Juniper Mist v0.6.3 published on Saturday, Sep 6, 2025 by Pulumi
junipermist.site.Wlan
This resource manages the Site Wlans. The WLAN object contains all the required configuration to broadcast an SSID (Authentication, VLAN, …)
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as junipermist from "@pulumi/juniper-mist";
const wlanOne = new junipermist.site.Wlan("wlan_one", {
ssid: "wlan_one",
siteId: terraformTest.id,
bands: [
"5",
"6",
],
vlanEnabled: true,
vlanId: "143",
wlanLimitUp: "10000",
wlanLimitDown: "20000",
clientLimitUp: "512",
clientLimitDown: "1000",
auth: {
type: "psk",
psk: "secretpsk",
},
"interface": "all",
});
import pulumi
import pulumi_juniper_mist as junipermist
wlan_one = junipermist.site.Wlan("wlan_one",
ssid="wlan_one",
site_id=terraform_test["id"],
bands=[
"5",
"6",
],
vlan_enabled=True,
vlan_id="143",
wlan_limit_up="10000",
wlan_limit_down="20000",
client_limit_up="512",
client_limit_down="1000",
auth={
"type": "psk",
"psk": "secretpsk",
},
interface="all")
package main
import (
"github.com/pulumi/pulumi-junipermist/sdk/go/junipermist/site"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := site.NewWlan(ctx, "wlan_one", &site.WlanArgs{
Ssid: pulumi.String("wlan_one"),
SiteId: pulumi.Any(terraformTest.Id),
Bands: pulumi.StringArray{
pulumi.String("5"),
pulumi.String("6"),
},
VlanEnabled: pulumi.Bool(true),
VlanId: pulumi.String("143"),
WlanLimitUp: pulumi.String("10000"),
WlanLimitDown: pulumi.String("20000"),
ClientLimitUp: pulumi.String("512"),
ClientLimitDown: pulumi.String("1000"),
Auth: &site.WlanAuthArgs{
Type: pulumi.String("psk"),
Psk: pulumi.String("secretpsk"),
},
Interface: pulumi.String("all"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using JuniperMist = Pulumi.JuniperMist;
return await Deployment.RunAsync(() =>
{
var wlanOne = new JuniperMist.Site.Wlan("wlan_one", new()
{
Ssid = "wlan_one",
SiteId = terraformTest.Id,
Bands = new[]
{
"5",
"6",
},
VlanEnabled = true,
VlanId = "143",
WlanLimitUp = "10000",
WlanLimitDown = "20000",
ClientLimitUp = "512",
ClientLimitDown = "1000",
Auth = new JuniperMist.Site.Inputs.WlanAuthArgs
{
Type = "psk",
Psk = "secretpsk",
},
Interface = "all",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.junipermist.site.Wlan;
import com.pulumi.junipermist.site.WlanArgs;
import com.pulumi.junipermist.site.inputs.WlanAuthArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var wlanOne = new Wlan("wlanOne", WlanArgs.builder()
.ssid("wlan_one")
.siteId(terraformTest.id())
.bands(
"5",
"6")
.vlanEnabled(true)
.vlanId("143")
.wlanLimitUp("10000")
.wlanLimitDown("20000")
.clientLimitUp("512")
.clientLimitDown("1000")
.auth(WlanAuthArgs.builder()
.type("psk")
.psk("secretpsk")
.build())
.interface_("all")
.build());
}
}
resources:
wlanOne:
type: junipermist:site:Wlan
name: wlan_one
properties:
ssid: wlan_one
siteId: ${terraformTest.id}
bands:
- '5'
- '6'
vlanEnabled: true
vlanId: 143
wlanLimitUp: 10000
wlanLimitDown: 20000
clientLimitUp: 512
clientLimitDown: 1000
auth:
type: psk
psk: secretpsk
interface: all
Create Wlan Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Wlan(name: string, args: WlanArgs, opts?: CustomResourceOptions);@overload
def Wlan(resource_name: str,
args: WlanArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Wlan(resource_name: str,
opts: Optional[ResourceOptions] = None,
site_id: Optional[str] = None,
ssid: Optional[str] = None,
acct_immediate_update: Optional[bool] = None,
acct_interim_interval: Optional[int] = None,
acct_servers: Optional[Sequence[WlanAcctServerArgs]] = None,
airwatch: Optional[WlanAirwatchArgs] = None,
allow_ipv6_ndp: Optional[bool] = None,
allow_mdns: Optional[bool] = None,
allow_ssdp: Optional[bool] = None,
ap_ids: Optional[Sequence[str]] = None,
app_limit: Optional[WlanAppLimitArgs] = None,
app_qos: Optional[WlanAppQosArgs] = None,
apply_to: Optional[str] = None,
arp_filter: Optional[bool] = None,
auth: Optional[WlanAuthArgs] = None,
auth_server_selection: Optional[str] = None,
auth_servers: Optional[Sequence[WlanAuthServerArgs]] = None,
auth_servers_nas_id: Optional[str] = None,
auth_servers_nas_ip: Optional[str] = None,
auth_servers_retries: Optional[int] = None,
auth_servers_timeout: Optional[int] = None,
band_steer: Optional[bool] = None,
band_steer_force_band5: Optional[bool] = None,
bands: Optional[Sequence[str]] = None,
block_blacklist_clients: Optional[bool] = None,
bonjour: Optional[WlanBonjourArgs] = None,
cisco_cwa: Optional[WlanCiscoCwaArgs] = None,
client_limit_down: Optional[str] = None,
client_limit_down_enabled: Optional[bool] = None,
client_limit_up: Optional[str] = None,
client_limit_up_enabled: Optional[bool] = None,
coa_servers: Optional[Sequence[WlanCoaServerArgs]] = None,
disable11ax: Optional[bool] = None,
disable11be: Optional[bool] = None,
disable_ht_vht_rates: Optional[bool] = None,
disable_uapsd: Optional[bool] = None,
disable_v1_roam_notify: Optional[bool] = None,
disable_v2_roam_notify: Optional[bool] = None,
disable_when_gateway_unreachable: Optional[bool] = None,
disable_when_mxtunnel_down: Optional[bool] = None,
disable_wmm: Optional[bool] = None,
dns_server_rewrite: Optional[WlanDnsServerRewriteArgs] = None,
dtim: Optional[int] = None,
dynamic_psk: Optional[WlanDynamicPskArgs] = None,
dynamic_vlan: Optional[WlanDynamicVlanArgs] = None,
enable_local_keycaching: Optional[bool] = None,
enable_wireless_bridging: Optional[bool] = None,
enable_wireless_bridging_dhcp_tracking: Optional[bool] = None,
enabled: Optional[bool] = None,
fast_dot1x_timers: Optional[bool] = None,
hide_ssid: Optional[bool] = None,
hostname_ie: Optional[bool] = None,
hotspot20: Optional[WlanHotspot20Args] = None,
inject_dhcp_option82: Optional[WlanInjectDhcpOption82Args] = None,
interface: Optional[str] = None,
isolation: Optional[bool] = None,
l2_isolation: Optional[bool] = None,
legacy_overds: Optional[bool] = None,
limit_bcast: Optional[bool] = None,
limit_probe_response: Optional[bool] = None,
max_idletime: Optional[int] = None,
max_num_clients: Optional[int] = None,
mist_nac: Optional[WlanMistNacArgs] = None,
mxtunnel_ids: Optional[Sequence[str]] = None,
mxtunnel_names: Optional[Sequence[str]] = None,
no_static_dns: Optional[bool] = None,
no_static_ip: Optional[bool] = None,
portal: Optional[WlanPortalArgs] = None,
portal_allowed_hostnames: Optional[Sequence[str]] = None,
portal_allowed_subnets: Optional[Sequence[str]] = None,
portal_denied_hostnames: Optional[Sequence[str]] = None,
qos: Optional[WlanQosArgs] = None,
radsec: Optional[WlanRadsecArgs] = None,
rateset: Optional[Mapping[str, WlanRatesetArgs]] = None,
reconnect_clients_when_roaming_mxcluster: Optional[bool] = None,
roam_mode: Optional[str] = None,
schedule: Optional[WlanScheduleArgs] = None,
sle_excluded: Optional[bool] = None,
use_eapol_v1: Optional[bool] = None,
vlan_enabled: Optional[bool] = None,
vlan_id: Optional[str] = None,
vlan_ids: Optional[Sequence[str]] = None,
vlan_pooling: Optional[bool] = None,
wlan_limit_down: Optional[str] = None,
wlan_limit_down_enabled: Optional[bool] = None,
wlan_limit_up: Optional[str] = None,
wlan_limit_up_enabled: Optional[bool] = None,
wxtag_ids: Optional[Sequence[str]] = None,
wxtunnel_id: Optional[str] = None,
wxtunnel_remote_id: Optional[str] = None)func NewWlan(ctx *Context, name string, args WlanArgs, opts ...ResourceOption) (*Wlan, error)public Wlan(string name, WlanArgs args, CustomResourceOptions? opts = null)type: junipermist:site:Wlan
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var junipermistWlanResource = new JuniperMist.Site.Wlan("junipermistWlanResource", new()
{
SiteId = "string",
Ssid = "string",
AcctImmediateUpdate = false,
AcctInterimInterval = 0,
AcctServers = new[]
{
new JuniperMist.Site.Inputs.WlanAcctServerArgs
{
Host = "string",
Secret = "string",
KeywrapEnabled = false,
KeywrapFormat = "string",
KeywrapKek = "string",
KeywrapMack = "string",
Port = "string",
},
},
Airwatch = new JuniperMist.Site.Inputs.WlanAirwatchArgs
{
ApiKey = "string",
ConsoleUrl = "string",
Enabled = false,
Password = "string",
Username = "string",
},
AllowIpv6Ndp = false,
AllowMdns = false,
AllowSsdp = false,
ApIds = new[]
{
"string",
},
AppLimit = new JuniperMist.Site.Inputs.WlanAppLimitArgs
{
Apps =
{
{ "string", 0 },
},
Enabled = false,
WxtagIds =
{
{ "string", 0 },
},
},
AppQos = new JuniperMist.Site.Inputs.WlanAppQosArgs
{
Apps =
{
{ "string", new JuniperMist.Site.Inputs.WlanAppQosAppsArgs
{
Dscp = "string",
DstSubnet = "string",
SrcSubnet = "string",
} },
},
Enabled = false,
Others = new[]
{
new JuniperMist.Site.Inputs.WlanAppQosOtherArgs
{
Dscp = "string",
DstSubnet = "string",
PortRanges = "string",
Protocol = "string",
SrcSubnet = "string",
},
},
},
ApplyTo = "string",
ArpFilter = false,
Auth = new JuniperMist.Site.Inputs.WlanAuthArgs
{
AnticlogThreshold = 0,
EapReauth = false,
EnableMacAuth = false,
KeyIdx = 0,
Keys = new[]
{
"string",
},
MultiPskOnly = false,
Owe = "string",
Pairwises = new[]
{
"string",
},
PrivateWlan = false,
Psk = "string",
Type = "string",
WepAsSecondaryAuth = false,
},
AuthServerSelection = "string",
AuthServers = new[]
{
new JuniperMist.Site.Inputs.WlanAuthServerArgs
{
Host = "string",
Secret = "string",
KeywrapEnabled = false,
KeywrapFormat = "string",
KeywrapKek = "string",
KeywrapMack = "string",
Port = "string",
RequireMessageAuthenticator = false,
},
},
AuthServersNasId = "string",
AuthServersNasIp = "string",
AuthServersRetries = 0,
AuthServersTimeout = 0,
BandSteer = false,
BandSteerForceBand5 = false,
Bands = new[]
{
"string",
},
BlockBlacklistClients = false,
Bonjour = new JuniperMist.Site.Inputs.WlanBonjourArgs
{
AdditionalVlanIds = new[]
{
"string",
},
Enabled = false,
Services =
{
{ "string", new JuniperMist.Site.Inputs.WlanBonjourServicesArgs
{
DisableLocal = false,
RadiusGroups = new[]
{
"string",
},
Scope = "string",
} },
},
},
CiscoCwa = new JuniperMist.Site.Inputs.WlanCiscoCwaArgs
{
AllowedHostnames = new[]
{
"string",
},
AllowedSubnets = new[]
{
"string",
},
BlockedSubnets = new[]
{
"string",
},
Enabled = false,
},
ClientLimitDown = "string",
ClientLimitDownEnabled = false,
ClientLimitUp = "string",
ClientLimitUpEnabled = false,
CoaServers = new[]
{
new JuniperMist.Site.Inputs.WlanCoaServerArgs
{
Ip = "string",
Secret = "string",
DisableEventTimestampCheck = false,
Enabled = false,
Port = "string",
},
},
Disable11ax = false,
Disable11be = false,
DisableHtVhtRates = false,
DisableUapsd = false,
DisableV1RoamNotify = false,
DisableV2RoamNotify = false,
DisableWhenGatewayUnreachable = false,
DisableWhenMxtunnelDown = false,
DisableWmm = false,
DnsServerRewrite = new JuniperMist.Site.Inputs.WlanDnsServerRewriteArgs
{
Enabled = false,
RadiusGroups =
{
{ "string", "string" },
},
},
Dtim = 0,
DynamicPsk = new JuniperMist.Site.Inputs.WlanDynamicPskArgs
{
DefaultPsk = "string",
DefaultVlanId = "string",
Enabled = false,
ForceLookup = false,
Source = "string",
},
DynamicVlan = new JuniperMist.Site.Inputs.WlanDynamicVlanArgs
{
DefaultVlanIds = new[]
{
"string",
},
Enabled = false,
LocalVlanIds = new[]
{
"string",
},
Type = "string",
Vlans =
{
{ "string", "string" },
},
},
EnableLocalKeycaching = false,
EnableWirelessBridging = false,
EnableWirelessBridgingDhcpTracking = false,
Enabled = false,
FastDot1xTimers = false,
HideSsid = false,
HostnameIe = false,
Hotspot20 = new JuniperMist.Site.Inputs.WlanHotspot20Args
{
DomainNames = new[]
{
"string",
},
Enabled = false,
NaiRealms = new[]
{
"string",
},
Operators = new[]
{
"string",
},
Rcois = new[]
{
"string",
},
VenueName = "string",
},
InjectDhcpOption82 = new JuniperMist.Site.Inputs.WlanInjectDhcpOption82Args
{
CircuitId = "string",
Enabled = false,
},
Interface = "string",
Isolation = false,
L2Isolation = false,
LegacyOverds = false,
LimitBcast = false,
LimitProbeResponse = false,
MaxIdletime = 0,
MaxNumClients = 0,
MistNac = new JuniperMist.Site.Inputs.WlanMistNacArgs
{
AcctInterimInterval = 0,
AuthServersRetries = 0,
AuthServersTimeout = 0,
CoaEnabled = false,
CoaPort = 0,
Enabled = false,
FastDot1xTimers = false,
Network = "string",
SourceIp = "string",
},
MxtunnelIds = new[]
{
"string",
},
MxtunnelNames = new[]
{
"string",
},
NoStaticDns = false,
NoStaticIp = false,
Portal = new JuniperMist.Site.Inputs.WlanPortalArgs
{
AllowWlanIdRoam = false,
AmazonClientId = "string",
AmazonClientSecret = "string",
AmazonEmailDomains = new[]
{
"string",
},
AmazonEnabled = false,
AmazonExpire = 0,
Auth = "string",
AzureClientId = "string",
AzureClientSecret = "string",
AzureEnabled = false,
AzureExpire = 0,
AzureTenantId = "string",
BroadnetPassword = "string",
BroadnetSid = "string",
BroadnetUserId = "string",
BypassWhenCloudDown = false,
ClickatellApiKey = "string",
CrossSite = false,
EmailEnabled = false,
Enabled = false,
Expire = 0,
ExternalPortalUrl = "string",
FacebookClientId = "string",
FacebookClientSecret = "string",
FacebookEmailDomains = new[]
{
"string",
},
FacebookEnabled = false,
FacebookExpire = 0,
Forward = false,
ForwardUrl = "string",
GoogleClientId = "string",
GoogleClientSecret = "string",
GoogleEmailDomains = new[]
{
"string",
},
GoogleEnabled = false,
GoogleExpire = 0,
GupshupPassword = "string",
GupshupUserid = "string",
MicrosoftClientId = "string",
MicrosoftClientSecret = "string",
MicrosoftEmailDomains = new[]
{
"string",
},
MicrosoftEnabled = false,
MicrosoftExpire = 0,
PassphraseEnabled = false,
PassphraseExpire = 0,
Password = "string",
PredefinedSponsorsEnabled = false,
PredefinedSponsorsHideEmail = false,
Privacy = false,
PuzzelPassword = "string",
PuzzelServiceId = "string",
PuzzelUsername = "string",
SmsEnabled = false,
SmsExpire = 0,
SmsMessageFormat = "string",
SmsProvider = "string",
SmsglobalApiKey = "string",
SmsglobalApiSecret = "string",
SponsorAutoApprove = false,
SponsorEmailDomains = new[]
{
"string",
},
SponsorEnabled = false,
SponsorExpire = 0,
SponsorLinkValidityDuration = "string",
SponsorNotifyAll = false,
SponsorStatusNotify = false,
Sponsors =
{
{ "string", "string" },
},
SsoDefaultRole = "string",
SsoForcedRole = "string",
SsoIdpCert = "string",
SsoIdpSignAlgo = "string",
SsoIdpSsoUrl = "string",
SsoIssuer = "string",
SsoNameidFormat = "string",
TelstraClientId = "string",
TelstraClientSecret = "string",
TwilioAuthToken = "string",
TwilioPhoneNumber = "string",
TwilioSid = "string",
},
PortalAllowedHostnames = new[]
{
"string",
},
PortalAllowedSubnets = new[]
{
"string",
},
PortalDeniedHostnames = new[]
{
"string",
},
Qos = new JuniperMist.Site.Inputs.WlanQosArgs
{
Class = "string",
Overwrite = false,
},
Radsec = new JuniperMist.Site.Inputs.WlanRadsecArgs
{
CoaEnabled = false,
Enabled = false,
IdleTimeout = "string",
MxclusterIds = new[]
{
"string",
},
ProxyHosts = new[]
{
"string",
},
ServerName = "string",
Servers = new[]
{
new JuniperMist.Site.Inputs.WlanRadsecServerArgs
{
Host = "string",
Port = 0,
},
},
UseMxedge = false,
UseSiteMxedge = false,
},
Rateset =
{
{ "string", new JuniperMist.Site.Inputs.WlanRatesetArgs
{
Eht = "string",
He = "string",
Ht = "string",
Legacies = new[]
{
"string",
},
MinRssi = 0,
Template = "string",
Vht = "string",
} },
},
ReconnectClientsWhenRoamingMxcluster = false,
RoamMode = "string",
Schedule = new JuniperMist.Site.Inputs.WlanScheduleArgs
{
Enabled = false,
Hours = new JuniperMist.Site.Inputs.WlanScheduleHoursArgs
{
Fri = "string",
Mon = "string",
Sat = "string",
Sun = "string",
Thu = "string",
Tue = "string",
Wed = "string",
},
},
SleExcluded = false,
UseEapolV1 = false,
VlanEnabled = false,
VlanId = "string",
VlanIds = new[]
{
"string",
},
VlanPooling = false,
WlanLimitDown = "string",
WlanLimitDownEnabled = false,
WlanLimitUp = "string",
WlanLimitUpEnabled = false,
WxtagIds = new[]
{
"string",
},
WxtunnelId = "string",
WxtunnelRemoteId = "string",
});
example, err := site.NewWlan(ctx, "junipermistWlanResource", &site.WlanArgs{
SiteId: pulumi.String("string"),
Ssid: pulumi.String("string"),
AcctImmediateUpdate: pulumi.Bool(false),
AcctInterimInterval: pulumi.Int(0),
AcctServers: site.WlanAcctServerArray{
&site.WlanAcctServerArgs{
Host: pulumi.String("string"),
Secret: pulumi.String("string"),
KeywrapEnabled: pulumi.Bool(false),
KeywrapFormat: pulumi.String("string"),
KeywrapKek: pulumi.String("string"),
KeywrapMack: pulumi.String("string"),
Port: pulumi.String("string"),
},
},
Airwatch: &site.WlanAirwatchArgs{
ApiKey: pulumi.String("string"),
ConsoleUrl: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Password: pulumi.String("string"),
Username: pulumi.String("string"),
},
AllowIpv6Ndp: pulumi.Bool(false),
AllowMdns: pulumi.Bool(false),
AllowSsdp: pulumi.Bool(false),
ApIds: pulumi.StringArray{
pulumi.String("string"),
},
AppLimit: &site.WlanAppLimitArgs{
Apps: pulumi.IntMap{
"string": pulumi.Int(0),
},
Enabled: pulumi.Bool(false),
WxtagIds: pulumi.IntMap{
"string": pulumi.Int(0),
},
},
AppQos: &site.WlanAppQosArgs{
Apps: site.WlanAppQosAppsMap{
"string": &site.WlanAppQosAppsArgs{
Dscp: pulumi.String("string"),
DstSubnet: pulumi.String("string"),
SrcSubnet: pulumi.String("string"),
},
},
Enabled: pulumi.Bool(false),
Others: site.WlanAppQosOtherArray{
&site.WlanAppQosOtherArgs{
Dscp: pulumi.String("string"),
DstSubnet: pulumi.String("string"),
PortRanges: pulumi.String("string"),
Protocol: pulumi.String("string"),
SrcSubnet: pulumi.String("string"),
},
},
},
ApplyTo: pulumi.String("string"),
ArpFilter: pulumi.Bool(false),
Auth: &site.WlanAuthArgs{
AnticlogThreshold: pulumi.Int(0),
EapReauth: pulumi.Bool(false),
EnableMacAuth: pulumi.Bool(false),
KeyIdx: pulumi.Int(0),
Keys: pulumi.StringArray{
pulumi.String("string"),
},
MultiPskOnly: pulumi.Bool(false),
Owe: pulumi.String("string"),
Pairwises: pulumi.StringArray{
pulumi.String("string"),
},
PrivateWlan: pulumi.Bool(false),
Psk: pulumi.String("string"),
Type: pulumi.String("string"),
WepAsSecondaryAuth: pulumi.Bool(false),
},
AuthServerSelection: pulumi.String("string"),
AuthServers: site.WlanAuthServerArray{
&site.WlanAuthServerArgs{
Host: pulumi.String("string"),
Secret: pulumi.String("string"),
KeywrapEnabled: pulumi.Bool(false),
KeywrapFormat: pulumi.String("string"),
KeywrapKek: pulumi.String("string"),
KeywrapMack: pulumi.String("string"),
Port: pulumi.String("string"),
RequireMessageAuthenticator: pulumi.Bool(false),
},
},
AuthServersNasId: pulumi.String("string"),
AuthServersNasIp: pulumi.String("string"),
AuthServersRetries: pulumi.Int(0),
AuthServersTimeout: pulumi.Int(0),
BandSteer: pulumi.Bool(false),
BandSteerForceBand5: pulumi.Bool(false),
Bands: pulumi.StringArray{
pulumi.String("string"),
},
BlockBlacklistClients: pulumi.Bool(false),
Bonjour: &site.WlanBonjourArgs{
AdditionalVlanIds: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
Services: site.WlanBonjourServicesMap{
"string": &site.WlanBonjourServicesArgs{
DisableLocal: pulumi.Bool(false),
RadiusGroups: pulumi.StringArray{
pulumi.String("string"),
},
Scope: pulumi.String("string"),
},
},
},
CiscoCwa: &site.WlanCiscoCwaArgs{
AllowedHostnames: pulumi.StringArray{
pulumi.String("string"),
},
AllowedSubnets: pulumi.StringArray{
pulumi.String("string"),
},
BlockedSubnets: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
},
ClientLimitDown: pulumi.String("string"),
ClientLimitDownEnabled: pulumi.Bool(false),
ClientLimitUp: pulumi.String("string"),
ClientLimitUpEnabled: pulumi.Bool(false),
CoaServers: site.WlanCoaServerArray{
&site.WlanCoaServerArgs{
Ip: pulumi.String("string"),
Secret: pulumi.String("string"),
DisableEventTimestampCheck: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Port: pulumi.String("string"),
},
},
Disable11ax: pulumi.Bool(false),
Disable11be: pulumi.Bool(false),
DisableHtVhtRates: pulumi.Bool(false),
DisableUapsd: pulumi.Bool(false),
DisableV1RoamNotify: pulumi.Bool(false),
DisableV2RoamNotify: pulumi.Bool(false),
DisableWhenGatewayUnreachable: pulumi.Bool(false),
DisableWhenMxtunnelDown: pulumi.Bool(false),
DisableWmm: pulumi.Bool(false),
DnsServerRewrite: &site.WlanDnsServerRewriteArgs{
Enabled: pulumi.Bool(false),
RadiusGroups: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
Dtim: pulumi.Int(0),
DynamicPsk: &site.WlanDynamicPskArgs{
DefaultPsk: pulumi.String("string"),
DefaultVlanId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
ForceLookup: pulumi.Bool(false),
Source: pulumi.String("string"),
},
DynamicVlan: &site.WlanDynamicVlanArgs{
DefaultVlanIds: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
LocalVlanIds: pulumi.StringArray{
pulumi.String("string"),
},
Type: pulumi.String("string"),
Vlans: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
EnableLocalKeycaching: pulumi.Bool(false),
EnableWirelessBridging: pulumi.Bool(false),
EnableWirelessBridgingDhcpTracking: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
FastDot1xTimers: pulumi.Bool(false),
HideSsid: pulumi.Bool(false),
HostnameIe: pulumi.Bool(false),
Hotspot20: &site.WlanHotspot20Args{
DomainNames: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
NaiRealms: pulumi.StringArray{
pulumi.String("string"),
},
Operators: pulumi.StringArray{
pulumi.String("string"),
},
Rcois: pulumi.StringArray{
pulumi.String("string"),
},
VenueName: pulumi.String("string"),
},
InjectDhcpOption82: &site.WlanInjectDhcpOption82Args{
CircuitId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
Interface: pulumi.String("string"),
Isolation: pulumi.Bool(false),
L2Isolation: pulumi.Bool(false),
LegacyOverds: pulumi.Bool(false),
LimitBcast: pulumi.Bool(false),
LimitProbeResponse: pulumi.Bool(false),
MaxIdletime: pulumi.Int(0),
MaxNumClients: pulumi.Int(0),
MistNac: &site.WlanMistNacArgs{
AcctInterimInterval: pulumi.Int(0),
AuthServersRetries: pulumi.Int(0),
AuthServersTimeout: pulumi.Int(0),
CoaEnabled: pulumi.Bool(false),
CoaPort: pulumi.Int(0),
Enabled: pulumi.Bool(false),
FastDot1xTimers: pulumi.Bool(false),
Network: pulumi.String("string"),
SourceIp: pulumi.String("string"),
},
MxtunnelIds: pulumi.StringArray{
pulumi.String("string"),
},
MxtunnelNames: pulumi.StringArray{
pulumi.String("string"),
},
NoStaticDns: pulumi.Bool(false),
NoStaticIp: pulumi.Bool(false),
Portal: &site.WlanPortalArgs{
AllowWlanIdRoam: pulumi.Bool(false),
AmazonClientId: pulumi.String("string"),
AmazonClientSecret: pulumi.String("string"),
AmazonEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
AmazonEnabled: pulumi.Bool(false),
AmazonExpire: pulumi.Int(0),
Auth: pulumi.String("string"),
AzureClientId: pulumi.String("string"),
AzureClientSecret: pulumi.String("string"),
AzureEnabled: pulumi.Bool(false),
AzureExpire: pulumi.Int(0),
AzureTenantId: pulumi.String("string"),
BroadnetPassword: pulumi.String("string"),
BroadnetSid: pulumi.String("string"),
BroadnetUserId: pulumi.String("string"),
BypassWhenCloudDown: pulumi.Bool(false),
ClickatellApiKey: pulumi.String("string"),
CrossSite: pulumi.Bool(false),
EmailEnabled: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Expire: pulumi.Int(0),
ExternalPortalUrl: pulumi.String("string"),
FacebookClientId: pulumi.String("string"),
FacebookClientSecret: pulumi.String("string"),
FacebookEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
FacebookEnabled: pulumi.Bool(false),
FacebookExpire: pulumi.Int(0),
Forward: pulumi.Bool(false),
ForwardUrl: pulumi.String("string"),
GoogleClientId: pulumi.String("string"),
GoogleClientSecret: pulumi.String("string"),
GoogleEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
GoogleEnabled: pulumi.Bool(false),
GoogleExpire: pulumi.Int(0),
GupshupPassword: pulumi.String("string"),
GupshupUserid: pulumi.String("string"),
MicrosoftClientId: pulumi.String("string"),
MicrosoftClientSecret: pulumi.String("string"),
MicrosoftEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
