base on some heuristic rules
- max
Idletime Number - max idle time in seconds
- mist
Nac Property Map - msp
Id String - mxtunnel
Ids List<String> - when
interface
=mxtunnel
, id of the Mist Tunnel - mxtunnel
Names List<String> - when
interface
=site_medge
, name of the mxtunnel that in mxtunnels under Site Setting - no
Static BooleanDns - whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static BooleanIp - whether to only allow client that we’ve learned from DHCP exchange to talk
- org
Id String - portal Property Map
- portal wlan settings
- portal
Allowed List<String>Hostnames - list of hostnames without http(s):// (matched by substring)
- portal
Allowed List<String>Subnets - list of CIDRs
- portal
Api StringSecret - api secret (auto-generated) that can be used to sign guest authorization requests
- portal
Denied List<String>Hostnames - list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- portal
Image String - Url of portal background image
- portal
Sso StringUrl - portal
Template StringUrl - N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
- qos Property Map
- radsec Property Map
- Radsec settings
- roam
Mode String - enum:
11r
,OKC
,NONE
- schedule Property Map
- WLAN operating schedule, default is disabled
- site
Id String - sle
Excluded Boolean - whether to exclude this WLAN from SLE metrics
- ssid String
- the name of the SSID
- thumbnail String
- Url of portal background image thumbnail
- use
Eapol BooleanV1 - if
auth.type
==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled Boolean - if vlan tagging is enabled
- vlan
Id String - vlan
Ids List<String> - vlan_ids to use when there’s no match from RA
- vlan
Pooling Boolean - vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- wlan
Limit NumberDown - kbps
- wlan
Limit BooleanDown Enabled - if downlink limiting for whole wlan is enabled
- wlan
Limit NumberUp - kbps
- wlan
Limit BooleanUp Enabled - if uplink limiting for whole wlan is enabled
- wxtag
Ids List<String> - list of wxtag_ids
- wxtunnel
Id String - when
interface
=wxtunnel
, id of the WXLAN Tunnel - wxtunnel
Remote StringId - when
interface
=wxtunnel
, remote tunnel identifier
Supporting Types
WlanAcctServer, WlanAcctServerArgs
- Host string
- ip / hostname of RADIUS server
- Secret string
- secret of RADIUS server
- Keywrap
Enabled bool - Keywrap
Format string - enum:
ascii
,hex
- Keywrap
Kek string - Keywrap
Mack string - Port int
- Acct port of RADIUS server
- Host string
- ip / hostname of RADIUS server
- Secret string
- secret of RADIUS server
- Keywrap
Enabled bool - Keywrap
Format string - enum:
ascii
,hex
- Keywrap
Kek string - Keywrap
Mack string - Port int
- Acct port of RADIUS server
- host String
- ip / hostname of RADIUS server
- secret String
- secret of RADIUS server
- keywrap
Enabled Boolean - keywrap
Format String - enum:
ascii
,hex
- keywrap
Kek String - keywrap
Mack String - port Integer
- Acct port of RADIUS server
- host string
- ip / hostname of RADIUS server
- secret string
- secret of RADIUS server
- keywrap
Enabled boolean - keywrap
Format string - enum:
ascii
,hex
- keywrap
Kek string - keywrap
Mack string - port number
- Acct port of RADIUS server
- host str
- ip / hostname of RADIUS server
- secret str
- secret of RADIUS server
- keywrap_
enabled bool - keywrap_
format str - enum:
ascii
,hex
- keywrap_
kek str - keywrap_
mack str - port int
- Acct port of RADIUS server
- host String
- ip / hostname of RADIUS server
- secret String
- secret of RADIUS server
- keywrap
Enabled Boolean - keywrap
Format String - enum:
ascii
,hex
- keywrap
Kek String - keywrap
Mack String - port Number
- Acct port of RADIUS server
WlanAirwatch, WlanAirwatchArgs
- Api
Key string - API Key
- Console
Url string - console URL
- Password string
- password
- Username string
- username
- Enabled bool
- Api
Key string - API Key
- Console
Url string - console URL
- Password string
- password
- Username string
- username
- Enabled bool
- api
Key String - API Key
- console
Url String - console URL
- password String
- password
- username String
- username
- enabled Boolean
- api
Key string - API Key
- console
Url string - console URL
- password string
- password
- username string
- username
- enabled boolean
- api_
key str - API Key
- console_
url str - console URL
- password str
- password
- username str
- username
- enabled bool
- api
Key String - API Key
- console
Url String - console URL
- password String
- password
- username String
- username
- enabled Boolean
WlanAppLimit, WlanAppLimitArgs
WlanAppQos, WlanAppQosArgs
- Apps
Dictionary<string, Pulumi.
Juniper Mist. Site. Inputs. Wlan App Qos Apps> - Enabled bool
- Others
List<Pulumi.
Juniper Mist. Site. Inputs. Wlan App Qos Other>
- Apps
map[string]Wlan
App Qos Apps - Enabled bool
- Others
[]Wlan
App Qos Other
- apps
Map<String,Wlan
App Qos Apps> - enabled Boolean
- others
List<Wlan
App Qos Other>
- apps
{[key: string]: Wlan
App Qos Apps} - enabled boolean
- others
Wlan
App Qos Other[]
- apps
Mapping[str, Wlan
App Qos Apps] - enabled bool
- others
Sequence[Wlan
App Qos Other]
- apps Map<Property Map>
- enabled Boolean
- others List<Property Map>
WlanAppQosApps, WlanAppQosAppsArgs
- dscp int
- dst_
subnet str - subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
- src_
subnet str - subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
WlanAppQosOther, WlanAppQosOtherArgs
- Dscp int
- Dst
Subnet string - Port
Ranges string - Protocol string
- Src
Subnet string
- Dscp int
- Dst
Subnet string - Port
Ranges string - Protocol string
- Src
Subnet string
- dscp Integer
- dst
Subnet String - port
Ranges String - protocol String
- src
Subnet String
- dscp number
- dst
Subnet string - port
Ranges string - protocol string
- src
Subnet string
- dscp int
- dst_
subnet str - port_
ranges str - protocol str
- src_
subnet str
- dscp Number
- dst
Subnet String - port
Ranges String - protocol String
- src
Subnet String
WlanAuth, WlanAuthArgs
- Anticlog
Threshold int - SAE anti-clogging token threshold
- Eap
Reauth bool - whether to trigger EAP reauth when the session ends
- Enable
Mac boolAuth - whether to enable MAC Auth, uses the same auth_servers
- Key
Idx int - when
type
==wep
- Keys List<string>
- when type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- Multi
Psk boolOnly - when
type
==psk
, whether to only use multi_psk - Owe string
- if
type
==open
. enum:disabled
,enabled
(means transition mode),required
- Pairwises List<string>
- when
type
=psk
ortype
=eap
