published on Friday, Jul 10, 2026 by Pulumi
published on Friday, Jul 10, 2026 by Pulumi
This resource manages the Site Wlans. The WLAN object contains all the required configuration to broadcast an SSID (Authentication, VLAN, …)
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as junipermist from "@pulumi/juniper-mist";
const wlanOne = new junipermist.site.Wlan("wlan_one", {
ssid: "wlan_one",
siteId: terraformTest.id,
bands: [
"5",
"6",
],
vlanEnabled: true,
vlanId: "143",
wlanLimitUp: "10000",
wlanLimitDown: "20000",
clientLimitUp: "512",
clientLimitDown: "1000",
auth: {
type: "psk",
psk: "secretpsk",
},
"interface": "all",
});
import pulumi
import pulumi_juniper_mist as junipermist
wlan_one = junipermist.site.Wlan("wlan_one",
ssid="wlan_one",
site_id=terraform_test["id"],
bands=[
"5",
"6",
],
vlan_enabled=True,
vlan_id="143",
wlan_limit_up="10000",
wlan_limit_down="20000",
client_limit_up="512",
client_limit_down="1000",
auth={
"type": "psk",
"psk": "secretpsk",
},
interface="all")
package main
import (
"github.com/pulumi/pulumi-junipermist/sdk/go/junipermist/site"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := site.NewWlan(ctx, "wlan_one", &site.WlanArgs{
Ssid: pulumi.String("wlan_one"),
SiteId: pulumi.Any(terraformTest.Id),
Bands: pulumi.StringArray{
pulumi.String("5"),
pulumi.String("6"),
},
VlanEnabled: pulumi.Bool(true),
VlanId: pulumi.String("143"),
WlanLimitUp: pulumi.String("10000"),
WlanLimitDown: pulumi.String("20000"),
ClientLimitUp: pulumi.String("512"),
ClientLimitDown: pulumi.String("1000"),
Auth: &site.WlanAuthArgs{
Type: pulumi.String("psk"),
Psk: pulumi.String("secretpsk"),
},
Interface: pulumi.String("all"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using JuniperMist = Pulumi.JuniperMist;
return await Deployment.RunAsync(() =>
{
var wlanOne = new JuniperMist.Site.Wlan("wlan_one", new()
{
Ssid = "wlan_one",
SiteId = terraformTest.Id,
Bands = new[]
{
"5",
"6",
},
VlanEnabled = true,
VlanId = "143",
WlanLimitUp = "10000",
WlanLimitDown = "20000",
ClientLimitUp = "512",
ClientLimitDown = "1000",
Auth = new JuniperMist.Site.Inputs.WlanAuthArgs
{
Type = "psk",
Psk = "secretpsk",
},
Interface = "all",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.junipermist.site.Wlan;
import com.pulumi.junipermist.site.WlanArgs;
import com.pulumi.junipermist.site.inputs.WlanAuthArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var wlanOne = new Wlan("wlanOne", WlanArgs.builder()
.ssid("wlan_one")
.siteId(terraformTest.id())
.bands(
"5",
"6")
.vlanEnabled(true)
.vlanId("143")
.wlanLimitUp("10000")
.wlanLimitDown("20000")
.clientLimitUp("512")
.clientLimitDown("1000")
.auth(WlanAuthArgs.builder()
.type("psk")
.psk("secretpsk")
.build())
.interface_("all")
.build());
}
}
resources:
wlanOne:
type: junipermist:site:Wlan
name: wlan_one
properties:
ssid: wlan_one
siteId: ${terraformTest.id}
bands:
- '5'
- '6'
vlanEnabled: true
vlanId: 143
wlanLimitUp: 10000
wlanLimitDown: 20000
clientLimitUp: 512
clientLimitDown: 1000
auth:
type: psk
psk: secretpsk
interface: all
pulumi {
required_providers {
junipermist = {
source = "pulumi/junipermist"
}
}
}
resource "junipermist_site_wlan" "wlan_one" {
ssid = "wlan_one"
site_id = terraformTest.id
bands = ["5", "6"]
vlan_enabled = true
vlan_id = 143
wlan_limit_up = 10000
wlan_limit_down = 20000
client_limit_up = 512
client_limit_down = 1000
auth = {
type = "psk"
psk = "secretpsk"
}
interface = "all"
}
Create Wlan Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Wlan(name: string, args: WlanArgs, opts?: CustomResourceOptions);@overload
def Wlan(resource_name: str,
args: WlanArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Wlan(resource_name: str,
opts: Optional[ResourceOptions] = None,
site_id: Optional[str] = None,
ssid: Optional[str] = None,
acct_immediate_update: Optional[bool] = None,
acct_interim_interval: Optional[int] = None,
acct_servers: Optional[Sequence[WlanAcctServerArgs]] = None,
airwatch: Optional[WlanAirwatchArgs] = None,
allow_ipv6_ndp: Optional[bool] = None,
allow_mdns: Optional[bool] = None,
allow_ssdp: Optional[bool] = None,
ap_ids: Optional[Sequence[str]] = None,
app_limit: Optional[WlanAppLimitArgs] = None,
app_qos: Optional[WlanAppQosArgs] = None,
apply_to: Optional[str] = None,
arp_filter: Optional[bool] = None,
auth: Optional[WlanAuthArgs] = None,
auth_server_selection: Optional[str] = None,
auth_servers: Optional[Sequence[WlanAuthServerArgs]] = None,
auth_servers_nas_id: Optional[str] = None,
auth_servers_nas_ip: Optional[str] = None,
auth_servers_retries: Optional[int] = None,
auth_servers_timeout: Optional[int] = None,
band_steer: Optional[bool] = None,
band_steer_force_band5: Optional[bool] = None,
bands: Optional[Sequence[str]] = None,
block_blacklist_clients: Optional[bool] = None,
bonjour: Optional[WlanBonjourArgs] = None,
cisco_cwa: Optional[WlanCiscoCwaArgs] = None,
client_limit_down: Optional[str] = None,
client_limit_down_enabled: Optional[bool] = None,
client_limit_up: Optional[str] = None,
client_limit_up_enabled: Optional[bool] = None,
coa_servers: Optional[Sequence[WlanCoaServerArgs]] = None,
disable11ax: Optional[bool] = None,
disable11be: Optional[bool] = None,
disable_ht_vht_rates: Optional[bool] = None,
disable_message_authenticator_check: Optional[bool] = None,
disable_uapsd: Optional[bool] = None,
disable_v1_roam_notify: Optional[bool] = None,
disable_v2_roam_notify: Optional[bool] = None,
disable_when_gateway_unreachable: Optional[bool] = None,
disable_when_mxtunnel_down: Optional[bool] = None,
disable_wmm: Optional[bool] = None,
dns_server_rewrite: Optional[WlanDnsServerRewriteArgs] = None,
dtim: Optional[int] = None,
dynamic_psk: Optional[WlanDynamicPskArgs] = None,
dynamic_vlan: Optional[WlanDynamicVlanArgs] = None,
enable_ftm: Optional[bool] = None,
enable_local_keycaching: Optional[bool] = None,
enable_wireless_bridging: Optional[bool] = None,
enable_wireless_bridging_dhcp_tracking: Optional[bool] = None,
enabled: Optional[bool] = None,
fast_dot1x_timers: Optional[bool] = None,
hide_ssid: Optional[bool] = None,
hostname_ie: Optional[bool] = None,
hotspot20: Optional[WlanHotspot20Args] = None,
inject_dhcp_option82: Optional[WlanInjectDhcpOption82Args] = None,
interface: Optional[str] = None,
isolation: Optional[bool] = None,
l2_isolation: Optional[bool] = None,
legacy_overds: Optional[bool] = None,
limit_bcast: Optional[bool] = None,
limit_probe_response: Optional[bool] = None,
max_idletime: Optional[int] = None,
max_num_clients: Optional[int] = None,
mist_nac: Optional[WlanMistNacArgs] = None,
mxtunnel_ids: Optional[Sequence[str]] = None,
mxtunnel_names: Optional[Sequence[str]] = None,
no_static_dns: Optional[bool] = None,
no_static_ip: Optional[bool] = None,
portal: Optional[WlanPortalArgs] = None,
portal_allowed_hostnames: Optional[Sequence[str]] = None,
portal_allowed_subnets: Optional[Sequence[str]] = None,
portal_denied_hostnames: Optional[Sequence[str]] = None,
qos: Optional[WlanQosArgs] = None,
radsec: Optional[WlanRadsecArgs] = None,
rateset: Optional[Mapping[str, WlanRatesetArgs]] = None,
reconnect_clients_when_roaming_mxcluster: Optional[bool] = None,
roam_mode: Optional[str] = None,
schedule: Optional[WlanScheduleArgs] = None,
sle_excluded: Optional[bool] = None,
use_eapol_v1: Optional[bool] = None,
vlan_enabled: Optional[bool] = None,
vlan_id: Optional[str] = None,
vlan_ids: Optional[Sequence[str]] = None,
vlan_pooling: Optional[bool] = None,
wlan_limit_down: Optional[str] = None,
wlan_limit_down_enabled: Optional[bool] = None,
wlan_limit_up: Optional[str] = None,
wlan_limit_up_enabled: Optional[bool] = None,
wxtag_ids: Optional[Sequence[str]] = None,
wxtunnel_id: Optional[str] = None,
wxtunnel_remote_id: Optional[str] = None)func NewWlan(ctx *Context, name string, args WlanArgs, opts ...ResourceOption) (*Wlan, error)public Wlan(string name, WlanArgs args, CustomResourceOptions? opts = null)type: junipermist:site:Wlan
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "junipermist_site_wlan" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WlanArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var junipermistWlanResource = new JuniperMist.Site.Wlan("junipermistWlanResource", new()
{
SiteId = "string",
Ssid = "string",
AcctImmediateUpdate = false,
AcctInterimInterval = 0,
AcctServers = new[]
{
new JuniperMist.Site.Inputs.WlanAcctServerArgs
{
Host = "string",
Secret = "string",
KeywrapEnabled = false,
KeywrapFormat = "string",
KeywrapKek = "string",
KeywrapMack = "string",
Port = "string",
},
},
Airwatch = new JuniperMist.Site.Inputs.WlanAirwatchArgs
{
ApiKey = "string",
ConsoleUrl = "string",
Enabled = false,
Password = "string",
Username = "string",
},
AllowIpv6Ndp = false,
AllowMdns = false,
AllowSsdp = false,
ApIds = new[]
{
"string",
},
AppLimit = new JuniperMist.Site.Inputs.WlanAppLimitArgs
{
Apps =
{
{ "string", 0 },
},
Enabled = false,
WxtagIds =
{
{ "string", 0 },
},
},
AppQos = new JuniperMist.Site.Inputs.WlanAppQosArgs
{
Apps =
{
{ "string", new JuniperMist.Site.Inputs.WlanAppQosAppsArgs
{
Dscp = "string",
DstSubnet = "string",
SrcSubnet = "string",
} },
},
Enabled = false,
Others = new[]
{
new JuniperMist.Site.Inputs.WlanAppQosOtherArgs
{
Dscp = "string",
DstSubnet = "string",
PortRanges = "string",
Protocol = "string",
SrcSubnet = "string",
},
},
},
ApplyTo = "string",
ArpFilter = false,
Auth = new JuniperMist.Site.Inputs.WlanAuthArgs
{
AnticlogThreshold = 0,
EapReauth = false,
EnableBeaconProtection = false,
EnableGcmp256 = false,
EnableMacAuth = false,
KeyIdx = 0,
Keys = new[]
{
"string",
},
MultiPskOnly = false,
Owe = "string",
Pairwises = new[]
{
"string",
},
PrivateWlan = false,
Psk = "string",
Type = "string",
WepAsSecondaryAuth = false,
},
AuthServerSelection = "string",
AuthServers = new[]
{
new JuniperMist.Site.Inputs.WlanAuthServerArgs
{
Host = "string",
Secret = "string",
KeywrapEnabled = false,
KeywrapFormat = "string",
KeywrapKek = "string",
KeywrapMack = "string",
Port = "string",
RequireMessageAuthenticator = false,
},
},
AuthServersNasId = "string",
AuthServersNasIp = "string",
AuthServersRetries = 0,
AuthServersTimeout = 0,
BandSteer = false,
BandSteerForceBand5 = false,
Bands = new[]
{
"string",
},
BlockBlacklistClients = false,
Bonjour = new JuniperMist.Site.Inputs.WlanBonjourArgs
{
AdditionalVlanIds = new[]
{
"string",
},
Enabled = false,
Services =
{
{ "string", new JuniperMist.Site.Inputs.WlanBonjourServicesArgs
{
DisableLocal = false,
RadiusGroups = new[]
{
"string",
},
Scope = "string",
} },
},
},
CiscoCwa = new JuniperMist.Site.Inputs.WlanCiscoCwaArgs
{
AllowedHostnames = new[]
{
"string",
},
AllowedSubnets = new[]
{
"string",
},
BlockedSubnets = new[]
{
"string",
},
Enabled = false,
},
ClientLimitDown = "string",
ClientLimitDownEnabled = false,
ClientLimitUp = "string",
ClientLimitUpEnabled = false,
CoaServers = new[]
{
new JuniperMist.Site.Inputs.WlanCoaServerArgs
{
Ip = "string",
Secret = "string",
DisableEventTimestampCheck = false,
Enabled = false,
Port = "string",
},
},
Disable11ax = false,
Disable11be = false,
DisableHtVhtRates = false,
DisableMessageAuthenticatorCheck = false,
DisableUapsd = false,
DisableV1RoamNotify = false,
DisableV2RoamNotify = false,
DisableWhenGatewayUnreachable = false,
DisableWhenMxtunnelDown = false,
DisableWmm = false,
DnsServerRewrite = new JuniperMist.Site.Inputs.WlanDnsServerRewriteArgs
{
Enabled = false,
RadiusGroups =
{
{ "string", "string" },
},
},
Dtim = 0,
DynamicPsk = new JuniperMist.Site.Inputs.WlanDynamicPskArgs
{
DefaultPsk = "string",
DefaultVlanId = "string",
Enabled = false,
ForceLookup = false,
Source = "string",
},
DynamicVlan = new JuniperMist.Site.Inputs.WlanDynamicVlanArgs
{
DefaultVlanIds = new[]
{
"string",
},
Enabled = false,
LocalVlanIds = new[]
{
"string",
},
Type = "string",
Vlans =
{
{ "string", "string" },
},
},
EnableFtm = false,
EnableLocalKeycaching = false,
EnableWirelessBridging = false,
EnableWirelessBridgingDhcpTracking = false,
Enabled = false,
FastDot1xTimers = false,
HideSsid = false,
HostnameIe = false,
Hotspot20 = new JuniperMist.Site.Inputs.WlanHotspot20Args
{
DomainNames = new[]
{
"string",
},
Enabled = false,
NaiRealms = new[]
{
"string",
},
Operators = new[]
{
"string",
},
Rcois = new[]
{
"string",
},
VenueName = "string",
},
InjectDhcpOption82 = new JuniperMist.Site.Inputs.WlanInjectDhcpOption82Args
{
CircuitId = "string",
Enabled = false,
},
Interface = "string",
Isolation = false,
L2Isolation = false,
LegacyOverds = false,
LimitBcast = false,
LimitProbeResponse = false,
MaxIdletime = 0,
MaxNumClients = 0,
MistNac = new JuniperMist.Site.Inputs.WlanMistNacArgs
{
AcctInterimInterval = 0,
AuthServersRetries = 0,
AuthServersTimeout = 0,
CoaEnabled = false,
CoaPort = 0,
Enabled = false,
FastDot1xTimers = false,
Network = "string",
SourceIp = "string",
},
MxtunnelIds = new[]
{
"string",
},
MxtunnelNames = new[]
{
"string",
},
NoStaticDns = false,
NoStaticIp = false,
Portal = new JuniperMist.Site.Inputs.WlanPortalArgs
{
AllowWlanIdRoam = false,
AmazonClientId = "string",
AmazonClientSecret = "string",
AmazonEmailDomains = new[]
{
"string",
},
AmazonEnabled = false,
AmazonExpire = 0,
Auth = "string",
AzureClientId = "string",
AzureClientSecret = "string",
AzureEnabled = false,
AzureExpire = 0,
AzureTenantId = "string",
BroadnetPassword = "string",
BroadnetSid = "string",
BroadnetUserId = "string",
BypassWhenCloudDown = false,
ClickatellApiKey = "string",
CrossSite = false,
EmailEnabled = false,
Enabled = false,
Expire = 0,
ExternalPortalUrl = "string",
FacebookClientId = "string",
FacebookClientSecret = "string",
FacebookEmailDomains = new[]
{
"string",
},
FacebookEnabled = false,
FacebookExpire = 0,
Forward = false,
ForwardUrl = "string",
GoogleClientId = "string",
GoogleClientSecret = "string",
GoogleEmailDomains = new[]
{
"string",
},
GoogleEnabled = false,
GoogleExpire = 0,
GupshupPassword = "string",
GupshupUserid = "string",
MicrosoftClientId = "string",
MicrosoftClientSecret = "string",
MicrosoftEmailDomains = new[]
{
"string",
},
MicrosoftEnabled = false,
MicrosoftExpire = 0,
PassphraseEnabled = false,
PassphraseExpire = 0,
Password = "string",
PredefinedSponsorsEnabled = false,
PredefinedSponsorsHideEmail = false,
Privacy = false,
PuzzelPassword = "string",
PuzzelServiceId = "string",
PuzzelUsername = "string",
SmsEnabled = false,
SmsExpire = 0,
SmsMessageFormat = "string",
SmsProvider = "string",
SmsglobalApiKey = "string",
SmsglobalApiSecret = "string",
SmsglobalSender = "string",
SponsorAutoApprove = false,
SponsorEmailDomains = new[]
{
"string",
},
SponsorEnabled = false,
SponsorExpire = 0,
SponsorLinkValidityDuration = "string",
SponsorNotifyAll = false,
SponsorStatusNotify = false,
Sponsors =
{
{ "string", "string" },
},
SsoDefaultRole = "string",
SsoForcedRole = "string",
SsoIdpCert = "string",
SsoIdpSignAlgo = "string",
SsoIdpSsoUrl = "string",
SsoIssuer = "string",
SsoNameidFormat = "string",
TelstraClientId = "string",
TelstraClientSecret = "string",
TwilioAuthToken = "string",
TwilioPhoneNumber = "string",
TwilioSid = "string",
},
PortalAllowedHostnames = new[]
{
"string",
},
PortalAllowedSubnets = new[]
{
"string",
},
PortalDeniedHostnames = new[]
{
"string",
},
Qos = new JuniperMist.Site.Inputs.WlanQosArgs
{
Class = "string",
Overwrite = false,
},
Radsec = new JuniperMist.Site.Inputs.WlanRadsecArgs
{
CoaEnabled = false,
Enabled = false,
IdleTimeout = "string",
MxclusterIds = new[]
{
"string",
},
ProxyHosts = new[]
{
"string",
},
ServerName = "string",
Servers = new[]
{
new JuniperMist.Site.Inputs.WlanRadsecServerArgs
{
Host = "string",
Port = 0,
},
},
UseMxedge = false,
UseSiteMxedge = false,
},
Rateset =
{
{ "string", new JuniperMist.Site.Inputs.WlanRatesetArgs
{
Eht = "string",
He = "string",
Ht = "string",
Legacies = new[]
{
"string",
},
MinRssi = 0,
Template = "string",
Vht = "string",
} },
},
ReconnectClientsWhenRoamingMxcluster = false,
RoamMode = "string",
Schedule = new JuniperMist.Site.Inputs.WlanScheduleArgs
{
Enabled = false,
Hours = new JuniperMist.Site.Inputs.WlanScheduleHoursArgs
{
Fri = "string",
Mon = "string",
Sat = "string",
Sun = "string",
Thu = "string",
Tue = "string",
Wed = "string",
},
},
SleExcluded = false,
UseEapolV1 = false,
VlanEnabled = false,
VlanId = "string",
VlanIds = new[]
{
"string",
},
VlanPooling = false,
WlanLimitDown = "string",
WlanLimitDownEnabled = false,
WlanLimitUp = "string",
WlanLimitUpEnabled = false,
WxtagIds = new[]
{
"string",
},
WxtunnelId = "string",
WxtunnelRemoteId = "string",
});
example, err := site.NewWlan(ctx, "junipermistWlanResource", &site.WlanArgs{
SiteId: pulumi.String("string"),
Ssid: pulumi.String("string"),
AcctImmediateUpdate: pulumi.Bool(false),
AcctInterimInterval: pulumi.Int(0),
AcctServers: site.WlanAcctServerArray{
&site.WlanAcctServerArgs{
Host: pulumi.String("string"),
Secret: pulumi.String("string"),
KeywrapEnabled: pulumi.Bool(false),
KeywrapFormat: pulumi.String("string"),
KeywrapKek: pulumi.String("string"),
KeywrapMack: pulumi.String("string"),
Port: pulumi.String("string"),
},
},
Airwatch: &site.WlanAirwatchArgs{
ApiKey: pulumi.String("string"),
ConsoleUrl: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Password: pulumi.String("string"),
Username: pulumi.String("string"),
},
AllowIpv6Ndp: pulumi.Bool(false),
AllowMdns: pulumi.Bool(false),
AllowSsdp: pulumi.Bool(false),
ApIds: pulumi.StringArray{
pulumi.String("string"),
},
AppLimit: &site.WlanAppLimitArgs{
Apps: pulumi.IntMap{
"string": pulumi.Int(0),
},
Enabled: pulumi.Bool(false),
WxtagIds: pulumi.IntMap{
"string": pulumi.Int(0),
},
},
AppQos: &site.WlanAppQosArgs{
Apps: site.WlanAppQosAppsMap{
"string": &site.WlanAppQosAppsArgs{
Dscp: pulumi.String("string"),
DstSubnet: pulumi.String("string"),
SrcSubnet: pulumi.String("string"),
},
},
Enabled: pulumi.Bool(false),
Others: site.WlanAppQosOtherArray{
&site.WlanAppQosOtherArgs{
Dscp: pulumi.String("string"),
DstSubnet: pulumi.String("string"),
PortRanges: pulumi.String("string"),
Protocol: pulumi.String("string"),
SrcSubnet: pulumi.String("string"),
},
},
},
ApplyTo: pulumi.String("string"),
ArpFilter: pulumi.Bool(false),
Auth: &site.WlanAuthArgs{
AnticlogThreshold: pulumi.Int(0),
EapReauth: pulumi.Bool(false),
EnableBeaconProtection: pulumi.Bool(false),
EnableGcmp256: pulumi.Bool(false),
EnableMacAuth: pulumi.Bool(false),
KeyIdx: pulumi.Int(0),
Keys: pulumi.StringArray{
pulumi.String("string"),
},
MultiPskOnly: pulumi.Bool(false),
Owe: pulumi.String("string"),
Pairwises: pulumi.StringArray{
pulumi.String("string"),
},
PrivateWlan: pulumi.Bool(false),
Psk: pulumi.String("string"),
Type: pulumi.String("string"),
WepAsSecondaryAuth: pulumi.Bool(false),
},
AuthServerSelection: pulumi.String("string"),
AuthServers: site.WlanAuthServerArray{
&site.WlanAuthServerArgs{
Host: pulumi.String("string"),
Secret: pulumi.String("string"),