MicrosoftEnabled: pulumi.Bool(false),
MicrosoftExpire: pulumi.Int(0),
PassphraseEnabled: pulumi.Bool(false),
PassphraseExpire: pulumi.Int(0),
Password: pulumi.String("string"),
PredefinedSponsorsEnabled: pulumi.Bool(false),
PredefinedSponsorsHideEmail: pulumi.Bool(false),
Privacy: pulumi.Bool(false),
PuzzelPassword: pulumi.String("string"),
PuzzelServiceId: pulumi.String("string"),
PuzzelUsername: pulumi.String("string"),
SmsEnabled: pulumi.Bool(false),
SmsExpire: pulumi.Int(0),
SmsMessageFormat: pulumi.String("string"),
SmsProvider: pulumi.String("string"),
SmsglobalApiKey: pulumi.String("string"),
SmsglobalApiSecret: pulumi.String("string"),
SponsorAutoApprove: pulumi.Bool(false),
SponsorEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
SponsorEnabled: pulumi.Bool(false),
SponsorExpire: pulumi.Int(0),
SponsorLinkValidityDuration: pulumi.String("string"),
SponsorNotifyAll: pulumi.Bool(false),
SponsorStatusNotify: pulumi.Bool(false),
Sponsors: pulumi.StringMap{
"string": pulumi.String("string"),
},
SsoDefaultRole: pulumi.String("string"),
SsoForcedRole: pulumi.String("string"),
SsoIdpCert: pulumi.String("string"),
SsoIdpSignAlgo: pulumi.String("string"),
SsoIdpSsoUrl: pulumi.String("string"),
SsoIssuer: pulumi.String("string"),
SsoNameidFormat: pulumi.String("string"),
TelstraClientId: pulumi.String("string"),
TelstraClientSecret: pulumi.String("string"),
TwilioAuthToken: pulumi.String("string"),
TwilioPhoneNumber: pulumi.String("string"),
TwilioSid: pulumi.String("string"),
},
PortalAllowedHostnames: pulumi.StringArray{
pulumi.String("string"),
},
PortalAllowedSubnets: pulumi.StringArray{
pulumi.String("string"),
},
PortalDeniedHostnames: pulumi.StringArray{
pulumi.String("string"),
},
Qos: &site.WlanQosArgs{
Class: pulumi.String("string"),
Overwrite: pulumi.Bool(false),
},
Radsec: &site.WlanRadsecArgs{
CoaEnabled: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
IdleTimeout: pulumi.String("string"),
MxclusterIds: pulumi.StringArray{
pulumi.String("string"),
},
ProxyHosts: pulumi.StringArray{
pulumi.String("string"),
},
ServerName: pulumi.String("string"),
Servers: site.WlanRadsecServerArray{
&site.WlanRadsecServerArgs{
Host: pulumi.String("string"),
Port: pulumi.Int(0),
},
},
UseMxedge: pulumi.Bool(false),
UseSiteMxedge: pulumi.Bool(false),
},
Rateset: site.WlanRatesetMap{
"string": &site.WlanRatesetArgs{
Eht: pulumi.String("string"),
He: pulumi.String("string"),
Ht: pulumi.String("string"),
Legacies: pulumi.StringArray{
pulumi.String("string"),
},
MinRssi: pulumi.Int(0),
Template: pulumi.String("string"),
Vht: pulumi.String("string"),
},
},
ReconnectClientsWhenRoamingMxcluster: pulumi.Bool(false),
RoamMode: pulumi.String("string"),
Schedule: &site.WlanScheduleArgs{
Enabled: pulumi.Bool(false),
Hours: &site.WlanScheduleHoursArgs{
Fri: pulumi.String("string"),
Mon: pulumi.String("string"),
Sat: pulumi.String("string"),
Sun: pulumi.String("string"),
Thu: pulumi.String("string"),
Tue: pulumi.String("string"),
Wed: pulumi.String("string"),
},
},
SleExcluded: pulumi.Bool(false),
UseEapolV1: pulumi.Bool(false),
VlanEnabled: pulumi.Bool(false),
VlanId: pulumi.String("string"),
VlanIds: pulumi.StringArray{
pulumi.String("string"),
},
VlanPooling: pulumi.Bool(false),
WlanLimitDown: pulumi.String("string"),
WlanLimitDownEnabled: pulumi.Bool(false),
WlanLimitUp: pulumi.String("string"),
WlanLimitUpEnabled: pulumi.Bool(false),
WxtagIds: pulumi.StringArray{
pulumi.String("string"),
},
WxtunnelId: pulumi.String("string"),
WxtunnelRemoteId: pulumi.String("string"),
})
var junipermistWlanResource = new com.pulumi.junipermist.site.Wlan("junipermistWlanResource", com.pulumi.junipermist.site.WlanArgs.builder()
.siteId("string")
.ssid("string")
.acctImmediateUpdate(false)
.acctInterimInterval(0)
.acctServers(WlanAcctServerArgs.builder()
.host("string")
.secret("string")
.keywrapEnabled(false)
.keywrapFormat("string")
.keywrapKek("string")
.keywrapMack("string")
.port("string")
.build())
.airwatch(WlanAirwatchArgs.builder()
.apiKey("string")
.consoleUrl("string")
.enabled(false)
.password("string")
.username("string")
.build())
.allowIpv6Ndp(false)
.allowMdns(false)
.allowSsdp(false)
.apIds("string")
.appLimit(WlanAppLimitArgs.builder()
.apps(Map.of("string", 0))
.enabled(false)
.wxtagIds(Map.of("string", 0))
.build())
.appQos(WlanAppQosArgs.builder()
.apps(Map.of("string", WlanAppQosAppsArgs.builder()
.dscp("string")
.dstSubnet("string")
.srcSubnet("string")
.build()))
.enabled(false)
.others(WlanAppQosOtherArgs.builder()
.dscp("string")
.dstSubnet("string")
.portRanges("string")
.protocol("string")
.srcSubnet("string")
.build())
.build())
.applyTo("string")
.arpFilter(false)
.auth(WlanAuthArgs.builder()
.anticlogThreshold(0)
.eapReauth(false)
.enableMacAuth(false)
.keyIdx(0)
.keys("string")
.multiPskOnly(false)
.owe("string")
.pairwises("string")
.privateWlan(false)
.psk("string")
.type("string")
.wepAsSecondaryAuth(false)
.build())
.authServerSelection("string")
.authServers(WlanAuthServerArgs.builder()
.host("string")
.secret("string")
.keywrapEnabled(false)
.keywrapFormat("string")
.keywrapKek("string")
.keywrapMack("string")
.port("string")
.requireMessageAuthenticator(false)
.build())
.authServersNasId("string")
.authServersNasIp("string")
.authServersRetries(0)
.authServersTimeout(0)
.bandSteer(false)
.bandSteerForceBand5(false)
.bands("string")
.blockBlacklistClients(false)
.bonjour(WlanBonjourArgs.builder()
.additionalVlanIds("string")
.enabled(false)
.services(Map.of("string", WlanBonjourServicesArgs.builder()
.disableLocal(false)
.radiusGroups("string")
.scope("string")
.build()))
.build())
.ciscoCwa(WlanCiscoCwaArgs.builder()
.allowedHostnames("string")
.allowedSubnets("string")
.blockedSubnets("string")
.enabled(false)
.build())
.clientLimitDown("string")
.clientLimitDownEnabled(false)
.clientLimitUp("string")
.clientLimitUpEnabled(false)
.coaServers(WlanCoaServerArgs.builder()
.ip("string")
.secret("string")
.disableEventTimestampCheck(false)
.enabled(false)
.port("string")
.build())
.disable11ax(false)
.disable11be(false)
.disableHtVhtRates(false)
.disableUapsd(false)
.disableV1RoamNotify(false)
.disableV2RoamNotify(false)
.disableWhenGatewayUnreachable(false)
.disableWhenMxtunnelDown(false)
.disableWmm(false)
.dnsServerRewrite(WlanDnsServerRewriteArgs.builder()
.enabled(false)
.radiusGroups(Map.of("string", "string"))
.build())
.dtim(0)
.dynamicPsk(WlanDynamicPskArgs.builder()
.defaultPsk("string")
.defaultVlanId("string")
.enabled(false)
.forceLookup(false)
.source("string")
.build())
.dynamicVlan(WlanDynamicVlanArgs.builder()
.defaultVlanIds("string")
.enabled(false)
.localVlanIds("string")
.type("string")
.vlans(Map.of("string", "string"))
.build())
.enableLocalKeycaching(false)
.enableWirelessBridging(false)
.enableWirelessBridgingDhcpTracking(false)
.enabled(false)
.fastDot1xTimers(false)
.hideSsid(false)
.hostnameIe(false)
.hotspot20(WlanHotspot20Args.builder()
.domainNames("string")
.enabled(false)
.naiRealms("string")
.operators("string")
.rcois("string")
.venueName("string")
.build())
.injectDhcpOption82(WlanInjectDhcpOption82Args.builder()
.circuitId("string")
.enabled(false)
.build())
.interface_("string")
.isolation(false)
.l2Isolation(false)
.legacyOverds(false)
.limitBcast(false)
.limitProbeResponse(false)
.maxIdletime(0)
.maxNumClients(0)
.mistNac(WlanMistNacArgs.builder()
.acctInterimInterval(0)
.authServersRetries(0)
.authServersTimeout(0)
.coaEnabled(false)
.coaPort(0)
.enabled(false)
.fastDot1xTimers(false)
.network("string")
.sourceIp("string")
.build())
.mxtunnelIds("string")
.mxtunnelNames("string")
.noStaticDns(false)
.noStaticIp(false)
.portal(WlanPortalArgs.builder()
.allowWlanIdRoam(false)
.amazonClientId("string")
.amazonClientSecret("string")
.amazonEmailDomains("string")
.amazonEnabled(false)
.amazonExpire(0)
.auth("string")
.azureClientId("string")
.azureClientSecret("string")
.azureEnabled(false)
.azureExpire(0)
.azureTenantId("string")
.broadnetPassword("string")
.broadnetSid("string")
.broadnetUserId("string")
.bypassWhenCloudDown(false)
.clickatellApiKey("string")
.crossSite(false)
.emailEnabled(false)
.enabled(false)
.expire(0)
.externalPortalUrl("string")
.facebookClientId("string")
.facebookClientSecret("string")
.facebookEmailDomains("string")
.facebookEnabled(false)
.facebookExpire(0)
.forward(false)
.forwardUrl("string")
.googleClientId("string")
.googleClientSecret("string")
.googleEmailDomains("string")
.googleEnabled(false)
.googleExpire(0)
.gupshupPassword("string")
.gupshupUserid("string")
.microsoftClientId("string")
.microsoftClientSecret("string")
.microsoftEmailDomains("string")
.microsoftEnabled(false)
.microsoftExpire(0)
.passphraseEnabled(false)
.passphraseExpire(0)
.password("string")
.predefinedSponsorsEnabled(false)
.predefinedSponsorsHideEmail(false)
.privacy(false)
.puzzelPassword("string")
.puzzelServiceId("string")
.puzzelUsername("string")
.smsEnabled(false)
.smsExpire(0)
.smsMessageFormat("string")
.smsProvider("string")
.smsglobalApiKey("string")
.smsglobalApiSecret("string")
.sponsorAutoApprove(false)
.sponsorEmailDomains("string")
.sponsorEnabled(false)
.sponsorExpire(0)
.sponsorLinkValidityDuration("string")
.sponsorNotifyAll(false)
.sponsorStatusNotify(false)
.sponsors(Map.of("string", "string"))
.ssoDefaultRole("string")
.ssoForcedRole("string")
.ssoIdpCert("string")
.ssoIdpSignAlgo("string")
.ssoIdpSsoUrl("string")
.ssoIssuer("string")
.ssoNameidFormat("string")
.telstraClientId("string")
.telstraClientSecret("string")
.twilioAuthToken("string")
.twilioPhoneNumber("string")
.twilioSid("string")
.build())
.portalAllowedHostnames("string")
.portalAllowedSubnets("string")
.portalDeniedHostnames("string")
.qos(WlanQosArgs.builder()
.class_("string")
.overwrite(false)
.build())
.radsec(WlanRadsecArgs.builder()
.coaEnabled(false)
.enabled(false)
.idleTimeout("string")
.mxclusterIds("string")
.proxyHosts("string")
.serverName("string")
.servers(WlanRadsecServerArgs.builder()
.host("string")
.port(0)
.build())
.useMxedge(false)
.useSiteMxedge(false)
.build())
.rateset(Map.of("string", WlanRatesetArgs.builder()
.eht("string")
.he("string")
.ht("string")
.legacies("string")
.minRssi(0)
.template("string")
.vht("string")
.build()))
.reconnectClientsWhenRoamingMxcluster(false)
.roamMode("string")
.schedule(WlanScheduleArgs.builder()
.enabled(false)
.hours(WlanScheduleHoursArgs.builder()
.fri("string")
.mon("string")
.sat("string")
.sun("string")
.thu("string")
.tue("string")
.wed("string")
.build())
.build())
.sleExcluded(false)
.useEapolV1(false)
.vlanEnabled(false)
.vlanId("string")
.vlanIds("string")
.vlanPooling(false)
.wlanLimitDown("string")
.wlanLimitDownEnabled(false)
.wlanLimitUp("string")
.wlanLimitUpEnabled(false)
.wxtagIds("string")
.wxtunnelId("string")
.wxtunnelRemoteId("string")
.build());
junipermist_wlan_resource = junipermist.site.Wlan("junipermistWlanResource",
site_id="string",
ssid="string",
acct_immediate_update=False,
acct_interim_interval=0,
acct_servers=[{
"host": "string",
"secret": "string",
"keywrap_enabled": False,
"keywrap_format": "string",
"keywrap_kek": "string",
"keywrap_mack": "string",
"port": "string",
}],
airwatch={
"api_key": "string",
"console_url": "string",
"enabled": False,
"password": "string",
"username": "string",
},
allow_ipv6_ndp=False,
allow_mdns=False,
allow_ssdp=False,
ap_ids=["string"],
app_limit={
"apps": {
"string": 0,
},
"enabled": False,
"wxtag_ids": {
"string": 0,
},
},
app_qos={
"apps": {
"string": {
"dscp": "string",
"dst_subnet": "string",
"src_subnet": "string",
},
},
"enabled": False,
"others": [{
"dscp": "string",
"dst_subnet": "string",
"port_ranges": "string",
"protocol": "string",
"src_subnet": "string",
}],
},
apply_to="string",
arp_filter=False,
auth={
"anticlog_threshold": 0,
"eap_reauth": False,
"enable_mac_auth": False,
"key_idx": 0,
"keys": ["string"],
"multi_psk_only": False,
"owe": "string",
"pairwises": ["string"],
"private_wlan": False,
"psk": "string",
"type": "string",
"wep_as_secondary_auth": False,
},
auth_server_selection="string",
auth_servers=[{
"host": "string",
"secret": "string",
"keywrap_enabled": False,
"keywrap_format": "string",
"keywrap_kek": "string",
"keywrap_mack": "string",
"port": "string",
"require_message_authenticator": False,
}],
auth_servers_nas_id="string",
auth_servers_nas_ip="string",
auth_servers_retries=0,
auth_servers_timeout=0,
band_steer=False,
band_steer_force_band5=False,
bands=["string"],
block_blacklist_clients=False,
bonjour={
"additional_vlan_ids": ["string"],
"enabled": False,
"services": {
"string": {
"disable_local": False,
"radius_groups": ["string"],
"scope": "string",
},
},
},
cisco_cwa={
"allowed_hostnames": ["string"],
"allowed_subnets": ["string"],
"blocked_subnets": ["string"],
"enabled": False,
},
client_limit_down="string",
client_limit_down_enabled=False,
client_limit_up="string",
client_limit_up_enabled=False,
coa_servers=[{
"ip": "string",
"secret": "string",
"disable_event_timestamp_check": False,
"enabled": False,
"port": "string",
}],
disable11ax=False,
disable11be=False,
disable_ht_vht_rates=False,
disable_uapsd=False,
disable_v1_roam_notify=False,
disable_v2_roam_notify=False,
disable_when_gateway_unreachable=False,
disable_when_mxtunnel_down=False,
disable_wmm=False,
dns_server_rewrite={
"enabled": False,
"radius_groups": {
"string": "string",
},
},
dtim=0,
dynamic_psk={
"default_psk": "string",
"default_vlan_id": "string",
"enabled": False,
"force_lookup": False,
"source": "string",
},
dynamic_vlan={
"default_vlan_ids": ["string"],
"enabled": False,
"local_vlan_ids": ["string"],
"type": "string",
"vlans": {
"string": "string",
},
},
enable_local_keycaching=False,
enable_wireless_bridging=False,
enable_wireless_bridging_dhcp_tracking=False,
enabled=False,
fast_dot1x_timers=False,
hide_ssid=False,
hostname_ie=False,
hotspot20={
"domain_names": ["string"],
"enabled": False,
"nai_realms": ["string"],
"operators": ["string"],
"rcois": ["string"],
"venue_name": "string",
},
inject_dhcp_option82={
"circuit_id": "string",
"enabled": False,
},
interface="string",
isolation=False,
l2_isolation=False,
legacy_overds=False,
limit_bcast=False,
limit_probe_response=False,
max_idletime=0,
max_num_clients=0,
mist_nac={
"acct_interim_interval": 0,
"auth_servers_retries": 0,
"auth_servers_timeout": 0,
"coa_enabled": False,
"coa_port": 0,
"enabled": False,
"fast_dot1x_timers": False,
"network": "string",
"source_ip": "string",
},
mxtunnel_ids=["string"],
mxtunnel_names=["string"],
no_static_dns=False,
no_static_ip=False,
portal={
"allow_wlan_id_roam": False,
"amazon_client_id": "string",
"amazon_client_secret": "string",
"amazon_email_domains": ["string"],
"amazon_enabled": False,
"amazon_expire": 0,
"auth": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"azure_enabled": False,
"azure_expire": 0,
"azure_tenant_id": "string",
"broadnet_password": "string",
"broadnet_sid": "string",
"broadnet_user_id": "string",
"bypass_when_cloud_down": False,
"clickatell_api_key": "string",
"cross_site": False,
"email_enabled": False,
"enabled": False,
"expire": 0,
"external_portal_url": "string",
"facebook_client_id": "string",
"facebook_client_secret": "string",
"facebook_email_domains": ["string"],
"facebook_enabled": False,
"facebook_expire": 0,
"forward": False,
"forward_url": "string",
"google_client_id": "string",
"google_client_secret": "string",
"google_email_domains": ["string"],
"google_enabled": False,
"google_expire": 0,
"gupshup_password": "string",
"gupshup_userid": "string",
"microsoft_client_id": "string",
"microsoft_client_secret": "string",
"microsoft_email_domains": ["string"],
"microsoft_enabled": False,
"microsoft_expire": 0,
"passphrase_enabled": False,
"passphrase_expire": 0,
"password": "string",
"predefined_sponsors_enabled": False,
"predefined_sponsors_hide_email": False,
"privacy": False,
"puzzel_password": "string",
"puzzel_service_id": "string",
"puzzel_username": "string",
"sms_enabled": False,
"sms_expire": 0,
"sms_message_format": "string",
"sms_provider": "string",
"smsglobal_api_key": "string",
"smsglobal_api_secret": "string",
"sponsor_auto_approve": False,
"sponsor_email_domains": ["string"],
"sponsor_enabled": False,
"sponsor_expire": 0,
"sponsor_link_validity_duration": "string",
"sponsor_notify_all": False,
"sponsor_status_notify": False,
"sponsors": {
"string": "string",
},
"sso_default_role": "string",
"sso_forced_role": "string",
"sso_idp_cert": "string",
"sso_idp_sign_algo": "string",
"sso_idp_sso_url": "string",
"sso_issuer": "string",
"sso_nameid_format": "string",
"telstra_client_id": "string",
"telstra_client_secret": "string",
"twilio_auth_token": "string",
"twilio_phone_number": "string",
"twilio_sid": "string",
},
portal_allowed_hostnames=["string"],
portal_allowed_subnets=["string"],
portal_denied_hostnames=["string"],
qos={
"class_": "string",
"overwrite": False,
},
radsec={
"coa_enabled": False,
"enabled": False,
"idle_timeout": "string",
"mxcluster_ids": ["string"],
"proxy_hosts": ["string"],
"server_name": "string",
"servers": [{
"host": "string",
"port": 0,
}],
"use_mxedge": False,
"use_site_mxedge": False,
},
rateset={
"string": {
"eht": "string",
"he": "string",
"ht": "string",
"legacies": ["string"],
"min_rssi": 0,
"template": "string",
"vht": "string",
},
},
reconnect_clients_when_roaming_mxcluster=False,
roam_mode="string",
schedule={
"enabled": False,
"hours": {
"fri": "string",
"mon": "string",
"sat": "string",
"sun": "string",
"thu": "string",
"tue": "string",
"wed": "string",
},
},
sle_excluded=False,
use_eapol_v1=False,
vlan_enabled=False,
vlan_id="string",
vlan_ids=["string"],
vlan_pooling=False,
wlan_limit_down="string",
wlan_limit_down_enabled=False,
wlan_limit_up="string",
wlan_limit_up_enabled=False,
wxtag_ids=["string"],
wxtunnel_id="string",
wxtunnel_remote_id="string")
const junipermistWlanResource = new junipermist.site.Wlan("junipermistWlanResource", {
siteId: "string",
ssid: "string",
acctImmediateUpdate: false,
acctInterimInterval: 0,
acctServers: [{
host: "string",
secret: "string",
keywrapEnabled: false,
keywrapFormat: "string",
keywrapKek: "string",
keywrapMack: "string",
port: "string",
}],
airwatch: {
apiKey: "string",
consoleUrl: "string",
enabled: false,
password: "string",
username: "string",
},
allowIpv6Ndp: false,
allowMdns: false,
allowSsdp: false,
apIds: ["string"],
appLimit: {
apps: {
string: 0,
},
enabled: false,
wxtagIds: {
string: 0,
},
},
appQos: {
apps: {
string: {
dscp: "string",
dstSubnet: "string",
srcSubnet: "string",
},
},
enabled: false,
others: [{
dscp: "string",
dstSubnet: "string",
portRanges: "string",
protocol: "string",
srcSubnet: "string",
}],
},
applyTo: "string",
arpFilter: false,
auth: {
anticlogThreshold: 0,
eapReauth: false,
enableMacAuth: false,
keyIdx: 0,
keys: ["string"],
multiPskOnly: false,
owe: "string",
pairwises: ["string"],
privateWlan: false,
psk: "string",
type: "string",
wepAsSecondaryAuth: false,
},
authServerSelection: "string",
authServers: [{
host: "string",
secret: "string",
keywrapEnabled: false,
keywrapFormat: "string",
keywrapKek: "string",
keywrapMack: "string",
port: "string",
requireMessageAuthenticator: false,
}],
authServersNasId: "string",
authServersNasIp: "string",
authServersRetries: 0,
authServersTimeout: 0,
bandSteer: false,
bandSteerForceBand5: false,
bands: ["string"],
blockBlacklistClients: false,
bonjour: {
additionalVlanIds: ["string"],
enabled: false,
services: {
string: {
disableLocal: false,
radiusGroups: ["string"],
scope: "string",
},
},
},
ciscoCwa: {
allowedHostnames: ["string"],
allowedSubnets: ["string"],
blockedSubnets: ["string"],
enabled: false,
},
clientLimitDown: "string",
clientLimitDownEnabled: false,
clientLimitUp: "string",
clientLimitUpEnabled: false,
coaServers: [{
ip: "string",
secret: "string",
disableEventTimestampCheck: false,
enabled: false,
port: "string",
}],
disable11ax: false,
disable11be: false,
disableHtVhtRates: false,
disableUapsd: false,
disableV1RoamNotify: false,
disableV2RoamNotify: false,
disableWhenGatewayUnreachable: false,
disableWhenMxtunnelDown: false,
disableWmm: false,
dnsServerRewrite: {
enabled: false,
radiusGroups: {
string: "string",
},
},
dtim: 0,
dynamicPsk: {
defaultPsk: "string",
defaultVlanId: "string",
enabled: false,
forceLookup: false,
source: "string",
},
dynamicVlan: {
defaultVlanIds: ["string"],
enabled: false,
localVlanIds: ["string"],
type: "string",
vlans: {
string: "string",
},
},
enableLocalKeycaching: false,
enableWirelessBridging: false,
enableWirelessBridgingDhcpTracking: false,
enabled: false,
fastDot1xTimers: false,
hideSsid: false,
hostnameIe: false,
hotspot20: {
domainNames: ["string"],
enabled: false,
naiRealms: ["string"],
operators: ["string"],
rcois: ["string"],
venueName: "string",
},
injectDhcpOption82: {
circuitId: "string",
enabled: false,
},
"interface": "string",
isolation: false,
l2Isolation: false,
legacyOverds: false,
limitBcast: false,
limitProbeResponse: false,
maxIdletime: 0,
maxNumClients: 0,
mistNac: {
acctInterimInterval: 0,
authServersRetries: 0,
authServersTimeout: 0,
coaEnabled: false,
coaPort: 0,
enabled: false,
fastDot1xTimers: false,
network: "string",
sourceIp: "string",
},
mxtunnelIds: ["string"],
mxtunnelNames: ["string"],
noStaticDns: false,
noStaticIp: false,
portal: {
allowWlanIdRoam: false,
amazonClientId: "string",
amazonClientSecret: "string",
amazonEmailDomains: ["string"],
amazonEnabled: false,
amazonExpire: 0,
auth: "string",
azureClientId: "string",
azureClientSecret: "string",
azureEnabled: false,
azureExpire: 0,
azureTenantId: "string",
broadnetPassword: "string",
broadnetSid: "string",
broadnetUserId: "string",
bypassWhenCloudDown: false,
clickatellApiKey: "string",
crossSite: false,
emailEnabled: false,
enabled: false,
expire: 0,
externalPortalUrl: "string",
facebookClientId: "string",
facebookClientSecret: "string",
facebookEmailDomains: ["string"],
facebookEnabled: false,
facebookExpire: 0,
forward: false,
forwardUrl: "string",
googleClientId: "string",
googleClientSecret: "string",
googleEmailDomains: ["string"],
googleEnabled: false,
googleExpire: 0,
gupshupPassword: "string",
gupshupUserid: "string",
microsoftClientId: "string",
microsoftClientSecret: "string",
microsoftEmailDomains: ["string"],
microsoftEnabled: false,
microsoftExpire: 0,
passphraseEnabled: false,
passphraseExpire: 0,
password: "string",
predefinedSponsorsEnabled: false,
predefinedSponsorsHideEmail: false,
privacy: false,
puzzelPassword: "string",
puzzelServiceId: "string",
puzzelUsername: "string",
smsEnabled: false,
smsExpire: 0,
smsMessageFormat: "string",
smsProvider: "string",
smsglobalApiKey: "string",
smsglobalApiSecret: "string",
sponsorAutoApprove: false,
sponsorEmailDomains: ["string"],
sponsorEnabled: false,
sponsorExpire: 0,
sponsorLinkValidityDuration: "string",
sponsorNotifyAll: false,
sponsorStatusNotify: false,
sponsors: {
string: "string",
},
ssoDefaultRole: "string",
ssoForcedRole: "string",
ssoIdpCert: "string",
ssoIdpSignAlgo: "string",
ssoIdpSsoUrl: "string",
ssoIssuer: "string",
ssoNameidFormat: "string",
telstraClientId: "string",
telstraClientSecret: "string",
twilioAuthToken: "string",
twilioPhoneNumber: "string",
twilioSid: "string",
},
portalAllowedHostnames: ["string"],
portalAllowedSubnets: ["string"],
portalDeniedHostnames: ["string"],
qos: {
"class": "string",
overwrite: false,
},
radsec: {
coaEnabled: false,
enabled: false,
idleTimeout: "string",
mxclusterIds: ["string"],
proxyHosts: ["string"],
serverName: "string",
servers: [{
host: "string",
port: 0,
}],
useMxedge: false,
useSiteMxedge: false,
},
rateset: {
string: {
eht: "string",
he: "string",
ht: "string",
