1. Packages
  2. Packages
  3. Juniper Mist Provider
  4. API Docs
  5. org
  6. Wlan
Viewing docs for Juniper Mist v0.11.1
published on Friday, Jul 10, 2026 by Pulumi
junipermist logo
Viewing docs for Juniper Mist v0.11.1
published on Friday, Jul 10, 2026 by Pulumi

    This resource manages the Org Wlans.

    The WLAN object contains all the required configuration to broadcast an SSID (Authentication, VLAN, …)

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as junipermist from "@pulumi/juniper-mist";
    
    const wlanOne = new junipermist.org.Wlan("wlan_one", {
        ssid: "wlan_one",
        orgId: terraformTest.id,
        templateId: test101.id,
        bands: [
            "5",
            "6",
        ],
        vlanEnabled: true,
        vlanId: "143",
        wlanLimitUp: "10000",
        wlanLimitDown: "20000",
        clientLimitUp: "512",
        clientLimitDown: "1000",
        auth: {
            type: "psk",
            psk: "secretpsk",
        },
        "interface": "all",
    });
    
    import pulumi
    import pulumi_juniper_mist as junipermist
    
    wlan_one = junipermist.org.Wlan("wlan_one",
        ssid="wlan_one",
        org_id=terraform_test["id"],
        template_id=test101["id"],
        bands=[
            "5",
            "6",
        ],
        vlan_enabled=True,
        vlan_id="143",
        wlan_limit_up="10000",
        wlan_limit_down="20000",
        client_limit_up="512",
        client_limit_down="1000",
        auth={
            "type": "psk",
            "psk": "secretpsk",
        },
        interface="all")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-junipermist/sdk/go/junipermist/org"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := org.NewWlan(ctx, "wlan_one", &org.WlanArgs{
    			Ssid:       pulumi.String("wlan_one"),
    			OrgId:      pulumi.Any(terraformTest.Id),
    			TemplateId: pulumi.Any(test101.Id),
    			Bands: pulumi.StringArray{
    				pulumi.String("5"),
    				pulumi.String("6"),
    			},
    			VlanEnabled:     pulumi.Bool(true),
    			VlanId:          pulumi.String("143"),
    			WlanLimitUp:     pulumi.String("10000"),
    			WlanLimitDown:   pulumi.String("20000"),
    			ClientLimitUp:   pulumi.String("512"),
    			ClientLimitDown: pulumi.String("1000"),
    			Auth: &org.WlanAuthArgs{
    				Type: pulumi.String("psk"),
    				Psk:  pulumi.String("secretpsk"),
    			},
    			Interface: pulumi.String("all"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using JuniperMist = Pulumi.JuniperMist;
    
    return await Deployment.RunAsync(() => 
    {
        var wlanOne = new JuniperMist.Org.Wlan("wlan_one", new()
        {
            Ssid = "wlan_one",
            OrgId = terraformTest.Id,
            TemplateId = test101.Id,
            Bands = new[]
            {
                "5",
                "6",
            },
            VlanEnabled = true,
            VlanId = "143",
            WlanLimitUp = "10000",
            WlanLimitDown = "20000",
            ClientLimitUp = "512",
            ClientLimitDown = "1000",
            Auth = new JuniperMist.Org.Inputs.WlanAuthArgs
            {
                Type = "psk",
                Psk = "secretpsk",
            },
            Interface = "all",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.junipermist.org.Wlan;
    import com.pulumi.junipermist.org.WlanArgs;
    import com.pulumi.junipermist.org.inputs.WlanAuthArgs;
    import java.util.ArrayList;
    import java.util.Arrays;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var wlanOne = new Wlan("wlanOne", WlanArgs.builder()
                .ssid("wlan_one")
                .orgId(terraformTest.id())
                .templateId(test101.id())
                .bands(            
                    "5",
                    "6")
                .vlanEnabled(true)
                .vlanId("143")
                .wlanLimitUp("10000")
                .wlanLimitDown("20000")
                .clientLimitUp("512")
                .clientLimitDown("1000")
                .auth(WlanAuthArgs.builder()
                    .type("psk")
                    .psk("secretpsk")
                    .build())
                .interface_("all")
                .build());
    
        }
    }
    
    resources:
      wlanOne:
        type: junipermist:org:Wlan
        name: wlan_one
        properties:
          ssid: wlan_one
          orgId: ${terraformTest.id}
          templateId: ${test101.id}
          bands:
            - '5'
            - '6'
          vlanEnabled: true
          vlanId: 143
          wlanLimitUp: 10000
          wlanLimitDown: 20000
          clientLimitUp: 512
          clientLimitDown: 1000
          auth:
            type: psk
            psk: secretpsk
          interface: all
    
    pulumi {
      required_providers {
        junipermist = {
          source = "pulumi/junipermist"
        }
      }
    }
    
    resource "junipermist_org_wlan" "wlan_one" {
      ssid              = "wlan_one"
      org_id            = terraformTest.id
      template_id       = test101.id
      bands             = ["5", "6"]
      vlan_enabled      = true
      vlan_id           = 143
      wlan_limit_up     = 10000
      wlan_limit_down   = 20000
      client_limit_up   = 512
      client_limit_down = 1000
      auth = {
        type = "psk"
        psk  = "secretpsk"
      }
      interface = "all"
    }
    

    Create Wlan Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Wlan(name: string, args: WlanArgs, opts?: CustomResourceOptions);
    @overload
    def Wlan(resource_name: str,
             args: WlanArgs,
             opts: Optional[ResourceOptions] = None)
    
    @overload
    def Wlan(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             org_id: Optional[str] = None,
             ssid: Optional[str] = None,
             template_id: Optional[str] = None,
             acct_immediate_update: Optional[bool] = None,
             acct_interim_interval: Optional[int] = None,
             acct_servers: Optional[Sequence[WlanAcctServerArgs]] = None,
             airwatch: Optional[WlanAirwatchArgs] = None,
             allow_ipv6_ndp: Optional[bool] = None,
             allow_mdns: Optional[bool] = None,
             allow_ssdp: Optional[bool] = None,
             ap_ids: Optional[Sequence[str]] = None,
             app_limit: Optional[WlanAppLimitArgs] = None,
             app_qos: Optional[WlanAppQosArgs] = None,
             apply_to: Optional[str] = None,
             arp_filter: Optional[bool] = None,
             auth: Optional[WlanAuthArgs] = None,
             auth_server_selection: Optional[str] = None,
             auth_servers: Optional[Sequence[WlanAuthServerArgs]] = None,
             auth_servers_nas_id: Optional[str] = None,
             auth_servers_nas_ip: Optional[str] = None,
             auth_servers_retries: Optional[int] = None,
             auth_servers_timeout: Optional[int] = None,
             band_steer: Optional[bool] = None,
             band_steer_force_band5: Optional[bool] = None,
             bands: Optional[Sequence[str]] = None,
             block_blacklist_clients: Optional[bool] = None,
             bonjour: Optional[WlanBonjourArgs] = None,
             cisco_cwa: Optional[WlanCiscoCwaArgs] = None,
             client_limit_down: Optional[str] = None,
             client_limit_down_enabled: Optional[bool] = None,
             client_limit_up: Optional[str] = None,
             client_limit_up_enabled: Optional[bool] = None,
             coa_servers: Optional[Sequence[WlanCoaServerArgs]] = None,
             disable11ax: Optional[bool] = None,
             disable11be: Optional[bool] = None,
             disable_ht_vht_rates: Optional[bool] = None,
             disable_message_authenticator_check: Optional[bool] = None,
             disable_uapsd: Optional[bool] = None,
             disable_v1_roam_notify: Optional[bool] = None,
             disable_v2_roam_notify: Optional[bool] = None,
             disable_when_gateway_unreachable: Optional[bool] = None,
             disable_when_mxtunnel_down: Optional[bool] = None,
             disable_wmm: Optional[bool] = None,
             dns_server_rewrite: Optional[WlanDnsServerRewriteArgs] = None,
             dtim: Optional[int] = None,
             dynamic_psk: Optional[WlanDynamicPskArgs] = None,
             dynamic_vlan: Optional[WlanDynamicVlanArgs] = None,
             enable_ftm: Optional[bool] = None,
             enable_local_keycaching: Optional[bool] = None,
             enable_wireless_bridging: Optional[bool] = None,
             enable_wireless_bridging_dhcp_tracking: Optional[bool] = None,
             enabled: Optional[bool] = None,
             fast_dot1x_timers: Optional[bool] = None,
             hide_ssid: Optional[bool] = None,
             hostname_ie: Optional[bool] = None,
             hotspot20: Optional[WlanHotspot20Args] = None,
             inject_dhcp_option82: Optional[WlanInjectDhcpOption82Args] = None,
             interface: Optional[str] = None,
             isolation: Optional[bool] = None,
             l2_isolation: Optional[bool] = None,
             legacy_overds: Optional[bool] = None,
             limit_bcast: Optional[bool] = None,
             limit_probe_response: Optional[bool] = None,
             max_idletime: Optional[int] = None,
             max_num_clients: Optional[int] = None,
             mist_nac: Optional[WlanMistNacArgs] = None,
             mxtunnel_ids: Optional[Sequence[str]] = None,
             mxtunnel_names: Optional[Sequence[str]] = None,
             no_static_dns: Optional[bool] = None,
             no_static_ip: Optional[bool] = None,
             portal: Optional[WlanPortalArgs] = None,
             portal_allowed_hostnames: Optional[Sequence[str]] = None,
             portal_allowed_subnets: Optional[Sequence[str]] = None,
             portal_denied_hostnames: Optional[Sequence[str]] = None,
             qos: Optional[WlanQosArgs] = None,
             radsec: Optional[WlanRadsecArgs] = None,
             rateset: Optional[Mapping[str, WlanRatesetArgs]] = None,
             reconnect_clients_when_roaming_mxcluster: Optional[bool] = None,
             roam_mode: Optional[str] = None,
             schedule: Optional[WlanScheduleArgs] = None,
             sle_excluded: Optional[bool] = None,
             use_eapol_v1: Optional[bool] = None,
             vlan_enabled: Optional[bool] = None,
             vlan_id: Optional[str] = None,
             vlan_ids: Optional[Sequence[str]] = None,
             vlan_pooling: Optional[bool] = None,
             wlan_limit_down: Optional[str] = None,
             wlan_limit_down_enabled: Optional[bool] = None,
             wlan_limit_up: Optional[str] = None,
             wlan_limit_up_enabled: Optional[bool] = None,
             wxtag_ids: Optional[Sequence[str]] = None,
             wxtunnel_id: Optional[str] = None,
             wxtunnel_remote_id: Optional[str] = None)
    func NewWlan(ctx *Context, name string, args WlanArgs, opts ...ResourceOption) (*Wlan, error)
    public Wlan(string name, WlanArgs args, CustomResourceOptions? opts = null)
    public Wlan(String name, WlanArgs args)
    public Wlan(String name, WlanArgs args, CustomResourceOptions options)
    
    type: junipermist:org:Wlan
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    resource "junipermist_org_wlan" "name" {
        # resource properties
    }

    Parameters

    name string
    The unique name of the resource.
    args WlanArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args WlanArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args WlanArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args WlanArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args WlanArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var wlanResource = new JuniperMist.Org.Wlan("wlanResource", new()
    {
        OrgId = "string",
        Ssid = "string",
        TemplateId = "string",
        AcctImmediateUpdate = false,
        AcctInterimInterval = 0,
        AcctServers = new[]
        {
            new JuniperMist.Org.Inputs.WlanAcctServerArgs
            {
                Host = "string",
                Secret = "string",
                KeywrapEnabled = false,
                KeywrapFormat = "string",
                KeywrapKek = "string",
                KeywrapMack = "string",
                Port = "string",
            },
        },
        Airwatch = new JuniperMist.Org.Inputs.WlanAirwatchArgs
        {
            ApiKey = "string",
            ConsoleUrl = "string",
            Enabled = false,
            Password = "string",
            Username = "string",
        },
        AllowIpv6Ndp = false,
        AllowMdns = false,
        AllowSsdp = false,
        ApIds = new[]
        {
            "string",
        },
        AppLimit = new JuniperMist.Org.Inputs.WlanAppLimitArgs
        {
            Apps = 
            {
                { "string", 0 },
            },
            Enabled = false,
            WxtagIds = 
            {
                { "string", 0 },
            },
        },
        AppQos = new JuniperMist.Org.Inputs.WlanAppQosArgs
        {
            Apps = 
            {
                { "string", new JuniperMist.Org.Inputs.WlanAppQosAppsArgs
                {
                    Dscp = "string",
                    DstSubnet = "string",
                    SrcSubnet = "string",
                } },
            },
            Enabled = false,
            Others = new[]
            {
                new JuniperMist.Org.Inputs.WlanAppQosOtherArgs
                {
                    Dscp = "string",
                    DstSubnet = "string",
                    PortRanges = "string",
                    Protocol = "string",
                    SrcSubnet = "string",
                },
            },
        },
        ApplyTo = "string",
        ArpFilter = false,
        Auth = new JuniperMist.Org.Inputs.WlanAuthArgs
        {
            AnticlogThreshold = 0,
            EapReauth = false,
            EnableBeaconProtection = false,
            EnableGcmp256 = false,
            EnableMacAuth = false,
            KeyIdx = 0,
            Keys = new[]
            {
                "string",
            },
            MultiPskOnly = false,
            Owe = "string",
            Pairwises = new[]
            {
                "string",
            },
            PrivateWlan = false,
            Psk = "string",
            Type = "string",
            WepAsSecondaryAuth = false,
        },
        AuthServerSelection = "string",
        AuthServers = new[]
        {
            new JuniperMist.Org.Inputs.WlanAuthServerArgs
            {
                Host = "string",
                Secret = "string",
                KeywrapEnabled = false,
                KeywrapFormat = "string",
                KeywrapKek = "string",
                KeywrapMack = "string",
                Port = "string",
                RequireMessageAuthenticator = false,
            },
        },
        AuthServersNasId = "string",
        AuthServersNasIp = "string",
        AuthServersRetries = 0,
        AuthServersTimeout = 0,
        BandSteer = false,
        BandSteerForceBand5 = false,
        Bands = new[]
        {
            "string",
        },
        BlockBlacklistClients = false,
        Bonjour = new JuniperMist.Org.Inputs.WlanBonjourArgs
        {
            AdditionalVlanIds = new[]
            {
                "string",
            },
            Enabled = false,
            Services = 
            {
                { "string", new JuniperMist.Org.Inputs.WlanBonjourServicesArgs
                {
                    DisableLocal = false,
                    RadiusGroups = new[]
                    {
                        "string",
                    },
                    Scope = "string",
                } },
            },
        },
        CiscoCwa = new JuniperMist.Org.Inputs.WlanCiscoCwaArgs
        {
            AllowedHostnames = new[]
            {
                "string",
            },
            AllowedSubnets = new[]
            {
                "string",
            },
            BlockedSubnets = new[]
            {
                "string",
            },
            Enabled = false,
        },
        ClientLimitDown = "string",
        ClientLimitDownEnabled = false,
        ClientLimitUp = "string",
        ClientLimitUpEnabled = false,
        CoaServers = new[]
        {
            new JuniperMist.Org.Inputs.WlanCoaServerArgs
            {
                Ip = "string",
                Secret = "string",
                DisableEventTimestampCheck = false,
                Enabled = false,
                Port = "string",
            },
        },
        Disable11ax = false,
        Disable11be = false,
        DisableHtVhtRates = false,
        DisableMessageAuthenticatorCheck = false,
        DisableUapsd = false,
        DisableV1RoamNotify = false,
        DisableV2RoamNotify = false,
        DisableWhenGatewayUnreachable = false,
        DisableWhenMxtunnelDown = false,
        DisableWmm = false,
        DnsServerRewrite = new JuniperMist.Org.Inputs.WlanDnsServerRewriteArgs
        {
            Enabled = false,
            RadiusGroups = 
            {
                { "string", "string" },
            },
        },
        Dtim = 0,
        DynamicPsk = new JuniperMist.Org.Inputs.WlanDynamicPskArgs
        {
            DefaultPsk = "string",
            DefaultVlanId = "string",
            Enabled = false,
            ForceLookup = false,
            Source = "string",
        },
        DynamicVlan = new JuniperMist.Org.Inputs.WlanDynamicVlanArgs
        {
            DefaultVlanIds = new[]
            {
                "string",
            },
            Enabled = false,
            LocalVlanIds = new[]
            {
                "string",
            },
            Type = "string",
            Vlans = 
            {
                { "string", "string" },
            },
        },
        EnableFtm = false,
        EnableLocalKeycaching = false,
        EnableWirelessBridging = false,
        EnableWirelessBridgingDhcpTracking = false,
        Enabled = false,
        FastDot1xTimers = false,
        HideSsid = false,
        HostnameIe = false,
        Hotspot20 = new JuniperMist.Org.Inputs.WlanHotspot20Args
        {
            DomainNames = new[]
            {
                "string",
            },
            Enabled = false,
            NaiRealms = new[]
            {
                "string",
            },
            Operators = new[]
            {
                "string",
            },
            Rcois = new[]
            {
                "string",
            },
            VenueName = "string",
        },
        InjectDhcpOption82 = new JuniperMist.Org.Inputs.WlanInjectDhcpOption82Args
        {
            CircuitId = "string",
            Enabled = false,
        },
        Interface = "string",
        Isolation = false,
        L2Isolation = false,
        LegacyOverds = false,
        LimitBcast = false,
        LimitProbeResponse = false,
        MaxIdletime = 0,
        MaxNumClients = 0,
        MistNac = new JuniperMist.Org.Inputs.WlanMistNacArgs
        {
            AcctInterimInterval = 0,
            AuthServersRetries = 0,
            AuthServersTimeout = 0,
            CoaEnabled = false,
            CoaPort = 0,
            Enabled = false,
            FastDot1xTimers = false,
            Network = "string",
            SourceIp = "string",
        },
        MxtunnelIds = new[]
        {
            "string",
        },
        MxtunnelNames = new[]
        {
            "string",
        },
        NoStaticDns = false,
        NoStaticIp = false,
        Portal = new JuniperMist.Org.Inputs.WlanPortalArgs
        {
            AllowWlanIdRoam = false,
            AmazonClientId = "string",
            AmazonClientSecret = "string",
            AmazonEmailDomains = new[]
            {
                "string",
            },
            AmazonEnabled = false,
            AmazonExpire = 0,
            Auth = "string",
            AzureClientId = "string",
            AzureClientSecret = "string",
            AzureEnabled = false,
            AzureExpire = 0,
            AzureTenantId = "string",
            BroadnetPassword = "string",
            BroadnetSid = "string",
            BroadnetUserId = "string",
            BypassWhenCloudDown = false,
            ClickatellApiKey = "string",
            CrossSite = false,
            EmailEnabled = false,
            Enabled = false,
            Expire = 0,
            ExternalPortalUrl = "string",
            FacebookClientId = "string",
            FacebookClientSecret = "string",
            FacebookEmailDomains = new[]
            {
                "string",
            },
            FacebookEnabled = false,
            FacebookExpire = 0,
            Forward = false,
            ForwardUrl = "string",
            GoogleClientId = "string",
            GoogleClientSecret = "string",
            GoogleEmailDomains = new[]
            {
                "string",
            },
            GoogleEnabled = false,
            GoogleExpire = 0,
            GupshupPassword = "string",
            GupshupUserid = "string",
            MicrosoftClientId = "string",
            MicrosoftClientSecret = "string",
            MicrosoftEmailDomains = new[]
            {
                "string",
            },
            MicrosoftEnabled = false,
            MicrosoftExpire = 0,
            PassphraseEnabled = false,
            PassphraseExpire = 0,
            Password = "string",
            PredefinedSponsorsEnabled = false,
            PredefinedSponsorsHideEmail = false,
            Privacy = false,
            PuzzelPassword = "string",
            PuzzelServiceId = "string",
            PuzzelUsername = "string",
            SmsEnabled = false,
            SmsExpire = 0,
            SmsMessageFormat = "string",
            SmsProvider = "string",
            SmsglobalApiKey = "string",
            SmsglobalApiSecret = "string",
            SmsglobalSender = "string",
            SponsorAutoApprove = false,
            SponsorEmailDomains = new[]
            {
                "string",
            },
            SponsorEnabled = false,
            SponsorExpire = 0,
            SponsorLinkValidityDuration = "string",
            SponsorNotifyAll = false,
            SponsorStatusNotify = false,
            Sponsors = 
            {
                { "string", "string" },
            },
            SsoDefaultRole = "string",
            SsoForcedRole = "string",
            SsoIdpCert = "string",
            SsoIdpSignAlgo = "string",
            SsoIdpSsoUrl = "string",
            SsoIssuer = "string",
            SsoNameidFormat = "string",
            TelstraClientId = "string",
            TelstraClientSecret = "string",
            TwilioAuthToken = "string",
            TwilioPhoneNumber = "string",
            TwilioSid = "string",
        },
        PortalAllowedHostnames = new[]
        {
            "string",
        },
        PortalAllowedSubnets = new[]
        {
            "string",
        },
        PortalDeniedHostnames = new[]
        {
            "string",
        },
        Qos = new JuniperMist.Org.Inputs.WlanQosArgs
        {
            Class = "string",
            Overwrite = false,
        },
        Radsec = new JuniperMist.Org.Inputs.WlanRadsecArgs
        {
            CoaEnabled = false,
            Enabled = false,
            IdleTimeout = "string",
            MxclusterIds = new[]
            {
                "string",
            },
            ProxyHosts = new[]
            {
                "string",
            },
            ServerName = "string",
            Servers = new[]
            {
                new JuniperMist.Org.Inputs.WlanRadsecServerArgs
                {
                    Host = "string",
                    Port = 0,
                },
            },
            UseMxedge = false,
            UseSiteMxedge = false,
        },
        Rateset = 
        {
            { "string", new JuniperMist.Org.Inputs.WlanRatesetArgs
            {
                Eht = "string",
                He = "string",
                Ht = "string",
                Legacies = new[]
                {
                    "string",
                },
                MinRssi = 0,
                Template = "string",
                Vht = "string",
            } },
        },
        ReconnectClientsWhenRoamingMxcluster = false,
        RoamMode = "string",
        Schedule = new JuniperMist.Org.Inputs.WlanScheduleArgs
        {
            Enabled = false,
            Hours = new JuniperMist.Org.Inputs.WlanScheduleHoursArgs
            {
                Fri = "string",
                Mon = "string",
                Sat = "string",
                Sun = "string",
                Thu = "string",
                Tue = "string",
                Wed = "string",
            },
        },
        SleExcluded = false,
        UseEapolV1 = false,
        VlanEnabled = false,
        VlanId = "string",
        VlanIds = new[]
        {
            "string",
        },
        VlanPooling = false,
        WlanLimitDown = "string",
        WlanLimitDownEnabled = false,
        WlanLimitUp = "string",
        WlanLimitUpEnabled = false,
        WxtagIds = new[]
        {
            "string",
        },
        WxtunnelId = "string",
        WxtunnelRemoteId = "string",
    });
    
    example, err := org.NewWlan(ctx, "wlanResource", &org.WlanArgs{
    	OrgId:               pulumi.String("string"),
    	Ssid:                pulumi.String("string"),
    	TemplateId:          pulumi.String("string"),
    	AcctImmediateUpdate: pulumi.Bool(false),
    	AcctInterimInterval: pulumi.Int(0),
    	AcctServers: org.WlanAcctServerArray{
    		&org.WlanAcctServerArgs{
    			Host:           pulumi.String("string"),
    			Secret:         pulumi.String("string"),
    			KeywrapEnabled: pulumi.Bool(false),
    			KeywrapFormat:  pulumi.String("string"),
    			KeywrapKek:     pulumi.String("string"),
    			KeywrapMack:    pulumi.String("string"),
    			Port:           pulumi.String("string"),
    		},
    	},
    	Airwatch: &org.WlanAirwatchArgs{
    		ApiKey:     pulumi.String("string"),
    		ConsoleUrl: pulumi.String("string"),
    		Enabled:    pulumi.Bool(false),
    		Password:   pulumi.String("string"),
    		Username:   pulumi.String("string"),
    	},
    	AllowIpv6Ndp: pulumi.Bool(false),
    	AllowMdns:    pulumi.Bool(false),
    	AllowSsdp:    pulumi.Bool(false),
    	ApIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AppLimit: &org.WlanAppLimitArgs{
    		Apps: pulumi.IntMap{
    			"string": pulumi.Int(0),
    		},
    		Enabled: pulumi.Bool(false),
    		WxtagIds: pulumi.IntMap{
    			"string": pulumi.Int(0),
    		},
    	},
    	AppQos: &org.WlanAppQosArgs{
    		Apps: org.WlanAppQosAppsMap{
    			"string": &org.WlanAppQosAppsArgs{
    				Dscp:      pulumi.String("string"),
    				DstSubnet: pulumi.String("string"),
    				SrcSubnet: pulumi.String("string"),
    			},
    		},
    		Enabled: pulumi.Bool(false),
    		Others: org.WlanAppQosOtherArray{
    			&org.WlanAppQosOtherArgs{
    				Dscp:       pulumi.String("string"),
    				DstSubnet:  pulumi.String("string"),
    				PortRanges: pulumi.String("string"),
    				Protocol:   pulumi.String("string"),
    				SrcSubnet:  pulumi.String("string"),
    			},
    		},
    	},
    	ApplyTo:   pulumi.String("string"),
    	ArpFilter: pulumi.Bool(false),
    	Auth: &org.WlanAuthArgs{
    		AnticlogThreshold:      pulumi.Int(0),
    		EapReauth:              pulumi.Bool(false),
    		EnableBeaconProtection: pulumi.Bool(false),
    		EnableGcmp256:          pulumi.Bool(false),
    		EnableMacAuth:          pulumi.Bool(false),
    		KeyIdx:                 pulumi.Int(0),
    		Keys: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MultiPskOnly: pulumi.Bool(false),
    		Owe:          pulumi.String("string"),
    		Pairwises: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		PrivateWlan:        pulumi.Bool(false),
    		Psk:                pulumi.String("string"),
    		Type:               pulumi.String("string"),
    		WepAsSecondaryAuth: pulumi.Bool(false),
    	},
    	AuthServerSelection: pulumi.String("string"),
    	AuthServers: org.WlanAuthServerArray{
    		&org.WlanAuthServerArgs{
    			Host:                        pulumi.String("string"),
    			Secret:                      pulumi.String("string"),
    			KeywrapEnabled:              pulumi.Bool(false),
    			KeywrapFormat:               pulumi.String("string"),
    			KeywrapKek:                  pulumi.String("string"),
    			KeywrapMack:                 pulumi.String("string"),
    			Port:                        pulumi.String("string"),
    			RequireMessageAuthenticator: pulumi.Bool(false),
    		},
    	},
    	AuthServersNasId:    pulumi.String("string"),
    	AuthServersNasIp:    pulumi.String("string"),
    	AuthServersRetries:  pulumi.Int(0),
    	AuthServersTimeout:  pulumi.Int(0),
    	BandSteer:           pulumi.Bool(false),
    	BandSteerForceBand5: pulumi.Bool(false),
    	Bands: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	BlockBlacklistClients: pulumi.Bool(false),
    	Bonjour: &org.WlanBonjourArgs{
    		AdditionalVlanIds: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled: pulumi.Bool(false),
    		Services: org.WlanBonjourServicesMap{
    			"string": &org.WlanBonjourServicesArgs{
    				DisableLocal: pulumi.Bool(false),
    				RadiusGroups: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				Scope: pulumi.String("string"),
    			},
    		},
    	},
    	CiscoCwa: &org.WlanCiscoCwaArgs{
    		AllowedHostnames: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		AllowedSubnets: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		BlockedSubnets: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled: pulumi.Bool(false),
    	},
    	ClientLimitDown:        pulumi.String("string"),
    	ClientLimitDownEnabled: pulumi.Bool(false),
    	ClientLimitUp:          pulumi.String("string"),
    	ClientLimitUpEnabled:   pulumi.Bool(false),
    	CoaServers: org.WlanCoaServerArray{
    		&org.WlanCoaServerArgs{
    			Ip:                         pulumi.String("string"),
    			Secret:                     pulumi.String("string"),
    			DisableEventTimestampCheck: pulumi.Bool(false),
    			Enabled:                    pulumi.Bool(false),
    			Port:                       pulumi.String("string"),
    		},
    	},
    	Disable11ax:                      pulumi.Bool(false),
    	Disable11be:                      pulumi.Bool(false),
    	DisableHtVhtRates:                pulumi.Bool(false),
    	DisableMessageAuthenticatorCheck: pulumi.Bool(false),
    	DisableUapsd:                     pulumi.Bool(false),
    	DisableV1RoamNotify:              pulumi.Bool(false),
    	DisableV2RoamNotify:              pulumi.Bool(false),
    	DisableWhenGatewayUnreachable:    pulumi.Bool(false),
    	DisableWhenMxtunnelDown:          pulumi.Bool(false),
    	DisableWmm:                       pulumi.Bool(false),
    	DnsServerRewrite: &org.WlanDnsServerRewriteArgs{
    		Enabled: pulumi.Bool(false),
    		RadiusGroups: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    	},
    	Dtim: pulumi.Int(0),
    	DynamicPsk: &org.WlanDynamicPskArgs{
    		DefaultPsk:    pulumi.String("string"),
    		DefaultVlanId: pulumi.String("string"),
    		Enabled:       pulumi.Bool(false),
    		ForceLookup:   pulumi.Bool(false),
    		Source:        pulumi.String("string"),
    	},
    	DynamicVlan: &org.WlanDynamicVlanArgs{
    		DefaultVlanIds: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled: pulumi.Bool(false),
    		LocalVlanIds: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Type: pulumi.String("string"),
    		Vlans: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    	},
    	EnableFtm:                          pulumi.Bool(false),
    	EnableLocalKeycaching:              pulumi.Bool(false),
    	EnableWirelessBridging:             pulumi.Bool(false),
    	EnableWirelessBridgingDhcpTracking: pulumi.Bool(false),
    	Enabled:                            pulumi.Bool(false),
    	FastDot1xTimers:                    pulumi.Bool(false),
    	HideSsid:                           pulumi.Bool(false),
    	HostnameIe:                         pulumi.Bool(false),
    	Hotspot20: &org.WlanHotspot20Args{
    		DomainNames: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled: pulumi.Bool(false),
    		NaiRealms: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Operators: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Rcois: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		VenueName: pulumi.String("string"),
    	},
    	InjectDhcpOption82: &org.WlanInjectDhcpOption82Args{
    		CircuitId: pulumi.String("string"),
    		Enabled:   pulumi.Bool(false),
    	},
    	Interface:          pulumi.String("string"),
    	Isolation:          pulumi.Bool(false),
    	L2Isolation:        pulumi.Bool(false),
    	LegacyOverds:       pulumi.Bool(false),
    	LimitBcast:         pulumi.Bool(false),
    	LimitProbeResponse: pulumi.Bool(false),
    	MaxIdletime:        pulumi.Int(0),
    	MaxNumClients:      pulumi.Int(0),
    	MistNac: &org.WlanMistNacArgs{
    		AcctInterimInterval: pulumi.Int(0),
    		AuthServersRetries:  pulumi.Int(0),
    		AuthServersTimeout:  pulumi.Int(0),
    		CoaEnabled:          pulumi.Bool(false),
    		CoaPort:             pulumi.Int(0),
    		Enabled:             pulumi.Bool(false),
    		FastDot1xTimers:     pulumi.Bool(false),
    		Network:             pulumi.String("string"),
    		SourceIp:            pulumi.String("string"),
    	},
    	MxtunnelIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	MxtunnelNames: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	NoStaticDns: pulumi.Bool(false),
    	NoStaticIp:  pulumi.Bool(false),
    	Portal: &org.WlanPortalArgs{
    		AllowWlanIdRoam:    pulumi.Bool(false),
    		AmazonClientId:     pulumi.String("string"),
    		AmazonClientSecret: pulumi.String("string"),
    		AmazonEmailDomains: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		AmazonEnabled:        pulumi.Bool(false),
    		AmazonExpire:         pulumi.Int(0),
    		Auth:                 pulumi.String("string"),
    		AzureClientId:        pulumi.String("string"),
    		AzureClientSecret:    pulumi.String("string"),
    		AzureEnabled:         pulumi.Bool(false),
    		AzureExpire:          pulumi.Int(0),
    		AzureTenantId:        pulumi.String("string"),
    		BroadnetPassword:     pulumi.String("string"),
    		BroadnetSid:          pulumi.String("string"),
    		BroadnetUserId:       pulumi.String("string"),
    		BypassWhenCloudDown:  pulumi.Bool(false),
    		ClickatellApiKey:     pulumi.String("string"),
    		CrossSite:            pulumi.Bool(false),
    		EmailEnabled:         pulumi.Bool(false),
    		Enabled:              pulumi.Bool(false),
    		Expire:               pulumi.Int(0),
    		ExternalPortalUrl:    pulumi.String("string"),
    		FacebookClientId:     pulumi.String("string"),
    		FacebookClientSecret: pulumi.String("string"),
    		FacebookEmailDomains: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		FacebookEnabled:    pulumi.Bool(false),
    		FacebookExpire:     pulumi.Int(0),
    		Forward:            pulumi.Bool(false),
    		ForwardUrl:         pulumi.String("string"),
    		GoogleClientId:     pulumi.String("string"),
    		GoogleClientSecret: pulumi.String("string"),
    		GoogleEmailDomains: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		GoogleEnabled:         pulumi.Bool(false),
    		GoogleExpire:          pulumi.Int(0),
    		GupshupPassword:       pulumi.String("string"),
    		GupshupUserid:         pulumi.String("string"),
    		MicrosoftClientId:     pulumi.String("string"),
    		MicrosoftClientSecret: pulumi.String("string"),
    		MicrosoftEmailDomains: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MicrosoftEnabled:            pulumi.Bool(false),
    		MicrosoftExpire:             pulumi.Int(0),
    		PassphraseEnabled:           pulumi.Bool(false),
    		PassphraseExpire:            pulumi.Int(0),
    		Password:                    pulumi.String("string"),
    		PredefinedSponsorsEnabled:   pulumi.Bool(false),
    		PredefinedSponsorsHideEmail: pulumi.Bool(false),
    		Privacy:                     pulumi.Bool(false),
    		PuzzelPassword:              pulumi.String("string"),
    		PuzzelServiceId:             pulumi.String("string"),
    		PuzzelUsername:              pulumi.String("string"),
    		SmsEnabled:                  pulumi.Bool(false),
    		SmsExpire:                   pulumi.Int(0),
    		SmsMessageFormat:            pulumi.String("string"),
    		SmsProvider:                 pulumi.String("string"),
    		SmsglobalApiKey:             pulumi.String("string"),
    		SmsglobalApiSecret:          pulumi.String("string"),
    		SmsglobalSender:             pulumi.String("string"),
    		SponsorAutoApprove:          pulumi.Bool(false),
    		SponsorEmailDomains: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		SponsorEnabled:              pulumi.Bool(false),
    		SponsorExpire:               pulumi.Int(0),
    		SponsorLinkValidityDuration: pulumi.String("string"),
    		SponsorNotifyAll:            pulumi.Bool(false),
    		SponsorStatusNotify:         pulumi.Bool(false),
    		Sponsors: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    		SsoDefaultRole:      pulumi.String("string"),
    		SsoForcedRole:       pulumi.String("string"),
    		SsoIdpCert:          pulumi.String("string"),
    		SsoIdpSignAlgo:      pulumi.String("string"),
    		SsoIdpSsoUrl:        pulumi.String("string"),
    		SsoIssuer:           pulumi.String("string"),
    		SsoNameidFormat:     pulumi.String("string"),
    		TelstraClientId:     pulumi.String("string"),
    		TelstraClientSecret: pulumi.String("string"),
    		TwilioAuthToken:     pulumi.String("string"),
    		TwilioPhoneNumber:   pulumi.String("string"),
    		TwilioSid:           pulumi.String("string"),
    	},
    	PortalAllowedHostnames: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	PortalAllowedSubnets: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	PortalDeniedHostnames: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Qos: &org.WlanQosArgs{
    		Class:     pulumi.String("string"),
    		Overwrite: pulumi.Bool(false),
    	},
    	Radsec: &org.WlanRadsecArgs{
    		CoaEnabled:  pulumi.Bool(false),
    		Enabled:     pulumi.Bool(false),
    		IdleTimeout: pulumi.String("string"),
    		MxclusterIds: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ProxyHosts: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ServerName: pulumi.String("string"),
    		Servers: org.WlanRadsecServerArray{
    			&org.WlanRadsecServerArgs{
    				Host: pulumi.String("string"),
    				Port: pulumi.Int(0),
    			},
    		},
    		UseMxedge:     pulumi.Bool(false),
    		UseSiteMxedge: pulumi.Bool(false),
    	},
    	Rateset: org.WlanRatesetMap{
    		"string": &org.WlanRatesetArgs{
    			Eht: pulumi.String("string"),
    			He:  pulumi.String("string"),
    			Ht:  pulumi.String("string"),
    			Legacies: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			MinRssi:  pulumi.Int(0),
    			Template: pulumi.String("string"),
    			Vht:      pulumi.String("string"),
    		},
    	},
    	ReconnectClientsWhenRoamingMxcluster: pulumi.Bool(false),
    	RoamMode:                             pulumi.String("string"),
    	Schedule: &org.WlanScheduleArgs{
    		Enabled: pulumi.Bool(false),
    		Hours: &org.WlanScheduleHoursArgs{
    			Fri: pulumi.String("string"),
    			Mon: pulumi.String("string"),
    			Sat: pulumi.String("string"),
    			Sun: pulumi.String("string"),
    			Thu: pulumi.String("string"),
    			Tue: pulumi.String("string"),
    			Wed: pulumi.String("string"),
    		},
    	},
    	SleExcluded: pulumi.Bool(false),
    	UseEapolV1:  pulumi.Bool(false),
    	VlanEnabled: pulumi.Bool(false),
    	VlanId:      pulumi.String("string"),
    	VlanIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	VlanPooling:          pulumi.Bool(false),
    	WlanLimitDown:        pulumi.String("string"),
    	WlanLimitDownEnabled: pulumi.Bool(false),
    	WlanLimitUp:          pulumi.String("string"),
    	WlanLimitUpEnabled:   pulumi.Bool(false),
    	WxtagIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	WxtunnelId:       pulumi.String("string"),
    	WxtunnelRemoteId: pulumi.String("string"),
    })
    