KeywrapEnabled: pulumi.Bool(false),
KeywrapFormat: pulumi.String("string"),
KeywrapKek: pulumi.String("string"),
KeywrapMack: pulumi.String("string"),
Port: pulumi.String("string"),
RequireMessageAuthenticator: pulumi.Bool(false),
},
},
AuthServersNasId: pulumi.String("string"),
AuthServersNasIp: pulumi.String("string"),
AuthServersRetries: pulumi.Int(0),
AuthServersTimeout: pulumi.Int(0),
BandSteer: pulumi.Bool(false),
BandSteerForceBand5: pulumi.Bool(false),
Bands: pulumi.StringArray{
pulumi.String("string"),
},
BlockBlacklistClients: pulumi.Bool(false),
Bonjour: &site.WlanBonjourArgs{
AdditionalVlanIds: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
Services: site.WlanBonjourServicesMap{
"string": &site.WlanBonjourServicesArgs{
DisableLocal: pulumi.Bool(false),
RadiusGroups: pulumi.StringArray{
pulumi.String("string"),
},
Scope: pulumi.String("string"),
},
},
},
CiscoCwa: &site.WlanCiscoCwaArgs{
AllowedHostnames: pulumi.StringArray{
pulumi.String("string"),
},
AllowedSubnets: pulumi.StringArray{
pulumi.String("string"),
},
BlockedSubnets: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
},
ClientLimitDown: pulumi.String("string"),
ClientLimitDownEnabled: pulumi.Bool(false),
ClientLimitUp: pulumi.String("string"),
ClientLimitUpEnabled: pulumi.Bool(false),
CoaServers: site.WlanCoaServerArray{
&site.WlanCoaServerArgs{
Ip: pulumi.String("string"),
Secret: pulumi.String("string"),
DisableEventTimestampCheck: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Port: pulumi.String("string"),
},
},
Disable11ax: pulumi.Bool(false),
Disable11be: pulumi.Bool(false),
DisableHtVhtRates: pulumi.Bool(false),
DisableMessageAuthenticatorCheck: pulumi.Bool(false),
DisableUapsd: pulumi.Bool(false),
DisableV1RoamNotify: pulumi.Bool(false),
DisableV2RoamNotify: pulumi.Bool(false),
DisableWhenGatewayUnreachable: pulumi.Bool(false),
DisableWhenMxtunnelDown: pulumi.Bool(false),
DisableWmm: pulumi.Bool(false),
DnsServerRewrite: &site.WlanDnsServerRewriteArgs{
Enabled: pulumi.Bool(false),
RadiusGroups: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
Dtim: pulumi.Int(0),
DynamicPsk: &site.WlanDynamicPskArgs{
DefaultPsk: pulumi.String("string"),
DefaultVlanId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
ForceLookup: pulumi.Bool(false),
Source: pulumi.String("string"),
},
DynamicVlan: &site.WlanDynamicVlanArgs{
DefaultVlanIds: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
LocalVlanIds: pulumi.StringArray{
pulumi.String("string"),
},
Type: pulumi.String("string"),
Vlans: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
EnableFtm: pulumi.Bool(false),
EnableLocalKeycaching: pulumi.Bool(false),
EnableWirelessBridging: pulumi.Bool(false),
EnableWirelessBridgingDhcpTracking: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
FastDot1xTimers: pulumi.Bool(false),
HideSsid: pulumi.Bool(false),
HostnameIe: pulumi.Bool(false),
Hotspot20: &site.WlanHotspot20Args{
DomainNames: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
NaiRealms: pulumi.StringArray{
pulumi.String("string"),
},
Operators: pulumi.StringArray{
pulumi.String("string"),
},
Rcois: pulumi.StringArray{
pulumi.String("string"),
},
VenueName: pulumi.String("string"),
},
InjectDhcpOption82: &site.WlanInjectDhcpOption82Args{
CircuitId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
Interface: pulumi.String("string"),
Isolation: pulumi.Bool(false),
L2Isolation: pulumi.Bool(false),
LegacyOverds: pulumi.Bool(false),
LimitBcast: pulumi.Bool(false),
LimitProbeResponse: pulumi.Bool(false),
MaxIdletime: pulumi.Int(0),
MaxNumClients: pulumi.Int(0),
MistNac: &site.WlanMistNacArgs{
AcctInterimInterval: pulumi.Int(0),
AuthServersRetries: pulumi.Int(0),
AuthServersTimeout: pulumi.Int(0),
CoaEnabled: pulumi.Bool(false),
CoaPort: pulumi.Int(0),
Enabled: pulumi.Bool(false),
FastDot1xTimers: pulumi.Bool(false),
Network: pulumi.String("string"),
SourceIp: pulumi.String("string"),
},
MxtunnelIds: pulumi.StringArray{
pulumi.String("string"),
},
MxtunnelNames: pulumi.StringArray{
pulumi.String("string"),
},
NoStaticDns: pulumi.Bool(false),
NoStaticIp: pulumi.Bool(false),
Portal: &site.WlanPortalArgs{
AllowWlanIdRoam: pulumi.Bool(false),
AmazonClientId: pulumi.String("string"),
AmazonClientSecret: pulumi.String("string"),
AmazonEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
AmazonEnabled: pulumi.Bool(false),
AmazonExpire: pulumi.Int(0),
Auth: pulumi.String("string"),
AzureClientId: pulumi.String("string"),
AzureClientSecret: pulumi.String("string"),
AzureEnabled: pulumi.Bool(false),
AzureExpire: pulumi.Int(0),
AzureTenantId: pulumi.String("string"),
BroadnetPassword: pulumi.String("string"),
BroadnetSid: pulumi.String("string"),
BroadnetUserId: pulumi.String("string"),
BypassWhenCloudDown: pulumi.Bool(false),
ClickatellApiKey: pulumi.String("string"),
CrossSite: pulumi.Bool(false),
EmailEnabled: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Expire: pulumi.Int(0),
ExternalPortalUrl: pulumi.String("string"),
FacebookClientId: pulumi.String("string"),
FacebookClientSecret: pulumi.String("string"),
FacebookEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
FacebookEnabled: pulumi.Bool(false),
FacebookExpire: pulumi.Int(0),
Forward: pulumi.Bool(false),
ForwardUrl: pulumi.String("string"),
GoogleClientId: pulumi.String("string"),
GoogleClientSecret: pulumi.String("string"),
GoogleEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
GoogleEnabled: pulumi.Bool(false),
GoogleExpire: pulumi.Int(0),
GupshupPassword: pulumi.String("string"),
GupshupUserid: pulumi.String("string"),
MicrosoftClientId: pulumi.String("string"),
MicrosoftClientSecret: pulumi.String("string"),
MicrosoftEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
MicrosoftEnabled: pulumi.Bool(false),
MicrosoftExpire: pulumi.Int(0),
PassphraseEnabled: pulumi.Bool(false),
PassphraseExpire: pulumi.Int(0),
Password: pulumi.String("string"),
PredefinedSponsorsEnabled: pulumi.Bool(false),
PredefinedSponsorsHideEmail: pulumi.Bool(false),
Privacy: pulumi.Bool(false),
PuzzelPassword: pulumi.String("string"),
PuzzelServiceId: pulumi.String("string"),
PuzzelUsername: pulumi.String("string"),
SmsEnabled: pulumi.Bool(false),
SmsExpire: pulumi.Int(0),
SmsMessageFormat: pulumi.String("string"),
SmsProvider: pulumi.String("string"),
SmsglobalApiKey: pulumi.String("string"),
SmsglobalApiSecret: pulumi.String("string"),
SmsglobalSender: pulumi.String("string"),
SponsorAutoApprove: pulumi.Bool(false),
SponsorEmailDomains: pulumi.StringArray{
pulumi.String("string"),
},
SponsorEnabled: pulumi.Bool(false),
SponsorExpire: pulumi.Int(0),
SponsorLinkValidityDuration: pulumi.String("string"),
SponsorNotifyAll: pulumi.Bool(false),
SponsorStatusNotify: pulumi.Bool(false),
Sponsors: pulumi.StringMap{
"string": pulumi.String("string"),
},
SsoDefaultRole: pulumi.String("string"),
SsoForcedRole: pulumi.String("string"),
SsoIdpCert: pulumi.String("string"),
SsoIdpSignAlgo: pulumi.String("string"),
SsoIdpSsoUrl: pulumi.String("string"),
SsoIssuer: pulumi.String("string"),
SsoNameidFormat: pulumi.String("string"),
TelstraClientId: pulumi.String("string"),
TelstraClientSecret: pulumi.String("string"),
TwilioAuthToken: pulumi.String("string"),
TwilioPhoneNumber: pulumi.String("string"),
TwilioSid: pulumi.String("string"),
},
PortalAllowedHostnames: pulumi.StringArray{
pulumi.String("string"),
},
PortalAllowedSubnets: pulumi.StringArray{
pulumi.String("string"),
},
PortalDeniedHostnames: pulumi.StringArray{
pulumi.String("string"),
},
Qos: &site.WlanQosArgs{
Class: pulumi.String("string"),
Overwrite: pulumi.Bool(false),
},
Radsec: &site.WlanRadsecArgs{
CoaEnabled: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
IdleTimeout: pulumi.String("string"),
MxclusterIds: pulumi.StringArray{
pulumi.String("string"),
},
ProxyHosts: pulumi.StringArray{
pulumi.String("string"),
},
ServerName: pulumi.String("string"),
Servers: site.WlanRadsecServerArray{
&site.WlanRadsecServerArgs{
Host: pulumi.String("string"),
Port: pulumi.Int(0),
},
},
UseMxedge: pulumi.Bool(false),
UseSiteMxedge: pulumi.Bool(false),
},
Rateset: site.WlanRatesetMap{
"string": &site.WlanRatesetArgs{
Eht: pulumi.String("string"),
He: pulumi.String("string"),
Ht: pulumi.String("string"),
Legacies: pulumi.StringArray{
pulumi.String("string"),
},
MinRssi: pulumi.Int(0),
Template: pulumi.String("string"),
Vht: pulumi.String("string"),
},
},
ReconnectClientsWhenRoamingMxcluster: pulumi.Bool(false),
RoamMode: pulumi.String("string"),
Schedule: &site.WlanScheduleArgs{
Enabled: pulumi.Bool(false),
Hours: &site.WlanScheduleHoursArgs{
Fri: pulumi.String("string"),
Mon: pulumi.String("string"),
Sat: pulumi.String("string"),
Sun: pulumi.String("string"),
Thu: pulumi.String("string"),
Tue: pulumi.String("string"),
Wed: pulumi.String("string"),
},
},
SleExcluded: pulumi.Bool(false),
UseEapolV1: pulumi.Bool(false),
VlanEnabled: pulumi.Bool(false),
VlanId: pulumi.String("string"),
VlanIds: pulumi.StringArray{
pulumi.String("string"),
},
VlanPooling: pulumi.Bool(false),
WlanLimitDown: pulumi.String("string"),
WlanLimitDownEnabled: pulumi.Bool(false),
WlanLimitUp: pulumi.String("string"),
WlanLimitUpEnabled: pulumi.Bool(false),
WxtagIds: pulumi.StringArray{
pulumi.String("string"),
},
WxtunnelId: pulumi.String("string"),
WxtunnelRemoteId: pulumi.String("string"),
})
resource "junipermist_site_wlan" "junipermistWlanResource" {
site_id = "string"
ssid = "string"
acct_immediate_update = false
acct_interim_interval = 0
acct_servers {
host = "string"
secret = "string"
keywrap_enabled = false
keywrap_format = "string"
keywrap_kek = "string"
keywrap_mack = "string"
port = "string"
}
airwatch = {
api_key = "string"
console_url = "string"
enabled = false
password = "string"
username = "string"
}
allow_ipv6_ndp = false
allow_mdns = false
allow_ssdp = false
ap_ids = ["string"]
app_limit = {
apps = {
"string" = 0
}
enabled = false
wxtag_ids = {
"string" = 0
}
}
app_qos = {
apps = {
"string" = {
dscp = "string"
dst_subnet = "string"
src_subnet = "string"
}
}
enabled = false
others = [{
"dscp" = "string"
"dstSubnet" = "string"
"portRanges" = "string"
"protocol" = "string"
"srcSubnet" = "string"
}]
}
apply_to = "string"
arp_filter = false
auth = {
anticlog_threshold = 0
eap_reauth = false
enable_beacon_protection = false
enable_gcmp256 = false
enable_mac_auth = false
key_idx = 0
keys = ["string"]
multi_psk_only = false
owe = "string"
pairwises = ["string"]
private_wlan = false
psk = "string"
type = "string"
wep_as_secondary_auth = false
}
auth_server_selection = "string"
auth_servers {
host = "string"
secret = "string"
keywrap_enabled = false
keywrap_format = "string"
keywrap_kek = "string"
keywrap_mack = "string"
port = "string"
require_message_authenticator = false
}
auth_servers_nas_id = "string"
auth_servers_nas_ip = "string"
auth_servers_retries = 0
auth_servers_timeout = 0
band_steer = false
band_steer_force_band5 = false
bands = ["string"]
block_blacklist_clients = false
bonjour = {
additional_vlan_ids = ["string"]
enabled = false
services = {
"string" = {
disable_local = false
radius_groups = ["string"]
scope = "string"
}
}
}
cisco_cwa = {
allowed_hostnames = ["string"]
allowed_subnets = ["string"]
blocked_subnets = ["string"]
enabled = false
}
client_limit_down = "string"
client_limit_down_enabled = false
client_limit_up = "string"
client_limit_up_enabled = false
coa_servers {
ip = "string"
secret = "string"
disable_event_timestamp_check = false
enabled = false
port = "string"
}
disable11ax = false
disable11be = false
disable_ht_vht_rates = false
disable_message_authenticator_check = false
disable_uapsd = false
disable_v1_roam_notify = false
disable_v2_roam_notify = false
disable_when_gateway_unreachable = false
disable_when_mxtunnel_down = false
disable_wmm = false
dns_server_rewrite = {
enabled = false
radius_groups = {
"string" = "string"
}
}
dtim = 0
dynamic_psk = {
default_psk = "string"
default_vlan_id = "string"
enabled = false
force_lookup = false
source = "string"
}
dynamic_vlan = {
default_vlan_ids = ["string"]
enabled = false
local_vlan_ids = ["string"]
type = "string"
vlans = {
"string" = "string"
}
}
enable_ftm = false
enable_local_keycaching = false
enable_wireless_bridging = false
enable_wireless_bridging_dhcp_tracking = false
enabled = false
fast_dot1x_timers = false
hide_ssid = false
hostname_ie = false
hotspot20 = {
domain_names = ["string"]
enabled = false
nai_realms = ["string"]
operators = ["string"]
rcois = ["string"]
venue_name = "string"
}
inject_dhcp_option82 = {
circuit_id = "string"
enabled = false
}
interface = "string"
isolation = false
l2_isolation = false
legacy_overds = false
limit_bcast = false
limit_probe_response = false
max_idletime = 0
max_num_clients = 0
mist_nac = {
acct_interim_interval = 0
auth_servers_retries = 0
auth_servers_timeout = 0
coa_enabled = false
coa_port = 0
enabled = false
fast_dot1x_timers = false
network = "string"
source_ip = "string"
}
mxtunnel_ids = ["string"]
mxtunnel_names = ["string"]
no_static_dns = false
no_static_ip = false
portal = {
allow_wlan_id_roam = false
amazon_client_id = "string"
amazon_client_secret = "string"
amazon_email_domains = ["string"]
amazon_enabled = false
amazon_expire = 0
auth = "string"
azure_client_id = "string"
azure_client_secret = "string"
azure_enabled = false
azure_expire = 0
azure_tenant_id = "string"
broadnet_password = "string"
broadnet_sid = "string"
broadnet_user_id = "string"
bypass_when_cloud_down = false
clickatell_api_key = "string"
cross_site = false
email_enabled = false
enabled = false
expire = 0
external_portal_url = "string"
facebook_client_id = "string"
facebook_client_secret = "string"
facebook_email_domains = ["string"]
facebook_enabled = false
facebook_expire = 0
forward = false
forward_url = "string"
google_client_id = "string"
google_client_secret = "string"
google_email_domains = ["string"]
google_enabled = false
google_expire = 0
gupshup_password = "string"
gupshup_userid = "string"
microsoft_client_id = "string"
microsoft_client_secret = "string"
microsoft_email_domains = ["string"]
microsoft_enabled = false
microsoft_expire = 0
passphrase_enabled = false
passphrase_expire = 0
password = "string"
predefined_sponsors_enabled = false
predefined_sponsors_hide_email = false
privacy = false
puzzel_password = "string"
puzzel_service_id = "string"
puzzel_username = "string"
sms_enabled = false
sms_expire = 0
sms_message_format = "string"
sms_provider = "string"
smsglobal_api_key = "string"
smsglobal_api_secret = "string"
smsglobal_sender = "string"
sponsor_auto_approve = false
sponsor_email_domains = ["string"]
sponsor_enabled = false
sponsor_expire = 0
sponsor_link_validity_duration = "string"
sponsor_notify_all = false
sponsor_status_notify = false
sponsors = {
"string" = "string"
}
sso_default_role = "string"
sso_forced_role = "string"
sso_idp_cert = "string"
sso_idp_sign_algo = "string"
sso_idp_sso_url = "string"
sso_issuer = "string"
sso_nameid_format = "string"
telstra_client_id = "string"
telstra_client_secret = "string"
twilio_auth_token = "string"
twilio_phone_number = "string"
twilio_sid = "string"
}
portal_allowed_hostnames = ["string"]
portal_allowed_subnets = ["string"]
portal_denied_hostnames = ["string"]
qos = {
class = "string"
overwrite = false
}
radsec = {
coa_enabled = false
enabled = false
idle_timeout = "string"
mxcluster_ids = ["string"]
proxy_hosts = ["string"]
server_name = "string"
servers = [{
"host" = "string"
"port" = 0
}]
use_mxedge = false
use_site_mxedge = false
}
rateset = {
"string" = {
eht = "string"
he = "string"
ht = "string"
legacies = ["string"]
min_rssi = 0
template = "string"
vht = "string"
}
}
reconnect_clients_when_roaming_mxcluster = false
roam_mode = "string"
schedule = {
enabled = false
hours = {
fri = "string"
mon = "string"
sat = "string"
sun = "string"
thu = "string"
tue = "string"
wed = "string"
}
}
sle_excluded = false
use_eapol_v1 = false
vlan_enabled = false
vlan_id = "string"
vlan_ids = ["string"]
vlan_pooling = false
wlan_limit_down = "string"
wlan_limit_down_enabled = false
wlan_limit_up = "string"
wlan_limit_up_enabled = false
wxtag_ids = ["string"]
wxtunnel_id = "string"
wxtunnel_remote_id = "string"
}
var junipermistWlanResource = new com.pulumi.junipermist.site.Wlan("junipermistWlanResource", com.pulumi.junipermist.site.WlanArgs.builder()
.siteId("string")
.ssid("string")
.acctImmediateUpdate(false)
.acctInterimInterval(0)
.acctServers(com.pulumi.junipermist.site.inputs.WlanAcctServerArgs.builder()
.host("string")
.secret("string")
.keywrapEnabled(false)
.keywrapFormat("string")
.keywrapKek("string")
.keywrapMack("string")
.port("string")
.build())
.airwatch(com.pulumi.junipermist.site.inputs.WlanAirwatchArgs.builder()
.apiKey("string")
.consoleUrl("string")
.enabled(false)
.password("string")
.username("string")
.build())
.allowIpv6Ndp(false)
.allowMdns(false)
.allowSsdp(false)
.apIds("string")
.appLimit(com.pulumi.junipermist.site.inputs.WlanAppLimitArgs.builder()
.apps(Map.of("string", 0))
.enabled(false)
.wxtagIds(Map.of("string", 0))
.build())
.appQos(com.pulumi.junipermist.site.inputs.WlanAppQosArgs.builder()
.apps(Map.of("string", com.pulumi.junipermist.site.inputs.WlanAppQosAppsArgs.builder()
.dscp("string")
.dstSubnet("string")
.srcSubnet("string")
.build()))
.enabled(false)
.others(com.pulumi.junipermist.site.inputs.WlanAppQosOtherArgs.builder()
.dscp("string")
.dstSubnet("string")
.portRanges("string")
.protocol("string")
.srcSubnet("string")
.build())
.build())
.applyTo("string")
.arpFilter(false)
.auth(com.pulumi.junipermist.site.inputs.WlanAuthArgs.builder()
.anticlogThreshold(0)
.eapReauth(false)
.enableBeaconProtection(false)
.enableGcmp256(false)
.enableMacAuth(false)
.keyIdx(0)
.keys("string")
.multiPskOnly(false)
.owe("string")
.pairwises("string")
.privateWlan(false)
.psk("string")
.type("string")
.wepAsSecondaryAuth(false)
.build())
.authServerSelection("string")
.authServers(com.pulumi.junipermist.site.inputs.WlanAuthServerArgs.builder()
.host("string")
.secret("string")
.keywrapEnabled(false)
.keywrapFormat("string")
.keywrapKek("string")
.keywrapMack("string")
.port("string")
.requireMessageAuthenticator(false)
.build())
.authServersNasId("string")
.authServersNasIp("string")
.authServersRetries(0)
.authServersTimeout(0)
.bandSteer(false)
.bandSteerForceBand5(false)
.bands("string")
.blockBlacklistClients(false)
.bonjour(com.pulumi.junipermist.site.inputs.WlanBonjourArgs.builder()
.additionalVlanIds("string")
.enabled(false)
.services(Map.of("string", com.pulumi.junipermist.site.inputs.WlanBonjourServicesArgs.builder()
.disableLocal(false)
.radiusGroups("string")
.scope("string")
.build()))
.build())
.ciscoCwa(com.pulumi.junipermist.site.inputs.WlanCiscoCwaArgs.builder()
.allowedHostnames("string")
.allowedSubnets("string")
.blockedSubnets("string")
.enabled(false)
.build())