legacies: ["string"],
minRssi: 0,
template: "string",
vht: "string",
},
},
reconnectClientsWhenRoamingMxcluster: false,
roamMode: "string",
schedule: {
enabled: false,
hours: {
fri: "string",
mon: "string",
sat: "string",
sun: "string",
thu: "string",
tue: "string",
wed: "string",
},
},
sleExcluded: false,
useEapolV1: false,
vlanEnabled: false,
vlanId: "string",
vlanIds: ["string"],
vlanPooling: false,
wlanLimitDown: "string",
wlanLimitDownEnabled: false,
wlanLimitUp: "string",
wlanLimitUpEnabled: false,
wxtagIds: ["string"],
wxtunnelId: "string",
wxtunnelRemoteId: "string",
});
type: junipermist:site:Wlan
properties:
acctImmediateUpdate: false
acctInterimInterval: 0
acctServers:
- host: string
keywrapEnabled: false
keywrapFormat: string
keywrapKek: string
keywrapMack: string
port: string
secret: string
airwatch:
apiKey: string
consoleUrl: string
enabled: false
password: string
username: string
allowIpv6Ndp: false
allowMdns: false
allowSsdp: false
apIds:
- string
appLimit:
apps:
string: 0
enabled: false
wxtagIds:
string: 0
appQos:
apps:
string:
dscp: string
dstSubnet: string
srcSubnet: string
enabled: false
others:
- dscp: string
dstSubnet: string
portRanges: string
protocol: string
srcSubnet: string
applyTo: string
arpFilter: false
auth:
anticlogThreshold: 0
eapReauth: false
enableMacAuth: false
keyIdx: 0
keys:
- string
multiPskOnly: false
owe: string
pairwises:
- string
privateWlan: false
psk: string
type: string
wepAsSecondaryAuth: false
authServerSelection: string
authServers:
- host: string
keywrapEnabled: false
keywrapFormat: string
keywrapKek: string
keywrapMack: string
port: string
requireMessageAuthenticator: false
secret: string
authServersNasId: string
authServersNasIp: string
authServersRetries: 0
authServersTimeout: 0
bandSteer: false
bandSteerForceBand5: false
bands:
- string
blockBlacklistClients: false
bonjour:
additionalVlanIds:
- string
enabled: false
services:
string:
disableLocal: false
radiusGroups:
- string
scope: string
ciscoCwa:
allowedHostnames:
- string
allowedSubnets:
- string
blockedSubnets:
- string
enabled: false
clientLimitDown: string
clientLimitDownEnabled: false
clientLimitUp: string
clientLimitUpEnabled: false
coaServers:
- disableEventTimestampCheck: false
enabled: false
ip: string
port: string
secret: string
disable11ax: false
disable11be: false
disableHtVhtRates: false
disableUapsd: false
disableV1RoamNotify: false
disableV2RoamNotify: false
disableWhenGatewayUnreachable: false
disableWhenMxtunnelDown: false
disableWmm: false
dnsServerRewrite:
enabled: false
radiusGroups:
string: string
dtim: 0
dynamicPsk:
defaultPsk: string
defaultVlanId: string
enabled: false
forceLookup: false
source: string
dynamicVlan:
defaultVlanIds:
- string
enabled: false
localVlanIds:
- string
type: string
vlans:
string: string
enableLocalKeycaching: false
enableWirelessBridging: false
enableWirelessBridgingDhcpTracking: false
enabled: false
fastDot1xTimers: false
hideSsid: false
hostnameIe: false
hotspot20:
domainNames:
- string
enabled: false
naiRealms:
- string
operators:
- string
rcois:
- string
venueName: string
injectDhcpOption82:
circuitId: string
enabled: false
interface: string
isolation: false
l2Isolation: false
legacyOverds: false
limitBcast: false
limitProbeResponse: false
maxIdletime: 0
maxNumClients: 0
mistNac:
acctInterimInterval: 0
authServersRetries: 0
authServersTimeout: 0
coaEnabled: false
coaPort: 0
enabled: false
fastDot1xTimers: false
network: string
sourceIp: string
mxtunnelIds:
- string
mxtunnelNames:
- string
noStaticDns: false
noStaticIp: false
portal:
allowWlanIdRoam: false
amazonClientId: string
amazonClientSecret: string
amazonEmailDomains:
- string
amazonEnabled: false
amazonExpire: 0
auth: string
azureClientId: string
azureClientSecret: string
azureEnabled: false
azureExpire: 0
azureTenantId: string
broadnetPassword: string
broadnetSid: string
broadnetUserId: string
bypassWhenCloudDown: false
clickatellApiKey: string
crossSite: false
emailEnabled: false
enabled: false
expire: 0
externalPortalUrl: string
facebookClientId: string
facebookClientSecret: string
facebookEmailDomains:
- string
facebookEnabled: false
facebookExpire: 0
forward: false
forwardUrl: string
googleClientId: string
googleClientSecret: string
googleEmailDomains:
- string
googleEnabled: false
googleExpire: 0
gupshupPassword: string
gupshupUserid: string
microsoftClientId: string
microsoftClientSecret: string
microsoftEmailDomains:
- string
microsoftEnabled: false
microsoftExpire: 0
passphraseEnabled: false
passphraseExpire: 0
password: string
predefinedSponsorsEnabled: false
predefinedSponsorsHideEmail: false
privacy: false
puzzelPassword: string
puzzelServiceId: string
puzzelUsername: string
smsEnabled: false
smsExpire: 0
smsMessageFormat: string
smsProvider: string
smsglobalApiKey: string
smsglobalApiSecret: string
sponsorAutoApprove: false
sponsorEmailDomains:
- string
sponsorEnabled: false
sponsorExpire: 0
sponsorLinkValidityDuration: string
sponsorNotifyAll: false
sponsorStatusNotify: false
sponsors:
string: string
ssoDefaultRole: string
ssoForcedRole: string
ssoIdpCert: string
ssoIdpSignAlgo: string
ssoIdpSsoUrl: string
ssoIssuer: string
ssoNameidFormat: string
telstraClientId: string
telstraClientSecret: string
twilioAuthToken: string
twilioPhoneNumber: string
twilioSid: string
portalAllowedHostnames:
- string
portalAllowedSubnets:
- string
portalDeniedHostnames:
- string
qos:
class: string
overwrite: false
radsec:
coaEnabled: false
enabled: false
idleTimeout: string
mxclusterIds:
- string
proxyHosts:
- string
serverName: string
servers:
- host: string
port: 0
useMxedge: false
useSiteMxedge: false
rateset:
string:
eht: string
he: string
ht: string
legacies:
- string
minRssi: 0
template: string
vht: string
reconnectClientsWhenRoamingMxcluster: false
roamMode: string
schedule:
enabled: false
hours:
fri: string
mon: string
sat: string
sun: string
thu: string
tue: string
wed: string
siteId: string
sleExcluded: false
ssid: string
useEapolV1: false
vlanEnabled: false
vlanId: string
vlanIds:
- string
vlanPooling: false
wlanLimitDown: string
wlanLimitDownEnabled: false
wlanLimitUp: string
wlanLimitUpEnabled: false
wxtagIds:
- string
wxtunnelId: string
wxtunnelRemoteId: string
Wlan Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Wlan resource accepts the following input properties:
- Site
Id string - Ssid string
- Name of the SSID
- Acct
Immediate boolUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- Acct
Interim intInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- Acct
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Acct Server> - List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- Airwatch
Pulumi.
Juniper Mist. Site. Inputs. Wlan Airwatch - Airwatch wlan settings
- Allow
Ipv6Ndp bool - Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- Allow
Mdns bool - Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- Allow
Ssdp bool - Only applicable when
limit_bcast==true, which allows SSDP - Ap
Ids List<string> - List of device ids
- App
Limit Pulumi.Juniper Mist. Site. Inputs. Wlan App Limit - Bandwidth limiting for apps (applies to up/down)
- App
Qos Pulumi.Juniper Mist. Site. Inputs. Wlan App Qos - APp qos wlan settings
- Apply
To string - enum:
aps,site,wxtags - Arp
Filter bool - Whether to enable smart arp filter
- Auth
Pulumi.
Juniper Mist. Site. Inputs. Wlan Auth - Authentication wlan settings
- Auth
Server stringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered,unordered - Auth
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Auth Server> - List of RADIUS authentication servers, at least one is needed if
auth type==eap, order matters where the first one is treated as primary - Auth
Servers stringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- Auth
Servers stringNas Ip - Optional, NAS-IP-ADDRESS to use
- Auth
Servers intRetries - Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- Auth
Servers intTimeout - Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- Band
Steer bool - Whether to enable band_steering, this works only when band==both
- Band
Steer boolForce Band5 - Force dual_band capable client to connect to 5G
- Bands List<string>
- list of radios that the wlan should apply to. enum:
24,5,6 - Block
Blacklist boolClients - Whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Pulumi.
Juniper Mist. Site. Inputs. Wlan Bonjour - Bonjour gateway wlan settings
- Cisco
Cwa Pulumi.Juniper Mist. Site. Inputs. Wlan Cisco Cwa - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- Client
Limit stringDown - Client
Limit boolDown Enabled - If downlink limiting per-client is enabled
- Client
Limit stringUp - Client
Limit boolUp Enabled - If uplink limiting per-client is enabled
- Coa
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Coa Server> - List of COA (change of authorization) servers, optional
- Disable11ax bool
- Some old WLAN drivers may not be compatible
- Disable11be bool
- To disable Wi-Fi 7 EHT IEs
- Disable
Ht boolVht Rates - To disable ht or vht rates
- Disable
Uapsd bool - Whether to disable U-APSD
- Disable
V1Roam boolNotify - Disable sending v2 roam notification messages
- Disable
V2Roam boolNotify - Disable sending v2 roam notification messages
- Disable
When boolGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- Disable
When boolMxtunnel Down - Disable
Wmm bool - Whether to disable WMM
- Dns
Server Pulumi.Rewrite Juniper Mist. Site. Inputs. Wlan Dns Server Rewrite - For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- Dtim int
- Dynamic
Psk Pulumi.Juniper Mist. Site. Inputs. Wlan Dynamic Psk - For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e.
enable_mac_authis assumed) - AP sends BSSID:SSID as Caller-Station-ID
auth_serversis required- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
multi_psk_onlyandpskis ignoredpairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
- Dynamic
Vlan Pulumi.Juniper Mist. Site. Inputs. Wlan Dynamic Vlan - For 802.1x
- Enable
Local boolKeycaching - Enable AP-AP keycaching via multicast
- Enable
Wireless boolBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- Enable
Wireless boolBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- If this wlan is enabled
- Fast
Dot1x boolTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- Hide
Ssid bool - Whether to hide SSID in beacon
- Hostname
Ie bool - Include hostname inside IE in AP beacons / probe responses
- Hotspot20
Pulumi.
Juniper Mist. Site. Inputs. Wlan Hotspot20 - Hostspot 2.0 wlan settings
- Inject
Dhcp Pulumi.Option82 Juniper Mist. Site. Inputs. Wlan Inject Dhcp Option82 - Interface string
- where this WLAN will be connected to. enum:
all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel - Isolation bool
- Whether to stop clients to talk to each other
- L2Isolation bool
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- Legacy
Overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- Limit
Bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- Limit
Probe boolResponse - Limit probe response base on some heuristic rules
- Max
Idletime int - Max idle time in seconds
- Max
Num intClients - Maximum number of client connected to the SSID.
0means unlimited - Mist
Nac Pulumi.Juniper Mist. Site. Inputs. Wlan Mist Nac - Mxtunnel
Ids List<string> - When
interface=mxtunnel, id of the Mist Tunnel - Mxtunnel
Names List<string> - When
interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting - No
Static boolDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- No
Static boolIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- Portal
Pulumi.
Juniper Mist. Site. Inputs. Wlan Portal - Portal wlan settings
- Portal
Allowed List<string>Hostnames - List of hostnames without http(s):// (matched by substring)
- Portal
Allowed List<string>Subnets - List of CIDRs
- Portal
Denied List<string>Hostnames - List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- Qos
Pulumi.
Juniper Mist. Site. Inputs. Wlan Qos - Radsec
Pulumi.
Juniper Mist. Site. Inputs. Wlan Radsec - RadSec settings
- Rateset
Dictionary<string, Pulumi.
Juniper Mist. Site. Inputs. Wlan Rateset Args> - Property key is the RF band. enum:
24,5,6 - Reconnect
Clients boolWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- Roam
Mode string - enum:
11r,OKC,NONE - Schedule
Pulumi.
Juniper Mist. Site. Inputs. Wlan Schedule - WLAN operating schedule, default is disabled
- Sle
Excluded bool - Whether to exclude this WLAN from SLE metrics
- Use
Eapol boolV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - Vlan
Enabled bool - If vlan tagging is enabled
- Vlan
Id string - Vlan
Ids List<string> - if
vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool - Vlan
Pooling bool - Requires
vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - Wlan
Limit stringDown - Wlan
Limit boolDown Enabled - If downlink limiting for whole wlan is enabled
- Wlan
Limit stringUp - Wlan
Limit boolUp Enabled - If uplink limiting for whole wlan is enabled
- Wxtag
Ids List<string> - List of wxtag_ids
- Wxtunnel
Id string - When
interface=wxtunnel, id of the WXLAN Tunnel - Wxtunnel
Remote stringId - When
interface=wxtunnel, remote tunnel identifier
- Site
Id string - Ssid string
- Name of the SSID
- Acct
Immediate boolUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- Acct
Interim intInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- Acct
Servers []WlanAcct Server Args - List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- Airwatch
Wlan
Airwatch Args - Airwatch wlan settings
- Allow
Ipv6Ndp bool - Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- Allow
Mdns bool - Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- Allow
Ssdp bool - Only applicable when
limit_bcast==true, which allows SSDP - Ap
Ids []string - List of device ids
- App
Limit WlanApp Limit Args - Bandwidth limiting for apps (applies to up/down)
- App
Qos WlanApp Qos Args - APp qos wlan settings
- Apply
To string - enum:
aps,site,wxtags - Arp
Filter bool - Whether to enable smart arp filter
- Auth
Wlan
Auth Args - Authentication wlan settings
- Auth
Server stringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered,unordered - Auth
Servers []WlanAuth Server Args - List of RADIUS authentication servers, at least one is needed if
auth type==eap, order matters where the first one is treated as primary - Auth
Servers stringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- Auth
Servers stringNas Ip - Optional, NAS-IP-ADDRESS to use
- Auth
Servers intRetries - Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- Auth
Servers intTimeout - Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- Band
Steer bool - Whether to enable band_steering, this works only when band==both
- Band
Steer boolForce Band5 - Force dual_band capable client to connect to 5G
- Bands []string
- list of radios that the wlan should apply to. enum:
24,5,6 - Block
Blacklist boolClients - Whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Wlan
Bonjour Args - Bonjour gateway wlan settings
- Cisco
Cwa WlanCisco Cwa Args - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- Client
Limit stringDown - Client
Limit boolDown Enabled - If downlink limiting per-client is enabled
- Client
Limit stringUp - Client
Limit boolUp Enabled - If uplink limiting per-client is enabled
- Coa
Servers []WlanCoa Server Args - List of COA (change of authorization) servers, optional
- Disable11ax bool
- Some old WLAN drivers may not be compatible
- Disable11be bool
- To disable Wi-Fi 7 EHT IEs
- Disable
Ht boolVht Rates - To disable ht or vht rates
- Disable
Uapsd bool - Whether to disable U-APSD
- Disable
V1Roam boolNotify - Disable sending v2 roam notification messages
- Disable
V2Roam boolNotify - Disable sending v2 roam notification messages
- Disable
When boolGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- Disable
When boolMxtunnel Down - Disable
Wmm bool - Whether to disable WMM
- Dns
Server WlanRewrite Dns Server Rewrite Args - For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- Dtim int
- Dynamic
Psk WlanDynamic Psk Args - For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e.
enable_mac_authis assumed) - AP sends BSSID:SSID as Caller-Station-ID
auth_serversis required- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
multi_psk_onlyandpskis ignoredpairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
- Dynamic
Vlan WlanDynamic Vlan Args - For 802.1x
- Enable
Local boolKeycaching - Enable AP-AP keycaching via multicast
- Enable
Wireless boolBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- Enable
Wireless boolBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- If this wlan is enabled
- Fast
Dot1x boolTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- Hide
Ssid bool - Whether to hide SSID in beacon
- Hostname
Ie bool - Include hostname inside IE in AP beacons / probe responses
- Hotspot20
Wlan
Hotspot20Args - Hostspot 2.0 wlan settings
- Inject
Dhcp WlanOption82 Inject Dhcp Option82Args - Interface string
- where this WLAN will be connected to. enum:
all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel - Isolation bool
- Whether to stop clients to talk to each other
- L2Isolation bool
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- Legacy
Overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- Limit
Bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- Limit
Probe boolResponse - Limit probe response base on some heuristic rules
- Max
Idletime int - Max idle time in seconds
- Max
Num intClients - Maximum number of client connected to the SSID.
0means unlimited - Mist
Nac WlanMist Nac Args - Mxtunnel
Ids []string - When
interface=mxtunnel, id of the Mist Tunnel - Mxtunnel
Names []string - When
interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting - No
Static boolDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- No
Static boolIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- Portal
Wlan
Portal Args - Portal wlan settings
- Portal
Allowed []stringHostnames - List of hostnames without http(s):// (matched by substring)
- Portal
Allowed []stringSubnets - List of CIDRs
- Portal
Denied []stringHostnames - List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- Qos
Wlan
Qos Args - Radsec
Wlan
Radsec Args - RadSec settings
- Rateset
map[string]Wlan
Rateset Args - Property key is the RF band. enum:
24,5,6 - Reconnect
Clients boolWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- Roam
Mode string - enum:
11r,OKC,NONE - Schedule
Wlan
Schedule Args - WLAN operating schedule, default is disabled
- Sle
Excluded bool - Whether to exclude this WLAN from SLE metrics
- Use
Eapol boolV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - Vlan
Enabled bool - If vlan tagging is enabled
- Vlan
Id string - Vlan
Ids []string - if
vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool - Vlan
Pooling bool - Requires
vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - Wlan
Limit stringDown - Wlan
Limit boolDown Enabled - If downlink limiting for whole wlan is enabled
- Wlan
Limit stringUp - Wlan
Limit boolUp Enabled - If uplink limiting for whole wlan is enabled
- Wxtag
Ids []string - List of wxtag_ids
- Wxtunnel
Id string - When
interface=wxtunnel, id of the WXLAN Tunnel - Wxtunnel
Remote stringId - When
interface=wxtunnel, remote tunnel identifier
- site
Id String - ssid String
- Name of the SSID
- acct
Immediate BooleanUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim IntegerInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct
Servers List<WlanAcct Server> - List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
Wlan
Airwatch - Airwatch wlan settings
- allow
Ipv6Ndp Boolean - Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow
Mdns Boolean - Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow
Ssdp Boolean - Only applicable when
limit_bcast==true, which allows SSDP - ap
Ids List<String> - List of device ids
- app
Limit WlanApp Limit - Bandwidth limiting for apps (applies to up/down)
- app
Qos WlanApp Qos - APp qos wlan settings
- apply
To String - enum:
aps,site,wxtags - arp
Filter Boolean - Whether to enable smart arp filter
- auth
Wlan
Auth - Authentication wlan settings
- auth
Server StringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered,unordered - auth
Servers List<WlanAuth Server> - List of RADIUS authentication servers, at least one is needed if
auth type==eap, order matters where the first one is treated as primary - auth
Servers StringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers StringNas Ip - Optional, NAS-IP-ADDRESS to use
- auth
Servers IntegerRetries - Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth
Servers IntegerTimeout - Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band
Steer Boolean - Whether to enable band_steering, this works only when band==both
- band
Steer BooleanForce Band5 - Force dual_band capable client to connect to 5G
- bands List<String>
- list of radios that the wlan should apply to. enum:
24,5,6 - block
Blacklist BooleanClients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour - Bonjour gateway wlan settings
- cisco
Cwa WlanCisco Cwa - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client
Limit StringDown - client
Limit BooleanDown Enabled - If downlink limiting per-client is enabled
- client
Limit StringUp - client
Limit BooleanUp Enabled - If uplink limiting per-client is enabled
- coa
Servers List<WlanCoa Server> - List of COA (change of authorization) servers, optional
- disable11ax Boolean
- Some old WLAN drivers may not be compatible
- disable11be Boolean
- To disable Wi-Fi 7 EHT IEs
- disable
Ht BooleanVht Rates - To disable ht or vht rates
- disable
Uapsd Boolean - Whether to disable U-APSD
- disable
V1Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
V2Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
When BooleanGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable
When BooleanMxtunnel Down - disable
Wmm Boolean - Whether to disable WMM
- dns
Server WlanRewrite Dns Server Rewrite - For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim Integer
- dynamic
Psk WlanDynamic Psk - For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e.
enable_mac_authis assumed) - AP sends BSSID:SSID as Caller-Station-ID
auth_serversis required- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
multi_psk_onlyandpskis ignoredpairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
- dynamic
Vlan WlanDynamic Vlan - For 802.1x
- enable
Local BooleanKeycaching - Enable AP-AP keycaching via multicast
- enable
Wireless BooleanBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- enable
Wireless BooleanBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- If this wlan is enabled
- fast
Dot1x BooleanTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid Boolean - Whether to hide SSID in beacon
- hostname
Ie Boolean - Include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20 - Hostspot 2.0 wlan settings
- inject
Dhcp WlanOption82 Inject Dhcp Option82 - interface_ String
- where this WLAN will be connected to. enum:
all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel - isolation Boolean
- Whether to stop clients to talk to each other
- l2Isolation Boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds Boolean - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast Boolean - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe BooleanResponse - Limit probe response base on some heuristic rules
- max
Idletime Integer - Max idle time in seconds
- max
Num IntegerClients - Maximum number of client connected to the SSID.