    resource "junipermist_org_wlan" "wlanResource" {
      org_id                = "string"
      ssid                  = "string"
      template_id           = "string"
      acct_immediate_update = false
      acct_interim_interval = 0
      acct_servers {
        host            = "string"
        secret          = "string"
        keywrap_enabled = false
        keywrap_format  = "string"
        keywrap_kek     = "string"
        keywrap_mack    = "string"
        port            = "string"
      }
      airwatch = {
        api_key     = "string"
        console_url = "string"
        enabled     = false
        password    = "string"
        username    = "string"
      }
      allow_ipv6_ndp = false
      allow_mdns     = false
      allow_ssdp     = false
      ap_ids         = ["string"]
      app_limit = {
        apps = {
          "string" = 0
        }
        enabled = false
        wxtag_ids = {
          "string" = 0
        }
      }
      app_qos = {
        apps = {
          "string" = {
            dscp       = "string"
            dst_subnet = "string"
            src_subnet = "string"
          }
        }
        enabled = false
        others = [{
          "dscp"       = "string"
          "dstSubnet"  = "string"
          "portRanges" = "string"
          "protocol"   = "string"
          "srcSubnet"  = "string"
        }]
      }
      apply_to   = "string"
      arp_filter = false
      auth = {
        anticlog_threshold       = 0
        eap_reauth               = false
        enable_beacon_protection = false
        enable_gcmp256           = false
        enable_mac_auth          = false
        key_idx                  = 0
        keys                     = ["string"]
        multi_psk_only           = false
        owe                      = "string"
        pairwises                = ["string"]
        private_wlan             = false
        psk                      = "string"
        type                     = "string"
        wep_as_secondary_auth    = false
      }
      auth_server_selection = "string"
      auth_servers {
        host                          = "string"
        secret                        = "string"
        keywrap_enabled               = false
        keywrap_format                = "string"
        keywrap_kek                   = "string"
        keywrap_mack                  = "string"
        port                          = "string"
        require_message_authenticator = false
      }
      auth_servers_nas_id     = "string"
      auth_servers_nas_ip     = "string"
      auth_servers_retries    = 0
      auth_servers_timeout    = 0
      band_steer              = false
      band_steer_force_band5  = false
      bands                   = ["string"]
      block_blacklist_clients = false
      bonjour = {
        additional_vlan_ids = ["string"]
        enabled             = false
        services = {
          "string" = {
            disable_local = false
            radius_groups = ["string"]
            scope         = "string"
          }
        }
      }
      cisco_cwa = {
        allowed_hostnames = ["string"]
        allowed_subnets   = ["string"]
        blocked_subnets   = ["string"]
        enabled           = false
      }
      client_limit_down         = "string"
      client_limit_down_enabled = false
      client_limit_up           = "string"
      client_limit_up_enabled   = false
      coa_servers {
        ip                            = "string"
        secret                        = "string"
        disable_event_timestamp_check = false
        enabled                       = false
        port                          = "string"
      }
      disable11ax                         = false
      disable11be                         = false
      disable_ht_vht_rates                = false
      disable_message_authenticator_check = false
      disable_uapsd                       = false
      disable_v1_roam_notify              = false
      disable_v2_roam_notify              = false
      disable_when_gateway_unreachable    = false
      disable_when_mxtunnel_down          = false
      disable_wmm                         = false
      dns_server_rewrite = {
        enabled = false
        radius_groups = {
          "string" = "string"
        }
      }
      dtim = 0
      dynamic_psk = {
        default_psk     = "string"
        default_vlan_id = "string"
        enabled         = false
        force_lookup    = false
        source          = "string"
      }
      dynamic_vlan = {
        default_vlan_ids = ["string"]
        enabled          = false
        local_vlan_ids   = ["string"]
        type             = "string"
        vlans = {
          "string" = "string"
        }
      }
      enable_ftm                             = false
      enable_local_keycaching                = false
      enable_wireless_bridging               = false
      enable_wireless_bridging_dhcp_tracking = false
      enabled                                = false
      fast_dot1x_timers                      = false
      hide_ssid                              = false
      hostname_ie                            = false
      hotspot20 = {
        domain_names = ["string"]
        enabled      = false
        nai_realms   = ["string"]
        operators    = ["string"]
        rcois        = ["string"]
        venue_name   = "string"
      }
      inject_dhcp_option82 = {
        circuit_id = "string"
        enabled    = false
      }
      interface            = "string"
      isolation            = false
      l2_isolation         = false
      legacy_overds        = false
      limit_bcast          = false
      limit_probe_response = false
      max_idletime         = 0
      max_num_clients      = 0
      mist_nac = {
        acct_interim_interval = 0
        auth_servers_retries  = 0
        auth_servers_timeout  = 0
        coa_enabled           = false
        coa_port              = 0
        enabled               = false
        fast_dot1x_timers     = false
        network               = "string"
        source_ip             = "string"
      }
      mxtunnel_ids   = ["string"]
      mxtunnel_names = ["string"]
      no_static_dns  = false
      no_static_ip   = false
      portal = {
        allow_wlan_id_roam             = false
        amazon_client_id               = "string"
        amazon_client_secret           = "string"
        amazon_email_domains           = ["string"]
        amazon_enabled                 = false
        amazon_expire                  = 0
        auth                           = "string"
        azure_client_id                = "string"
        azure_client_secret            = "string"
        azure_enabled                  = false
        azure_expire                   = 0
        azure_tenant_id                = "string"
        broadnet_password              = "string"
        broadnet_sid                   = "string"
        broadnet_user_id               = "string"
        bypass_when_cloud_down         = false
        clickatell_api_key             = "string"
        cross_site                     = false
        email_enabled                  = false
        enabled                        = false
        expire                         = 0
        external_portal_url            = "string"
        facebook_client_id             = "string"
        facebook_client_secret         = "string"
        facebook_email_domains         = ["string"]
        facebook_enabled               = false
        facebook_expire                = 0
        forward                        = false
        forward_url                    = "string"
        google_client_id               = "string"
        google_client_secret           = "string"
        google_email_domains           = ["string"]
        google_enabled                 = false
        google_expire                  = 0
        gupshup_password               = "string"
        gupshup_userid                 = "string"
        microsoft_client_id            = "string"
        microsoft_client_secret        = "string"
        microsoft_email_domains        = ["string"]
        microsoft_enabled              = false
        microsoft_expire               = 0
        passphrase_enabled             = false
        passphrase_expire              = 0
        password                       = "string"
        predefined_sponsors_enabled    = false
        predefined_sponsors_hide_email = false
        privacy                        = false
        puzzel_password                = "string"
        puzzel_service_id              = "string"
        puzzel_username                = "string"
        sms_enabled                    = false
        sms_expire                     = 0
        sms_message_format             = "string"
        sms_provider                   = "string"
        smsglobal_api_key              = "string"
        smsglobal_api_secret           = "string"
        smsglobal_sender               = "string"
        sponsor_auto_approve           = false
        sponsor_email_domains          = ["string"]
        sponsor_enabled                = false
        sponsor_expire                 = 0
        sponsor_link_validity_duration = "string"
        sponsor_notify_all             = false
        sponsor_status_notify          = false
        sponsors = {
          "string" = "string"
        }
        sso_default_role      = "string"
        sso_forced_role       = "string"
        sso_idp_cert          = "string"
        sso_idp_sign_algo     = "string"
        sso_idp_sso_url       = "string"
        sso_issuer            = "string"
        sso_nameid_format     = "string"
        telstra_client_id     = "string"
        telstra_client_secret = "string"
        twilio_auth_token     = "string"
        twilio_phone_number   = "string"
        twilio_sid            = "string"
      }
      portal_allowed_hostnames = ["string"]
      portal_allowed_subnets   = ["string"]
      portal_denied_hostnames  = ["string"]
      qos = {
        class     = "string"
        overwrite = false
      }
      radsec = {
        coa_enabled   = false
        enabled       = false
        idle_timeout  = "string"
        mxcluster_ids = ["string"]
        proxy_hosts   = ["string"]
        server_name   = "string"
        servers = [{
          "host" = "string"
          "port" = 0
        }]
        use_mxedge      = false
        use_site_mxedge = false
      }
      rateset = {
        "string" = {
          eht      = "string"
          he       = "string"
          ht       = "string"
          legacies = ["string"]
          min_rssi = 0
          template = "string"
          vht      = "string"
        }
      }
      reconnect_clients_when_roaming_mxcluster = false
      roam_mode                                = "string"
      schedule = {
        enabled = false
        hours = {
          fri = "string"
          mon = "string"
          sat = "string"
          sun = "string"
          thu = "string"
          tue = "string"
          wed = "string"
        }
      }
      sle_excluded            = false
      use_eapol_v1            = false
      vlan_enabled            = false
      vlan_id                 = "string"
      vlan_ids                = ["string"]
      vlan_pooling            = false
      wlan_limit_down         = "string"
      wlan_limit_down_enabled = false
      wlan_limit_up           = "string"
      wlan_limit_up_enabled   = false
      wxtag_ids               = ["string"]
      wxtunnel_id             = "string"
      wxtunnel_remote_id      = "string"
    }
    
    var wlanResource = new com.pulumi.junipermist.org.Wlan("wlanResource", com.pulumi.junipermist.org.WlanArgs.builder()
        .orgId("string")
        .ssid("string")
        .templateId("string")
        .acctImmediateUpdate(false)
        .acctInterimInterval(0)
        .acctServers(com.pulumi.junipermist.org.inputs.WlanAcctServerArgs.builder()
            .host("string")
            .secret("string")
            .keywrapEnabled(false)
            .keywrapFormat("string")
            .keywrapKek("string")
            .keywrapMack("string")
            .port("string")
            .build())
        .airwatch(com.pulumi.junipermist.org.inputs.WlanAirwatchArgs.builder()
            .apiKey("string")
            .consoleUrl("string")
            .enabled(false)
            .password("string")
            .username("string")
            .build())
        .allowIpv6Ndp(false)
        .allowMdns(false)
        .allowSsdp(false)
        .apIds("string")
        .appLimit(com.pulumi.junipermist.org.inputs.WlanAppLimitArgs.builder()
            .apps(Map.of("string", 0))
            .enabled(false)
            .wxtagIds(Map.of("string", 0))
            .build())
        .appQos(com.pulumi.junipermist.org.inputs.WlanAppQosArgs.builder()
            .apps(Map.of("string", com.pulumi.junipermist.org.inputs.WlanAppQosAppsArgs.builder()
                .dscp("string")
                .dstSubnet("string")
                .srcSubnet("string")
                .build()))
            .enabled(false)
            .others(com.pulumi.junipermist.org.inputs.WlanAppQosOtherArgs.builder()
                .dscp("string")
                .dstSubnet("string")
                .portRanges("string")
                .protocol("string")
                .srcSubnet("string")
                .build())
            .build())
        .applyTo("string")
        .arpFilter(false)
        .auth(com.pulumi.junipermist.org.inputs.WlanAuthArgs.builder()
            .anticlogThreshold(0)
            .eapReauth(false)
            .enableBeaconProtection(false)
            .enableGcmp256(false)
            .enableMacAuth(false)
            .keyIdx(0)
            .keys("string")
            .multiPskOnly(false)
            .owe("string")
            .pairwises("string")
            .privateWlan(false)
            .psk("string")
            .type("string")
            .wepAsSecondaryAuth(false)
            .build())
        .authServerSelection("string")
        .authServers(com.pulumi.junipermist.org.inputs.WlanAuthServerArgs.builder()
            .host("string")
            .secret("string")
            .keywrapEnabled(false)
            .keywrapFormat("string")
            .keywrapKek("string")
            .keywrapMack("string")
            .port("string")
            .requireMessageAuthenticator(false)
            .build())
        .authServersNasId("string")
        .authServersNasIp("string")
        .authServersRetries(0)
        .authServersTimeout(0)
        .bandSteer(false)
        .bandSteerForceBand5(false)
        .bands("string")
        .blockBlacklistClients(false)
        .bonjour(com.pulumi.junipermist.org.inputs.WlanBonjourArgs.builder()
            .additionalVlanIds("string")
            .enabled(false)
            .services(Map.of("string", com.pulumi.junipermist.org.inputs.WlanBonjourServicesArgs.builder()
                .disableLocal(false)
                .radiusGroups("string")
                .scope("string")
                .build()))
            .build())
        .ciscoCwa(com.pulumi.junipermist.org.inputs.WlanCiscoCwaArgs.builder()
            .allowedHostnames("string")
            .allowedSubnets("string")
            .blockedSubnets("string")
            .enabled(false)
            .build())
        .clientLimitDown("string")
        .clientLimitDownEnabled(false)
        .clientLimitUp("string")
        .clientLimitUpEnabled(false)
        .coaServers(com.pulumi.junipermist.org.inputs.WlanCoaServerArgs.builder()
            .ip("string")
            .secret("string")
            .disableEventTimestampCheck(false)
            .enabled(false)
            .port("string")
            .build())
        .disable11ax(false)
        .disable11be(false)
        .disableHtVhtRates(false)
        .disableMessageAuthenticatorCheck(false)
        .disableUapsd(false)
        .disableV1RoamNotify(false)
        .disableV2RoamNotify(false)
        .disableWhenGatewayUnreachable(false)
        .disableWhenMxtunnelDown(false)
        .disableWmm(false)
        .dnsServerRewrite(com.pulumi.junipermist.org.inputs.WlanDnsServerRewriteArgs.builder()
            .enabled(false)
            .radiusGroups(Map.of("string", "string"))
            .build())
        .dtim(0)
        .dynamicPsk(com.pulumi.junipermist.org.inputs.WlanDynamicPskArgs.builder()
            .defaultPsk("string")
            .defaultVlanId("string")
            .enabled(false)
            .forceLookup(false)
            .source("string")
            .build())
        .dynamicVlan(com.pulumi.junipermist.org.inputs.WlanDynamicVlanArgs.builder()
            .defaultVlanIds("string")
            .enabled(false)
            .localVlanIds("string")
            .type("string")
            .vlans(Map.of("string", "string"))
            .build())
        .enableFtm(false)
        .enableLocalKeycaching(false)
        .enableWirelessBridging(false)
        .enableWirelessBridgingDhcpTracking(false)
        .enabled(false)
        .fastDot1xTimers(false)
        .hideSsid(false)
        .hostnameIe(false)
        .hotspot20(com.pulumi.junipermist.org.inputs.WlanHotspot20Args.builder()
            .domainNames("string")
            .enabled(false)
            .naiRealms("string")
            .operators("string")
            .rcois("string")
            .venueName("string")
            .build())
        .injectDhcpOption82(com.pulumi.junipermist.org.inputs.WlanInjectDhcpOption82Args.builder()
            .circuitId("string")
            .enabled(false)
            .build())
        .interface_("string")
        .isolation(false)
        .l2Isolation(false)
        .legacyOverds(false)
        .limitBcast(false)
        .limitProbeResponse(false)
        .maxIdletime(0)
        .maxNumClients(0)
        .mistNac(com.pulumi.junipermist.org.inputs.WlanMistNacArgs.builder()
            .acctInterimInterval(0)
            .authServersRetries(0)
            .authServersTimeout(0)
            .coaEnabled(false)
            .coaPort(0)
            .enabled(false)
            .fastDot1xTimers(false)
            .network("string")
            .sourceIp("string")
            .build())
        .mxtunnelIds("string")
        .mxtunnelNames("string")
        .noStaticDns(false)
        .noStaticIp(false)
        .portal(com.pulumi.junipermist.org.inputs.WlanPortalArgs.builder()
            .allowWlanIdRoam(false)
            .amazonClientId("string")
            .amazonClientSecret("string")
            .amazonEmailDomains("string")
            .amazonEnabled(false)
            .amazonExpire(0)
            .auth("string")
            .azureClientId("string")
            .azureClientSecret("string")
            .azureEnabled(false)
            .azureExpire(0)
            .azureTenantId("string")
            .broadnetPassword("string")
            .broadnetSid("string")
            .broadnetUserId("string")
            .bypassWhenCloudDown(false)
            .clickatellApiKey("string")
            .crossSite(false)
            .emailEnabled(false)
            .enabled(false)
            .expire(0)
            .externalPortalUrl("string")
            .facebookClientId("string")
            .facebookClientSecret("string")
            .facebookEmailDomains("string")
            .facebookEnabled(false)
            .facebookExpire(0)
            .forward(false)
            .forwardUrl("string")
            .googleClientId("string")
            .googleClientSecret("string")
            .googleEmailDomains("string")
            .googleEnabled(false)
            .googleExpire(0)
            .gupshupPassword("string")
            .gupshupUserid("string")
            .microsoftClientId("string")
            .microsoftClientSecret("string")
            .microsoftEmailDomains("string")
            .microsoftEnabled(false)
            .microsoftExpire(0)
            .passphraseEnabled(false)
            .passphraseExpire(0)
            .password("string")
            .predefinedSponsorsEnabled(false)
            .predefinedSponsorsHideEmail(false)
            .privacy(false)
            .puzzelPassword("string")
            .puzzelServiceId("string")
            .puzzelUsername("string")
            .smsEnabled(false)
            .smsExpire(0)
            .smsMessageFormat("string")
            .smsProvider("string")
            .smsglobalApiKey("string")
            .smsglobalApiSecret("string")
            .smsglobalSender("string")
            .sponsorAutoApprove(false)
            .sponsorEmailDomains("string")
            .sponsorEnabled(false)
            .sponsorExpire(0)
            .sponsorLinkValidityDuration("string")
            .sponsorNotifyAll(false)
            .sponsorStatusNotify(false)
            .sponsors(Map.of("string", "string"))
            .ssoDefaultRole("string")
            .ssoForcedRole("string")
            .ssoIdpCert("string")
            .ssoIdpSignAlgo("string")
            .ssoIdpSsoUrl("string")
            .ssoIssuer("string")
            .ssoNameidFormat("string")
            .telstraClientId("string")
            .telstraClientSecret("string")
            .twilioAuthToken("string")
            .twilioPhoneNumber("string")
            .twilioSid("string")
            .build())
        .portalAllowedHostnames("string")
        .portalAllowedSubnets("string")
        .portalDeniedHostnames("string")
        .qos(com.pulumi.junipermist.org.inputs.WlanQosArgs.builder()
            .class_("string")
            .overwrite(false)
            .build())
        .radsec(com.pulumi.junipermist.org.inputs.WlanRadsecArgs.builder()
            .coaEnabled(false)
            .enabled(false)
            .idleTimeout("string")
            .mxclusterIds("string")
            .proxyHosts("string")
            .serverName("string")
            .servers(com.pulumi.junipermist.org.inputs.WlanRadsecServerArgs.builder()
                .host("string")
                .port(0)
                .build())
            .useMxedge(false)
            .useSiteMxedge(false)
            .build())
        .rateset(Map.of("string", com.pulumi.junipermist.org.inputs.WlanRatesetArgs.builder()
            .eht("string")
            .he("string")
            .ht("string")
            .legacies("string")
            .minRssi(0)
            .template("string")
            .vht("string")
            .build()))
        .reconnectClientsWhenRoamingMxcluster(false)
        .roamMode("string")
        .schedule(com.pulumi.junipermist.org.inputs.WlanScheduleArgs.builder()
            .enabled(false)
            .hours(com.pulumi.junipermist.org.inputs.WlanScheduleHoursArgs.builder()
                .fri("string")
                .mon("string")
                .sat("string")
                .sun("string")
                .thu("string")
                .tue("string")
                .wed("string")
                .build())
            .build())
        .sleExcluded(false)
        .useEapolV1(false)
        .vlanEnabled(false)
        .vlanId("string")
        .vlanIds("string")
        .vlanPooling(false)
        .wlanLimitDown("string")
        .wlanLimitDownEnabled(false)
        .wlanLimitUp("string")
        .wlanLimitUpEnabled(false)
        .wxtagIds("string")
        .wxtunnelId("string")
        .wxtunnelRemoteId("string")
        .build());
    
    wlan_resource = junipermist.org.Wlan("wlanResource",
        org_id="string",
        ssid="string",
        template_id="string",
        acct_immediate_update=False,
        acct_interim_interval=0,
        acct_servers=[{
            "host": "string",
            "secret": "string",
            "keywrap_enabled": False,
            "keywrap_format": "string",
            "keywrap_kek": "string",
            "keywrap_mack": "string",
            "port": "string",
        }],
        airwatch={
            "api_key": "string",
            "console_url": "string",
            "enabled": False,
            "password": "string",
            "username": "string",
        },
        allow_ipv6_ndp=False,
        allow_mdns=False,
        allow_ssdp=False,
        ap_ids=["string"],
        app_limit={
            "apps": {
                "string": 0,
            },
            "enabled": False,
            "wxtag_ids": {
                "string": 0,
            },
        },
        app_qos={
            "apps": {
                "string": {
                    "dscp": "string",
                    "dst_subnet": "string",
                    "src_subnet": "string",
                },
            },
            "enabled": False,
            "others": [{
                "dscp": "string",
                "dst_subnet": "string",
                "port_ranges": "string",
                "protocol": "string",
                "src_subnet": "string",
            }],
        },
        apply_to="string",
        arp_filter=False,
        auth={
            "anticlog_threshold": 0,
            "eap_reauth": False,
            "enable_beacon_protection": False,
            "enable_gcmp256": False,
            "enable_mac_auth": False,
            "key_idx": 0,
            "keys": ["string"],
            "multi_psk_only": False,
            "owe": "string",
            "pairwises": ["string"],
            "private_wlan": False,
            "psk": "string",
            "type": "string",
            "wep_as_secondary_auth": False,
        },
        auth_server_selection="string",
        auth_servers=[{
            "host": "string",
            "secret": "string",
            "keywrap_enabled": False,
            "keywrap_format": "string",
            "keywrap_kek": "string",
            "keywrap_mack": "string",
            "port": "string",
            "require_message_authenticator": False,
        }],
        auth_servers_nas_id="string",
        auth_servers_nas_ip="string",
        auth_servers_retries=0,
        auth_servers_timeout=0,
        band_steer=False,
        band_steer_force_band5=False,
        bands=["string"],
        block_blacklist_clients=False,
        bonjour={
            "additional_vlan_ids": ["string"],
            "enabled": False,
            "services": {
                "string": {
                    "disable_local": False,
                    "radius_groups": ["string"],
                    "scope": "string",
                },
            },
        },
        cisco_cwa={
            "allowed_hostnames": ["string"],
            "allowed_subnets": ["string"],
            "blocked_subnets": ["string"],
            "enabled": False,
        },
        client_limit_down="string",
        client_limit_down_enabled=False,
        client_limit_up="string",
        client_limit_up_enabled=False,
        coa_servers=[{
            "ip": "string",
            "secret": "string",
            "disable_event_timestamp_check": False,
            "enabled": False,
            "port": "string",
        }],
        disable11ax=False,
        disable11be=False,
        disable_ht_vht_rates=False,
        disable_message_authenticator_check=False,
        disable_uapsd=False,
        disable_v1_roam_notify=False,
        disable_v2_roam_notify=False,
        disable_when_gateway_unreachable=False,
        disable_when_mxtunnel_down=False,
        disable_wmm=False,
        dns_server_rewrite={
            "enabled": False,
            "radius_groups": {
                "string": "string",
            },
        },
        dtim=0,
        dynamic_psk={
            "default_psk": "string",
            "default_vlan_id": "string",
            "enabled": False,
            "force_lookup": False,
            "source": "string",
        },
        dynamic_vlan={
            "default_vlan_ids": ["string"],
            "enabled": False,
            "local_vlan_ids": ["string"],
            "type": "string",
            "vlans": {
                "string": "string",
            },
        },
        enable_ftm=False,
        enable_local_keycaching=False,
        enable_wireless_bridging=False,
        enable_wireless_bridging_dhcp_tracking=False,
        enabled=False,
        fast_dot1x_timers=False,
        hide_ssid=False,
        hostname_ie=False,
        hotspot20={
            "domain_names": ["string"],
            "enabled": False,
            "nai_realms": ["string"],
            "operators": ["string"],
            "rcois": ["string"],
            "venue_name": "string",
        },
        inject_dhcp_option82={
            "circuit_id": "string",
            "enabled": False,
        },
        interface="string",
        isolation=False,
        l2_isolation=False,
        legacy_overds=False,
        limit_bcast=False,
        limit_probe_response=False,
        max_idletime=0,
        max_num_clients=0,
        mist_nac={
            "acct_interim_interval": 0,
            "auth_servers_retries": 0,
            "auth_servers_timeout": 0,
            "coa_enabled": False,
            "coa_port": 0,
            "enabled": False,
            "fast_dot1x_timers": False,
            "network": "string",
            "source_ip": "string",
        },
        mxtunnel_ids=["string"],
        mxtunnel_names=["string"],
        no_static_dns=False,
        no_static_ip=False,
        portal={
            "allow_wlan_id_roam": False,
            "amazon_client_id": "string",
            "amazon_client_secret": "string",
            "amazon_email_domains": ["string"],
            "amazon_enabled": False,
            "amazon_expire": 0,
            "auth": "string",
            "azure_client_id": "string",
            "azure_client_secret": "string",
            "azure_enabled": False,
            "azure_expire": 0,
            "azure_tenant_id": "string",
            "broadnet_password": "string",
            "broadnet_sid": "string",
            "broadnet_user_id": "string",
            "bypass_when_cloud_down": False,
            "clickatell_api_key": "string",
            "cross_site": False,
            "email_enabled": False,
            "enabled": False,
            "expire": 0,
            "external_portal_url": "string",
            "facebook_client_id": "string",
            "facebook_client_secret": "string",
            "facebook_email_domains": ["string"],
            "facebook_enabled": False,
            "facebook_expire": 0,
            "forward": False,
            "forward_url": "string",
            "google_client_id": "string",
            "google_client_secret": "string",
            "google_email_domains": ["string"],
            "google_enabled": False,
            "google_expire": 0,
            "gupshup_password": "string",
            "gupshup_userid": "string",
            "microsoft_client_id": "string",
            "microsoft_client_secret": "string",
            "microsoft_email_domains": ["string"],
            "microsoft_enabled": False,
            "microsoft_expire": 0,
            "passphrase_enabled": False,
            "passphrase_expire": 0,
            "password": "string",
            "predefined_sponsors_enabled": False,
            "predefined_sponsors_hide_email": False,
            "privacy": False,
            "puzzel_password": "string",
            "puzzel_service_id": "string",
            "puzzel_username": "string",
            "sms_enabled": False,
            "sms_expire": 0,
            "sms_message_format": "string",
            "sms_provider": "string",
            "smsglobal_api_key": "string",
            "smsglobal_api_secret": "string",
            "smsglobal_sender": "string",
            "sponsor_auto_approve": False,
            "sponsor_email_domains": ["string"],
            "sponsor_enabled": False,
            "sponsor_expire": 0,
            "sponsor_link_validity_duration": "string",
            "sponsor_notify_all": False,
            "sponsor_status_notify": False,
            "sponsors": {
                "string": "string",
            },
            "sso_default_role": "string",
            "sso_forced_role": "string",
            "sso_idp_cert": "string",
            "sso_idp_sign_algo": "string",
            "sso_idp_sso_url": "string",
            "sso_issuer": "string",
            "sso_nameid_format": "string",
            "telstra_client_id": "string",
            "telstra_client_secret": "string",
            "twilio_auth_token": "string",
            "twilio_phone_number": "string",
            "twilio_sid": "string",
        },
        portal_allowed_hostnames=["string"],
        portal_allowed_subnets=["string"],
        portal_denied_hostnames=["string"],
        qos={
            "class_": "string",
            "overwrite": False,
        },
        radsec={
            "coa_enabled": False,
            "enabled": False,
            "idle_timeout": "string",
            "mxcluster_ids": ["string"],
            "proxy_hosts": ["string"],
            "server_name": "string",
            "servers": [{
                "host": "string",
                "port": 0,
            }],
            "use_mxedge": False,
            "use_site_mxedge": False,
        },
        rateset={
            "string": {
                "eht": "string",
                "he": "string",
                "ht": "string",
                "legacies": ["string"],
                "min_rssi": 0,
                "template": "string",
                "vht": "string",
            },
        },
        reconnect_clients_when_roaming_mxcluster=False,
        roam_mode="string",
        schedule={
            "enabled": False,
            "hours": {
                "fri": "string",
                "mon": "string",
                "sat": "string",
                "sun": "string",
                "thu": "string",
                "tue": "string",
                "wed": "string",
            },
        },
        sle_excluded=False,
        use_eapol_v1=False,
        vlan_enabled=False,
        vlan_id="string",
        vlan_ids=["string"],
        vlan_pooling=False,
        wlan_limit_down="string",
        wlan_limit_down_enabled=False,
        wlan_limit_up="string",
        wlan_limit_up_enabled=False,
        wxtag_ids=["string"],
        wxtunnel_id="string",
        wxtunnel_remote_id="string")
    
    const wlanResource = new junipermist.org.Wlan("wlanResource", {
        orgId: "string",
        ssid: "string",
        templateId: "string",
        acctImmediateUpdate: false,
        acctInterimInterval: 0,
        acctServers: [{
            host: "string",
            secret: "string",
            keywrapEnabled: false,
            keywrapFormat: "string",
            keywrapKek: "string",
            keywrapMack: "string",
            port: "string",
        }],
        airwatch: {
            apiKey: "string",
            consoleUrl: "string",
            enabled: false,
            password: "string",
            username: "string",
        },
        allowIpv6Ndp: false,
        allowMdns: false,
        allowSsdp: false,
        apIds: ["string"],
        appLimit: {
            apps: {
                string: 0,
            },
            enabled: false,
            wxtagIds: {
                string: 0,
            },
        },
        appQos: {
            apps: {
                string: {
                    dscp: "string",
                    dstSubnet: "string",
                    srcSubnet: "string",
                },
            },
            enabled: false,
            others: [{
                dscp: "string",
                dstSubnet: "string",
                portRanges: "string",
                protocol: "string",
                srcSubnet: "string",
            }],
        },
        applyTo: "string",
        arpFilter: false,
        auth: {
            anticlogThreshold: 0,
            eapReauth: false,
            enableBeaconProtection: false,
            enableGcmp256: false,
            enableMacAuth: false,
            keyIdx: 0,
            keys: ["string"],
            multiPskOnly: false,
            owe: "string",
            pairwises: ["string"],
            privateWlan: false,
            psk: "string",
            type: "string",
            wepAsSecondaryAuth: false,
        },
        authServerSelection: "string",
        authServers: [{
            host: "string",
            secret: "string",
            keywrapEnabled: false,
            keywrapFormat: "string",
            keywrapKek: "string",
            keywrapMack: "string",
            port: "string",
            requireMessageAuthenticator: false,
        }],
        authServersNasId: "string",
        authServersNasIp: "string",
        authServersRetries: 0,
        authServersTimeout: 0,
        bandSteer: false,
        bandSteerForceBand5: false,
        bands: ["string"],
        blockBlacklistClients: false,
        bonjour: {
            additionalVlanIds: ["string"],
            enabled: false,
            services: {
                string: {
                    disableLocal: false,
                    radiusGroups: ["string"],
                    scope: "string",
                },
            },
        },
        ciscoCwa: {
            allowedHostnames: ["string"],
            allowedSubnets: ["string"],
            blockedSubnets: ["string"],
            enabled: false,
        },
        clientLimitDown: "string",
        clientLimitDownEnabled: false,
        clientLimitUp: "string",
        clientLimitUpEnabled: false,
        coaServers: [{
            ip: "string",
            secret: "string",
            disableEventTimestampCheck: false,
            enabled: false,
            port: "string",
        }],
        disable11ax: false,
        disable11be: false,
        disableHtVhtRates: false,
        disableMessageAuthenticatorCheck: false,
        disableUapsd: false,
        disableV1RoamNotify: false,
        disableV2RoamNotify: false,
        disableWhenGatewayUnreachable: false,
        disableWhenMxtunnelDown: false,
        disableWmm: false,
        dnsServerRewrite: {
            enabled: false,
            radiusGroups: {
                string: "string",
            },
        },
        dtim: 0,
        dynamicPsk: {
            defaultPsk: "string",
            defaultVlanId: "string",
            enabled: false,
            forceLookup: false,
            source: "string",
        },
        dynamicVlan: {
            defaultVlanIds: ["string"],
            enabled: false,
            localVlanIds: ["string"],
            type: "string",
            vlans: {
                string: "string",
            },
        },
        enableFtm: false,
        enableLocalKeycaching: false,
        enableWirelessBridging: false,
        enableWirelessBridgingDhcpTracking: false,
        enabled: false,
        fastDot1xTimers: false,
        hideSsid: false,
        hostnameIe: false,
        hotspot20: {
            domainNames: ["string"],
            enabled: false,
            naiRealms: ["string"],
            operators: ["string"],
            rcois: ["string"],
            venueName: "string",
        },
        injectDhcpOption82: {
            circuitId: "string",
            enabled: false,
        },
        "interface": "string",
        isolation: false,
        l2Isolation: false,
        legacyOverds: false,
        limitBcast: false,
        limitProbeResponse: false,
        maxIdletime: 0,
        maxNumClients: 0,
        mistNac: {
            acctInterimInterval: 0,
            authServersRetries: 0,
            authServersTimeout: 0,
            coaEnabled: false,
            coaPort: 0,
            enabled: false,
            fastDot1xTimers: false,
            network: "string",
            sourceIp: "string",
        },
        mxtunnelIds: ["string"],
        mxtunnelNames: ["string"],
        noStaticDns: false,
        noStaticIp: false,
        portal: {
            allowWlanIdRoam: false,
            amazonClientId: "string",
            amazonClientSecret: "string",
            amazonEmailDomains: ["string"],
            amazonEnabled: false,
            amazonExpire: 0,
            auth: "string",
            azureClientId: "string",
            azureClientSecret: "string",
            azureEnabled: false,
            azureExpire: 0,
            azureTenantId: "string",
            broadnetPassword: "string",
            broadnetSid: "string",
            broadnetUserId: "string",
            bypassWhenCloudDown: false,
            clickatellApiKey: "string",
            crossSite: false,
            emailEnabled: false,
            enabled: false,
            expire: 0,
            externalPortalUrl: "string",
            facebookClientId: "string",
            facebookClientSecret: "string",
            facebookEmailDomains: ["string"],
            facebookEnabled: false,
            facebookExpire: 0,
            forward: false,
            forwardUrl: "string",
            googleClientId: "string",
            googleClientSecret: "string",
            googleEmailDomains: ["string"],
            googleEnabled: false,
            googleExpire: 0,
            gupshupPassword: "string",
            gupshupUserid: "string",
            microsoftClientId: "string",
            microsoftClientSecret: "string",
            microsoftEmailDomains: ["string"],
            microsoftEnabled: false,
            microsoftExpire: 0,
            passphraseEnabled: false,
            passphraseExpire: 0,
            password: "string",
            predefinedSponsorsEnabled: false,
            predefinedSponsorsHideEmail: false,
            privacy: false,
            puzzelPassword: "string",
            puzzelServiceId: "string",
            puzzelUsername: "string",
            smsEnabled: false,
            smsExpire: 0,
            smsMessageFormat: "string",
            smsProvider: "string",
            smsglobalApiKey: "string",
            smsglobalApiSecret: "string",
            smsglobalSender: "string",
            sponsorAutoApprove: false,
            sponsorEmailDomains: ["string"],
            sponsorEnabled: false,
            sponsorExpire: 0,
            sponsorLinkValidityDuration: "string",
            sponsorNotifyAll: false,
            sponsorStatusNotify: false,
            sponsors: {
                string: "string",
            },
            ssoDefaultRole: "string",
            ssoForcedRole: "string",
            ssoIdpCert: "string",
            ssoIdpSignAlgo: "string",
            ssoIdpSsoUrl: "string",
            ssoIssuer: "string",
            ssoNameidFormat: "string",
            telstraClientId: "string",
            telstraClientSecret: "string",
            twilioAuthToken: "string",
            twilioPhoneNumber: "string",
            twilioSid: "string",
        },
        portalAllowedHostnames: ["string"],
        portalAllowedSubnets: ["string"],
        portalDeniedHostnames: ["string"],
        qos: {
            "class": "string",
            overwrite: false,
        },
        radsec: {
            coaEnabled: false,
            enabled: false,
            idleTimeout: "string",
            mxclusterIds: ["string"],
            proxyHosts: ["string"],
            serverName: "string",
            servers: [{
                host: "string",
                port: 0,
            }],
            useMxedge: false,
            useSiteMxedge: false,
        },
        rateset: {
            string: {
                eht: "string",
                he: "string",
                ht: "string",
                legacies: ["string"],
                minRssi: 0,
                template: "string",
                vht: "string",
            },
        },
        reconnectClientsWhenRoamingMxcluster: false,
        roamMode: "string",
        schedule: {
            enabled: false,
            hours: {
                fri: "string",
                mon: "string",
                sat: "string",
                sun: "string",
                thu: "string",
                tue: "string",
                wed: "string",
            },
        },
        sleExcluded: false,
        useEapolV1: false,
        vlanEnabled: false,
        vlanId: "string",
        vlanIds: ["string"],
        vlanPooling: false,
        wlanLimitDown: "string",
        wlanLimitDownEnabled: false,
        wlanLimitUp: "string",
        wlanLimitUpEnabled: false,
        wxtagIds: ["string"],
        wxtunnelId: "string",
        wxtunnelRemoteId: "string",
    });
    