.clientLimitDown("string")
.clientLimitDownEnabled(false)
.clientLimitUp("string")
.clientLimitUpEnabled(false)
.coaServers(com.pulumi.junipermist.site.inputs.WlanCoaServerArgs.builder()
.ip("string")
.secret("string")
.disableEventTimestampCheck(false)
.enabled(false)
.port("string")
.build())
.disable11ax(false)
.disable11be(false)
.disableHtVhtRates(false)
.disableMessageAuthenticatorCheck(false)
.disableUapsd(false)
.disableV1RoamNotify(false)
.disableV2RoamNotify(false)
.disableWhenGatewayUnreachable(false)
.disableWhenMxtunnelDown(false)
.disableWmm(false)
.dnsServerRewrite(com.pulumi.junipermist.site.inputs.WlanDnsServerRewriteArgs.builder()
.enabled(false)
.radiusGroups(Map.of("string", "string"))
.build())
.dtim(0)
.dynamicPsk(com.pulumi.junipermist.site.inputs.WlanDynamicPskArgs.builder()
.defaultPsk("string")
.defaultVlanId("string")
.enabled(false)
.forceLookup(false)
.source("string")
.build())
.dynamicVlan(com.pulumi.junipermist.site.inputs.WlanDynamicVlanArgs.builder()
.defaultVlanIds("string")
.enabled(false)
.localVlanIds("string")
.type("string")
.vlans(Map.of("string", "string"))
.build())
.enableFtm(false)
.enableLocalKeycaching(false)
.enableWirelessBridging(false)
.enableWirelessBridgingDhcpTracking(false)
.enabled(false)
.fastDot1xTimers(false)
.hideSsid(false)
.hostnameIe(false)
.hotspot20(com.pulumi.junipermist.site.inputs.WlanHotspot20Args.builder()
.domainNames("string")
.enabled(false)
.naiRealms("string")
.operators("string")
.rcois("string")
.venueName("string")
.build())
.injectDhcpOption82(com.pulumi.junipermist.site.inputs.WlanInjectDhcpOption82Args.builder()
.circuitId("string")
.enabled(false)
.build())
.interface_("string")
.isolation(false)
.l2Isolation(false)
.legacyOverds(false)
.limitBcast(false)
.limitProbeResponse(false)
.maxIdletime(0)
.maxNumClients(0)
.mistNac(com.pulumi.junipermist.site.inputs.WlanMistNacArgs.builder()
.acctInterimInterval(0)
.authServersRetries(0)
.authServersTimeout(0)
.coaEnabled(false)
.coaPort(0)
.enabled(false)
.fastDot1xTimers(false)
.network("string")
.sourceIp("string")
.build())
.mxtunnelIds("string")
.mxtunnelNames("string")
.noStaticDns(false)
.noStaticIp(false)
.portal(com.pulumi.junipermist.site.inputs.WlanPortalArgs.builder()
.allowWlanIdRoam(false)
.amazonClientId("string")
.amazonClientSecret("string")
.amazonEmailDomains("string")
.amazonEnabled(false)
.amazonExpire(0)
.auth("string")
.azureClientId("string")
.azureClientSecret("string")
.azureEnabled(false)
.azureExpire(0)
.azureTenantId("string")
.broadnetPassword("string")
.broadnetSid("string")
.broadnetUserId("string")
.bypassWhenCloudDown(false)
.clickatellApiKey("string")
.crossSite(false)
.emailEnabled(false)
.enabled(false)
.expire(0)
.externalPortalUrl("string")
.facebookClientId("string")
.facebookClientSecret("string")
.facebookEmailDomains("string")
.facebookEnabled(false)
.facebookExpire(0)
.forward(false)
.forwardUrl("string")
.googleClientId("string")
.googleClientSecret("string")
.googleEmailDomains("string")
.googleEnabled(false)
.googleExpire(0)
.gupshupPassword("string")
.gupshupUserid("string")
.microsoftClientId("string")
.microsoftClientSecret("string")
.microsoftEmailDomains("string")
.microsoftEnabled(false)
.microsoftExpire(0)
.passphraseEnabled(false)
.passphraseExpire(0)
.password("string")
.predefinedSponsorsEnabled(false)
.predefinedSponsorsHideEmail(false)
.privacy(false)
.puzzelPassword("string")
.puzzelServiceId("string")
.puzzelUsername("string")
.smsEnabled(false)
.smsExpire(0)
.smsMessageFormat("string")
.smsProvider("string")
.smsglobalApiKey("string")
.smsglobalApiSecret("string")
.smsglobalSender("string")
.sponsorAutoApprove(false)
.sponsorEmailDomains("string")
.sponsorEnabled(false)
.sponsorExpire(0)
.sponsorLinkValidityDuration("string")
.sponsorNotifyAll(false)
.sponsorStatusNotify(false)
.sponsors(Map.of("string", "string"))
.ssoDefaultRole("string")
.ssoForcedRole("string")
.ssoIdpCert("string")
.ssoIdpSignAlgo("string")
.ssoIdpSsoUrl("string")
.ssoIssuer("string")
.ssoNameidFormat("string")
.telstraClientId("string")
.telstraClientSecret("string")
.twilioAuthToken("string")
.twilioPhoneNumber("string")
.twilioSid("string")
.build())
.portalAllowedHostnames("string")
.portalAllowedSubnets("string")
.portalDeniedHostnames("string")
.qos(com.pulumi.junipermist.site.inputs.WlanQosArgs.builder()
.class_("string")
.overwrite(false)
.build())
.radsec(com.pulumi.junipermist.site.inputs.WlanRadsecArgs.builder()
.coaEnabled(false)
.enabled(false)
.idleTimeout("string")
.mxclusterIds("string")
.proxyHosts("string")
.serverName("string")
.servers(com.pulumi.junipermist.site.inputs.WlanRadsecServerArgs.builder()
.host("string")
.port(0)
.build())
.useMxedge(false)
.useSiteMxedge(false)
.build())
.rateset(Map.of("string", com.pulumi.junipermist.site.inputs.WlanRatesetArgs.builder()
.eht("string")
.he("string")
.ht("string")
.legacies("string")
.minRssi(0)
.template("string")
.vht("string")
.build()))
.reconnectClientsWhenRoamingMxcluster(false)
.roamMode("string")
.schedule(com.pulumi.junipermist.site.inputs.WlanScheduleArgs.builder()
.enabled(false)
.hours(com.pulumi.junipermist.site.inputs.WlanScheduleHoursArgs.builder()
.fri("string")
.mon("string")
.sat("string")
.sun("string")
.thu("string")
.tue("string")
.wed("string")
.build())
.build())
.sleExcluded(false)
.useEapolV1(false)
.vlanEnabled(false)
.vlanId("string")
.vlanIds("string")
.vlanPooling(false)
.wlanLimitDown("string")
.wlanLimitDownEnabled(false)
.wlanLimitUp("string")
.wlanLimitUpEnabled(false)
.wxtagIds("string")
.wxtunnelId("string")
.wxtunnelRemoteId("string")
.build());
junipermist_wlan_resource = junipermist.site.Wlan("junipermistWlanResource",
site_id="string",
ssid="string",
acct_immediate_update=False,
acct_interim_interval=0,
acct_servers=[{
"host": "string",
"secret": "string",
"keywrap_enabled": False,
"keywrap_format": "string",
"keywrap_kek": "string",
"keywrap_mack": "string",
"port": "string",
}],
airwatch={
"api_key": "string",
"console_url": "string",
"enabled": False,
"password": "string",
"username": "string",
},
allow_ipv6_ndp=False,
allow_mdns=False,
allow_ssdp=False,
ap_ids=["string"],
app_limit={
"apps": {
"string": 0,
},
"enabled": False,
"wxtag_ids": {
"string": 0,
},
},
app_qos={
"apps": {
"string": {
"dscp": "string",
"dst_subnet": "string",
"src_subnet": "string",
},
},
"enabled": False,
"others": [{
"dscp": "string",
"dst_subnet": "string",
"port_ranges": "string",
"protocol": "string",
"src_subnet": "string",
}],
},
apply_to="string",
arp_filter=False,
auth={
"anticlog_threshold": 0,
"eap_reauth": False,
"enable_beacon_protection": False,
"enable_gcmp256": False,
"enable_mac_auth": False,
"key_idx": 0,
"keys": ["string"],
"multi_psk_only": False,
"owe": "string",
"pairwises": ["string"],
"private_wlan": False,
"psk": "string",
"type": "string",
"wep_as_secondary_auth": False,
},
auth_server_selection="string",
auth_servers=[{
"host": "string",
"secret": "string",
"keywrap_enabled": False,
"keywrap_format": "string",
"keywrap_kek": "string",
"keywrap_mack": "string",
"port": "string",
"require_message_authenticator": False,
}],
auth_servers_nas_id="string",
auth_servers_nas_ip="string",
auth_servers_retries=0,
auth_servers_timeout=0,
band_steer=False,
band_steer_force_band5=False,
bands=["string"],
block_blacklist_clients=False,
bonjour={
"additional_vlan_ids": ["string"],
"enabled": False,
"services": {
"string": {
"disable_local": False,
"radius_groups": ["string"],
"scope": "string",
},
},
},
cisco_cwa={
"allowed_hostnames": ["string"],
"allowed_subnets": ["string"],
"blocked_subnets": ["string"],
"enabled": False,
},
client_limit_down="string",
client_limit_down_enabled=False,
client_limit_up="string",
client_limit_up_enabled=False,
coa_servers=[{
"ip": "string",
"secret": "string",
"disable_event_timestamp_check": False,
"enabled": False,
"port": "string",
}],
disable11ax=False,
disable11be=False,
disable_ht_vht_rates=False,
disable_message_authenticator_check=False,
disable_uapsd=False,
disable_v1_roam_notify=False,
disable_v2_roam_notify=False,
disable_when_gateway_unreachable=False,
disable_when_mxtunnel_down=False,
disable_wmm=False,
dns_server_rewrite={
"enabled": False,
"radius_groups": {
"string": "string",
},
},
dtim=0,
dynamic_psk={
"default_psk": "string",
"default_vlan_id": "string",
"enabled": False,
"force_lookup": False,
"source": "string",
},
dynamic_vlan={
"default_vlan_ids": ["string"],
"enabled": False,
"local_vlan_ids": ["string"],
"type": "string",
"vlans": {
"string": "string",
},
},
enable_ftm=False,
enable_local_keycaching=False,
enable_wireless_bridging=False,
enable_wireless_bridging_dhcp_tracking=False,
enabled=False,
fast_dot1x_timers=False,
hide_ssid=False,
hostname_ie=False,
hotspot20={
"domain_names": ["string"],
"enabled": False,
"nai_realms": ["string"],
"operators": ["string"],
"rcois": ["string"],
"venue_name": "string",
},
inject_dhcp_option82={
"circuit_id": "string",
"enabled": False,
},
interface="string",
isolation=False,
l2_isolation=False,
legacy_overds=False,
limit_bcast=False,
limit_probe_response=False,
max_idletime=0,
max_num_clients=0,
mist_nac={
"acct_interim_interval": 0,
"auth_servers_retries": 0,
"auth_servers_timeout": 0,
"coa_enabled": False,
"coa_port": 0,
"enabled": False,
"fast_dot1x_timers": False,
"network": "string",
"source_ip": "string",
},
mxtunnel_ids=["string"],
mxtunnel_names=["string"],
no_static_dns=False,
no_static_ip=False,
portal={
"allow_wlan_id_roam": False,
"amazon_client_id": "string",
"amazon_client_secret": "string",
"amazon_email_domains": ["string"],
"amazon_enabled": False,
"amazon_expire": 0,
"auth": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"azure_enabled": False,
"azure_expire": 0,
"azure_tenant_id": "string",
"broadnet_password": "string",
"broadnet_sid": "string",
"broadnet_user_id": "string",
"bypass_when_cloud_down": False,
"clickatell_api_key": "string",
"cross_site": False,
"email_enabled": False,
"enabled": False,
"expire": 0,
"external_portal_url": "string",
"facebook_client_id": "string",
"facebook_client_secret": "string",
"facebook_email_domains": ["string"],
"facebook_enabled": False,
"facebook_expire": 0,
"forward": False,
"forward_url": "string",
"google_client_id": "string",
"google_client_secret": "string",
"google_email_domains": ["string"],
"google_enabled": False,
"google_expire": 0,
"gupshup_password": "string",
"gupshup_userid": "string",
"microsoft_client_id": "string",
"microsoft_client_secret": "string",
"microsoft_email_domains": ["string"],
"microsoft_enabled": False,
"microsoft_expire": 0,
"passphrase_enabled": False,
"passphrase_expire": 0,
"password": "string",
"predefined_sponsors_enabled": False,
"predefined_sponsors_hide_email": False,
"privacy": False,
"puzzel_password": "string",
"puzzel_service_id": "string",
"puzzel_username": "string",
"sms_enabled": False,
"sms_expire": 0,
"sms_message_format": "string",
"sms_provider": "string",
"smsglobal_api_key": "string",
"smsglobal_api_secret": "string",
"smsglobal_sender": "string",
"sponsor_auto_approve": False,
"sponsor_email_domains": ["string"],
"sponsor_enabled": False,
"sponsor_expire": 0,
"sponsor_link_validity_duration": "string",
"sponsor_notify_all": False,
"sponsor_status_notify": False,
"sponsors": {
"string": "string",
},
"sso_default_role": "string",
"sso_forced_role": "string",
"sso_idp_cert": "string",
"sso_idp_sign_algo": "string",
"sso_idp_sso_url": "string",
"sso_issuer": "string",
"sso_nameid_format": "string",
"telstra_client_id": "string",
"telstra_client_secret": "string",
"twilio_auth_token": "string",
"twilio_phone_number": "string",
"twilio_sid": "string",
},
portal_allowed_hostnames=["string"],
portal_allowed_subnets=["string"],
portal_denied_hostnames=["string"],
qos={
"class_": "string",
"overwrite": False,
},
radsec={
"coa_enabled": False,
"enabled": False,
"idle_timeout": "string",
"mxcluster_ids": ["string"],
"proxy_hosts": ["string"],
"server_name": "string",
"servers": [{
"host": "string",
"port": 0,
}],
"use_mxedge": False,
"use_site_mxedge": False,
},
rateset={
"string": {
"eht": "string",
"he": "string",
"ht": "string",
"legacies": ["string"],
"min_rssi": 0,
"template": "string",
"vht": "string",
},
},
reconnect_clients_when_roaming_mxcluster=False,
roam_mode="string",
schedule={
"enabled": False,
"hours": {
"fri": "string",
"mon": "string",
"sat": "string",
"sun": "string",
"thu": "string",
"tue": "string",
"wed": "string",
},
},
sle_excluded=False,
use_eapol_v1=False,
vlan_enabled=False,
vlan_id="string",
vlan_ids=["string"],
vlan_pooling=False,
wlan_limit_down="string",
wlan_limit_down_enabled=False,
wlan_limit_up="string",
wlan_limit_up_enabled=False,
wxtag_ids=["string"],
wxtunnel_id="string",
wxtunnel_remote_id="string")
const junipermistWlanResource = new junipermist.site.Wlan("junipermistWlanResource", {
siteId: "string",
ssid: "string",
acctImmediateUpdate: false,
acctInterimInterval: 0,
acctServers: [{
host: "string",
secret: "string",
keywrapEnabled: false,
keywrapFormat: "string",
keywrapKek: "string",
keywrapMack: "string",
port: "string",
}],
airwatch: {
apiKey: "string",
consoleUrl: "string",
enabled: false,
password: "string",
username: "string",
},
allowIpv6Ndp: false,
allowMdns: false,
allowSsdp: false,
apIds: ["string"],
appLimit: {
apps: {
string: 0,
},
enabled: false,
wxtagIds: {
string: 0,
},
},
appQos: {
apps: {
string: {
dscp: "string",
dstSubnet: "string",
srcSubnet: "string",
},
},
enabled: false,
others: [{
dscp: "string",
dstSubnet: "string",
portRanges: "string",
protocol: "string",
srcSubnet: "string",
}],
},
applyTo: "string",
arpFilter: false,
auth: {
anticlogThreshold: 0,
eapReauth: false,
enableBeaconProtection: false,
enableGcmp256: false,
enableMacAuth: false,
keyIdx: 0,
keys: ["string"],
multiPskOnly: false,
owe: "string",
pairwises: ["string"],
privateWlan: false,
psk: "string",
type: "string",
wepAsSecondaryAuth: false,
},
authServerSelection: "string",
authServers: [{
host: "string",
secret: "string",
keywrapEnabled: false,
keywrapFormat: "string",
keywrapKek: "string",
keywrapMack: "string",
port: "string",
requireMessageAuthenticator: false,
}],
authServersNasId: "string",
authServersNasIp: "string",
authServersRetries: 0,
authServersTimeout: 0,
bandSteer: false,
bandSteerForceBand5: false,
bands: ["string"],
blockBlacklistClients: false,
bonjour: {
additionalVlanIds: ["string"],
enabled: false,
services: {
string: {
disableLocal: false,
radiusGroups: ["string"],
scope: "string",
},
},
},
ciscoCwa: {
allowedHostnames: ["string"],
allowedSubnets: ["string"],
blockedSubnets: ["string"],
enabled: false,
},
clientLimitDown: "string",
clientLimitDownEnabled: false,
clientLimitUp: "string",
clientLimitUpEnabled: false,
coaServers: [{
ip: "string",
secret: "string",
disableEventTimestampCheck: false,
enabled: false,
port: "string",
}],
disable11ax: false,
disable11be: false,
disableHtVhtRates: false,
disableMessageAuthenticatorCheck: false,
disableUapsd: false,
disableV1RoamNotify: false,
disableV2RoamNotify: false,
disableWhenGatewayUnreachable: false,
disableWhenMxtunnelDown: false,
disableWmm: false,
dnsServerRewrite: {
enabled: false,
radiusGroups: {
string: "string",
},
},
dtim: 0,
dynamicPsk: {
defaultPsk: "string",
defaultVlanId: "string",
enabled: false,
forceLookup: false,
source: "string",
},
dynamicVlan: {
defaultVlanIds: ["string"],
enabled: false,
localVlanIds: ["string"],
type: "string",
vlans: {
string: "string",
},
},
enableFtm: false,
enableLocalKeycaching: false,
enableWirelessBridging: false,
enableWirelessBridgingDhcpTracking: false,
enabled: false,
fastDot1xTimers: false,
hideSsid: false,
hostnameIe: false,
hotspot20: {
domainNames: ["string"],
enabled: false,
naiRealms: ["string"],
operators: ["string"],
rcois: ["string"],
venueName: "string",
},
injectDhcpOption82: {
circuitId: "string",
enabled: false,
},
"interface": "string",
isolation: false,
l2Isolation: false,
legacyOverds: false,
limitBcast: false,
limitProbeResponse: false,
maxIdletime: 0,
maxNumClients: 0,
mistNac: {
acctInterimInterval: 0,
authServersRetries: 0,
authServersTimeout: 0,
coaEnabled: false,
coaPort: 0,
enabled: false,
fastDot1xTimers: false,
network: "string",
sourceIp: "string",
},
mxtunnelIds: ["string"],
mxtunnelNames: ["string"],
noStaticDns: false,
noStaticIp: false,
portal: {
allowWlanIdRoam: false,
amazonClientId: "string",
amazonClientSecret: "string",
amazonEmailDomains: ["string"],
amazonEnabled: false,
amazonExpire: 0,
auth: "string",
azureClientId: "string",
azureClientSecret: "string",
azureEnabled: false,
azureExpire: 0,
azureTenantId: "string",
broadnetPassword: "string",
broadnetSid: "string",
broadnetUserId: "string",
bypassWhenCloudDown: false,
clickatellApiKey: "string",
crossSite: false,
emailEnabled: false,
enabled: false,
expire: 0,
externalPortalUrl: "string",
facebookClientId: "string",
facebookClientSecret: "string",
facebookEmailDomains: ["string"],
facebookEnabled: false,
facebookExpire: 0,
forward: false,
forwardUrl: "string",
googleClientId: "string",
googleClientSecret: "string",
googleEmailDomains: ["string"],
googleEnabled: false,
googleExpire: 0,
gupshupPassword: "string",
gupshupUserid: "string",
microsoftClientId: "string",
microsoftClientSecret: "string",
microsoftEmailDomains: ["string"],
microsoftEnabled: false,
microsoftExpire: 0,
passphraseEnabled: false,
passphraseExpire: 0,
password: "string",
predefinedSponsorsEnabled: false,
predefinedSponsorsHideEmail: false,
privacy: false,
puzzelPassword: "string",
puzzelServiceId: "string",
puzzelUsername: "string",
smsEnabled: false,
smsExpire: 0,
smsMessageFormat: "string",
smsProvider: "string",
smsglobalApiKey: "string",
smsglobalApiSecret: "string",
smsglobalSender: "string",
sponsorAutoApprove: false,
sponsorEmailDomains: ["string"],
sponsorEnabled: false,
sponsorExpire: 0,
sponsorLinkValidityDuration: "string",
sponsorNotifyAll: false,
sponsorStatusNotify: false,
sponsors: {
string: "string",
},
ssoDefaultRole: "string",
ssoForcedRole: "string",
ssoIdpCert: "string",
ssoIdpSignAlgo: "string",
ssoIdpSsoUrl: "string",
ssoIssuer: "string",
ssoNameidFormat: "string",
telstraClientId: "string",
telstraClientSecret: "string",
twilioAuthToken: "string",
twilioPhoneNumber: "string",
twilioSid: "string",
},
portalAllowedHostnames: ["string"],
portalAllowedSubnets: ["string"],
portalDeniedHostnames: ["string"],
qos: {
"class": "string",
overwrite: false,
},
radsec: {
coaEnabled: false,
enabled: false,
idleTimeout: "string",
mxclusterIds: ["string"],
proxyHosts: ["string"],
serverName: "string",
servers: [{
host: "string",
port: 0,
}],
useMxedge: false,
useSiteMxedge: false,
},
rateset: {
string: {
eht: "string",
he: "string",
ht: "string",
legacies: ["string"],
minRssi: 0,
template: "string",
vht: "string",