0means unlimited - mist
Nac WlanMist Nac - mxtunnel
Ids List<String> - When
interface=mxtunnel, id of the Mist Tunnel - mxtunnel
Names List<String> - When
interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting - no
Static BooleanDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static BooleanIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- portal
Wlan
Portal - Portal wlan settings
- portal
Allowed List<String>Hostnames - List of hostnames without http(s):// (matched by substring)
- portal
Allowed List<String>Subnets - List of CIDRs
- portal
Denied List<String>Hostnames - List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- qos
Wlan
Qos - radsec
Wlan
Radsec - RadSec settings
- rateset
Map<String,Wlan
Rateset Args> - Property key is the RF band. enum:
24,5,6 - reconnect
Clients BooleanWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam
Mode String - enum:
11r,OKC,NONE - schedule
Wlan
Schedule - WLAN operating schedule, default is disabled
- sle
Excluded Boolean - Whether to exclude this WLAN from SLE metrics
- use
Eapol BooleanV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled Boolean - If vlan tagging is enabled
- vlan
Id String - vlan
Ids List<String> - if
vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool - vlan
Pooling Boolean - Requires
vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan
Limit StringDown - wlan
Limit BooleanDown Enabled - If downlink limiting for whole wlan is enabled
- wlan
Limit StringUp - wlan
Limit BooleanUp Enabled - If uplink limiting for whole wlan is enabled
- wxtag
Ids List<String> - List of wxtag_ids
- wxtunnel
Id String - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel
Remote StringId - When
interface=wxtunnel, remote tunnel identifier
- site
Id string - ssid string
- Name of the SSID
- acct
Immediate booleanUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim numberInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct
Servers WlanAcct Server[] - List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
Wlan
Airwatch - Airwatch wlan settings
- allow
Ipv6Ndp boolean - Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow
Mdns boolean - Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow
Ssdp boolean - Only applicable when
limit_bcast==true, which allows SSDP - ap
Ids string[] - List of device ids
- app
Limit WlanApp Limit - Bandwidth limiting for apps (applies to up/down)
- app
Qos WlanApp Qos - APp qos wlan settings
- apply
To string - enum:
aps,site,wxtags - arp
Filter boolean - Whether to enable smart arp filter
- auth
Wlan
Auth - Authentication wlan settings
- auth
Server stringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered,unordered - auth
Servers WlanAuth Server[] - List of RADIUS authentication servers, at least one is needed if
auth type==eap, order matters where the first one is treated as primary - auth
Servers stringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers stringNas Ip - Optional, NAS-IP-ADDRESS to use
- auth
Servers numberRetries - Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth
Servers numberTimeout - Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band
Steer boolean - Whether to enable band_steering, this works only when band==both
- band
Steer booleanForce Band5 - Force dual_band capable client to connect to 5G
- bands string[]
- list of radios that the wlan should apply to. enum:
24,5,6 - block
Blacklist booleanClients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour - Bonjour gateway wlan settings
- cisco
Cwa WlanCisco Cwa - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client
Limit stringDown - client
Limit booleanDown Enabled - If downlink limiting per-client is enabled
- client
Limit stringUp - client
Limit booleanUp Enabled - If uplink limiting per-client is enabled
- coa
Servers WlanCoa Server[] - List of COA (change of authorization) servers, optional
- disable11ax boolean
- Some old WLAN drivers may not be compatible
- disable11be boolean
- To disable Wi-Fi 7 EHT IEs
- disable
Ht booleanVht Rates - To disable ht or vht rates
- disable
Uapsd boolean - Whether to disable U-APSD
- disable
V1Roam booleanNotify - Disable sending v2 roam notification messages
- disable
V2Roam booleanNotify - Disable sending v2 roam notification messages
- disable
When booleanGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable
When booleanMxtunnel Down - disable
Wmm boolean - Whether to disable WMM
- dns
Server WlanRewrite Dns Server Rewrite - For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim number
- dynamic
Psk WlanDynamic Psk - For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e.
enable_mac_authis assumed) - AP sends BSSID:SSID as Caller-Station-ID
auth_serversis required- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
multi_psk_onlyandpskis ignoredpairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
- dynamic
Vlan WlanDynamic Vlan - For 802.1x
- enable
Local booleanKeycaching - Enable AP-AP keycaching via multicast
- enable
Wireless booleanBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- enable
Wireless booleanBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled boolean
- If this wlan is enabled
- fast
Dot1x booleanTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid boolean - Whether to hide SSID in beacon
- hostname
Ie boolean - Include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20 - Hostspot 2.0 wlan settings
- inject
Dhcp WlanOption82 Inject Dhcp Option82 - interface string
- where this WLAN will be connected to. enum:
all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel - isolation boolean
- Whether to stop clients to talk to each other
- l2Isolation boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds boolean - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast boolean - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe booleanResponse - Limit probe response base on some heuristic rules
- max
Idletime number - Max idle time in seconds
- max
Num numberClients - Maximum number of client connected to the SSID.
0means unlimited - mist
Nac WlanMist Nac - mxtunnel
Ids string[] - When
interface=mxtunnel, id of the Mist Tunnel - mxtunnel
Names string[] - When
interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting - no
Static booleanDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static booleanIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- portal
Wlan
Portal - Portal wlan settings
- portal
Allowed string[]Hostnames - List of hostnames without http(s):// (matched by substring)
- portal
Allowed string[]Subnets - List of CIDRs
- portal
Denied string[]Hostnames - List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- qos
Wlan
Qos - radsec
Wlan
Radsec - RadSec settings
- rateset
{[key: string]: Wlan
Rateset Args} - Property key is the RF band. enum:
24,5,6 - reconnect
Clients booleanWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam
Mode string - enum:
11r,OKC,NONE - schedule
Wlan
Schedule - WLAN operating schedule, default is disabled
- sle
Excluded boolean - Whether to exclude this WLAN from SLE metrics
- use
Eapol booleanV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled boolean - If vlan tagging is enabled
- vlan
Id string - vlan
Ids string[] - if
vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool - vlan
Pooling boolean - Requires
vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan
Limit stringDown - wlan
Limit booleanDown Enabled - If downlink limiting for whole wlan is enabled
- wlan
Limit stringUp - wlan
Limit booleanUp Enabled - If uplink limiting for whole wlan is enabled
- wxtag
Ids string[] - List of wxtag_ids
- wxtunnel
Id string - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel
Remote stringId - When
interface=wxtunnel, remote tunnel identifier
- site_
id str - ssid str
- Name of the SSID
- acct_
immediate_ boolupdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct_
interim_ intinterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct_
servers Sequence[WlanAcct Server Args] - List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
Wlan
Airwatch Args - Airwatch wlan settings
- allow_
ipv6_ boolndp - Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow_
mdns bool - Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow_
ssdp bool - Only applicable when
limit_bcast==true, which allows SSDP - ap_
ids Sequence[str] - List of device ids
- app_
limit WlanApp Limit Args - Bandwidth limiting for apps (applies to up/down)
- app_
qos WlanApp Qos Args - APp qos wlan settings
- apply_
to str - enum:
aps,site,wxtags - arp_
filter bool - Whether to enable smart arp filter
- auth
Wlan
Auth Args - Authentication wlan settings
- auth_
server_ strselection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered,unordered - auth_
servers Sequence[WlanAuth Server Args] - List of RADIUS authentication servers, at least one is needed if
auth type==eap, order matters where the first one is treated as primary - auth_
servers_ strnas_ id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth_
servers_ strnas_ ip - Optional, NAS-IP-ADDRESS to use
- auth_
servers_ intretries - Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth_
servers_ inttimeout - Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band_
steer bool - Whether to enable band_steering, this works only when band==both
- band_
steer_ boolforce_ band5 - Force dual_band capable client to connect to 5G
- bands Sequence[str]
- list of radios that the wlan should apply to. enum:
24,5,6 - block_
blacklist_ boolclients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour Args - Bonjour gateway wlan settings
- cisco_
cwa WlanCisco Cwa Args - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client_
limit_ strdown - client_
limit_ booldown_ enabled - If downlink limiting per-client is enabled
- client_
limit_ strup - client_
limit_ boolup_ enabled - If uplink limiting per-client is enabled
- coa_
servers Sequence[WlanCoa Server Args] - List of COA (change of authorization) servers, optional
- disable11ax bool
- Some old WLAN drivers may not be compatible
- disable11be bool
- To disable Wi-Fi 7 EHT IEs
- disable_
ht_ boolvht_ rates - To disable ht or vht rates
- disable_
uapsd bool - Whether to disable U-APSD
- disable_
v1_ boolroam_ notify - Disable sending v2 roam notification messages
- disable_
v2_ boolroam_ notify - Disable sending v2 roam notification messages
- disable_
when_ boolgateway_ unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable_
when_ boolmxtunnel_ down - disable_
wmm bool - Whether to disable WMM
- dns_
server_ Wlanrewrite Dns Server Rewrite Args - For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim int
- dynamic_
psk WlanDynamic Psk Args - For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e.
enable_mac_authis assumed) - AP sends BSSID:SSID as Caller-Station-ID
auth_serversis required- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
multi_psk_onlyandpskis ignoredpairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
- dynamic_
vlan WlanDynamic Vlan Args - For 802.1x
- enable_
local_ boolkeycaching - Enable AP-AP keycaching via multicast
- enable_
wireless_ boolbridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- enable_
wireless_ boolbridging_ dhcp_ tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled bool
- If this wlan is enabled
- fast_
dot1x_ booltimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide_
ssid bool - Whether to hide SSID in beacon
- hostname_
ie bool - Include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20Args - Hostspot 2.0 wlan settings
- inject_
dhcp_ Wlanoption82 Inject Dhcp Option82Args - interface str
- where this WLAN will be connected to. enum:
all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel - isolation bool
- Whether to stop clients to talk to each other
- l2_
isolation bool - If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy_
overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit_
bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit_
probe_ boolresponse - Limit probe response base on some heuristic rules
- max_
idletime int - Max idle time in seconds
- max_
num_ intclients - Maximum number of client connected to the SSID.
0means unlimited - mist_
nac WlanMist Nac Args - mxtunnel_
ids Sequence[str] - When
interface=mxtunnel, id of the Mist Tunnel - mxtunnel_
names Sequence[str] - When
interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting - no_
static_ booldns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no_
static_ boolip - Whether to only allow client that we’ve learned from DHCP exchange to talk
- portal
Wlan
Portal Args - Portal wlan settings
- portal_
allowed_ Sequence[str]hostnames - List of hostnames without http(s):// (matched by substring)
- portal_
allowed_ Sequence[str]subnets - List of CIDRs
- portal_
denied_ Sequence[str]hostnames - List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- qos
Wlan
Qos Args - radsec
Wlan
Radsec Args - RadSec settings
- rateset
Mapping[str, Wlan
Rateset Args] - Property key is the RF band. enum:
24,5,6 - reconnect_
clients_ boolwhen_ roaming_ mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam_
mode str - enum:
11r,OKC,NONE - schedule
Wlan
Schedule Args - WLAN operating schedule, default is disabled
- sle_
excluded bool - Whether to exclude this WLAN from SLE metrics
- use_
eapol_ boolv1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan_
enabled bool - If vlan tagging is enabled
- vlan_
id str - vlan_
ids Sequence[str] - if
vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool - vlan_
pooling bool - Requires
vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan_
limit_ strdown - wlan_
limit_ booldown_ enabled - If downlink limiting for whole wlan is enabled
- wlan_
limit_ strup - wlan_
limit_ boolup_ enabled - If uplink limiting for whole wlan is enabled
- wxtag_
ids Sequence[str] - List of wxtag_ids
- wxtunnel_
id str - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel_
remote_ strid - When
interface=wxtunnel, remote tunnel identifier
- site
Id String - ssid String
- Name of the SSID
- acct
Immediate BooleanUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim NumberInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct
Servers List<Property Map> - List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch Property Map
- Airwatch wlan settings
- allow
Ipv6Ndp Boolean - Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow
Mdns Boolean - Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow
Ssdp Boolean - Only applicable when
limit_bcast==true, which allows SSDP - ap
Ids List<String> - List of device ids
- app
Limit Property Map - Bandwidth limiting for apps (applies to up/down)
- app
Qos Property Map - APp qos wlan settings
- apply
To String - enum:
aps,site,wxtags - arp
Filter Boolean - Whether to enable smart arp filter
- auth Property Map
- Authentication wlan settings
- auth
Server StringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered,unordered - auth
Servers List<Property Map> - List of RADIUS authentication servers, at least one is needed if
auth type==eap, order matters where the first one is treated as primary - auth
Servers StringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers StringNas Ip - Optional, NAS-IP-ADDRESS to use
- auth
Servers NumberRetries - Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth
Servers NumberTimeout - Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band
Steer Boolean - Whether to enable band_steering, this works only when band==both
- band
Steer BooleanForce Band5 - Force dual_band capable client to connect to 5G
- bands List<String>
- list of radios that the wlan should apply to. enum:
24,5,6 - block
Blacklist BooleanClients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour Property Map
- Bonjour gateway wlan settings
- cisco
Cwa Property Map - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client
Limit StringDown - client
Limit BooleanDown Enabled - If downlink limiting per-client is enabled
- client
Limit StringUp - client
Limit BooleanUp Enabled - If uplink limiting per-client is enabled
- coa
Servers List<Property Map> - List of COA (change of authorization) servers, optional
- disable11ax Boolean
- Some old WLAN drivers may not be compatible
- disable11be Boolean
- To disable Wi-Fi 7 EHT IEs
- disable
Ht BooleanVht Rates - To disable ht or vht rates
- disable
Uapsd Boolean - Whether to disable U-APSD
- disable
V1Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
V2Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
When BooleanGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable
When BooleanMxtunnel Down - disable
Wmm Boolean - Whether to disable WMM
- dns
Server Property MapRewrite - For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim Number
- dynamic
Psk Property Map - For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e.
enable_mac_authis assumed) - AP sends BSSID:SSID as Caller-Station-ID
auth_serversis required- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
multi_psk_onlyandpskis ignoredpairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
- dynamic
Vlan Property Map - For 802.1x
- enable
Local BooleanKeycaching - Enable AP-AP keycaching via multicast
- enable
Wireless BooleanBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- enable
Wireless BooleanBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- If this wlan is enabled
- fast
Dot1x BooleanTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid Boolean - Whether to hide SSID in beacon
- hostname
Ie Boolean - Include hostname inside IE in AP beacons / probe responses
- hotspot20 Property Map
- Hostspot 2.0 wlan settings
- inject
Dhcp Property MapOption82 - interface String
- where this WLAN will be connected to. enum:
all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel - isolation Boolean
- Whether to stop clients to talk to each other
- l2Isolation Boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds Boolean - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast Boolean - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe BooleanResponse - Limit probe response base on some heuristic rules
- max
Idletime Number - Max idle time in seconds
- max
Num NumberClients - Maximum number of client connected to the SSID.
0means unlimited - mist
Nac Property Map - mxtunnel
Ids List<String> - When
interface=mxtunnel, id of the Mist Tunnel - mxtunnel
Names List<String> - When
interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting - no
Static BooleanDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static BooleanIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- portal Property Map
- Portal wlan settings
- portal
Allowed List<String>Hostnames - List of hostnames without http(s):// (matched by substring)
- portal
Allowed List<String>Subnets - List of CIDRs
- portal
Denied List<String>Hostnames - List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- qos Property Map
- radsec Property Map
- RadSec settings
- rateset Map<Property Map>
- Property key is the RF band. enum:
24,5,6 - reconnect
Clients BooleanWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam
Mode String - enum:
11r,OKC,NONE - schedule Property Map
- WLAN operating schedule, default is disabled
- sle
Excluded Boolean - Whether to exclude this WLAN from SLE metrics
- use
Eapol BooleanV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled Boolean - If vlan tagging is enabled
- vlan
Id String - vlan
Ids List<String> - if
vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool - vlan
Pooling Boolean - Requires
vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan
Limit StringDown - wlan
Limit BooleanDown Enabled - If downlink limiting for whole wlan is enabled
- wlan
Limit StringUp - wlan
Limit BooleanUp Enabled - If uplink limiting for whole wlan is enabled
- wxtag
Ids List<String> - List of wxtag_ids
- wxtunnel
Id String - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel
Remote StringId - When
interface=wxtunnel, remote tunnel identifier
Outputs
All input properties are implicitly available as output properties. Additionally, the Wlan resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Msp
Id string - Org
Id string - Portal
Api stringSecret - APi secret (auto-generated) that can be used to sign guest authorization requests
- Portal
Image string - Url of portal background image
- Portal
Sso stringUrl
- Id string
- The provider-assigned unique ID for this managed resource.
- Msp
Id string - Org
Id string - Portal
Api stringSecret - APi secret (auto-generated) that can be used to sign guest authorization requests
- Portal
Image string - Url of portal background image
- Portal
Sso stringUrl
- id String
- The provider-assigned unique ID for this managed resource.
- msp
Id String - org
Id String - portal
Api StringSecret - APi secret (auto-generated) that can be used to sign guest authorization requests
- portal
Image String - Url of portal background image
- portal
Sso StringUrl
- id string
- The provider-assigned unique ID for this managed resource.
- msp
Id string - org
Id string - portal
Api stringSecret - APi secret (auto-generated) that can be used to sign guest authorization requests
- portal
Image string - Url of portal background image
- portal
Sso stringUrl
- id str
- The provider-assigned unique ID for this managed resource.
- msp_
id str - org_
id str - portal_
api_ strsecret - APi secret (auto-generated) that can be used to sign guest authorization requests
- portal_
image str - Url of portal background image
- portal_
sso_ strurl
- id String
- The provider-assigned unique ID for this managed resource.
- msp
Id String - org
Id String - portal
Api StringSecret - APi secret (auto-generated) that can be used to sign guest authorization requests
- portal
Image String - Url of portal background image
- portal
Sso StringUrl
Look up Existing Wlan Resource
Get an existing Wlan resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WlanState, opts?: CustomResourceOptions): Wlan@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
acct_immediate_update: Optional[bool] = None,
acct_interim_interval: Optional[int] = None,
acct_servers: Optional[Sequence[WlanAcctServerArgs]] = None,
airwatch: Optional[WlanAirwatchArgs] = None,
allow_ipv6_ndp: Optional[bool] = None,
allow_mdns: Optional[bool] = None,
allow_ssdp: Optional[bool] = None,
ap_ids: Optional[Sequence[str]] = None,
app_limit: Optional[WlanAppLimitArgs] = None,
app_qos: Optional[WlanAppQosArgs] = None,
apply_to: Optional[str] = None,
arp_filter: Optional[bool] = None,
auth: Optional[WlanAuthArgs] = None,
auth_server_selection: Optional[str] = None,
auth_servers: Optional[Sequence[WlanAuthServerArgs]] = None,
auth_servers_nas_id: Optional[str] = None,
auth_servers_nas_ip: Optional[str] = None,
auth_servers_retries: Optional[int] = None,
auth_servers_timeout: Optional[int] = None,
band_steer: Optional[bool] = None,
band_steer_force_band5: Optional[bool] = None,
bands: Optional[Sequence[str]] = None,
block_blacklist_clients: Optional[bool] = None,
bonjour: Optional[WlanBonjourArgs] = None,
cisco_cwa: Optional[WlanCiscoCwaArgs] = None,
client_limit_down: Optional[str] = None,
client_limit_down_enabled: Optional[bool] = None,
client_limit_up: Optional[str] = None,
client_limit_up_enabled: Optional[bool] = None,
coa_servers: Optional[Sequence[WlanCoaServerArgs]] = None,
disable11ax: Optional[bool] = None,
disable11be: Optional[bool] = None,
disable_ht_vht_rates: Optional[bool] = None,
disable_uapsd: Optional[bool] = None,
disable_v1_roam_notify: Optional[bool] = None,
disable_v2_roam_notify: Optional[bool] = None,
disable_when_gateway_unreachable: Optional[bool] = None,
disable_when_mxtunnel_down: Optional[bool] = None,
disable_wmm: Optional[bool] = None,
dns_server_rewrite: Optional[WlanDnsServerRewriteArgs] = None,
dtim: Optional[int] = None,
dynamic_psk: Optional[WlanDynamicPskArgs] = None,
dynamic_vlan: Optional[WlanDynamicVlanArgs] = None,
enable_local_keycaching: Optional[bool] = None,
enable_wireless_bridging: Optional[bool] = None,
enable_wireless_bridging_dhcp_tracking: Optional[bool] = None,
enabled: Optional[bool] = None,
fast_dot1x_timers: Optional[bool] = None,
hide_ssid: Optional[bool] = None,
hostname_ie: Optional[bool] = None,
hotspot20: Optional[WlanHotspot20Args] = None,
inject_dhcp_option82: Optional[WlanInjectDhcpOption82Args] = None,
interface: Optional[str] = None,
isolation: Optional[bool] = None,
l2_isolation: Optional[bool] = None,
legacy_overds: Optional[bool] = None,
limit_bcast: Optional[bool] = None,
limit_probe_response: Optional[bool] = None,
max_idletime: Optional[int] = None,
max_num_clients: Optional[int] = None,
mist_nac: Optional[WlanMistNacArgs] = None,
msp_id: Optional[str] = None,
mxtunnel_ids: Optional[Sequence[str]] = None,
mxtunnel_names: Optional[Sequence[str]] = None,
no_static_dns: Optional[bool] = None,
no_static_ip: Optional[bool] = None,
org_id: Optional[str] = None,
portal: Optional[WlanPortalArgs] = None,
portal_allowed_hostnames: Optional[Sequence[str]] = None,
portal_allowed_subnets: Optional[Sequence[str]] = None,
portal_api_secret: Optional[str] = None,
portal_denied_hostnames: Optional[Sequence[str]] = None,
portal_image: Optional[str] = None,
portal_sso_url: Optional[str] = None,
qos: Optional[WlanQosArgs] = None,
radsec: Optional[WlanRadsecArgs] = None,
rateset: Optional[Mapping[str, WlanRatesetArgs]] = None,
reconnect_clients_when_roaming_mxcluster: Optional[bool] = None,
roam_mode: Optional[str] = None,
schedule: Optional[WlanScheduleArgs] = None,
site_id: Optional[str] = None,
sle_excluded: Optional[bool] = None,
ssid: Optional[str] = None,
use_eapol_v1: Optional[bool] = None,
vlan_enabled: Optional[bool] = None,
vlan_id: Optional[str] = None,
vlan_ids: Optional[Sequence[str]] = None,
vlan_pooling: Optional[bool] = None,
wlan_limit_down: Optional[str] = None,
wlan_limit_down_enabled: Optional[bool] = None,
wlan_limit_up: Optional[str] = None,
wlan_limit_up_enabled: Optional[bool] = None,
wxtag_ids: Optional[Sequence[str]] = None,
wxtunnel_id: Optional[str] = None,
wxtunnel_remote_id: Optional[str] = None) -> Wlanfunc GetWlan(ctx *Context, name string, id IDInput, state *WlanState, opts ...ResourceOption) (*Wlan, error)public static Wlan Get(string name, Input<string> id, WlanState? state, CustomResourceOptions? opts = null)public static Wlan get(String name, Output<String> id, WlanState state, CustomResourceOptions options)resources: _: type: junipermist:site:Wlan get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Acct
Immediate boolUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- Acct
Interim intInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- Acct
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Acct Server> - List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- Airwatch
Pulumi.
Juniper Mist. Site. Inputs. Wlan Airwatch - Airwatch wlan settings
- Allow
Ipv6Ndp bool - Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- Allow
Mdns bool - Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- Allow
Ssdp bool - Only applicable when
limit_bcast==true, which allows SSDP - Ap
Ids List<string> - List of device ids
- App
Limit Pulumi.Juniper Mist. Site. Inputs. Wlan App Limit - Bandwidth limiting for apps (applies to up/down)
- App
Qos Pulumi.Juniper Mist. Site. Inputs. Wlan App Qos - APp qos wlan settings
- Apply
To string - enum:
aps,site,wxtags - Arp
Filter bool - Whether to enable smart arp filter
- Auth
Pulumi.
Juniper Mist. Site. Inputs. Wlan Auth - Authentication wlan settings
- Auth
Server stringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered,unordered - Auth
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Auth Server> - List of RADIUS authentication servers, at least one is needed if
auth type==eap, order matters where the first one is treated as primary - Auth
Servers stringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- Auth
Servers stringNas Ip - Optional, NAS-IP-ADDRESS to use
- Auth
Servers intRetries - Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- Auth
Servers intTimeout - Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- Band
Steer bool - Whether to enable band_steering, this works only when band==both
- Band
Steer boolForce Band5 - Force dual_band capable client to connect to 5G
- Bands List<string>
- list of radios that the wlan should apply to. enum:
24,5,6 - Block
Blacklist boolClients - Whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Pulumi.