    type: junipermist:org:Wlan
    properties:
        acctImmediateUpdate: false
        acctInterimInterval: 0
        acctServers:
            - host: string
              keywrapEnabled: false
              keywrapFormat: string
              keywrapKek: string
              keywrapMack: string
              port: string
              secret: string
        airwatch:
            apiKey: string
            consoleUrl: string
            enabled: false
            password: string
            username: string
        allowIpv6Ndp: false
        allowMdns: false
        allowSsdp: false
        apIds:
            - string
        appLimit:
            apps:
                string: 0
            enabled: false
            wxtagIds:
                string: 0
        appQos:
            apps:
                string:
                    dscp: string
                    dstSubnet: string
                    srcSubnet: string
            enabled: false
            others:
                - dscp: string
                  dstSubnet: string
                  portRanges: string
                  protocol: string
                  srcSubnet: string
        applyTo: string
        arpFilter: false
        auth:
            anticlogThreshold: 0
            eapReauth: false
            enableBeaconProtection: false
            enableGcmp256: false
            enableMacAuth: false
            keyIdx: 0
            keys:
                - string
            multiPskOnly: false
            owe: string
            pairwises:
                - string
            privateWlan: false
            psk: string
            type: string
            wepAsSecondaryAuth: false
        authServerSelection: string
        authServers:
            - host: string
              keywrapEnabled: false
              keywrapFormat: string
              keywrapKek: string
              keywrapMack: string
              port: string
              requireMessageAuthenticator: false
              secret: string
        authServersNasId: string
        authServersNasIp: string
        authServersRetries: 0
        authServersTimeout: 0
        bandSteer: false
        bandSteerForceBand5: false
        bands:
            - string
        blockBlacklistClients: false
        bonjour:
            additionalVlanIds:
                - string
            enabled: false
            services:
                string:
                    disableLocal: false
                    radiusGroups:
                        - string
                    scope: string
        ciscoCwa:
            allowedHostnames:
                - string
            allowedSubnets:
                - string
            blockedSubnets:
                - string
            enabled: false
        clientLimitDown: string
        clientLimitDownEnabled: false
        clientLimitUp: string
        clientLimitUpEnabled: false
        coaServers:
            - disableEventTimestampCheck: false
              enabled: false
              ip: string
              port: string
              secret: string
        disable11ax: false
        disable11be: false
        disableHtVhtRates: false
        disableMessageAuthenticatorCheck: false
        disableUapsd: false
        disableV1RoamNotify: false
        disableV2RoamNotify: false
        disableWhenGatewayUnreachable: false
        disableWhenMxtunnelDown: false
        disableWmm: false
        dnsServerRewrite:
            enabled: false
            radiusGroups:
                string: string
        dtim: 0
        dynamicPsk:
            defaultPsk: string
            defaultVlanId: string
            enabled: false
            forceLookup: false
            source: string
        dynamicVlan:
            defaultVlanIds:
                - string
            enabled: false
            localVlanIds:
                - string
            type: string
            vlans:
                string: string
        enableFtm: false
        enableLocalKeycaching: false
        enableWirelessBridging: false
        enableWirelessBridgingDhcpTracking: false
        enabled: false
        fastDot1xTimers: false
        hideSsid: false
        hostnameIe: false
        hotspot20:
            domainNames:
                - string
            enabled: false
            naiRealms:
                - string
            operators:
                - string
            rcois:
                - string
            venueName: string
        injectDhcpOption82:
            circuitId: string
            enabled: false
        interface: string
        isolation: false
        l2Isolation: false
        legacyOverds: false
        limitBcast: false
        limitProbeResponse: false
        maxIdletime: 0
        maxNumClients: 0
        mistNac:
            acctInterimInterval: 0
            authServersRetries: 0
            authServersTimeout: 0
            coaEnabled: false
            coaPort: 0
            enabled: false
            fastDot1xTimers: false
            network: string
            sourceIp: string
        mxtunnelIds:
            - string
        mxtunnelNames:
            - string
        noStaticDns: false
        noStaticIp: false
        orgId: string
        portal:
            allowWlanIdRoam: false
            amazonClientId: string
            amazonClientSecret: string
            amazonEmailDomains:
                - string
            amazonEnabled: false
            amazonExpire: 0
            auth: string
            azureClientId: string
            azureClientSecret: string
            azureEnabled: false
            azureExpire: 0
            azureTenantId: string
            broadnetPassword: string
            broadnetSid: string
            broadnetUserId: string
            bypassWhenCloudDown: false
            clickatellApiKey: string
            crossSite: false
            emailEnabled: false
            enabled: false
            expire: 0
            externalPortalUrl: string
            facebookClientId: string
            facebookClientSecret: string
            facebookEmailDomains:
                - string
            facebookEnabled: false
            facebookExpire: 0
            forward: false
            forwardUrl: string
            googleClientId: string
            googleClientSecret: string
            googleEmailDomains:
                - string
            googleEnabled: false
            googleExpire: 0
            gupshupPassword: string
            gupshupUserid: string
            microsoftClientId: string
            microsoftClientSecret: string
            microsoftEmailDomains:
                - string
            microsoftEnabled: false
            microsoftExpire: 0
            passphraseEnabled: false
            passphraseExpire: 0
            password: string
            predefinedSponsorsEnabled: false
            predefinedSponsorsHideEmail: false
            privacy: false
            puzzelPassword: string
            puzzelServiceId: string
            puzzelUsername: string
            smsEnabled: false
            smsExpire: 0
            smsMessageFormat: string
            smsProvider: string
            smsglobalApiKey: string
            smsglobalApiSecret: string
            smsglobalSender: string
            sponsorAutoApprove: false
            sponsorEmailDomains:
                - string
            sponsorEnabled: false
            sponsorExpire: 0
            sponsorLinkValidityDuration: string
            sponsorNotifyAll: false
            sponsorStatusNotify: false
            sponsors:
                string: string
            ssoDefaultRole: string
            ssoForcedRole: string
            ssoIdpCert: string
            ssoIdpSignAlgo: string
            ssoIdpSsoUrl: string
            ssoIssuer: string
            ssoNameidFormat: string
            telstraClientId: string
            telstraClientSecret: string
            twilioAuthToken: string
            twilioPhoneNumber: string
            twilioSid: string
        portalAllowedHostnames:
            - string
        portalAllowedSubnets:
            - string
        portalDeniedHostnames:
            - string
        qos:
            class: string
            overwrite: false
        radsec:
            coaEnabled: false
            enabled: false
            idleTimeout: string
            mxclusterIds:
                - string
            proxyHosts:
                - string
            serverName: string
            servers:
                - host: string
                  port: 0
            useMxedge: false
            useSiteMxedge: false
        rateset:
            string:
                eht: string
                he: string
                ht: string
                legacies:
                    - string
                minRssi: 0
                template: string
                vht: string
        reconnectClientsWhenRoamingMxcluster: false
        roamMode: string
        schedule:
            enabled: false
            hours:
                fri: string
                mon: string
                sat: string
                sun: string
                thu: string
                tue: string
                wed: string
        sleExcluded: false
        ssid: string
        templateId: string
        useEapolV1: false
        vlanEnabled: false
        vlanId: string
        vlanIds:
            - string
        vlanPooling: false
        wlanLimitDown: string
        wlanLimitDownEnabled: false
        wlanLimitUp: string
        wlanLimitUpEnabled: false
        wxtagIds:
            - string
        wxtunnelId: string
        wxtunnelRemoteId: string
    

    Wlan Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Wlan resource accepts the following input properties:

    OrgId string
    Owning organization associated with this WLAN
    Ssid string
    Name of the SSID
    TemplateId string
    Identifier of the WLAN template associated with this WLAN
    AcctImmediateUpdate bool
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    AcctInterimInterval int
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    AcctServers List<Pulumi.JuniperMist.Org.Inputs.WlanAcctServer>
    RADIUS accounting servers used by this WLAN
    Airwatch Pulumi.JuniperMist.Org.Inputs.WlanAirwatch
    Integration settings for AirWatch device compliance on this WLAN
    AllowIpv6Ndp bool
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    AllowMdns bool
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    AllowSsdp bool
    Only applicable when limitBcast==true, which allows SSDP
    ApIds List<string>
    Access point identifiers used when applyTo==aps
    AppLimit Pulumi.JuniperMist.Org.Inputs.WlanAppLimit
    Bandwidth limits for applications on this WLAN
    AppQos Pulumi.JuniperMist.Org.Inputs.WlanAppQos
    QoS rules for application traffic on this WLAN
    ApplyTo string
    Scope that determines where this WLAN is applied
    ArpFilter bool
    Whether to enable smart arp filter
    Auth Pulumi.JuniperMist.Org.Inputs.WlanAuth
    Settings that control client authentication for this WLAN
    AuthServerSelection string
    RADIUS authentication server selection behavior for this WLAN
    AuthServers List<Pulumi.JuniperMist.Org.Inputs.WlanAuthServer>
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    AuthServersNasId string
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    AuthServersNasIp string
    Optional, NAS-IP-ADDRESS to use
    AuthServersRetries int
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    AuthServersTimeout int
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    BandSteer bool
    Whether to enable band_steering, this works only when band==both
    BandSteerForceBand5 bool
    Force dualBand capable client to connect to 5G
    Bands List<string>
    list of radios that the wlan should apply to. enum: 24, 5, 6
    BlockBlacklistClients bool
    Whether to block the clients in the blacklist (up to first 256 macs)
    Bonjour Pulumi.JuniperMist.Org.Inputs.WlanBonjour
    Service discovery gateway settings for Bonjour traffic on this WLAN
    CiscoCwa Pulumi.JuniperMist.Org.Inputs.WlanCiscoCwa
    Central web authentication settings for Cisco CWA on this WLAN
    ClientLimitDown string
    Downlink bandwidth limit applied per client
    ClientLimitDownEnabled bool
    If downlink limiting per-client is enabled
    ClientLimitUp string
    Uplink bandwidth limit applied per client
    ClientLimitUpEnabled bool
    If uplink limiting per-client is enabled
    CoaServers List<Pulumi.JuniperMist.Org.Inputs.WlanCoaServer>
    RADIUS Change of Authorization servers available to this WLAN
    Disable11ax bool
    Some old WLAN drivers may not be compatible
    Disable11be bool
    To disable Wi-Fi 7 EHT IEs
    DisableHtVhtRates bool
    To disable ht or vht rates
    DisableMessageAuthenticatorCheck bool
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    DisableUapsd bool
    Whether to disable U-APSD
    DisableV1RoamNotify bool
    Disable sending v2 roam notification messages
    DisableV2RoamNotify bool
    Disable sending v2 roam notification messages
    DisableWhenGatewayUnreachable bool
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    DisableWhenMxtunnelDown bool
    Whether to disable this WLAN when the configured Mist tunnel is down
    DisableWmm bool
    Whether to disable WMM
    DnsServerRewrite Pulumi.JuniperMist.Org.Inputs.WlanDnsServerRewrite
    RADIUS group based DNS server rewrite settings for this WLAN
    Dtim int
    Delivery Traffic Indication Message interval for this WLAN
    DynamicPsk Pulumi.JuniperMist.Org.Inputs.WlanDynamicPsk
    Per-user PSK selection settings for this WLAN
    DynamicVlan Pulumi.JuniperMist.Org.Inputs.WlanDynamicVlan
    VLAN assignment settings for 802.1X dynamic VLANs
    EnableFtm bool
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    EnableLocalKeycaching bool
    Enable AP-AP keycaching via multicast
    EnableWirelessBridging bool
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    EnableWirelessBridgingDhcpTracking bool
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    Enabled bool
    If this wlan is enabled
    FastDot1xTimers bool
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    HideSsid bool
    Whether to hide SSID in beacon
    HostnameIe bool
    Include hostname inside IE in AP beacons / probe responses
    Hotspot20 Pulumi.JuniperMist.Org.Inputs.WlanHotspot20
    Passpoint and Hotspot 2.0 settings for this WLAN
    InjectDhcpOption82 Pulumi.JuniperMist.Org.Inputs.WlanInjectDhcpOption82
    DHCP Option 82 insertion settings for this WLAN
    Interface string
    Network interface or tunnel where this WLAN bridges client traffic
    Isolation bool
    Whether to stop clients to talk to each other
    L2Isolation bool
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    LegacyOverds bool
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    LimitBcast bool
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    LimitProbeResponse bool
    Limit probe response base on some heuristic rules
    MaxIdletime int
    Max idle time in seconds
    MaxNumClients int
    Maximum number of client connected to the SSID. 0 means unlimited
    MistNac Pulumi.JuniperMist.Org.Inputs.WlanMistNac
    Juniper Mist NAC settings used by this WLAN
    MxtunnelIds List<string>
    Mist Tunnel identifiers used when interface==mxtunnel
    MxtunnelNames List<string>
    Mist Tunnel names used when interface==siteMxedge
    NoStaticDns bool
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    NoStaticIp bool
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    Portal Pulumi.JuniperMist.Org.Inputs.WlanPortal
    Guest portal settings for this WLAN
    PortalAllowedHostnames List<string>
    Guest portal hostnames that clients may reach before authorization
    PortalAllowedSubnets List<string>
    Guest portal CIDR subnets that clients may reach before authorization
    PortalDeniedHostnames List<string>
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    Qos Pulumi.JuniperMist.Org.Inputs.WlanQos
    Quality-of-service settings for WLAN client traffic
    Radsec Pulumi.JuniperMist.Org.Inputs.WlanRadsec
    TLS-secured RADIUS transport settings for this WLAN
    Rateset Dictionary<string, Pulumi.JuniperMist.Org.Inputs.WlanRatesetArgs>
    Data rate settings by RF band for this WLAN
    ReconnectClientsWhenRoamingMxcluster bool
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    RoamMode string
    Fast roaming mode configured for this WLAN
    Schedule Pulumi.JuniperMist.Org.Inputs.WlanSchedule
    Operating schedule controlling when this WLAN is active
    SleExcluded bool
    Whether to exclude this WLAN from SLE metrics
    UseEapolV1 bool
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    VlanEnabled bool
    If vlan tagging is enabled
    VlanId string
    Default VLAN ID, range, or variable used when vlanEnabled==true
    VlanIds List<string>
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    VlanPooling bool
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    WlanLimitDown string
    Downlink bandwidth limit applied to the whole WLAN
    WlanLimitDownEnabled bool
    If downlink limiting for whole wlan is enabled
    WlanLimitUp string
    Uplink bandwidth limit applied to the whole WLAN
    WlanLimitUpEnabled bool
    If uplink limiting for whole wlan is enabled
    WxtagIds List<string>
    Identifiers of WxLAN tags used when applyTo==wxtags
    WxtunnelId string
    When interface=wxtunnel, id of the WXLAN Tunnel
    WxtunnelRemoteId string
    When interface=wxtunnel, remote tunnel identifier
    OrgId string
    Owning organization associated with this WLAN
    Ssid string
    Name of the SSID
    TemplateId string
    Identifier of the WLAN template associated with this WLAN
    AcctImmediateUpdate bool
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    AcctInterimInterval int
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    AcctServers []WlanAcctServerArgs
    RADIUS accounting servers used by this WLAN
    Airwatch WlanAirwatchArgs
    Integration settings for AirWatch device compliance on this WLAN
    AllowIpv6Ndp bool
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    AllowMdns bool
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    AllowSsdp bool
    Only applicable when limitBcast==true, which allows SSDP
    ApIds []string
    Access point identifiers used when applyTo==aps
    AppLimit WlanAppLimitArgs
    Bandwidth limits for applications on this WLAN
    AppQos WlanAppQosArgs
    QoS rules for application traffic on this WLAN
    ApplyTo string
    Scope that determines where this WLAN is applied
    ArpFilter bool
    Whether to enable smart arp filter
    Auth WlanAuthArgs
    Settings that control client authentication for this WLAN
    AuthServerSelection string
    RADIUS authentication server selection behavior for this WLAN
    AuthServers []WlanAuthServerArgs
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    AuthServersNasId string
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    AuthServersNasIp string
    Optional, NAS-IP-ADDRESS to use
    AuthServersRetries int
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    AuthServersTimeout int
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    BandSteer bool
    Whether to enable band_steering, this works only when band==both
    BandSteerForceBand5 bool
    Force dualBand capable client to connect to 5G
    Bands []string
    list of radios that the wlan should apply to. enum: 24, 5, 6
    BlockBlacklistClients bool
    Whether to block the clients in the blacklist (up to first 256 macs)
    Bonjour WlanBonjourArgs
    Service discovery gateway settings for Bonjour traffic on this WLAN
    CiscoCwa WlanCiscoCwaArgs
    Central web authentication settings for Cisco CWA on this WLAN
    ClientLimitDown string
    Downlink bandwidth limit applied per client
    ClientLimitDownEnabled bool
    If downlink limiting per-client is enabled
    ClientLimitUp string
    Uplink bandwidth limit applied per client
    ClientLimitUpEnabled bool
    If uplink limiting per-client is enabled
    CoaServers []WlanCoaServerArgs
    RADIUS Change of Authorization servers available to this WLAN
    Disable11ax bool
    Some old WLAN drivers may not be compatible
    Disable11be bool
    To disable Wi-Fi 7 EHT IEs
    DisableHtVhtRates bool
    To disable ht or vht rates
    DisableMessageAuthenticatorCheck bool
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    DisableUapsd bool
    Whether to disable U-APSD
    DisableV1RoamNotify bool
    Disable sending v2 roam notification messages
    DisableV2RoamNotify bool
    Disable sending v2 roam notification messages
    DisableWhenGatewayUnreachable bool
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    DisableWhenMxtunnelDown bool
    Whether to disable this WLAN when the configured Mist tunnel is down
    DisableWmm bool
    Whether to disable WMM
    DnsServerRewrite WlanDnsServerRewriteArgs
    RADIUS group based DNS server rewrite settings for this WLAN
    Dtim int
    Delivery Traffic Indication Message interval for this WLAN
    DynamicPsk WlanDynamicPskArgs
    Per-user PSK selection settings for this WLAN
    DynamicVlan WlanDynamicVlanArgs
    VLAN assignment settings for 802.1X dynamic VLANs
    EnableFtm bool
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    EnableLocalKeycaching bool
    Enable AP-AP keycaching via multicast
    EnableWirelessBridging bool
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    EnableWirelessBridgingDhcpTracking bool
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    Enabled bool
    If this wlan is enabled
    FastDot1xTimers bool
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    HideSsid bool
    Whether to hide SSID in beacon
    HostnameIe bool
    Include hostname inside IE in AP beacons / probe responses
    Hotspot20 WlanHotspot20Args
    Passpoint and Hotspot 2.0 settings for this WLAN
    InjectDhcpOption82 WlanInjectDhcpOption82Args
    DHCP Option 82 insertion settings for this WLAN
    Interface string
    Network interface or tunnel where this WLAN bridges client traffic
    Isolation bool
    Whether to stop clients to talk to each other
    L2Isolation bool
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    LegacyOverds bool
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    LimitBcast bool
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    LimitProbeResponse bool
    Limit probe response base on some heuristic rules
    MaxIdletime int
    Max idle time in seconds
    MaxNumClients int
    Maximum number of client connected to the SSID. 0 means unlimited
    MistNac WlanMistNacArgs
    Juniper Mist NAC settings used by this WLAN
    MxtunnelIds []string
    Mist Tunnel identifiers used when interface==mxtunnel
    MxtunnelNames []string
    Mist Tunnel names used when interface==siteMxedge
    NoStaticDns bool
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    NoStaticIp bool
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    Portal WlanPortalArgs
    Guest portal settings for this WLAN
    PortalAllowedHostnames []string
    Guest portal hostnames that clients may reach before authorization
    PortalAllowedSubnets []string
    Guest portal CIDR subnets that clients may reach before authorization
    PortalDeniedHostnames []string
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    Qos WlanQosArgs
    Quality-of-service settings for WLAN client traffic
    Radsec WlanRadsecArgs
    TLS-secured RADIUS transport settings for this WLAN
    Rateset map[string]WlanRatesetArgs
    Data rate settings by RF band for this WLAN
    ReconnectClientsWhenRoamingMxcluster bool
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    RoamMode string
    Fast roaming mode configured for this WLAN
    Schedule WlanScheduleArgs
    Operating schedule controlling when this WLAN is active
    SleExcluded bool
    Whether to exclude this WLAN from SLE metrics
    UseEapolV1 bool
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    VlanEnabled bool
    If vlan tagging is enabled
    VlanId string
    Default VLAN ID, range, or variable used when vlanEnabled==true
    VlanIds []string
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    VlanPooling bool
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    WlanLimitDown string
    Downlink bandwidth limit applied to the whole WLAN
    WlanLimitDownEnabled bool
    If downlink limiting for whole wlan is enabled
    WlanLimitUp string
    Uplink bandwidth limit applied to the whole WLAN
    WlanLimitUpEnabled bool
    If uplink limiting for whole wlan is enabled
    WxtagIds []string
    Identifiers of WxLAN tags used when applyTo==wxtags
    WxtunnelId string
    When interface=wxtunnel, id of the WXLAN Tunnel
    WxtunnelRemoteId string
    When interface=wxtunnel, remote tunnel identifier
    org_id string
    Owning organization associated with this WLAN
    ssid string
    Name of the SSID
    template_id string
    Identifier of the WLAN template associated with this WLAN
    acct_immediate_update bool
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    acct_interim_interval number
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    acct_servers list(object)
    RADIUS accounting servers used by this WLAN
    airwatch object
    Integration settings for AirWatch device compliance on this WLAN
    allow_ipv6_ndp bool
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    allow_mdns bool
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    allow_ssdp bool
    Only applicable when limitBcast==true, which allows SSDP
    ap_ids list(string)
    Access point identifiers used when applyTo==aps
    app_limit object
    Bandwidth limits for applications on this WLAN
    app_qos object
    QoS rules for application traffic on this WLAN
    apply_to string
    Scope that determines where this WLAN is applied
    arp_filter bool
    Whether to enable smart arp filter
    auth object
    Settings that control client authentication for this WLAN
    auth_server_selection string
    RADIUS authentication server selection behavior for this WLAN
    auth_servers list(object)
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    auth_servers_nas_id string
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    auth_servers_nas_ip string
    Optional, NAS-IP-ADDRESS to use
    auth_servers_retries number
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    auth_servers_timeout number
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    band_steer bool
    Whether to enable band_steering, this works only when band==both
    band_steer_force_band5 bool
    Force dualBand capable client to connect to 5G
    bands list(string)
    list of radios that the wlan should apply to. enum: 24, 5, 6
    block_blacklist_clients bool
    Whether to block the clients in the blacklist (up to first 256 macs)
    bonjour object
    Service discovery gateway settings for Bonjour traffic on this WLAN
    cisco_cwa object
    Central web authentication settings for Cisco CWA on this WLAN
    client_limit_down string
    Downlink bandwidth limit applied per client
    client_limit_down_enabled bool
    If downlink limiting per-client is enabled
    client_limit_up string
    Uplink bandwidth limit applied per client
    client_limit_up_enabled bool
    If uplink limiting per-client is enabled
    coa_servers list(object)
    RADIUS Change of Authorization servers available to this WLAN
    disable11ax bool
    Some old WLAN drivers may not be compatible
    disable11be bool
    To disable Wi-Fi 7 EHT IEs
    disable_ht_vht_rates bool
    To disable ht or vht rates
    disable_message_authenticator_check bool
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    disable_uapsd bool
    Whether to disable U-APSD
    disable_v1_roam_notify bool
    Disable sending v2 roam notification messages
    disable_v2_roam_notify bool
    Disable sending v2 roam notification messages
    disable_when_gateway_unreachable bool
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    disable_when_mxtunnel_down bool
    Whether to disable this WLAN when the configured Mist tunnel is down
    disable_wmm bool
    Whether to disable WMM
    dns_server_rewrite object
    RADIUS group based DNS server rewrite settings for this WLAN
    dtim number
    Delivery Traffic Indication Message interval for this WLAN
    dynamic_psk object
    Per-user PSK selection settings for this WLAN
    dynamic_vlan object
    VLAN assignment settings for 802.1X dynamic VLANs
    enable_ftm bool
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    enable_local_keycaching bool
    Enable AP-AP keycaching via multicast
    enable_wireless_bridging bool
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    enable_wireless_bridging_dhcp_tracking bool
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    enabled bool
    If this wlan is enabled
    fast_dot1x_timers bool
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    hide_ssid bool
    Whether to hide SSID in beacon
    hostname_ie bool
    Include hostname inside IE in AP beacons / probe responses
    hotspot20 object
    Passpoint and Hotspot 2.0 settings for this WLAN
    inject_dhcp_option82 object
    DHCP Option 82 insertion settings for this WLAN
    interface string
    Network interface or tunnel where this WLAN bridges client traffic
    isolation bool
    Whether to stop clients to talk to each other
    l2_isolation bool
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    legacy_overds bool
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    limit_bcast bool
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    limit_probe_response bool
    Limit probe response base on some heuristic rules
    max_idletime number
    Max idle time in seconds
    max_num_clients number
    Maximum number of client connected to the SSID. 0 means unlimited
    mist_nac object
    Juniper Mist NAC settings used by this WLAN
    mxtunnel_ids list(string)
    Mist Tunnel identifiers used when interface==mxtunnel
    mxtunnel_names list(string)
    Mist Tunnel names used when interface==siteMxedge
    no_static_dns bool
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    no_static_ip bool
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    portal object
    Guest portal settings for this WLAN
    portal_allowed_hostnames list(string)
    Guest portal hostnames that clients may reach before authorization
    portal_allowed_subnets list(string)
    Guest portal CIDR subnets that clients may reach before authorization
    portal_denied_hostnames list(string)
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    qos object
    Quality-of-service settings for WLAN client traffic
    radsec object
    TLS-secured RADIUS transport settings for this WLAN
    rateset map(object)
    Data rate settings by RF band for this WLAN
    reconnect_clients_when_roaming_mxcluster bool
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    roam_mode string
    Fast roaming mode configured for this WLAN
    schedule object
    Operating schedule controlling when this WLAN is active
    sle_excluded bool
    Whether to exclude this WLAN from SLE metrics
    use_eapol_v1 bool
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    vlan_enabled bool
    If vlan tagging is enabled
    vlan_id string
    Default VLAN ID, range, or variable used when vlanEnabled==true
    vlan_ids list(string)
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    vlan_pooling bool
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    wlan_limit_down string
    Downlink bandwidth limit applied to the whole WLAN
    wlan_limit_down_enabled bool
    If downlink limiting for whole wlan is enabled
    wlan_limit_up string
    Uplink bandwidth limit applied to the whole WLAN
    wlan_limit_up_enabled bool
    If uplink limiting for whole wlan is enabled
    wxtag_ids list(string)
    Identifiers of WxLAN tags used when applyTo==wxtags
    wxtunnel_id string
    When interface=wxtunnel, id of the WXLAN Tunnel
    wxtunnel_remote_id string
    When interface=wxtunnel, remote tunnel identifier
    orgId String
    Owning organization associated with this WLAN
    ssid String
    Name of the SSID
    templateId String
    Identifier of the WLAN template associated with this WLAN
    acctImmediateUpdate Boolean
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    acctInterimInterval Integer
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    acctServers List<WlanAcctServer>
    RADIUS accounting servers used by this WLAN
    airwatch WlanAirwatch
    Integration settings for AirWatch device compliance on this WLAN
    allowIpv6Ndp Boolean
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    allowMdns Boolean
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    allowSsdp Boolean
    Only applicable when limitBcast==true, which allows SSDP
    apIds List<String>
    Access point identifiers used when applyTo==aps
    appLimit WlanAppLimit
    Bandwidth limits for applications on this WLAN
    appQos WlanAppQos
    QoS rules for application traffic on this WLAN
    applyTo String
    Scope that determines where this WLAN is applied
    arpFilter Boolean
    Whether to enable smart arp filter
    auth WlanAuth
    Settings that control client authentication for this WLAN
    authServerSelection String
    RADIUS authentication server selection behavior for this WLAN
    authServers List<WlanAuthServer>
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    authServersNasId String
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    authServersNasIp String
    Optional, NAS-IP-ADDRESS to use
    authServersRetries Integer
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    authServersTimeout Integer
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    bandSteer Boolean
    Whether to enable band_steering, this works only when band==both
    bandSteerForceBand5 Boolean
    Force dualBand capable client to connect to 5G
    bands List<String>
    list of radios that the wlan should apply to. enum: 24, 5, 6
    blockBlacklistClients Boolean
    Whether to block the clients in the blacklist (up to first 256 macs)
    bonjour WlanBonjour
    Service discovery gateway settings for Bonjour traffic on this WLAN
    ciscoCwa WlanCiscoCwa
    Central web authentication settings for Cisco CWA on this WLAN
    clientLimitDown String
    Downlink bandwidth limit applied per client
    clientLimitDownEnabled Boolean
    If downlink limiting per-client is enabled
    clientLimitUp String
    Uplink bandwidth limit applied per client
    clientLimitUpEnabled Boolean
    If uplink limiting per-client is enabled
    coaServers List<WlanCoaServer>
    RADIUS Change of Authorization servers available to this WLAN
    disable11ax Boolean
    Some old WLAN drivers may not be compatible
    disable11be Boolean
    To disable Wi-Fi 7 EHT IEs
    disableHtVhtRates Boolean
    To disable ht or vht rates
    disableMessageAuthenticatorCheck Boolean
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    disableUapsd Boolean
    Whether to disable U-APSD
    disableV1RoamNotify Boolean
    Disable sending v2 roam notification messages
    disableV2RoamNotify Boolean
    Disable sending v2 roam notification messages
    disableWhenGatewayUnreachable Boolean
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    disableWhenMxtunnelDown Boolean
    Whether to disable this WLAN when the configured Mist tunnel is down
    disableWmm Boolean
    Whether to disable WMM
    dnsServerRewrite WlanDnsServerRewrite
    RADIUS group based DNS server rewrite settings for this WLAN
    dtim Integer
    Delivery Traffic Indication Message interval for this WLAN
    dynamicPsk WlanDynamicPsk
    Per-user PSK selection settings for this WLAN
    dynamicVlan WlanDynamicVlan
    VLAN assignment settings for 802.1X dynamic VLANs
    enableFtm Boolean
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    enableLocalKeycaching Boolean
    Enable AP-AP keycaching via multicast
    enableWirelessBridging Boolean
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    enableWirelessBridgingDhcpTracking Boolean
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    enabled Boolean
    If this wlan is enabled
    fastDot1xTimers Boolean
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    hideSsid Boolean
    Whether to hide SSID in beacon
    hostnameIe Boolean
    Include hostname inside IE in AP beacons / probe responses
    hotspot20 WlanHotspot20
    Passpoint and Hotspot 2.0 settings for this WLAN
    injectDhcpOption82 WlanInjectDhcpOption82
    DHCP Option 82 insertion settings for this WLAN
    interface_ String
    Network interface or tunnel where this WLAN bridges client traffic
    isolation Boolean
    Whether to stop clients to talk to each other
    l2Isolation Boolean
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    legacyOverds Boolean
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    limitBcast Boolean
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    limitProbeResponse Boolean
    Limit probe response base on some heuristic rules
    maxIdletime Integer
    Max idle time in seconds
    maxNumClients Integer
    Maximum number of client connected to the SSID. 0 means unlimited
    mistNac WlanMistNac
    Juniper Mist NAC settings used by this WLAN
    mxtunnelIds List<String>
    Mist Tunnel identifiers used when interface==mxtunnel
    mxtunnelNames List<String>
    Mist Tunnel names used when interface==siteMxedge
    noStaticDns Boolean
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    noStaticIp Boolean
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    portal WlanPortal
    Guest portal settings for this WLAN
    portalAllowedHostnames List<String>
    Guest portal hostnames that clients may reach before authorization
    portalAllowedSubnets List<String>
    Guest portal CIDR subnets that clients may reach before authorization
    portalDeniedHostnames List<String>
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    qos WlanQos
    Quality-of-service settings for WLAN client traffic
    radsec WlanRadsec
    TLS-secured RADIUS transport settings for this WLAN
    rateset Map<String,WlanRatesetArgs>
    Data rate settings by RF band for this WLAN
    reconnectClientsWhenRoamingMxcluster Boolean
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    roamMode String
    Fast roaming mode configured for this WLAN
    schedule WlanSchedule
    Operating schedule controlling when this WLAN is active
    sleExcluded Boolean
    Whether to exclude this WLAN from SLE metrics
    useEapolV1 Boolean
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    vlanEnabled Boolean
    If vlan tagging is enabled
    vlanId String
    Default VLAN ID, range, or variable used when vlanEnabled==true
    vlanIds List<String>
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    vlanPooling Boolean
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    wlanLimitDown String
    Downlink bandwidth limit applied to the whole WLAN
    wlanLimitDownEnabled Boolean
    If downlink limiting for whole wlan is enabled
    wlanLimitUp String
    Uplink bandwidth limit applied to the whole WLAN
    wlanLimitUpEnabled Boolean
    If uplink limiting for whole wlan is enabled
    wxtagIds List<String>
    Identifiers of WxLAN tags used when applyTo==wxtags
    wxtunnelId String
    When interface=wxtunnel, id of the WXLAN Tunnel
    wxtunnelRemoteId String
    When interface=wxtunnel, remote tunnel identifier
    orgId string
    Owning organization associated with this WLAN
    ssid string
    Name of the SSID
    templateId string
    Identifier of the WLAN template associated with this WLAN
    acctImmediateUpdate boolean
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    acctInterimInterval number
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    acctServers WlanAcctServer[]
    RADIUS accounting servers used by this WLAN
    airwatch WlanAirwatch
    Integration settings for AirWatch device compliance on this WLAN
    allowIpv6Ndp boolean
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    allowMdns boolean
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    allowSsdp boolean
    Only applicable when limitBcast==true, which allows SSDP
    apIds string[]
    Access point identifiers used when applyTo==aps
    appLimit WlanAppLimit
    Bandwidth limits for applications on this WLAN
    appQos WlanAppQos
    QoS rules for application traffic on this WLAN
    applyTo string
    Scope that determines where this WLAN is applied
    arpFilter boolean
    Whether to enable smart arp filter
    auth WlanAuth
    Settings that control client authentication for this WLAN
    authServerSelection string
    RADIUS authentication server selection behavior for this WLAN
    authServers WlanAuthServer[]
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    authServersNasId string
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    authServersNasIp string
    Optional, NAS-IP-ADDRESS to use
    authServersRetries number
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    authServersTimeout number
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    bandSteer boolean
    Whether to enable band_steering, this works only when band==both
    bandSteerForceBand5 boolean
    Force dualBand capable client to connect to 5G
    bands string[]
    list of radios that the wlan should apply to. enum: 24, 5, 6
    blockBlacklistClients boolean
    Whether to block the clients in the blacklist (up to first 256 macs)
    bonjour WlanBonjour
    Service discovery gateway settings for Bonjour traffic on this WLAN
    ciscoCwa WlanCiscoCwa
    Central web authentication settings for Cisco CWA on this WLAN
    clientLimitDown string
    Downlink bandwidth limit applied per client
    clientLimitDownEnabled boolean
    If downlink limiting per-client is enabled
    clientLimitUp string
    Uplink bandwidth limit applied per client
    clientLimitUpEnabled boolean
    If uplink limiting per-client is enabled
    coaServers WlanCoaServer[]
    RADIUS Change of Authorization servers available to this WLAN
    disable11ax boolean
    Some old WLAN drivers may not be compatible
    disable11be boolean
    To disable Wi-Fi 7 EHT IEs
    disableHtVhtRates boolean
    To disable ht or vht rates
    disableMessageAuthenticatorCheck boolean
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    disableUapsd boolean
    Whether to disable U-APSD
    disableV1RoamNotify boolean
    Disable sending v2 roam notification messages
    disableV2RoamNotify boolean
    Disable sending v2 roam notification messages
    disableWhenGatewayUnreachable boolean
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    disableWhenMxtunnelDown boolean
    Whether to disable this WLAN when the configured Mist tunnel is down
    disableWmm boolean
    Whether to disable WMM
    dnsServerRewrite WlanDnsServerRewrite
    RADIUS group based DNS server rewrite settings for this WLAN
    dtim number
    Delivery Traffic Indication Message interval for this WLAN
    dynamicPsk WlanDynamicPsk
    Per-user PSK selection settings for this WLAN
    dynamicVlan WlanDynamicVlan
    VLAN assignment settings for 802.1X dynamic VLANs
    enableFtm boolean
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    enableLocalKeycaching boolean
    Enable AP-AP keycaching via multicast
    enableWirelessBridging boolean
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    enableWirelessBridgingDhcpTracking boolean
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    enabled boolean
    If this wlan is enabled
    fastDot1xTimers boolean
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    hideSsid boolean
    Whether to hide SSID in beacon
    hostnameIe boolean
    Include hostname inside IE in AP beacons / probe responses
    hotspot20 WlanHotspot20
    Passpoint and Hotspot 2.0 settings for this WLAN
    injectDhcpOption82 WlanInjectDhcpOption82
    DHCP Option 82 insertion settings for this WLAN
    interface string
    Network interface or tunnel where this WLAN bridges client traffic
    isolation boolean
    Whether to stop clients to talk to each other
    l2Isolation boolean
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    legacyOverds boolean
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    limitBcast boolean
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    limitProbeResponse boolean
    Limit probe response base on some heuristic rules
    maxIdletime number
    Max idle time in seconds
    maxNumClients number
    Maximum number of client connected to the SSID. 0 means unlimited
    mistNac WlanMistNac
    Juniper Mist NAC settings used by this WLAN
    mxtunnelIds string[]
    Mist Tunnel identifiers used when interface==mxtunnel
    mxtunnelNames string[]
    Mist Tunnel names used when interface==siteMxedge
    noStaticDns boolean
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    noStaticIp boolean
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    portal WlanPortal
    Guest portal settings for this WLAN
    portalAllowedHostnames string[]
    Guest portal hostnames that clients may reach before authorization
    portalAllowedSubnets string[]
    Guest portal CIDR subnets that clients may reach before authorization
    portalDeniedHostnames string[]
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    qos WlanQos
    Quality-of-service settings for WLAN client traffic
    radsec WlanRadsec
    TLS-secured RADIUS transport settings for this WLAN
    rateset {[key: string]: WlanRatesetArgs}
    Data rate settings by RF band for this WLAN
    reconnectClientsWhenRoamingMxcluster boolean
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    roamMode string
    Fast roaming mode configured for this WLAN
    schedule WlanSchedule
    Operating schedule controlling when this WLAN is active
    sleExcluded boolean
    Whether to exclude this WLAN from SLE metrics
    useEapolV1 boolean
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    vlanEnabled boolean
    If vlan tagging is enabled
    vlanId string
    Default VLAN ID, range, or variable used when vlanEnabled==true
    vlanIds string[]
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    vlanPooling boolean
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    wlanLimitDown string
    Downlink bandwidth limit applied to the whole WLAN
    wlanLimitDownEnabled boolean
    If downlink limiting for whole wlan is enabled
    wlanLimitUp string
    Uplink bandwidth limit applied to the whole WLAN
    wlanLimitUpEnabled boolean
    If uplink limiting for whole wlan is enabled
    wxtagIds string[]
    Identifiers of WxLAN tags used when applyTo==wxtags
    wxtunnelId string
    When interface=wxtunnel, id of the WXLAN Tunnel
    wxtunnelRemoteId string
    When interface=wxtunnel, remote tunnel identifier
    org_id str
    Owning organization associated with this WLAN
    ssid str
    Name of the SSID
    template_id str
    Identifier of the WLAN template associated with this WLAN
    acct_immediate_update bool
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    acct_interim_interval int
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    acct_servers Sequence[WlanAcctServerArgs]
    RADIUS accounting servers used by this WLAN
    airwatch WlanAirwatchArgs
    Integration settings for AirWatch device compliance on this WLAN
    allow_ipv6_ndp bool
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    allow_mdns bool
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    allow_ssdp bool
    Only applicable when limitBcast==true, which allows SSDP
    ap_ids Sequence[str]
    Access point identifiers used when applyTo==aps
    app_limit WlanAppLimitArgs
    Bandwidth limits for applications on this WLAN
    app_qos WlanAppQosArgs
    QoS rules for application traffic on this WLAN
    apply_to str
    Scope that determines where this WLAN is applied
    arp_filter bool
    Whether to enable smart arp filter
    auth WlanAuthArgs
    Settings that control client authentication for this WLAN
    auth_server_selection str
    RADIUS authentication server selection behavior for this WLAN
    auth_servers Sequence[WlanAuthServerArgs]
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    auth_servers_nas_id str
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    auth_servers_nas_ip str
    Optional, NAS-IP-ADDRESS to use
    auth_servers_retries int
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    auth_servers_timeout int
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    band_steer bool
    Whether to enable band_steering, this works only when band==both
    band_steer_force_band5 bool
    Force dualBand capable client to connect to 5G
    bands Sequence[str]
    list of radios that the wlan should apply to. enum: 24, 5, 6
    block_blacklist_clients bool
    Whether to block the clients in the blacklist (up to first 256 macs)
    bonjour WlanBonjourArgs
    Service discovery gateway settings for Bonjour traffic on this WLAN
    cisco_cwa WlanCiscoCwaArgs
    Central web authentication settings for Cisco CWA on this WLAN
    client_limit_down str
    Downlink bandwidth limit applied per client
    client_limit_down_enabled bool
    If downlink limiting per-client is enabled
    client_limit_up str
    Uplink bandwidth limit applied per client
    client_limit_up_enabled bool
    If uplink limiting per-client is enabled
    coa_servers Sequence[WlanCoaServerArgs]
    RADIUS Change of Authorization servers available to this WLAN
    disable11ax bool
    Some old WLAN drivers may not be compatible
    disable11be bool
    To disable Wi-Fi 7 EHT IEs
    disable_ht_vht_rates bool
    To disable ht or vht rates
    disable_message_authenticator_check bool
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    disable_uapsd bool
    Whether to disable U-APSD
    disable_v1_roam_notify bool
    Disable sending v2 roam notification messages
    disable_v2_roam_notify bool
    Disable sending v2 roam notification messages
    disable_when_gateway_unreachable bool
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    disable_when_mxtunnel_down bool
    Whether to disable this WLAN when the configured Mist tunnel is down
    disable_wmm bool
    Whether to disable WMM
    dns_server_rewrite WlanDnsServerRewriteArgs
    RADIUS group based DNS server rewrite settings for this WLAN
    dtim int
    Delivery Traffic Indication Message interval for this WLAN
    dynamic_psk WlanDynamicPskArgs
    Per-user PSK selection settings for this WLAN
    dynamic_vlan WlanDynamicVlanArgs
    VLAN assignment settings for 802.1X dynamic VLANs
    enable_ftm bool
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    enable_local_keycaching bool
    Enable AP-AP keycaching via multicast
    enable_wireless_bridging bool
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    enable_wireless_bridging_dhcp_tracking bool
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    enabled bool
    If this wlan is enabled
    fast_dot1x_timers bool
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    hide_ssid bool
    Whether to hide SSID in beacon
    hostname_ie bool
    Include hostname inside IE in AP beacons / probe responses
    hotspot20 WlanHotspot20Args
    Passpoint and Hotspot 2.0 settings for this WLAN
    inject_dhcp_option82 WlanInjectDhcpOption82Args
    DHCP Option 82 insertion settings for this WLAN
    interface str
    Network interface or tunnel where this WLAN bridges client traffic
    isolation bool
    Whether to stop clients to talk to each other
    l2_isolation bool
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    legacy_overds bool
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    limit_bcast bool
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    limit_probe_response bool
    Limit probe response base on some heuristic rules
    max_idletime int
    Max idle time in seconds
    max_num_clients int
    Maximum number of client connected to the SSID. 0 means unlimited
    mist_nac WlanMistNacArgs
    Juniper Mist NAC settings used by this WLAN
    mxtunnel_ids Sequence[str]
    Mist Tunnel identifiers used when interface==mxtunnel
    mxtunnel_names Sequence[str]
    Mist Tunnel names used when interface==siteMxedge
    no_static_dns bool
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    no_static_ip bool
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    portal WlanPortalArgs
    Guest portal settings for this WLAN
    portal_allowed_hostnames Sequence[str]
    Guest portal hostnames that clients may reach before authorization
    portal_allowed_subnets Sequence[str]
    Guest portal CIDR subnets that clients may reach before authorization
    portal_denied_hostnames Sequence[str]
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    qos WlanQosArgs
    Quality-of-service settings for WLAN client traffic
    radsec WlanRadsecArgs
    TLS-secured RADIUS transport settings for this WLAN
    rateset Mapping[str, WlanRatesetArgs]
    Data rate settings by RF band for this WLAN
    reconnect_clients_when_roaming_mxcluster bool
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    roam_mode str
    Fast roaming mode configured for this WLAN
    schedule WlanScheduleArgs
    Operating schedule controlling when this WLAN is active
    sle_excluded bool
    Whether to exclude this WLAN from SLE metrics
    use_eapol_v1 bool
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    vlan_enabled bool
    If vlan tagging is enabled
    vlan_id str
    Default VLAN ID, range, or variable used when vlanEnabled==true
    vlan_ids Sequence[str]
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    vlan_pooling bool
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    wlan_limit_down str
    Downlink bandwidth limit applied to the whole WLAN
    wlan_limit_down_enabled bool
    If downlink limiting for whole wlan is enabled
    wlan_limit_up str
    Uplink bandwidth limit applied to the whole WLAN
    wlan_limit_up_enabled bool
    If uplink limiting for whole wlan is enabled
    wxtag_ids Sequence[str]
    Identifiers of WxLAN tags used when applyTo==wxtags
    wxtunnel_id str
    When interface=wxtunnel, id of the WXLAN Tunnel
    wxtunnel_remote_id str
    When interface=wxtunnel, remote tunnel identifier
    orgId String
    Owning organization associated with this WLAN
    ssid String
    Name of the SSID
    templateId String
    Identifier of the WLAN template associated with this WLAN
    acctImmediateUpdate Boolean
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    acctInterimInterval Number
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    acctServers List<Property Map>
    RADIUS accounting servers used by this WLAN
    airwatch Property Map
    Integration settings for AirWatch device compliance on this WLAN
    allowIpv6Ndp Boolean
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    allowMdns Boolean
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    allowSsdp Boolean
    Only applicable when limitBcast==true, which allows SSDP
    apIds List<String>
    Access point identifiers used when applyTo==aps
    appLimit Property Map
    Bandwidth limits for applications on this WLAN
    appQos Property Map
    QoS rules for application traffic on this WLAN
    applyTo String
    Scope that determines where this WLAN is applied
    arpFilter Boolean
    Whether to enable smart arp filter
    auth Property Map
    Settings that control client authentication for this WLAN
    authServerSelection String
    RADIUS authentication server selection behavior for this WLAN
    authServers List<Property Map>
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    authServersNasId String
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    authServersNasIp String
    Optional, NAS-IP-ADDRESS to use
    authServersRetries Number
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    authServersTimeout Number
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    bandSteer Boolean
    Whether to enable band_steering, this works only when band==both
    bandSteerForceBand5 Boolean
    Force dualBand capable client to connect to 5G
    bands List<String>
    list of radios that the wlan should apply to. enum: 24, 5, 6
    blockBlacklistClients Boolean
    Whether to block the clients in the blacklist (up to first 256 macs)
    bonjour Property Map
    Service discovery gateway settings for Bonjour traffic on this WLAN
    ciscoCwa Property Map
    Central web authentication settings for Cisco CWA on this WLAN
    clientLimitDown String
    Downlink bandwidth limit applied per client
    clientLimitDownEnabled Boolean
    If downlink limiting per-client is enabled
    clientLimitUp String
    Uplink bandwidth limit applied per client
    clientLimitUpEnabled Boolean
    If uplink limiting per-client is enabled
    coaServers List<Property Map>
    RADIUS Change of Authorization servers available to this WLAN
    disable11ax Boolean
    Some old WLAN drivers may not be compatible
    disable11be Boolean
    To disable Wi-Fi 7 EHT IEs
    disableHtVhtRates Boolean
    To disable ht or vht rates
    disableMessageAuthenticatorCheck Boolean
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    disableUapsd Boolean
    Whether to disable U-APSD
    disableV1RoamNotify Boolean
    Disable sending v2 roam notification messages
    disableV2RoamNotify Boolean
    Disable sending v2 roam notification messages
    disableWhenGatewayUnreachable Boolean
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    disableWhenMxtunnelDown Boolean
    Whether to disable this WLAN when the configured Mist tunnel is down
    disableWmm Boolean
    Whether to disable WMM
    dnsServerRewrite Property Map
    RADIUS group based DNS server rewrite settings for this WLAN
    dtim Number
    Delivery Traffic Indication Message interval for this WLAN
    dynamicPsk Property Map
    Per-user PSK selection settings for this WLAN
    dynamicVlan Property Map
    VLAN assignment settings for 802.1X dynamic VLANs
    enableFtm Boolean
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    enableLocalKeycaching Boolean
    Enable AP-AP keycaching via multicast
    enableWirelessBridging Boolean
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    enableWirelessBridgingDhcpTracking Boolean
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    enabled Boolean
    If this wlan is enabled
    fastDot1xTimers Boolean
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    hideSsid Boolean
    Whether to hide SSID in beacon
    hostnameIe Boolean
    Include hostname inside IE in AP beacons / probe responses
    hotspot20 Property Map
    Passpoint and Hotspot 2.0 settings for this WLAN
    injectDhcpOption82 Property Map
    DHCP Option 82 insertion settings for this WLAN
    interface String
    Network interface or tunnel where this WLAN bridges client traffic
    isolation Boolean
    Whether to stop clients to talk to each other
    l2Isolation Boolean
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    legacyOverds Boolean
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    limitBcast Boolean
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    limitProbeResponse Boolean
    Limit probe response base on some heuristic rules
    maxIdletime Number
    Max idle time in seconds
    maxNumClients Number
    Maximum number of client connected to the SSID. 0 means unlimited
    mistNac Property Map
    Juniper Mist NAC settings used by this WLAN
    mxtunnelIds List<String>
    Mist Tunnel identifiers used when interface==mxtunnel
    mxtunnelNames List<String>
    Mist Tunnel names used when interface==siteMxedge
    noStaticDns Boolean
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    noStaticIp Boolean
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    portal Property Map
    Guest portal settings for this WLAN
    portalAllowedHostnames List<String>
    Guest portal hostnames that clients may reach before authorization
    portalAllowedSubnets List<String>
    Guest portal CIDR subnets that clients may reach before authorization
    portalDeniedHostnames List<String>
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    qos Property Map
    Quality-of-service settings for WLAN client traffic
    radsec Property Map
    TLS-secured RADIUS transport settings for this WLAN
    rateset Map<Property Map>
    Data rate settings by RF band for this WLAN
    reconnectClientsWhenRoamingMxcluster Boolean
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    roamMode String
    Fast roaming mode configured for this WLAN
    schedule Property Map
    Operating schedule controlling when this WLAN is active
    sleExcluded Boolean
    Whether to exclude this WLAN from SLE metrics
    useEapolV1 Boolean
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    vlanEnabled Boolean
    If vlan tagging is enabled
    vlanId String
    Default VLAN ID, range, or variable used when vlanEnabled==true
    vlanIds List<String>
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    vlanPooling Boolean
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    wlanLimitDown String
    Downlink bandwidth limit applied to the whole WLAN
    wlanLimitDownEnabled Boolean
    If downlink limiting for whole wlan is enabled
    wlanLimitUp String
    Uplink bandwidth limit applied to the whole WLAN
    wlanLimitUpEnabled Boolean
    If uplink limiting for whole wlan is enabled
    wxtagIds List<String>
    Identifiers of WxLAN tags used when applyTo==wxtags
    wxtunnelId String
    When interface=wxtunnel, id of the WXLAN Tunnel
    wxtunnelRemoteId String
    When interface=wxtunnel, remote tunnel identifier