},
},
reconnectClientsWhenRoamingMxcluster: false,
roamMode: "string",
schedule: {
enabled: false,
hours: {
fri: "string",
mon: "string",
sat: "string",
sun: "string",
thu: "string",
tue: "string",
wed: "string",
},
},
sleExcluded: false,
useEapolV1: false,
vlanEnabled: false,
vlanId: "string",
vlanIds: ["string"],
vlanPooling: false,
wlanLimitDown: "string",
wlanLimitDownEnabled: false,
wlanLimitUp: "string",
wlanLimitUpEnabled: false,
wxtagIds: ["string"],
wxtunnelId: "string",
wxtunnelRemoteId: "string",
});
type: junipermist:site:Wlan
properties:
acctImmediateUpdate: false
acctInterimInterval: 0
acctServers:
- host: string
keywrapEnabled: false
keywrapFormat: string
keywrapKek: string
keywrapMack: string
port: string
secret: string
airwatch:
apiKey: string
consoleUrl: string
enabled: false
password: string
username: string
allowIpv6Ndp: false
allowMdns: false
allowSsdp: false
apIds:
- string
appLimit:
apps:
string: 0
enabled: false
wxtagIds:
string: 0
appQos:
apps:
string:
dscp: string
dstSubnet: string
srcSubnet: string
enabled: false
others:
- dscp: string
dstSubnet: string
portRanges: string
protocol: string
srcSubnet: string
applyTo: string
arpFilter: false
auth:
anticlogThreshold: 0
eapReauth: false
enableBeaconProtection: false
enableGcmp256: false
enableMacAuth: false
keyIdx: 0
keys:
- string
multiPskOnly: false
owe: string
pairwises:
- string
privateWlan: false
psk: string
type: string
wepAsSecondaryAuth: false
authServerSelection: string
authServers:
- host: string
keywrapEnabled: false
keywrapFormat: string
keywrapKek: string
keywrapMack: string
port: string
requireMessageAuthenticator: false
secret: string
authServersNasId: string
authServersNasIp: string
authServersRetries: 0
authServersTimeout: 0
bandSteer: false
bandSteerForceBand5: false
bands:
- string
blockBlacklistClients: false
bonjour:
additionalVlanIds:
- string
enabled: false
services:
string:
disableLocal: false
radiusGroups:
- string
scope: string
ciscoCwa:
allowedHostnames:
- string
allowedSubnets:
- string
blockedSubnets:
- string
enabled: false
clientLimitDown: string
clientLimitDownEnabled: false
clientLimitUp: string
clientLimitUpEnabled: false
coaServers:
- disableEventTimestampCheck: false
enabled: false
ip: string
port: string
secret: string
disable11ax: false
disable11be: false
disableHtVhtRates: false
disableMessageAuthenticatorCheck: false
disableUapsd: false
disableV1RoamNotify: false
disableV2RoamNotify: false
disableWhenGatewayUnreachable: false
disableWhenMxtunnelDown: false
disableWmm: false
dnsServerRewrite:
enabled: false
radiusGroups:
string: string
dtim: 0
dynamicPsk:
defaultPsk: string
defaultVlanId: string
enabled: false
forceLookup: false
source: string
dynamicVlan:
defaultVlanIds:
- string
enabled: false
localVlanIds:
- string
type: string
vlans:
string: string
enableFtm: false
enableLocalKeycaching: false
enableWirelessBridging: false
enableWirelessBridgingDhcpTracking: false
enabled: false
fastDot1xTimers: false
hideSsid: false
hostnameIe: false
hotspot20:
domainNames:
- string
enabled: false
naiRealms:
- string
operators:
- string
rcois:
- string
venueName: string
injectDhcpOption82:
circuitId: string
enabled: false
interface: string
isolation: false
l2Isolation: false
legacyOverds: false
limitBcast: false
limitProbeResponse: false
maxIdletime: 0
maxNumClients: 0
mistNac:
acctInterimInterval: 0
authServersRetries: 0
authServersTimeout: 0
coaEnabled: false
coaPort: 0
enabled: false
fastDot1xTimers: false
network: string
sourceIp: string
mxtunnelIds:
- string
mxtunnelNames:
- string
noStaticDns: false
noStaticIp: false
portal:
allowWlanIdRoam: false
amazonClientId: string
amazonClientSecret: string
amazonEmailDomains:
- string
amazonEnabled: false
amazonExpire: 0
auth: string
azureClientId: string
azureClientSecret: string
azureEnabled: false
azureExpire: 0
azureTenantId: string
broadnetPassword: string
broadnetSid: string
broadnetUserId: string
bypassWhenCloudDown: false
clickatellApiKey: string
crossSite: false
emailEnabled: false
enabled: false
expire: 0
externalPortalUrl: string
facebookClientId: string
facebookClientSecret: string
facebookEmailDomains:
- string
facebookEnabled: false
facebookExpire: 0
forward: false
forwardUrl: string
googleClientId: string
googleClientSecret: string
googleEmailDomains:
- string
googleEnabled: false
googleExpire: 0
gupshupPassword: string
gupshupUserid: string
microsoftClientId: string
microsoftClientSecret: string
microsoftEmailDomains:
- string
microsoftEnabled: false
microsoftExpire: 0
passphraseEnabled: false
passphraseExpire: 0
password: string
predefinedSponsorsEnabled: false
predefinedSponsorsHideEmail: false
privacy: false
puzzelPassword: string
puzzelServiceId: string
puzzelUsername: string
smsEnabled: false
smsExpire: 0
smsMessageFormat: string
smsProvider: string
smsglobalApiKey: string
smsglobalApiSecret: string
smsglobalSender: string
sponsorAutoApprove: false
sponsorEmailDomains:
- string
sponsorEnabled: false
sponsorExpire: 0
sponsorLinkValidityDuration: string
sponsorNotifyAll: false
sponsorStatusNotify: false
sponsors:
string: string
ssoDefaultRole: string
ssoForcedRole: string
ssoIdpCert: string
ssoIdpSignAlgo: string
ssoIdpSsoUrl: string
ssoIssuer: string
ssoNameidFormat: string
telstraClientId: string
telstraClientSecret: string
twilioAuthToken: string
twilioPhoneNumber: string
twilioSid: string
portalAllowedHostnames:
- string
portalAllowedSubnets:
- string
portalDeniedHostnames:
- string
qos:
class: string
overwrite: false
radsec:
coaEnabled: false
enabled: false
idleTimeout: string
mxclusterIds:
- string
proxyHosts:
- string
serverName: string
servers:
- host: string
port: 0
useMxedge: false
useSiteMxedge: false
rateset:
string:
eht: string
he: string
ht: string
legacies:
- string
minRssi: 0
template: string
vht: string
reconnectClientsWhenRoamingMxcluster: false
roamMode: string
schedule:
enabled: false
hours:
fri: string
mon: string
sat: string
sun: string
thu: string
tue: string
wed: string
siteId: string
sleExcluded: false
ssid: string
useEapolV1: false
vlanEnabled: false
vlanId: string
vlanIds:
- string
vlanPooling: false
wlanLimitDown: string
wlanLimitDownEnabled: false
wlanLimitUp: string
wlanLimitUpEnabled: false
wxtagIds:
- string
wxtunnelId: string
wxtunnelRemoteId: string
Wlan Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Wlan resource accepts the following input properties:
- Site
Id string - Mist site associated with this WLAN, when site-scoped
- Ssid string
- Name of the SSID
- Acct
Immediate boolUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- Acct
Interim intInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- Acct
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Acct Server> - RADIUS accounting servers used by this WLAN
- Airwatch
Pulumi.
Juniper Mist. Site. Inputs. Wlan Airwatch - Integration settings for AirWatch device compliance on this WLAN
- Allow
Ipv6Ndp bool - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - Allow
Mdns bool - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - Allow
Ssdp bool - Only applicable when
limitBcast==true, which allows SSDP - Ap
Ids List<string> - Access point identifiers used when
applyTo==aps - App
Limit Pulumi.Juniper Mist. Site. Inputs. Wlan App Limit - Bandwidth limits for applications on this WLAN
- App
Qos Pulumi.Juniper Mist. Site. Inputs. Wlan App Qos - QoS rules for application traffic on this WLAN
- Apply
To string - Scope that determines where this WLAN is applied
- Arp
Filter bool - Whether to enable smart arp filter
- Auth
Pulumi.
Juniper Mist. Site. Inputs. Wlan Auth - Settings that control client authentication for this WLAN
- Auth
Server stringSelection - RADIUS authentication server selection behavior for this WLAN
- Auth
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Auth Server> - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - Auth
Servers stringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- Auth
Servers stringNas Ip - Optional, NAS-IP-ADDRESS to use
- Auth
Servers intRetries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- Auth
Servers intTimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- Band
Steer bool - Whether to enable band_steering, this works only when band==both
- Band
Steer boolForce Band5 - Force dualBand capable client to connect to 5G
- Bands List<string>
- list of radios that the wlan should apply to. enum:
24,5,6 - Block
Blacklist boolClients - Whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Pulumi.
Juniper Mist. Site. Inputs. Wlan Bonjour - Service discovery gateway settings for Bonjour traffic on this WLAN
- Cisco
Cwa Pulumi.Juniper Mist. Site. Inputs. Wlan Cisco Cwa - Central web authentication settings for Cisco CWA on this WLAN
- Client
Limit stringDown - Downlink bandwidth limit applied per client
- Client
Limit boolDown Enabled - If downlink limiting per-client is enabled
- Client
Limit stringUp - Uplink bandwidth limit applied per client
- Client
Limit boolUp Enabled - If uplink limiting per-client is enabled
- Coa
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Coa Server> - RADIUS Change of Authorization servers available to this WLAN
- Disable11ax bool
- Some old WLAN drivers may not be compatible
- Disable11be bool
- To disable Wi-Fi 7 EHT IEs
- Disable
Ht boolVht Rates - To disable ht or vht rates
- Disable
Message boolAuthenticator Check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- Disable
Uapsd bool - Whether to disable U-APSD
- Disable
V1Roam boolNotify - Disable sending v2 roam notification messages
- Disable
V2Roam boolNotify - Disable sending v2 roam notification messages
- Disable
When boolGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- Disable
When boolMxtunnel Down - Whether to disable this WLAN when the configured Mist tunnel is down
- Disable
Wmm bool - Whether to disable WMM
- Dns
Server Pulumi.Rewrite Juniper Mist. Site. Inputs. Wlan Dns Server Rewrite - RADIUS group based DNS server rewrite settings for this WLAN
- Dtim int
- Delivery Traffic Indication Message interval for this WLAN
- Dynamic
Psk Pulumi.Juniper Mist. Site. Inputs. Wlan Dynamic Psk - Per-user PSK selection settings for this WLAN
- Dynamic
Vlan Pulumi.Juniper Mist. Site. Inputs. Wlan Dynamic Vlan - VLAN assignment settings for 802.1X dynamic VLANs
- Enable
Ftm bool - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- Enable
Local boolKeycaching - Enable AP-AP keycaching via multicast
- Enable
Wireless boolBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- Enable
Wireless boolBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- If this wlan is enabled
- Fast
Dot1x boolTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- Hide
Ssid bool - Whether to hide SSID in beacon
- Hostname
Ie bool - Include hostname inside IE in AP beacons / probe responses
- Hotspot20
Pulumi.
Juniper Mist. Site. Inputs. Wlan Hotspot20 - Passpoint and Hotspot 2.0 settings for this WLAN
- Inject
Dhcp Pulumi.Option82 Juniper Mist. Site. Inputs. Wlan Inject Dhcp Option82 - DHCP Option 82 insertion settings for this WLAN
- Interface string
- Network interface or tunnel where this WLAN bridges client traffic
- Isolation bool
- Whether to stop clients to talk to each other
- L2Isolation bool
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- Legacy
Overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- Limit
Bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- Limit
Probe boolResponse - Limit probe response base on some heuristic rules
- Max
Idletime int - Max idle time in seconds
- Max
Num intClients - Maximum number of client connected to the SSID.
0means unlimited - Mist
Nac Pulumi.Juniper Mist. Site. Inputs. Wlan Mist Nac - Juniper Mist NAC settings used by this WLAN
- Mxtunnel
Ids List<string> - Mist Tunnel identifiers used when
interface==mxtunnel - Mxtunnel
Names List<string> - Mist Tunnel names used when
interface==siteMxedge - No
Static boolDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- No
Static boolIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- Portal
Pulumi.
Juniper Mist. Site. Inputs. Wlan Portal - Guest portal settings for this WLAN
- Portal
Allowed List<string>Hostnames - Guest portal hostnames that clients may reach before authorization
- Portal
Allowed List<string>Subnets - Guest portal CIDR subnets that clients may reach before authorization
- Portal
Denied List<string>Hostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- Qos
Pulumi.
Juniper Mist. Site. Inputs. Wlan Qos - Quality-of-service settings for WLAN client traffic
- Radsec
Pulumi.
Juniper Mist. Site. Inputs. Wlan Radsec - TLS-secured RADIUS transport settings for this WLAN
- Rateset
Dictionary<string, Pulumi.
Juniper Mist. Site. Inputs. Wlan Rateset Args> - Data rate settings by RF band for this WLAN
- Reconnect
Clients boolWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- Roam
Mode string - Fast roaming mode configured for this WLAN
- Schedule
Pulumi.
Juniper Mist. Site. Inputs. Wlan Schedule - Operating schedule controlling when this WLAN is active
- Sle
Excluded bool - Whether to exclude this WLAN from SLE metrics
- Use
Eapol boolV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - Vlan
Enabled bool - If vlan tagging is enabled
- Vlan
Id string - Default VLAN ID, range, or variable used when
vlanEnabled==true - Vlan
Ids List<string> - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - Vlan
Pooling bool - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - Wlan
Limit stringDown - Downlink bandwidth limit applied to the whole WLAN
- Wlan
Limit boolDown Enabled - If downlink limiting for whole wlan is enabled
- Wlan
Limit stringUp - Uplink bandwidth limit applied to the whole WLAN
- Wlan
Limit boolUp Enabled - If uplink limiting for whole wlan is enabled
- Wxtag
Ids List<string> - Identifiers of WxLAN tags used when
applyTo==wxtags - Wxtunnel
Id string - When
interface=wxtunnel, id of the WXLAN Tunnel - Wxtunnel
Remote stringId - When
interface=wxtunnel, remote tunnel identifier
- Site
Id string - Mist site associated with this WLAN, when site-scoped
- Ssid string
- Name of the SSID
- Acct
Immediate boolUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- Acct
Interim intInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- Acct
Servers []WlanAcct Server Args - RADIUS accounting servers used by this WLAN
- Airwatch
Wlan
Airwatch Args - Integration settings for AirWatch device compliance on this WLAN
- Allow
Ipv6Ndp bool - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - Allow
Mdns bool - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - Allow
Ssdp bool - Only applicable when
limitBcast==true, which allows SSDP - Ap
Ids []string - Access point identifiers used when
applyTo==aps - App
Limit WlanApp Limit Args - Bandwidth limits for applications on this WLAN
- App
Qos WlanApp Qos Args - QoS rules for application traffic on this WLAN
- Apply
To string - Scope that determines where this WLAN is applied
- Arp
Filter bool - Whether to enable smart arp filter
- Auth
Wlan
Auth Args - Settings that control client authentication for this WLAN
- Auth
Server stringSelection - RADIUS authentication server selection behavior for this WLAN
- Auth
Servers []WlanAuth Server Args - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - Auth
Servers stringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- Auth
Servers stringNas Ip - Optional, NAS-IP-ADDRESS to use
- Auth
Servers intRetries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- Auth
Servers intTimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- Band
Steer bool - Whether to enable band_steering, this works only when band==both
- Band
Steer boolForce Band5 - Force dualBand capable client to connect to 5G
- Bands []string
- list of radios that the wlan should apply to. enum:
24,5,6 - Block
Blacklist boolClients - Whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Wlan
Bonjour Args - Service discovery gateway settings for Bonjour traffic on this WLAN
- Cisco
Cwa WlanCisco Cwa Args - Central web authentication settings for Cisco CWA on this WLAN
- Client
Limit stringDown - Downlink bandwidth limit applied per client
- Client
Limit boolDown Enabled - If downlink limiting per-client is enabled
- Client
Limit stringUp - Uplink bandwidth limit applied per client
- Client
Limit boolUp Enabled - If uplink limiting per-client is enabled
- Coa
Servers []WlanCoa Server Args - RADIUS Change of Authorization servers available to this WLAN
- Disable11ax bool
- Some old WLAN drivers may not be compatible
- Disable11be bool
- To disable Wi-Fi 7 EHT IEs
- Disable
Ht boolVht Rates - To disable ht or vht rates
- Disable
Message boolAuthenticator Check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- Disable
Uapsd bool - Whether to disable U-APSD
- Disable
V1Roam boolNotify - Disable sending v2 roam notification messages
- Disable
V2Roam boolNotify - Disable sending v2 roam notification messages
- Disable
When boolGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- Disable
When boolMxtunnel Down - Whether to disable this WLAN when the configured Mist tunnel is down
- Disable
Wmm bool - Whether to disable WMM
- Dns
Server WlanRewrite Dns Server Rewrite Args - RADIUS group based DNS server rewrite settings for this WLAN
- Dtim int
- Delivery Traffic Indication Message interval for this WLAN
- Dynamic
Psk WlanDynamic Psk Args - Per-user PSK selection settings for this WLAN
- Dynamic
Vlan WlanDynamic Vlan Args - VLAN assignment settings for 802.1X dynamic VLANs
- Enable
Ftm bool - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- Enable
Local boolKeycaching - Enable AP-AP keycaching via multicast
- Enable
Wireless boolBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- Enable
Wireless boolBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- If this wlan is enabled
- Fast
Dot1x boolTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- Hide
Ssid bool - Whether to hide SSID in beacon
- Hostname
Ie bool - Include hostname inside IE in AP beacons / probe responses
- Hotspot20
Wlan
Hotspot20Args - Passpoint and Hotspot 2.0 settings for this WLAN
- Inject
Dhcp WlanOption82 Inject Dhcp Option82Args - DHCP Option 82 insertion settings for this WLAN
- Interface string
- Network interface or tunnel where this WLAN bridges client traffic
- Isolation bool
- Whether to stop clients to talk to each other
- L2Isolation bool
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- Legacy
Overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- Limit
Bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- Limit
Probe boolResponse - Limit probe response base on some heuristic rules
- Max
Idletime int - Max idle time in seconds
- Max
Num intClients - Maximum number of client connected to the SSID.