Juniper Mist. Site. Inputs. Wlan Bonjour - Bonjour gateway wlan settings
- Cisco
Cwa Pulumi.Juniper Mist. Site. Inputs. Wlan Cisco Cwa - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- Client
Limit stringDown - Client
Limit boolDown Enabled - If downlink limiting per-client is enabled
- Client
Limit stringUp - Client
Limit boolUp Enabled - If uplink limiting per-client is enabled
- Coa
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Coa Server> - List of COA (change of authorization) servers, optional
- Disable11ax bool
- Some old WLAN drivers may not be compatible
- Disable11be bool
- To disable Wi-Fi 7 EHT IEs
- Disable
Ht boolVht Rates - To disable ht or vht rates
- Disable
Uapsd bool - Whether to disable U-APSD
- Disable
V1Roam boolNotify - Disable sending v2 roam notification messages
- Disable
V2Roam boolNotify - Disable sending v2 roam notification messages
- Disable
When boolGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- Disable
When boolMxtunnel Down - Disable
Wmm bool - Whether to disable WMM
- Dns
Server Pulumi.Rewrite Juniper Mist. Site. Inputs. Wlan Dns Server Rewrite - For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- Dtim int
- Dynamic
Psk Pulumi.Juniper Mist. Site. Inputs. Wlan Dynamic Psk - For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e.
enable_mac_authis assumed) - AP sends BSSID:SSID as Caller-Station-ID
auth_serversis required- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
multi_psk_onlyandpskis ignoredpairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
- Dynamic
Vlan Pulumi.Juniper Mist. Site. Inputs. Wlan Dynamic Vlan - For 802.1x
- Enable
Local boolKeycaching - Enable AP-AP keycaching via multicast
- Enable
Wireless boolBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- Enable
Wireless boolBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- If this wlan is enabled
- Fast
Dot1x boolTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- Hide
Ssid bool - Whether to hide SSID in beacon
- Hostname
Ie bool - Include hostname inside IE in AP beacons / probe responses
- Hotspot20
Pulumi.
Juniper Mist. Site. Inputs. Wlan Hotspot20 - Hostspot 2.0 wlan settings
- Inject
Dhcp Pulumi.Option82 Juniper Mist. Site. Inputs. Wlan Inject Dhcp Option82 - Interface string
- where this WLAN will be connected to. enum:
all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel - Isolation bool
- Whether to stop clients to talk to each other
- L2Isolation bool
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- Legacy
Overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- Limit
Bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- Limit
Probe boolResponse - Limit probe response base on some heuristic rules
- Max
Idletime int - Max idle time in seconds
- Max
Num intClients - Maximum number of client connected to the SSID.
0means unlimited - Mist
Nac Pulumi.Juniper Mist. Site. Inputs. Wlan Mist Nac - Msp
Id string - Mxtunnel
Ids List<string> - When
interface=mxtunnel, id of the Mist Tunnel - Mxtunnel
Names List<string> - When
interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting - No
Static boolDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- No
Static boolIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- Org
Id string - Portal
Pulumi.
Juniper Mist. Site. Inputs. Wlan Portal - Portal wlan settings
- Portal
Allowed List<string>Hostnames - List of hostnames without http(s):// (matched by substring)
- Portal
Allowed List<string>Subnets - List of CIDRs
- Portal
Api stringSecret - APi secret (auto-generated) that can be used to sign guest authorization requests
- Portal
Denied List<string>Hostnames - List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- Portal
Image string - Url of portal background image
- Portal
Sso stringUrl - Qos
Pulumi.
Juniper Mist. Site. Inputs. Wlan Qos - Radsec
Pulumi.
Juniper Mist. Site. Inputs. Wlan Radsec - RadSec settings
- Rateset
Dictionary<string, Pulumi.
Juniper Mist. Site. Inputs. Wlan Rateset Args> - Property key is the RF band. enum:
24,5,6 - Reconnect
Clients boolWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- Roam
Mode string - enum:
11r,OKC,NONE - Schedule
Pulumi.
Juniper Mist. Site. Inputs. Wlan Schedule - WLAN operating schedule, default is disabled
- Site
Id string - Sle
Excluded bool - Whether to exclude this WLAN from SLE metrics
- Ssid string
- Name of the SSID
- Use
Eapol boolV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - Vlan
Enabled bool - If vlan tagging is enabled
- Vlan
Id string - Vlan
Ids List<string> - if
vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool - Vlan
Pooling bool - Requires
vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - Wlan
Limit stringDown - Wlan
Limit boolDown Enabled - If downlink limiting for whole wlan is enabled
- Wlan
Limit stringUp - Wlan
Limit boolUp Enabled - If uplink limiting for whole wlan is enabled
- Wxtag
Ids List<string> - List of wxtag_ids
- Wxtunnel
Id string - When
interface=wxtunnel, id of the WXLAN Tunnel - Wxtunnel
Remote stringId - When
interface=wxtunnel, remote tunnel identifier
- Acct
Immediate boolUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- Acct
Interim intInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- Acct
Servers []WlanAcct Server Args - List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- Airwatch
Wlan
Airwatch Args - Airwatch wlan settings
- Allow
Ipv6Ndp bool - Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- Allow
Mdns bool - Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- Allow
Ssdp bool - Only applicable when
limit_bcast==true, which allows SSDP - Ap
Ids []string - List of device ids
- App
Limit WlanApp Limit Args - Bandwidth limiting for apps (applies to up/down)
- App
Qos WlanApp Qos Args - APp qos wlan settings
- Apply
To string - enum:
aps,site,wxtags - Arp
Filter bool - Whether to enable smart arp filter
- Auth
Wlan
Auth Args - Authentication wlan settings
- Auth
Server stringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered,unordered - Auth
Servers []WlanAuth Server Args - List of RADIUS authentication servers, at least one is needed if
auth type==eap, order matters where the first one is treated as primary - Auth
Servers stringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- Auth
Servers stringNas Ip - Optional, NAS-IP-ADDRESS to use
- Auth
Servers intRetries - Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- Auth
Servers intTimeout - Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- Band
Steer bool - Whether to enable band_steering, this works only when band==both
- Band
Steer boolForce Band5 - Force dual_band capable client to connect to 5G
- Bands []string
- list of radios that the wlan should apply to. enum:
24,5,6 - Block
Blacklist boolClients - Whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Wlan
Bonjour Args - Bonjour gateway wlan settings
- Cisco
Cwa WlanCisco Cwa Args - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- Client
Limit stringDown - Client
Limit boolDown Enabled - If downlink limiting per-client is enabled
- Client
Limit stringUp - Client
Limit boolUp Enabled - If uplink limiting per-client is enabled
- Coa
Servers []WlanCoa Server Args - List of COA (change of authorization) servers, optional
- Disable11ax bool
- Some old WLAN drivers may not be compatible
- Disable11be bool
- To disable Wi-Fi 7 EHT IEs
- Disable
Ht boolVht Rates - To disable ht or vht rates
- Disable
Uapsd bool - Whether to disable U-APSD
- Disable
V1Roam boolNotify - Disable sending v2 roam notification messages
- Disable
V2Roam boolNotify - Disable sending v2 roam notification messages
- Disable
When boolGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- Disable
When boolMxtunnel Down - Disable
Wmm bool - Whether to disable WMM
- Dns
Server WlanRewrite Dns Server Rewrite Args - For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- Dtim int
- Dynamic
Psk WlanDynamic Psk Args - For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e.
enable_mac_authis assumed) - AP sends BSSID:SSID as Caller-Station-ID
auth_serversis required- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
multi_psk_onlyandpskis ignoredpairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
- Dynamic
Vlan WlanDynamic Vlan Args - For 802.1x
- Enable
Local boolKeycaching - Enable AP-AP keycaching via multicast
- Enable
Wireless boolBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- Enable
Wireless boolBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- If this wlan is enabled
- Fast
Dot1x boolTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- Hide
Ssid bool - Whether to hide SSID in beacon
- Hostname
Ie bool - Include hostname inside IE in AP beacons / probe responses
- Hotspot20
Wlan
Hotspot20Args - Hostspot 2.0 wlan settings
- Inject
Dhcp WlanOption82 Inject Dhcp Option82Args - Interface string
- where this WLAN will be connected to. enum:
all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel - Isolation bool
- Whether to stop clients to talk to each other
- L2Isolation bool
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- Legacy
Overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- Limit
Bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- Limit
Probe boolResponse - Limit probe response base on some heuristic rules
- Max
Idletime int - Max idle time in seconds
- Max
Num intClients - Maximum number of client connected to the SSID.
0means unlimited - Mist
Nac WlanMist Nac Args - Msp
Id string - Mxtunnel
Ids []string - When
interface=mxtunnel, id of the Mist Tunnel - Mxtunnel
Names []string - When
interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting - No
Static boolDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- No
Static boolIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- Org
Id string - Portal
Wlan
Portal Args - Portal wlan settings
- Portal
Allowed []stringHostnames - List of hostnames without http(s):// (matched by substring)
- Portal
Allowed []stringSubnets - List of CIDRs
- Portal
Api stringSecret - APi secret (auto-generated) that can be used to sign guest authorization requests
- Portal
Denied []stringHostnames - List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- Portal
Image string - Url of portal background image
- Portal
Sso stringUrl - Qos
Wlan
Qos Args - Radsec
Wlan
Radsec Args - RadSec settings
- Rateset
map[string]Wlan
Rateset Args - Property key is the RF band. enum:
24,5,6 - Reconnect
Clients boolWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- Roam
Mode string - enum:
11r,OKC,NONE - Schedule
Wlan
Schedule Args - WLAN operating schedule, default is disabled
- Site
Id string - Sle
Excluded bool - Whether to exclude this WLAN from SLE metrics
- Ssid string
- Name of the SSID
- Use
Eapol boolV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - Vlan
Enabled bool - If vlan tagging is enabled
- Vlan
Id string - Vlan
Ids []string - if
vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool - Vlan
Pooling bool - Requires
vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - Wlan
Limit stringDown - Wlan
Limit boolDown Enabled - If downlink limiting for whole wlan is enabled
- Wlan
Limit stringUp - Wlan
Limit boolUp Enabled - If uplink limiting for whole wlan is enabled
- Wxtag
Ids []string - List of wxtag_ids
- Wxtunnel
Id string - When
interface=wxtunnel, id of the WXLAN Tunnel - Wxtunnel
Remote stringId - When
interface=wxtunnel, remote tunnel identifier
- acct
Immediate BooleanUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim IntegerInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct
Servers List<WlanAcct Server> - List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
Wlan
Airwatch - Airwatch wlan settings
- allow
Ipv6Ndp Boolean - Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow
Mdns Boolean - Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow
Ssdp Boolean - Only applicable when
limit_bcast==true, which allows SSDP - ap
Ids List<String> - List of device ids
- app
Limit WlanApp Limit - Bandwidth limiting for apps (applies to up/down)
- app
Qos WlanApp Qos - APp qos wlan settings
- apply
To String - enum:
aps,site,wxtags - arp
Filter Boolean - Whether to enable smart arp filter
- auth
Wlan
Auth - Authentication wlan settings
- auth
Server StringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered,unordered - auth
Servers List<WlanAuth Server> - List of RADIUS authentication servers, at least one is needed if
auth type==eap, order matters where the first one is treated as primary - auth
Servers StringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers StringNas Ip - Optional, NAS-IP-ADDRESS to use
- auth
Servers IntegerRetries - Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth
Servers IntegerTimeout - Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band
Steer Boolean - Whether to enable band_steering, this works only when band==both
- band
Steer BooleanForce Band5 - Force dual_band capable client to connect to 5G
- bands List<String>
- list of radios that the wlan should apply to. enum:
24,5,6 - block
Blacklist BooleanClients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour - Bonjour gateway wlan settings
- cisco
Cwa WlanCisco Cwa - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client
Limit StringDown - client
Limit BooleanDown Enabled - If downlink limiting per-client is enabled
- client
Limit StringUp - client
Limit BooleanUp Enabled - If uplink limiting per-client is enabled
- coa
Servers List<WlanCoa Server> - List of COA (change of authorization) servers, optional
- disable11ax Boolean
- Some old WLAN drivers may not be compatible
- disable11be Boolean
- To disable Wi-Fi 7 EHT IEs
- disable
Ht BooleanVht Rates - To disable ht or vht rates
- disable
Uapsd Boolean - Whether to disable U-APSD
- disable
V1Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
V2Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
When BooleanGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable
When BooleanMxtunnel Down - disable
Wmm Boolean - Whether to disable WMM
- dns
Server WlanRewrite Dns Server Rewrite - For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim Integer
- dynamic
Psk WlanDynamic Psk - For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e.
enable_mac_authis assumed) - AP sends BSSID:SSID as Caller-Station-ID
auth_serversis required- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
multi_psk_onlyandpskis ignoredpairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
- dynamic
Vlan WlanDynamic Vlan - For 802.1x
- enable
Local BooleanKeycaching - Enable AP-AP keycaching via multicast
- enable
Wireless BooleanBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- enable
Wireless BooleanBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- If this wlan is enabled
- fast
Dot1x BooleanTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid Boolean - Whether to hide SSID in beacon
- hostname
Ie Boolean - Include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20 - Hostspot 2.0 wlan settings
- inject
Dhcp WlanOption82 Inject Dhcp Option82 - interface_ String
- where this WLAN will be connected to. enum:
all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel - isolation Boolean
- Whether to stop clients to talk to each other
- l2Isolation Boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds Boolean - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast Boolean - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe BooleanResponse - Limit probe response base on some heuristic rules
- max
Idletime Integer - Max idle time in seconds
- max
Num IntegerClients - Maximum number of client connected to the SSID.
0means unlimited - mist
Nac WlanMist Nac - msp
Id String - mxtunnel
Ids List<String> - When
interface=mxtunnel, id of the Mist Tunnel - mxtunnel
Names List<String> - When
interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting - no
Static BooleanDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static BooleanIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- org
Id String - portal
Wlan
Portal - Portal wlan settings
- portal
Allowed List<String>Hostnames - List of hostnames without http(s):// (matched by substring)
- portal
Allowed List<String>Subnets - List of CIDRs
- portal
Api StringSecret - APi secret (auto-generated) that can be used to sign guest authorization requests
- portal
Denied List<String>Hostnames - List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- portal
Image String - Url of portal background image
- portal
Sso StringUrl - qos
Wlan
Qos - radsec
Wlan
Radsec - RadSec settings
- rateset
Map<String,Wlan
Rateset Args> - Property key is the RF band. enum:
24,5,6 - reconnect
Clients BooleanWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam
Mode String - enum:
11r,OKC,NONE - schedule
Wlan
Schedule - WLAN operating schedule, default is disabled
- site
Id String - sle
Excluded Boolean - Whether to exclude this WLAN from SLE metrics
- ssid String
- Name of the SSID
- use
Eapol BooleanV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled Boolean - If vlan tagging is enabled
- vlan
Id String - vlan
Ids List<String> - if
vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool - vlan
Pooling Boolean - Requires
vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan
Limit StringDown - wlan
Limit BooleanDown Enabled - If downlink limiting for whole wlan is enabled
- wlan
Limit StringUp - wlan
Limit BooleanUp Enabled - If uplink limiting for whole wlan is enabled
- wxtag
Ids List<String> - List of wxtag_ids
- wxtunnel
Id String - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel
Remote StringId - When
interface=wxtunnel, remote tunnel identifier
- acct
Immediate booleanUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim numberInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct
Servers WlanAcct Server[] - List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
Wlan
Airwatch - Airwatch wlan settings
- allow
Ipv6Ndp boolean - Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow
Mdns boolean - Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow
Ssdp boolean - Only applicable when
limit_bcast==true, which allows SSDP - ap
Ids string[] - List of device ids
- app
Limit WlanApp Limit - Bandwidth limiting for apps (applies to up/down)
- app
Qos WlanApp Qos - APp qos wlan settings
- apply
To string - enum:
aps,site,wxtags - arp
Filter boolean - Whether to enable smart arp filter
- auth
Wlan
Auth - Authentication wlan settings
- auth
Server stringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered,unordered - auth
Servers WlanAuth Server[] - List of RADIUS authentication servers, at least one is needed if
auth type==eap, order matters where the first one is treated as primary - auth
Servers stringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers stringNas Ip - Optional, NAS-IP-ADDRESS to use
- auth
Servers numberRetries - Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth
Servers numberTimeout - Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band
Steer boolean - Whether to enable band_steering, this works only when band==both
- band
Steer booleanForce Band5 - Force dual_band capable client to connect to 5G
- bands string[]
- list of radios that the wlan should apply to. enum:
24,5,6 - block
Blacklist booleanClients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour - Bonjour gateway wlan settings
- cisco
Cwa WlanCisco Cwa - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client
Limit stringDown - client
Limit booleanDown Enabled - If downlink limiting per-client is enabled
- client
Limit stringUp - client
Limit booleanUp Enabled - If uplink limiting per-client is enabled
- coa
Servers WlanCoa Server[] - List of COA (change of authorization) servers, optional
- disable11ax boolean
- Some old WLAN drivers may not be compatible
- disable11be boolean
- To disable Wi-Fi 7 EHT IEs
- disable
Ht booleanVht Rates - To disable ht or vht rates
- disable
Uapsd boolean - Whether to disable U-APSD
- disable
V1Roam booleanNotify - Disable sending v2 roam notification messages
- disable
V2Roam booleanNotify - Disable sending v2 roam notification messages
- disable
When booleanGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable
When booleanMxtunnel Down - disable
Wmm boolean - Whether to disable WMM
- dns
Server WlanRewrite Dns Server Rewrite - For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim number
- dynamic
Psk WlanDynamic Psk - For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e.
enable_mac_authis assumed) - AP sends BSSID:SSID as Caller-Station-ID
auth_serversis required- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
multi_psk_onlyandpskis ignoredpairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
- dynamic
Vlan WlanDynamic Vlan - For 802.1x
- enable
Local booleanKeycaching - Enable AP-AP keycaching via multicast
- enable
Wireless booleanBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- enable
Wireless booleanBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled boolean
- If this wlan is enabled
- fast
Dot1x booleanTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid boolean - Whether to hide SSID in beacon
- hostname
Ie boolean - Include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20 - Hostspot 2.0 wlan settings
- inject
Dhcp WlanOption82 Inject Dhcp Option82 - interface string
- where this WLAN will be connected to. enum:
all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel - isolation boolean
- Whether to stop clients to talk to each other
- l2Isolation boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds boolean - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast boolean - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe booleanResponse - Limit probe response base on some heuristic rules
- max
Idletime number - Max idle time in seconds
- max
Num numberClients - Maximum number of client connected to the SSID.
0means unlimited - mist
Nac WlanMist Nac - msp
Id string - mxtunnel
Ids string[] - When
interface=mxtunnel, id of the Mist Tunnel - mxtunnel
Names string[] - When
interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting - no
Static booleanDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static booleanIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- org
Id string - portal
Wlan
Portal - Portal wlan settings
- portal
Allowed string[]Hostnames - List of hostnames without http(s):// (matched by substring)
- portal
Allowed string[]Subnets - List of CIDRs
- portal
Api stringSecret - APi secret (auto-generated) that can be used to sign guest authorization requests
- portal
Denied string[]Hostnames - List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- portal
Image string - Url of portal background image
- portal
Sso stringUrl - qos
Wlan
Qos - radsec
Wlan
Radsec - RadSec settings
- rateset
{[key: string]: Wlan
Rateset Args} - Property key is the RF band. enum:
24,5,6 - reconnect
Clients booleanWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam
Mode string - enum:
11r,OKC,NONE - schedule
Wlan
Schedule - WLAN operating schedule, default is disabled
- site
Id string - sle
Excluded boolean - Whether to exclude this WLAN from SLE metrics
- ssid string
- Name of the SSID
- use
Eapol booleanV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled boolean - If vlan tagging is enabled
- vlan
Id string - vlan
Ids string[] - if
vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool - vlan
Pooling boolean - Requires
vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan
Limit stringDown - wlan
Limit booleanDown Enabled - If downlink limiting for whole wlan is enabled
- wlan
Limit stringUp - wlan
Limit booleanUp Enabled - If uplink limiting for whole wlan is enabled
- wxtag
Ids string[] - List of wxtag_ids
- wxtunnel
Id string - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel
Remote stringId - When
interface=wxtunnel, remote tunnel identifier
- acct_
immediate_ boolupdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct_
interim_ intinterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct_
servers Sequence[WlanAcct Server Args] - List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
Wlan
Airwatch Args - Airwatch wlan settings
- allow_
ipv6_ boolndp - Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow_
mdns bool - Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow_
ssdp bool - Only applicable when
limit_bcast==true, which allows SSDP - ap_
ids Sequence[str] - List of device ids
- app_
limit WlanApp Limit Args - Bandwidth limiting for apps (applies to up/down)
- app_
qos WlanApp Qos Args - APp qos wlan settings
- apply_
to str - enum:
aps,site,wxtags - arp_
filter bool - Whether to enable smart arp filter
- auth
Wlan
Auth Args - Authentication wlan settings
- auth_
server_ strselection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered,unordered - auth_
servers Sequence[WlanAuth Server Args] - List of RADIUS authentication servers, at least one is needed if
auth type==eap, order matters where the first one is treated as primary - auth_
servers_ strnas_ id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth_
servers_ strnas_ ip - Optional, NAS-IP-ADDRESS to use
- auth_
servers_ intretries - Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth_
servers_ inttimeout - Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band_
steer bool - Whether to enable band_steering, this works only when band==both
- band_
steer_ boolforce_ band5 - Force dual_band capable client to connect to 5G
- bands Sequence[str]
- list of radios that the wlan should apply to. enum:
24,5,6 - block_
blacklist_ boolclients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour Args - Bonjour gateway wlan settings
- cisco_
cwa WlanCisco Cwa Args - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client_
limit_ strdown - client_
limit_ booldown_ enabled - If downlink limiting per-client is enabled
- client_
limit_ strup - client_
limit_ boolup_ enabled - If uplink limiting per-client is enabled
- coa_
servers Sequence[WlanCoa Server Args] - List of COA (change of authorization) servers, optional
- disable11ax bool
- Some old WLAN drivers may not be compatible
- disable11be bool
- To disable Wi-Fi 7 EHT IEs
- disable_
ht_ boolvht_ rates - To disable ht or vht rates
- disable_
uapsd bool - Whether to disable U-APSD
- disable_
v1_ boolroam_ notify - Disable sending v2 roam notification messages
- disable_
v2_ boolroam_ notify - Disable sending v2 roam notification messages
- disable_
when_ boolgateway_ unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable_
when_ boolmxtunnel_ down - disable_
wmm bool - Whether to disable WMM
- dns_
server_ Wlanrewrite Dns Server Rewrite Args - For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim int
- dynamic_
psk WlanDynamic Psk Args - For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e.
enable_mac_authis assumed) - AP sends BSSID:SSID as Caller-Station-ID
auth_serversis required- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
multi_psk_onlyandpskis ignoredpairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
- dynamic_
vlan WlanDynamic Vlan Args - For 802.1x
- enable_
local_ boolkeycaching - Enable AP-AP keycaching via multicast
- enable_
wireless_ boolbridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- enable_
wireless_ boolbridging_ dhcp_ tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled bool
- If this wlan is enabled
- fast_
dot1x_ booltimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide_
ssid bool - Whether to hide SSID in beacon
- hostname_
ie bool - Include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20Args - Hostspot 2.0 wlan settings
- inject_
dhcp_ Wlanoption82 Inject Dhcp Option82Args - interface str
- where this WLAN will be connected to. enum:
all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel - isolation bool
- Whether to stop clients to talk to each other
- l2_
isolation bool - If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy_
overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit_
bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit_
probe_ boolresponse - Limit probe response base on some heuristic rules
- max_
idletime int - Max idle time in seconds
- max_
num_ intclients - Maximum number of client connected to the SSID.