, one or more ofwpa1-ccmp
,wpa1-tkip
,wpa2-ccmp
,wpa2-tkip
,wpa3
- Private
Wlan bool - when
multi_psk_only
==true
, whether private wlan is enabled - Psk string
- when
type
==psk
, 8-64 characters, or 64 hex characters - Type string
- enum:
eap
,eap192
,open
,psk
,psk-tkip
,psk-wpa2-tkip
,wep
- Wep
As boolSecondary Auth - enable WEP as secondary auth
- Anticlog
Threshold int - SAE anti-clogging token threshold
- Eap
Reauth bool - whether to trigger EAP reauth when the session ends
- Enable
Mac boolAuth - whether to enable MAC Auth, uses the same auth_servers
- Key
Idx int - when
type
==wep
- Keys []string
- when type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- Multi
Psk boolOnly - when
type
==psk
, whether to only use multi_psk - Owe string
- if
type
==open
. enum:disabled
,enabled
(means transition mode),required
- Pairwises []string
- when
type
=psk
ortype
=eap
, one or more ofwpa1-ccmp
,wpa1-tkip
,wpa2-ccmp
,wpa2-tkip
,wpa3
- Private
Wlan bool - when
multi_psk_only
==true
, whether private wlan is enabled - Psk string
- when
type
==psk
, 8-64 characters, or 64 hex characters - Type string
- enum:
eap
,eap192
,open
,psk
,psk-tkip
,psk-wpa2-tkip
,wep
- Wep
As boolSecondary Auth - enable WEP as secondary auth
- anticlog
Threshold Integer - SAE anti-clogging token threshold
- eap
Reauth Boolean - whether to trigger EAP reauth when the session ends
- enable
Mac BooleanAuth - whether to enable MAC Auth, uses the same auth_servers
- key
Idx Integer - when
type
==wep
- keys List<String>
- when type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- multi
Psk BooleanOnly - when
type
==psk
, whether to only use multi_psk - owe String
- if
type
==open
. enum:disabled
,enabled
(means transition mode),required
- pairwises List<String>
- when
type
=psk
ortype
=eap
, one or more ofwpa1-ccmp
,wpa1-tkip
,wpa2-ccmp
,wpa2-tkip
,wpa3
- private
Wlan Boolean - when
multi_psk_only
==true
, whether private wlan is enabled - psk String
- when
type
==psk
, 8-64 characters, or 64 hex characters - type String
- enum:
eap
,eap192
,open
,psk
,psk-tkip
,psk-wpa2-tkip
,wep
- wep
As BooleanSecondary Auth - enable WEP as secondary auth
- anticlog
Threshold number - SAE anti-clogging token threshold
- eap
Reauth boolean - whether to trigger EAP reauth when the session ends
- enable
Mac booleanAuth - whether to enable MAC Auth, uses the same auth_servers
- key
Idx number - when
type
==wep
- keys string[]
- when type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- multi
Psk booleanOnly - when
type
==psk
, whether to only use multi_psk - owe string
- if
type
==open
. enum:disabled
,enabled
(means transition mode),required
- pairwises string[]
- when
type
=psk
ortype
=eap
, one or more ofwpa1-ccmp
,wpa1-tkip
,wpa2-ccmp
,wpa2-tkip
,wpa3
- private
Wlan boolean - when
multi_psk_only
==true
, whether private wlan is enabled - psk string
- when
type
==psk
, 8-64 characters, or 64 hex characters - type string
- enum:
eap
,eap192
,open
,psk
,psk-tkip
,psk-wpa2-tkip
,wep
- wep
As booleanSecondary Auth - enable WEP as secondary auth
- anticlog_
threshold int - SAE anti-clogging token threshold
- eap_
reauth bool - whether to trigger EAP reauth when the session ends
- enable_
mac_ boolauth - whether to enable MAC Auth, uses the same auth_servers
- key_
idx int - when
type
==wep
- keys Sequence[str]
- when type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- multi_
psk_ boolonly - when
type
==psk
, whether to only use multi_psk - owe str
- if
type
==open
. enum:disabled
,enabled
(means transition mode),required
- pairwises Sequence[str]
- when
type
=psk
ortype
=eap
, one or more ofwpa1-ccmp
,wpa1-tkip
,wpa2-ccmp
,wpa2-tkip
,wpa3
- private_
wlan bool - when
multi_psk_only
==true
, whether private wlan is enabled - psk str
- when
type
==psk
, 8-64 characters, or 64 hex characters - type str
- enum:
eap
,eap192
,open
,psk
,psk-tkip
,psk-wpa2-tkip
,wep
- wep_
as_ boolsecondary_ auth - enable WEP as secondary auth
- anticlog
Threshold Number - SAE anti-clogging token threshold
- eap
Reauth Boolean - whether to trigger EAP reauth when the session ends
- enable
Mac BooleanAuth - whether to enable MAC Auth, uses the same auth_servers
- key
Idx Number - when
type
==wep
- keys List<String>
- when type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- multi
Psk BooleanOnly - when
type
==psk
, whether to only use multi_psk - owe String
- if
type
==open
. enum:disabled
,enabled
(means transition mode),required
- pairwises List<String>
- when
type
=psk
ortype
=eap
, one or more ofwpa1-ccmp
,wpa1-tkip
,wpa2-ccmp
,wpa2-tkip
,wpa3
- private
Wlan Boolean - when
multi_psk_only
==true
, whether private wlan is enabled - psk String
- when
type
==psk
, 8-64 characters, or 64 hex characters - type String
- enum:
eap
,eap192
,open
,psk
,psk-tkip
,psk-wpa2-tkip
,wep
- wep
As BooleanSecondary Auth - enable WEP as secondary auth
WlanAuthServer, WlanAuthServerArgs
- Host string
- ip / hostname of RADIUS server
- Secret string
- secret of RADIUS server
- Keywrap
Enabled bool - Keywrap
Format string - enum:
ascii
,hex
- Keywrap
Kek string - Keywrap
Mack string - Port int
- Auth port of RADIUS server
- Host string
- ip / hostname of RADIUS server
- Secret string
- secret of RADIUS server
- Keywrap
Enabled bool - Keywrap
Format string - enum:
ascii
,hex
- Keywrap
Kek string - Keywrap
Mack string - Port int
- Auth port of RADIUS server
- host String
- ip / hostname of RADIUS server
- secret String
- secret of RADIUS server
- keywrap
Enabled Boolean - keywrap
Format String - enum:
ascii
,hex
- keywrap
Kek String - keywrap
Mack String - port Integer
- Auth port of RADIUS server
- host string
- ip / hostname of RADIUS server
- secret string
- secret of RADIUS server
- keywrap
Enabled boolean - keywrap
Format string - enum:
ascii
,hex
- keywrap
Kek string - keywrap
Mack string - port number
- Auth port of RADIUS server
- host str
- ip / hostname of RADIUS server
- secret str
- secret of RADIUS server
- keywrap_
enabled bool - keywrap_
format str - enum:
ascii
,hex
- keywrap_
kek str - keywrap_
mack str - port int
- Auth port of RADIUS server
- host String
- ip / hostname of RADIUS server
- secret String
- secret of RADIUS server
- keywrap
Enabled Boolean - keywrap
Format String - enum:
ascii
,hex
- keywrap
Kek String - keywrap
Mack String - port Number
- Auth port of RADIUS server
WlanBonjour, WlanBonjourArgs
- Additional
Vlan List<string>Ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- Services
Dictionary<string, Pulumi.