0means unlimited - Mist
Nac WlanMist Nac Args - Juniper Mist NAC settings used by this WLAN
- Mxtunnel
Ids []string - Mist Tunnel identifiers used when
interface==mxtunnel - Mxtunnel
Names []string - Mist Tunnel names used when
interface==siteMxedge - No
Static boolDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- No
Static boolIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- Portal
Wlan
Portal Args - Guest portal settings for this WLAN
- Portal
Allowed []stringHostnames - Guest portal hostnames that clients may reach before authorization
- Portal
Allowed []stringSubnets - Guest portal CIDR subnets that clients may reach before authorization
- Portal
Denied []stringHostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- Qos
Wlan
Qos Args - Quality-of-service settings for WLAN client traffic
- Radsec
Wlan
Radsec Args - TLS-secured RADIUS transport settings for this WLAN
- Rateset
map[string]Wlan
Rateset Args - Data rate settings by RF band for this WLAN
- Reconnect
Clients boolWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- Roam
Mode string - Fast roaming mode configured for this WLAN
- Schedule
Wlan
Schedule Args - Operating schedule controlling when this WLAN is active
- Sle
Excluded bool - Whether to exclude this WLAN from SLE metrics
- Use
Eapol boolV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - Vlan
Enabled bool - If vlan tagging is enabled
- Vlan
Id string - Default VLAN ID, range, or variable used when
vlanEnabled==true - Vlan
Ids []string - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - Vlan
Pooling bool - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - Wlan
Limit stringDown - Downlink bandwidth limit applied to the whole WLAN
- Wlan
Limit boolDown Enabled - If downlink limiting for whole wlan is enabled
- Wlan
Limit stringUp - Uplink bandwidth limit applied to the whole WLAN
- Wlan
Limit boolUp Enabled - If uplink limiting for whole wlan is enabled
- Wxtag
Ids []string - Identifiers of WxLAN tags used when
applyTo==wxtags - Wxtunnel
Id string - When
interface=wxtunnel, id of the WXLAN Tunnel - Wxtunnel
Remote stringId - When
interface=wxtunnel, remote tunnel identifier
- site_
id string - Mist site associated with this WLAN, when site-scoped
- ssid string
- Name of the SSID
- acct_
immediate_ boolupdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct_
interim_ numberinterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- acct_
servers list(object) - RADIUS accounting servers used by this WLAN
- airwatch object
- Integration settings for AirWatch device compliance on this WLAN
- allow_
ipv6_ boolndp - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - allow_
mdns bool - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - allow_
ssdp bool - Only applicable when
limitBcast==true, which allows SSDP - ap_
ids list(string) - Access point identifiers used when
applyTo==aps - app_
limit object - Bandwidth limits for applications on this WLAN
- app_
qos object - QoS rules for application traffic on this WLAN
- apply_
to string - Scope that determines where this WLAN is applied
- arp_
filter bool - Whether to enable smart arp filter
- auth object
- Settings that control client authentication for this WLAN
- auth_
server_ stringselection - RADIUS authentication server selection behavior for this WLAN
- auth_
servers list(object) - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - auth_
servers_ stringnas_ id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth_
servers_ stringnas_ ip - Optional, NAS-IP-ADDRESS to use
- auth_
servers_ numberretries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- auth_
servers_ numbertimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- band_
steer bool - Whether to enable band_steering, this works only when band==both
- band_
steer_ boolforce_ band5 - Force dualBand capable client to connect to 5G
- bands list(string)
- list of radios that the wlan should apply to. enum:
24,5,6 - block_
blacklist_ boolclients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour object
- Service discovery gateway settings for Bonjour traffic on this WLAN
- cisco_
cwa object - Central web authentication settings for Cisco CWA on this WLAN
- client_
limit_ stringdown - Downlink bandwidth limit applied per client
- client_
limit_ booldown_ enabled - If downlink limiting per-client is enabled
- client_
limit_ stringup - Uplink bandwidth limit applied per client
- client_
limit_ boolup_ enabled - If uplink limiting per-client is enabled
- coa_
servers list(object) - RADIUS Change of Authorization servers available to this WLAN
- disable11ax bool
- Some old WLAN drivers may not be compatible
- disable11be bool
- To disable Wi-Fi 7 EHT IEs
- disable_
ht_ boolvht_ rates - To disable ht or vht rates
- disable_
message_ boolauthenticator_ check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- disable_
uapsd bool - Whether to disable U-APSD
- disable_
v1_ boolroam_ notify - Disable sending v2 roam notification messages
- disable_
v2_ boolroam_ notify - Disable sending v2 roam notification messages
- disable_
when_ boolgateway_ unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable_
when_ boolmxtunnel_ down - Whether to disable this WLAN when the configured Mist tunnel is down
- disable_
wmm bool - Whether to disable WMM
- dns_
server_ objectrewrite - RADIUS group based DNS server rewrite settings for this WLAN
- dtim number
- Delivery Traffic Indication Message interval for this WLAN
- dynamic_
psk object - Per-user PSK selection settings for this WLAN
- dynamic_
vlan object - VLAN assignment settings for 802.1X dynamic VLANs
- enable_
ftm bool - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- enable_
local_ boolkeycaching - Enable AP-AP keycaching via multicast
- enable_
wireless_ boolbridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- enable_
wireless_ boolbridging_ dhcp_ tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- enabled bool
- If this wlan is enabled
- fast_
dot1x_ booltimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide_
ssid bool - Whether to hide SSID in beacon
- hostname_
ie bool - Include hostname inside IE in AP beacons / probe responses
- hotspot20 object
- Passpoint and Hotspot 2.0 settings for this WLAN
- inject_
dhcp_ objectoption82 - DHCP Option 82 insertion settings for this WLAN
- interface string
- Network interface or tunnel where this WLAN bridges client traffic
- isolation bool
- Whether to stop clients to talk to each other
- l2_
isolation bool - If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy_
overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit_
bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit_
probe_ boolresponse - Limit probe response base on some heuristic rules
- max_
idletime number - Max idle time in seconds
- max_
num_ numberclients - Maximum number of client connected to the SSID.
0means unlimited - mist_
nac object - Juniper Mist NAC settings used by this WLAN
- mxtunnel_
ids list(string) - Mist Tunnel identifiers used when
interface==mxtunnel - mxtunnel_
names list(string) - Mist Tunnel names used when
interface==siteMxedge - no_
static_ booldns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no_
static_ boolip - Whether to only allow client that we’ve learned from DHCP exchange to talk
- portal object
- Guest portal settings for this WLAN
- portal_
allowed_ list(string)hostnames - Guest portal hostnames that clients may reach before authorization
- portal_
allowed_ list(string)subnets - Guest portal CIDR subnets that clients may reach before authorization
- portal_
denied_ list(string)hostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- qos object
- Quality-of-service settings for WLAN client traffic
- radsec object
- TLS-secured RADIUS transport settings for this WLAN
- rateset map(object)
- Data rate settings by RF band for this WLAN
- reconnect_
clients_ boolwhen_ roaming_ mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam_
mode string - Fast roaming mode configured for this WLAN
- schedule object
- Operating schedule controlling when this WLAN is active
- sle_
excluded bool - Whether to exclude this WLAN from SLE metrics
- use_
eapol_ boolv1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan_
enabled bool - If vlan tagging is enabled
- vlan_
id string - Default VLAN ID, range, or variable used when
vlanEnabled==true - vlan_
ids list(string) - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - vlan_
pooling bool - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan_
limit_ stringdown - Downlink bandwidth limit applied to the whole WLAN
- wlan_
limit_ booldown_ enabled - If downlink limiting for whole wlan is enabled
- wlan_
limit_ stringup - Uplink bandwidth limit applied to the whole WLAN
- wlan_
limit_ boolup_ enabled - If uplink limiting for whole wlan is enabled
- wxtag_
ids list(string) - Identifiers of WxLAN tags used when
applyTo==wxtags - wxtunnel_
id string - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel_
remote_ stringid - When
interface=wxtunnel, remote tunnel identifier
- site
Id String - Mist site associated with this WLAN, when site-scoped
- ssid String
- Name of the SSID
- acct
Immediate BooleanUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim IntegerInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- acct
Servers List<WlanAcct Server> - RADIUS accounting servers used by this WLAN
- airwatch
Wlan
Airwatch - Integration settings for AirWatch device compliance on this WLAN
- allow
Ipv6Ndp Boolean - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - allow
Mdns Boolean - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - allow
Ssdp Boolean - Only applicable when
limitBcast==true, which allows SSDP - ap
Ids List<String> - Access point identifiers used when
applyTo==aps - app
Limit WlanApp Limit - Bandwidth limits for applications on this WLAN
- app
Qos WlanApp Qos - QoS rules for application traffic on this WLAN
- apply
To String - Scope that determines where this WLAN is applied
- arp
Filter Boolean - Whether to enable smart arp filter
- auth
Wlan
Auth - Settings that control client authentication for this WLAN
- auth
Server StringSelection - RADIUS authentication server selection behavior for this WLAN
- auth
Servers List<WlanAuth Server> - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - auth
Servers StringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers StringNas Ip - Optional, NAS-IP-ADDRESS to use
- auth
Servers IntegerRetries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- auth
Servers IntegerTimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- band
Steer Boolean - Whether to enable band_steering, this works only when band==both
- band
Steer BooleanForce Band5 - Force dualBand capable client to connect to 5G
- bands List<String>
- list of radios that the wlan should apply to. enum:
24,5,6 - block
Blacklist BooleanClients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour - Service discovery gateway settings for Bonjour traffic on this WLAN
- cisco
Cwa WlanCisco Cwa - Central web authentication settings for Cisco CWA on this WLAN
- client
Limit StringDown - Downlink bandwidth limit applied per client
- client
Limit BooleanDown Enabled - If downlink limiting per-client is enabled
- client
Limit StringUp - Uplink bandwidth limit applied per client
- client
Limit BooleanUp Enabled - If uplink limiting per-client is enabled
- coa
Servers List<WlanCoa Server> - RADIUS Change of Authorization servers available to this WLAN
- disable11ax Boolean
- Some old WLAN drivers may not be compatible
- disable11be Boolean
- To disable Wi-Fi 7 EHT IEs
- disable
Ht BooleanVht Rates - To disable ht or vht rates
- disable
Message BooleanAuthenticator Check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- disable
Uapsd Boolean - Whether to disable U-APSD
- disable
V1Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
V2Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
When BooleanGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable
When BooleanMxtunnel Down - Whether to disable this WLAN when the configured Mist tunnel is down
- disable
Wmm Boolean - Whether to disable WMM
- dns
Server WlanRewrite Dns Server Rewrite - RADIUS group based DNS server rewrite settings for this WLAN
- dtim Integer
- Delivery Traffic Indication Message interval for this WLAN
- dynamic
Psk WlanDynamic Psk - Per-user PSK selection settings for this WLAN
- dynamic
Vlan WlanDynamic Vlan - VLAN assignment settings for 802.1X dynamic VLANs
- enable
Ftm Boolean - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- enable
Local BooleanKeycaching - Enable AP-AP keycaching via multicast
- enable
Wireless BooleanBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- enable
Wireless BooleanBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- If this wlan is enabled
- fast
Dot1x BooleanTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid Boolean - Whether to hide SSID in beacon
- hostname
Ie Boolean - Include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20 - Passpoint and Hotspot 2.0 settings for this WLAN
- inject
Dhcp WlanOption82 Inject Dhcp Option82 - DHCP Option 82 insertion settings for this WLAN
- interface_ String
- Network interface or tunnel where this WLAN bridges client traffic
- isolation Boolean
- Whether to stop clients to talk to each other
- l2Isolation Boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds Boolean - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast Boolean - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe BooleanResponse - Limit probe response base on some heuristic rules
- max
Idletime Integer - Max idle time in seconds
- max
Num IntegerClients - Maximum number of client connected to the SSID.
0means unlimited - mist
Nac WlanMist Nac - Juniper Mist NAC settings used by this WLAN
- mxtunnel
Ids List<String> - Mist Tunnel identifiers used when
interface==mxtunnel - mxtunnel
Names List<String> - Mist Tunnel names used when
interface==siteMxedge - no
Static BooleanDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static BooleanIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- portal
Wlan
Portal - Guest portal settings for this WLAN
- portal
Allowed List<String>Hostnames - Guest portal hostnames that clients may reach before authorization
- portal
Allowed List<String>Subnets - Guest portal CIDR subnets that clients may reach before authorization
- portal
Denied List<String>Hostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- qos
Wlan
Qos - Quality-of-service settings for WLAN client traffic
- radsec
Wlan
Radsec - TLS-secured RADIUS transport settings for this WLAN
- rateset
Map<String,Wlan
Rateset Args> - Data rate settings by RF band for this WLAN
- reconnect
Clients BooleanWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam
Mode String - Fast roaming mode configured for this WLAN
- schedule
Wlan
Schedule - Operating schedule controlling when this WLAN is active
- sle
Excluded Boolean - Whether to exclude this WLAN from SLE metrics
- use
Eapol BooleanV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled Boolean - If vlan tagging is enabled
- vlan
Id String - Default VLAN ID, range, or variable used when
vlanEnabled==true - vlan
Ids List<String> - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - vlan
Pooling Boolean - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan
Limit StringDown - Downlink bandwidth limit applied to the whole WLAN
- wlan
Limit BooleanDown Enabled - If downlink limiting for whole wlan is enabled
- wlan
Limit StringUp - Uplink bandwidth limit applied to the whole WLAN
- wlan
Limit BooleanUp Enabled - If uplink limiting for whole wlan is enabled
- wxtag
Ids List<String> - Identifiers of WxLAN tags used when
applyTo==wxtags - wxtunnel
Id String - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel
Remote StringId - When
interface=wxtunnel, remote tunnel identifier
- site
Id string - Mist site associated with this WLAN, when site-scoped
- ssid string
- Name of the SSID
- acct
Immediate booleanUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim numberInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- acct
Servers WlanAcct Server[] - RADIUS accounting servers used by this WLAN
- airwatch
Wlan
Airwatch - Integration settings for AirWatch device compliance on this WLAN
- allow
Ipv6Ndp boolean - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - allow
Mdns boolean - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - allow
Ssdp boolean - Only applicable when
limitBcast==true, which allows SSDP - ap
Ids string[] - Access point identifiers used when
applyTo==aps - app
Limit WlanApp Limit - Bandwidth limits for applications on this WLAN
- app
Qos WlanApp Qos - QoS rules for application traffic on this WLAN
- apply
To string - Scope that determines where this WLAN is applied
- arp
Filter boolean - Whether to enable smart arp filter
- auth
Wlan
Auth - Settings that control client authentication for this WLAN
- auth
Server stringSelection - RADIUS authentication server selection behavior for this WLAN
- auth
Servers WlanAuth Server[] - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - auth
Servers stringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers stringNas Ip - Optional, NAS-IP-ADDRESS to use
- auth
Servers numberRetries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- auth
Servers numberTimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- band
Steer boolean - Whether to enable band_steering, this works only when band==both
- band
Steer booleanForce Band5 - Force dualBand capable client to connect to 5G
- bands string[]
- list of radios that the wlan should apply to. enum:
24,5,6 - block
Blacklist booleanClients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour - Service discovery gateway settings for Bonjour traffic on this WLAN
- cisco
Cwa WlanCisco Cwa - Central web authentication settings for Cisco CWA on this WLAN
- client
Limit stringDown - Downlink bandwidth limit applied per client
- client
Limit booleanDown Enabled - If downlink limiting per-client is enabled
- client
Limit stringUp - Uplink bandwidth limit applied per client
- client
Limit booleanUp Enabled - If uplink limiting per-client is enabled
- coa
Servers WlanCoa Server[] - RADIUS Change of Authorization servers available to this WLAN
- disable11ax boolean
- Some old WLAN drivers may not be compatible
- disable11be boolean
- To disable Wi-Fi 7 EHT IEs
- disable
Ht booleanVht Rates - To disable ht or vht rates
- disable
Message booleanAuthenticator Check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- disable
Uapsd boolean - Whether to disable U-APSD
- disable
V1Roam booleanNotify - Disable sending v2 roam notification messages
- disable
V2Roam booleanNotify - Disable sending v2 roam notification messages
- disable
When booleanGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable
When booleanMxtunnel Down - Whether to disable this WLAN when the configured Mist tunnel is down
- disable
Wmm boolean - Whether to disable WMM
- dns
Server WlanRewrite Dns Server Rewrite - RADIUS group based DNS server rewrite settings for this WLAN
- dtim number
- Delivery Traffic Indication Message interval for this WLAN
- dynamic
Psk WlanDynamic Psk - Per-user PSK selection settings for this WLAN
- dynamic
Vlan WlanDynamic Vlan - VLAN assignment settings for 802.1X dynamic VLANs
- enable
Ftm boolean - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- enable
Local booleanKeycaching - Enable AP-AP keycaching via multicast
- enable
Wireless booleanBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- enable
Wireless booleanBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- enabled boolean
- If this wlan is enabled
- fast
Dot1x booleanTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid boolean - Whether to hide SSID in beacon
- hostname
Ie boolean - Include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20 - Passpoint and Hotspot 2.0 settings for this WLAN
- inject
Dhcp WlanOption82 Inject Dhcp Option82 - DHCP Option 82 insertion settings for this WLAN
- interface string
- Network interface or tunnel where this WLAN bridges client traffic
- isolation boolean
- Whether to stop clients to talk to each other
- l2Isolation boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds boolean - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast boolean - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe booleanResponse - Limit probe response base on some heuristic rules
- max
Idletime number - Max idle time in seconds
- max
Num numberClients - Maximum number of client connected to the SSID.