0means unlimited - mist_
nac WlanMist Nac Args - msp_
id str - mxtunnel_
ids Sequence[str] - When
interface=mxtunnel, id of the Mist Tunnel - mxtunnel_
names Sequence[str] - When
interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting - no_
static_ booldns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no_
static_ boolip - Whether to only allow client that we’ve learned from DHCP exchange to talk
- org_
id str - portal
Wlan
Portal Args - Portal wlan settings
- portal_
allowed_ Sequence[str]hostnames - List of hostnames without http(s):// (matched by substring)
- portal_
allowed_ Sequence[str]subnets - List of CIDRs
- portal_
api_ strsecret - APi secret (auto-generated) that can be used to sign guest authorization requests
- portal_
denied_ Sequence[str]hostnames - List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- portal_
image str - Url of portal background image
- portal_
sso_ strurl - qos
Wlan
Qos Args - radsec
Wlan
Radsec Args - RadSec settings
- rateset
Mapping[str, Wlan
Rateset Args] - Property key is the RF band. enum:
24,5,6 - reconnect_
clients_ boolwhen_ roaming_ mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam_
mode str - enum:
11r,OKC,NONE - schedule
Wlan
Schedule Args - WLAN operating schedule, default is disabled
- site_
id str - sle_
excluded bool - Whether to exclude this WLAN from SLE metrics
- ssid str
- Name of the SSID
- use_
eapol_ boolv1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan_
enabled bool - If vlan tagging is enabled
- vlan_
id str - vlan_
ids Sequence[str] - if
vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool - vlan_
pooling bool - Requires
vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan_
limit_ strdown - wlan_
limit_ booldown_ enabled - If downlink limiting for whole wlan is enabled
- wlan_
limit_ strup - wlan_
limit_ boolup_ enabled - If uplink limiting for whole wlan is enabled
- wxtag_
ids Sequence[str] - List of wxtag_ids
- wxtunnel_
id str - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel_
remote_ strid - When
interface=wxtunnel, remote tunnel identifier
- acct
Immediate BooleanUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim NumberInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct
Servers List<Property Map> - List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch Property Map
- Airwatch wlan settings
- allow
Ipv6Ndp Boolean - Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow
Mdns Boolean - Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow
Ssdp Boolean - Only applicable when
limit_bcast==true, which allows SSDP - ap
Ids List<String> - List of device ids
- app
Limit Property Map - Bandwidth limiting for apps (applies to up/down)
- app
Qos Property Map - APp qos wlan settings
- apply
To String - enum:
aps,site,wxtags - arp
Filter Boolean - Whether to enable smart arp filter
- auth Property Map
- Authentication wlan settings
- auth
Server StringSelection - When ordered, AP will prefer and go back to the first server if possible. enum:
ordered,unordered - auth
Servers List<Property Map> - List of RADIUS authentication servers, at least one is needed if
auth type==eap, order matters where the first one is treated as primary - auth
Servers StringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers StringNas Ip - Optional, NAS-IP-ADDRESS to use
- auth
Servers NumberRetries - Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth
Servers NumberTimeout - Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band
Steer Boolean - Whether to enable band_steering, this works only when band==both
- band
Steer BooleanForce Band5 - Force dual_band capable client to connect to 5G
- bands List<String>
- list of radios that the wlan should apply to. enum:
24,5,6 - block
Blacklist BooleanClients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour Property Map
- Bonjour gateway wlan settings
- cisco
Cwa Property Map - Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client
Limit StringDown - client
Limit BooleanDown Enabled - If downlink limiting per-client is enabled
- client
Limit StringUp - client
Limit BooleanUp Enabled - If uplink limiting per-client is enabled
- coa
Servers List<Property Map> - List of COA (change of authorization) servers, optional
- disable11ax Boolean
- Some old WLAN drivers may not be compatible
- disable11be Boolean
- To disable Wi-Fi 7 EHT IEs
- disable
Ht BooleanVht Rates - To disable ht or vht rates
- disable
Uapsd Boolean - Whether to disable U-APSD
- disable
V1Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
V2Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
When BooleanGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable
When BooleanMxtunnel Down - disable
Wmm Boolean - Whether to disable WMM
- dns
Server Property MapRewrite - For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim Number
- dynamic
Psk Property Map - For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e.
enable_mac_authis assumed) - AP sends BSSID:SSID as Caller-Station-ID
auth_serversis required- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
multi_psk_onlyandpskis ignoredpairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
- dynamic
Vlan Property Map - For 802.1x
- enable
Local BooleanKeycaching - Enable AP-AP keycaching via multicast
- enable
Wireless BooleanBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- enable
Wireless BooleanBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- If this wlan is enabled
- fast
Dot1x BooleanTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid Boolean - Whether to hide SSID in beacon
- hostname
Ie Boolean - Include hostname inside IE in AP beacons / probe responses
- hotspot20 Property Map
- Hostspot 2.0 wlan settings
- inject
Dhcp Property MapOption82 - interface String
- where this WLAN will be connected to. enum:
all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel - isolation Boolean
- Whether to stop clients to talk to each other
- l2Isolation Boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds Boolean - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast Boolean - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe BooleanResponse - Limit probe response base on some heuristic rules
- max
Idletime Number - Max idle time in seconds
- max
Num NumberClients - Maximum number of client connected to the SSID.
0means unlimited - mist
Nac Property Map - msp
Id String - mxtunnel
Ids List<String> - When
interface=mxtunnel, id of the Mist Tunnel - mxtunnel
Names List<String> - When
interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting - no
Static BooleanDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static BooleanIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- org
Id String - portal Property Map
- Portal wlan settings
- portal
Allowed List<String>Hostnames - List of hostnames without http(s):// (matched by substring)
- portal
Allowed List<String>Subnets - List of CIDRs
- portal
Api StringSecret - APi secret (auto-generated) that can be used to sign guest authorization requests
- portal
Denied List<String>Hostnames - List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- portal
Image String - Url of portal background image
- portal
Sso StringUrl - qos Property Map
- radsec Property Map
- RadSec settings
- rateset Map<Property Map>
- Property key is the RF band. enum:
24,5,6 - reconnect
Clients BooleanWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam
Mode String - enum:
11r,OKC,NONE - schedule Property Map
- WLAN operating schedule, default is disabled
- site
Id String - sle
Excluded Boolean - Whether to exclude this WLAN from SLE metrics
- ssid String
- Name of the SSID
- use
Eapol BooleanV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled Boolean - If vlan tagging is enabled
- vlan
Id String - vlan
Ids List<String> - if
vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool - vlan
Pooling Boolean - Requires
vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan
Limit StringDown - wlan
Limit BooleanDown Enabled - If downlink limiting for whole wlan is enabled
- wlan
Limit StringUp - wlan
Limit BooleanUp Enabled - If uplink limiting for whole wlan is enabled
- wxtag
Ids List<String> - List of wxtag_ids
- wxtunnel
Id String - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel
Remote StringId - When
interface=wxtunnel, remote tunnel identifier
Supporting Types
WlanAcctServer, WlanAcctServerArgs
- Host string
- IP/ hostname of RADIUS server
- Secret string
- Secret of RADIUS server
- Keywrap
Enabled bool - Keywrap
Format string - enum:
ascii,hex - Keywrap
Kek string - Keywrap
Mack string - Port string
- Host string
- IP/ hostname of RADIUS server
- Secret string
- Secret of RADIUS server
- Keywrap
Enabled bool - Keywrap
Format string - enum:
ascii,hex - Keywrap
Kek string - Keywrap
Mack string - Port string
- host String
- IP/ hostname of RADIUS server
- secret String
- Secret of RADIUS server
- keywrap
Enabled Boolean - keywrap
Format String - enum:
ascii,hex - keywrap
Kek String - keywrap
Mack String - port String
- host string
- IP/ hostname of RADIUS server
- secret string
- Secret of RADIUS server
- keywrap
Enabled boolean - keywrap
Format string - enum:
ascii,hex - keywrap
Kek string - keywrap
Mack string - port string
- host str
- IP/ hostname of RADIUS server
- secret str
- Secret of RADIUS server
- keywrap_
enabled bool - keywrap_
format str - enum:
ascii,hex - keywrap_
kek str - keywrap_
mack str - port str
- host String
- IP/ hostname of RADIUS server
- secret String
- Secret of RADIUS server
- keywrap
Enabled Boolean - keywrap
Format String - enum:
ascii,hex - keywrap
Kek String - keywrap
Mack String - port String
WlanAirwatch, WlanAirwatchArgs
- Api
Key string - API Key
- Console
Url string - Console URL
- Enabled bool
- Password string
- Password
- Username string
- Username
- Api
Key string - API Key
- Console
Url string - Console URL
- Enabled bool
- Password string
- Password
- Username string
- Username
- api
Key String - API Key
- console
Url String - Console URL
- enabled Boolean
- password String
- Password
- username String
- Username
- api
Key string - API Key
- console
Url string - Console URL
- enabled boolean
- password string
- Password
- username string
- Username
- api_
key str - API Key
- console_
url str - Console URL
- enabled bool
- password str
- Password
- username str
- Username
- api
Key String - API Key
- console
Url String - Console URL
- enabled Boolean
- password String
- Password
- username String
- Username
WlanAppLimit, WlanAppLimitArgs
WlanAppQos, WlanAppQosArgs
- Apps
Dictionary<string, Pulumi.
Juniper Mist. Site. Inputs. Wlan App Qos Apps> - Enabled bool
- Others
List<Pulumi.
Juniper Mist. Site. Inputs. Wlan App Qos Other>
- Apps
map[string]Wlan
App Qos Apps - Enabled bool
- Others
[]Wlan
App Qos Other
- apps
Map<String,Wlan
App Qos Apps> - enabled Boolean
- others
List<Wlan
App Qos Other>
- apps
{[key: string]: Wlan
App Qos Apps} - enabled boolean
- others
Wlan
App Qos Other[]
- apps
Mapping[str, Wlan
App Qos Apps] - enabled bool
- others
Sequence[Wlan
App Qos Other]
- apps Map<Property Map>
- enabled Boolean
- others List<Property Map>
WlanAppQosApps, WlanAppQosAppsArgs
- dscp str
- DSCP value range between 0 and 63
- dst_
subnet str - Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
- src_
subnet str - Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
WlanAppQosOther, WlanAppQosOtherArgs
- Dscp string
- Dst
Subnet string - Port
Ranges string - Protocol string
- Src
Subnet string
- Dscp string
- Dst
Subnet string - Port
Ranges string - Protocol string
- Src
Subnet string
- dscp String
- dst
Subnet String - port
Ranges String - protocol String
- src
Subnet String
- dscp string
- dst
Subnet string - port
Ranges string - protocol string
- src
Subnet string
- dscp str
- dst_
subnet str - port_
ranges str - protocol str
- src_
subnet str
- dscp String
- dst
Subnet String - port
Ranges String - protocol String
- src
Subnet String
WlanAuth, WlanAuthArgs
- Anticlog
Threshold int - SAE anti-clogging token threshold
- Eap
Reauth bool - Whether to trigger EAP reauth when the session ends
- Enable
Mac boolAuth - Whether to enable MAC Auth, uses the same auth_servers
- Key
Idx int - When
type==wep - Keys List<string>
- When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- Multi
Psk boolOnly - When
type==psk, whether to only use multi_psk - Owe string
- if
type==open. enum:disabled,enabled(means transition mode),required - Pairwises List<string>
- When
type=pskortype=eap, one or more ofwpa1-ccmp,wpa1-tkip,wpa2-ccmp,wpa2-tkip,wpa3 - Private
Wlan bool - When
multi_psk_only==true, whether private wlan is enabled - Psk string
- When
type==psk, 8-64 characters, or 64 hex characters - Type string
- enum:
eap,eap192,open,psk,psk-tkip,psk-wpa2-tkip,wep - Wep
As boolSecondary Auth - Enable WEP as secondary auth
- Anticlog
Threshold int - SAE anti-clogging token threshold
- Eap
Reauth bool - Whether to trigger EAP reauth when the session ends
- Enable
Mac boolAuth - Whether to enable MAC Auth, uses the same auth_servers
- Key
Idx int - When
type==wep - Keys []string
- When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- Multi
Psk boolOnly - When
type==psk, whether to only use multi_psk - Owe string
- if
type==open. enum:disabled,enabled(means transition mode),required - Pairwises []string
- When
type=pskortype=eap, one or more ofwpa1-ccmp,wpa1-tkip,wpa2-ccmp,wpa2-tkip,wpa3 - Private
Wlan bool - When
multi_psk_only==true, whether private wlan is enabled - Psk string
- When
type==psk, 8-64 characters, or 64 hex characters - Type string
- enum:
eap,eap192,open,psk,psk-tkip,psk-wpa2-tkip,wep - Wep
As boolSecondary Auth - Enable WEP as secondary auth
- anticlog
Threshold Integer - SAE anti-clogging token threshold
- eap
Reauth Boolean - Whether to trigger EAP reauth when the session ends
- enable
Mac BooleanAuth - Whether to enable MAC Auth, uses the same auth_servers
- key
Idx Integer - When
type==wep - keys List<String>
- When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- multi
Psk BooleanOnly - When
type==psk, whether to only use multi_psk - owe String
- if
type==open. enum:disabled,enabled(means transition mode),required - pairwises List<String>
- When
type=pskortype=eap, one or more ofwpa1-ccmp,wpa1-tkip,wpa2-ccmp,wpa2-tkip,wpa3 - private
Wlan Boolean - When
multi_psk_only==true, whether private wlan is enabled - psk String
- When
type==psk, 8-64 characters, or 64 hex characters - type String
- enum:
eap,eap192,open,psk,psk-tkip,psk-wpa2-tkip,wep - wep
As BooleanSecondary Auth - Enable WEP as secondary auth
- anticlog
Threshold number - SAE anti-clogging token threshold
- eap
Reauth boolean - Whether to trigger EAP reauth when the session ends
- enable
Mac booleanAuth - Whether to enable MAC Auth, uses the same auth_servers
- key
Idx number - When
type==wep - keys string[]
- When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- multi
Psk booleanOnly - When
type==psk, whether to only use multi_psk - owe string
- if
type==open. enum:disabled,enabled(means transition mode),required - pairwises string[]
- When
type=pskortype=eap, one or more ofwpa1-ccmp,wpa1-tkip,wpa2-ccmp,wpa2-tkip,wpa3 - private
Wlan boolean - When
multi_psk_only==true, whether private wlan is enabled - psk string
- When
type==psk, 8-64 characters, or 64 hex characters - type string
- enum:
eap,eap192,open,psk,psk-tkip,psk-wpa2-tkip,wep - wep
As booleanSecondary Auth - Enable WEP as secondary auth
- anticlog_
threshold int - SAE anti-clogging token threshold
- eap_
reauth bool - Whether to trigger EAP reauth when the session ends
- enable_
mac_ boolauth - Whether to enable MAC Auth, uses the same auth_servers
- key_
idx int - When
type==wep - keys Sequence[str]
- When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- multi_
psk_ boolonly - When
type==psk, whether to only use multi_psk - owe str
- if
type==open. enum:disabled,enabled(means transition mode),required - pairwises Sequence[str]
- When
type=pskortype=eap, one or more ofwpa1-ccmp,wpa1-tkip,wpa2-ccmp,wpa2-tkip,wpa3 - private_
wlan bool - When
multi_psk_only==true, whether private wlan is enabled - psk str
- When
type==psk, 8-64 characters, or 64 hex characters - type str
- enum:
eap,eap192,open,psk,psk-tkip,psk-wpa2-tkip,wep - wep_
as_ boolsecondary_ auth - Enable WEP as secondary auth
- anticlog
Threshold Number - SAE anti-clogging token threshold
- eap
Reauth Boolean - Whether to trigger EAP reauth when the session ends
- enable
Mac BooleanAuth - Whether to enable MAC Auth, uses the same auth_servers
- key
Idx Number - When
type==wep - keys List<String>
- When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- multi
Psk BooleanOnly - When
type==psk, whether to only use multi_psk - owe String
- if
type==open. enum:disabled,enabled(means transition mode),required - pairwises List<String>
- When
type=pskortype=eap, one or more ofwpa1-ccmp,wpa1-tkip,wpa2-ccmp,wpa2-tkip,wpa3 - private
Wlan Boolean - When
multi_psk_only==true, whether private wlan is enabled - psk String
- When
type==psk, 8-64 characters, or 64 hex characters - type String
- enum:
eap,eap192,open,psk,psk-tkip,psk-wpa2-tkip,wep - wep
As BooleanSecondary Auth - Enable WEP as secondary auth
WlanAuthServer, WlanAuthServerArgs
- Host string
- IP/ hostname of RADIUS server
- Secret string
- Secret of RADIUS server
- Keywrap
Enabled bool - Keywrap
Format string - enum:
ascii,hex - Keywrap
Kek string - Keywrap
Mack string - Port string
- Require
Message boolAuthenticator - Whether to require Message-Authenticator in requests
- Host string
- IP/ hostname of RADIUS server
- Secret string
- Secret of RADIUS server
- Keywrap
Enabled bool - Keywrap
Format string - enum:
ascii,hex - Keywrap
Kek string - Keywrap
Mack string - Port string
- Require
Message boolAuthenticator - Whether to require Message-Authenticator in requests
- host String
- IP/ hostname of RADIUS server
- secret String
- Secret of RADIUS server
- keywrap
Enabled Boolean - keywrap
Format String - enum:
ascii,hex - keywrap
Kek String - keywrap
Mack String - port String
- require
Message BooleanAuthenticator - Whether to require Message-Authenticator in requests
- host string
- IP/ hostname of RADIUS server
- secret string
- Secret of RADIUS server
- keywrap
Enabled boolean - keywrap
Format string - enum:
ascii,hex - keywrap
Kek string - keywrap
Mack string - port string
- require
Message booleanAuthenticator - Whether to require Message-Authenticator in requests
- host str
- IP/ hostname of RADIUS server
- secret str
- Secret of RADIUS server
- keywrap_
enabled bool - keywrap_
format str - enum:
ascii,hex - keywrap_
kek str - keywrap_
mack str - port str
- require_
message_ boolauthenticator - Whether to require Message-Authenticator in requests
- host String
- IP/ hostname of RADIUS server
- secret String
- Secret of RADIUS server
- keywrap
Enabled Boolean - keywrap
Format String - enum:
ascii,hex - keywrap
Kek String - keywrap
Mack String - port String
- require
Message BooleanAuthenticator - Whether to require Message-Authenticator in requests
WlanBonjour, WlanBonjourArgs
- Additional
Vlan List<string>Ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- Enabled bool
- Whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- Services
Dictionary<string, Pulumi.
Juniper Mist. Site. Inputs. Wlan Bonjour Services> - What services are allowed. Property key is the service name
- Additional
Vlan []stringIds - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- Enabled bool
- Whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- Services
map[string]Wlan
Bonjour Services - What services are allowed. Property key is the service name
- additional
Vlan List<String>Ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled Boolean
- Whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- services
Map<String,Wlan
Bonjour Services> - What services are allowed. Property key is the service name
- additional
Vlan string[]Ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled boolean
- Whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- services
{[key: string]: Wlan
Bonjour Services} - What services are allowed. Property key is the service name
- additional_
vlan_ Sequence[str]ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled bool
- Whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- services
Mapping[str, Wlan
Bonjour Services] - What services are allowed. Property key is the service name
- additional
Vlan List<String>Ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled Boolean
- Whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- services Map<Property Map>
- What services are allowed. Property key is the service name
WlanBonjourServices, WlanBonjourServicesArgs
- Disable
Local bool - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- Radius
Groups List<string> - Optional, if the service is further restricted for certain RADIUS groups
- Scope string
- how bonjour services should be discovered for the same WLAN. enum:
same_ap,same_map,same_site
- Disable
Local bool - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- Radius
Groups []string - Optional, if the service is further restricted for certain RADIUS groups
- Scope string
- how bonjour services should be discovered for the same WLAN. enum:
same_ap,same_map,same_site
- disable
Local Boolean - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius
Groups List<String> - Optional, if the service is further restricted for certain RADIUS groups
- scope String
- how bonjour services should be discovered for the same WLAN. enum:
same_ap,same_map,same_site
- disable
Local boolean - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius
Groups string[] - Optional, if the service is further restricted for certain RADIUS groups
- scope string
- how bonjour services should be discovered for the same WLAN. enum:
same_ap,same_map,same_site
- disable_
local bool - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius_
groups Sequence[str] - Optional, if the service is further restricted for certain RADIUS groups
- scope str
- how bonjour services should be discovered for the same WLAN. enum:
same_ap,same_map,same_site
- disable
Local Boolean - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius
Groups List<String> - Optional, if the service is further restricted for certain RADIUS groups
- scope String
- how bonjour services should be discovered for the same WLAN. enum:
same_ap,same_map,same_site
WlanCiscoCwa, WlanCiscoCwaArgs
- Allowed
Hostnames List<string> - List of hostnames without http(s):// (matched by substring)
- Allowed
Subnets List<string> - List of CIDRs
- Blocked
Subnets List<string> - List of blocked CIDRs
- Enabled bool
- Allowed
Hostnames []string - List of hostnames without http(s):// (matched by substring)
- Allowed
Subnets []string - List of CIDRs
- Blocked
Subnets []string - List of blocked CIDRs
- Enabled bool
- allowed
Hostnames List<String> - List of hostnames without http(s):// (matched by substring)
- allowed
Subnets List<String> - List of CIDRs
- blocked
Subnets List<String> - List of blocked CIDRs
- enabled Boolean
- allowed
Hostnames string[] - List of hostnames without http(s):// (matched by substring)
- allowed
Subnets string[] - List of CIDRs
- blocked
Subnets string[] - List of blocked CIDRs
- enabled boolean
- allowed_
hostnames Sequence[str] - List of hostnames without http(s):// (matched by substring)
- allowed_
subnets Sequence[str] - List of CIDRs
- blocked_
subnets Sequence[str] - List of blocked CIDRs
- enabled bool
- allowed
Hostnames List<String> - List of hostnames without http(s):// (matched by substring)
- allowed
Subnets List<String> - List of CIDRs
- blocked
Subnets List<String> - List of blocked CIDRs
- enabled Boolean
WlanCoaServer, WlanCoaServerArgs
- Ip string
- Secret string
- Disable
Event boolTimestamp Check - Whether to disable Event-Timestamp Check
- Enabled bool
- Port string
- Ip string
- Secret string
- Disable
Event boolTimestamp Check - Whether to disable Event-Timestamp Check
- Enabled bool
- Port string
- ip String
- secret String
- disable
Event BooleanTimestamp Check - Whether to disable Event-Timestamp Check
- enabled Boolean
- port String
- ip string
- secret string
- disable
Event booleanTimestamp Check - Whether to disable Event-Timestamp Check
- enabled boolean
- port string
- ip str
- secret str
- disable_
event_ booltimestamp_ check - Whether to disable Event-Timestamp Check
- enabled bool
- port str
- ip String
- secret String
- disable
Event BooleanTimestamp Check - Whether to disable Event-Timestamp Check
- enabled Boolean
- port String
WlanDnsServerRewrite, WlanDnsServerRewriteArgs
- Enabled bool
- Radius
Groups Dictionary<string, string> - Map between radius_group and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- Enabled bool
- Radius
Groups map[string]string - Map between radius_group and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled Boolean
- radius
Groups Map<String,String> - Map between radius_group and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled boolean
- radius
Groups {[key: string]: string} - Map between radius_group and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled bool
- radius_
groups Mapping[str, str] - Map between radius_group and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled Boolean
- radius
Groups Map<String> - Map between radius_group and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
WlanDynamicPsk, WlanDynamicPskArgs
- Default
Psk string - Default PSK to use if cloud WLC is not available, 8-63 characters
- Default
Vlan stringId - Enabled bool
- Force
Lookup bool - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - Source string
- enum:
cloud_psks,radius
- Default
Psk string - Default PSK to use if cloud WLC is not available, 8-63 characters
- Default
Vlan stringId - Enabled bool
- Force
Lookup bool - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - Source string
- enum:
cloud_psks,radius
- default
Psk String - Default PSK to use if cloud WLC is not available, 8-63 characters
- default
Vlan StringId - enabled Boolean
- force
Lookup Boolean - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - source String
- enum:
cloud_psks,radius
- default
Psk string - Default PSK to use if cloud WLC is not available, 8-63 characters
- default
Vlan stringId - enabled boolean
- force
Lookup boolean - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - source string
- enum:
cloud_psks,radius
- default_
psk str - Default PSK to use if cloud WLC is not available, 8-63 characters
- default_
vlan_ strid - enabled bool
- force_
lookup bool - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - source str
- enum:
cloud_psks,radius
- default
Psk String - Default PSK to use if cloud WLC is not available, 8-63 characters
- default
Vlan StringId - enabled Boolean
- force
Lookup Boolean - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - source String
- enum:
cloud_psks,radius
WlanDynamicVlan, WlanDynamicVlanArgs
- Default
Vlan List<string>Ids - Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- Enabled bool
- Requires
vlan_enabled==trueto be set totrue. Whether to enable dynamic vlan - Local
Vlan List<string>Ids - VLAN_ids to be locally bridged
- Type string
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum:
airespace-interface-name,standard - Vlans Dictionary<string, string>
- Map between vlan_id (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the Vlan ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the Vlan ID and property value is the Airespace Interface Name
- if
- Default
Vlan []stringIds - Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- Enabled bool
- Requires
vlan_enabled==trueto be set totrue. Whether to enable dynamic vlan - Local
Vlan []stringIds - VLAN_ids to be locally bridged
- Type string
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum:
airespace-interface-name,standard - Vlans map[string]string
- Map between vlan_id (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the Vlan ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the Vlan ID and property value is the Airespace Interface Name
- if
- default
Vlan List<String>Ids - Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- enabled Boolean
- Requires
vlan_enabled==trueto be set totrue. Whether to enable dynamic vlan - local
Vlan List<String>Ids - VLAN_ids to be locally bridged
- type String
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum:
airespace-interface-name,standard - vlans Map<String,String>
- Map between vlan_id (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the Vlan ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the Vlan ID and property value is the Airespace Interface Name
- if
- default
Vlan string[]Ids - Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- enabled boolean
- Requires
vlan_enabled==trueto be set totrue. Whether to enable dynamic vlan - local
Vlan string[]Ids - VLAN_ids to be locally bridged
- type string
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum:
airespace-interface-name,standard - vlans {[key: string]: string}
- Map between vlan_id (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the Vlan ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the Vlan ID and property value is the Airespace Interface Name
- if
- default_
vlan_ Sequence[str]ids - Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- enabled bool
- Requires
vlan_enabled==trueto be set totrue. Whether to enable dynamic vlan - local_
vlan_ Sequence[str]ids - VLAN_ids to be locally bridged
- type str
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum:
airespace-interface-name,standard - vlans Mapping[str, str]
- Map between vlan_id (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the Vlan ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the Vlan ID and property value is the Airespace Interface Name
- if
- default
Vlan List<String>Ids - Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- enabled Boolean
- Requires
vlan_enabled==trueto be set totrue. Whether to enable dynamic vlan - local
Vlan List<String>Ids - VLAN_ids to be locally bridged
- type String
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum:
airespace-interface-name,standard - vlans Map<String>
- Map between vlan_id (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the Vlan ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the Vlan ID and property value is the Airespace Interface Name
- if
WlanHotspot20, WlanHotspot20Args
- domain_
names Sequence[str] - enabled bool
- Whether to enable hotspot 2.0 config
- nai_
realms Sequence[str] - operators Sequence[str]
- List of operators to support
- rcois Sequence[str]
- venue_
name str - Venue name, default is site name
WlanInjectDhcpOption82, WlanInjectDhcpOption82Args
- Circuit
Id string - Information to set in the
circuit_idfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- Enabled bool
- Whether to inject option 82 when forwarding DHCP packets
- Circuit
Id string - Information to set in the
circuit_idfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- Enabled bool
- Whether to inject option 82 when forwarding DHCP packets
- circuit
Id String - Information to set in the
circuit_idfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- enabled Boolean
- Whether to inject option 82 when forwarding DHCP packets
- circuit
Id string - Information to set in the
circuit_idfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- enabled boolean
- Whether to inject option 82 when forwarding DHCP packets
- circuit_
id str - Information to set in the
circuit_idfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- enabled bool
- Whether to inject option 82 when forwarding DHCP packets
- circuit
Id String - Information to set in the
circuit_idfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- enabled Boolean
- Whether to inject option 82 when forwarding DHCP packets
WlanMistNac, WlanMistNacArgs
- Acct
Interim intInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled.