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Wlan resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    MspId string
    Managed service provider identifier associated with this WLAN
    PortalApiSecret string
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    PortalImage string
    Url of portal background image
    PortalSsoUrl string
    URL used in the SSO process, auto-generated when auth is set to sso
    Id string
    The provider-assigned unique ID for this managed resource.
    MspId string
    Managed service provider identifier associated with this WLAN
    PortalApiSecret string
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    PortalImage string
    Url of portal background image
    PortalSsoUrl string
    URL used in the SSO process, auto-generated when auth is set to sso
    id string
    The provider-assigned unique ID for this managed resource.
    msp_id string
    Managed service provider identifier associated with this WLAN
    portal_api_secret string
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    portal_image string
    Url of portal background image
    portal_sso_url string
    URL used in the SSO process, auto-generated when auth is set to sso
    id String
    The provider-assigned unique ID for this managed resource.
    mspId String
    Managed service provider identifier associated with this WLAN
    portalApiSecret String
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    portalImage String
    Url of portal background image
    portalSsoUrl String
    URL used in the SSO process, auto-generated when auth is set to sso
    id string
    The provider-assigned unique ID for this managed resource.
    mspId string
    Managed service provider identifier associated with this WLAN
    portalApiSecret string
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    portalImage string
    Url of portal background image
    portalSsoUrl string
    URL used in the SSO process, auto-generated when auth is set to sso
    id str
    The provider-assigned unique ID for this managed resource.
    msp_id str
    Managed service provider identifier associated with this WLAN
    portal_api_secret str
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    portal_image str
    Url of portal background image
    portal_sso_url str
    URL used in the SSO process, auto-generated when auth is set to sso
    id String
    The provider-assigned unique ID for this managed resource.
    mspId String
    Managed service provider identifier associated with this WLAN
    portalApiSecret String
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    portalImage String
    Url of portal background image
    portalSsoUrl String
    URL used in the SSO process, auto-generated when auth is set to sso

    Look up Existing Wlan Resource

    Get an existing Wlan resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: WlanState, opts?: CustomResourceOptions): Wlan
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            acct_immediate_update: Optional[bool] = None,
            acct_interim_interval: Optional[int] = None,
            acct_servers: Optional[Sequence[WlanAcctServerArgs]] = None,
            airwatch: Optional[WlanAirwatchArgs] = None,
            allow_ipv6_ndp: Optional[bool] = None,
            allow_mdns: Optional[bool] = None,
            allow_ssdp: Optional[bool] = None,
            ap_ids: Optional[Sequence[str]] = None,
            app_limit: Optional[WlanAppLimitArgs] = None,
            app_qos: Optional[WlanAppQosArgs] = None,
            apply_to: Optional[str] = None,
            arp_filter: Optional[bool] = None,
            auth: Optional[WlanAuthArgs] = None,
            auth_server_selection: Optional[str] = None,
            auth_servers: Optional[Sequence[WlanAuthServerArgs]] = None,
            auth_servers_nas_id: Optional[str] = None,
            auth_servers_nas_ip: Optional[str] = None,
            auth_servers_retries: Optional[int] = None,
            auth_servers_timeout: Optional[int] = None,
            band_steer: Optional[bool] = None,
            band_steer_force_band5: Optional[bool] = None,
            bands: Optional[Sequence[str]] = None,
            block_blacklist_clients: Optional[bool] = None,
            bonjour: Optional[WlanBonjourArgs] = None,
            cisco_cwa: Optional[WlanCiscoCwaArgs] = None,
            client_limit_down: Optional[str] = None,
            client_limit_down_enabled: Optional[bool] = None,
            client_limit_up: Optional[str] = None,
            client_limit_up_enabled: Optional[bool] = None,
            coa_servers: Optional[Sequence[WlanCoaServerArgs]] = None,
            disable11ax: Optional[bool] = None,
            disable11be: Optional[bool] = None,
            disable_ht_vht_rates: Optional[bool] = None,
            disable_message_authenticator_check: Optional[bool] = None,
            disable_uapsd: Optional[bool] = None,
            disable_v1_roam_notify: Optional[bool] = None,
            disable_v2_roam_notify: Optional[bool] = None,
            disable_when_gateway_unreachable: Optional[bool] = None,
            disable_when_mxtunnel_down: Optional[bool] = None,
            disable_wmm: Optional[bool] = None,
            dns_server_rewrite: Optional[WlanDnsServerRewriteArgs] = None,
            dtim: Optional[int] = None,
            dynamic_psk: Optional[WlanDynamicPskArgs] = None,
            dynamic_vlan: Optional[WlanDynamicVlanArgs] = None,
            enable_ftm: Optional[bool] = None,
            enable_local_keycaching: Optional[bool] = None,
            enable_wireless_bridging: Optional[bool] = None,
            enable_wireless_bridging_dhcp_tracking: Optional[bool] = None,
            enabled: Optional[bool] = None,
            fast_dot1x_timers: Optional[bool] = None,
            hide_ssid: Optional[bool] = None,
            hostname_ie: Optional[bool] = None,
            hotspot20: Optional[WlanHotspot20Args] = None,
            inject_dhcp_option82: Optional[WlanInjectDhcpOption82Args] = None,
            interface: Optional[str] = None,
            isolation: Optional[bool] = None,
            l2_isolation: Optional[bool] = None,
            legacy_overds: Optional[bool] = None,
            limit_bcast: Optional[bool] = None,
            limit_probe_response: Optional[bool] = None,
            max_idletime: Optional[int] = None,
            max_num_clients: Optional[int] = None,
            mist_nac: Optional[WlanMistNacArgs] = None,
            msp_id: Optional[str] = None,
            mxtunnel_ids: Optional[Sequence[str]] = None,
            mxtunnel_names: Optional[Sequence[str]] = None,
            no_static_dns: Optional[bool] = None,
            no_static_ip: Optional[bool] = None,
            org_id: Optional[str] = None,
            portal: Optional[WlanPortalArgs] = None,
            portal_allowed_hostnames: Optional[Sequence[str]] = None,
            portal_allowed_subnets: Optional[Sequence[str]] = None,
            portal_api_secret: Optional[str] = None,
            portal_denied_hostnames: Optional[Sequence[str]] = None,
            portal_image: Optional[str] = None,
            portal_sso_url: Optional[str] = None,
            qos: Optional[WlanQosArgs] = None,
            radsec: Optional[WlanRadsecArgs] = None,
            rateset: Optional[Mapping[str, WlanRatesetArgs]] = None,
            reconnect_clients_when_roaming_mxcluster: Optional[bool] = None,
            roam_mode: Optional[str] = None,
            schedule: Optional[WlanScheduleArgs] = None,
            sle_excluded: Optional[bool] = None,
            ssid: Optional[str] = None,
            template_id: Optional[str] = None,
            use_eapol_v1: Optional[bool] = None,
            vlan_enabled: Optional[bool] = None,
            vlan_id: Optional[str] = None,
            vlan_ids: Optional[Sequence[str]] = None,
            vlan_pooling: Optional[bool] = None,
            wlan_limit_down: Optional[str] = None,
            wlan_limit_down_enabled: Optional[bool] = None,
            wlan_limit_up: Optional[str] = None,
            wlan_limit_up_enabled: Optional[bool] = None,
            wxtag_ids: Optional[Sequence[str]] = None,
            wxtunnel_id: Optional[str] = None,
            wxtunnel_remote_id: Optional[str] = None) -> Wlan
    func GetWlan(ctx *Context, name string, id IDInput, state *WlanState, opts ...ResourceOption) (*Wlan, error)
    public static Wlan Get(string name, Input<string> id, WlanState? state, CustomResourceOptions? opts = null)
    public static Wlan get(String name, Output<String> id, WlanState state, CustomResourceOptions options)
    resources:  _:    type: junipermist:org:Wlan    get:      id: ${id}
    import {
      to = junipermist_org_wlan.example
      id = "${id}"
    }
    