Juniper Mist. Site. Inputs. Wlan Bonjour Services> - what services are allowed. Property key is the service name
- Enabled bool
- whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- Additional
Vlan []stringIds - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- Services
map[string]Wlan
Bonjour Services - what services are allowed. Property key is the service name
- Enabled bool
- whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- additional
Vlan List<String>Ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- services
Map<String,Wlan
Bonjour Services> - what services are allowed. Property key is the service name
- enabled Boolean
- whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- additional
Vlan string[]Ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- services
{[key: string]: Wlan
Bonjour Services} - what services are allowed. Property key is the service name
- enabled boolean
- whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- additional_
vlan_ Sequence[str]ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- services
Mapping[str, Wlan
Bonjour Services] - what services are allowed. Property key is the service name
- enabled bool
- whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- additional
Vlan List<String>Ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- services Map<Property Map>
- what services are allowed. Property key is the service name
- enabled Boolean
- whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
WlanBonjourServices, WlanBonjourServicesArgs
- Disable
Local bool - whether to prevent wireless clients to discover bonjour devices on the same WLAN
- Radius
Groups List<string> - optional, if the service is further restricted for certain RADIUS groups
- Scope string
- how bonjour services should be discovered for the same WLAN. enum:
same_ap
,same_map
,same_site
- Disable
Local bool - whether to prevent wireless clients to discover bonjour devices on the same WLAN
- Radius
Groups []string - optional, if the service is further restricted for certain RADIUS groups
- Scope string
- how bonjour services should be discovered for the same WLAN. enum:
same_ap
,same_map
,same_site
- disable
Local Boolean - whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius
Groups List<String> - optional, if the service is further restricted for certain RADIUS groups
- scope String
- how bonjour services should be discovered for the same WLAN. enum:
same_ap
,same_map
,same_site
- disable
Local boolean - whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius
Groups string[] - optional, if the service is further restricted for certain RADIUS groups
- scope string
- how bonjour services should be discovered for the same WLAN. enum:
same_ap
,same_map
,same_site
- disable_
local bool - whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius_
groups Sequence[str] - optional, if the service is further restricted for certain RADIUS groups
- scope str
- how bonjour services should be discovered for the same WLAN. enum:
same_ap
,same_map
,same_site
- disable
Local Boolean - whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius
Groups List<String> - optional, if the service is further restricted for certain RADIUS groups
- scope String
- how bonjour services should be discovered for the same WLAN. enum:
same_ap
,same_map
,same_site
WlanCiscoCwa, WlanCiscoCwaArgs
- Allowed
Hostnames List<string> - list of hostnames without http(s):// (matched by substring)
- Allowed
Subnets List<string> - list of CIDRs
- Blocked
Subnets List<string> - list of blocked CIDRs
- Enabled bool
- Allowed
Hostnames []string - list of hostnames without http(s):// (matched by substring)
- Allowed
Subnets []string - list of CIDRs
- Blocked
Subnets []string - list of blocked CIDRs
- Enabled bool
- allowed
Hostnames List<String> - list of hostnames without http(s):// (matched by substring)
- allowed
Subnets List<String> - list of CIDRs
- blocked
Subnets List<String> - list of blocked CIDRs
- enabled Boolean
- allowed
Hostnames string[] - list of hostnames without http(s):// (matched by substring)
- allowed
Subnets string[] - list of CIDRs
- blocked
Subnets string[] - list of blocked CIDRs
- enabled boolean
- allowed_
hostnames Sequence[str] - list of hostnames without http(s):// (matched by substring)
- allowed_
subnets Sequence[str] - list of CIDRs
- blocked_
subnets Sequence[str] - list of blocked CIDRs
- enabled bool
- allowed
Hostnames List<String> - list of hostnames without http(s):// (matched by substring)
- allowed
Subnets List<String> - list of CIDRs
- blocked
Subnets List<String> - list of blocked CIDRs
- enabled Boolean
WlanCoaServer, WlanCoaServerArgs
- Ip string
- Secret string
- Disable
Event boolTimestamp Check - whether to disable Event-Timestamp Check
- Enabled bool
- Port int
- Ip string
- Secret string
- Disable
Event boolTimestamp Check - whether to disable Event-Timestamp Check
- Enabled bool
- Port int
- ip String
- secret String
- disable
Event BooleanTimestamp Check - whether to disable Event-Timestamp Check
- enabled Boolean
- port Integer
- ip string
- secret string
- disable
Event booleanTimestamp Check - whether to disable Event-Timestamp Check
- enabled boolean
- port number
- ip str
- secret str
- disable_
event_ booltimestamp_ check - whether to disable Event-Timestamp Check
- enabled bool
- port int
- ip String
- secret String
- disable
Event BooleanTimestamp Check - whether to disable Event-Timestamp Check
- enabled Boolean
- port Number
WlanDnsServerRewrite, WlanDnsServerRewriteArgs
- Enabled bool
- Radius
Groups Dictionary<string, string> - map between radius_group and the desired DNS server (IPv4 only) Property key is the RADIUS group, property value is the desired DNS Server
- Enabled bool
- Radius
Groups map[string]string - map between radius_group and the desired DNS server (IPv4 only) Property key is the RADIUS group, property value is the desired DNS Server
- enabled Boolean
- radius
Groups Map<String,String> - map between radius_group and the desired DNS server (IPv4 only) Property key is the RADIUS group, property value is the desired DNS Server
- enabled boolean
- radius
Groups {[key: string]: string} - map between radius_group and the desired DNS server (IPv4 only) Property key is the RADIUS group, property value is the desired DNS Server
- enabled bool
- radius_
groups Mapping[str, str] - map between radius_group and the desired DNS server (IPv4 only) Property key is the RADIUS group, property value is the desired DNS Server
- enabled Boolean
- radius
Groups Map<String> - map between radius_group and the desired DNS server (IPv4 only) Property key is the RADIUS group, property value is the desired DNS Server
WlanDynamicPsk, WlanDynamicPskArgs
- Default
Psk string - default PSK to use if cloud WLC is not available, 8-63 characters
- Default
Vlan stringId - Enabled bool
- Force
Lookup bool - when 11r is enabled, we'll try to use the cached PMK, this can be disabled
false
means auto - Source string
- enum:
cloud_psks
,radius
- Vlan
Ids List<string>
- Default
Psk string - default PSK to use if cloud WLC is not available, 8-63 characters
- Default
Vlan stringId - Enabled bool
- Force
Lookup bool - when 11r is enabled, we'll try to use the cached PMK, this can be disabled
false
means auto - Source string
- enum:
cloud_psks
,radius
- Vlan
Ids []string
- default
Psk String - default PSK to use if cloud WLC is not available, 8-63 characters
- default
Vlan StringId - enabled Boolean
- force
Lookup Boolean - when 11r is enabled, we'll try to use the cached PMK, this can be disabled
false
means auto - source String
- enum:
cloud_psks
,radius
- vlan
Ids List<String>
- default
Psk string - default PSK to use if cloud WLC is not available, 8-63 characters
- default
Vlan stringId - enabled boolean
- force
Lookup boolean - when 11r is enabled, we'll try to use the cached PMK, this can be disabled
false
means auto - source string
- enum:
cloud_psks
,radius
- vlan
Ids string[]
- default_
psk str - default PSK to use if cloud WLC is not available, 8-63 characters
- default_
vlan_ strid - enabled bool
- force_
lookup bool - when 11r is enabled, we'll try to use the cached PMK, this can be disabled
false
means auto - source str
- enum:
cloud_psks
,radius
- vlan_
ids Sequence[str]
- default
Psk String - default PSK to use if cloud WLC is not available, 8-63 characters
- default
Vlan StringId - enabled Boolean
- force
Lookup Boolean - when 11r is enabled, we'll try to use the cached PMK, this can be disabled
false
means auto - source String
- enum:
cloud_psks
,radius
- vlan
Ids List<String>
WlanDynamicVlan, WlanDynamicVlanArgs
- Default
Vlan List<string>Ids - Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- Enabled bool
- whether to enable dynamic vlan
- Local
Vlan List<string>Ids - vlan_ids to be locally bridged
- Type string
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum:
airespace-interface-name
,standard
- Vlans Dictionary<string, string>
- map between vlan_id (as string) to airespace interface names (comma-separated) or null for stndard mapping
- if
dynamic_vlan.type
==standard
, property key is the Vlan ID and property value is "" - if
dynamic_vlan.type
==airespace-interface-name
, property key is the Vlan ID and property value is the Airespace Interface Name
- if
- Default
Vlan []stringIds - Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- Enabled bool
- whether to enable dynamic vlan
- Local
Vlan []stringIds - vlan_ids to be locally bridged
- Type string