0means unlimited - mist
Nac WlanMist Nac - Juniper Mist NAC settings used by this WLAN
- mxtunnel
Ids string[] - Mist Tunnel identifiers used when
interface==mxtunnel - mxtunnel
Names string[] - Mist Tunnel names used when
interface==siteMxedge - no
Static booleanDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static booleanIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- portal
Wlan
Portal - Guest portal settings for this WLAN
- portal
Allowed string[]Hostnames - Guest portal hostnames that clients may reach before authorization
- portal
Allowed string[]Subnets - Guest portal CIDR subnets that clients may reach before authorization
- portal
Denied string[]Hostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- qos
Wlan
Qos - Quality-of-service settings for WLAN client traffic
- radsec
Wlan
Radsec - TLS-secured RADIUS transport settings for this WLAN
- rateset
{[key: string]: Wlan
Rateset Args} - Data rate settings by RF band for this WLAN
- reconnect
Clients booleanWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam
Mode string - Fast roaming mode configured for this WLAN
- schedule
Wlan
Schedule - Operating schedule controlling when this WLAN is active
- sle
Excluded boolean - Whether to exclude this WLAN from SLE metrics
- use
Eapol booleanV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled boolean - If vlan tagging is enabled
- vlan
Id string - Default VLAN ID, range, or variable used when
vlanEnabled==true - vlan
Ids string[] - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - vlan
Pooling boolean - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan
Limit stringDown - Downlink bandwidth limit applied to the whole WLAN
- wlan
Limit booleanDown Enabled - If downlink limiting for whole wlan is enabled
- wlan
Limit stringUp - Uplink bandwidth limit applied to the whole WLAN
- wlan
Limit booleanUp Enabled - If uplink limiting for whole wlan is enabled
- wxtag
Ids string[] - Identifiers of WxLAN tags used when
applyTo==wxtags - wxtunnel
Id string - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel
Remote stringId - When
interface=wxtunnel, remote tunnel identifier
- site_
id str - Mist site associated with this WLAN, when site-scoped
- ssid str
- Name of the SSID
- acct_
immediate_ boolupdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct_
interim_ intinterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- acct_
servers Sequence[WlanAcct Server Args] - RADIUS accounting servers used by this WLAN
- airwatch
Wlan
Airwatch Args - Integration settings for AirWatch device compliance on this WLAN
- allow_
ipv6_ boolndp - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - allow_
mdns bool - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - allow_
ssdp bool - Only applicable when
limitBcast==true, which allows SSDP - ap_
ids Sequence[str] - Access point identifiers used when
applyTo==aps - app_
limit WlanApp Limit Args - Bandwidth limits for applications on this WLAN
- app_
qos WlanApp Qos Args - QoS rules for application traffic on this WLAN
- apply_
to str - Scope that determines where this WLAN is applied
- arp_
filter bool - Whether to enable smart arp filter
- auth
Wlan
Auth Args - Settings that control client authentication for this WLAN
- auth_
server_ strselection - RADIUS authentication server selection behavior for this WLAN
- auth_
servers Sequence[WlanAuth Server Args] - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - auth_
servers_ strnas_ id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth_
servers_ strnas_ ip - Optional, NAS-IP-ADDRESS to use
- auth_
servers_ intretries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- auth_
servers_ inttimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- band_
steer bool - Whether to enable band_steering, this works only when band==both
- band_
steer_ boolforce_ band5 - Force dualBand capable client to connect to 5G
- bands Sequence[str]
- list of radios that the wlan should apply to. enum:
24,5,6 - block_
blacklist_ boolclients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour Args - Service discovery gateway settings for Bonjour traffic on this WLAN
- cisco_
cwa WlanCisco Cwa Args - Central web authentication settings for Cisco CWA on this WLAN
- client_
limit_ strdown - Downlink bandwidth limit applied per client
- client_
limit_ booldown_ enabled - If downlink limiting per-client is enabled
- client_
limit_ strup - Uplink bandwidth limit applied per client
- client_
limit_ boolup_ enabled - If uplink limiting per-client is enabled
- coa_
servers Sequence[WlanCoa Server Args] - RADIUS Change of Authorization servers available to this WLAN
- disable11ax bool
- Some old WLAN drivers may not be compatible
- disable11be bool
- To disable Wi-Fi 7 EHT IEs
- disable_
ht_ boolvht_ rates - To disable ht or vht rates
- disable_
message_ boolauthenticator_ check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- disable_
uapsd bool - Whether to disable U-APSD
- disable_
v1_ boolroam_ notify - Disable sending v2 roam notification messages
- disable_
v2_ boolroam_ notify - Disable sending v2 roam notification messages
- disable_
when_ boolgateway_ unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable_
when_ boolmxtunnel_ down - Whether to disable this WLAN when the configured Mist tunnel is down
- disable_
wmm bool - Whether to disable WMM
- dns_
server_ Wlanrewrite Dns Server Rewrite Args - RADIUS group based DNS server rewrite settings for this WLAN
- dtim int
- Delivery Traffic Indication Message interval for this WLAN
- dynamic_
psk WlanDynamic Psk Args - Per-user PSK selection settings for this WLAN
- dynamic_
vlan WlanDynamic Vlan Args - VLAN assignment settings for 802.1X dynamic VLANs
- enable_
ftm bool - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- enable_
local_ boolkeycaching - Enable AP-AP keycaching via multicast
- enable_
wireless_ boolbridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- enable_
wireless_ boolbridging_ dhcp_ tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- enabled bool
- If this wlan is enabled
- fast_
dot1x_ booltimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide_
ssid bool - Whether to hide SSID in beacon
- hostname_
ie bool - Include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20Args - Passpoint and Hotspot 2.0 settings for this WLAN
- inject_
dhcp_ Wlanoption82 Inject Dhcp Option82Args - DHCP Option 82 insertion settings for this WLAN
- interface str
- Network interface or tunnel where this WLAN bridges client traffic
- isolation bool
- Whether to stop clients to talk to each other
- l2_
isolation bool - If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy_
overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit_
bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit_
probe_ boolresponse - Limit probe response base on some heuristic rules
- max_
idletime int - Max idle time in seconds
- max_
num_ intclients - Maximum number of client connected to the SSID.
0means unlimited - mist_
nac WlanMist Nac Args - Juniper Mist NAC settings used by this WLAN
- mxtunnel_
ids Sequence[str] - Mist Tunnel identifiers used when
interface==mxtunnel - mxtunnel_
names Sequence[str] - Mist Tunnel names used when
interface==siteMxedge - no_
static_ booldns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no_
static_ boolip - Whether to only allow client that we’ve learned from DHCP exchange to talk
- portal
Wlan
Portal Args - Guest portal settings for this WLAN
- portal_
allowed_ Sequence[str]hostnames - Guest portal hostnames that clients may reach before authorization
- portal_
allowed_ Sequence[str]subnets - Guest portal CIDR subnets that clients may reach before authorization
- portal_
denied_ Sequence[str]hostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- qos
Wlan
Qos Args - Quality-of-service settings for WLAN client traffic
- radsec
Wlan
Radsec Args - TLS-secured RADIUS transport settings for this WLAN
- rateset
Mapping[str, Wlan
Rateset Args] - Data rate settings by RF band for this WLAN
- reconnect_
clients_ boolwhen_ roaming_ mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam_
mode str - Fast roaming mode configured for this WLAN
- schedule
Wlan
Schedule Args - Operating schedule controlling when this WLAN is active
- sle_
excluded bool - Whether to exclude this WLAN from SLE metrics
- use_
eapol_ boolv1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan_
enabled bool - If vlan tagging is enabled
- vlan_
id str - Default VLAN ID, range, or variable used when
vlanEnabled==true - vlan_
ids Sequence[str] - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - vlan_
pooling bool - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan_
limit_ strdown - Downlink bandwidth limit applied to the whole WLAN
- wlan_
limit_ booldown_ enabled - If downlink limiting for whole wlan is enabled
- wlan_
limit_ strup - Uplink bandwidth limit applied to the whole WLAN
- wlan_
limit_ boolup_ enabled - If uplink limiting for whole wlan is enabled
- wxtag_
ids Sequence[str] - Identifiers of WxLAN tags used when
applyTo==wxtags - wxtunnel_
id str - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel_
remote_ strid - When
interface=wxtunnel, remote tunnel identifier
- site
Id String - Mist site associated with this WLAN, when site-scoped
- ssid String
- Name of the SSID
- acct
Immediate BooleanUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim NumberInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- acct
Servers List<Property Map> - RADIUS accounting servers used by this WLAN
- airwatch Property Map
- Integration settings for AirWatch device compliance on this WLAN
- allow
Ipv6Ndp Boolean - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - allow
Mdns Boolean - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - allow
Ssdp Boolean - Only applicable when
limitBcast==true, which allows SSDP - ap
Ids List<String> - Access point identifiers used when
applyTo==aps - app
Limit Property Map - Bandwidth limits for applications on this WLAN
- app
Qos Property Map - QoS rules for application traffic on this WLAN
- apply
To String - Scope that determines where this WLAN is applied
- arp
Filter Boolean - Whether to enable smart arp filter
- auth Property Map
- Settings that control client authentication for this WLAN
- auth
Server StringSelection - RADIUS authentication server selection behavior for this WLAN
- auth
Servers List<Property Map> - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - auth
Servers StringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers StringNas Ip - Optional, NAS-IP-ADDRESS to use
- auth
Servers NumberRetries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- auth
Servers NumberTimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- band
Steer Boolean - Whether to enable band_steering, this works only when band==both
- band
Steer BooleanForce Band5 - Force dualBand capable client to connect to 5G
- bands List<String>
- list of radios that the wlan should apply to. enum:
24,5,6 - block
Blacklist BooleanClients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour Property Map
- Service discovery gateway settings for Bonjour traffic on this WLAN
- cisco
Cwa Property Map - Central web authentication settings for Cisco CWA on this WLAN
- client
Limit StringDown - Downlink bandwidth limit applied per client
- client
Limit BooleanDown Enabled - If downlink limiting per-client is enabled
- client
Limit StringUp - Uplink bandwidth limit applied per client
- client
Limit BooleanUp Enabled - If uplink limiting per-client is enabled
- coa
Servers List<Property Map> - RADIUS Change of Authorization servers available to this WLAN
- disable11ax Boolean
- Some old WLAN drivers may not be compatible
- disable11be Boolean
- To disable Wi-Fi 7 EHT IEs
- disable
Ht BooleanVht Rates - To disable ht or vht rates
- disable
Message BooleanAuthenticator Check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- disable
Uapsd Boolean - Whether to disable U-APSD
- disable
V1Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
V2Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
When BooleanGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable
When BooleanMxtunnel Down - Whether to disable this WLAN when the configured Mist tunnel is down
- disable
Wmm Boolean - Whether to disable WMM
- dns
Server Property MapRewrite - RADIUS group based DNS server rewrite settings for this WLAN
- dtim Number
- Delivery Traffic Indication Message interval for this WLAN
- dynamic
Psk Property Map - Per-user PSK selection settings for this WLAN
- dynamic
Vlan Property Map - VLAN assignment settings for 802.1X dynamic VLANs
- enable
Ftm Boolean - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- enable
Local BooleanKeycaching - Enable AP-AP keycaching via multicast
- enable
Wireless BooleanBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- enable
Wireless BooleanBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- If this wlan is enabled
- fast
Dot1x BooleanTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid Boolean - Whether to hide SSID in beacon
- hostname
Ie Boolean - Include hostname inside IE in AP beacons / probe responses
- hotspot20 Property Map
- Passpoint and Hotspot 2.0 settings for this WLAN
- inject
Dhcp Property MapOption82 - DHCP Option 82 insertion settings for this WLAN
- interface String
- Network interface or tunnel where this WLAN bridges client traffic
- isolation Boolean
- Whether to stop clients to talk to each other
- l2Isolation Boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds Boolean - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast Boolean - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe BooleanResponse - Limit probe response base on some heuristic rules
- max
Idletime Number - Max idle time in seconds
- max
Num NumberClients - Maximum number of client connected to the SSID.
0means unlimited - mist
Nac Property Map - Juniper Mist NAC settings used by this WLAN
- mxtunnel
Ids List<String> - Mist Tunnel identifiers used when
interface==mxtunnel - mxtunnel
Names List<String> - Mist Tunnel names used when
interface==siteMxedge - no
Static BooleanDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static BooleanIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- portal Property Map
- Guest portal settings for this WLAN
- portal
Allowed List<String>Hostnames - Guest portal hostnames that clients may reach before authorization
- portal
Allowed List<String>Subnets - Guest portal CIDR subnets that clients may reach before authorization
- portal
Denied List<String>Hostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- qos Property Map
- Quality-of-service settings for WLAN client traffic
- radsec Property Map
- TLS-secured RADIUS transport settings for this WLAN
- rateset Map<Property Map>
- Data rate settings by RF band for this WLAN
- reconnect
Clients BooleanWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam
Mode String - Fast roaming mode configured for this WLAN
- schedule Property Map
- Operating schedule controlling when this WLAN is active
- sle
Excluded Boolean - Whether to exclude this WLAN from SLE metrics
- use
Eapol BooleanV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled Boolean - If vlan tagging is enabled
- vlan
Id String - Default VLAN ID, range, or variable used when
vlanEnabled==true - vlan
Ids List<String> - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - vlan
Pooling Boolean - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan
Limit StringDown - Downlink bandwidth limit applied to the whole WLAN
- wlan
Limit BooleanDown Enabled - If downlink limiting for whole wlan is enabled
- wlan
Limit StringUp - Uplink bandwidth limit applied to the whole WLAN
- wlan
Limit BooleanUp Enabled - If uplink limiting for whole wlan is enabled
- wxtag
Ids List<String> - Identifiers of WxLAN tags used when
applyTo==wxtags - wxtunnel
Id String - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel
Remote StringId - When
interface=wxtunnel, remote tunnel identifier
Outputs
All input properties are implicitly available as output properties. Additionally, the Wlan resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Msp
Id string - Managed service provider identifier associated with this WLAN
- Org
Id string - Owning organization associated with this WLAN
- Portal
Api stringSecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - Portal
Image string - Url of portal background image
- Portal
Sso stringUrl - URL used in the SSO process, auto-generated when auth is set to
sso
- Id string
- The provider-assigned unique ID for this managed resource.
- Msp
Id string - Managed service provider identifier associated with this WLAN
- Org
Id string - Owning organization associated with this WLAN
- Portal
Api stringSecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - Portal
Image string - Url of portal background image
- Portal
Sso stringUrl - URL used in the SSO process, auto-generated when auth is set to
sso
- id string
- The provider-assigned unique ID for this managed resource.
- msp_
id string - Managed service provider identifier associated with this WLAN
- org_
id string - Owning organization associated with this WLAN
- portal_
api_ stringsecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - portal_
image string - Url of portal background image
- portal_
sso_ stringurl - URL used in the SSO process, auto-generated when auth is set to
sso
- id String
- The provider-assigned unique ID for this managed resource.
- msp
Id String - Managed service provider identifier associated with this WLAN
- org
Id String - Owning organization associated with this WLAN
- portal
Api StringSecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - portal
Image String - Url of portal background image
- portal
Sso StringUrl - URL used in the SSO process, auto-generated when auth is set to
sso
- id string
- The provider-assigned unique ID for this managed resource.
- msp
Id string - Managed service provider identifier associated with this WLAN
- org
Id string - Owning organization associated with this WLAN
- portal
Api stringSecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - portal
Image string - Url of portal background image
- portal
Sso stringUrl - URL used in the SSO process, auto-generated when auth is set to
sso
- id str
- The provider-assigned unique ID for this managed resource.
- msp_
id str - Managed service provider identifier associated with this WLAN
- org_
id str - Owning organization associated with this WLAN
- portal_
api_ strsecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - portal_
image str - Url of portal background image
- portal_
sso_ strurl - URL used in the SSO process, auto-generated when auth is set to
sso
- id String
- The provider-assigned unique ID for this managed resource.
- msp
Id String - Managed service provider identifier associated with this WLAN
- org
Id String - Owning organization associated with this WLAN
- portal
Api StringSecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - portal
Image String - Url of portal background image
- portal
Sso StringUrl - URL used in the SSO process, auto-generated when auth is set to
sso
Look up Existing Wlan Resource
Get an existing Wlan resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WlanState, opts?: CustomResourceOptions): Wlan@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
acct_immediate_update: Optional[bool] = None,
acct_interim_interval: Optional[int] = None,
acct_servers: Optional[Sequence[WlanAcctServerArgs]] = None,
airwatch: Optional[WlanAirwatchArgs] = None,
allow_ipv6_ndp: Optional[bool] = None,
allow_mdns: Optional[bool] = None,
allow_ssdp: Optional[bool] = None,
ap_ids: Optional[Sequence[str]] = None,
app_limit: Optional[WlanAppLimitArgs] = None,
app_qos: Optional[WlanAppQosArgs] = None,
apply_to: Optional[str] = None,
arp_filter: Optional[bool] = None,
auth: Optional[WlanAuthArgs] = None,
auth_server_selection: Optional[str] = None,
auth_servers: Optional[Sequence[WlanAuthServerArgs]] = None,
auth_servers_nas_id: Optional[str] = None,
auth_servers_nas_ip: Optional[str] = None,
auth_servers_retries: Optional[int] = None,
auth_servers_timeout: Optional[int] = None,
band_steer: Optional[bool] = None,
band_steer_force_band5: Optional[bool] = None,
bands: Optional[Sequence[str]] = None,
block_blacklist_clients: Optional[bool] = None,
bonjour: Optional[WlanBonjourArgs] = None,
cisco_cwa: Optional[WlanCiscoCwaArgs] = None,
client_limit_down: Optional[str] = None,
client_limit_down_enabled: Optional[bool] = None,
client_limit_up: Optional[str] = None,
client_limit_up_enabled: Optional[bool] = None,
coa_servers: Optional[Sequence[WlanCoaServerArgs]] = None,
disable11ax: Optional[bool] = None,
disable11be: Optional[bool] = None,
disable_ht_vht_rates: Optional[bool] = None,
disable_message_authenticator_check: Optional[bool] = None,
disable_uapsd: Optional[bool] = None,
disable_v1_roam_notify: Optional[bool] = None,
disable_v2_roam_notify: Optional[bool] = None,
disable_when_gateway_unreachable: Optional[bool] = None,
disable_when_mxtunnel_down: Optional[bool] = None,
disable_wmm: Optional[bool] = None,
dns_server_rewrite: Optional[WlanDnsServerRewriteArgs] = None,
dtim: Optional[int] = None,
dynamic_psk: Optional[WlanDynamicPskArgs] = None,
dynamic_vlan: Optional[WlanDynamicVlanArgs] = None,
enable_ftm: Optional[bool] = None,
enable_local_keycaching: Optional[bool] = None,
enable_wireless_bridging: Optional[bool] = None,
enable_wireless_bridging_dhcp_tracking: Optional[bool] = None,
enabled: Optional[bool] = None,
fast_dot1x_timers: Optional[bool] = None,
hide_ssid: Optional[bool] = None,
hostname_ie: Optional[bool] = None,
hotspot20: Optional[WlanHotspot20Args] = None,
inject_dhcp_option82: Optional[WlanInjectDhcpOption82Args] = None,
interface: Optional[str] = None,
isolation: Optional[bool] = None,
l2_isolation: Optional[bool] = None,
legacy_overds: Optional[bool] = None,
limit_bcast: Optional[bool] = None,
limit_probe_response: Optional[bool] = None,
max_idletime: Optional[int] = None,
max_num_clients: Optional[int] = None,
mist_nac: Optional[WlanMistNacArgs] = None,
msp_id: Optional[str] = None,
mxtunnel_ids: Optional[Sequence[str]] = None,
mxtunnel_names: Optional[Sequence[str]] = None,
no_static_dns: Optional[bool] = None,
no_static_ip: Optional[bool] = None,
org_id: Optional[str] = None,
portal: Optional[WlanPortalArgs] = None,
portal_allowed_hostnames: Optional[Sequence[str]] = None,
portal_allowed_subnets: Optional[Sequence[str]] = None,
portal_api_secret: Optional[str] = None,
portal_denied_hostnames: Optional[Sequence[str]] = None,
portal_image: Optional[str] = None,
portal_sso_url: Optional[str] = None,
qos: Optional[WlanQosArgs] = None,
radsec: Optional[WlanRadsecArgs] = None,
rateset: Optional[Mapping[str, WlanRatesetArgs]] = None,
reconnect_clients_when_roaming_mxcluster: Optional[bool] = None,
roam_mode: Optional[str] = None,
schedule: Optional[WlanScheduleArgs] = None,
site_id: Optional[str] = None,
sle_excluded: Optional[bool] = None,
ssid: Optional[str] = None,
use_eapol_v1: Optional[bool] = None,
vlan_enabled: Optional[bool] = None,
vlan_id: Optional[str] = None,
vlan_ids: Optional[Sequence[str]] = None,
vlan_pooling: Optional[bool] = None,
wlan_limit_down: Optional[str] = None,
wlan_limit_down_enabled: Optional[bool] = None,
wlan_limit_up: Optional[str] = None,
wlan_limit_up_enabled: Optional[bool] = None,
wxtag_ids: Optional[Sequence[str]] = None,
wxtunnel_id: Optional[str] = None,
wxtunnel_remote_id: Optional[str] = None) -> Wlanfunc GetWlan(ctx *Context, name string, id IDInput, state *WlanState, opts ...ResourceOption) (*Wlan, error)public static Wlan Get(string name, Input<string> id, WlanState? state, CustomResourceOptions? opts = null)public static Wlan get(String name, Output<String> id, WlanState state, CustomResourceOptions options)resources: _: type: junipermist:site:Wlan get: id: ${id}import {
to = junipermist_site_wlan.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Acct
Immediate boolUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- Acct
Interim intInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- Acct
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Acct Server> - RADIUS accounting servers used by this WLAN
- Airwatch
Pulumi.