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AcctImmediateUpdate bool
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    AcctInterimInterval int
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    AcctServers List<Pulumi.JuniperMist.Org.Inputs.WlanAcctServer>
    RADIUS accounting servers used by this WLAN
    Airwatch Pulumi.JuniperMist.Org.Inputs.WlanAirwatch
    Integration settings for AirWatch device compliance on this WLAN
    AllowIpv6Ndp bool
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    AllowMdns bool
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    AllowSsdp bool
    Only applicable when limitBcast==true, which allows SSDP
    ApIds List<string>
    Access point identifiers used when applyTo==aps
    AppLimit Pulumi.JuniperMist.Org.Inputs.WlanAppLimit
    Bandwidth limits for applications on this WLAN
    AppQos Pulumi.JuniperMist.Org.Inputs.WlanAppQos
    QoS rules for application traffic on this WLAN
    ApplyTo string
    Scope that determines where this WLAN is applied
    ArpFilter bool
    Whether to enable smart arp filter
    Auth Pulumi.JuniperMist.Org.Inputs.WlanAuth
    Settings that control client authentication for this WLAN
    AuthServerSelection string
    RADIUS authentication server selection behavior for this WLAN
    AuthServers List<Pulumi.JuniperMist.Org.Inputs.WlanAuthServer>
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    AuthServersNasId string
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    AuthServersNasIp string
    Optional, NAS-IP-ADDRESS to use
    AuthServersRetries int
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    AuthServersTimeout int
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    BandSteer bool
    Whether to enable band_steering, this works only when band==both
    BandSteerForceBand5 bool
    Force dualBand capable client to connect to 5G
    Bands List<string>
    list of radios that the wlan should apply to. enum: 24, 5, 6
    BlockBlacklistClients bool
    Whether to block the clients in the blacklist (up to first 256 macs)
    Bonjour Pulumi.JuniperMist.Org.Inputs.WlanBonjour
    Service discovery gateway settings for Bonjour traffic on this WLAN
    CiscoCwa Pulumi.JuniperMist.Org.Inputs.WlanCiscoCwa
    Central web authentication settings for Cisco CWA on this WLAN
    ClientLimitDown string
    Downlink bandwidth limit applied per client
    ClientLimitDownEnabled bool
    If downlink limiting per-client is enabled
    ClientLimitUp string
    Uplink bandwidth limit applied per client
    ClientLimitUpEnabled bool
    If uplink limiting per-client is enabled
    CoaServers List<Pulumi.JuniperMist.Org.Inputs.WlanCoaServer>
    RADIUS Change of Authorization servers available to this WLAN
    Disable11ax bool
    Some old WLAN drivers may not be compatible
    Disable11be bool
    To disable Wi-Fi 7 EHT IEs
    DisableHtVhtRates bool
    To disable ht or vht rates
    DisableMessageAuthenticatorCheck bool
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    DisableUapsd bool
    Whether to disable U-APSD
    DisableV1RoamNotify bool
    Disable sending v2 roam notification messages
    DisableV2RoamNotify bool
    Disable sending v2 roam notification messages
    DisableWhenGatewayUnreachable bool
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    DisableWhenMxtunnelDown bool
    Whether to disable this WLAN when the configured Mist tunnel is down
    DisableWmm bool
    Whether to disable WMM
    DnsServerRewrite Pulumi.JuniperMist.Org.Inputs.WlanDnsServerRewrite
    RADIUS group based DNS server rewrite settings for this WLAN
    Dtim int
    Delivery Traffic Indication Message interval for this WLAN
    DynamicPsk Pulumi.JuniperMist.Org.Inputs.WlanDynamicPsk
    Per-user PSK selection settings for this WLAN
    DynamicVlan Pulumi.JuniperMist.Org.Inputs.WlanDynamicVlan
    VLAN assignment settings for 802.1X dynamic VLANs
    EnableFtm bool
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    EnableLocalKeycaching bool
    Enable AP-AP keycaching via multicast
    EnableWirelessBridging bool
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    EnableWirelessBridgingDhcpTracking bool
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    Enabled bool
    If this wlan is enabled
    FastDot1xTimers bool
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    HideSsid bool
    Whether to hide SSID in beacon
    HostnameIe bool
    Include hostname inside IE in AP beacons / probe responses
    Hotspot20 Pulumi.JuniperMist.Org.Inputs.WlanHotspot20
    Passpoint and Hotspot 2.0 settings for this WLAN
    InjectDhcpOption82 Pulumi.JuniperMist.Org.Inputs.WlanInjectDhcpOption82
    DHCP Option 82 insertion settings for this WLAN
    Interface string
    Network interface or tunnel where this WLAN bridges client traffic
    Isolation bool
    Whether to stop clients to talk to each other
    L2Isolation bool
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    LegacyOverds bool
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    LimitBcast bool
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    LimitProbeResponse bool
    Limit probe response base on some heuristic rules
    MaxIdletime int
    Max idle time in seconds
    MaxNumClients int
    Maximum number of client connected to the SSID. 0 means unlimited
    MistNac Pulumi.JuniperMist.Org.Inputs.WlanMistNac
    Juniper Mist NAC settings used by this WLAN
    MspId string
    Managed service provider identifier associated with this WLAN
    MxtunnelIds List<string>
    Mist Tunnel identifiers used when interface==mxtunnel
    MxtunnelNames List<string>
    Mist Tunnel names used when interface==siteMxedge
    NoStaticDns bool
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    NoStaticIp bool
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    OrgId string
    Owning organization associated with this WLAN
    Portal Pulumi.JuniperMist.Org.Inputs.WlanPortal
    Guest portal settings for this WLAN
    PortalAllowedHostnames List<string>
    Guest portal hostnames that clients may reach before authorization
    PortalAllowedSubnets List<string>
    Guest portal CIDR subnets that clients may reach before authorization
    PortalApiSecret string
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    PortalDeniedHostnames List<string>
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    PortalImage string
    Url of portal background image
    PortalSsoUrl string
    URL used in the SSO process, auto-generated when auth is set to sso
    Qos Pulumi.JuniperMist.Org.Inputs.WlanQos
    Quality-of-service settings for WLAN client traffic
    Radsec Pulumi.JuniperMist.Org.Inputs.WlanRadsec
    TLS-secured RADIUS transport settings for this WLAN
    Rateset Dictionary<string, Pulumi.JuniperMist.Org.Inputs.WlanRatesetArgs>
    Data rate settings by RF band for this WLAN
    ReconnectClientsWhenRoamingMxcluster bool
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    RoamMode string
    Fast roaming mode configured for this WLAN
    Schedule Pulumi.JuniperMist.Org.Inputs.WlanSchedule
    Operating schedule controlling when this WLAN is active
    SleExcluded bool
    Whether to exclude this WLAN from SLE metrics
    Ssid string
    Name of the SSID
    TemplateId string
    Identifier of the WLAN template associated with this WLAN
    UseEapolV1 bool
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    VlanEnabled bool
    If vlan tagging is enabled
    VlanId string
    Default VLAN ID, range, or variable used when vlanEnabled==true
    VlanIds List<string>
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    VlanPooling bool
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    WlanLimitDown string
    Downlink bandwidth limit applied to the whole WLAN
    WlanLimitDownEnabled bool
    If downlink limiting for whole wlan is enabled
    WlanLimitUp string
    Uplink bandwidth limit applied to the whole WLAN
    WlanLimitUpEnabled bool
    If uplink limiting for whole wlan is enabled
    WxtagIds List<string>
    Identifiers of WxLAN tags used when applyTo==wxtags
    WxtunnelId string
    When interface=wxtunnel, id of the WXLAN Tunnel
    WxtunnelRemoteId string
    When interface=wxtunnel, remote tunnel identifier
    AcctImmediateUpdate bool
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    AcctInterimInterval int
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    AcctServers []WlanAcctServerArgs
    RADIUS accounting servers used by this WLAN
    Airwatch WlanAirwatchArgs
    Integration settings for AirWatch device compliance on this WLAN
    AllowIpv6Ndp bool
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    AllowMdns bool
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    AllowSsdp bool
    Only applicable when limitBcast==true, which allows SSDP
    ApIds []string
    Access point identifiers used when applyTo==aps
    AppLimit WlanAppLimitArgs
    Bandwidth limits for applications on this WLAN
    AppQos WlanAppQosArgs
    QoS rules for application traffic on this WLAN
    ApplyTo string
    Scope that determines where this WLAN is applied
    ArpFilter bool
    Whether to enable smart arp filter
    Auth WlanAuthArgs
    Settings that control client authentication for this WLAN
    AuthServerSelection string
    RADIUS authentication server selection behavior for this WLAN
    AuthServers []WlanAuthServerArgs
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    AuthServersNasId string
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    AuthServersNasIp string
    Optional, NAS-IP-ADDRESS to use
    AuthServersRetries int
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    AuthServersTimeout int
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    BandSteer bool
    Whether to enable band_steering, this works only when band==both
    BandSteerForceBand5 bool
    Force dualBand capable client to connect to 5G
    Bands []string
    list of radios that the wlan should apply to. enum: 24, 5, 6
    BlockBlacklistClients bool
    Whether to block the clients in the blacklist (up to first 256 macs)
    Bonjour WlanBonjourArgs
    Service discovery gateway settings for Bonjour traffic on this WLAN
    CiscoCwa WlanCiscoCwaArgs
    Central web authentication settings for Cisco CWA on this WLAN
    ClientLimitDown string
    Downlink bandwidth limit applied per client
    ClientLimitDownEnabled bool
    If downlink limiting per-client is enabled
    ClientLimitUp string
    Uplink bandwidth limit applied per client
    ClientLimitUpEnabled bool
    If uplink limiting per-client is enabled
    CoaServers []WlanCoaServerArgs
    RADIUS Change of Authorization servers available to this WLAN
    Disable11ax bool
    Some old WLAN drivers may not be compatible
    Disable11be bool
    To disable Wi-Fi 7 EHT IEs
    DisableHtVhtRates bool
    To disable ht or vht rates
    DisableMessageAuthenticatorCheck bool
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    DisableUapsd bool
    Whether to disable U-APSD
    DisableV1RoamNotify bool
    Disable sending v2 roam notification messages
    DisableV2RoamNotify bool
    Disable sending v2 roam notification messages
    DisableWhenGatewayUnreachable bool
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    DisableWhenMxtunnelDown bool
    Whether to disable this WLAN when the configured Mist tunnel is down
    DisableWmm bool
    Whether to disable WMM
    DnsServerRewrite WlanDnsServerRewriteArgs
    RADIUS group based DNS server rewrite settings for this WLAN
    Dtim int
    Delivery Traffic Indication Message interval for this WLAN
    DynamicPsk WlanDynamicPskArgs
    Per-user PSK selection settings for this WLAN
    DynamicVlan WlanDynamicVlanArgs
    VLAN assignment settings for 802.1X dynamic VLANs
    EnableFtm bool
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    EnableLocalKeycaching bool
    Enable AP-AP keycaching via multicast
    EnableWirelessBridging bool
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    EnableWirelessBridgingDhcpTracking bool
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    Enabled bool
    If this wlan is enabled
    FastDot1xTimers bool
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    HideSsid bool
    Whether to hide SSID in beacon
    HostnameIe bool
    Include hostname inside IE in AP beacons / probe responses
    Hotspot20 WlanHotspot20Args
    Passpoint and Hotspot 2.0 settings for this WLAN
    InjectDhcpOption82 WlanInjectDhcpOption82Args
    DHCP Option 82 insertion settings for this WLAN
    Interface string
    Network interface or tunnel where this WLAN bridges client traffic
    Isolation bool
    Whether to stop clients to talk to each other
    L2Isolation bool
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    LegacyOverds bool
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    LimitBcast bool
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    LimitProbeResponse bool
    Limit probe response base on some heuristic rules
    MaxIdletime int
    Max idle time in seconds
    MaxNumClients int
    Maximum number of client connected to the SSID. 0 means unlimited
    MistNac WlanMistNacArgs
    Juniper Mist NAC settings used by this WLAN
    MspId string
    Managed service provider identifier associated with this WLAN
    MxtunnelIds []string
    Mist Tunnel identifiers used when interface==mxtunnel
    MxtunnelNames []string
    Mist Tunnel names used when interface==siteMxedge
    NoStaticDns bool
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    NoStaticIp bool
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    OrgId string
    Owning organization associated with this WLAN
    Portal WlanPortalArgs
    Guest portal settings for this WLAN
    PortalAllowedHostnames []string
    Guest portal hostnames that clients may reach before authorization
    PortalAllowedSubnets []string
    Guest portal CIDR subnets that clients may reach before authorization
    PortalApiSecret string
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    PortalDeniedHostnames []string
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    PortalImage string
    Url of portal background image
    PortalSsoUrl string
    URL used in the SSO process, auto-generated when auth is set to sso
    Qos WlanQosArgs
    Quality-of-service settings for WLAN client traffic
    Radsec WlanRadsecArgs
    TLS-secured RADIUS transport settings for this WLAN
    Rateset map[string]WlanRatesetArgs
    Data rate settings by RF band for this WLAN
    ReconnectClientsWhenRoamingMxcluster bool
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    RoamMode string
    Fast roaming mode configured for this WLAN
    Schedule WlanScheduleArgs
    Operating schedule controlling when this WLAN is active
    SleExcluded bool
    Whether to exclude this WLAN from SLE metrics
    Ssid string
    Name of the SSID
    TemplateId string
    Identifier of the WLAN template associated with this WLAN
    UseEapolV1 bool
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    VlanEnabled bool
    If vlan tagging is enabled
    VlanId string
    Default VLAN ID, range, or variable used when vlanEnabled==true
    VlanIds []string
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    VlanPooling bool
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    WlanLimitDown string
    Downlink bandwidth limit applied to the whole WLAN
    WlanLimitDownEnabled bool
    If downlink limiting for whole wlan is enabled
    WlanLimitUp string
    Uplink bandwidth limit applied to the whole WLAN
    WlanLimitUpEnabled bool
    If uplink limiting for whole wlan is enabled
    WxtagIds []string
    Identifiers of WxLAN tags used when applyTo==wxtags
    WxtunnelId string
    When interface=wxtunnel, id of the WXLAN Tunnel
    WxtunnelRemoteId string
    When interface=wxtunnel, remote tunnel identifier
    acct_immediate_update bool
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    acct_interim_interval number
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    acct_servers list(object)
    RADIUS accounting servers used by this WLAN
    airwatch object
    Integration settings for AirWatch device compliance on this WLAN
    allow_ipv6_ndp bool
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    allow_mdns bool
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    allow_ssdp bool
    Only applicable when limitBcast==true, which allows SSDP
    ap_ids list(string)
    Access point identifiers used when applyTo==aps
    app_limit object
    Bandwidth limits for applications on this WLAN
    app_qos object
    QoS rules for application traffic on this WLAN
    apply_to string
    Scope that determines where this WLAN is applied
    arp_filter bool
    Whether to enable smart arp filter
    auth object
    Settings that control client authentication for this WLAN
    auth_server_selection string
    RADIUS authentication server selection behavior for this WLAN
    auth_servers list(object)
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    auth_servers_nas_id string
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    auth_servers_nas_ip string
    Optional, NAS-IP-ADDRESS to use
    auth_servers_retries number
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    auth_servers_timeout number
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    band_steer bool
    Whether to enable band_steering, this works only when band==both
    band_steer_force_band5 bool
    Force dualBand capable client to connect to 5G
    bands list(string)
    list of radios that the wlan should apply to. enum: 24, 5, 6
    block_blacklist_clients bool
    Whether to block the clients in the blacklist (up to first 256 macs)
    bonjour object
    Service discovery gateway settings for Bonjour traffic on this WLAN
    cisco_cwa object
    Central web authentication settings for Cisco CWA on this WLAN
    client_limit_down string
    Downlink bandwidth limit applied per client
    client_limit_down_enabled bool
    If downlink limiting per-client is enabled
    client_limit_up string
    Uplink bandwidth limit applied per client
    client_limit_up_enabled bool
    If uplink limiting per-client is enabled
    coa_servers list(object)
    RADIUS Change of Authorization servers available to this WLAN
    disable11ax bool
    Some old WLAN drivers may not be compatible
    disable11be bool
    To disable Wi-Fi 7 EHT IEs
    disable_ht_vht_rates bool
    To disable ht or vht rates
    disable_message_authenticator_check bool
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    disable_uapsd bool
    Whether to disable U-APSD
    disable_v1_roam_notify bool
    Disable sending v2 roam notification messages
    disable_v2_roam_notify bool
    Disable sending v2 roam notification messages
    disable_when_gateway_unreachable bool
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    disable_when_mxtunnel_down bool
    Whether to disable this WLAN when the configured Mist tunnel is down
    disable_wmm bool
    Whether to disable WMM
    dns_server_rewrite object
    RADIUS group based DNS server rewrite settings for this WLAN
    dtim number
    Delivery Traffic Indication Message interval for this WLAN
    dynamic_psk object
    Per-user PSK selection settings for this WLAN
    dynamic_vlan object
    VLAN assignment settings for 802.1X dynamic VLANs
    enable_ftm bool
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    enable_local_keycaching bool
    Enable AP-AP keycaching via multicast
    enable_wireless_bridging bool
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    enable_wireless_bridging_dhcp_tracking bool
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    enabled bool
    If this wlan is enabled
    fast_dot1x_timers bool
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    hide_ssid bool
    Whether to hide SSID in beacon
    hostname_ie bool
    Include hostname inside IE in AP beacons / probe responses
    hotspot20 object
    Passpoint and Hotspot 2.0 settings for this WLAN
    inject_dhcp_option82 object
    DHCP Option 82 insertion settings for this WLAN
    interface string
    Network interface or tunnel where this WLAN bridges client traffic
    isolation bool
    Whether to stop clients to talk to each other
    l2_isolation bool
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    legacy_overds bool
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    limit_bcast bool
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    limit_probe_response bool
    Limit probe response base on some heuristic rules
    max_idletime number
    Max idle time in seconds
    max_num_clients number
    Maximum number of client connected to the SSID. 0 means unlimited
    mist_nac object
    Juniper Mist NAC settings used by this WLAN
    msp_id string
    Managed service provider identifier associated with this WLAN
    mxtunnel_ids list(string)
    Mist Tunnel identifiers used when interface==mxtunnel
    mxtunnel_names list(string)
    Mist Tunnel names used when interface==siteMxedge
    no_static_dns bool
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    no_static_ip bool
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    org_id string
    Owning organization associated with this WLAN
    portal object
    Guest portal settings for this WLAN
    portal_allowed_hostnames list(string)
    Guest portal hostnames that clients may reach before authorization
    portal_allowed_subnets list(string)
    Guest portal CIDR subnets that clients may reach before authorization
    portal_api_secret string
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    portal_denied_hostnames list(string)
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    portal_image string
    Url of portal background image
    portal_sso_url string
    URL used in the SSO process, auto-generated when auth is set to sso
    qos object
    Quality-of-service settings for WLAN client traffic
    radsec object
    TLS-secured RADIUS transport settings for this WLAN
    rateset map(object)
    Data rate settings by RF band for this WLAN
    reconnect_clients_when_roaming_mxcluster bool
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    roam_mode string
    Fast roaming mode configured for this WLAN
    schedule object
    Operating schedule controlling when this WLAN is active
    sle_excluded bool
    Whether to exclude this WLAN from SLE metrics
    ssid string
    Name of the SSID
    template_id string
    Identifier of the WLAN template associated with this WLAN
    use_eapol_v1 bool
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    vlan_enabled bool
    If vlan tagging is enabled
    vlan_id string
    Default VLAN ID, range, or variable used when vlanEnabled==true
    vlan_ids list(string)
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    vlan_pooling bool
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    wlan_limit_down string
    Downlink bandwidth limit applied to the whole WLAN
    wlan_limit_down_enabled bool
    If downlink limiting for whole wlan is enabled
    wlan_limit_up string
    Uplink bandwidth limit applied to the whole WLAN
    wlan_limit_up_enabled bool
    If uplink limiting for whole wlan is enabled
    wxtag_ids list(string)
    Identifiers of WxLAN tags used when applyTo==wxtags
    wxtunnel_id string
    When interface=wxtunnel, id of the WXLAN Tunnel
    wxtunnel_remote_id string
    When interface=wxtunnel, remote tunnel identifier
    acctImmediateUpdate Boolean
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    acctInterimInterval Integer
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    acctServers List<WlanAcctServer>
    RADIUS accounting servers used by this WLAN
    airwatch WlanAirwatch
    Integration settings for AirWatch device compliance on this WLAN
    allowIpv6Ndp Boolean
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    allowMdns Boolean
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    allowSsdp Boolean
    Only applicable when limitBcast==true, which allows SSDP
    apIds List<String>
    Access point identifiers used when applyTo==aps
    appLimit WlanAppLimit
    Bandwidth limits for applications on this WLAN
    appQos WlanAppQos
    QoS rules for application traffic on this WLAN
    applyTo String
    Scope that determines where this WLAN is applied
    arpFilter Boolean
    Whether to enable smart arp filter
    auth WlanAuth
    Settings that control client authentication for this WLAN
    authServerSelection String
    RADIUS authentication server selection behavior for this WLAN
    authServers List<WlanAuthServer>
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    authServersNasId String
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    authServersNasIp String
    Optional, NAS-IP-ADDRESS to use
    authServersRetries Integer
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    authServersTimeout Integer
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    bandSteer Boolean
    Whether to enable band_steering, this works only when band==both
    bandSteerForceBand5 Boolean
    Force dualBand capable client to connect to 5G
    bands List<String>
    list of radios that the wlan should apply to. enum: 24, 5, 6
    blockBlacklistClients Boolean
    Whether to block the clients in the blacklist (up to first 256 macs)
    bonjour WlanBonjour
    Service discovery gateway settings for Bonjour traffic on this WLAN
    ciscoCwa WlanCiscoCwa
    Central web authentication settings for Cisco CWA on this WLAN
    clientLimitDown String
    Downlink bandwidth limit applied per client
    clientLimitDownEnabled Boolean
    If downlink limiting per-client is enabled
    clientLimitUp String
    Uplink bandwidth limit applied per client
    clientLimitUpEnabled Boolean
    If uplink limiting per-client is enabled
    coaServers List<WlanCoaServer>
    RADIUS Change of Authorization servers available to this WLAN
    disable11ax Boolean
    Some old WLAN drivers may not be compatible
    disable11be Boolean
    To disable Wi-Fi 7 EHT IEs
    disableHtVhtRates Boolean
    To disable ht or vht rates
    disableMessageAuthenticatorCheck Boolean
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    disableUapsd Boolean
    Whether to disable U-APSD
    disableV1RoamNotify Boolean
    Disable sending v2 roam notification messages
    disableV2RoamNotify Boolean
    Disable sending v2 roam notification messages
    disableWhenGatewayUnreachable Boolean
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    disableWhenMxtunnelDown Boolean
    Whether to disable this WLAN when the configured Mist tunnel is down
    disableWmm Boolean
    Whether to disable WMM
    dnsServerRewrite WlanDnsServerRewrite
    RADIUS group based DNS server rewrite settings for this WLAN
    dtim Integer
    Delivery Traffic Indication Message interval for this WLAN
    dynamicPsk WlanDynamicPsk
    Per-user PSK selection settings for this WLAN
    dynamicVlan WlanDynamicVlan
    VLAN assignment settings for 802.1X dynamic VLANs
    enableFtm Boolean
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    enableLocalKeycaching Boolean
    Enable AP-AP keycaching via multicast
    enableWirelessBridging Boolean
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    enableWirelessBridgingDhcpTracking Boolean
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    enabled Boolean
    If this wlan is enabled
    fastDot1xTimers Boolean
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    hideSsid Boolean
    Whether to hide SSID in beacon
    hostnameIe Boolean
    Include hostname inside IE in AP beacons / probe responses
    hotspot20 WlanHotspot20
    Passpoint and Hotspot 2.0 settings for this WLAN
    injectDhcpOption82 WlanInjectDhcpOption82
    DHCP Option 82 insertion settings for this WLAN
    interface_ String
    Network interface or tunnel where this WLAN bridges client traffic
    isolation Boolean
    Whether to stop clients to talk to each other
    l2Isolation Boolean
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    legacyOverds Boolean
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    limitBcast Boolean
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    limitProbeResponse Boolean
    Limit probe response base on some heuristic rules
    maxIdletime Integer
    Max idle time in seconds
    maxNumClients Integer
    Maximum number of client connected to the SSID. 0 means unlimited
    mistNac WlanMistNac
    Juniper Mist NAC settings used by this WLAN
    mspId String
    Managed service provider identifier associated with this WLAN
    mxtunnelIds List<String>
    Mist Tunnel identifiers used when interface==mxtunnel
    mxtunnelNames List<String>
    Mist Tunnel names used when interface==siteMxedge
    noStaticDns Boolean
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    noStaticIp Boolean
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    orgId String
    Owning organization associated with this WLAN
    portal WlanPortal
    Guest portal settings for this WLAN
    portalAllowedHostnames List<String>
    Guest portal hostnames that clients may reach before authorization
    portalAllowedSubnets List<String>
    Guest portal CIDR subnets that clients may reach before authorization
    portalApiSecret String
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    portalDeniedHostnames List<String>
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    portalImage String
    Url of portal background image
    portalSsoUrl String
    URL used in the SSO process, auto-generated when auth is set to sso
    qos WlanQos
    Quality-of-service settings for WLAN client traffic
    radsec WlanRadsec
    TLS-secured RADIUS transport settings for this WLAN
    rateset Map<String,WlanRatesetArgs>
    Data rate settings by RF band for this WLAN
    reconnectClientsWhenRoamingMxcluster Boolean
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    roamMode String
    Fast roaming mode configured for this WLAN
    schedule WlanSchedule
    Operating schedule controlling when this WLAN is active
    sleExcluded Boolean
    Whether to exclude this WLAN from SLE metrics
    ssid String
    Name of the SSID
    templateId String
    Identifier of the WLAN template associated with this WLAN
    useEapolV1 Boolean
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    vlanEnabled Boolean
    If vlan tagging is enabled
    vlanId String
    Default VLAN ID, range, or variable used when vlanEnabled==true
    vlanIds List<String>
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    vlanPooling Boolean
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    wlanLimitDown String
    Downlink bandwidth limit applied to the whole WLAN
    wlanLimitDownEnabled Boolean
    If downlink limiting for whole wlan is enabled
    wlanLimitUp String
    Uplink bandwidth limit applied to the whole WLAN
    wlanLimitUpEnabled Boolean
    If uplink limiting for whole wlan is enabled
    wxtagIds List<String>
    Identifiers of WxLAN tags used when applyTo==wxtags
    wxtunnelId String
    When interface=wxtunnel, id of the WXLAN Tunnel
    wxtunnelRemoteId String
    When interface=wxtunnel, remote tunnel identifier
    acctImmediateUpdate boolean
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    acctInterimInterval number
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    acctServers WlanAcctServer[]
    RADIUS accounting servers used by this WLAN
    airwatch WlanAirwatch
    Integration settings for AirWatch device compliance on this WLAN
    allowIpv6Ndp boolean
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    allowMdns boolean
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    allowSsdp boolean
    Only applicable when limitBcast==true, which allows SSDP
    apIds string[]
    Access point identifiers used when applyTo==aps
    appLimit WlanAppLimit
    Bandwidth limits for applications on this WLAN
    appQos WlanAppQos
    QoS rules for application traffic on this WLAN
    applyTo string
    Scope that determines where this WLAN is applied
    arpFilter boolean
    Whether to enable smart arp filter
    auth WlanAuth
    Settings that control client authentication for this WLAN
    authServerSelection string
    RADIUS authentication server selection behavior for this WLAN
    authServers WlanAuthServer[]
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    authServersNasId string
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    authServersNasIp string
    Optional, NAS-IP-ADDRESS to use
    authServersRetries number
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    authServersTimeout number
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    bandSteer boolean
    Whether to enable band_steering, this works only when band==both
    bandSteerForceBand5 boolean
    Force dualBand capable client to connect to 5G
    bands string[]
    list of radios that the wlan should apply to. enum: 24, 5, 6
    blockBlacklistClients boolean
    Whether to block the clients in the blacklist (up to first 256 macs)
    bonjour WlanBonjour
    Service discovery gateway settings for Bonjour traffic on this WLAN
    ciscoCwa WlanCiscoCwa
    Central web authentication settings for Cisco CWA on this WLAN
    clientLimitDown string
    Downlink bandwidth limit applied per client
    clientLimitDownEnabled boolean
    If downlink limiting per-client is enabled
    clientLimitUp string
    Uplink bandwidth limit applied per client
    clientLimitUpEnabled boolean
    If uplink limiting per-client is enabled
    coaServers WlanCoaServer[]
    RADIUS Change of Authorization servers available to this WLAN
    disable11ax boolean
    Some old WLAN drivers may not be compatible
    disable11be boolean
    To disable Wi-Fi 7 EHT IEs
    disableHtVhtRates boolean
    To disable ht or vht rates
    disableMessageAuthenticatorCheck boolean
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    disableUapsd boolean
    Whether to disable U-APSD
    disableV1RoamNotify boolean
    Disable sending v2 roam notification messages
    disableV2RoamNotify boolean
    Disable sending v2 roam notification messages
    disableWhenGatewayUnreachable boolean
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    disableWhenMxtunnelDown boolean
    Whether to disable this WLAN when the configured Mist tunnel is down
    disableWmm boolean
    Whether to disable WMM
    dnsServerRewrite WlanDnsServerRewrite
    RADIUS group based DNS server rewrite settings for this WLAN
    dtim number
    Delivery Traffic Indication Message interval for this WLAN
    dynamicPsk WlanDynamicPsk
    Per-user PSK selection settings for this WLAN
    dynamicVlan WlanDynamicVlan
    VLAN assignment settings for 802.1X dynamic VLANs
    enableFtm boolean
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    enableLocalKeycaching boolean
    Enable AP-AP keycaching via multicast
    enableWirelessBridging boolean
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    enableWirelessBridgingDhcpTracking boolean
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    enabled boolean
    If this wlan is enabled
    fastDot1xTimers boolean
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    hideSsid boolean
    Whether to hide SSID in beacon
    hostnameIe boolean
    Include hostname inside IE in AP beacons / probe responses
    hotspot20 WlanHotspot20
    Passpoint and Hotspot 2.0 settings for this WLAN
    injectDhcpOption82 WlanInjectDhcpOption82
    DHCP Option 82 insertion settings for this WLAN
    interface string
    Network interface or tunnel where this WLAN bridges client traffic
    isolation boolean
    Whether to stop clients to talk to each other
    l2Isolation boolean
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    legacyOverds boolean
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    limitBcast boolean
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    limitProbeResponse boolean
    Limit probe response base on some heuristic rules
    maxIdletime number
    Max idle time in seconds
    maxNumClients number
    Maximum number of client connected to the SSID. 0 means unlimited
    mistNac WlanMistNac
    Juniper Mist NAC settings used by this WLAN
    mspId string
    Managed service provider identifier associated with this WLAN
    mxtunnelIds string[]
    Mist Tunnel identifiers used when interface==mxtunnel
    mxtunnelNames string[]
    Mist Tunnel names used when interface==siteMxedge
    noStaticDns boolean
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    noStaticIp boolean
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    orgId string
    Owning organization associated with this WLAN
    portal WlanPortal
    Guest portal settings for this WLAN
    portalAllowedHostnames string[]
    Guest portal hostnames that clients may reach before authorization
    portalAllowedSubnets string[]
    Guest portal CIDR subnets that clients may reach before authorization
    portalApiSecret string
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    portalDeniedHostnames string[]
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    portalImage string
    Url of portal background image
    portalSsoUrl string
    URL used in the SSO process, auto-generated when auth is set to sso
    qos WlanQos
    Quality-of-service settings for WLAN client traffic
    radsec WlanRadsec
    TLS-secured RADIUS transport settings for this WLAN
    rateset {[key: string]: WlanRatesetArgs}
    Data rate settings by RF band for this WLAN
    reconnectClientsWhenRoamingMxcluster boolean
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    roamMode string
    Fast roaming mode configured for this WLAN
    schedule WlanSchedule
    Operating schedule controlling when this WLAN is active
    sleExcluded boolean
    Whether to exclude this WLAN from SLE metrics
    ssid string
    Name of the SSID
    templateId string
    Identifier of the WLAN template associated with this WLAN
    useEapolV1 boolean
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    vlanEnabled boolean
    If vlan tagging is enabled
    vlanId string
    Default VLAN ID, range, or variable used when vlanEnabled==true
    vlanIds string[]
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    vlanPooling boolean
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    wlanLimitDown string
    Downlink bandwidth limit applied to the whole WLAN
    wlanLimitDownEnabled boolean
    If downlink limiting for whole wlan is enabled
    wlanLimitUp string
    Uplink bandwidth limit applied to the whole WLAN
    wlanLimitUpEnabled boolean
    If uplink limiting for whole wlan is enabled
    wxtagIds string[]
    Identifiers of WxLAN tags used when applyTo==wxtags
    wxtunnelId string
    When interface=wxtunnel, id of the WXLAN Tunnel
    wxtunnelRemoteId string
    When interface=wxtunnel, remote tunnel identifier
    acct_immediate_update bool
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    acct_interim_interval int
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    acct_servers Sequence[WlanAcctServerArgs]
    RADIUS accounting servers used by this WLAN
    airwatch WlanAirwatchArgs
    Integration settings for AirWatch device compliance on this WLAN
    allow_ipv6_ndp bool
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    allow_mdns bool
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    allow_ssdp bool
    Only applicable when limitBcast==true, which allows SSDP
    ap_ids Sequence[str]
    Access point identifiers used when applyTo==aps
    app_limit WlanAppLimitArgs
    Bandwidth limits for applications on this WLAN
    app_qos WlanAppQosArgs
    QoS rules for application traffic on this WLAN
    apply_to str
    Scope that determines where this WLAN is applied
    arp_filter bool
    Whether to enable smart arp filter
    auth WlanAuthArgs
    Settings that control client authentication for this WLAN
    auth_server_selection str
    RADIUS authentication server selection behavior for this WLAN
    auth_servers Sequence[WlanAuthServerArgs]
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    auth_servers_nas_id str
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    auth_servers_nas_ip str
    Optional, NAS-IP-ADDRESS to use
    auth_servers_retries int
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    auth_servers_timeout int
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    band_steer bool
    Whether to enable band_steering, this works only when band==both
    band_steer_force_band5 bool
    Force dualBand capable client to connect to 5G
    bands Sequence[str]
    list of radios that the wlan should apply to. enum: 24, 5, 6
    block_blacklist_clients bool
    Whether to block the clients in the blacklist (up to first 256 macs)
    bonjour WlanBonjourArgs
    Service discovery gateway settings for Bonjour traffic on this WLAN
    cisco_cwa WlanCiscoCwaArgs
    Central web authentication settings for Cisco CWA on this WLAN
    client_limit_down str
    Downlink bandwidth limit applied per client
    client_limit_down_enabled bool
    If downlink limiting per-client is enabled
    client_limit_up str
    Uplink bandwidth limit applied per client
    client_limit_up_enabled bool
    If uplink limiting per-client is enabled
    coa_servers Sequence[WlanCoaServerArgs]
    RADIUS Change of Authorization servers available to this WLAN
    disable11ax bool
    Some old WLAN drivers may not be compatible
    disable11be bool
    To disable Wi-Fi 7 EHT IEs
    disable_ht_vht_rates bool
    To disable ht or vht rates
    disable_message_authenticator_check bool
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    disable_uapsd bool
    Whether to disable U-APSD
    disable_v1_roam_notify bool
    Disable sending v2 roam notification messages
    disable_v2_roam_notify bool
    Disable sending v2 roam notification messages
    disable_when_gateway_unreachable bool
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    disable_when_mxtunnel_down bool
    Whether to disable this WLAN when the configured Mist tunnel is down
    disable_wmm bool
    Whether to disable WMM
    dns_server_rewrite WlanDnsServerRewriteArgs
    RADIUS group based DNS server rewrite settings for this WLAN
    dtim int
    Delivery Traffic Indication Message interval for this WLAN
    dynamic_psk WlanDynamicPskArgs
    Per-user PSK selection settings for this WLAN
    dynamic_vlan WlanDynamicVlanArgs
    VLAN assignment settings for 802.1X dynamic VLANs
    enable_ftm bool
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    enable_local_keycaching bool
    Enable AP-AP keycaching via multicast
    enable_wireless_bridging bool
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    enable_wireless_bridging_dhcp_tracking bool
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    enabled bool
    If this wlan is enabled
    fast_dot1x_timers bool
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    hide_ssid bool
    Whether to hide SSID in beacon
    hostname_ie bool
    Include hostname inside IE in AP beacons / probe responses
    hotspot20 WlanHotspot20Args
    Passpoint and Hotspot 2.0 settings for this WLAN
    inject_dhcp_option82 WlanInjectDhcpOption82Args
    DHCP Option 82 insertion settings for this WLAN
    interface str
    Network interface or tunnel where this WLAN bridges client traffic
    isolation bool
    Whether to stop clients to talk to each other
    l2_isolation bool
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    legacy_overds bool
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    limit_bcast bool
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    limit_probe_response bool
    Limit probe response base on some heuristic rules
    max_idletime int
    Max idle time in seconds
    max_num_clients int
    Maximum number of client connected to the SSID. 0 means unlimited
    mist_nac WlanMistNacArgs
    Juniper Mist NAC settings used by this WLAN
    msp_id str
    Managed service provider identifier associated with this WLAN
    mxtunnel_ids Sequence[str]
    Mist Tunnel identifiers used when interface==mxtunnel
    mxtunnel_names Sequence[str]
    Mist Tunnel names used when interface==siteMxedge
    no_static_dns bool
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    no_static_ip bool
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    org_id str
    Owning organization associated with this WLAN
    portal WlanPortalArgs
    Guest portal settings for this WLAN
    portal_allowed_hostnames Sequence[str]
    Guest portal hostnames that clients may reach before authorization
    portal_allowed_subnets Sequence[str]
    Guest portal CIDR subnets that clients may reach before authorization
    portal_api_secret str
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    portal_denied_hostnames Sequence[str]
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    portal_image str
    Url of portal background image
    portal_sso_url str
    URL used in the SSO process, auto-generated when auth is set to sso
    qos WlanQosArgs
    Quality-of-service settings for WLAN client traffic
    radsec WlanRadsecArgs
    TLS-secured RADIUS transport settings for this WLAN
    rateset Mapping[str, WlanRatesetArgs]
    Data rate settings by RF band for this WLAN
    reconnect_clients_when_roaming_mxcluster bool
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    roam_mode str
    Fast roaming mode configured for this WLAN
    schedule WlanScheduleArgs
    Operating schedule controlling when this WLAN is active
    sle_excluded bool
    Whether to exclude this WLAN from SLE metrics
    ssid str
    Name of the SSID
    template_id str
    Identifier of the WLAN template associated with this WLAN
    use_eapol_v1 bool
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    vlan_enabled bool
    If vlan tagging is enabled
    vlan_id str
    Default VLAN ID, range, or variable used when vlanEnabled==true
    vlan_ids Sequence[str]
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    vlan_pooling bool
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    wlan_limit_down str
    Downlink bandwidth limit applied to the whole WLAN
    wlan_limit_down_enabled bool
    If downlink limiting for whole wlan is enabled
    wlan_limit_up str
    Uplink bandwidth limit applied to the whole WLAN
    wlan_limit_up_enabled bool
    If uplink limiting for whole wlan is enabled
    wxtag_ids Sequence[str]
    Identifiers of WxLAN tags used when applyTo==wxtags
    wxtunnel_id str
    When interface=wxtunnel, id of the WXLAN Tunnel
    wxtunnel_remote_id str
    When interface=wxtunnel, remote tunnel identifier
    acctImmediateUpdate Boolean
    Enable coa-immediate-update and address-change-immediate-update on the access profile.
    acctInterimInterval Number
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
    acctServers List<Property Map>
    RADIUS accounting servers used by this WLAN
    airwatch Property Map
    Integration settings for AirWatch device compliance on this WLAN
    allowIpv6Ndp Boolean
    Only applicable when limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
    allowMdns Boolean
    Only applicable when limitBcast==true, which allows mDNS / Bonjour packets to go through
    allowSsdp Boolean
    Only applicable when limitBcast==true, which allows SSDP
    apIds List<String>
    Access point identifiers used when applyTo==aps
    appLimit Property Map
    Bandwidth limits for applications on this WLAN
    appQos Property Map
    QoS rules for application traffic on this WLAN
    applyTo String
    Scope that determines where this WLAN is applied
    arpFilter Boolean
    Whether to enable smart arp filter
    auth Property Map
    Settings that control client authentication for this WLAN
    authServerSelection String
    RADIUS authentication server selection behavior for this WLAN
    authServers List<Property Map>
    RADIUS authentication servers used by this WLAN. Required when auth.type==eap
    authServersNasId String
    Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
    authServersNasIp String
    Optional, NAS-IP-ADDRESS to use
    authServersRetries Number
    RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
    authServersTimeout Number
    RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
    bandSteer Boolean
    Whether to enable band_steering, this works only when band==both
    bandSteerForceBand5 Boolean
    Force dualBand capable client to connect to 5G
    bands List<String>
    list of radios that the wlan should apply to. enum: 24, 5, 6
    blockBlacklistClients Boolean
    Whether to block the clients in the blacklist (up to first 256 macs)
    bonjour Property Map
    Service discovery gateway settings for Bonjour traffic on this WLAN
    ciscoCwa Property Map
    Central web authentication settings for Cisco CWA on this WLAN
    clientLimitDown String
    Downlink bandwidth limit applied per client
    clientLimitDownEnabled Boolean
    If downlink limiting per-client is enabled
    clientLimitUp String
    Uplink bandwidth limit applied per client
    clientLimitUpEnabled Boolean
    If uplink limiting per-client is enabled
    coaServers List<Property Map>
    RADIUS Change of Authorization servers available to this WLAN
    disable11ax Boolean
    Some old WLAN drivers may not be compatible
    disable11be Boolean
    To disable Wi-Fi 7 EHT IEs
    disableHtVhtRates Boolean
    To disable ht or vht rates
    disableMessageAuthenticatorCheck Boolean
    whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
    disableUapsd Boolean
    Whether to disable U-APSD
    disableV1RoamNotify Boolean
    Disable sending v2 roam notification messages
    disableV2RoamNotify Boolean
    Disable sending v2 roam notification messages
    disableWhenGatewayUnreachable Boolean
    When any of the following is true, this WLAN will be disabled