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum:
airespace-interface-name
,standard
- Vlans map[string]string
- map between vlan_id (as string) to airespace interface names (comma-separated) or null for stndard mapping
- if
dynamic_vlan.type
==standard
, property key is the Vlan ID and property value is "" - if
dynamic_vlan.type
==airespace-interface-name
, property key is the Vlan ID and property value is the Airespace Interface Name
- if
- default
Vlan List<String>Ids - Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- enabled Boolean
- whether to enable dynamic vlan
- local
Vlan List<String>Ids - vlan_ids to be locally bridged
- type String
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum:
airespace-interface-name
,standard
- vlans Map<String,String>
- map between vlan_id (as string) to airespace interface names (comma-separated) or null for stndard mapping
- if
dynamic_vlan.type
==standard
, property key is the Vlan ID and property value is "" - if
dynamic_vlan.type
==airespace-interface-name
, property key is the Vlan ID and property value is the Airespace Interface Name
- if
- default
Vlan string[]Ids - Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- enabled boolean
- whether to enable dynamic vlan
- local
Vlan string[]Ids - vlan_ids to be locally bridged
- type string
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum:
airespace-interface-name
,standard
- vlans {[key: string]: string}
- map between vlan_id (as string) to airespace interface names (comma-separated) or null for stndard mapping
- if
dynamic_vlan.type
==standard
, property key is the Vlan ID and property value is "" - if
dynamic_vlan.type
==airespace-interface-name
, property key is the Vlan ID and property value is the Airespace Interface Name
- if
- default_
vlan_ Sequence[str]ids - Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- enabled bool
- whether to enable dynamic vlan
- local_
vlan_ Sequence[str]ids - vlan_ids to be locally bridged
- type str
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum:
airespace-interface-name
,standard
- vlans Mapping[str, str]
- map between vlan_id (as string) to airespace interface names (comma-separated) or null for stndard mapping
- if
dynamic_vlan.type
==standard
, property key is the Vlan ID and property value is "" - if
dynamic_vlan.type
==airespace-interface-name
, property key is the Vlan ID and property value is the Airespace Interface Name
- if
- default
Vlan List<String>Ids - Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- enabled Boolean
- whether to enable dynamic vlan
- local
Vlan List<String>Ids - vlan_ids to be locally bridged
- type String
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum:
airespace-interface-name
,standard
- vlans Map<String>
- map between vlan_id (as string) to airespace interface names (comma-separated) or null for stndard mapping
- if
dynamic_vlan.type
==standard
, property key is the Vlan ID and property value is "" - if
dynamic_vlan.type
==airespace-interface-name
, property key is the Vlan ID and property value is the Airespace Interface Name
- if
WlanHotspot20, WlanHotspot20Args
- domain_
names Sequence[str] - enabled bool
- whether to enable hotspot 2.0 config
- nai_
realms Sequence[str] - operators Sequence[str]
- list of operators to support
- rcois Sequence[str]
- venue_
name str - venue name, default is site name
WlanInjectDhcpOption82, WlanInjectDhcpOption82Args
- circuit_
id str - enabled bool
- whether to inject option 82 when forwarding DHCP packets
WlanMistNac, WlanMistNacArgs
- Enabled bool
- when enabled:
auth_servers
is ignoredacct_servers
is ignoredauth_servers_*
are ignoredcoa_servers
is ignoredradsec
is ignoredcoa_enabled
is assumed'
- Enabled bool
- when enabled:
auth_servers
is ignoredacct_servers
is ignoredauth_servers_*
are ignoredcoa_servers
is ignoredradsec
is ignoredcoa_enabled
is assumed'
- enabled Boolean
- when enabled:
auth_servers
is ignoredacct_servers
is ignoredauth_servers_*
are ignoredcoa_servers
is ignoredradsec
is ignoredcoa_enabled
is assumed'
- enabled boolean
- when enabled:
auth_servers
is ignoredacct_servers
is ignoredauth_servers_*
are ignoredcoa_servers
is ignoredradsec
is ignoredcoa_enabled
is assumed'
- enabled bool
- when enabled:
auth_servers
is ignoredacct_servers
is ignoredauth_servers_*
are ignoredcoa_servers
is ignoredradsec
is ignoredcoa_enabled
is assumed'
- enabled Boolean
- when enabled:
auth_servers
is ignoredacct_servers
is ignoredauth_servers_*
are ignoredcoa_servers
is ignoredradsec
is ignoredcoa_enabled
is assumed'
WlanPortal, WlanPortalArgs
- Amazon
Client stringId - amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
- Amazon
Client stringSecret - amazon OAuth2 client secret. If amazon_client_id was provided, provide a correspoinding value. Else leave blank.
- Amazon
Email List<string>Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- Amazon
Enabled bool - whether amazon is enabled as a login method
- Amazon
Expire double - interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
- Auth string
- authentication scheme. enum:
external
,none
,sso
- Azure
Client stringId - Required if
azure_enabled
==true
. Azure active directory app client id - Azure
Client stringSecret - Required if
azure_enabled
==true
. Azure active directory app client secret - Azure
Enabled bool - whether Azure Active Directory is enabled as a login method
- Azure
Expire double - interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- Azure
Tenant stringId - Required if
azure_enabled
==true
. Azure active directory tenant id. - Broadnet
Password string - when
sms_provider
==broadnet
- Broadnet
Sid string - when
sms_provider
==broadnet
- Broadnet
User stringId - when
sms_provider
==broadnet
- Bypass
When boolCloud Down - whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- Clickatell
Api stringKey - when
sms_provider
==clickatell
- Cross
Site bool - whether to allow guest to roam between WLANs (with same
WLAN.ssid
, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming) - Email
Enabled bool - whether email (access code verification) is enabled as a login method
- Enabled bool
- whether guest portal is enabled
- Expire double
- how long to remain authorized, in minutes
- External
Portal stringUrl - external portal URL (e.g. https://host/url) where we can append our query parameters to
- Facebook
Client stringId - Required if
facebook_enabled
==true
. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - Facebook
Client stringSecret - Required if
facebook_enabled
==true
. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a correspoinding value. Else leave blank. - Facebook
Email List<string>Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- Facebook
Enabled bool - whether facebook is enabled as a login method
- Facebook
Expire double - interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
- Forward bool
- whether to forward the user to another URL after authorized
- Forward
Url string - the URL to forward the user to
- Google
Client stringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- Google
Client stringSecret - Google OAuth2 app secret. If google_client_id was provided, provide a correspoinding value. Else leave blank.
- Google
Email List<string>Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- Google
Enabled bool - whether google is enabled as login method
- Google
Expire double - interval for which guest remains authorized using google auth (in minutes), if not provided, uses expire`
- Gupshup
Password string - when
sms_provider
==gupshup
- Gupshup
Userid string - when
sms_provider
==gupshup
- Microsoft
Client stringId - microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
- Microsoft
Client stringSecret - microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a correspoinding value. Else leave blank.
- Microsoft
Email List<string>Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- Microsoft
Enabled bool - whether microsoft 365 is enabled as a login method
- Microsoft
Expire double - interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
- Passphrase
Enabled bool - whether password is enabled
- Passphrase
Expire double - interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses
expire
- Password string
- passphrase
- Predefined
Sponsors boolEnabled - whether to show list of sponsor emails mentioned in
sponsors
object as a dropdown. If bothsponsor_notify_all
andpredefined_sponsors_enabled
are false, behaviour is acc tosponsor_email_domains
- Predefined
Sponsors boolHide Email - whether to hide sponsor’s email from list of sponsors
- Privacy bool
- Puzzel
Password string - when
sms_provider
==puzzel
- Puzzel
Service stringId - when
sms_provider
==puzzel
- Puzzel
Username string - when
sms_provider
==puzzel
- Sms
Enabled bool - whether sms is enabled as a login method
- Sms
Expire double - interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
- Sms
Message stringFormat - Sms
Provider string - enum:
broadnet
,clickatell
,gupshup
,manual
,puzzel
,telstra
,twilio
- Sponsor
Auto boolApprove - whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
- Sponsor
Email List<string>Domains - list of domain allowed for sponsor email. Required if
sponsor_enabled
istrue
andsponsors
is empty. - Sponsor
Enabled bool - whether sponsor is enabled
- Sponsor
Expire double - interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
- Sponsor
Link stringValidity Duration - how long to remain valid sponsored guest request approve/deny link received in email, in minutes.