- Auth
Servers intRetries - Radius auth session retries. Following fast timers are set if
fast_dot1x_timersknob is enabled. "retries" are set to value ofauth_servers_timeout. "max-requests" is also set when settingauth_servers_retriesis set to default value to 3. - Auth
Servers intTimeout - Radius auth session timeout. Following fast timers are set if
fast_dot1x_timersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauth_servers_timeout. "supplicant-timeout" is also set when settingauth_servers_timeoutis set to default value of 10. - Coa
Enabled bool - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- Coa
Port int - the communication port used for “Change of Authorization” (CoA) messages
- Enabled bool
- When enabled:
auth_serversis ignoredacct_serversis ignoredauth_servers_*are ignoredcoa_serversis ignoredradsecis ignoredcoa_enabledis assumed
- Fast
Dot1x boolTimers - If set to true, sets default fast-timers with values calculated from
auth_servers_timeoutandauth_server_retries. - Network string
- Which network the mist nac server resides in
- Source
Ip string - In case there is a static IP for this network, we can specify it using source ip
- Acct
Interim intInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled.
- Auth
Servers intRetries - Radius auth session retries. Following fast timers are set if
fast_dot1x_timersknob is enabled. "retries" are set to value ofauth_servers_timeout. "max-requests" is also set when settingauth_servers_retriesis set to default value to 3. - Auth
Servers intTimeout - Radius auth session timeout. Following fast timers are set if
fast_dot1x_timersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauth_servers_timeout. "supplicant-timeout" is also set when settingauth_servers_timeoutis set to default value of 10. - Coa
Enabled bool - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- Coa
Port int - the communication port used for “Change of Authorization” (CoA) messages
- Enabled bool
- When enabled:
auth_serversis ignoredacct_serversis ignoredauth_servers_*are ignoredcoa_serversis ignoredradsecis ignoredcoa_enabledis assumed
- Fast
Dot1x boolTimers - If set to true, sets default fast-timers with values calculated from
auth_servers_timeoutandauth_server_retries. - Network string
- Which network the mist nac server resides in
- Source
Ip string - In case there is a static IP for this network, we can specify it using source ip
- acct
Interim IntegerInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled.
- auth
Servers IntegerRetries - Radius auth session retries. Following fast timers are set if
fast_dot1x_timersknob is enabled. "retries" are set to value ofauth_servers_timeout. "max-requests" is also set when settingauth_servers_retriesis set to default value to 3. - auth
Servers IntegerTimeout - Radius auth session timeout. Following fast timers are set if
fast_dot1x_timersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauth_servers_timeout. "supplicant-timeout" is also set when settingauth_servers_timeoutis set to default value of 10. - coa
Enabled Boolean - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- coa
Port Integer - the communication port used for “Change of Authorization” (CoA) messages
- enabled Boolean
- When enabled:
auth_serversis ignoredacct_serversis ignoredauth_servers_*are ignoredcoa_serversis ignoredradsecis ignoredcoa_enabledis assumed
- fast
Dot1x BooleanTimers - If set to true, sets default fast-timers with values calculated from
auth_servers_timeoutandauth_server_retries. - network String
- Which network the mist nac server resides in
- source
Ip String - In case there is a static IP for this network, we can specify it using source ip
- acct
Interim numberInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled.
- auth
Servers numberRetries - Radius auth session retries. Following fast timers are set if
fast_dot1x_timersknob is enabled. "retries" are set to value ofauth_servers_timeout. "max-requests" is also set when settingauth_servers_retriesis set to default value to 3. - auth
Servers numberTimeout - Radius auth session timeout. Following fast timers are set if
fast_dot1x_timersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauth_servers_timeout. "supplicant-timeout" is also set when settingauth_servers_timeoutis set to default value of 10. - coa
Enabled boolean - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- coa
Port number - the communication port used for “Change of Authorization” (CoA) messages
- enabled boolean
- When enabled:
auth_serversis ignoredacct_serversis ignoredauth_servers_*are ignoredcoa_serversis ignoredradsecis ignoredcoa_enabledis assumed
- fast
Dot1x booleanTimers - If set to true, sets default fast-timers with values calculated from
auth_servers_timeoutandauth_server_retries. - network string
- Which network the mist nac server resides in
- source
Ip string - In case there is a static IP for this network, we can specify it using source ip
- acct_
interim_ intinterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled.
- auth_
servers_ intretries - Radius auth session retries. Following fast timers are set if
fast_dot1x_timersknob is enabled. "retries" are set to value ofauth_servers_timeout. "max-requests" is also set when settingauth_servers_retriesis set to default value to 3. - auth_
servers_ inttimeout - Radius auth session timeout. Following fast timers are set if
fast_dot1x_timersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauth_servers_timeout. "supplicant-timeout" is also set when settingauth_servers_timeoutis set to default value of 10. - coa_
enabled bool - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- coa_
port int - the communication port used for “Change of Authorization” (CoA) messages
- enabled bool
- When enabled:
auth_serversis ignoredacct_serversis ignoredauth_servers_*are ignoredcoa_serversis ignoredradsecis ignoredcoa_enabledis assumed
- fast_
dot1x_ booltimers - If set to true, sets default fast-timers with values calculated from
auth_servers_timeoutandauth_server_retries. - network str
- Which network the mist nac server resides in
- source_
ip str - In case there is a static IP for this network, we can specify it using source ip
- acct
Interim NumberInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled.
- auth
Servers NumberRetries - Radius auth session retries. Following fast timers are set if
fast_dot1x_timersknob is enabled. "retries" are set to value ofauth_servers_timeout. "max-requests" is also set when settingauth_servers_retriesis set to default value to 3. - auth
Servers NumberTimeout - Radius auth session timeout. Following fast timers are set if
fast_dot1x_timersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauth_servers_timeout. "supplicant-timeout" is also set when settingauth_servers_timeoutis set to default value of 10. - coa
Enabled Boolean - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- coa
Port Number - the communication port used for “Change of Authorization” (CoA) messages
- enabled Boolean
- When enabled:
auth_serversis ignoredacct_serversis ignoredauth_servers_*are ignoredcoa_serversis ignoredradsecis ignoredcoa_enabledis assumed
- fast
Dot1x BooleanTimers - If set to true, sets default fast-timers with values calculated from
auth_servers_timeoutandauth_server_retries. - network String
- Which network the mist nac server resides in
- source
Ip String - In case there is a static IP for this network, we can specify it using source ip
WlanPortal, WlanPortalArgs
- Allow
Wlan boolId Roam - Optional if
amazon_enabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable random_mac for seamless roaming) - Amazon
Client stringId - Optional if
amazon_enabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - Amazon
Client stringSecret - Optional if
amazon_enabled==true. Amazon OAuth2 client secret. If amazon_client_id was provided, provide a corresponding value. Else leave blank. - Amazon
Email List<string>Domains - Optional if
amazon_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - Amazon
Enabled bool - Whether amazon is enabled as a login method
- Amazon
Expire int - Optional if
amazon_enabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - Auth string
- authentication scheme. enum:
amazon,azure,email,external,facebook,google,microsoft,multi,none,password,sms,sponsor,sso - Azure
Client stringId - Required if
azure_enabled==true. Azure active directory app client id - Azure
Client stringSecret - Required if
azure_enabled==true. Azure active directory app client secret - Azure
Enabled bool - Whether Azure Active Directory is enabled as a login method
- Azure
Expire int - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- Azure
Tenant stringId - Required if
azure_enabled==true. Azure active directory tenant id. - Broadnet
Password string - Required if
sms_provider==broadnet - Broadnet
Sid string - Required if
sms_provider==broadnet - Broadnet
User stringId - Required if
sms_provider==broadnet - Bypass
When boolCloud Down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- Clickatell
Api stringKey - Required if
sms_provider==clickatell - Cross
Site bool - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming) - Email
Enabled bool - Whether email (access code verification) is enabled as a login method
- Enabled bool
- Whether guest portal is enabled
- Expire int
- How long to remain authorized, in minutes
- External
Portal stringUrl - Required if
wlan_portal_auth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - Facebook
Client stringId - Required if
facebook_enabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - Facebook
Client stringSecret - Required if
facebook_enabled==true. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a corresponding value. Else leave blank. - Facebook
Email List<string>Domains - Optional if
facebook_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - Facebook
Enabled bool - Whether facebook is enabled as a login method
- Facebook
Expire int - Optional if
facebook_enabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - Forward bool
- Whether to forward the user to another URL after authorized
- Forward
Url string - URL to forward the user to
- Google
Client stringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- Google
Client stringSecret - Optional if
google_enabled==true. Google OAuth2 app secret. If google_client_id was provided, provide a corresponding value. Else leave blank. - Google
Email List<string>Domains - Optional if
google_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - Google
Enabled bool - Whether Google is enabled as login method
- Google
Expire int - Optional if
google_enabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - Gupshup
Password string - Required if
sms_provider==gupshup - Gupshup
Userid string - Required if
sms_provider==gupshup - Microsoft
Client stringId - Optional if
microsoft_enabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - Microsoft
Client stringSecret - Optional if
microsoft_enabled==true. Microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a corresponding value. Else leave blank. - Microsoft
Email List<string>Domains - Optional if
microsoft_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - Microsoft
Enabled bool - Whether microsoft 365 is enabled as a login method
- Microsoft
Expire int - Optional if
microsoft_enabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - Passphrase
Enabled bool - Whether password is enabled
- Passphrase
Expire int - Optional if
passphrase_enabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - Password string
- Required if
passphrase_enabled==true. - Predefined
Sponsors boolEnabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsor_notify_allandpredefined_sponsors_enabledare false, behavior is acc tosponsor_email_domains - Predefined
Sponsors boolHide Email - Whether to hide sponsor’s email from list of sponsors
- Privacy bool
- Puzzel
Password string - Required if
sms_provider==puzzel - Puzzel
Service stringId - Required if
sms_provider==puzzel - Puzzel
Username string - Required if
sms_provider==puzzel - Sms
Enabled bool - Whether sms is enabled as a login method
- Sms
Expire int - Optional if
sms_enabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - Sms
Message stringFormat - Optional if
sms_enabled==true. SMS Message format - Sms
Provider string - Optional if
sms_enabled==true. enum:broadnet,clickatell,gupshup,manual,puzzel,smsglobal,telstra,twilio - Smsglobal
Api stringKey - Required if
sms_provider==smsglobal, Client API Key - Smsglobal
Api stringSecret - Required if
sms_provider==smsglobal, Client secret - Sponsor
Auto boolApprove - Optional if
sponsor_enabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled - Sponsor
Email List<string>Domains - List of domain allowed for sponsor email. Required if
sponsor_enabledistrueandsponsorsis empty. - Sponsor
Enabled bool - Whether sponsor is enabled
- Sponsor
Expire int - Optional if
sponsor_enabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - Sponsor
Link stringValidity Duration - Optional if
sponsor_enabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - Sponsor
Notify boolAll - Optional if
sponsor_enabled==true. whether to notify all sponsors that are mentioned insponsorsobject. Bothsponsor_notify_allandpredefined_sponsors_enabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - Sponsor
Status boolNotify - Optional if
sponsor_enabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - Sponsors Dictionary<string, string>
- object of allowed sponsors email with name. Required if
sponsor_enabledistrueandsponsor_email_domainsis empty.Property key is the sponsor email, Property value is the sponsor name - Sso
Default stringRole - Optional if
wlan_portal_auth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - Sso
Forced stringRole - Optional if
wlan_portal_auth==sso - Sso
Idp stringCert - Required if
wlan_portal_auth==sso. IDP Cert (used to verify the signed response) - Sso
Idp stringSign Algo - Optional if
wlan_portal_auth==sso, Signing algorithm for SAML Assertion. enum:sha1,sha256,sha384,sha512 - Sso
Idp stringSso Url - Required if
wlan_portal_auth==sso, IDP Single-Sign-On URL - Sso
Issuer string - Required if
wlan_portal_auth==sso, IDP issuer URL - Sso
Nameid stringFormat - Optional if
wlan_portal_auth==sso. enum:email,unspecified - Telstra
Client stringId - Required if
sms_provider==telstra, Client ID provided by Telstra - Telstra
Client stringSecret - Required if
sms_provider==telstra, Client secret provided by Telstra - Twilio
Auth stringToken - Required if
sms_provider==twilio, Auth token account with twilio account - Twilio
Phone stringNumber - Required if
sms_provider==twilio, Twilio phone number associated with the account. See example for accepted format. - Twilio
Sid string - Required if
sms_provider==twilio, Account SID provided by Twilio
- Allow
Wlan boolId Roam - Optional if
amazon_enabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable random_mac for seamless roaming) - Amazon
Client stringId - Optional if
amazon_enabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - Amazon
Client stringSecret - Optional if
amazon_enabled==true. Amazon OAuth2 client secret. If amazon_client_id was provided, provide a corresponding value. Else leave blank. - Amazon
Email []stringDomains - Optional if
amazon_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - Amazon
Enabled bool - Whether amazon is enabled as a login method
- Amazon
Expire int - Optional if
amazon_enabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - Auth string
- authentication scheme. enum:
amazon,azure,email,external,facebook,google,microsoft,multi,none,password,sms,sponsor,sso - Azure
Client stringId - Required if
azure_enabled==true. Azure active directory app client id - Azure
Client stringSecret - Required if
azure_enabled==true. Azure active directory app client secret - Azure
Enabled bool - Whether Azure Active Directory is enabled as a login method
- Azure
Expire int - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- Azure
Tenant stringId - Required if
azure_enabled==true. Azure active directory tenant id. - Broadnet
Password string - Required if
sms_provider==broadnet - Broadnet
Sid string - Required if
sms_provider==broadnet - Broadnet
User stringId - Required if
sms_provider==broadnet - Bypass
When boolCloud Down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- Clickatell
Api stringKey - Required if
sms_provider==clickatell - Cross
Site bool - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming) - Email
Enabled bool - Whether email (access code verification) is enabled as a login method
- Enabled bool
- Whether guest portal is enabled
- Expire int
- How long to remain authorized, in minutes
- External
Portal stringUrl - Required if
wlan_portal_auth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - Facebook
Client stringId - Required if
facebook_enabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - Facebook
Client stringSecret - Required if
facebook_enabled==true. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a corresponding value. Else leave blank. - Facebook
Email []stringDomains - Optional if
facebook_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - Facebook
Enabled bool - Whether facebook is enabled as a login method
- Facebook
Expire int - Optional if
facebook_enabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - Forward bool
- Whether to forward the user to another URL after authorized
- Forward
Url string - URL to forward the user to
- Google
Client stringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- Google
Client stringSecret - Optional if
google_enabled==true. Google OAuth2 app secret. If google_client_id was provided, provide a corresponding value. Else leave blank. - Google
Email []stringDomains - Optional if
google_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - Google
Enabled bool - Whether Google is enabled as login method
- Google
Expire int - Optional if
google_enabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - Gupshup
Password string - Required if
sms_provider==gupshup - Gupshup
Userid string - Required if
sms_provider==gupshup - Microsoft
Client stringId - Optional if
microsoft_enabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - Microsoft
Client stringSecret - Optional if
microsoft_enabled==true. Microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a corresponding value. Else leave blank. - Microsoft
Email []stringDomains - Optional if
microsoft_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - Microsoft
Enabled bool - Whether microsoft 365 is enabled as a login method
- Microsoft
Expire int - Optional if
microsoft_enabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - Passphrase
Enabled bool - Whether password is enabled
- Passphrase
Expire int - Optional if
passphrase_enabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - Password string
- Required if
passphrase_enabled==true. - Predefined
Sponsors boolEnabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsor_notify_allandpredefined_sponsors_enabledare false, behavior is acc tosponsor_email_domains - Predefined
Sponsors boolHide Email - Whether to hide sponsor’s email from list of sponsors
- Privacy bool
- Puzzel
Password string - Required if
sms_provider==puzzel - Puzzel
Service stringId - Required if
sms_provider==puzzel - Puzzel
Username string - Required if
sms_provider==puzzel - Sms
Enabled bool - Whether sms is enabled as a login method
- Sms
Expire int - Optional if
sms_enabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - Sms
Message stringFormat - Optional if
sms_enabled==true. SMS Message format - Sms
Provider string - Optional if
sms_enabled==true. enum:broadnet,clickatell,gupshup,manual,puzzel,smsglobal,telstra,twilio - Smsglobal
Api stringKey - Required if
sms_provider==smsglobal, Client API Key - Smsglobal
Api stringSecret - Required if
sms_provider==smsglobal, Client secret - Sponsor
Auto boolApprove - Optional if
sponsor_enabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled - Sponsor
Email []stringDomains - List of domain allowed for sponsor email. Required if
sponsor_enabledistrueandsponsorsis empty. - Sponsor
Enabled bool - Whether sponsor is enabled
- Sponsor
Expire int - Optional if
sponsor_enabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - Sponsor
Link stringValidity Duration - Optional if
sponsor_enabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - Sponsor
Notify boolAll - Optional if
sponsor_enabled==true. whether to notify all sponsors that are mentioned insponsorsobject. Bothsponsor_notify_allandpredefined_sponsors_enabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - Sponsor
Status boolNotify - Optional if
sponsor_enabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - Sponsors map[string]string
- object of allowed sponsors email with name. Required if
sponsor_enabledistrueandsponsor_email_domainsis empty.Property key is the sponsor email, Property value is the sponsor name - Sso
Default stringRole - Optional if
wlan_portal_auth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - Sso
Forced stringRole - Optional if
wlan_portal_auth==sso - Sso
Idp stringCert - Required if
wlan_portal_auth==sso. IDP Cert (used to verify the signed response) - Sso
Idp stringSign Algo - Optional if
wlan_portal_auth==sso, Signing algorithm for SAML Assertion. enum:sha1,sha256,sha384,sha512 - Sso
Idp stringSso Url - Required if
wlan_portal_auth==sso, IDP Single-Sign-On URL - Sso
Issuer string - Required if
wlan_portal_auth==sso, IDP issuer URL - Sso
Nameid stringFormat - Optional if
wlan_portal_auth==sso. enum:email,unspecified - Telstra
Client stringId - Required if
sms_provider==telstra, Client ID provided by Telstra - Telstra
Client stringSecret - Required if
sms_provider==telstra, Client secret provided by Telstra - Twilio
Auth stringToken - Required if
sms_provider==twilio, Auth token account with twilio account - Twilio
Phone stringNumber - Required if
sms_provider==twilio, Twilio phone number associated with the account. See example for accepted format. - Twilio
Sid string - Required if
sms_provider==twilio, Account SID provided by Twilio
- allow
Wlan BooleanId Roam - Optional if
amazon_enabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable random_mac for seamless roaming) - amazon
Client StringId - Optional if
amazon_enabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - amazon
Client StringSecret - Optional if
amazon_enabled==true. Amazon OAuth2 client secret. If amazon_client_id was provided, provide a corresponding value. Else leave blank. - amazon
Email List<String>Domains - Optional if
amazon_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - amazon
Enabled Boolean - Whether amazon is enabled as a login method
- amazon
Expire Integer - Optional if
amazon_enabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - auth String
- authentication scheme. enum:
amazon,azure,email,external,facebook,google,microsoft,multi,none,password,sms,sponsor,sso - azure
Client StringId - Required if
azure_enabled==true. Azure active directory app client id - azure
Client StringSecret - Required if
azure_enabled==true. Azure active directory app client secret - azure
Enabled Boolean - Whether Azure Active Directory is enabled as a login method
- azure
Expire Integer - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure
Tenant StringId - Required if
azure_enabled==true. Azure active directory tenant id. - broadnet
Password String - Required if
sms_provider==broadnet - broadnet
Sid String - Required if
sms_provider==broadnet - broadnet
User StringId - Required if
sms_provider==broadnet - bypass
When BooleanCloud Down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell
Api StringKey - Required if
sms_provider==clickatell - cross
Site Boolean - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming) - email
Enabled Boolean - Whether email (access code verification) is enabled as a login method
- enabled Boolean
- Whether guest portal is enabled
- expire Integer
- How long to remain authorized, in minutes
- external
Portal StringUrl - Required if
wlan_portal_auth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - facebook
Client StringId - Required if
facebook_enabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook
Client StringSecret - Required if
facebook_enabled==true. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a corresponding value. Else leave blank. - facebook
Email List<String>Domains - Optional if
facebook_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - facebook
Enabled Boolean - Whether facebook is enabled as a login method
- facebook
Expire Integer - Optional if
facebook_enabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - forward Boolean
- Whether to forward the user to another URL after authorized
- forward
Url String - URL to forward the user to
- google
Client StringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google
Client StringSecret - Optional if
google_enabled==true. Google OAuth2 app secret. If google_client_id was provided, provide a corresponding value. Else leave blank. - google
Email List<String>Domains - Optional if
google_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - google
Enabled Boolean - Whether Google is enabled as login method
- google
Expire Integer - Optional if
google_enabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - gupshup
Password String - Required if
sms_provider==gupshup - gupshup
Userid String - Required if
sms_provider==gupshup - microsoft
Client StringId - Optional if
microsoft_enabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - microsoft
Client StringSecret - Optional if
microsoft_enabled==true. Microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a corresponding value. Else leave blank. - microsoft
Email List<String>Domains - Optional if
microsoft_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - microsoft
Enabled Boolean - Whether microsoft 365 is enabled as a login method
- microsoft
Expire Integer - Optional if
microsoft_enabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - passphrase
Enabled Boolean - Whether password is enabled
- passphrase
Expire Integer - Optional if
passphrase_enabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - password String
- Required if
passphrase_enabled==true. - predefined
Sponsors BooleanEnabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsor_notify_allandpredefined_sponsors_enabledare false, behavior is acc tosponsor_email_domains - predefined
Sponsors BooleanHide Email - Whether to hide sponsor’s email from list of sponsors
- privacy Boolean
- puzzel
Password String - Required if
sms_provider==puzzel - puzzel
Service StringId - Required if
sms_provider==puzzel - puzzel
Username String - Required if
sms_provider==puzzel - sms
Enabled Boolean - Whether sms is enabled as a login method
- sms
Expire Integer - Optional if
sms_enabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - sms
Message StringFormat - Optional if
sms_enabled==true. SMS Message format - sms
Provider String - Optional if
sms_enabled==true. enum:broadnet,clickatell,gupshup,manual,puzzel,smsglobal,telstra,twilio - smsglobal
Api StringKey - Required if
sms_provider==smsglobal, Client API Key - smsglobal
Api StringSecret - Required if
sms_provider==smsglobal, Client secret - sponsor
Auto BooleanApprove - Optional if
sponsor_enabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled - sponsor
Email List<String>Domains - List of domain allowed for sponsor email. Required if
sponsor_enabledistrueandsponsorsis empty. - sponsor
Enabled Boolean - Whether sponsor is enabled
- sponsor
Expire Integer - Optional if
sponsor_enabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - sponsor
Link StringValidity Duration - Optional if
sponsor_enabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - sponsor
Notify BooleanAll - Optional if
sponsor_enabled==true. whether to notify all sponsors that are mentioned insponsorsobject. Bothsponsor_notify_allandpredefined_sponsors_enabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor
Status BooleanNotify - Optional if
sponsor_enabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - sponsors Map<String,String>
- object of allowed sponsors email with name. Required if
sponsor_enabledistrueandsponsor_email_domainsis empty.Property key is the sponsor email, Property value is the sponsor name - sso
Default StringRole - Optional if
wlan_portal_auth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - sso
Forced StringRole - Optional if
wlan_portal_auth==sso - sso
Idp StringCert - Required if
wlan_portal_auth==sso. IDP Cert (used to verify the signed response) - sso
Idp StringSign Algo - Optional if
wlan_portal_auth==sso, Signing algorithm for SAML Assertion. enum:sha1,sha256,sha384,sha512 - sso
Idp StringSso Url - Required if
wlan_portal_auth==sso, IDP Single-Sign-On URL - sso
Issuer String - Required if
wlan_portal_auth==sso, IDP issuer URL - sso
Nameid StringFormat - Optional if
wlan_portal_auth==sso. enum:email,unspecified - telstra
Client StringId - Required if
sms_provider==telstra, Client ID provided by Telstra - telstra
Client StringSecret - Required if
sms_provider==telstra, Client secret provided by Telstra - twilio
Auth StringToken - Required if
sms_provider==twilio, Auth token account with twilio account - twilio
Phone StringNumber - Required if
sms_provider==twilio, Twilio phone number associated with the account. See example for accepted format. - twilio
Sid String - Required if
sms_provider==twilio, Account SID provided by Twilio
- allow
Wlan booleanId Roam - Optional if
amazon_enabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable random_mac for seamless roaming) - amazon
Client stringId - Optional if
amazon_enabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - amazon
Client stringSecret - Optional if
amazon_enabled==true. Amazon OAuth2 client secret. If amazon_client_id was provided, provide a corresponding value. Else leave blank. - amazon
Email string[]Domains - Optional if
amazon_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - amazon
Enabled boolean - Whether amazon is enabled as a login method
- amazon
Expire number - Optional if
amazon_enabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - auth string
- authentication scheme. enum:
amazon,azure,email,external,facebook,google,microsoft,multi,none,password,sms,sponsor,sso - azure
Client stringId - Required if
azure_enabled==true. Azure active directory app client id - azure
Client stringSecret - Required if
azure_enabled==true. Azure active directory app client secret - azure
Enabled boolean - Whether Azure Active Directory is enabled as a login method
- azure
Expire number - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure
Tenant stringId - Required if
azure_enabled==true. Azure active directory tenant id. - broadnet
Password string - Required if
sms_provider==broadnet - broadnet
Sid string - Required if
sms_provider==broadnet - broadnet
User stringId - Required if
sms_provider==broadnet - bypass
When booleanCloud Down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell
Api stringKey - Required if
sms_provider==clickatell - cross
Site boolean - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming) - email
Enabled boolean - Whether email (access code verification) is enabled as a login method
- enabled boolean
- Whether guest portal is enabled
- expire number
- How long to remain authorized, in minutes
- external
Portal stringUrl - Required if
wlan_portal_auth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - facebook
Client stringId - Required if
facebook_enabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook
Client stringSecret - Required if