    • cannot get IP
    • cannot obtain default gateway
    • cannot reach default gateway
    disableWhenMxtunnelDown Boolean
    Whether to disable this WLAN when the configured Mist tunnel is down
    disableWmm Boolean
    Whether to disable WMM
    dnsServerRewrite Property Map
    RADIUS group based DNS server rewrite settings for this WLAN
    dtim Number
    Delivery Traffic Indication Message interval for this WLAN
    dynamicPsk Property Map
    Per-user PSK selection settings for this WLAN
    dynamicVlan Property Map
    VLAN assignment settings for 802.1X dynamic VLANs
    enableFtm Boolean
    Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
    enableLocalKeycaching Boolean
    Enable AP-AP keycaching via multicast
    enableWirelessBridging Boolean
    By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
    enableWirelessBridgingDhcpTracking Boolean
    If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
    enabled Boolean
    If this wlan is enabled
    fastDot1xTimers Boolean
    If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
    hideSsid Boolean
    Whether to hide SSID in beacon
    hostnameIe Boolean
    Include hostname inside IE in AP beacons / probe responses
    hotspot20 Property Map
    Passpoint and Hotspot 2.0 settings for this WLAN
    injectDhcpOption82 Property Map
    DHCP Option 82 insertion settings for this WLAN
    interface String
    Network interface or tunnel where this WLAN bridges client traffic
    isolation Boolean
    Whether to stop clients to talk to each other
    l2Isolation Boolean
    If isolation is enabled, whether to deny clients to talk to L2 on the LAN
    legacyOverds Boolean
    Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
    limitBcast Boolean
    Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
    limitProbeResponse Boolean
    Limit probe response base on some heuristic rules
    maxIdletime Number
    Max idle time in seconds
    maxNumClients Number
    Maximum number of client connected to the SSID. 0 means unlimited
    mistNac Property Map
    Juniper Mist NAC settings used by this WLAN
    mspId String
    Managed service provider identifier associated with this WLAN
    mxtunnelIds List<String>
    Mist Tunnel identifiers used when interface==mxtunnel
    mxtunnelNames List<String>
    Mist Tunnel names used when interface==siteMxedge
    noStaticDns Boolean
    Whether to only allow client to use DNS that we’ve learned from DHCP response
    noStaticIp Boolean
    Whether to only allow client that we’ve learned from DHCP exchange to talk
    orgId String
    Owning organization associated with this WLAN
    portal Property Map
    Guest portal settings for this WLAN
    portalAllowedHostnames List<String>
    Guest portal hostnames that clients may reach before authorization
    portalAllowedSubnets List<String>
    Guest portal CIDR subnets that clients may reach before authorization
    portalApiSecret String
    API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to external
    portalDeniedHostnames List<String>
    Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
    portalImage String
    Url of portal background image
    portalSsoUrl String
    URL used in the SSO process, auto-generated when auth is set to sso
    qos Property Map
    Quality-of-service settings for WLAN client traffic
    radsec Property Map
    TLS-secured RADIUS transport settings for this WLAN
    rateset Map<Property Map>
    Data rate settings by RF band for this WLAN
    reconnectClientsWhenRoamingMxcluster Boolean
    When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
    roamMode String
    Fast roaming mode configured for this WLAN
    schedule Property Map
    Operating schedule controlling when this WLAN is active
    sleExcluded Boolean
    Whether to exclude this WLAN from SLE metrics
    ssid String
    Name of the SSID
    templateId String
    Identifier of the WLAN template associated with this WLAN
    useEapolV1 Boolean
    If auth.type==eap or auth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
    vlanEnabled Boolean
    If vlan tagging is enabled
    vlanId String
    Default VLAN ID, range, or variable used when vlanEnabled==true
    vlanIds List<String>
    Pool of VLAN IDs used when vlanEnabled==true and vlanPooling==true
    vlanPooling Boolean
    Requires vlanEnabled==true to be set to true. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
    wlanLimitDown String
    Downlink bandwidth limit applied to the whole WLAN
    wlanLimitDownEnabled Boolean
    If downlink limiting for whole wlan is enabled
    wlanLimitUp String
    Uplink bandwidth limit applied to the whole WLAN
    wlanLimitUpEnabled Boolean
    If uplink limiting for whole wlan is enabled
    wxtagIds List<String>
    Identifiers of WxLAN tags used when applyTo==wxtags
    wxtunnelId String
    When interface=wxtunnel, id of the WXLAN Tunnel
    wxtunnelRemoteId String
    When interface=wxtunnel, remote tunnel identifier

    Supporting Types

    WlanAcctServer, WlanAcctServerArgs

    Host string
    Address or hostname of the RADIUS accounting server
    Secret string
    Shared secret used with this RADIUS accounting server
    KeywrapEnabled bool
    Whether RADIUS keywrap is enabled for messages sent to this accounting server
    KeywrapFormat string
    Encoding format for RADIUS keywrap KEK and MACK values
    KeywrapKek string
    RADIUS keywrap key encryption key (KEK)
    KeywrapMack string
    RADIUS keywrap message authentication code key (MACK)
    Port string
    UDP port used by the RADIUS accounting server
    Host string
    Address or hostname of the RADIUS accounting server
    Secret string
    Shared secret used with this RADIUS accounting server
    KeywrapEnabled bool
    Whether RADIUS keywrap is enabled for messages sent to this accounting server
    KeywrapFormat string
    Encoding format for RADIUS keywrap KEK and MACK values
    KeywrapKek string
    RADIUS keywrap key encryption key (KEK)
    KeywrapMack string
    RADIUS keywrap message authentication code key (MACK)
    Port string
    UDP port used by the RADIUS accounting server
    host string
    Address or hostname of the RADIUS accounting server
    secret string
    Shared secret used with this RADIUS accounting server
    keywrap_enabled bool
    Whether RADIUS keywrap is enabled for messages sent to this accounting server
    keywrap_format string
    Encoding format for RADIUS keywrap KEK and MACK values
    keywrap_kek string
    RADIUS keywrap key encryption key (KEK)
    keywrap_mack string
    RADIUS keywrap message authentication code key (MACK)
    port string
    UDP port used by the RADIUS accounting server
    host String
    Address or hostname of the RADIUS accounting server
    secret String
    Shared secret used with this RADIUS accounting server
    keywrapEnabled Boolean
    Whether RADIUS keywrap is enabled for messages sent to this accounting server
    keywrapFormat String
    Encoding format for RADIUS keywrap KEK and MACK values
    keywrapKek String
    RADIUS keywrap key encryption key (KEK)
    keywrapMack String
    RADIUS keywrap message authentication code key (MACK)
    port String
    UDP port used by the RADIUS accounting server
    host string
    Address or hostname of the RADIUS accounting server
    secret string
    Shared secret used with this RADIUS accounting server
    keywrapEnabled boolean
    Whether RADIUS keywrap is enabled for messages sent to this accounting server
    keywrapFormat string
    Encoding format for RADIUS keywrap KEK and MACK values
    keywrapKek string
    RADIUS keywrap key encryption key (KEK)
    keywrapMack string
    RADIUS keywrap message authentication code key (MACK)
    port string
    UDP port used by the RADIUS accounting server
    host str
    Address or hostname of the RADIUS accounting server
    secret str
    Shared secret used with this RADIUS accounting server
    keywrap_enabled bool
    Whether RADIUS keywrap is enabled for messages sent to this accounting server
    keywrap_format str
    Encoding format for RADIUS keywrap KEK and MACK values
    keywrap_kek str
    RADIUS keywrap key encryption key (KEK)
    keywrap_mack str
    RADIUS keywrap message authentication code key (MACK)
    port str
    UDP port used by the RADIUS accounting server
    host String
    Address or hostname of the RADIUS accounting server
    secret String
    Shared secret used with this RADIUS accounting server
    keywrapEnabled Boolean
    Whether RADIUS keywrap is enabled for messages sent to this accounting server
    keywrapFormat String
    Encoding format for RADIUS keywrap KEK and MACK values
    keywrapKek String
    RADIUS keywrap key encryption key (KEK)
    keywrapMack String
    RADIUS keywrap message authentication code key (MACK)
    port String
    UDP port used by the RADIUS accounting server

    WlanAirwatch, WlanAirwatchArgs

    ApiKey string
    API key used to authenticate to the AirWatch service
    ConsoleUrl string
    Base console URL of the AirWatch deployment
    Enabled bool
    Whether AirWatch integration is enabled for the WLAN
    Password string
    AirWatch integration account password for this WLAN
    Username string
    AirWatch integration account username for this WLAN
    ApiKey string
    API key used to authenticate to the AirWatch service
    ConsoleUrl string
    Base console URL of the AirWatch deployment
    Enabled bool
    Whether AirWatch integration is enabled for the WLAN
    Password string
    AirWatch integration account password for this WLAN
    Username string
    AirWatch integration account username for this WLAN
    api_key string
    API key used to authenticate to the AirWatch service
    console_url string
    Base console URL of the AirWatch deployment
    enabled bool
    Whether AirWatch integration is enabled for the WLAN
    password string
    AirWatch integration account password for this WLAN
    username string
    AirWatch integration account username for this WLAN
    apiKey String
    API key used to authenticate to the AirWatch service
    consoleUrl String
    Base console URL of the AirWatch deployment
    enabled Boolean
    Whether AirWatch integration is enabled for the WLAN
    password String
    AirWatch integration account password for this WLAN
    username String
    AirWatch integration account username for this WLAN
    apiKey string
    API key used to authenticate to the AirWatch service
    consoleUrl string
    Base console URL of the AirWatch deployment
    enabled boolean
    Whether AirWatch integration is enabled for the WLAN
    password string
    AirWatch integration account password for this WLAN
    username string
    AirWatch integration account username for this WLAN
    api_key str
    API key used to authenticate to the AirWatch service
    console_url str
    Base console URL of the AirWatch deployment
    enabled bool
    Whether AirWatch integration is enabled for the WLAN
    password str
    AirWatch integration account password for this WLAN
    username str
    AirWatch integration account username for this WLAN
    apiKey String
    API key used to authenticate to the AirWatch service
    consoleUrl String
    Base console URL of the AirWatch deployment
    enabled Boolean
    Whether AirWatch integration is enabled for the WLAN
    password String
    AirWatch integration account password for this WLAN
    username String
    AirWatch integration account username for this WLAN

    WlanAppLimit, WlanAppLimitArgs

    Apps Dictionary<string, int>
    Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
    Enabled bool
    Whether application bandwidth limits are enabled for this WLAN
    WxtagIds Dictionary<string, int>
    Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the wxtagId
    Apps map[string]int
    Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
    Enabled bool
    Whether application bandwidth limits are enabled for this WLAN
    WxtagIds map[string]int
    Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the wxtagId
    apps map(number)
    Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
    enabled bool
    Whether application bandwidth limits are enabled for this WLAN
    wxtag_ids map(number)
    Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the wxtagId
    apps Map<String,Integer>
    Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
    enabled Boolean
    Whether application bandwidth limits are enabled for this WLAN
    wxtagIds Map<String,Integer>
    Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the wxtagId
    apps {[key: string]: number}
    Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
    enabled boolean
    Whether application bandwidth limits are enabled for this WLAN
    wxtagIds {[key: string]: number}
    Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the wxtagId
    apps Mapping[str, int]
    Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
    enabled bool
    Whether application bandwidth limits are enabled for this WLAN
    wxtag_ids Mapping[str, int]
    Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the wxtagId
    apps Map<Number>
    Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
    enabled Boolean
    Whether application bandwidth limits are enabled for this WLAN
    wxtagIds Map<Number>
    Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the wxtagId

    WlanAppQos, WlanAppQosArgs

    Apps Dictionary<string, Pulumi.JuniperMist.Org.Inputs.WlanAppQosApps>
    Map of application keys to QoS rewrite settings
    Enabled bool
    Whether application QoS rewrite rules are enabled for this WLAN
    Others List<Pulumi.JuniperMist.Org.Inputs.WlanAppQosOther>
    Custom traffic QoS rules that are not tied to named applications
    Apps map[string]WlanAppQosApps
    Map of application keys to QoS rewrite settings
    Enabled bool
    Whether application QoS rewrite rules are enabled for this WLAN
    Others []WlanAppQosOther
    Custom traffic QoS rules that are not tied to named applications
    apps map(object)
    Map of application keys to QoS rewrite settings
    enabled bool
    Whether application QoS rewrite rules are enabled for this WLAN
    others list(object)
    Custom traffic QoS rules that are not tied to named applications
    apps Map<String,WlanAppQosApps>
    Map of application keys to QoS rewrite settings
    enabled Boolean
    Whether application QoS rewrite rules are enabled for this WLAN
    others List<WlanAppQosOther>
    Custom traffic QoS rules that are not tied to named applications
    apps {[key: string]: WlanAppQosApps}
    Map of application keys to QoS rewrite settings
    enabled boolean
    Whether application QoS rewrite rules are enabled for this WLAN
    others WlanAppQosOther[]
    Custom traffic QoS rules that are not tied to named applications
    apps Mapping[str, WlanAppQosApps]
    Map of application keys to QoS rewrite settings
    enabled bool
    Whether application QoS rewrite rules are enabled for this WLAN
    others Sequence[WlanAppQosOther]
    Custom traffic QoS rules that are not tied to named applications
    apps Map<Property Map>
    Map of application keys to QoS rewrite settings
    enabled Boolean
    Whether application QoS rewrite rules are enabled for this WLAN
    others List<Property Map>
    Custom traffic QoS rules that are not tied to named applications

    WlanAppQosApps, WlanAppQosAppsArgs

    Dscp string
    DSCP value range between 0 and 63
    DstSubnet string
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    SrcSubnet string
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    Dscp string
    DSCP value range between 0 and 63
    DstSubnet string
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    SrcSubnet string
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    dscp string
    DSCP value range between 0 and 63
    dst_subnet string
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    src_subnet string
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    dscp String
    DSCP value range between 0 and 63
    dstSubnet String
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    srcSubnet String
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    dscp string
    DSCP value range between 0 and 63
    dstSubnet string
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    srcSubnet string
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    dscp str
    DSCP value range between 0 and 63
    dst_subnet str
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    src_subnet str
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    dscp String
    DSCP value range between 0 and 63
    dstSubnet String
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
    srcSubnet String
    Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)

    WlanAppQosOther, WlanAppQosOtherArgs

    Dscp string
    Differentiated Services Code Point value applied to matching traffic
    DstSubnet string
    Destination subnet filter for this custom QoS rule
    PortRanges string
    TCP or UDP port ranges matched by this custom QoS rule
    Protocol string
    IP protocol matched by this custom QoS rule
    SrcSubnet string
    Source subnet filter for this custom QoS rule
    Dscp string
    Differentiated Services Code Point value applied to matching traffic
    DstSubnet string
    Destination subnet filter for this custom QoS rule
    PortRanges string
    TCP or UDP port ranges matched by this custom QoS rule
    Protocol string
    IP protocol matched by this custom QoS rule
    SrcSubnet string
    Source subnet filter for this custom QoS rule
    dscp string
    Differentiated Services Code Point value applied to matching traffic
    dst_subnet string
    Destination subnet filter for this custom QoS rule
    port_ranges string
    TCP or UDP port ranges matched by this custom QoS rule
    protocol string
    IP protocol matched by this custom QoS rule
    src_subnet string
    Source subnet filter for this custom QoS rule
    dscp String
    Differentiated Services Code Point value applied to matching traffic
    dstSubnet String
    Destination subnet filter for this custom QoS rule
    portRanges String
    TCP or UDP port ranges matched by this custom QoS rule
    protocol String
    IP protocol matched by this custom QoS rule
    srcSubnet String
    Source subnet filter for this custom QoS rule
    dscp string
    Differentiated Services Code Point value applied to matching traffic
    dstSubnet string
    Destination subnet filter for this custom QoS rule
    portRanges string
    TCP or UDP port ranges matched by this custom QoS rule
    protocol string
    IP protocol matched by this custom QoS rule
    srcSubnet string
    Source subnet filter for this custom QoS rule
    dscp str
    Differentiated Services Code Point value applied to matching traffic
    dst_subnet str
    Destination subnet filter for this custom QoS rule
    port_ranges str
    TCP or UDP port ranges matched by this custom QoS rule
    protocol str
    IP protocol matched by this custom QoS rule
    src_subnet str
    Source subnet filter for this custom QoS rule
    dscp String
    Differentiated Services Code Point value applied to matching traffic
    dstSubnet String
    Destination subnet filter for this custom QoS rule
    portRanges String
    TCP or UDP port ranges matched by this custom QoS rule
    protocol String
    IP protocol matched by this custom QoS rule
    srcSubnet String
    Source subnet filter for this custom QoS rule

    WlanAuth, WlanAuthArgs

    AnticlogThreshold int
    SAE anti-clogging token threshold
    EapReauth bool
    Whether to trigger EAP reauth when the session ends
    EnableBeaconProtection bool
    Enable Beacon Protection; default is false for better compatibility
    EnableGcmp256 bool
    Enable GCMP-256 encryption suite; default is false for better compatibility
    EnableMacAuth bool
    Whether to enable MAC Auth, uses the same auth_servers
    KeyIdx int
    When type==wep, index of the WEP key used as the default transmit key
    Keys List<string>
    When type==wep, WEP keys configured for this WLAN
    MultiPskOnly bool
    When type==psk, whether to only use multi_psk
    Owe string
    When type==open, Opportunistic Wireless Encryption mode for this WLAN
    Pairwises List<string>
    When type==psk or type==eap, pairwise cipher suites allowed for this WLAN
    PrivateWlan bool
    When multiPskOnly==true, whether private wlan is enabled
    Psk string
    When type==psk, 8-64 characters, or 64 hex characters
    Type string
    Authentication mode used by this WLAN
    WepAsSecondaryAuth bool
    Enable WEP as secondary auth
    AnticlogThreshold int
    SAE anti-clogging token threshold
    EapReauth bool
    Whether to trigger EAP reauth when the session ends
    EnableBeaconProtection bool
    Enable Beacon Protection; default is false for better compatibility
    EnableGcmp256 bool
    Enable GCMP-256 encryption suite; default is false for better compatibility
    EnableMacAuth bool
    Whether to enable MAC Auth, uses the same auth_servers
    KeyIdx int
    When type==wep, index of the WEP key used as the default transmit key
    Keys []string
    When type==wep, WEP keys configured for this WLAN
    MultiPskOnly bool
    When type==psk, whether to only use multi_psk
    Owe string
    When type==open, Opportunistic Wireless Encryption mode for this WLAN
    Pairwises []string
    When type==psk or type==eap, pairwise cipher suites allowed for this WLAN
    PrivateWlan bool
    When multiPskOnly==true, whether private wlan is enabled
    Psk string
    When type==psk, 8-64 characters, or 64 hex characters
    Type string
    Authentication mode used by this WLAN
    WepAsSecondaryAuth bool
    Enable WEP as secondary auth
    anticlog_threshold number
    SAE anti-clogging token threshold
    eap_reauth bool
    Whether to trigger EAP reauth when the session ends
    enable_beacon_protection bool
    Enable Beacon Protection; default is false for better compatibility
    enable_gcmp256 bool
    Enable GCMP-256 encryption suite; default is false for better compatibility
    enable_mac_auth bool
    Whether to enable MAC Auth, uses the same auth_servers
    key_idx number
    When type==wep, index of the WEP key used as the default transmit key
    keys list(string)
    When type==wep, WEP keys configured for this WLAN
    multi_psk_only bool
    When type==psk, whether to only use multi_psk
    owe string
    When type==open, Opportunistic Wireless Encryption mode for this WLAN
    pairwises list(string)
    When type==psk or type==eap, pairwise cipher suites allowed for this WLAN
    private_wlan bool
    When multiPskOnly==true, whether private wlan is enabled
    psk string
    When type==psk, 8-64 characters, or 64 hex characters
    type string
    Authentication mode used by this WLAN
    wep_as_secondary_auth bool
    Enable WEP as secondary auth
    anticlogThreshold Integer
    SAE anti-clogging token threshold
    eapReauth Boolean
    Whether to trigger EAP reauth when the session ends
    enableBeaconProtection Boolean
    Enable Beacon Protection; default is false for better compatibility
    enableGcmp256 Boolean
    Enable GCMP-256 encryption suite; default is false for better compatibility
    enableMacAuth Boolean
    Whether to enable MAC Auth, uses the same auth_servers
    keyIdx Integer
    When type==wep, index of the WEP key used as the default transmit key
    keys List<String>
    When type==wep, WEP keys configured for this WLAN
    multiPskOnly Boolean
    When type==psk, whether to only use multi_psk
    owe String
    When type==open, Opportunistic Wireless Encryption mode for this WLAN
    pairwises List<String>
    When type==psk or type==eap, pairwise cipher suites allowed for this WLAN
    privateWlan Boolean
    When multiPskOnly==true, whether private wlan is enabled
    psk String
    When type==psk, 8-64 characters, or 64 hex characters
    type String
    Authentication mode used by this WLAN
    wepAsSecondaryAuth Boolean
    Enable WEP as secondary auth
    anticlogThreshold number
    SAE anti-clogging token threshold
    eapReauth boolean
    Whether to trigger EAP reauth when the session ends
    enableBeaconProtection boolean
    Enable Beacon Protection; default is false for better compatibility
    enableGcmp256 boolean
    Enable GCMP-256 encryption suite; default is false for better compatibility
    enableMacAuth boolean
    Whether to enable MAC Auth, uses the same auth_servers
    keyIdx number
    When type==wep, index of the WEP key used as the default transmit key
    keys string[]
    When type==wep, WEP keys configured for this WLAN
    multiPskOnly boolean
    When type==psk, whether to only use multi_psk
    owe string
    When type==open, Opportunistic Wireless Encryption mode for this WLAN
    pairwises string[]
    When type==psk or type==eap, pairwise cipher suites allowed for this WLAN
    privateWlan boolean
    When multiPskOnly==true, whether private wlan is enabled
    psk string
    When type==psk, 8-64 characters, or 64 hex characters
    type string
    Authentication mode used by this WLAN
    wepAsSecondaryAuth boolean
    Enable WEP as secondary auth
    anticlog_threshold int
    SAE anti-clogging token threshold
    eap_reauth bool
    Whether to trigger EAP reauth when the session ends
    enable_beacon_protection bool
    Enable Beacon Protection; default is false for better compatibility
    enable_gcmp256 bool
    Enable GCMP-256 encryption suite; default is false for better compatibility
    enable_mac_auth bool
    Whether to enable MAC Auth, uses the same auth_servers
    key_idx int
    When type==wep, index of the WEP key used as the default transmit key
    keys Sequence[str]
    When type==wep, WEP keys configured for this WLAN
    multi_psk_only bool
    When type==psk, whether to only use multi_psk
    owe str
    When type==open, Opportunistic Wireless Encryption mode for this WLAN
    pairwises Sequence[str]
    When type==psk or type==eap, pairwise cipher suites allowed for this WLAN
    private_wlan bool
    When multiPskOnly==true, whether private wlan is enabled
    psk str
    When type==psk, 8-64 characters, or 64 hex characters
    type str
    Authentication mode used by this WLAN
    wep_as_secondary_auth bool
    Enable WEP as secondary auth
    anticlogThreshold Number
    SAE anti-clogging token threshold
    eapReauth Boolean
    Whether to trigger EAP reauth when the session ends
    enableBeaconProtection Boolean
    Enable Beacon Protection; default is false for better compatibility
    enableGcmp256 Boolean
    Enable GCMP-256 encryption suite; default is false for better compatibility
    enableMacAuth Boolean
    Whether to enable MAC Auth, uses the same auth_servers
    keyIdx Number
    When type==wep, index of the WEP key used as the default transmit key
    keys List<String>
    When type==wep, WEP keys configured for this WLAN
    multiPskOnly Boolean
    When type==psk, whether to only use multi_psk
    owe String
    When type==open, Opportunistic Wireless Encryption mode for this WLAN
    pairwises List<String>
    When type==psk or type==eap, pairwise cipher suites allowed for this WLAN
    privateWlan Boolean
    When multiPskOnly==true, whether private wlan is enabled
    psk String
    When type==psk, 8-64 characters, or 64 hex characters
    type String
    Authentication mode used by this WLAN
    wepAsSecondaryAuth Boolean
    Enable WEP as secondary auth

    WlanAuthServer, WlanAuthServerArgs

    Host string
    Address or hostname of the RADIUS authentication server
    Secret string
    Shared secret used with this RADIUS authentication server
    KeywrapEnabled bool
    Whether RADIUS keywrap is enabled for messages sent to this authentication server
    KeywrapFormat string
    Encoding format for RADIUS keywrap KEK and MACK values
    KeywrapKek string
    RADIUS keywrap key encryption key (KEK)
    KeywrapMack string
    RADIUS keywrap message authentication code key (MACK)
    Port string
    UDP port used by the RADIUS authentication server
    RequireMessageAuthenticator bool
    Whether to require Message-Authenticator in requests
    Host string
    Address or hostname of the RADIUS authentication server
    Secret string
    Shared secret used with this RADIUS authentication server
    KeywrapEnabled bool
    Whether RADIUS keywrap is enabled for messages sent to this authentication server
    KeywrapFormat string
    Encoding format for RADIUS keywrap KEK and MACK values
    KeywrapKek string
    RADIUS keywrap key encryption key (KEK)
    KeywrapMack string
    RADIUS keywrap message authentication code key (MACK)
    Port string
    UDP port used by the RADIUS authentication server
    RequireMessageAuthenticator bool
    Whether to require Message-Authenticator in requests
    host string
    Address or hostname of the RADIUS authentication server
    secret string
    Shared secret used with this RADIUS authentication server
    keywrap_enabled bool
    Whether RADIUS keywrap is enabled for messages sent to this authentication server
    keywrap_format string
    Encoding format for RADIUS keywrap KEK and MACK values
    keywrap_kek string
    RADIUS keywrap key encryption key (KEK)
    keywrap_mack string
    RADIUS keywrap message authentication code key (MACK)
    port string
    UDP port used by the RADIUS authentication server
    require_message_authenticator bool
    Whether to require Message-Authenticator in requests
    host String
    Address or hostname of the RADIUS authentication server
    secret String
    Shared secret used with this RADIUS authentication server
    keywrapEnabled Boolean
    Whether RADIUS keywrap is enabled for messages sent to this authentication server
    keywrapFormat String
    Encoding format for RADIUS keywrap KEK and MACK values
    keywrapKek String
    RADIUS keywrap key encryption key (KEK)
    keywrapMack String
    RADIUS keywrap message authentication code key (MACK)
    port String
    UDP port used by the RADIUS authentication server
    requireMessageAuthenticator Boolean
    Whether to require Message-Authenticator in requests
    host string
    Address or hostname of the RADIUS authentication server
    secret string
    Shared secret used with this RADIUS authentication server
    keywrapEnabled boolean
    Whether RADIUS keywrap is enabled for messages sent to this authentication server
    keywrapFormat string
    Encoding format for RADIUS keywrap KEK and MACK values
    keywrapKek string
    RADIUS keywrap key encryption key (KEK)
    keywrapMack string
    RADIUS keywrap message authentication code key (MACK)
    port string
    UDP port used by the RADIUS authentication server
    requireMessageAuthenticator boolean
    Whether to require Message-Authenticator in requests
    host str
    Address or hostname of the RADIUS authentication server
    secret str
    Shared secret used with this RADIUS authentication server
    keywrap_enabled bool
    Whether RADIUS keywrap is enabled for messages sent to this authentication server
    keywrap_format str
    Encoding format for RADIUS keywrap KEK and MACK values
    keywrap_kek str
    RADIUS keywrap key encryption key (KEK)
    keywrap_mack str
    RADIUS keywrap message authentication code key (MACK)
    port str
    UDP port used by the RADIUS authentication server
    require_message_authenticator bool
    Whether to require Message-Authenticator in requests
    host String
    Address or hostname of the RADIUS authentication server
    secret String
    Shared secret used with this RADIUS authentication server
    keywrapEnabled Boolean
    Whether RADIUS keywrap is enabled for messages sent to this authentication server
    keywrapFormat String
    Encoding format for RADIUS keywrap KEK and MACK values
    keywrapKek String
    RADIUS keywrap key encryption key (KEK)
    keywrapMack String
    RADIUS keywrap message authentication code key (MACK)
    port String
    UDP port used by the RADIUS authentication server
    requireMessageAuthenticator Boolean
    Whether to require Message-Authenticator in requests

    WlanBonjour, WlanBonjourArgs

    AdditionalVlanIds List<string>
    additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
    Enabled bool
    Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
    Services Dictionary<string, Pulumi.JuniperMist.Org.Inputs.WlanBonjourServices>
    What services are allowed. Property key is the service name
    AdditionalVlanIds []string
    additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
    Enabled bool
    Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
    Services map[string]WlanBonjourServices
    What services are allowed. Property key is the service name
    additional_vlan_ids list(string)
    additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
    enabled bool
    Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
    services map(object)
    What services are allowed. Property key is the service name
    additionalVlanIds List<String>
    additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
    enabled Boolean
    Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
    services Map<String,WlanBonjourServices>
    What services are allowed. Property key is the service name
    additionalVlanIds string[]
    additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
    enabled boolean
    Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
    services {[key: string]: WlanBonjourServices}
    What services are allowed. Property key is the service name
    additional_vlan_ids Sequence[str]
    additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
    enabled bool
    Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
    services Mapping[str, WlanBonjourServices]
    What services are allowed. Property key is the service name
    additionalVlanIds List<String>
    additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
    enabled Boolean
    Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
    services Map<Property Map>
    What services are allowed. Property key is the service name

    WlanBonjourServices, WlanBonjourServicesArgs

    DisableLocal bool
    Whether to prevent wireless clients to discover bonjour devices on the same WLAN
    RadiusGroups List<string>
    RADIUS groups allowed to discover this Bonjour service, when restricted
    Scope string
    Discovery scope for this Bonjour service on the WLAN
    DisableLocal bool
    Whether to prevent wireless clients to discover bonjour devices on the same WLAN
    RadiusGroups []string
    RADIUS groups allowed to discover this Bonjour service, when restricted
    Scope string
    Discovery scope for this Bonjour service on the WLAN
    disable_local bool
    Whether to prevent wireless clients to discover bonjour devices on the same WLAN
    radius_groups list(string)
    RADIUS groups allowed to discover this Bonjour service, when restricted
    scope string
    Discovery scope for this Bonjour service on the WLAN
    disableLocal Boolean
    Whether to prevent wireless clients to discover bonjour devices on the same WLAN
    radiusGroups List<String>
    RADIUS groups allowed to discover this Bonjour service, when restricted
    scope String
    Discovery scope for this Bonjour service on the WLAN
    disableLocal boolean
    Whether to prevent wireless clients to discover bonjour devices on the same WLAN
    radiusGroups string[]
    RADIUS groups allowed to discover this Bonjour service, when restricted
    scope string
    Discovery scope for this Bonjour service on the WLAN
    disable_local bool
    Whether to prevent wireless clients to discover bonjour devices on the same WLAN
    radius_groups Sequence[str]
    RADIUS groups allowed to discover this Bonjour service, when restricted
    scope str
    Discovery scope for this Bonjour service on the WLAN
    disableLocal Boolean
    Whether to prevent wireless clients to discover bonjour devices on the same WLAN
    radiusGroups List<String>
    RADIUS groups allowed to discover this Bonjour service, when restricted
    scope String
    Discovery scope for this Bonjour service on the WLAN

    WlanCiscoCwa, WlanCiscoCwaArgs

    AllowedHostnames List<string>
    Hostnames allowed for Cisco CWA client access before authorization
    AllowedSubnets List<string>
    CIDR subnets allowed for Cisco CWA client access before authorization
    BlockedSubnets List<string>
    CIDR subnets blocked for Cisco CWA client access
    Enabled bool
    Whether Cisco CWA is enabled for this WLAN
    AllowedHostnames []string
    Hostnames allowed for Cisco CWA client access before authorization
    AllowedSubnets []string
    CIDR subnets allowed for Cisco CWA client access before authorization
    BlockedSubnets []string
    CIDR subnets blocked for Cisco CWA client access
    Enabled bool
    Whether Cisco CWA is enabled for this WLAN
    allowed_hostnames list(string)
    Hostnames allowed for Cisco CWA client access before authorization
    allowed_subnets list(string)
    CIDR subnets allowed for Cisco CWA client access before authorization
    blocked_subnets list(string)
    CIDR subnets blocked for Cisco CWA client access
    enabled bool
    Whether Cisco CWA is enabled for this WLAN
    allowedHostnames List<String>
    Hostnames allowed for Cisco CWA client access before authorization
    allowedSubnets List<String>
    CIDR subnets allowed for Cisco CWA client access before authorization
    blockedSubnets List<String>
    CIDR subnets blocked for Cisco CWA client access
    enabled Boolean
    Whether Cisco CWA is enabled for this WLAN
    allowedHostnames string[]
    Hostnames allowed for Cisco CWA client access before authorization
    allowedSubnets string[]
    CIDR subnets allowed for Cisco CWA client access before authorization
    blockedSubnets string[]
    CIDR subnets blocked for Cisco CWA client access
    enabled boolean
    Whether Cisco CWA is enabled for this WLAN
    allowed_hostnames Sequence[str]
    Hostnames allowed for Cisco CWA client access before authorization
    allowed_subnets Sequence[str]
    CIDR subnets allowed for Cisco CWA client access before authorization
    blocked_subnets Sequence[str]
    CIDR subnets blocked for Cisco CWA client access
    enabled bool
    Whether Cisco CWA is enabled for this WLAN
    allowedHostnames List<String>
    Hostnames allowed for Cisco CWA client access before authorization
    allowedSubnets List<String>
    CIDR subnets allowed for Cisco CWA client access before authorization
    blockedSubnets List<String>
    CIDR subnets blocked for Cisco CWA client access
    enabled Boolean
    Whether Cisco CWA is enabled for this WLAN

    WlanCoaServer, WlanCoaServerArgs

    Ip string
    Server IPv4 address for RADIUS CoA messages
    Secret string
    Shared secret used to authenticate RADIUS CoA messages
    DisableEventTimestampCheck bool
    Whether to disable Event-Timestamp Check
    Enabled bool
    Whether this RADIUS CoA server is enabled
    Port string
    UDP port used to send RADIUS CoA messages to the server
    Ip string
    Server IPv4 address for RADIUS CoA messages
    Secret string
    Shared secret used to authenticate RADIUS CoA messages
    DisableEventTimestampCheck bool
    Whether to disable Event-Timestamp Check
    Enabled bool
    Whether this RADIUS CoA server is enabled
    Port string
    UDP port used to send RADIUS CoA messages to the server
    ip string
    Server IPv4 address for RADIUS CoA messages
    secret string
    Shared secret used to authenticate RADIUS CoA messages
    disable_event_timestamp_check bool
    Whether to disable Event-Timestamp Check
    enabled bool
    Whether this RADIUS CoA server is enabled
    port string
    UDP port used to send RADIUS CoA messages to the server
    ip String
    Server IPv4 address for RADIUS CoA messages
    secret String
    Shared secret used to authenticate RADIUS CoA messages
    disableEventTimestampCheck Boolean
    Whether to disable Event-Timestamp Check
    enabled Boolean
    Whether this RADIUS CoA server is enabled
    port String
    UDP port used to send RADIUS CoA messages to the server
    ip string
    Server IPv4 address for RADIUS CoA messages
    secret string
    Shared secret used to authenticate RADIUS CoA messages
    disableEventTimestampCheck boolean
    Whether to disable Event-Timestamp Check
    enabled boolean
    Whether this RADIUS CoA server is enabled
    port string
    UDP port used to send RADIUS CoA messages to the server
    ip str
    Server IPv4 address for RADIUS CoA messages
    secret str
    Shared secret used to authenticate RADIUS CoA messages
    disable_event_timestamp_check bool
    Whether to disable Event-Timestamp Check
    enabled bool
    Whether this RADIUS CoA server is enabled
    port str
    UDP port used to send RADIUS CoA messages to the server
    ip String
    Server IPv4 address for RADIUS CoA messages
    secret String
    Shared secret used to authenticate RADIUS CoA messages
    disableEventTimestampCheck Boolean
    Whether to disable Event-Timestamp Check
    enabled Boolean
    Whether this RADIUS CoA server is enabled
    port String
    UDP port used to send RADIUS CoA messages to the server

    WlanDnsServerRewrite, WlanDnsServerRewriteArgs

    Enabled bool
    Whether DNS server rewrite by RADIUS group is enabled for this WLAN
    RadiusGroups Dictionary<string, string>
    Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
    Enabled bool
    Whether DNS server rewrite by RADIUS group is enabled for this WLAN
    RadiusGroups map[string]string
    Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
    enabled bool
    Whether DNS server rewrite by RADIUS group is enabled for this WLAN
    radius_groups map(string)
    Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
    enabled Boolean
    Whether DNS server rewrite by RADIUS group is enabled for this WLAN
    radiusGroups Map<String,String>
    Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
    enabled boolean
    Whether DNS server rewrite by RADIUS group is enabled for this WLAN
    radiusGroups {[key: string]: string}
    Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
    enabled bool
    Whether DNS server rewrite by RADIUS group is enabled for this WLAN
    radius_groups Mapping[str, str]
    Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
    enabled Boolean
    Whether DNS server rewrite by RADIUS group is enabled for this WLAN
    radiusGroups Map<String>
    Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server