- Sponsor
Notify boolAll - whether to notify all sponsors that are mentioned in
sponsors
object. Bothsponsor_notify_all
andpredefined_sponsors_enabled
should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - Sponsor
Status boolNotify - if enabled, guest will get email about sponsor's action (approve/deny)
- Sponsors Dictionary<string, string>
- object of allowed sponsors email with name. Required if
sponsor_enabled
istrue
andsponsor_email_domains
is empty.Property key is the sponsor email, Property value is the sponsor name
- Sso
Default stringRole - default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- Sso
Forced stringRole - Sso
Idp stringCert - IDP Cert (used to verify the signed response)
- Sso
Idp stringSign Algo - signing algorithm for SAML Assertion
- Sso
Idp stringSso Url - IDP Single-Sign-On URL
- Sso
Issuer string - IDP issuer URL
- Sso
Nameid stringFormat - enum:
email
,unspecified
- Telstra
Client stringId - when
sms_provider
==telstra
, Client ID provided by Telstra - Telstra
Client stringSecret - when
sms_provider
==telstra
, Client secret provided by Telstra - Twilio
Auth stringToken - when
sms_provider
==twilio
, Auth token account with twilio account - Twilio
Phone stringNumber - when
sms_provider
==twilio
, Twilio phone number associated with the account. See example for accepted format. - Twilio
Sid string - when
sms_provider
==twilio
, Account SID provided by Twilio
- Amazon
Client stringId - amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
- Amazon
Client stringSecret - amazon OAuth2 client secret. If amazon_client_id was provided, provide a correspoinding value. Else leave blank.
- Amazon
Email []stringDomains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- Amazon
Enabled bool - whether amazon is enabled as a login method
- Amazon
Expire float64 - interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
- Auth string
- authentication scheme. enum:
external
,none
,sso
- Azure
Client stringId - Required if
azure_enabled
==true
. Azure active directory app client id - Azure
Client stringSecret - Required if
azure_enabled
==true
. Azure active directory app client secret - Azure
Enabled bool - whether Azure Active Directory is enabled as a login method
- Azure
Expire float64 - interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- Azure
Tenant stringId - Required if
azure_enabled
==true
. Azure active directory tenant id. - Broadnet
Password string - when
sms_provider
==broadnet
- Broadnet
Sid string - when
sms_provider
==broadnet
- Broadnet
User stringId - when
sms_provider
==broadnet
- Bypass
When boolCloud Down - whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- Clickatell
Api stringKey - when
sms_provider
==clickatell
- Cross
Site bool - whether to allow guest to roam between WLANs (with same
WLAN.ssid
, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming) - Email
Enabled bool - whether email (access code verification) is enabled as a login method
- Enabled bool
- whether guest portal is enabled
- Expire float64
- how long to remain authorized, in minutes
- External
Portal stringUrl - external portal URL (e.g. https://host/url) where we can append our query parameters to
- Facebook
Client stringId - Required if
facebook_enabled
==true
. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - Facebook
Client stringSecret - Required if
facebook_enabled
==true
. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a correspoinding value. Else leave blank. - Facebook
Email []stringDomains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- Facebook
Enabled bool - whether facebook is enabled as a login method
- Facebook
Expire float64 - interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
- Forward bool
- whether to forward the user to another URL after authorized
- Forward
Url string - the URL to forward the user to
- Google
Client stringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- Google
Client stringSecret - Google OAuth2 app secret. If google_client_id was provided, provide a correspoinding value. Else leave blank.
- Google
Email []stringDomains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- Google
Enabled bool - whether google is enabled as login method
- Google
Expire float64 - interval for which guest remains authorized using google auth (in minutes), if not provided, uses expire`
- Gupshup
Password string - when
sms_provider
==gupshup
- Gupshup
Userid string - when
sms_provider
==gupshup
- Microsoft
Client stringId - microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
- Microsoft
Client stringSecret - microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a correspoinding value. Else leave blank.
- Microsoft
Email []stringDomains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- Microsoft
Enabled bool - whether microsoft 365 is enabled as a login method
- Microsoft
Expire float64 - interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
- Passphrase
Enabled bool - whether password is enabled
- Passphrase
Expire float64 - interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses
expire
- Password string
- passphrase
- Predefined
Sponsors boolEnabled - whether to show list of sponsor emails mentioned in
sponsors
object as a dropdown. If bothsponsor_notify_all
andpredefined_sponsors_enabled
are false, behaviour is acc tosponsor_email_domains
- Predefined
Sponsors boolHide Email - whether to hide sponsor’s email from list of sponsors
- Privacy bool
- Puzzel
Password string - when
sms_provider
==puzzel
- Puzzel
Service stringId - when
sms_provider
==puzzel
- Puzzel
Username string - when
sms_provider
==puzzel
- Sms
Enabled bool - whether sms is enabled as a login method
- Sms
Expire float64 - interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
- Sms
Message stringFormat - Sms
Provider string - enum:
broadnet
,clickatell
,gupshup
,manual
,puzzel
,telstra
,twilio
- Sponsor
Auto boolApprove - whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
- Sponsor
Email []stringDomains - list of domain allowed for sponsor email. Required if
sponsor_enabled
istrue
andsponsors
is empty. - Sponsor
Enabled bool - whether sponsor is enabled
- Sponsor
Expire float64 - interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
- Sponsor
Link stringValidity Duration - how long to remain valid sponsored guest request approve/deny link received in email, in minutes.
- Sponsor
Notify boolAll - whether to notify all sponsors that are mentioned in
sponsors
object. Bothsponsor_notify_all
andpredefined_sponsors_enabled
should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - Sponsor
Status boolNotify - if enabled, guest will get email about sponsor's action (approve/deny)
- Sponsors map[string]string
- object of allowed sponsors email with name. Required if
sponsor_enabled
istrue
andsponsor_email_domains
is empty.Property key is the sponsor email, Property value is the sponsor name
- Sso
Default stringRole - default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- Sso
Forced stringRole - Sso
Idp stringCert - IDP Cert (used to verify the signed response)
- Sso
Idp stringSign Algo - signing algorithm for SAML Assertion
- Sso
Idp stringSso Url - IDP Single-Sign-On URL
- Sso
Issuer string - IDP issuer URL
- Sso
Nameid stringFormat - enum:
email
,unspecified
- Telstra
Client stringId - when
sms_provider
==telstra
, Client ID provided by Telstra - Telstra
Client stringSecret - when
sms_provider
==telstra
, Client secret provided by Telstra - Twilio
Auth stringToken - when
sms_provider
==twilio
, Auth token account with twilio account - Twilio
Phone stringNumber - when
sms_provider
==twilio
, Twilio phone number associated with the account. See example for accepted format. - Twilio
Sid string - when
sms_provider
==twilio
, Account SID provided by Twilio
- amazon
Client StringId - amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
- amazon
Client StringSecret - amazon OAuth2 client secret. If amazon_client_id was provided, provide a correspoinding value. Else leave blank.
- amazon
Email List<String>Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- amazon
Enabled Boolean - whether amazon is enabled as a login method
- amazon
Expire Double - interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
- auth String
- authentication scheme. enum:
external
,none
,sso
- azure
Client StringId - Required if
azure_enabled
==true
. Azure active directory app client id - azure
Client StringSecret - Required if
azure_enabled
==true
. Azure active directory app client secret - azure
Enabled Boolean - whether Azure Active Directory is enabled as a login method
- azure
Expire Double - interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure
Tenant StringId - Required if
azure_enabled
==true
. Azure active directory tenant id. - broadnet
Password String - when
sms_provider
==broadnet
- broadnet
Sid String - when
sms_provider
==broadnet
- broadnet
User StringId - when
sms_provider
==broadnet
- bypass
When BooleanCloud Down - whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell
Api StringKey - when
sms_provider
==clickatell
- cross
Site Boolean - whether to allow guest to roam between WLANs (with same
WLAN.ssid
, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming) - email
Enabled Boolean - whether email (access code verification) is enabled as a login method
- enabled Boolean
- whether guest portal is enabled
- expire Double
- how long to remain authorized, in minutes
- external
Portal StringUrl - external portal URL (e.g. https://host/url) where we can append our query parameters to
- facebook
Client StringId - Required if
facebook_enabled
==true
. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook
Client StringSecret - Required if
facebook_enabled
==true
. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a correspoinding value. Else leave blank. - facebook
Email List<String>Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- facebook
Enabled Boolean - whether facebook is enabled as a login method
- facebook
Expire Double - interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
- forward Boolean
- whether to forward the user to another URL after authorized
- forward
Url String - the URL to forward the user to
- google
Client StringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google
Client StringSecret - Google OAuth2 app secret. If google_client_id was provided, provide a correspoinding value. Else leave blank.