Juniper Mist. Site. Inputs. Wlan Airwatch - Integration settings for AirWatch device compliance on this WLAN
- Allow
Ipv6Ndp bool - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - Allow
Mdns bool - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - Allow
Ssdp bool - Only applicable when
limitBcast==true, which allows SSDP - Ap
Ids List<string> - Access point identifiers used when
applyTo==aps - App
Limit Pulumi.Juniper Mist. Site. Inputs. Wlan App Limit - Bandwidth limits for applications on this WLAN
- App
Qos Pulumi.Juniper Mist. Site. Inputs. Wlan App Qos - QoS rules for application traffic on this WLAN
- Apply
To string - Scope that determines where this WLAN is applied
- Arp
Filter bool - Whether to enable smart arp filter
- Auth
Pulumi.
Juniper Mist. Site. Inputs. Wlan Auth - Settings that control client authentication for this WLAN
- Auth
Server stringSelection - RADIUS authentication server selection behavior for this WLAN
- Auth
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Auth Server> - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - Auth
Servers stringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- Auth
Servers stringNas Ip - Optional, NAS-IP-ADDRESS to use
- Auth
Servers intRetries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- Auth
Servers intTimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- Band
Steer bool - Whether to enable band_steering, this works only when band==both
- Band
Steer boolForce Band5 - Force dualBand capable client to connect to 5G
- Bands List<string>
- list of radios that the wlan should apply to. enum:
24,5,6 - Block
Blacklist boolClients - Whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Pulumi.
Juniper Mist. Site. Inputs. Wlan Bonjour - Service discovery gateway settings for Bonjour traffic on this WLAN
- Cisco
Cwa Pulumi.Juniper Mist. Site. Inputs. Wlan Cisco Cwa - Central web authentication settings for Cisco CWA on this WLAN
- Client
Limit stringDown - Downlink bandwidth limit applied per client
- Client
Limit boolDown Enabled - If downlink limiting per-client is enabled
- Client
Limit stringUp - Uplink bandwidth limit applied per client
- Client
Limit boolUp Enabled - If uplink limiting per-client is enabled
- Coa
Servers List<Pulumi.Juniper Mist. Site. Inputs. Wlan Coa Server> - RADIUS Change of Authorization servers available to this WLAN
- Disable11ax bool
- Some old WLAN drivers may not be compatible
- Disable11be bool
- To disable Wi-Fi 7 EHT IEs
- Disable
Ht boolVht Rates - To disable ht or vht rates
- Disable
Message boolAuthenticator Check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- Disable
Uapsd bool - Whether to disable U-APSD
- Disable
V1Roam boolNotify - Disable sending v2 roam notification messages
- Disable
V2Roam boolNotify - Disable sending v2 roam notification messages
- Disable
When boolGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- Disable
When boolMxtunnel Down - Whether to disable this WLAN when the configured Mist tunnel is down
- Disable
Wmm bool - Whether to disable WMM
- Dns
Server Pulumi.Rewrite Juniper Mist. Site. Inputs. Wlan Dns Server Rewrite - RADIUS group based DNS server rewrite settings for this WLAN
- Dtim int
- Delivery Traffic Indication Message interval for this WLAN
- Dynamic
Psk Pulumi.Juniper Mist. Site. Inputs. Wlan Dynamic Psk - Per-user PSK selection settings for this WLAN
- Dynamic
Vlan Pulumi.Juniper Mist. Site. Inputs. Wlan Dynamic Vlan - VLAN assignment settings for 802.1X dynamic VLANs
- Enable
Ftm bool - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- Enable
Local boolKeycaching - Enable AP-AP keycaching via multicast
- Enable
Wireless boolBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- Enable
Wireless boolBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- If this wlan is enabled
- Fast
Dot1x boolTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- Hide
Ssid bool - Whether to hide SSID in beacon
- Hostname
Ie bool - Include hostname inside IE in AP beacons / probe responses
- Hotspot20
Pulumi.
Juniper Mist. Site. Inputs. Wlan Hotspot20 - Passpoint and Hotspot 2.0 settings for this WLAN
- Inject
Dhcp Pulumi.Option82 Juniper Mist. Site. Inputs. Wlan Inject Dhcp Option82 - DHCP Option 82 insertion settings for this WLAN
- Interface string
- Network interface or tunnel where this WLAN bridges client traffic
- Isolation bool
- Whether to stop clients to talk to each other
- L2Isolation bool
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- Legacy
Overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- Limit
Bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- Limit
Probe boolResponse - Limit probe response base on some heuristic rules
- Max
Idletime int - Max idle time in seconds
- Max
Num intClients - Maximum number of client connected to the SSID.
0means unlimited - Mist
Nac Pulumi.Juniper Mist. Site. Inputs. Wlan Mist Nac - Juniper Mist NAC settings used by this WLAN
- Msp
Id string - Managed service provider identifier associated with this WLAN
- Mxtunnel
Ids List<string> - Mist Tunnel identifiers used when
interface==mxtunnel - Mxtunnel
Names List<string> - Mist Tunnel names used when
interface==siteMxedge - No
Static boolDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- No
Static boolIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- Org
Id string - Owning organization associated with this WLAN
- Portal
Pulumi.
Juniper Mist. Site. Inputs. Wlan Portal - Guest portal settings for this WLAN
- Portal
Allowed List<string>Hostnames - Guest portal hostnames that clients may reach before authorization
- Portal
Allowed List<string>Subnets - Guest portal CIDR subnets that clients may reach before authorization
- Portal
Api stringSecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - Portal
Denied List<string>Hostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- Portal
Image string - Url of portal background image
- Portal
Sso stringUrl - URL used in the SSO process, auto-generated when auth is set to
sso - Qos
Pulumi.
Juniper Mist. Site. Inputs. Wlan Qos - Quality-of-service settings for WLAN client traffic
- Radsec
Pulumi.
Juniper Mist. Site. Inputs. Wlan Radsec - TLS-secured RADIUS transport settings for this WLAN
- Rateset
Dictionary<string, Pulumi.
Juniper Mist. Site. Inputs. Wlan Rateset Args> - Data rate settings by RF band for this WLAN
- Reconnect
Clients boolWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- Roam
Mode string - Fast roaming mode configured for this WLAN
- Schedule
Pulumi.
Juniper Mist. Site. Inputs. Wlan Schedule - Operating schedule controlling when this WLAN is active
- Site
Id string - Mist site associated with this WLAN, when site-scoped
- Sle
Excluded bool - Whether to exclude this WLAN from SLE metrics
- Ssid string
- Name of the SSID
- Use
Eapol boolV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - Vlan
Enabled bool - If vlan tagging is enabled
- Vlan
Id string - Default VLAN ID, range, or variable used when
vlanEnabled==true - Vlan
Ids List<string> - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - Vlan
Pooling bool - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - Wlan
Limit stringDown - Downlink bandwidth limit applied to the whole WLAN
- Wlan
Limit boolDown Enabled - If downlink limiting for whole wlan is enabled
- Wlan
Limit stringUp - Uplink bandwidth limit applied to the whole WLAN
- Wlan
Limit boolUp Enabled - If uplink limiting for whole wlan is enabled
- Wxtag
Ids List<string> - Identifiers of WxLAN tags used when
applyTo==wxtags - Wxtunnel
Id string - When
interface=wxtunnel, id of the WXLAN Tunnel - Wxtunnel
Remote stringId - When
interface=wxtunnel, remote tunnel identifier
- Acct
Immediate boolUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- Acct
Interim intInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- Acct
Servers []WlanAcct Server Args - RADIUS accounting servers used by this WLAN
- Airwatch
Wlan
Airwatch Args - Integration settings for AirWatch device compliance on this WLAN
- Allow
Ipv6Ndp bool - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - Allow
Mdns bool - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - Allow
Ssdp bool - Only applicable when
limitBcast==true, which allows SSDP - Ap
Ids []string - Access point identifiers used when
applyTo==aps - App
Limit WlanApp Limit Args - Bandwidth limits for applications on this WLAN
- App
Qos WlanApp Qos Args - QoS rules for application traffic on this WLAN
- Apply
To string - Scope that determines where this WLAN is applied
- Arp
Filter bool - Whether to enable smart arp filter
- Auth
Wlan
Auth Args - Settings that control client authentication for this WLAN
- Auth
Server stringSelection - RADIUS authentication server selection behavior for this WLAN
- Auth
Servers []WlanAuth Server Args - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - Auth
Servers stringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- Auth
Servers stringNas Ip - Optional, NAS-IP-ADDRESS to use
- Auth
Servers intRetries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- Auth
Servers intTimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- Band
Steer bool - Whether to enable band_steering, this works only when band==both
- Band
Steer boolForce Band5 - Force dualBand capable client to connect to 5G
- Bands []string
- list of radios that the wlan should apply to. enum:
24,5,6 - Block
Blacklist boolClients - Whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Wlan
Bonjour Args - Service discovery gateway settings for Bonjour traffic on this WLAN
- Cisco
Cwa WlanCisco Cwa Args - Central web authentication settings for Cisco CWA on this WLAN
- Client
Limit stringDown - Downlink bandwidth limit applied per client
- Client
Limit boolDown Enabled - If downlink limiting per-client is enabled
- Client
Limit stringUp - Uplink bandwidth limit applied per client
- Client
Limit boolUp Enabled - If uplink limiting per-client is enabled
- Coa
Servers []WlanCoa Server Args - RADIUS Change of Authorization servers available to this WLAN
- Disable11ax bool
- Some old WLAN drivers may not be compatible
- Disable11be bool
- To disable Wi-Fi 7 EHT IEs
- Disable
Ht boolVht Rates - To disable ht or vht rates
- Disable
Message boolAuthenticator Check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- Disable
Uapsd bool - Whether to disable U-APSD
- Disable
V1Roam boolNotify - Disable sending v2 roam notification messages
- Disable
V2Roam boolNotify - Disable sending v2 roam notification messages
- Disable
When boolGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- Disable
When boolMxtunnel Down - Whether to disable this WLAN when the configured Mist tunnel is down
- Disable
Wmm bool - Whether to disable WMM
- Dns
Server WlanRewrite Dns Server Rewrite Args - RADIUS group based DNS server rewrite settings for this WLAN
- Dtim int
- Delivery Traffic Indication Message interval for this WLAN
- Dynamic
Psk WlanDynamic Psk Args - Per-user PSK selection settings for this WLAN
- Dynamic
Vlan WlanDynamic Vlan Args - VLAN assignment settings for 802.1X dynamic VLANs
- Enable
Ftm bool - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- Enable
Local boolKeycaching - Enable AP-AP keycaching via multicast
- Enable
Wireless boolBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- Enable
Wireless boolBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- If this wlan is enabled
- Fast
Dot1x boolTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- Hide
Ssid bool - Whether to hide SSID in beacon
- Hostname
Ie bool - Include hostname inside IE in AP beacons / probe responses
- Hotspot20
Wlan
Hotspot20Args - Passpoint and Hotspot 2.0 settings for this WLAN
- Inject
Dhcp WlanOption82 Inject Dhcp Option82Args - DHCP Option 82 insertion settings for this WLAN
- Interface string
- Network interface or tunnel where this WLAN bridges client traffic
- Isolation bool
- Whether to stop clients to talk to each other
- L2Isolation bool
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- Legacy
Overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- Limit
Bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- Limit
Probe boolResponse - Limit probe response base on some heuristic rules
- Max
Idletime int - Max idle time in seconds
- Max
Num intClients - Maximum number of client connected to the SSID.
0means unlimited - Mist
Nac WlanMist Nac Args - Juniper Mist NAC settings used by this WLAN
- Msp
Id string - Managed service provider identifier associated with this WLAN
- Mxtunnel
Ids []string - Mist Tunnel identifiers used when
interface==mxtunnel - Mxtunnel
Names []string - Mist Tunnel names used when
interface==siteMxedge - No
Static boolDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- No
Static boolIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- Org
Id string - Owning organization associated with this WLAN
- Portal
Wlan
Portal Args - Guest portal settings for this WLAN
- Portal
Allowed []stringHostnames - Guest portal hostnames that clients may reach before authorization
- Portal
Allowed []stringSubnets - Guest portal CIDR subnets that clients may reach before authorization
- Portal
Api stringSecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - Portal
Denied []stringHostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- Portal
Image string - Url of portal background image
- Portal
Sso stringUrl - URL used in the SSO process, auto-generated when auth is set to
sso - Qos
Wlan
Qos Args - Quality-of-service settings for WLAN client traffic
- Radsec
Wlan
Radsec Args - TLS-secured RADIUS transport settings for this WLAN
- Rateset
map[string]Wlan
Rateset Args - Data rate settings by RF band for this WLAN
- Reconnect
Clients boolWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- Roam
Mode string - Fast roaming mode configured for this WLAN
- Schedule
Wlan
Schedule Args - Operating schedule controlling when this WLAN is active
- Site
Id string - Mist site associated with this WLAN, when site-scoped
- Sle
Excluded bool - Whether to exclude this WLAN from SLE metrics
- Ssid string
- Name of the SSID
- Use
Eapol boolV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - Vlan
Enabled bool - If vlan tagging is enabled
- Vlan
Id string - Default VLAN ID, range, or variable used when
vlanEnabled==true - Vlan
Ids []string - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - Vlan
Pooling bool - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - Wlan
Limit stringDown - Downlink bandwidth limit applied to the whole WLAN
- Wlan
Limit boolDown Enabled - If downlink limiting for whole wlan is enabled
- Wlan
Limit stringUp - Uplink bandwidth limit applied to the whole WLAN
- Wlan
Limit boolUp Enabled - If uplink limiting for whole wlan is enabled
- Wxtag
Ids []string - Identifiers of WxLAN tags used when
applyTo==wxtags - Wxtunnel
Id string - When
interface=wxtunnel, id of the WXLAN Tunnel - Wxtunnel
Remote stringId - When
interface=wxtunnel, remote tunnel identifier
- acct_
immediate_ boolupdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct_
interim_ numberinterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- acct_
servers list(object) - RADIUS accounting servers used by this WLAN
- airwatch object
- Integration settings for AirWatch device compliance on this WLAN
- allow_
ipv6_ boolndp - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - allow_
mdns bool - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - allow_
ssdp bool - Only applicable when
limitBcast==true, which allows SSDP - ap_
ids list(string) - Access point identifiers used when
applyTo==aps - app_
limit object - Bandwidth limits for applications on this WLAN
- app_
qos object - QoS rules for application traffic on this WLAN
- apply_
to string - Scope that determines where this WLAN is applied
- arp_
filter bool - Whether to enable smart arp filter
- auth object
- Settings that control client authentication for this WLAN
- auth_
server_ stringselection - RADIUS authentication server selection behavior for this WLAN
- auth_
servers list(object) - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - auth_
servers_ stringnas_ id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth_
servers_ stringnas_ ip - Optional, NAS-IP-ADDRESS to use
- auth_
servers_ numberretries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- auth_
servers_ numbertimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- band_
steer bool - Whether to enable band_steering, this works only when band==both
- band_
steer_ boolforce_ band5 - Force dualBand capable client to connect to 5G
- bands list(string)
- list of radios that the wlan should apply to. enum:
24,5,6 - block_
blacklist_ boolclients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour object
- Service discovery gateway settings for Bonjour traffic on this WLAN
- cisco_
cwa object - Central web authentication settings for Cisco CWA on this WLAN
- client_
limit_ stringdown - Downlink bandwidth limit applied per client
- client_
limit_ booldown_ enabled - If downlink limiting per-client is enabled
- client_
limit_ stringup - Uplink bandwidth limit applied per client
- client_
limit_ boolup_ enabled - If uplink limiting per-client is enabled
- coa_
servers list(object) - RADIUS Change of Authorization servers available to this WLAN
- disable11ax bool
- Some old WLAN drivers may not be compatible
- disable11be bool
- To disable Wi-Fi 7 EHT IEs
- disable_
ht_ boolvht_ rates - To disable ht or vht rates
- disable_
message_ boolauthenticator_ check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- disable_
uapsd bool - Whether to disable U-APSD
- disable_
v1_ boolroam_ notify - Disable sending v2 roam notification messages
- disable_
v2_ boolroam_ notify - Disable sending v2 roam notification messages
- disable_
when_ boolgateway_ unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable_
when_ boolmxtunnel_ down - Whether to disable this WLAN when the configured Mist tunnel is down
- disable_
wmm bool - Whether to disable WMM
- dns_
server_ objectrewrite - RADIUS group based DNS server rewrite settings for this WLAN
- dtim number
- Delivery Traffic Indication Message interval for this WLAN
- dynamic_
psk object - Per-user PSK selection settings for this WLAN
- dynamic_
vlan object - VLAN assignment settings for 802.1X dynamic VLANs
- enable_
ftm bool - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- enable_
local_ boolkeycaching - Enable AP-AP keycaching via multicast
- enable_
wireless_ boolbridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- enable_
wireless_ boolbridging_ dhcp_ tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- enabled bool
- If this wlan is enabled
- fast_
dot1x_ booltimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide_
ssid bool - Whether to hide SSID in beacon
- hostname_
ie bool - Include hostname inside IE in AP beacons / probe responses
- hotspot20 object
- Passpoint and Hotspot 2.0 settings for this WLAN
- inject_
dhcp_ objectoption82 - DHCP Option 82 insertion settings for this WLAN
- interface string
- Network interface or tunnel where this WLAN bridges client traffic
- isolation bool
- Whether to stop clients to talk to each other
- l2_
isolation bool - If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy_
overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit_
bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit_
probe_ boolresponse - Limit probe response base on some heuristic rules
- max_
idletime number - Max idle time in seconds
- max_
num_ numberclients - Maximum number of client connected to the SSID.
0means unlimited - mist_
nac object - Juniper Mist NAC settings used by this WLAN
- msp_
id string - Managed service provider identifier associated with this WLAN
- mxtunnel_
ids list(string) - Mist Tunnel identifiers used when
interface==mxtunnel - mxtunnel_
names list(string) - Mist Tunnel names used when
interface==siteMxedge - no_
static_ booldns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no_
static_ boolip - Whether to only allow client that we’ve learned from DHCP exchange to talk
- org_
id string - Owning organization associated with this WLAN
- portal object
- Guest portal settings for this WLAN
- portal_
allowed_ list(string)hostnames - Guest portal hostnames that clients may reach before authorization
- portal_
allowed_ list(string)subnets - Guest portal CIDR subnets that clients may reach before authorization
- portal_
api_ stringsecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - portal_
denied_ list(string)hostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- portal_
image string - Url of portal background image
- portal_
sso_ stringurl - URL used in the SSO process, auto-generated when auth is set to
sso - qos object
- Quality-of-service settings for WLAN client traffic
- radsec object
- TLS-secured RADIUS transport settings for this WLAN
- rateset map(object)
- Data rate settings by RF band for this WLAN
- reconnect_
clients_ boolwhen_ roaming_ mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam_
mode string - Fast roaming mode configured for this WLAN
- schedule object
- Operating schedule controlling when this WLAN is active
- site_
id string - Mist site associated with this WLAN, when site-scoped
- sle_
excluded bool - Whether to exclude this WLAN from SLE metrics
- ssid string
- Name of the SSID
- use_
eapol_ boolv1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan_
enabled bool - If vlan tagging is enabled
- vlan_
id string - Default VLAN ID, range, or variable used when
vlanEnabled==true - vlan_
ids list(string) - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - vlan_
pooling bool - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan_
limit_ stringdown - Downlink bandwidth limit applied to the whole WLAN
- wlan_
limit_ booldown_ enabled - If downlink limiting for whole wlan is enabled
- wlan_
limit_ stringup - Uplink bandwidth limit applied to the whole WLAN
- wlan_
limit_ boolup_ enabled - If uplink limiting for whole wlan is enabled
- wxtag_
ids list(string) - Identifiers of WxLAN tags used when
applyTo==wxtags - wxtunnel_
id string - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel_
remote_ stringid - When
interface=wxtunnel, remote tunnel identifier
- acct
Immediate BooleanUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim IntegerInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- acct
Servers List<WlanAcct Server> - RADIUS accounting servers used by this WLAN
- airwatch
Wlan
Airwatch - Integration settings for AirWatch device compliance on this WLAN
- allow
Ipv6Ndp Boolean - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - allow
Mdns Boolean - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - allow
Ssdp Boolean - Only applicable when
limitBcast==true, which allows SSDP - ap
Ids List<String> - Access point identifiers used when
applyTo==aps - app
Limit WlanApp Limit - Bandwidth limits for applications on this WLAN
- app
Qos WlanApp Qos - QoS rules for application traffic on this WLAN
- apply
To String - Scope that determines where this WLAN is applied
- arp
Filter Boolean - Whether to enable smart arp filter
- auth
Wlan
Auth - Settings that control client authentication for this WLAN
- auth
Server StringSelection - RADIUS authentication server selection behavior for this WLAN
- auth
Servers List<WlanAuth Server> - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - auth
Servers StringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers StringNas Ip - Optional, NAS-IP-ADDRESS to use
- auth
Servers IntegerRetries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- auth
Servers IntegerTimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- band
Steer Boolean - Whether to enable band_steering, this works only when band==both
- band
Steer BooleanForce Band5 - Force dualBand capable client to connect to 5G
- bands List<String>
- list of radios that the wlan should apply to. enum:
24,5,6 - block
Blacklist BooleanClients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour - Service discovery gateway settings for Bonjour traffic on this WLAN
- cisco
Cwa WlanCisco Cwa - Central web authentication settings for Cisco CWA on this WLAN
- client
Limit StringDown - Downlink bandwidth limit applied per client
- client
Limit BooleanDown Enabled - If downlink limiting per-client is enabled
- client
Limit StringUp - Uplink bandwidth limit applied per client
- client
Limit BooleanUp Enabled - If uplink limiting per-client is enabled
- coa
Servers List<WlanCoa Server> - RADIUS Change of Authorization servers available to this WLAN
- disable11ax Boolean
- Some old WLAN drivers may not be compatible
- disable11be Boolean
- To disable Wi-Fi 7 EHT IEs
- disable
Ht BooleanVht Rates - To disable ht or vht rates
- disable
Message BooleanAuthenticator Check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- disable
Uapsd Boolean - Whether to disable U-APSD
- disable
V1Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
V2Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
When BooleanGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable
When BooleanMxtunnel Down - Whether to disable this WLAN when the configured Mist tunnel is down
- disable
Wmm Boolean - Whether to disable WMM
- dns
Server WlanRewrite Dns Server Rewrite - RADIUS group based DNS server rewrite settings for this WLAN
- dtim Integer
- Delivery Traffic Indication Message interval for this WLAN
- dynamic
Psk WlanDynamic Psk - Per-user PSK selection settings for this WLAN
- dynamic
Vlan WlanDynamic Vlan - VLAN assignment settings for 802.1X dynamic VLANs
- enable
Ftm Boolean - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- enable
Local BooleanKeycaching - Enable AP-AP keycaching via multicast
- enable
Wireless BooleanBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- enable
Wireless BooleanBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- If this wlan is enabled
- fast
Dot1x BooleanTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid Boolean - Whether to hide SSID in beacon
- hostname
Ie Boolean - Include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20 - Passpoint and Hotspot 2.0 settings for this WLAN
- inject
Dhcp WlanOption82 Inject Dhcp Option82 - DHCP Option 82 insertion settings for this WLAN
- interface_ String
- Network interface or tunnel where this WLAN bridges client traffic
- isolation Boolean
- Whether to stop clients to talk to each other
- l2Isolation Boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds Boolean - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast Boolean - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe BooleanResponse - Limit probe response base on some heuristic rules
- max
Idletime Integer - Max idle time in seconds
- max
Num IntegerClients - Maximum number of client connected to the SSID.