    WlanDynamicPsk, WlanDynamicPskArgs

    DefaultPsk string
    Default PSK to use if cloud WLC is not available, 8-63 characters
    DefaultVlanId string
    Default VLAN ID used when dynamic PSK lookup does not return a VLAN
    Enabled bool
    Whether dynamic PSK is enabled for this WLAN
    ForceLookup bool
    When 11r is enabled, we'll try to use the cached PMK, this can be disabled. false means auto
    Source string
    Origin used to retrieve per-user PSKs
    DefaultPsk string
    Default PSK to use if cloud WLC is not available, 8-63 characters
    DefaultVlanId string
    Default VLAN ID used when dynamic PSK lookup does not return a VLAN
    Enabled bool
    Whether dynamic PSK is enabled for this WLAN
    ForceLookup bool
    When 11r is enabled, we'll try to use the cached PMK, this can be disabled. false means auto
    Source string
    Origin used to retrieve per-user PSKs
    default_psk string
    Default PSK to use if cloud WLC is not available, 8-63 characters
    default_vlan_id string
    Default VLAN ID used when dynamic PSK lookup does not return a VLAN
    enabled bool
    Whether dynamic PSK is enabled for this WLAN
    force_lookup bool
    When 11r is enabled, we'll try to use the cached PMK, this can be disabled. false means auto
    source string
    Origin used to retrieve per-user PSKs
    defaultPsk String
    Default PSK to use if cloud WLC is not available, 8-63 characters
    defaultVlanId String
    Default VLAN ID used when dynamic PSK lookup does not return a VLAN
    enabled Boolean
    Whether dynamic PSK is enabled for this WLAN
    forceLookup Boolean
    When 11r is enabled, we'll try to use the cached PMK, this can be disabled. false means auto
    source String
    Origin used to retrieve per-user PSKs
    defaultPsk string
    Default PSK to use if cloud WLC is not available, 8-63 characters
    defaultVlanId string
    Default VLAN ID used when dynamic PSK lookup does not return a VLAN
    enabled boolean
    Whether dynamic PSK is enabled for this WLAN
    forceLookup boolean
    When 11r is enabled, we'll try to use the cached PMK, this can be disabled. false means auto
    source string
    Origin used to retrieve per-user PSKs
    default_psk str
    Default PSK to use if cloud WLC is not available, 8-63 characters
    default_vlan_id str
    Default VLAN ID used when dynamic PSK lookup does not return a VLAN
    enabled bool
    Whether dynamic PSK is enabled for this WLAN
    force_lookup bool
    When 11r is enabled, we'll try to use the cached PMK, this can be disabled. false means auto
    source str
    Origin used to retrieve per-user PSKs
    defaultPsk String
    Default PSK to use if cloud WLC is not available, 8-63 characters
    defaultVlanId String
    Default VLAN ID used when dynamic PSK lookup does not return a VLAN
    enabled Boolean
    Whether dynamic PSK is enabled for this WLAN
    forceLookup Boolean
    When 11r is enabled, we'll try to use the cached PMK, this can be disabled. false means auto
    source String
    Origin used to retrieve per-user PSKs

    WlanDynamicVlan, WlanDynamicVlanArgs

    DefaultVlanIds List<string>
    Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
    Enabled bool
    Requires vlanEnabled==true to be set to true. Whether to enable dynamic vlan
    LocalVlanIds List<string>
    VLAN IDs that should be locally bridged for dynamic VLAN assignment
    Type string
    Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
    Vlans Dictionary<string, string>
    Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping

    • if dynamic_vlan.type==standard, property key is the VLAN ID and property value is ""
    • if dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
    DefaultVlanIds []string
    Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
    Enabled bool
    Requires vlanEnabled==true to be set to true. Whether to enable dynamic vlan
    LocalVlanIds []string
    VLAN IDs that should be locally bridged for dynamic VLAN assignment
    Type string
    Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
    Vlans map[string]string
    Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping

    • if dynamic_vlan.type==standard, property key is the VLAN ID and property value is ""
    • if dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
    default_vlan_ids list(string)
    Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
    enabled bool
    Requires vlanEnabled==true to be set to true. Whether to enable dynamic vlan
    local_vlan_ids list(string)
    VLAN IDs that should be locally bridged for dynamic VLAN assignment
    type string
    Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
    vlans map(string)
    Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping

    • if dynamic_vlan.type==standard, property key is the VLAN ID and property value is ""
    • if dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
    defaultVlanIds List<String>
    Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
    enabled Boolean
    Requires vlanEnabled==true to be set to true. Whether to enable dynamic vlan
    localVlanIds List<String>
    VLAN IDs that should be locally bridged for dynamic VLAN assignment
    type String
    Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
    vlans Map<String,String>
    Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping

    • if dynamic_vlan.type==standard, property key is the VLAN ID and property value is ""
    • if dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
    defaultVlanIds string[]
    Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
    enabled boolean
    Requires vlanEnabled==true to be set to true. Whether to enable dynamic vlan
    localVlanIds string[]
    VLAN IDs that should be locally bridged for dynamic VLAN assignment
    type string
    Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
    vlans {[key: string]: string}
    Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping

    • if dynamic_vlan.type==standard, property key is the VLAN ID and property value is ""
    • if dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
    default_vlan_ids Sequence[str]
    Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
    enabled bool
    Requires vlanEnabled==true to be set to true. Whether to enable dynamic vlan
    local_vlan_ids Sequence[str]
    VLAN IDs that should be locally bridged for dynamic VLAN assignment
    type str
    Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
    vlans Mapping[str, str]
    Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping

    • if dynamic_vlan.type==standard, property key is the VLAN ID and property value is ""
    • if dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
    defaultVlanIds List<String>
    Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
    enabled Boolean
    Requires vlanEnabled==true to be set to true. Whether to enable dynamic vlan
    localVlanIds List<String>
    VLAN IDs that should be locally bridged for dynamic VLAN assignment
    type String
    Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
    vlans Map<String>
    Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping

    • if dynamic_vlan.type==standard, property key is the VLAN ID and property value is ""
    • if dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name

    WlanHotspot20, WlanHotspot20Args

    DomainNames List<string>
    Advertised domain names for Hotspot 2.0 clients
    Enabled bool
    Whether to enable hotspot 2.0 config
    NaiRealms List<string>
    NAI realms advertised for Hotspot 2.0 authentication
    Operators List<string>
    Operator profiles supported by this Hotspot 2.0 configuration
    Rcois List<string>
    Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
    VenueName string
    Venue name, default is site name
    DomainNames []string
    Advertised domain names for Hotspot 2.0 clients
    Enabled bool
    Whether to enable hotspot 2.0 config
    NaiRealms []string
    NAI realms advertised for Hotspot 2.0 authentication
    Operators []string
    Operator profiles supported by this Hotspot 2.0 configuration
    Rcois []string
    Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
    VenueName string
    Venue name, default is site name
    domain_names list(string)
    Advertised domain names for Hotspot 2.0 clients
    enabled bool
    Whether to enable hotspot 2.0 config
    nai_realms list(string)
    NAI realms advertised for Hotspot 2.0 authentication
    operators list(string)
    Operator profiles supported by this Hotspot 2.0 configuration
    rcois list(string)
    Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
    venue_name string
    Venue name, default is site name
    domainNames List<String>
    Advertised domain names for Hotspot 2.0 clients
    enabled Boolean
    Whether to enable hotspot 2.0 config
    naiRealms List<String>
    NAI realms advertised for Hotspot 2.0 authentication
    operators List<String>
    Operator profiles supported by this Hotspot 2.0 configuration
    rcois List<String>
    Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
    venueName String
    Venue name, default is site name
    domainNames string[]
    Advertised domain names for Hotspot 2.0 clients
    enabled boolean
    Whether to enable hotspot 2.0 config
    naiRealms string[]
    NAI realms advertised for Hotspot 2.0 authentication
    operators string[]
    Operator profiles supported by this Hotspot 2.0 configuration
    rcois string[]
    Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
    venueName string
    Venue name, default is site name
    domain_names Sequence[str]
    Advertised domain names for Hotspot 2.0 clients
    enabled bool
    Whether to enable hotspot 2.0 config
    nai_realms Sequence[str]
    NAI realms advertised for Hotspot 2.0 authentication
    operators Sequence[str]
    Operator profiles supported by this Hotspot 2.0 configuration
    rcois Sequence[str]
    Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
    venue_name str
    Venue name, default is site name
    domainNames List<String>
    Advertised domain names for Hotspot 2.0 clients
    enabled Boolean
    Whether to enable hotspot 2.0 config
    naiRealms List<String>
    NAI realms advertised for Hotspot 2.0 authentication
    operators List<String>
    Operator profiles supported by this Hotspot 2.0 configuration
    rcois List<String>
    Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
    venueName String
    Venue name, default is site name

    WlanInjectDhcpOption82, WlanInjectDhcpOption82Args

    CircuitId string
    Information to set in the circuitId field of the DHCP Option 82. It is possible to use static string or the following variables (e.g. {{SSID}}:{{AP_MAC}}):

    • {{AP_MAC}}
    • {{AP_MAC_DASHED}}
    • {{AP_MODEL}}
    • {{AP_NAME}}
    • {{SITE_NAME}}
    • {{SSID}}
    Enabled bool
    Whether to inject option 82 when forwarding DHCP packets
    CircuitId string
    Information to set in the circuitId field of the DHCP Option 82. It is possible to use static string or the following variables (e.g. {{SSID}}:{{AP_MAC}}):

    • {{AP_MAC}}
    • {{AP_MAC_DASHED}}
    • {{AP_MODEL}}
    • {{AP_NAME}}
    • {{SITE_NAME}}
    • {{SSID}}
    Enabled bool
    Whether to inject option 82 when forwarding DHCP packets
    circuit_id string
    Information to set in the circuitId field of the DHCP Option 82. It is possible to use static string or the following variables (e.g. {{SSID}}:{{AP_MAC}}):

    • {{AP_MAC}}
    • {{AP_MAC_DASHED}}
    • {{AP_MODEL}}
    • {{AP_NAME}}
    • {{SITE_NAME}}
    • {{SSID}}
    enabled bool
    Whether to inject option 82 when forwarding DHCP packets
    circuitId String
    Information to set in the circuitId field of the DHCP Option 82. It is possible to use static string or the following variables (e.g. {{SSID}}:{{AP_MAC}}):

    • {{AP_MAC}}
    • {{AP_MAC_DASHED}}
    • {{AP_MODEL}}
    • {{AP_NAME}}
    • {{SITE_NAME}}
    • {{SSID}}
    enabled Boolean
    Whether to inject option 82 when forwarding DHCP packets
    circuitId string
    Information to set in the circuitId field of the DHCP Option 82. It is possible to use static string or the following variables (e.g. {{SSID}}:{{AP_MAC}}):

    • {{AP_MAC}}
    • {{AP_MAC_DASHED}}
    • {{AP_MODEL}}
    • {{AP_NAME}}
    • {{SITE_NAME}}
    • {{SSID}}
    enabled boolean
    Whether to inject option 82 when forwarding DHCP packets
    circuit_id str
    Information to set in the circuitId field of the DHCP Option 82. It is possible to use static string or the following variables (e.g. {{SSID}}:{{AP_MAC}}):

    • {{AP_MAC}}
    • {{AP_MAC_DASHED}}
    • {{AP_MODEL}}
    • {{AP_NAME}}
    • {{SITE_NAME}}
    • {{SSID}}
    enabled bool
    Whether to inject option 82 when forwarding DHCP packets
    circuitId String
    Information to set in the circuitId field of the DHCP Option 82. It is possible to use static string or the following variables (e.g. {{SSID}}:{{AP_MAC}}):

    • {{AP_MAC}}
    • {{AP_MAC_DASHED}}
    • {{AP_MODEL}}
    • {{AP_NAME}}
    • {{SITE_NAME}}
    • {{SSID}}
    enabled Boolean
    Whether to inject option 82 when forwarding DHCP packets

    WlanMistNac, WlanMistNacArgs

    AcctInterimInterval int
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
    AuthServersRetries int
    RADIUS auth session retries. Following fast timers are set if fastDot1xTimers knob is enabled. "retries" are set to value of authServersTimeout. "max-requests" is also set when setting authServersRetries is set to default value to 3.
    AuthServersTimeout int
    RADIUS auth session timeout. Following fast timers are set if fastDot1xTimers knob is enabled. "quite-period" and "transmit-period" are set to half the value of authServersTimeout. "supplicant-timeout" is also set when setting authServersTimeout is set to default value of 10.
    CoaEnabled bool
    Allows a RADIUS server to dynamically modify the authorization status of a user session.
    CoaPort int
    the communication port used for “Change of Authorization” (CoA) messages
    Enabled bool
    When enabled:

    • authServers is ignored
    • acctServers is ignored
    • auth_servers_* are ignored
    • coaServers is ignored
    • radsec is ignored
    • coaEnabled is assumed
    FastDot1xTimers bool
    If set to true, sets default fast-timers with values calculated from authServersTimeout and authServerRetries.
    Network string
    Which network the mist nac server resides in
    SourceIp string
    In case there is a static IP for this network, we can specify it using source ip
    AcctInterimInterval int
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
    AuthServersRetries int
    RADIUS auth session retries. Following fast timers are set if fastDot1xTimers knob is enabled. "retries" are set to value of authServersTimeout. "max-requests" is also set when setting authServersRetries is set to default value to 3.
    AuthServersTimeout int
    RADIUS auth session timeout. Following fast timers are set if fastDot1xTimers knob is enabled. "quite-period" and "transmit-period" are set to half the value of authServersTimeout. "supplicant-timeout" is also set when setting authServersTimeout is set to default value of 10.
    CoaEnabled bool
    Allows a RADIUS server to dynamically modify the authorization status of a user session.
    CoaPort int
    the communication port used for “Change of Authorization” (CoA) messages
    Enabled bool
    When enabled:

    • authServers is ignored
    • acctServers is ignored
    • auth_servers_* are ignored
    • coaServers is ignored
    • radsec is ignored
    • coaEnabled is assumed
    FastDot1xTimers bool
    If set to true, sets default fast-timers with values calculated from authServersTimeout and authServerRetries.
    Network string
    Which network the mist nac server resides in
    SourceIp string
    In case there is a static IP for this network, we can specify it using source ip
    acct_interim_interval number
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
    auth_servers_retries number
    RADIUS auth session retries. Following fast timers are set if fastDot1xTimers knob is enabled. "retries" are set to value of authServersTimeout. "max-requests" is also set when setting authServersRetries is set to default value to 3.
    auth_servers_timeout number
    RADIUS auth session timeout. Following fast timers are set if fastDot1xTimers knob is enabled. "quite-period" and "transmit-period" are set to half the value of authServersTimeout. "supplicant-timeout" is also set when setting authServersTimeout is set to default value of 10.
    coa_enabled bool
    Allows a RADIUS server to dynamically modify the authorization status of a user session.
    coa_port number
    the communication port used for “Change of Authorization” (CoA) messages
    enabled bool
    When enabled:

    • authServers is ignored
    • acctServers is ignored
    • auth_servers_* are ignored
    • coaServers is ignored
    • radsec is ignored
    • coaEnabled is assumed
    fast_dot1x_timers bool
    If set to true, sets default fast-timers with values calculated from authServersTimeout and authServerRetries.
    network string
    Which network the mist nac server resides in
    source_ip string
    In case there is a static IP for this network, we can specify it using source ip
    acctInterimInterval Integer
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
    authServersRetries Integer
    RADIUS auth session retries. Following fast timers are set if fastDot1xTimers knob is enabled. "retries" are set to value of authServersTimeout. "max-requests" is also set when setting authServersRetries is set to default value to 3.
    authServersTimeout Integer
    RADIUS auth session timeout. Following fast timers are set if fastDot1xTimers knob is enabled. "quite-period" and "transmit-period" are set to half the value of authServersTimeout. "supplicant-timeout" is also set when setting authServersTimeout is set to default value of 10.
    coaEnabled Boolean
    Allows a RADIUS server to dynamically modify the authorization status of a user session.
    coaPort Integer
    the communication port used for “Change of Authorization” (CoA) messages
    enabled Boolean
    When enabled:

    • authServers is ignored
    • acctServers is ignored
    • auth_servers_* are ignored
    • coaServers is ignored
    • radsec is ignored
    • coaEnabled is assumed
    fastDot1xTimers Boolean
    If set to true, sets default fast-timers with values calculated from authServersTimeout and authServerRetries.
    network String
    Which network the mist nac server resides in
    sourceIp String
    In case there is a static IP for this network, we can specify it using source ip
    acctInterimInterval number
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
    authServersRetries number
    RADIUS auth session retries. Following fast timers are set if fastDot1xTimers knob is enabled. "retries" are set to value of authServersTimeout. "max-requests" is also set when setting authServersRetries is set to default value to 3.
    authServersTimeout number
    RADIUS auth session timeout. Following fast timers are set if fastDot1xTimers knob is enabled. "quite-period" and "transmit-period" are set to half the value of authServersTimeout. "supplicant-timeout" is also set when setting authServersTimeout is set to default value of 10.
    coaEnabled boolean
    Allows a RADIUS server to dynamically modify the authorization status of a user session.
    coaPort number
    the communication port used for “Change of Authorization” (CoA) messages
    enabled boolean
    When enabled:

    • authServers is ignored
    • acctServers is ignored
    • auth_servers_* are ignored
    • coaServers is ignored
    • radsec is ignored
    • coaEnabled is assumed
    fastDot1xTimers boolean
    If set to true, sets default fast-timers with values calculated from authServersTimeout and authServerRetries.
    network string
    Which network the mist nac server resides in
    sourceIp string
    In case there is a static IP for this network, we can specify it using source ip
    acct_interim_interval int
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
    auth_servers_retries int
    RADIUS auth session retries. Following fast timers are set if fastDot1xTimers knob is enabled. "retries" are set to value of authServersTimeout. "max-requests" is also set when setting authServersRetries is set to default value to 3.
    auth_servers_timeout int
    RADIUS auth session timeout. Following fast timers are set if fastDot1xTimers knob is enabled. "quite-period" and "transmit-period" are set to half the value of authServersTimeout. "supplicant-timeout" is also set when setting authServersTimeout is set to default value of 10.
    coa_enabled bool
    Allows a RADIUS server to dynamically modify the authorization status of a user session.
    coa_port int
    the communication port used for “Change of Authorization” (CoA) messages
    enabled bool
    When enabled:

    • authServers is ignored
    • acctServers is ignored
    • auth_servers_* are ignored
    • coaServers is ignored
    • radsec is ignored
    • coaEnabled is assumed
    fast_dot1x_timers bool
    If set to true, sets default fast-timers with values calculated from authServersTimeout and authServerRetries.
    network str
    Which network the mist nac server resides in
    source_ip str
    In case there is a static IP for this network, we can specify it using source ip
    acctInterimInterval Number
    How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
    authServersRetries Number
    RADIUS auth session retries. Following fast timers are set if fastDot1xTimers knob is enabled. "retries" are set to value of authServersTimeout. "max-requests" is also set when setting authServersRetries is set to default value to 3.
    authServersTimeout Number
    RADIUS auth session timeout. Following fast timers are set if fastDot1xTimers knob is enabled. "quite-period" and "transmit-period" are set to half the value of authServersTimeout. "supplicant-timeout" is also set when setting authServersTimeout is set to default value of 10.
    coaEnabled Boolean
    Allows a RADIUS server to dynamically modify the authorization status of a user session.
    coaPort Number
    the communication port used for “Change of Authorization” (CoA) messages
    enabled Boolean
    When enabled:

    • authServers is ignored
    • acctServers is ignored
    • auth_servers_* are ignored
    • coaServers is ignored
    • radsec is ignored
    • coaEnabled is assumed
    fastDot1xTimers Boolean
    If set to true, sets default fast-timers with values calculated from authServersTimeout and authServerRetries.
    network String
    Which network the mist nac server resides in
    sourceIp String
    In case there is a static IP for this network, we can specify it using source ip

    WlanPortal, WlanPortalArgs

    AllowWlanIdRoam bool
    Optional if amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with different WLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming)
    AmazonClientId string
    Optional if amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
    AmazonClientSecret string
    Optional if amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank.
    AmazonEmailDomains List<string>
    Optional if amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed.
    AmazonEnabled bool
    Whether amazon is enabled as a login method
    AmazonExpire int
    Optional if amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
    Auth string
    Guest portal login scheme used by the WLAN
    AzureClientId string
    Required if azureEnabled==true. Azure active directory app client id
    AzureClientSecret string
    Required if azureEnabled==true. Azure active directory app client secret
    AzureEnabled bool
    Whether Azure Active Directory is enabled as a login method
    AzureExpire int
    Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
    AzureTenantId string
    Required if azureEnabled==true. Azure active directory tenant id.
    BroadnetPassword string
    Required if smsProvider==broadnet. Password for the Broadnet SMS provider account
    BroadnetSid string
    Required if smsProvider==broadnet. SID for the Broadnet SMS provider account
    BroadnetUserId string
    Required if smsProvider==broadnet. User ID for the Broadnet SMS provider account
    BypassWhenCloudDown bool
    Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
    ClickatellApiKey string
    Required if smsProvider==clickatell. API key for the Clickatell SMS provider account
    CrossSite bool
    Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming)
    EmailEnabled bool
    Whether email (access code verification) is enabled as a login method
    Enabled bool
    Whether guest portal is enabled
    Expire int
    How long to remain authorized, in minutes
    ExternalPortalUrl string
    Required if wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
    FacebookClientId string
    Required if facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
    FacebookClientSecret string
    Required if facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank.
    FacebookEmailDomains List<string>
    Optional if facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed.
    FacebookEnabled bool
    Whether facebook is enabled as a login method
    FacebookExpire int
    Optional if facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
    Forward bool
    Whether to forward the user to another URL after authorized
    ForwardUrl string
    URL to forward the user to
    GoogleClientId string
    Google OAuth2 app id. This is optional. If not provided, it will use a default one.
    GoogleClientSecret string
    Optional if googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank.
    GoogleEmailDomains List<string>
    Optional if googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed.
    GoogleEnabled bool
    Whether Google is enabled as login method
    GoogleExpire int
    Optional if googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
    GupshupPassword string
    Required if smsProvider==gupshup. Password for the Gupshup SMS provider account
    GupshupUserid string
    Required if smsProvider==gupshup. User ID for the Gupshup SMS provider account
    MicrosoftClientId string
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
    MicrosoftClientSecret string
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank.
    MicrosoftEmailDomains List<string>
    Optional if microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed.
    MicrosoftEnabled bool
    Whether microsoft 365 is enabled as a login method
    MicrosoftExpire int
    Optional if microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
    PassphraseEnabled bool
    Whether password is enabled
    PassphraseExpire int
    Optional if passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses expire
    Password string
    Required if passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled
    PredefinedSponsorsEnabled bool
    Whether to show list of sponsor emails mentioned in sponsors object as a dropdown. If both sponsorNotifyAll and predefinedSponsorsEnabled are false, behavior is acc to sponsorEmailDomains
    PredefinedSponsorsHideEmail bool
    Whether to hide sponsor’s email from list of sponsors
    Privacy bool
    Whether to show the privacy policy in the WLAN guest portal
    PuzzelPassword string
    Required if smsProvider==puzzel. Password for the Puzzel SMS provider account
    PuzzelServiceId string
    Required if smsProvider==puzzel. Service ID for the Puzzel SMS provider account
    PuzzelUsername string
    Required if smsProvider==puzzel. Username for the Puzzel SMS provider account
    SmsEnabled bool
    Whether sms is enabled as a login method
    SmsExpire int
    Optional if smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
    SmsMessageFormat string
    Optional if smsEnabled==true. SMS Message format
    SmsProvider string
    Optional if smsEnabled==true. SMS provider used to deliver guest portal access codes
    SmsglobalApiKey string
    Required if smsProvider==smsglobal, Client API Key
    SmsglobalApiSecret string
    Required if smsProvider==smsglobal, Client secret
    SmsglobalSender string
    Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
    SponsorAutoApprove bool
    Optional if sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled
    SponsorEmailDomains List<string>
    Email domains allowed for sponsor email addresses. Required if sponsorEnabled is true and sponsors is empty.
    SponsorEnabled bool
    Whether sponsor is enabled
    SponsorExpire int
    Optional if sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
    SponsorLinkValidityDuration string
    Optional if sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes.
    SponsorNotifyAll bool
    Optional if sponsorEnabled==true. whether to notify all sponsors that are mentioned in sponsors object. Both sponsorNotifyAll and predefinedSponsorsEnabled should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
    SponsorStatusNotify bool
    Optional if sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
    Sponsors Dictionary<string, string>
    object of allowed sponsors email with name. Required if sponsorEnabled is true and sponsorEmailDomains is empty.

            Property key is the sponsor email, Property value is the sponsor name
    
    SsoDefaultRole string
    Optional if wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    SsoForcedRole string
    Optional if wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used
    SsoIdpCert string
    Required if wlanPortalAuth==sso. IDP Cert (used to verify the signed response)
    SsoIdpSignAlgo string
    Optional if wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider
    SsoIdpSsoUrl string
    Required if wlanPortalAuth==sso, IDP Single-Sign-On URL
    SsoIssuer string
    Required if wlanPortalAuth==sso, IDP issuer URL
    SsoNameidFormat string
    Optional if wlanPortalAuth==sso. SAML NameID format expected from the identity provider
    TelstraClientId string
    Required if smsProvider==telstra, Client ID provided by Telstra
    TelstraClientSecret string
    Required if smsProvider==telstra, Client secret provided by Telstra
    TwilioAuthToken string
    Required if smsProvider==twilio, Auth token account with twilio account
    TwilioPhoneNumber string
    Required if smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format.
    TwilioSid string
    Required if smsProvider==twilio, Account SID provided by Twilio
    AllowWlanIdRoam bool
    Optional if amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with different WLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming)
    AmazonClientId string
    Optional if amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
    AmazonClientSecret string
    Optional if amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank.
    AmazonEmailDomains []string
    Optional if amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed.
    AmazonEnabled bool
    Whether amazon is enabled as a login method
    AmazonExpire int
    Optional if amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
    Auth string
    Guest portal login scheme used by the WLAN
    AzureClientId string
    Required if azureEnabled==true. Azure active directory app client id
    AzureClientSecret string
    Required if azureEnabled==true. Azure active directory app client secret
    AzureEnabled bool
    Whether Azure Active Directory is enabled as a login method
    AzureExpire int
    Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
    AzureTenantId string
    Required if azureEnabled==true. Azure active directory tenant id.
    BroadnetPassword string
    Required if smsProvider==broadnet. Password for the Broadnet SMS provider account
    BroadnetSid string
    Required if smsProvider==broadnet. SID for the Broadnet SMS provider account
    BroadnetUserId string
    Required if smsProvider==broadnet. User ID for the Broadnet SMS provider account
    BypassWhenCloudDown bool
    Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
    ClickatellApiKey string
    Required if smsProvider==clickatell. API key for the Clickatell SMS provider account
    CrossSite bool
    Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming)
    EmailEnabled bool
    Whether email (access code verification) is enabled as a login method
    Enabled bool
    Whether guest portal is enabled
    Expire int
    How long to remain authorized, in minutes
    ExternalPortalUrl string
    Required if wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
    FacebookClientId string
    Required if facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
    FacebookClientSecret string
    Required if facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank.
    FacebookEmailDomains []string
    Optional if facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed.
    FacebookEnabled bool
    Whether facebook is enabled as a login method
    FacebookExpire int
    Optional if facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
    Forward bool
    Whether to forward the user to another URL after authorized
    ForwardUrl string
    URL to forward the user to
    GoogleClientId string
    Google OAuth2 app id. This is optional. If not provided, it will use a default one.
    GoogleClientSecret string
    Optional if googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank.
    GoogleEmailDomains []string
    Optional if googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed.
    GoogleEnabled bool
    Whether Google is enabled as login method
    GoogleExpire int
    Optional if googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
    GupshupPassword string
    Required if smsProvider==gupshup. Password for the Gupshup SMS provider account
    GupshupUserid string
    Required if smsProvider==gupshup. User ID for the Gupshup SMS provider account
    MicrosoftClientId string
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
    MicrosoftClientSecret string
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank.
    MicrosoftEmailDomains []string
    Optional if microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed.
    MicrosoftEnabled bool
    Whether microsoft 365 is enabled as a login method
    MicrosoftExpire int
    Optional if microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
    PassphraseEnabled bool
    Whether password is enabled
    PassphraseExpire int
    Optional if passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses expire
    Password string
    Required if passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled
    PredefinedSponsorsEnabled bool
    Whether to show list of sponsor emails mentioned in sponsors object as a dropdown. If both sponsorNotifyAll and predefinedSponsorsEnabled are false, behavior is acc to sponsorEmailDomains
    PredefinedSponsorsHideEmail bool
    Whether to hide sponsor’s email from list of sponsors
    Privacy bool
    Whether to show the privacy policy in the WLAN guest portal
    PuzzelPassword string
    Required if smsProvider==puzzel. Password for the Puzzel SMS provider account
    PuzzelServiceId string
    Required if smsProvider==puzzel. Service ID for the Puzzel SMS provider account
    PuzzelUsername string
    Required if smsProvider==puzzel. Username for the Puzzel SMS provider account
    SmsEnabled bool
    Whether sms is enabled as a login method
    SmsExpire int
    Optional if smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
    SmsMessageFormat string
    Optional if smsEnabled==true. SMS Message format
    SmsProvider string
    Optional if smsEnabled==true. SMS provider used to deliver guest portal access codes
    SmsglobalApiKey string
    Required if smsProvider==smsglobal, Client API Key
    SmsglobalApiSecret string
    Required if smsProvider==smsglobal, Client secret
    SmsglobalSender string
    Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
    SponsorAutoApprove bool
    Optional if sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled
    SponsorEmailDomains []string
    Email domains allowed for sponsor email addresses. Required if sponsorEnabled is true and sponsors is empty.
    SponsorEnabled bool
    Whether sponsor is enabled
    SponsorExpire int
    Optional if sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
    SponsorLinkValidityDuration string
    Optional if sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes.
    SponsorNotifyAll bool
    Optional if sponsorEnabled==true. whether to notify all sponsors that are mentioned in sponsors object. Both sponsorNotifyAll and predefinedSponsorsEnabled should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
    SponsorStatusNotify bool
    Optional if sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
    Sponsors map[string]string
    object of allowed sponsors email with name. Required if sponsorEnabled is true and sponsorEmailDomains is empty.

            Property key is the sponsor email, Property value is the sponsor name
    
    SsoDefaultRole string
    Optional if wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    SsoForcedRole string
    Optional if wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used
    SsoIdpCert string
    Required if wlanPortalAuth==sso. IDP Cert (used to verify the signed response)
    SsoIdpSignAlgo string
    Optional if wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider
    SsoIdpSsoUrl string
    Required if wlanPortalAuth==sso, IDP Single-Sign-On URL
    SsoIssuer string
    Required if wlanPortalAuth==sso, IDP issuer URL
    SsoNameidFormat string
    Optional if wlanPortalAuth==sso. SAML NameID format expected from the identity provider
    TelstraClientId string
    Required if smsProvider==telstra, Client ID provided by Telstra
    TelstraClientSecret string
    Required if smsProvider==telstra, Client secret provided by Telstra
    TwilioAuthToken string
    Required if smsProvider==twilio, Auth token account with twilio account
    TwilioPhoneNumber string
    Required if smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format.
    TwilioSid string
    Required if smsProvider==twilio, Account SID provided by Twilio
    allow_wlan_id_roam bool
    Optional if amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with different WLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming)
    amazon_client_id string
    Optional if amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
    amazon_client_secret string
    Optional if amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank.
    amazon_email_domains list(string)
    Optional if amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed.
    amazon_enabled bool
    Whether amazon is enabled as a login method
    amazon_expire number
    Optional if amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
    auth string
    Guest portal login scheme used by the WLAN
    azure_client_id string
    Required if azureEnabled==true. Azure active directory app client id
    azure_client_secret string
    Required if azureEnabled==true. Azure active directory app client secret
    azure_enabled bool
    Whether Azure Active Directory is enabled as a login method
    azure_expire number
    Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
    azure_tenant_id string
    Required if azureEnabled==true. Azure active directory tenant id.
    broadnet_password string
    Required if smsProvider==broadnet. Password for the Broadnet SMS provider account
    broadnet_sid string
    Required if smsProvider==broadnet. SID for the Broadnet SMS provider account
    broadnet_user_id string
    Required if smsProvider==broadnet. User ID for the Broadnet SMS provider account
    bypass_when_cloud_down bool
    Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
    clickatell_api_key string
    Required if smsProvider==clickatell. API key for the Clickatell SMS provider account
    cross_site bool
    Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming)
    email_enabled bool
    Whether email (access code verification) is enabled as a login method
    enabled bool
    Whether guest portal is enabled
    expire number
    How long to remain authorized, in minutes
    external_portal_url string
    Required if wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
    facebook_client_id string
    Required if facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
    facebook_client_secret string
    Required if facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank.
    facebook_email_domains list(string)
    Optional if facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed.
    facebook_enabled bool
    Whether facebook is enabled as a login method
    facebook_expire number
    Optional if facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
    forward bool
    Whether to forward the user to another URL after authorized
    forward_url string
    URL to forward the user to
    google_client_id string
    Google OAuth2 app id. This is optional. If not provided, it will use a default one.
    google_client_secret string
    Optional if googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank.
    google_email_domains list(string)
    Optional if googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed.
    google_enabled bool
    Whether Google is enabled as login method
    google_expire number
    Optional if googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
    gupshup_password string
    Required if smsProvider==gupshup. Password for the Gupshup SMS provider account
    gupshup_userid string
    Required if smsProvider==gupshup. User ID for the Gupshup SMS provider account
    microsoft_client_id string
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
    microsoft_client_secret string
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank.
    microsoft_email_domains list(string)
    Optional if microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed.
    microsoft_enabled bool
    Whether microsoft 365 is enabled as a login method
    microsoft_expire number
    Optional if microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
    passphrase_enabled bool
    Whether password is enabled
    passphrase_expire number
    Optional if passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses expire
    password string
    Required if passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled
    predefined_sponsors_enabled bool
    Whether to show list of sponsor emails mentioned in sponsors object as a dropdown. If both sponsorNotifyAll and predefinedSponsorsEnabled are false, behavior is acc to sponsorEmailDomains
    predefined_sponsors_hide_email bool
    Whether to hide sponsor’s email from list of sponsors
    privacy bool
    Whether to show the privacy policy in the WLAN guest portal
    puzzel_password string
    Required if smsProvider==puzzel. Password for the Puzzel SMS provider account
    puzzel_service_id string
    Required if smsProvider==puzzel. Service ID for the Puzzel SMS provider account
    puzzel_username string
    Required if smsProvider==puzzel. Username for the Puzzel SMS provider account
    sms_enabled bool
    Whether sms is enabled as a login method
    sms_expire number
    Optional if smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
    sms_message_format string
    Optional if smsEnabled==true. SMS Message format
    sms_provider string
    Optional if smsEnabled==true. SMS provider used to deliver guest portal access codes
    smsglobal_api_key string
    Required if smsProvider==smsglobal, Client API Key
    smsglobal_api_secret string
    Required if smsProvider==smsglobal, Client secret
    smsglobal_sender string
    Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
    bool
    Optional if sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled
    list(string)
    Email domains allowed for sponsor email addresses. Required if sponsorEnabled is true and sponsors is empty.
    bool
    Whether sponsor is enabled
    number
    Optional if sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
    string
    Optional if sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes.
    bool
    Optional if sponsorEnabled==true. whether to notify all sponsors that are mentioned in sponsors object. Both sponsorNotifyAll and predefinedSponsorsEnabled should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
    bool
    Optional if sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
    sponsors map(string)
    object of allowed sponsors email with name. Required if sponsorEnabled is true and sponsorEmailDomains is empty.