- google
Email List<String>Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- google
Enabled Boolean - whether google is enabled as login method
- google
Expire Double - interval for which guest remains authorized using google auth (in minutes), if not provided, uses expire`
- gupshup
Password String - when
sms_provider
==gupshup
- gupshup
Userid String - when
sms_provider
==gupshup
- microsoft
Client StringId - microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
- microsoft
Client StringSecret - microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a correspoinding value. Else leave blank.
- microsoft
Email List<String>Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- microsoft
Enabled Boolean - whether microsoft 365 is enabled as a login method
- microsoft
Expire Double - interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
- passphrase
Enabled Boolean - whether password is enabled
- passphrase
Expire Double - interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses
expire
- password String
- passphrase
- predefined
Sponsors BooleanEnabled - whether to show list of sponsor emails mentioned in
sponsors
object as a dropdown. If bothsponsor_notify_all
andpredefined_sponsors_enabled
are false, behaviour is acc tosponsor_email_domains
- predefined
Sponsors BooleanHide Email - whether to hide sponsor’s email from list of sponsors
- privacy Boolean
- puzzel
Password String - when
sms_provider
==puzzel
- puzzel
Service StringId - when
sms_provider
==puzzel
- puzzel
Username String - when
sms_provider
==puzzel
- sms
Enabled Boolean - whether sms is enabled as a login method
- sms
Expire Double - interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
- sms
Message StringFormat - sms
Provider String - enum:
broadnet
,clickatell
,gupshup
,manual
,puzzel
,telstra
,twilio
- sponsor
Auto BooleanApprove - whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
- sponsor
Email List<String>Domains - list of domain allowed for sponsor email. Required if
sponsor_enabled
istrue
andsponsors
is empty. - sponsor
Enabled Boolean - whether sponsor is enabled
- sponsor
Expire Double - interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
- sponsor
Link StringValidity Duration - how long to remain valid sponsored guest request approve/deny link received in email, in minutes.
- sponsor
Notify BooleanAll - whether to notify all sponsors that are mentioned in
sponsors
object. Bothsponsor_notify_all
andpredefined_sponsors_enabled
should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor
Status BooleanNotify - if enabled, guest will get email about sponsor's action (approve/deny)
- sponsors Map<String,String>
- object of allowed sponsors email with name. Required if
sponsor_enabled
istrue
andsponsor_email_domains
is empty.Property key is the sponsor email, Property value is the sponsor name
- sso
Default StringRole - default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- sso
Forced StringRole - sso
Idp StringCert - IDP Cert (used to verify the signed response)
- sso
Idp StringSign Algo - signing algorithm for SAML Assertion
- sso
Idp StringSso Url - IDP Single-Sign-On URL
- sso
Issuer String - IDP issuer URL
- sso
Nameid StringFormat - enum:
email
,unspecified
- telstra
Client StringId - when
sms_provider
==telstra
, Client ID provided by Telstra - telstra
Client StringSecret - when
sms_provider
==telstra
, Client secret provided by Telstra - twilio
Auth StringToken - when
sms_provider
==twilio
, Auth token account with twilio account - twilio
Phone StringNumber - when
sms_provider
==twilio
, Twilio phone number associated with the account. See example for accepted format. - twilio
Sid String - when
sms_provider
==twilio
, Account SID provided by Twilio
- amazon
Client stringId - amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
- amazon
Client stringSecret - amazon OAuth2 client secret. If amazon_client_id was provided, provide a correspoinding value. Else leave blank.
- amazon
Email string[]Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- amazon
Enabled boolean - whether amazon is enabled as a login method
- amazon
Expire number - interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
- auth string
- authentication scheme. enum:
external
,none
,sso
- azure
Client stringId - Required if
azure_enabled
==true
. Azure active directory app client id - azure
Client stringSecret - Required if
azure_enabled
==true
. Azure active directory app client secret - azure
Enabled boolean - whether Azure Active Directory is enabled as a login method
- azure
Expire number - interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure
Tenant stringId - Required if
azure_enabled
==true
. Azure active directory tenant id. - broadnet
Password string - when
sms_provider
==broadnet
- broadnet
Sid string - when
sms_provider
==broadnet
- broadnet
User stringId - when
sms_provider
==broadnet
- bypass
When booleanCloud Down - whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell
Api stringKey - when
sms_provider
==clickatell
- cross
Site boolean - whether to allow guest to roam between WLANs (with same
WLAN.ssid
, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming) - email
Enabled boolean - whether email (access code verification) is enabled as a login method
- enabled boolean
- whether guest portal is enabled
- expire number
- how long to remain authorized, in minutes
- external
Portal stringUrl - external portal URL (e.g. https://host/url) where we can append our query parameters to
- facebook
Client stringId - Required if
facebook_enabled
==true
. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook
Client stringSecret - Required if
facebook_enabled
==true
. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a correspoinding value. Else leave blank. - facebook
Email string[]Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- facebook
Enabled boolean - whether facebook is enabled as a login method
- facebook
Expire number - interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
- forward boolean
- whether to forward the user to another URL after authorized
- forward
Url string - the URL to forward the user to
- google
Client stringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google
Client stringSecret - Google OAuth2 app secret. If google_client_id was provided, provide a correspoinding value. Else leave blank.
- google
Email string[]Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- google
Enabled boolean - whether google is enabled as login method
- google
Expire number - interval for which guest remains authorized using google auth (in minutes), if not provided, uses expire`
- gupshup
Password string - when
sms_provider
==gupshup
- gupshup
Userid string - when
sms_provider
==gupshup
- microsoft
Client stringId - microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
- microsoft
Client stringSecret - microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a correspoinding value. Else leave blank.
- microsoft
Email string[]Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- microsoft
Enabled boolean - whether microsoft 365 is enabled as a login method
- microsoft
Expire number - interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
- passphrase
Enabled boolean - whether password is enabled
- passphrase
Expire number - interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses
expire
- password string
- passphrase
- predefined
Sponsors booleanEnabled - whether to show list of sponsor emails mentioned in
sponsors
object as a dropdown. If bothsponsor_notify_all
andpredefined_sponsors_enabled
are false, behaviour is acc tosponsor_email_domains
- predefined
Sponsors booleanHide Email - whether to hide sponsor’s email from list of sponsors
- privacy boolean
- puzzel
Password string - when
sms_provider
==puzzel
- puzzel
Service stringId - when
sms_provider
==puzzel
- puzzel
Username string - when
sms_provider
==puzzel
- sms
Enabled boolean - whether sms is enabled as a login method
- sms
Expire number - interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
- sms
Message stringFormat - sms
Provider string - enum:
broadnet
,clickatell
,gupshup
,manual
,puzzel
,telstra
,twilio
- sponsor
Auto booleanApprove - whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
- sponsor
Email string[]Domains - list of domain allowed for sponsor email. Required if
sponsor_enabled
istrue
andsponsors
is empty. - sponsor
Enabled boolean - whether sponsor is enabled
- sponsor
Expire number - interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
- sponsor
Link stringValidity Duration - how long to remain valid sponsored guest request approve/deny link received in email, in minutes.
- sponsor
Notify booleanAll - whether to notify all sponsors that are mentioned in
sponsors
object. Bothsponsor_notify_all
andpredefined_sponsors_enabled
should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor
Status booleanNotify - if enabled, guest will get email about sponsor's action (approve/deny)
- sponsors {[key: string]: string}
- object of allowed sponsors email with name. Required if
sponsor_enabled
istrue
andsponsor_email_domains
is empty.Property key is the sponsor email, Property value is the sponsor name
- sso
Default stringRole - default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- sso
Forced stringRole - sso
Idp stringCert - IDP Cert (used to verify the signed response)
- sso
Idp stringSign Algo - signing algorithm for SAML Assertion
- sso
Idp stringSso Url - IDP Single-Sign-On URL
- sso
Issuer string - IDP issuer URL
- sso
Nameid stringFormat - enum:
email
,unspecified
- telstra
Client stringId - when
sms_provider
==telstra
, Client ID provided by Telstra - telstra
Client stringSecret - when
sms_provider
==telstra
, Client secret provided by Telstra - twilio
Auth stringToken - when
sms_provider
==twilio
, Auth token account with twilio account - twilio
Phone stringNumber - when
sms_provider
==twilio
, Twilio phone number associated with the account. See example for accepted format. - twilio
Sid string - when
sms_provider
==twilio
, Account SID provided by Twilio
- amazon_
client_ strid - amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
- amazon_
client_ strsecret - amazon OAuth2 client secret. If amazon_client_id was provided, provide a correspoinding value. Else leave blank.