facebook_enabled==true. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a corresponding value. Else leave blank. - facebook
Email string[]Domains - Optional if
facebook_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - facebook
Enabled boolean - Whether facebook is enabled as a login method
- facebook
Expire number - Optional if
facebook_enabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - forward boolean
- Whether to forward the user to another URL after authorized
- forward
Url string - URL to forward the user to
- google
Client stringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google
Client stringSecret - Optional if
google_enabled==true. Google OAuth2 app secret. If google_client_id was provided, provide a corresponding value. Else leave blank. - google
Email string[]Domains - Optional if
google_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - google
Enabled boolean - Whether Google is enabled as login method
- google
Expire number - Optional if
google_enabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - gupshup
Password string - Required if
sms_provider==gupshup - gupshup
Userid string - Required if
sms_provider==gupshup - microsoft
Client stringId - Optional if
microsoft_enabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - microsoft
Client stringSecret - Optional if
microsoft_enabled==true. Microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a corresponding value. Else leave blank. - microsoft
Email string[]Domains - Optional if
microsoft_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - microsoft
Enabled boolean - Whether microsoft 365 is enabled as a login method
- microsoft
Expire number - Optional if
microsoft_enabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - passphrase
Enabled boolean - Whether password is enabled
- passphrase
Expire number - Optional if
passphrase_enabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - password string
- Required if
passphrase_enabled==true. - predefined
Sponsors booleanEnabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsor_notify_allandpredefined_sponsors_enabledare false, behavior is acc tosponsor_email_domains - predefined
Sponsors booleanHide Email - Whether to hide sponsor’s email from list of sponsors
- privacy boolean
- puzzel
Password string - Required if
sms_provider==puzzel - puzzel
Service stringId - Required if
sms_provider==puzzel - puzzel
Username string - Required if
sms_provider==puzzel - sms
Enabled boolean - Whether sms is enabled as a login method
- sms
Expire number - Optional if
sms_enabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - sms
Message stringFormat - Optional if
sms_enabled==true. SMS Message format - sms
Provider string - Optional if
sms_enabled==true. enum:broadnet,clickatell,gupshup,manual,puzzel,smsglobal,telstra,twilio - smsglobal
Api stringKey - Required if
sms_provider==smsglobal, Client API Key - smsglobal
Api stringSecret - Required if
sms_provider==smsglobal, Client secret - sponsor
Auto booleanApprove - Optional if
sponsor_enabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled - sponsor
Email string[]Domains - List of domain allowed for sponsor email. Required if
sponsor_enabledistrueandsponsorsis empty. - sponsor
Enabled boolean - Whether sponsor is enabled
- sponsor
Expire number - Optional if
sponsor_enabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - sponsor
Link stringValidity Duration - Optional if
sponsor_enabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - sponsor
Notify booleanAll - Optional if
sponsor_enabled==true. whether to notify all sponsors that are mentioned insponsorsobject. Bothsponsor_notify_allandpredefined_sponsors_enabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor
Status booleanNotify - Optional if
sponsor_enabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - sponsors {[key: string]: string}
- object of allowed sponsors email with name. Required if
sponsor_enabledistrueandsponsor_email_domainsis empty.Property key is the sponsor email, Property value is the sponsor name - sso
Default stringRole - Optional if
wlan_portal_auth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - sso
Forced stringRole - Optional if
wlan_portal_auth==sso - sso
Idp stringCert - Required if
wlan_portal_auth==sso. IDP Cert (used to verify the signed response) - sso
Idp stringSign Algo - Optional if
wlan_portal_auth==sso, Signing algorithm for SAML Assertion. enum:sha1,sha256,sha384,sha512 - sso
Idp stringSso Url - Required if
wlan_portal_auth==sso, IDP Single-Sign-On URL - sso
Issuer string - Required if
wlan_portal_auth==sso, IDP issuer URL - sso
Nameid stringFormat - Optional if
wlan_portal_auth==sso. enum:email,unspecified - telstra
Client stringId - Required if
sms_provider==telstra, Client ID provided by Telstra - telstra
Client stringSecret - Required if
sms_provider==telstra, Client secret provided by Telstra - twilio
Auth stringToken - Required if
sms_provider==twilio, Auth token account with twilio account - twilio
Phone stringNumber - Required if
sms_provider==twilio, Twilio phone number associated with the account. See example for accepted format. - twilio
Sid string - Required if
sms_provider==twilio, Account SID provided by Twilio
- allow_
wlan_ boolid_ roam - Optional if
amazon_enabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable random_mac for seamless roaming) - amazon_
client_ strid - Optional if
amazon_enabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - amazon_
client_ strsecret - Optional if
amazon_enabled==true. Amazon OAuth2 client secret. If amazon_client_id was provided, provide a corresponding value. Else leave blank. - amazon_
email_ Sequence[str]domains - Optional if
amazon_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - amazon_
enabled bool - Whether amazon is enabled as a login method
- amazon_
expire int - Optional if
amazon_enabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - auth str
- authentication scheme. enum:
amazon,azure,email,external,facebook,google,microsoft,multi,none,password,sms,sponsor,sso - azure_
client_ strid - Required if
azure_enabled==true. Azure active directory app client id - azure_
client_ strsecret - Required if
azure_enabled==true. Azure active directory app client secret - azure_
enabled bool - Whether Azure Active Directory is enabled as a login method
- azure_
expire int - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure_
tenant_ strid - Required if
azure_enabled==true. Azure active directory tenant id. - broadnet_
password str - Required if
sms_provider==broadnet - broadnet_
sid str - Required if
sms_provider==broadnet - broadnet_
user_ strid - Required if
sms_provider==broadnet - bypass_
when_ boolcloud_ down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell_
api_ strkey - Required if
sms_provider==clickatell - cross_
site bool - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming) - email_
enabled bool - Whether email (access code verification) is enabled as a login method
- enabled bool
- Whether guest portal is enabled
- expire int
- How long to remain authorized, in minutes
- external_
portal_ strurl - Required if
wlan_portal_auth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - facebook_
client_ strid - Required if
facebook_enabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook_
client_ strsecret - Required if
facebook_enabled==true. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a corresponding value. Else leave blank. - facebook_
email_ Sequence[str]domains - Optional if
facebook_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - facebook_
enabled bool - Whether facebook is enabled as a login method
- facebook_
expire int - Optional if
facebook_enabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - forward bool
- Whether to forward the user to another URL after authorized
- forward_
url str - URL to forward the user to
- google_
client_ strid - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google_
client_ strsecret - Optional if
google_enabled==true. Google OAuth2 app secret. If google_client_id was provided, provide a corresponding value. Else leave blank. - google_
email_ Sequence[str]domains - Optional if
google_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - google_
enabled bool - Whether Google is enabled as login method
- google_
expire int - Optional if
google_enabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - gupshup_
password str - Required if
sms_provider==gupshup - gupshup_
userid str - Required if
sms_provider==gupshup - microsoft_
client_ strid - Optional if
microsoft_enabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - microsoft_
client_ strsecret - Optional if
microsoft_enabled==true. Microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a corresponding value. Else leave blank. - microsoft_
email_ Sequence[str]domains - Optional if
microsoft_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - microsoft_
enabled bool - Whether microsoft 365 is enabled as a login method
- microsoft_
expire int - Optional if
microsoft_enabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - passphrase_
enabled bool - Whether password is enabled
- passphrase_
expire int - Optional if
passphrase_enabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - password str
- Required if
passphrase_enabled==true. - predefined_
sponsors_ boolenabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsor_notify_allandpredefined_sponsors_enabledare false, behavior is acc tosponsor_email_domains - predefined_
sponsors_ boolhide_ email - Whether to hide sponsor’s email from list of sponsors
- privacy bool
- puzzel_
password str - Required if
sms_provider==puzzel - puzzel_
service_ strid - Required if
sms_provider==puzzel - puzzel_
username str - Required if
sms_provider==puzzel - sms_
enabled bool - Whether sms is enabled as a login method
- sms_
expire int - Optional if
sms_enabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - sms_
message_ strformat - Optional if
sms_enabled==true. SMS Message format - sms_
provider str - Optional if
sms_enabled==true. enum:broadnet,clickatell,gupshup,manual,puzzel,smsglobal,telstra,twilio - smsglobal_
api_ strkey - Required if
sms_provider==smsglobal, Client API Key - smsglobal_
api_ strsecret - Required if
sms_provider==smsglobal, Client secret - sponsor_
auto_ boolapprove - Optional if
sponsor_enabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled - sponsor_
email_ Sequence[str]domains - List of domain allowed for sponsor email. Required if
sponsor_enabledistrueandsponsorsis empty. - sponsor_
enabled bool - Whether sponsor is enabled
- sponsor_
expire int - Optional if
sponsor_enabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - sponsor_
link_ strvalidity_ duration - Optional if
sponsor_enabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - sponsor_
notify_ boolall - Optional if
sponsor_enabled==true. whether to notify all sponsors that are mentioned insponsorsobject. Bothsponsor_notify_allandpredefined_sponsors_enabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor_
status_ boolnotify - Optional if
sponsor_enabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - sponsors Mapping[str, str]
- object of allowed sponsors email with name. Required if
sponsor_enabledistrueandsponsor_email_domainsis empty.Property key is the sponsor email, Property value is the sponsor name - sso_
default_ strrole - Optional if
wlan_portal_auth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - sso_
forced_ strrole - Optional if
wlan_portal_auth==sso - sso_
idp_ strcert - Required if
wlan_portal_auth==sso. IDP Cert (used to verify the signed response) - sso_
idp_ strsign_ algo - Optional if
wlan_portal_auth==sso, Signing algorithm for SAML Assertion. enum:sha1,sha256,sha384,sha512 - sso_
idp_ strsso_ url - Required if
wlan_portal_auth==sso, IDP Single-Sign-On URL - sso_
issuer str - Required if
wlan_portal_auth==sso, IDP issuer URL - sso_
nameid_ strformat - Optional if
wlan_portal_auth==sso. enum:email,unspecified - telstra_
client_ strid - Required if
sms_provider==telstra, Client ID provided by Telstra - telstra_
client_ strsecret - Required if
sms_provider==telstra, Client secret provided by Telstra - twilio_
auth_ strtoken - Required if
sms_provider==twilio, Auth token account with twilio account - twilio_
phone_ strnumber - Required if
sms_provider==twilio, Twilio phone number associated with the account. See example for accepted format. - twilio_
sid str - Required if
sms_provider==twilio, Account SID provided by Twilio
- allow
Wlan BooleanId Roam - Optional if
amazon_enabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable random_mac for seamless roaming) - amazon
Client StringId - Optional if
amazon_enabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - amazon
Client StringSecret - Optional if
amazon_enabled==true. Amazon OAuth2 client secret. If amazon_client_id was provided, provide a corresponding value. Else leave blank. - amazon
Email List<String>Domains - Optional if
amazon_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - amazon
Enabled Boolean - Whether amazon is enabled as a login method
- amazon
Expire Number - Optional if
amazon_enabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - auth String
- authentication scheme. enum:
amazon,azure,email,external,facebook,google,microsoft,multi,none,password,sms,sponsor,sso - azure
Client StringId - Required if
azure_enabled==true. Azure active directory app client id - azure
Client StringSecret - Required if
azure_enabled==true. Azure active directory app client secret - azure
Enabled Boolean - Whether Azure Active Directory is enabled as a login method
- azure
Expire Number - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure
Tenant StringId - Required if
azure_enabled==true. Azure active directory tenant id. - broadnet
Password String - Required if
sms_provider==broadnet - broadnet
Sid String - Required if
sms_provider==broadnet - broadnet
User StringId - Required if
sms_provider==broadnet - bypass
When BooleanCloud Down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell
Api StringKey - Required if
sms_provider==clickatell - cross
Site Boolean - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming) - email
Enabled Boolean - Whether email (access code verification) is enabled as a login method
- enabled Boolean
- Whether guest portal is enabled
- expire Number
- How long to remain authorized, in minutes
- external
Portal StringUrl - Required if
wlan_portal_auth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - facebook
Client StringId - Required if
facebook_enabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook
Client StringSecret - Required if
facebook_enabled==true. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a corresponding value. Else leave blank. - facebook
Email List<String>Domains - Optional if
facebook_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - facebook
Enabled Boolean - Whether facebook is enabled as a login method
- facebook
Expire Number - Optional if
facebook_enabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - forward Boolean
- Whether to forward the user to another URL after authorized
- forward
Url String - URL to forward the user to
- google
Client StringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google
Client StringSecret - Optional if
google_enabled==true. Google OAuth2 app secret. If google_client_id was provided, provide a corresponding value. Else leave blank. - google
Email List<String>Domains - Optional if
google_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - google
Enabled Boolean - Whether Google is enabled as login method
- google
Expire Number - Optional if
google_enabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - gupshup
Password String - Required if
sms_provider==gupshup - gupshup
Userid String - Required if
sms_provider==gupshup - microsoft
Client StringId - Optional if
microsoft_enabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - microsoft
Client StringSecret - Optional if
microsoft_enabled==true. Microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a corresponding value. Else leave blank. - microsoft
Email List<String>Domains - Optional if
microsoft_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. - microsoft
Enabled Boolean - Whether microsoft 365 is enabled as a login method
- microsoft
Expire Number - Optional if
microsoft_enabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - passphrase
Enabled Boolean - Whether password is enabled
- passphrase
Expire Number - Optional if
passphrase_enabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - password String
- Required if
passphrase_enabled==true. - predefined
Sponsors BooleanEnabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsor_notify_allandpredefined_sponsors_enabledare false, behavior is acc tosponsor_email_domains - predefined
Sponsors BooleanHide Email - Whether to hide sponsor’s email from list of sponsors
- privacy Boolean
- puzzel
Password String - Required if
sms_provider==puzzel - puzzel
Service StringId - Required if
sms_provider==puzzel - puzzel
Username String - Required if
sms_provider==puzzel - sms
Enabled Boolean - Whether sms is enabled as a login method
- sms
Expire Number - Optional if
sms_enabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - sms
Message StringFormat - Optional if
sms_enabled==true. SMS Message format - sms
Provider String - Optional if
sms_enabled==true. enum:broadnet,clickatell,gupshup,manual,puzzel,smsglobal,telstra,twilio - smsglobal
Api StringKey - Required if
sms_provider==smsglobal, Client API Key - smsglobal
Api StringSecret - Required if
sms_provider==smsglobal, Client secret - sponsor
Auto BooleanApprove - Optional if
sponsor_enabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled - sponsor
Email List<String>Domains - List of domain allowed for sponsor email. Required if
sponsor_enabledistrueandsponsorsis empty. - sponsor
Enabled Boolean - Whether sponsor is enabled
- sponsor
Expire Number - Optional if
sponsor_enabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - sponsor
Link StringValidity Duration - Optional if
sponsor_enabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - sponsor
Notify BooleanAll - Optional if
sponsor_enabled==true. whether to notify all sponsors that are mentioned insponsorsobject. Bothsponsor_notify_allandpredefined_sponsors_enabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor
Status BooleanNotify - Optional if
sponsor_enabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - sponsors Map<String>
- object of allowed sponsors email with name. Required if
sponsor_enabledistrueandsponsor_email_domainsis empty.Property key is the sponsor email, Property value is the sponsor name - sso
Default StringRole - Optional if
wlan_portal_auth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - sso
Forced StringRole - Optional if
wlan_portal_auth==sso - sso
Idp StringCert - Required if
wlan_portal_auth==sso. IDP Cert (used to verify the signed response) - sso
Idp StringSign Algo - Optional if
wlan_portal_auth==sso, Signing algorithm for SAML Assertion. enum:sha1,sha256,sha384,sha512 - sso
Idp StringSso Url - Required if
wlan_portal_auth==sso, IDP Single-Sign-On URL - sso
Issuer String - Required if
wlan_portal_auth==sso, IDP issuer URL - sso
Nameid StringFormat - Optional if
wlan_portal_auth==sso. enum:email,unspecified - telstra
Client StringId - Required if
sms_provider==telstra, Client ID provided by Telstra - telstra
Client StringSecret - Required if
sms_provider==telstra, Client secret provided by Telstra - twilio
Auth StringToken - Required if
sms_provider==twilio, Auth token account with twilio account - twilio
Phone StringNumber - Required if
sms_provider==twilio, Twilio phone number associated with the account. See example for accepted format. - twilio
Sid String - Required if
sms_provider==twilio, Account SID provided by Twilio
WlanQos, WlanQosArgs
WlanRadsec, WlanRadsecArgs
- Coa
Enabled bool - Enabled bool
- Idle
Timeout string - Mxcluster
Ids List<string> - To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- Proxy
Hosts List<string> - Default is site.mxedge.radsec.proxy_hosts which must be a superset of all
wlans[*].radsec.proxy_hosts. Whenradsec.proxy_hostsare not used, tunnel peers (org or site mxedges) are used irrespective ofuse_site_mxedge - Server
Name string - Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- Servers
List<Pulumi.
Juniper Mist. Site. Inputs. Wlan Radsec Server> - List of RadSec Servers. Only if not Mist Edge.
- Use
Mxedge bool - use mxedge(s) as RadSec Proxy
- Use
Site boolMxedge - To use Site mxedges when this WLAN does not use mxtunnel
- Coa
Enabled bool - Enabled bool
- Idle
Timeout string - Mxcluster
Ids []string - To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- Proxy
Hosts []string - Default is site.mxedge.radsec.proxy_hosts which must be a superset of all
wlans[*].radsec.proxy_hosts. Whenradsec.proxy_hostsare not used, tunnel peers (org or site mxedges) are used irrespective ofuse_site_mxedge - Server
Name string - Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- Servers
[]Wlan
Radsec Server - List of RadSec Servers. Only if not Mist Edge.
- Use
Mxedge bool - use mxedge(s) as RadSec Proxy
- Use
Site boolMxedge - To use Site mxedges when this WLAN does not use mxtunnel
- coa
Enabled Boolean - enabled Boolean
- idle
Timeout String - mxcluster
Ids List<String> - To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- proxy
Hosts List<String> - Default is site.mxedge.radsec.proxy_hosts which must be a superset of all
wlans[*].radsec.proxy_hosts. Whenradsec.proxy_hostsare not used, tunnel peers (org or site mxedges) are used irrespective ofuse_site_mxedge - server
Name String - Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- servers
List<Wlan
Radsec Server> - List of RadSec Servers. Only if not Mist Edge.
- use
Mxedge Boolean - use mxedge(s) as RadSec Proxy
- use
Site BooleanMxedge - To use Site mxedges when this WLAN does not use mxtunnel
- coa
Enabled boolean - enabled boolean
- idle
Timeout string - mxcluster
Ids string[] - To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- proxy
Hosts string[] - Default is site.mxedge.radsec.proxy_hosts which must be a superset of all
wlans[*].radsec.proxy_hosts. Whenradsec.proxy_hostsare not used, tunnel peers (org or site mxedges) are used irrespective ofuse_site_mxedge - server
Name string - Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- servers
Wlan
Radsec Server[] - List of RadSec Servers. Only if not Mist Edge.
- use
Mxedge boolean - use mxedge(s) as RadSec Proxy
- use
Site booleanMxedge - To use Site mxedges when this WLAN does not use mxtunnel
- coa_
enabled bool - enabled bool
- idle_
timeout str - mxcluster_
ids Sequence[str] - To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- proxy_
hosts Sequence[str] - Default is site.mxedge.radsec.proxy_hosts which must be a superset of all
wlans[*].radsec.proxy_hosts. Whenradsec.proxy_hostsare not used, tunnel peers (org or site mxedges) are used irrespective ofuse_site_mxedge - server_
name str - Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- servers
Sequence[Wlan
Radsec Server] - List of RadSec Servers. Only if not Mist Edge.
- use_
mxedge bool - use mxedge(s) as RadSec Proxy
- use_
site_ boolmxedge - To use Site mxedges when this WLAN does not use mxtunnel
- coa
Enabled Boolean - enabled Boolean
- idle
Timeout String - mxcluster
Ids List<String> - To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- proxy
Hosts List<String> - Default is site.mxedge.radsec.proxy_hosts which must be a superset of all
wlans[*].radsec.proxy_hosts. Whenradsec.proxy_hostsare not used, tunnel peers (org or site mxedges) are used irrespective ofuse_site_mxedge - server
Name String - Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- servers List<Property Map>
- List of RadSec Servers. Only if not Mist Edge.
- use
Mxedge Boolean - use mxedge(s) as RadSec Proxy
- use
Site BooleanMxedge - To use Site mxedges when this WLAN does not use mxtunnel
WlanRadsecServer, WlanRadsecServerArgs
WlanRateset, WlanRatesetArgs
- Eht string
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - He string
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - Ht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - Legacies List<string>
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - Min
Rssi int - Minimum RSSI for client to connect, 0 means not enforcing
- Template string
- Data Rates template to apply. enum:
no-legacy: no 11bcompatible: all, like before, default setting that Broadcom/Atheros usedlegacy-only: disable 802.11n and 802.11achigh-density: no 11b, no low ratescustom: user defined
- Vht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- Eht string
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - He string
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - Ht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - Legacies []string
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - Min
Rssi int - Minimum RSSI for client to connect, 0 means not enforcing
- Template string
- Data Rates template to apply. enum:
no-legacy: no 11bcompatible: all, like before, default setting that Broadcom/Atheros usedlegacy-only: disable 802.11n and 802.11achigh-density: no 11b, no low ratescustom: user defined
- Vht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht String
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - he String
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - ht String
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - legacies List<String>
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - min
Rssi Integer - Minimum RSSI for client to connect, 0 means not enforcing
- template String
- Data Rates template to apply. enum:
no-legacy: no 11bcompatible: all, like before, default setting that Broadcom/Atheros usedlegacy-only: disable 802.11n and 802.11achigh-density: no 11b, no low ratescustom: user defined
- vht String
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht string
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - he string
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - ht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - legacies string[]
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - min
Rssi number - Minimum RSSI for client to connect, 0 means not enforcing
- template string
- Data Rates template to apply. enum:
no-legacy: no 11bcompatible: all, like before, default setting that Broadcom/Atheros usedlegacy-only: disable 802.11n and 802.11achigh-density: no 11b, no low ratescustom: user defined
- vht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht str
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - he str
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - ht str
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - legacies Sequence[str]
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - min_
rssi int - Minimum RSSI for client to connect, 0 means not enforcing
- template str
- Data Rates template to apply. enum:
no-legacy: no 11bcompatible: all, like before, default setting that Broadcom/Atheros usedlegacy-only: disable 802.11n and 802.11achigh-density: no 11b, no low ratescustom: user defined
- vht str
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht String
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - he String
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - ht String
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - legacies List<String>
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - min
Rssi Number - Minimum RSSI for client to connect, 0 means not enforcing
- template String
- Data Rates template to apply. enum:
no-legacy: no 11bcompatible: all, like before, default setting that Broadcom/Atheros usedlegacy-only: disable 802.11n and 802.11achigh-density: no 11b, no low ratescustom: user defined
- vht String
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
WlanSchedule, WlanScheduleArgs
- Enabled bool
- Hours
Pulumi.
Juniper Mist. Site. Inputs. Wlan Schedule Hours - Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
- Enabled bool
- Hours
Wlan
Schedule Hours - Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
- enabled Boolean
- hours
Wlan
Schedule Hours - Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
- enabled boolean
- hours
Wlan
Schedule Hours - Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
- enabled bool
- hours
Wlan
Schedule Hours - Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
- enabled Boolean
- hours Property Map
- Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
WlanScheduleHours, WlanScheduleHoursArgs
- Fri string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - Mon string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - Sat string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - Sun string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - Thu string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - Tue string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - Wed string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Fri string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - Mon string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - Sat string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - Sun string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - Thu string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - Tue string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - Wed string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- fri String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - mon String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - sat String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - sun String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - thu String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - tue String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - wed String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- fri string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - mon string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - sat string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - sun string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - thu string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - tue string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - wed string
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- fri str
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - mon str
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - sat str
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - sun str
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - thu str
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - tue str
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - wed str
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- fri String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - mon String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - sat String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - sun String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - thu String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - tue String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59. - wed String
- Hour range of the day (e.g.
09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
Import
Using pulumi import, import mist_site_wlan with:
Site WLAN can be imported by specifying the site_id and the wlan_id
$ pulumi import junipermist:site/wlan:Wlan wlan_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- junipermist pulumi/pulumi-junipermist
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mistTerraform Provider.