            Property key is the sponsor email, Property value is the sponsor name
    
    sso_default_role string
    Optional if wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    sso_forced_role string
    Optional if wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used
    sso_idp_cert string
    Required if wlanPortalAuth==sso. IDP Cert (used to verify the signed response)
    sso_idp_sign_algo string
    Optional if wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider
    sso_idp_sso_url string
    Required if wlanPortalAuth==sso, IDP Single-Sign-On URL
    sso_issuer string
    Required if wlanPortalAuth==sso, IDP issuer URL
    sso_nameid_format string
    Optional if wlanPortalAuth==sso. SAML NameID format expected from the identity provider
    telstra_client_id string
    Required if smsProvider==telstra, Client ID provided by Telstra
    telstra_client_secret string
    Required if smsProvider==telstra, Client secret provided by Telstra
    twilio_auth_token string
    Required if smsProvider==twilio, Auth token account with twilio account
    twilio_phone_number string
    Required if smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format.
    twilio_sid string
    Required if smsProvider==twilio, Account SID provided by Twilio
    allowWlanIdRoam Boolean
    Optional if amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with different WLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming)
    amazonClientId String
    Optional if amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
    amazonClientSecret String
    Optional if amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank.
    amazonEmailDomains List<String>
    Optional if amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed.
    amazonEnabled Boolean
    Whether amazon is enabled as a login method
    amazonExpire Integer
    Optional if amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
    auth String
    Guest portal login scheme used by the WLAN
    azureClientId String
    Required if azureEnabled==true. Azure active directory app client id
    azureClientSecret String
    Required if azureEnabled==true. Azure active directory app client secret
    azureEnabled Boolean
    Whether Azure Active Directory is enabled as a login method
    azureExpire Integer
    Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
    azureTenantId String
    Required if azureEnabled==true. Azure active directory tenant id.
    broadnetPassword String
    Required if smsProvider==broadnet. Password for the Broadnet SMS provider account
    broadnetSid String
    Required if smsProvider==broadnet. SID for the Broadnet SMS provider account
    broadnetUserId String
    Required if smsProvider==broadnet. User ID for the Broadnet SMS provider account
    bypassWhenCloudDown Boolean
    Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
    clickatellApiKey String
    Required if smsProvider==clickatell. API key for the Clickatell SMS provider account
    crossSite Boolean
    Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming)
    emailEnabled Boolean
    Whether email (access code verification) is enabled as a login method
    enabled Boolean
    Whether guest portal is enabled
    expire Integer
    How long to remain authorized, in minutes
    externalPortalUrl String
    Required if wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
    facebookClientId String
    Required if facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
    facebookClientSecret String
    Required if facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank.
    facebookEmailDomains List<String>
    Optional if facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed.
    facebookEnabled Boolean
    Whether facebook is enabled as a login method
    facebookExpire Integer
    Optional if facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
    forward Boolean
    Whether to forward the user to another URL after authorized
    forwardUrl String
    URL to forward the user to
    googleClientId String
    Google OAuth2 app id. This is optional. If not provided, it will use a default one.
    googleClientSecret String
    Optional if googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank.
    googleEmailDomains List<String>
    Optional if googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed.
    googleEnabled Boolean
    Whether Google is enabled as login method
    googleExpire Integer
    Optional if googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
    gupshupPassword String
    Required if smsProvider==gupshup. Password for the Gupshup SMS provider account
    gupshupUserid String
    Required if smsProvider==gupshup. User ID for the Gupshup SMS provider account
    microsoftClientId String
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
    microsoftClientSecret String
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank.
    microsoftEmailDomains List<String>
    Optional if microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed.
    microsoftEnabled Boolean
    Whether microsoft 365 is enabled as a login method
    microsoftExpire Integer
    Optional if microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
    passphraseEnabled Boolean
    Whether password is enabled
    passphraseExpire Integer
    Optional if passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses expire
    password String
    Required if passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled
    predefinedSponsorsEnabled Boolean
    Whether to show list of sponsor emails mentioned in sponsors object as a dropdown. If both sponsorNotifyAll and predefinedSponsorsEnabled are false, behavior is acc to sponsorEmailDomains
    predefinedSponsorsHideEmail Boolean
    Whether to hide sponsor’s email from list of sponsors
    privacy Boolean
    Whether to show the privacy policy in the WLAN guest portal
    puzzelPassword String
    Required if smsProvider==puzzel. Password for the Puzzel SMS provider account
    puzzelServiceId String
    Required if smsProvider==puzzel. Service ID for the Puzzel SMS provider account
    puzzelUsername String
    Required if smsProvider==puzzel. Username for the Puzzel SMS provider account
    smsEnabled Boolean
    Whether sms is enabled as a login method
    smsExpire Integer
    Optional if smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
    smsMessageFormat String
    Optional if smsEnabled==true. SMS Message format
    smsProvider String
    Optional if smsEnabled==true. SMS provider used to deliver guest portal access codes
    smsglobalApiKey String
    Required if smsProvider==smsglobal, Client API Key
    smsglobalApiSecret String
    Required if smsProvider==smsglobal, Client secret
    smsglobalSender String
    Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
    sponsorAutoApprove Boolean
    Optional if sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled
    sponsorEmailDomains List<String>
    Email domains allowed for sponsor email addresses. Required if sponsorEnabled is true and sponsors is empty.
    sponsorEnabled Boolean
    Whether sponsor is enabled
    sponsorExpire Integer
    Optional if sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
    sponsorLinkValidityDuration String
    Optional if sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes.
    sponsorNotifyAll Boolean
    Optional if sponsorEnabled==true. whether to notify all sponsors that are mentioned in sponsors object. Both sponsorNotifyAll and predefinedSponsorsEnabled should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
    sponsorStatusNotify Boolean
    Optional if sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
    sponsors Map<String,String>
    object of allowed sponsors email with name. Required if sponsorEnabled is true and sponsorEmailDomains is empty.

            Property key is the sponsor email, Property value is the sponsor name
    
    ssoDefaultRole String
    Optional if wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    ssoForcedRole String
    Optional if wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used
    ssoIdpCert String
    Required if wlanPortalAuth==sso. IDP Cert (used to verify the signed response)
    ssoIdpSignAlgo String
    Optional if wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider
    ssoIdpSsoUrl String
    Required if wlanPortalAuth==sso, IDP Single-Sign-On URL
    ssoIssuer String
    Required if wlanPortalAuth==sso, IDP issuer URL
    ssoNameidFormat String
    Optional if wlanPortalAuth==sso. SAML NameID format expected from the identity provider
    telstraClientId String
    Required if smsProvider==telstra, Client ID provided by Telstra
    telstraClientSecret String
    Required if smsProvider==telstra, Client secret provided by Telstra
    twilioAuthToken String
    Required if smsProvider==twilio, Auth token account with twilio account
    twilioPhoneNumber String
    Required if smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format.
    twilioSid String
    Required if smsProvider==twilio, Account SID provided by Twilio
    allowWlanIdRoam boolean
    Optional if amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with different WLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming)
    amazonClientId string
    Optional if amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
    amazonClientSecret string
    Optional if amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank.
    amazonEmailDomains string[]
    Optional if amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed.
    amazonEnabled boolean
    Whether amazon is enabled as a login method
    amazonExpire number
    Optional if amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
    auth string
    Guest portal login scheme used by the WLAN
    azureClientId string
    Required if azureEnabled==true. Azure active directory app client id
    azureClientSecret string
    Required if azureEnabled==true. Azure active directory app client secret
    azureEnabled boolean
    Whether Azure Active Directory is enabled as a login method
    azureExpire number
    Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
    azureTenantId string
    Required if azureEnabled==true. Azure active directory tenant id.
    broadnetPassword string
    Required if smsProvider==broadnet. Password for the Broadnet SMS provider account
    broadnetSid string
    Required if smsProvider==broadnet. SID for the Broadnet SMS provider account
    broadnetUserId string
    Required if smsProvider==broadnet. User ID for the Broadnet SMS provider account
    bypassWhenCloudDown boolean
    Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
    clickatellApiKey string
    Required if smsProvider==clickatell. API key for the Clickatell SMS provider account
    crossSite boolean
    Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming)
    emailEnabled boolean
    Whether email (access code verification) is enabled as a login method
    enabled boolean
    Whether guest portal is enabled
    expire number
    How long to remain authorized, in minutes
    externalPortalUrl string
    Required if wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
    facebookClientId string
    Required if facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
    facebookClientSecret string
    Required if facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank.
    facebookEmailDomains string[]
    Optional if facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed.
    facebookEnabled boolean
    Whether facebook is enabled as a login method
    facebookExpire number
    Optional if facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
    forward boolean
    Whether to forward the user to another URL after authorized
    forwardUrl string
    URL to forward the user to
    googleClientId string
    Google OAuth2 app id. This is optional. If not provided, it will use a default one.
    googleClientSecret string
    Optional if googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank.
    googleEmailDomains string[]
    Optional if googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed.
    googleEnabled boolean
    Whether Google is enabled as login method
    googleExpire number
    Optional if googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
    gupshupPassword string
    Required if smsProvider==gupshup. Password for the Gupshup SMS provider account
    gupshupUserid string
    Required if smsProvider==gupshup. User ID for the Gupshup SMS provider account
    microsoftClientId string
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
    microsoftClientSecret string
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank.
    microsoftEmailDomains string[]
    Optional if microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed.
    microsoftEnabled boolean
    Whether microsoft 365 is enabled as a login method
    microsoftExpire number
    Optional if microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
    passphraseEnabled boolean
    Whether password is enabled
    passphraseExpire number
    Optional if passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses expire
    password string
    Required if passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled
    predefinedSponsorsEnabled boolean
    Whether to show list of sponsor emails mentioned in sponsors object as a dropdown. If both sponsorNotifyAll and predefinedSponsorsEnabled are false, behavior is acc to sponsorEmailDomains
    predefinedSponsorsHideEmail boolean
    Whether to hide sponsor’s email from list of sponsors
    privacy boolean
    Whether to show the privacy policy in the WLAN guest portal
    puzzelPassword string
    Required if smsProvider==puzzel. Password for the Puzzel SMS provider account
    puzzelServiceId string
    Required if smsProvider==puzzel. Service ID for the Puzzel SMS provider account
    puzzelUsername string
    Required if smsProvider==puzzel. Username for the Puzzel SMS provider account
    smsEnabled boolean
    Whether sms is enabled as a login method
    smsExpire number
    Optional if smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
    smsMessageFormat string
    Optional if smsEnabled==true. SMS Message format
    smsProvider string
    Optional if smsEnabled==true. SMS provider used to deliver guest portal access codes
    smsglobalApiKey string
    Required if smsProvider==smsglobal, Client API Key
    smsglobalApiSecret string
    Required if smsProvider==smsglobal, Client secret
    smsglobalSender string
    Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
    sponsorAutoApprove boolean
    Optional if sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled
    sponsorEmailDomains string[]
    Email domains allowed for sponsor email addresses. Required if sponsorEnabled is true and sponsors is empty.
    sponsorEnabled boolean
    Whether sponsor is enabled
    sponsorExpire number
    Optional if sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
    sponsorLinkValidityDuration string
    Optional if sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes.
    sponsorNotifyAll boolean
    Optional if sponsorEnabled==true. whether to notify all sponsors that are mentioned in sponsors object. Both sponsorNotifyAll and predefinedSponsorsEnabled should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
    sponsorStatusNotify boolean
    Optional if sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
    sponsors {[key: string]: string}
    object of allowed sponsors email with name. Required if sponsorEnabled is true and sponsorEmailDomains is empty.

            Property key is the sponsor email, Property value is the sponsor name
    
    ssoDefaultRole string
    Optional if wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    ssoForcedRole string
    Optional if wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used
    ssoIdpCert string
    Required if wlanPortalAuth==sso. IDP Cert (used to verify the signed response)
    ssoIdpSignAlgo string
    Optional if wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider
    ssoIdpSsoUrl string
    Required if wlanPortalAuth==sso, IDP Single-Sign-On URL
    ssoIssuer string
    Required if wlanPortalAuth==sso, IDP issuer URL
    ssoNameidFormat string
    Optional if wlanPortalAuth==sso. SAML NameID format expected from the identity provider
    telstraClientId string
    Required if smsProvider==telstra, Client ID provided by Telstra
    telstraClientSecret string
    Required if smsProvider==telstra, Client secret provided by Telstra
    twilioAuthToken string
    Required if smsProvider==twilio, Auth token account with twilio account
    twilioPhoneNumber string
    Required if smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format.
    twilioSid string
    Required if smsProvider==twilio, Account SID provided by Twilio
    allow_wlan_id_roam bool
    Optional if amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with different WLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming)
    amazon_client_id str
    Optional if amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
    amazon_client_secret str
    Optional if amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank.
    amazon_email_domains Sequence[str]
    Optional if amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed.
    amazon_enabled bool
    Whether amazon is enabled as a login method
    amazon_expire int
    Optional if amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
    auth str
    Guest portal login scheme used by the WLAN
    azure_client_id str
    Required if azureEnabled==true. Azure active directory app client id
    azure_client_secret str
    Required if azureEnabled==true. Azure active directory app client secret
    azure_enabled bool
    Whether Azure Active Directory is enabled as a login method
    azure_expire int
    Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
    azure_tenant_id str
    Required if azureEnabled==true. Azure active directory tenant id.
    broadnet_password str
    Required if smsProvider==broadnet. Password for the Broadnet SMS provider account
    broadnet_sid str
    Required if smsProvider==broadnet. SID for the Broadnet SMS provider account
    broadnet_user_id str
    Required if smsProvider==broadnet. User ID for the Broadnet SMS provider account
    bypass_when_cloud_down bool
    Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
    clickatell_api_key str
    Required if smsProvider==clickatell. API key for the Clickatell SMS provider account
    cross_site bool
    Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming)
    email_enabled bool
    Whether email (access code verification) is enabled as a login method
    enabled bool
    Whether guest portal is enabled
    expire int
    How long to remain authorized, in minutes
    external_portal_url str
    Required if wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
    facebook_client_id str
    Required if facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
    facebook_client_secret str
    Required if facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank.
    facebook_email_domains Sequence[str]
    Optional if facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed.
    facebook_enabled bool
    Whether facebook is enabled as a login method
    facebook_expire int
    Optional if facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
    forward bool
    Whether to forward the user to another URL after authorized
    forward_url str
    URL to forward the user to
    google_client_id str
    Google OAuth2 app id. This is optional. If not provided, it will use a default one.
    google_client_secret str
    Optional if googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank.
    google_email_domains Sequence[str]
    Optional if googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed.
    google_enabled bool
    Whether Google is enabled as login method
    google_expire int
    Optional if googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
    gupshup_password str
    Required if smsProvider==gupshup. Password for the Gupshup SMS provider account
    gupshup_userid str
    Required if smsProvider==gupshup. User ID for the Gupshup SMS provider account
    microsoft_client_id str
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
    microsoft_client_secret str
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank.
    microsoft_email_domains Sequence[str]
    Optional if microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed.
    microsoft_enabled bool
    Whether microsoft 365 is enabled as a login method
    microsoft_expire int
    Optional if microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
    passphrase_enabled bool
    Whether password is enabled
    passphrase_expire int
    Optional if passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses expire
    password str
    Required if passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled
    predefined_sponsors_enabled bool
    Whether to show list of sponsor emails mentioned in sponsors object as a dropdown. If both sponsorNotifyAll and predefinedSponsorsEnabled are false, behavior is acc to sponsorEmailDomains
    predefined_sponsors_hide_email bool
    Whether to hide sponsor’s email from list of sponsors
    privacy bool
    Whether to show the privacy policy in the WLAN guest portal
    puzzel_password str
    Required if smsProvider==puzzel. Password for the Puzzel SMS provider account
    puzzel_service_id str
    Required if smsProvider==puzzel. Service ID for the Puzzel SMS provider account
    puzzel_username str
    Required if smsProvider==puzzel. Username for the Puzzel SMS provider account
    sms_enabled bool
    Whether sms is enabled as a login method
    sms_expire int
    Optional if smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
    sms_message_format str
    Optional if smsEnabled==true. SMS Message format
    sms_provider str
    Optional if smsEnabled==true. SMS provider used to deliver guest portal access codes
    smsglobal_api_key str
    Required if smsProvider==smsglobal, Client API Key
    smsglobal_api_secret str
    Required if smsProvider==smsglobal, Client secret
    smsglobal_sender str
    Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
    bool
    Optional if sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled
    Sequence[str]
    Email domains allowed for sponsor email addresses. Required if sponsorEnabled is true and sponsors is empty.
    bool
    Whether sponsor is enabled
    int
    Optional if sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
    str
    Optional if sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes.
    bool
    Optional if sponsorEnabled==true. whether to notify all sponsors that are mentioned in sponsors object. Both sponsorNotifyAll and predefinedSponsorsEnabled should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
    bool
    Optional if sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
    sponsors Mapping[str, str]
    object of allowed sponsors email with name. Required if sponsorEnabled is true and sponsorEmailDomains is empty.

            Property key is the sponsor email, Property value is the sponsor name
    
    sso_default_role str
    Optional if wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    sso_forced_role str
    Optional if wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used
    sso_idp_cert str
    Required if wlanPortalAuth==sso. IDP Cert (used to verify the signed response)
    sso_idp_sign_algo str
    Optional if wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider
    sso_idp_sso_url str
    Required if wlanPortalAuth==sso, IDP Single-Sign-On URL
    sso_issuer str
    Required if wlanPortalAuth==sso, IDP issuer URL
    sso_nameid_format str
    Optional if wlanPortalAuth==sso. SAML NameID format expected from the identity provider
    telstra_client_id str
    Required if smsProvider==telstra, Client ID provided by Telstra
    telstra_client_secret str
    Required if smsProvider==telstra, Client secret provided by Telstra
    twilio_auth_token str
    Required if smsProvider==twilio, Auth token account with twilio account
    twilio_phone_number str
    Required if smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format.
    twilio_sid str
    Required if smsProvider==twilio, Account SID provided by Twilio
    allowWlanIdRoam Boolean
    Optional if amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with different WLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming)
    amazonClientId String
    Optional if amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
    amazonClientSecret String
    Optional if amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank.
    amazonEmailDomains List<String>
    Optional if amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed.
    amazonEnabled Boolean
    Whether amazon is enabled as a login method
    amazonExpire Number
    Optional if amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
    auth String
    Guest portal login scheme used by the WLAN
    azureClientId String
    Required if azureEnabled==true. Azure active directory app client id
    azureClientSecret String
    Required if azureEnabled==true. Azure active directory app client secret
    azureEnabled Boolean
    Whether Azure Active Directory is enabled as a login method
    azureExpire Number
    Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
    azureTenantId String
    Required if azureEnabled==true. Azure active directory tenant id.
    broadnetPassword String
    Required if smsProvider==broadnet. Password for the Broadnet SMS provider account
    broadnetSid String
    Required if smsProvider==broadnet. SID for the Broadnet SMS provider account
    broadnetUserId String
    Required if smsProvider==broadnet. User ID for the Broadnet SMS provider account
    bypassWhenCloudDown Boolean
    Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
    clickatellApiKey String
    Required if smsProvider==clickatell. API key for the Clickatell SMS provider account
    crossSite Boolean
    Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming)
    emailEnabled Boolean
    Whether email (access code verification) is enabled as a login method
    enabled Boolean
    Whether guest portal is enabled
    expire Number
    How long to remain authorized, in minutes
    externalPortalUrl String
    Required if wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
    facebookClientId String
    Required if facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
    facebookClientSecret String
    Required if facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank.
    facebookEmailDomains List<String>
    Optional if facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed.
    facebookEnabled Boolean
    Whether facebook is enabled as a login method
    facebookExpire Number
    Optional if facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
    forward Boolean
    Whether to forward the user to another URL after authorized
    forwardUrl String
    URL to forward the user to
    googleClientId String
    Google OAuth2 app id. This is optional. If not provided, it will use a default one.
    googleClientSecret String
    Optional if googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank.
    googleEmailDomains List<String>
    Optional if googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed.
    googleEnabled Boolean
    Whether Google is enabled as login method
    googleExpire Number
    Optional if googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
    gupshupPassword String
    Required if smsProvider==gupshup. Password for the Gupshup SMS provider account
    gupshupUserid String
    Required if smsProvider==gupshup. User ID for the Gupshup SMS provider account
    microsoftClientId String
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
    microsoftClientSecret String
    Optional if microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank.
    microsoftEmailDomains List<String>
    Optional if microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed.
    microsoftEnabled Boolean
    Whether microsoft 365 is enabled as a login method
    microsoftExpire Number
    Optional if microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
    passphraseEnabled Boolean
    Whether password is enabled
    passphraseExpire Number
    Optional if passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses expire
    password String
    Required if passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled
    predefinedSponsorsEnabled Boolean
    Whether to show list of sponsor emails mentioned in sponsors object as a dropdown. If both sponsorNotifyAll and predefinedSponsorsEnabled are false, behavior is acc to sponsorEmailDomains
    predefinedSponsorsHideEmail Boolean
    Whether to hide sponsor’s email from list of sponsors
    privacy Boolean
    Whether to show the privacy policy in the WLAN guest portal
    puzzelPassword String
    Required if smsProvider==puzzel. Password for the Puzzel SMS provider account
    puzzelServiceId String
    Required if smsProvider==puzzel. Service ID for the Puzzel SMS provider account
    puzzelUsername String
    Required if smsProvider==puzzel. Username for the Puzzel SMS provider account
    smsEnabled Boolean
    Whether sms is enabled as a login method
    smsExpire Number
    Optional if smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
    smsMessageFormat String
    Optional if smsEnabled==true. SMS Message format
    smsProvider String
    Optional if smsEnabled==true. SMS provider used to deliver guest portal access codes
    smsglobalApiKey String
    Required if smsProvider==smsglobal, Client API Key
    smsglobalApiSecret String
    Required if smsProvider==smsglobal, Client secret
    smsglobalSender String
    Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
    sponsorAutoApprove Boolean
    Optional if sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled
    sponsorEmailDomains List<String>
    Email domains allowed for sponsor email addresses. Required if sponsorEnabled is true and sponsors is empty.
    sponsorEnabled Boolean
    Whether sponsor is enabled
    sponsorExpire Number
    Optional if sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
    sponsorLinkValidityDuration String
    Optional if sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes.
    sponsorNotifyAll Boolean
    Optional if sponsorEnabled==true. whether to notify all sponsors that are mentioned in sponsors object. Both sponsorNotifyAll and predefinedSponsorsEnabled should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
    sponsorStatusNotify Boolean
    Optional if sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
    sponsors Map<String>
    object of allowed sponsors email with name. Required if sponsorEnabled is true and sponsorEmailDomains is empty.

            Property key is the sponsor email, Property value is the sponsor name
    
    ssoDefaultRole String
    Optional if wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
    ssoForcedRole String
    Optional if wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used
    ssoIdpCert String
    Required if wlanPortalAuth==sso. IDP Cert (used to verify the signed response)
    ssoIdpSignAlgo String
    Optional if wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider
    ssoIdpSsoUrl String
    Required if wlanPortalAuth==sso, IDP Single-Sign-On URL
    ssoIssuer String
    Required if wlanPortalAuth==sso, IDP issuer URL
    ssoNameidFormat String
    Optional if wlanPortalAuth==sso. SAML NameID format expected from the identity provider
    telstraClientId String
    Required if smsProvider==telstra, Client ID provided by Telstra
    telstraClientSecret String
    Required if smsProvider==telstra, Client secret provided by Telstra
    twilioAuthToken String
    Required if smsProvider==twilio, Auth token account with twilio account
    twilioPhoneNumber String
    Required if smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format.
    twilioSid String
    Required if smsProvider==twilio, Account SID provided by Twilio

    WlanQos, WlanQosArgs

    Class string
    QoS traffic class applied when WLAN QoS override is enabled
    Overwrite bool
    Whether to overwrite QoS
    Class string
    QoS traffic class applied when WLAN QoS override is enabled
    Overwrite bool
    Whether to overwrite QoS
    class string
    QoS traffic class applied when WLAN QoS override is enabled
    overwrite bool
    Whether to overwrite QoS
    class_ String
    QoS traffic class applied when WLAN QoS override is enabled
    overwrite Boolean
    Whether to overwrite QoS
    class string
    QoS traffic class applied when WLAN QoS override is enabled
    overwrite boolean
    Whether to overwrite QoS
    class_ str
    QoS traffic class applied when WLAN QoS override is enabled
    overwrite bool
    Whether to overwrite QoS
    class String
    QoS traffic class applied when WLAN QoS override is enabled
    overwrite Boolean
    Whether to overwrite QoS

    WlanRadsec, WlanRadsecArgs

    CoaEnabled bool
    Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
    Enabled bool
    Whether RadSec is enabled
    IdleTimeout string
    Idle timeout, in seconds, for RadSec connections
    MxclusterIds List<string>
    Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
    ProxyHosts List<string>
    RadSec proxy hostnames advertised to APs
    ServerName string
    TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
    Servers List<Pulumi.JuniperMist.Org.Inputs.WlanRadsecServer>
    External RadSec servers. Only if not Mist Edge.
    UseMxedge bool
    Whether to use organization Mist Edge instances as RadSec proxies
    UseSiteMxedge bool
    Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
    CoaEnabled bool
    Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
    Enabled bool
    Whether RadSec is enabled
    IdleTimeout string
    Idle timeout, in seconds, for RadSec connections
    MxclusterIds []string
    Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
    ProxyHosts []string
    RadSec proxy hostnames advertised to APs
    ServerName string
    TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
    Servers []WlanRadsecServer
    External RadSec servers. Only if not Mist Edge.
    UseMxedge bool
    Whether to use organization Mist Edge instances as RadSec proxies
    UseSiteMxedge bool
    Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
    coa_enabled bool
    Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
    enabled bool
    Whether RadSec is enabled
    idle_timeout string
    Idle timeout, in seconds, for RadSec connections
    mxcluster_ids list(string)
    Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
    proxy_hosts list(string)
    RadSec proxy hostnames advertised to APs
    server_name string
    TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
    servers list(object)
    External RadSec servers. Only if not Mist Edge.
    use_mxedge bool
    Whether to use organization Mist Edge instances as RadSec proxies
    use_site_mxedge bool
    Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
    coaEnabled Boolean
    Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
    enabled Boolean
    Whether RadSec is enabled
    idleTimeout String
    Idle timeout, in seconds, for RadSec connections
    mxclusterIds List<String>
    Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
    proxyHosts List<String>
    RadSec proxy hostnames advertised to APs
    serverName String
    TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
    servers List<WlanRadsecServer>
    External RadSec servers. Only if not Mist Edge.
    useMxedge Boolean
    Whether to use organization Mist Edge instances as RadSec proxies
    useSiteMxedge Boolean
    Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
    coaEnabled boolean
    Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
    enabled boolean
    Whether RadSec is enabled
    idleTimeout string
    Idle timeout, in seconds, for RadSec connections
    mxclusterIds string[]
    Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
    proxyHosts string[]
    RadSec proxy hostnames advertised to APs
    serverName string
    TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
    servers WlanRadsecServer[]
    External RadSec servers. Only if not Mist Edge.
    useMxedge boolean
    Whether to use organization Mist Edge instances as RadSec proxies
    useSiteMxedge boolean
    Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
    coa_enabled bool
    Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
    enabled bool
    Whether RadSec is enabled
    idle_timeout str
    Idle timeout, in seconds, for RadSec connections
    mxcluster_ids Sequence[str]
    Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
    proxy_hosts Sequence[str]
    RadSec proxy hostnames advertised to APs
    server_name str
    TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
    servers Sequence[WlanRadsecServer]
    External RadSec servers. Only if not Mist Edge.
    use_mxedge bool
    Whether to use organization Mist Edge instances as RadSec proxies
    use_site_mxedge bool
    Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
    coaEnabled Boolean
    Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
    enabled Boolean
    Whether RadSec is enabled
    idleTimeout String
    Idle timeout, in seconds, for RadSec connections
    mxclusterIds List<String>
    Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
    proxyHosts List<String>
    RadSec proxy hostnames advertised to APs
    serverName String
    TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
    servers List<Property Map>
    External RadSec servers. Only if not Mist Edge.
    useMxedge Boolean
    Whether to use organization Mist Edge instances as RadSec proxies
    useSiteMxedge Boolean
    Whether to use site Mist Edge instances when this WLAN does not use mxtunnel

    WlanRadsecServer, WlanRadsecServerArgs

    Host string
    Address or hostname of the RadSec server
    Port int
    TCP port used by the RadSec server
    Host string
    Address or hostname of the RadSec server
    Port int
    TCP port used by the RadSec server
    host string
    Address or hostname of the RadSec server
    port number
    TCP port used by the RadSec server
    host String
    Address or hostname of the RadSec server
    port Integer
    TCP port used by the RadSec server
    host string
    Address or hostname of the RadSec server
    port number
    TCP port used by the RadSec server
    host str
    Address or hostname of the RadSec server
    port int
    TCP port used by the RadSec server
    host String
    Address or hostname of the RadSec server
    port Number
    TCP port used by the RadSec server

    WlanRateset, WlanRatesetArgs

    Eht string
    If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
    He string
    If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
    Ht string
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
    Legacies List<string>
    if template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If template==custom is configured and legacy does not define at least one basic rate, it will use no-legacy default values. enum: 1, 11, 11b, 12, 12b, 18, 18b, 1b, 2, 24, 24b, 2b, 36, 36b, 48, 48b, 5.5, 5.5b, 54, 54b, 6, 6b, 9, 9b
    MinRssi int
    Minimum RSSI for client to connect, 0 means not enforcing
    Template string
    Data rate template used to derive WLAN rate settings
    Vht string
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
    Eht string
    If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
    He string
    If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
    Ht string
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
    Legacies []string
    if template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If template==custom is configured and legacy does not define at least one basic rate, it will use no-legacy default values. enum: 1, 11, 11b, 12, 12b, 18, 18b, 1b, 2, 24, 24b, 2b, 36, 36b, 48, 48b, 5.5, 5.5b, 54, 54b, 6, 6b, 9, 9b
    MinRssi int
    Minimum RSSI for client to connect, 0 means not enforcing
    Template string
    Data rate template used to derive WLAN rate settings
    Vht string
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
    eht string
    If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
    he string
    If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
    ht string
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
    legacies list(string)
    if template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If template==custom is configured and legacy does not define at least one basic rate, it will use no-legacy default values. enum: 1, 11, 11b, 12, 12b, 18, 18b, 1b, 2, 24, 24b, 2b, 36, 36b, 48, 48b, 5.5, 5.5b, 54, 54b, 6, 6b, 9, 9b
    min_rssi number
    Minimum RSSI for client to connect, 0 means not enforcing
    template string
    Data rate template used to derive WLAN rate settings
    vht string
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
    eht String
    If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
    he String
    If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
    ht String
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
    legacies List<String>
    if template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If template==custom is configured and legacy does not define at least one basic rate, it will use no-legacy default values. enum: 1, 11, 11b, 12, 12b, 18, 18b, 1b, 2, 24, 24b, 2b, 36, 36b, 48, 48b, 5.5, 5.5b, 54, 54b, 6, 6b, 9, 9b
    minRssi Integer
    Minimum RSSI for client to connect, 0 means not enforcing
    template String
    Data rate template used to derive WLAN rate settings
    vht String
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
    eht string
    If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
    he string
    If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
    ht string
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
    legacies string[]
    if template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If template==custom is configured and legacy does not define at least one basic rate, it will use no-legacy default values. enum: 1, 11, 11b, 12, 12b, 18, 18b, 1b, 2, 24, 24b, 2b, 36, 36b, 48, 48b, 5.5, 5.5b, 54, 54b, 6, 6b, 9, 9b
    minRssi number
    Minimum RSSI for client to connect, 0 means not enforcing
    template string
    Data rate template used to derive WLAN rate settings
    vht string
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
    eht str
    If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
    he str
    If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
    ht str
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
    legacies Sequence[str]
    if template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If template==custom is configured and legacy does not define at least one basic rate, it will use no-legacy default values. enum: 1, 11, 11b, 12, 12b, 18, 18b, 1b, 2, 24, 24b, 2b, 36, 36b, 48, 48b, 5.5, 5.5b, 54, 54b, 6, 6b, 9, 9b
    min_rssi int
    Minimum RSSI for client to connect, 0 means not enforcing
    template str
    Data rate template used to derive WLAN rate settings
    vht str
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
    eht String
    If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
    he String
    If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
    ht String
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
    legacies List<String>
    if template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If template==custom is configured and legacy does not define at least one basic rate, it will use no-legacy default values. enum: 1, 11, 11b, 12, 12b, 18, 18b, 1b, 2, 24, 24b, 2b, 36, 36b, 48, 48b, 5.5, 5.5b, 54, 54b, 6, 6b, 9, 9b
    minRssi Number
    Minimum RSSI for client to connect, 0 means not enforcing
    template String
    Data rate template used to derive WLAN rate settings
    vht String
    If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.

    WlanSchedule, WlanScheduleArgs

    Enabled bool
    Whether the WLAN operating schedule is enabled
    Hours Pulumi.JuniperMist.Org.Inputs.WlanScheduleHours
    Time ranges when the WLAN is scheduled to operate
    Enabled bool
    Whether the WLAN operating schedule is enabled
    Hours WlanScheduleHours
    Time ranges when the WLAN is scheduled to operate
    enabled bool
    Whether the WLAN operating schedule is enabled
    hours object
    Time ranges when the WLAN is scheduled to operate
    enabled Boolean
    Whether the WLAN operating schedule is enabled
    hours WlanScheduleHours
    Time ranges when the WLAN is scheduled to operate
    enabled boolean
    Whether the WLAN operating schedule is enabled
    hours WlanScheduleHours
    Time ranges when the WLAN is scheduled to operate
    enabled bool
    Whether the WLAN operating schedule is enabled
    hours WlanScheduleHours
    Time ranges when the WLAN is scheduled to operate
    enabled Boolean
    Whether the WLAN operating schedule is enabled
    hours Property Map
    Time ranges when the WLAN is scheduled to operate

    WlanScheduleHours, WlanScheduleHoursArgs

    Fri string
    Operating hour range for Friday
    Mon string
    Operating hour range for Monday
    Sat string
    Operating hour range for Saturday
    Sun string
    Operating hour range for Sunday
    Thu string
    Operating hour range for Thursday
    Tue string
    Operating hour range for Tuesday
    Wed string
    Operating hour range for Wednesday
    Fri string
    Operating hour range for Friday
    Mon string
    Operating hour range for Monday
    Sat string
    Operating hour range for Saturday
    Sun string
    Operating hour range for Sunday
    Thu string
    Operating hour range for Thursday
    Tue string
    Operating hour range for Tuesday
    Wed string
    Operating hour range for Wednesday
    fri string
    Operating hour range for Friday
    mon string
    Operating hour range for Monday
    sat string
    Operating hour range for Saturday
    sun string
    Operating hour range for Sunday
    thu string
    Operating hour range for Thursday
    tue string
    Operating hour range for Tuesday
    wed string
    Operating hour range for Wednesday
    fri String
    Operating hour range for Friday
    mon String
    Operating hour range for Monday
    sat String
    Operating hour range for Saturday
    sun String
    Operating hour range for Sunday
    thu String
    Operating hour range for Thursday
    tue String
    Operating hour range for Tuesday
    wed String
    Operating hour range for Wednesday
    fri string
    Operating hour range for Friday
    mon string
    Operating hour range for Monday
    sat string
    Operating hour range for Saturday
    sun string
    Operating hour range for Sunday
    thu string
    Operating hour range for Thursday
    tue string
    Operating hour range for Tuesday
    wed string
    Operating hour range for Wednesday
    fri str
    Operating hour range for Friday
    mon str
    Operating hour range for Monday
    sat str
    Operating hour range for Saturday
    sun str
    Operating hour range for Sunday
    thu str
    Operating hour range for Thursday
    tue str
    Operating hour range for Tuesday
    wed str
    Operating hour range for Wednesday
    fri String
    Operating hour range for Friday
    mon String
    Operating hour range for Monday
    sat String
    Operating hour range for Saturday
    sun String
    Operating hour range for Sunday
    thu String
    Operating hour range for Thursday
    tue String
    Operating hour range for Tuesday
    wed String
    Operating hour range for Wednesday

    Import

    Using pulumi import, import junipermist.org.Wlan with: Org WLAN can be imported by specifying the orgId and the wlanId

    $ pulumi import junipermist:org/wlan:Wlan wlan_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    junipermist pulumi/pulumi-junipermist
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the mist Terraform Provider.
    junipermist logo
    Viewing docs for Juniper Mist v0.11.1
    published on Friday, Jul 10, 2026 by Pulumi

      Try Pulumi Cloud free.
      Your team will thank you.

      Start free trial