- amazon_
email_ Sequence[str]domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- amazon_
enabled bool - whether amazon is enabled as a login method
- amazon_
expire float - interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
- auth str
- authentication scheme. enum:
external
,none
,sso
- azure_
client_ strid - Required if
azure_enabled
==true
. Azure active directory app client id - azure_
client_ strsecret - Required if
azure_enabled
==true
. Azure active directory app client secret - azure_
enabled bool - whether Azure Active Directory is enabled as a login method
- azure_
expire float - interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure_
tenant_ strid - Required if
azure_enabled
==true
. Azure active directory tenant id. - broadnet_
password str - when
sms_provider
==broadnet
- broadnet_
sid str - when
sms_provider
==broadnet
- broadnet_
user_ strid - when
sms_provider
==broadnet
- bypass_
when_ boolcloud_ down - whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell_
api_ strkey - when
sms_provider
==clickatell
- cross_
site bool - whether to allow guest to roam between WLANs (with same
WLAN.ssid
, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming) - email_
enabled bool - whether email (access code verification) is enabled as a login method
- enabled bool
- whether guest portal is enabled
- expire float
- how long to remain authorized, in minutes
- external_
portal_ strurl - external portal URL (e.g. https://host/url) where we can append our query parameters to
- facebook_
client_ strid - Required if
facebook_enabled
==true
. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook_
client_ strsecret - Required if
facebook_enabled
==true
. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a correspoinding value. Else leave blank. - facebook_
email_ Sequence[str]domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- facebook_
enabled bool - whether facebook is enabled as a login method
- facebook_
expire float - interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
- forward bool
- whether to forward the user to another URL after authorized
- forward_
url str - the URL to forward the user to
- google_
client_ strid - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google_
client_ strsecret - Google OAuth2 app secret. If google_client_id was provided, provide a correspoinding value. Else leave blank.
- google_
email_ Sequence[str]domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- google_
enabled bool - whether google is enabled as login method
- google_
expire float - interval for which guest remains authorized using google auth (in minutes), if not provided, uses expire`
- gupshup_
password str - when
sms_provider
==gupshup
- gupshup_
userid str - when
sms_provider
==gupshup
- microsoft_
client_ strid - microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
- microsoft_
client_ strsecret - microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a correspoinding value. Else leave blank.
- microsoft_
email_ Sequence[str]domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- microsoft_
enabled bool - whether microsoft 365 is enabled as a login method
- microsoft_
expire float - interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
- passphrase_
enabled bool - whether password is enabled
- passphrase_
expire float - interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses
expire
- password str
- passphrase
- predefined_
sponsors_ boolenabled - whether to show list of sponsor emails mentioned in
sponsors
object as a dropdown. If bothsponsor_notify_all
andpredefined_sponsors_enabled
are false, behaviour is acc tosponsor_email_domains
- predefined_
sponsors_ boolhide_ email - whether to hide sponsor’s email from list of sponsors
- privacy bool
- puzzel_
password str - when
sms_provider
==puzzel
- puzzel_
service_ strid - when
sms_provider
==puzzel
- puzzel_
username str - when
sms_provider
==puzzel
- sms_
enabled bool - whether sms is enabled as a login method
- sms_
expire float - interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
- sms_
message_ strformat - sms_
provider str - enum:
broadnet
,clickatell
,gupshup
,manual
,puzzel
,telstra
,twilio
- sponsor_
auto_ boolapprove - whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
- sponsor_
email_ Sequence[str]domains - list of domain allowed for sponsor email. Required if
sponsor_enabled
istrue
andsponsors
is empty. - sponsor_
enabled bool - whether sponsor is enabled
- sponsor_
expire float - interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
- sponsor_
link_ strvalidity_ duration - how long to remain valid sponsored guest request approve/deny link received in email, in minutes.
- sponsor_
notify_ boolall - whether to notify all sponsors that are mentioned in
sponsors
object. Bothsponsor_notify_all
andpredefined_sponsors_enabled
should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor_
status_ boolnotify - if enabled, guest will get email about sponsor's action (approve/deny)
- sponsors Mapping[str, str]
- object of allowed sponsors email with name. Required if
sponsor_enabled
istrue
andsponsor_email_domains
is empty.Property key is the sponsor email, Property value is the sponsor name
- sso_
default_ strrole - default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- sso_
forced_ strrole - sso_
idp_ strcert - IDP Cert (used to verify the signed response)
- sso_
idp_ strsign_ algo - signing algorithm for SAML Assertion
- sso_
idp_ strsso_ url - IDP Single-Sign-On URL
- sso_
issuer str - IDP issuer URL
- sso_
nameid_ strformat - enum:
email
,unspecified
- telstra_
client_ strid - when
sms_provider
==telstra
, Client ID provided by Telstra - telstra_
client_ strsecret - when
sms_provider
==telstra
, Client secret provided by Telstra - twilio_
auth_ strtoken - when
sms_provider
==twilio
, Auth token account with twilio account - twilio_
phone_ strnumber - when
sms_provider
==twilio
, Twilio phone number associated with the account. See example for accepted format. - twilio_
sid str - when
sms_provider
==twilio
, Account SID provided by Twilio
- amazon
Client StringId - amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
- amazon
Client StringSecret - amazon OAuth2 client secret. If amazon_client_id was provided, provide a correspoinding value. Else leave blank.
- amazon
Email List<String>Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- amazon
Enabled Boolean - whether amazon is enabled as a login method
- amazon
Expire Number - interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
- auth String
- authentication scheme. enum:
external
,none
,sso
- azure
Client StringId - Required if
azure_enabled
==true
. Azure active directory app client id - azure
Client StringSecret - Required if
azure_enabled
==true
. Azure active directory app client secret - azure
Enabled Boolean - whether Azure Active Directory is enabled as a login method
- azure
Expire Number - interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure
Tenant StringId - Required if
azure_enabled
==true
. Azure active directory tenant id. - broadnet
Password String - when
sms_provider
==broadnet
- broadnet
Sid String - when
sms_provider
==broadnet
- broadnet
User StringId - when
sms_provider
==broadnet
- bypass
When BooleanCloud Down - whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell
Api StringKey - when
sms_provider
==clickatell
- cross
Site Boolean - whether to allow guest to roam between WLANs (with same
WLAN.ssid
, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming) - email
Enabled Boolean - whether email (access code verification) is enabled as a login method
- enabled Boolean
- whether guest portal is enabled
- expire Number
- how long to remain authorized, in minutes
- external
Portal StringUrl - external portal URL (e.g. https://host/url) where we can append our query parameters to
- facebook
Client StringId - Required if
facebook_enabled
==true
. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook
Client StringSecret - Required if
facebook_enabled
==true
. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a correspoinding value. Else leave blank. - facebook
Email List<String>Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- facebook
Enabled Boolean - whether facebook is enabled as a login method
- facebook
Expire Number - interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
- forward Boolean
- whether to forward the user to another URL after authorized
- forward
Url String - the URL to forward the user to
- google
Client StringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google
Client StringSecret - Google OAuth2 app secret. If google_client_id was provided, provide a correspoinding value. Else leave blank.
- google
Email List<String>Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- google
Enabled Boolean - whether google is enabled as login method
- google
Expire Number - interval for which guest remains authorized using google auth (in minutes), if not provided, uses expire`
- gupshup
Password String - when
sms_provider
==gupshup
- gupshup
Userid String - when
sms_provider
==gupshup
- microsoft
Client StringId - microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
- microsoft
Client StringSecret - microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a correspoinding value. Else leave blank.
- microsoft
Email List<String>Domains - Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- microsoft
Enabled Boolean - whether microsoft 365 is enabled as a login method
- microsoft
Expire Number - interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
- passphrase
Enabled Boolean - whether password is enabled
- passphrase
Expire Number - interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses
expire
- password String
- passphrase
- predefined
Sponsors BooleanEnabled - whether to show list of sponsor emails mentioned in
sponsors
object as a dropdown. If bothsponsor_notify_all
andpredefined_sponsors_enabled
are false, behaviour is acc tosponsor_email_domains
- predefined
Sponsors BooleanHide Email - whether to hide sponsor’s email from list of sponsors
- privacy Boolean
- puzzel
Password String - when
sms_provider
==puzzel
- puzzel
Service StringId - when
sms_provider
==puzzel
- puzzel
Username String - when
sms_provider
==puzzel
- sms
Enabled Boolean - whether sms is enabled as a login method
- sms
Expire Number - interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
- sms
Message StringFormat - sms
Provider String - enum:
broadnet
,clickatell
,gupshup
,manual
,puzzel
,telstra
,twilio
- sponsor
Auto BooleanApprove - whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
- sponsor
Email List<String>Domains - list of domain allowed for sponsor email. Required if
sponsor_enabled
istrue
andsponsors
is empty. - sponsor
Enabled Boolean - whether sponsor is enabled
- sponsor
Expire Number - interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
- sponsor
Link StringValidity Duration - how long to remain valid sponsored guest request approve/deny link received in email, in minutes.
- sponsor
Notify BooleanAll - whether to notify all sponsors that are mentioned in
sponsors
object. Bothsponsor_notify_all
andpredefined_sponsors_enabled
should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor
Status BooleanNotify - if enabled, guest will get email about sponsor's action (approve/deny)
- sponsors Map<String>
- object of allowed sponsors email with name. Required if
sponsor_enabled
istrue
andsponsor_email_domains
is empty.Property key is the sponsor email, Property value is the sponsor name
- sso
Default StringRole - default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- sso
Forced StringRole - sso
Idp StringCert - IDP Cert (used to verify the signed response)
- sso
Idp StringSign Algo - signing algorithm for SAML Assertion
- sso
Idp StringSso Url - IDP Single-Sign-On URL
- sso
Issuer String - IDP issuer URL
- sso
Nameid StringFormat - enum:
email
,unspecified
- telstra
Client StringId - when
sms_provider
==telstra
, Client ID provided by Telstra - telstra
Client StringSecret - when
sms_provider
==telstra
, Client secret provided by Telstra - twilio
Auth StringToken - when
sms_provider
==twilio
, Auth token account with twilio account - twilio
Phone StringNumber - when
sms_provider
==twilio
, Twilio phone number associated with the account. See example for accepted format. - twilio
Sid String - when
sms_provider
==twilio
, Account SID provided by Twilio
WlanQos, WlanQosArgs
WlanRadsec, WlanRadsecArgs
- Coa
Enabled bool - Enabled bool
- Idle
Timeout int - Mxcluster
Ids List<string> - To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- Proxy
Hosts List<string> - default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts when radsec.proxy_hosts are not used, tunnel peers (org or site mxedges) are used irrespective of use_site_mxedge
- Server
Name string - name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- Servers
List<Pulumi.
Juniper Mist. Site. Inputs. Wlan Radsec Server> - List of Radsec Servers. Only if not Mist Edge.
- Use
Mxedge bool - use mxedge(s) as radsecproxy
- Use
Site boolMxedge - To use Site mxedges when this WLAN does not use mxtunnel
- Coa
Enabled bool - Enabled bool
- Idle
Timeout int - Mxcluster
Ids []string - To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- Proxy
Hosts []string - default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts when radsec.proxy_hosts are not used, tunnel peers (org or site mxedges) are used irrespective of use_site_mxedge
- Server
Name string - name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- Servers
[]Wlan
Radsec Server - List of Radsec Servers. Only if not Mist Edge.
- Use
Mxedge bool - use mxedge(s) as radsecproxy
- Use
Site boolMxedge - To use Site mxedges when this WLAN does not use mxtunnel
- coa
Enabled Boolean - enabled Boolean
- idle
Timeout Integer - mxcluster
Ids List<String> - To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- proxy
Hosts List<String> - default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts when radsec.proxy_hosts are not used, tunnel peers (org or site mxedges) are used irrespective of use_site_mxedge
- server
Name String - name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- servers
List<Wlan
Radsec Server> - List of Radsec Servers. Only if not Mist Edge.
- use
Mxedge Boolean - use mxedge(s) as radsecproxy
- use
Site BooleanMxedge - To use Site mxedges when this WLAN does not use mxtunnel
- coa
Enabled boolean - enabled boolean
- idle
Timeout number - mxcluster
Ids string[] - To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- proxy
Hosts string[] - default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts when radsec.proxy_hosts are not used, tunnel peers (org or site mxedges) are used irrespective of use_site_mxedge
- server
Name string - name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- servers
Wlan
Radsec Server[] - List of Radsec Servers. Only if not Mist Edge.
- use
Mxedge boolean - use mxedge(s) as radsecproxy
- use
Site booleanMxedge - To use Site mxedges when this WLAN does not use mxtunnel
- coa_
enabled bool - enabled bool
- idle_
timeout int - mxcluster_
ids Sequence[str] - To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- proxy_
hosts Sequence[str] - default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts when radsec.proxy_hosts are not used, tunnel peers (org or site mxedges) are used irrespective of use_site_mxedge
- server_
name str - name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- servers
Sequence[Wlan
Radsec Server] - List of Radsec Servers. Only if not Mist Edge.
- use_
mxedge bool - use mxedge(s) as radsecproxy
- use_
site_ boolmxedge - To use Site mxedges when this WLAN does not use mxtunnel
- coa
Enabled Boolean - enabled Boolean
- idle
Timeout Number - mxcluster
Ids List<String> - To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- proxy
Hosts List<String> - default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts when radsec.proxy_hosts are not used, tunnel peers (org or site mxedges) are used irrespective of use_site_mxedge
- server
Name String - name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- servers List<Property Map>
- List of Radsec Servers. Only if not Mist Edge.
- use
Mxedge Boolean - use mxedge(s) as radsecproxy
- use
Site BooleanMxedge - To use Site mxedges when this WLAN does not use mxtunnel
WlanRadsecServer, WlanRadsecServerArgs
WlanSchedule, WlanScheduleArgs
- Enabled bool
- Hours
Pulumi.
Juniper Mist. Site. Inputs. Wlan Schedule Hours hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun).
Note: If the dow is not defined then it\u2019\ s treated as 00:00-23:59.
- Enabled bool
- Hours
Wlan
Schedule Hours hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun).
Note: If the dow is not defined then it\u2019\ s treated as 00:00-23:59.
- enabled Boolean
- hours
Wlan
Schedule Hours hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun).
Note: If the dow is not defined then it\u2019\ s treated as 00:00-23:59.
- enabled boolean
- hours
Wlan
Schedule Hours hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun).
Note: If the dow is not defined then it\u2019\ s treated as 00:00-23:59.
- enabled bool
- hours
Wlan
Schedule Hours hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun).
Note: If the dow is not defined then it\u2019\ s treated as 00:00-23:59.
- enabled Boolean
- hours Property Map
hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun).
Note: If the dow is not defined then it\u2019\ s treated as 00:00-23:59.
WlanScheduleHours, WlanScheduleHoursArgs
Import
Using pulumi import
, import mist_site_wlan
with:
Site WLAN can be imported by specifying the site_id and the wlan_id
$ pulumi import junipermist:site/wlan:Wlan wlan_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- junipermist pulumi/pulumi-junipermist
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mist
Terraform Provider.