0means unlimited - mist
Nac WlanMist Nac - Juniper Mist NAC settings used by this WLAN
- msp
Id String - Managed service provider identifier associated with this WLAN
- mxtunnel
Ids List<String> - Mist Tunnel identifiers used when
interface==mxtunnel - mxtunnel
Names List<String> - Mist Tunnel names used when
interface==siteMxedge - no
Static BooleanDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static BooleanIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- org
Id String - Owning organization associated with this WLAN
- portal
Wlan
Portal - Guest portal settings for this WLAN
- portal
Allowed List<String>Hostnames - Guest portal hostnames that clients may reach before authorization
- portal
Allowed List<String>Subnets - Guest portal CIDR subnets that clients may reach before authorization
- portal
Api StringSecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - portal
Denied List<String>Hostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- portal
Image String - Url of portal background image
- portal
Sso StringUrl - URL used in the SSO process, auto-generated when auth is set to
sso - qos
Wlan
Qos - Quality-of-service settings for WLAN client traffic
- radsec
Wlan
Radsec - TLS-secured RADIUS transport settings for this WLAN
- rateset
Map<String,Wlan
Rateset Args> - Data rate settings by RF band for this WLAN
- reconnect
Clients BooleanWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam
Mode String - Fast roaming mode configured for this WLAN
- schedule
Wlan
Schedule - Operating schedule controlling when this WLAN is active
- site
Id String - Mist site associated with this WLAN, when site-scoped
- sle
Excluded Boolean - Whether to exclude this WLAN from SLE metrics
- ssid String
- Name of the SSID
- use
Eapol BooleanV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled Boolean - If vlan tagging is enabled
- vlan
Id String - Default VLAN ID, range, or variable used when
vlanEnabled==true - vlan
Ids List<String> - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - vlan
Pooling Boolean - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan
Limit StringDown - Downlink bandwidth limit applied to the whole WLAN
- wlan
Limit BooleanDown Enabled - If downlink limiting for whole wlan is enabled
- wlan
Limit StringUp - Uplink bandwidth limit applied to the whole WLAN
- wlan
Limit BooleanUp Enabled - If uplink limiting for whole wlan is enabled
- wxtag
Ids List<String> - Identifiers of WxLAN tags used when
applyTo==wxtags - wxtunnel
Id String - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel
Remote StringId - When
interface=wxtunnel, remote tunnel identifier
- acct
Immediate booleanUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim numberInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- acct
Servers WlanAcct Server[] - RADIUS accounting servers used by this WLAN
- airwatch
Wlan
Airwatch - Integration settings for AirWatch device compliance on this WLAN
- allow
Ipv6Ndp boolean - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - allow
Mdns boolean - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - allow
Ssdp boolean - Only applicable when
limitBcast==true, which allows SSDP - ap
Ids string[] - Access point identifiers used when
applyTo==aps - app
Limit WlanApp Limit - Bandwidth limits for applications on this WLAN
- app
Qos WlanApp Qos - QoS rules for application traffic on this WLAN
- apply
To string - Scope that determines where this WLAN is applied
- arp
Filter boolean - Whether to enable smart arp filter
- auth
Wlan
Auth - Settings that control client authentication for this WLAN
- auth
Server stringSelection - RADIUS authentication server selection behavior for this WLAN
- auth
Servers WlanAuth Server[] - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - auth
Servers stringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers stringNas Ip - Optional, NAS-IP-ADDRESS to use
- auth
Servers numberRetries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- auth
Servers numberTimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- band
Steer boolean - Whether to enable band_steering, this works only when band==both
- band
Steer booleanForce Band5 - Force dualBand capable client to connect to 5G
- bands string[]
- list of radios that the wlan should apply to. enum:
24,5,6 - block
Blacklist booleanClients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour - Service discovery gateway settings for Bonjour traffic on this WLAN
- cisco
Cwa WlanCisco Cwa - Central web authentication settings for Cisco CWA on this WLAN
- client
Limit stringDown - Downlink bandwidth limit applied per client
- client
Limit booleanDown Enabled - If downlink limiting per-client is enabled
- client
Limit stringUp - Uplink bandwidth limit applied per client
- client
Limit booleanUp Enabled - If uplink limiting per-client is enabled
- coa
Servers WlanCoa Server[] - RADIUS Change of Authorization servers available to this WLAN
- disable11ax boolean
- Some old WLAN drivers may not be compatible
- disable11be boolean
- To disable Wi-Fi 7 EHT IEs
- disable
Ht booleanVht Rates - To disable ht or vht rates
- disable
Message booleanAuthenticator Check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- disable
Uapsd boolean - Whether to disable U-APSD
- disable
V1Roam booleanNotify - Disable sending v2 roam notification messages
- disable
V2Roam booleanNotify - Disable sending v2 roam notification messages
- disable
When booleanGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable
When booleanMxtunnel Down - Whether to disable this WLAN when the configured Mist tunnel is down
- disable
Wmm boolean - Whether to disable WMM
- dns
Server WlanRewrite Dns Server Rewrite - RADIUS group based DNS server rewrite settings for this WLAN
- dtim number
- Delivery Traffic Indication Message interval for this WLAN
- dynamic
Psk WlanDynamic Psk - Per-user PSK selection settings for this WLAN
- dynamic
Vlan WlanDynamic Vlan - VLAN assignment settings for 802.1X dynamic VLANs
- enable
Ftm boolean - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- enable
Local booleanKeycaching - Enable AP-AP keycaching via multicast
- enable
Wireless booleanBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- enable
Wireless booleanBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- enabled boolean
- If this wlan is enabled
- fast
Dot1x booleanTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid boolean - Whether to hide SSID in beacon
- hostname
Ie boolean - Include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20 - Passpoint and Hotspot 2.0 settings for this WLAN
- inject
Dhcp WlanOption82 Inject Dhcp Option82 - DHCP Option 82 insertion settings for this WLAN
- interface string
- Network interface or tunnel where this WLAN bridges client traffic
- isolation boolean
- Whether to stop clients to talk to each other
- l2Isolation boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds boolean - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast boolean - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe booleanResponse - Limit probe response base on some heuristic rules
- max
Idletime number - Max idle time in seconds
- max
Num numberClients - Maximum number of client connected to the SSID.
0means unlimited - mist
Nac WlanMist Nac - Juniper Mist NAC settings used by this WLAN
- msp
Id string - Managed service provider identifier associated with this WLAN
- mxtunnel
Ids string[] - Mist Tunnel identifiers used when
interface==mxtunnel - mxtunnel
Names string[] - Mist Tunnel names used when
interface==siteMxedge - no
Static booleanDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static booleanIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- org
Id string - Owning organization associated with this WLAN
- portal
Wlan
Portal - Guest portal settings for this WLAN
- portal
Allowed string[]Hostnames - Guest portal hostnames that clients may reach before authorization
- portal
Allowed string[]Subnets - Guest portal CIDR subnets that clients may reach before authorization
- portal
Api stringSecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - portal
Denied string[]Hostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- portal
Image string - Url of portal background image
- portal
Sso stringUrl - URL used in the SSO process, auto-generated when auth is set to
sso - qos
Wlan
Qos - Quality-of-service settings for WLAN client traffic
- radsec
Wlan
Radsec - TLS-secured RADIUS transport settings for this WLAN
- rateset
{[key: string]: Wlan
Rateset Args} - Data rate settings by RF band for this WLAN
- reconnect
Clients booleanWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam
Mode string - Fast roaming mode configured for this WLAN
- schedule
Wlan
Schedule - Operating schedule controlling when this WLAN is active
- site
Id string - Mist site associated with this WLAN, when site-scoped
- sle
Excluded boolean - Whether to exclude this WLAN from SLE metrics
- ssid string
- Name of the SSID
- use
Eapol booleanV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled boolean - If vlan tagging is enabled
- vlan
Id string - Default VLAN ID, range, or variable used when
vlanEnabled==true - vlan
Ids string[] - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - vlan
Pooling boolean - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan
Limit stringDown - Downlink bandwidth limit applied to the whole WLAN
- wlan
Limit booleanDown Enabled - If downlink limiting for whole wlan is enabled
- wlan
Limit stringUp - Uplink bandwidth limit applied to the whole WLAN
- wlan
Limit booleanUp Enabled - If uplink limiting for whole wlan is enabled
- wxtag
Ids string[] - Identifiers of WxLAN tags used when
applyTo==wxtags - wxtunnel
Id string - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel
Remote stringId - When
interface=wxtunnel, remote tunnel identifier
- acct_
immediate_ boolupdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct_
interim_ intinterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- acct_
servers Sequence[WlanAcct Server Args] - RADIUS accounting servers used by this WLAN
- airwatch
Wlan
Airwatch Args - Integration settings for AirWatch device compliance on this WLAN
- allow_
ipv6_ boolndp - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - allow_
mdns bool - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - allow_
ssdp bool - Only applicable when
limitBcast==true, which allows SSDP - ap_
ids Sequence[str] - Access point identifiers used when
applyTo==aps - app_
limit WlanApp Limit Args - Bandwidth limits for applications on this WLAN
- app_
qos WlanApp Qos Args - QoS rules for application traffic on this WLAN
- apply_
to str - Scope that determines where this WLAN is applied
- arp_
filter bool - Whether to enable smart arp filter
- auth
Wlan
Auth Args - Settings that control client authentication for this WLAN
- auth_
server_ strselection - RADIUS authentication server selection behavior for this WLAN
- auth_
servers Sequence[WlanAuth Server Args] - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - auth_
servers_ strnas_ id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth_
servers_ strnas_ ip - Optional, NAS-IP-ADDRESS to use
- auth_
servers_ intretries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- auth_
servers_ inttimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- band_
steer bool - Whether to enable band_steering, this works only when band==both
- band_
steer_ boolforce_ band5 - Force dualBand capable client to connect to 5G
- bands Sequence[str]
- list of radios that the wlan should apply to. enum:
24,5,6 - block_
blacklist_ boolclients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
Wlan
Bonjour Args - Service discovery gateway settings for Bonjour traffic on this WLAN
- cisco_
cwa WlanCisco Cwa Args - Central web authentication settings for Cisco CWA on this WLAN
- client_
limit_ strdown - Downlink bandwidth limit applied per client
- client_
limit_ booldown_ enabled - If downlink limiting per-client is enabled
- client_
limit_ strup - Uplink bandwidth limit applied per client
- client_
limit_ boolup_ enabled - If uplink limiting per-client is enabled
- coa_
servers Sequence[WlanCoa Server Args] - RADIUS Change of Authorization servers available to this WLAN
- disable11ax bool
- Some old WLAN drivers may not be compatible
- disable11be bool
- To disable Wi-Fi 7 EHT IEs
- disable_
ht_ boolvht_ rates - To disable ht or vht rates
- disable_
message_ boolauthenticator_ check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- disable_
uapsd bool - Whether to disable U-APSD
- disable_
v1_ boolroam_ notify - Disable sending v2 roam notification messages
- disable_
v2_ boolroam_ notify - Disable sending v2 roam notification messages
- disable_
when_ boolgateway_ unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable_
when_ boolmxtunnel_ down - Whether to disable this WLAN when the configured Mist tunnel is down
- disable_
wmm bool - Whether to disable WMM
- dns_
server_ Wlanrewrite Dns Server Rewrite Args - RADIUS group based DNS server rewrite settings for this WLAN
- dtim int
- Delivery Traffic Indication Message interval for this WLAN
- dynamic_
psk WlanDynamic Psk Args - Per-user PSK selection settings for this WLAN
- dynamic_
vlan WlanDynamic Vlan Args - VLAN assignment settings for 802.1X dynamic VLANs
- enable_
ftm bool - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- enable_
local_ boolkeycaching - Enable AP-AP keycaching via multicast
- enable_
wireless_ boolbridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- enable_
wireless_ boolbridging_ dhcp_ tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- enabled bool
- If this wlan is enabled
- fast_
dot1x_ booltimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide_
ssid bool - Whether to hide SSID in beacon
- hostname_
ie bool - Include hostname inside IE in AP beacons / probe responses
- hotspot20
Wlan
Hotspot20Args - Passpoint and Hotspot 2.0 settings for this WLAN
- inject_
dhcp_ Wlanoption82 Inject Dhcp Option82Args - DHCP Option 82 insertion settings for this WLAN
- interface str
- Network interface or tunnel where this WLAN bridges client traffic
- isolation bool
- Whether to stop clients to talk to each other
- l2_
isolation bool - If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy_
overds bool - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit_
bcast bool - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit_
probe_ boolresponse - Limit probe response base on some heuristic rules
- max_
idletime int - Max idle time in seconds
- max_
num_ intclients - Maximum number of client connected to the SSID.
0means unlimited - mist_
nac WlanMist Nac Args - Juniper Mist NAC settings used by this WLAN
- msp_
id str - Managed service provider identifier associated with this WLAN
- mxtunnel_
ids Sequence[str] - Mist Tunnel identifiers used when
interface==mxtunnel - mxtunnel_
names Sequence[str] - Mist Tunnel names used when
interface==siteMxedge - no_
static_ booldns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no_
static_ boolip - Whether to only allow client that we’ve learned from DHCP exchange to talk
- org_
id str - Owning organization associated with this WLAN
- portal
Wlan
Portal Args - Guest portal settings for this WLAN
- portal_
allowed_ Sequence[str]hostnames - Guest portal hostnames that clients may reach before authorization
- portal_
allowed_ Sequence[str]subnets - Guest portal CIDR subnets that clients may reach before authorization
- portal_
api_ strsecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - portal_
denied_ Sequence[str]hostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- portal_
image str - Url of portal background image
- portal_
sso_ strurl - URL used in the SSO process, auto-generated when auth is set to
sso - qos
Wlan
Qos Args - Quality-of-service settings for WLAN client traffic
- radsec
Wlan
Radsec Args - TLS-secured RADIUS transport settings for this WLAN
- rateset
Mapping[str, Wlan
Rateset Args] - Data rate settings by RF band for this WLAN
- reconnect_
clients_ boolwhen_ roaming_ mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam_
mode str - Fast roaming mode configured for this WLAN
- schedule
Wlan
Schedule Args - Operating schedule controlling when this WLAN is active
- site_
id str - Mist site associated with this WLAN, when site-scoped
- sle_
excluded bool - Whether to exclude this WLAN from SLE metrics
- ssid str
- Name of the SSID
- use_
eapol_ boolv1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan_
enabled bool - If vlan tagging is enabled
- vlan_
id str - Default VLAN ID, range, or variable used when
vlanEnabled==true - vlan_
ids Sequence[str] - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - vlan_
pooling bool - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan_
limit_ strdown - Downlink bandwidth limit applied to the whole WLAN
- wlan_
limit_ booldown_ enabled - If downlink limiting for whole wlan is enabled
- wlan_
limit_ strup - Uplink bandwidth limit applied to the whole WLAN
- wlan_
limit_ boolup_ enabled - If uplink limiting for whole wlan is enabled
- wxtag_
ids Sequence[str] - Identifiers of WxLAN tags used when
applyTo==wxtags - wxtunnel_
id str - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel_
remote_ strid - When
interface=wxtunnel, remote tunnel identifier
- acct
Immediate BooleanUpdate - Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct
Interim NumberInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled
- acct
Servers List<Property Map> - RADIUS accounting servers used by this WLAN
- airwatch Property Map
- Integration settings for AirWatch device compliance on this WLAN
- allow
Ipv6Ndp Boolean - Only applicable when
limitBcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through - allow
Mdns Boolean - Only applicable when
limitBcast==true, which allows mDNS / Bonjour packets to go through - allow
Ssdp Boolean - Only applicable when
limitBcast==true, which allows SSDP - ap
Ids List<String> - Access point identifiers used when
applyTo==aps - app
Limit Property Map - Bandwidth limits for applications on this WLAN
- app
Qos Property Map - QoS rules for application traffic on this WLAN
- apply
To String - Scope that determines where this WLAN is applied
- arp
Filter Boolean - Whether to enable smart arp filter
- auth Property Map
- Settings that control client authentication for this WLAN
- auth
Server StringSelection - RADIUS authentication server selection behavior for this WLAN
- auth
Servers List<Property Map> - RADIUS authentication servers used by this WLAN. Required when
auth.type==eap - auth
Servers StringNas Id - Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth
Servers StringNas Ip - Optional, NAS-IP-ADDRESS to use
- auth
Servers NumberRetries - RADIUS auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
- auth
Servers NumberTimeout - RADIUS auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
- band
Steer Boolean - Whether to enable band_steering, this works only when band==both
- band
Steer BooleanForce Band5 - Force dualBand capable client to connect to 5G
- bands List<String>
- list of radios that the wlan should apply to. enum:
24,5,6 - block
Blacklist BooleanClients - Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour Property Map
- Service discovery gateway settings for Bonjour traffic on this WLAN
- cisco
Cwa Property Map - Central web authentication settings for Cisco CWA on this WLAN
- client
Limit StringDown - Downlink bandwidth limit applied per client
- client
Limit BooleanDown Enabled - If downlink limiting per-client is enabled
- client
Limit StringUp - Uplink bandwidth limit applied per client
- client
Limit BooleanUp Enabled - If uplink limiting per-client is enabled
- coa
Servers List<Property Map> - RADIUS Change of Authorization servers available to this WLAN
- disable11ax Boolean
- Some old WLAN drivers may not be compatible
- disable11be Boolean
- To disable Wi-Fi 7 EHT IEs
- disable
Ht BooleanVht Rates - To disable ht or vht rates
- disable
Message BooleanAuthenticator Check - whether to disable Message-Authenticator Check, which is used to verify the integrity of RADIUS messages, default is false (i.e. for better security)
- disable
Uapsd Boolean - Whether to disable U-APSD
- disable
V1Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
V2Roam BooleanNotify - Disable sending v2 roam notification messages
- disable
When BooleanGateway Unreachable - When any of the following is true, this WLAN will be disabled
- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
- disable
When BooleanMxtunnel Down - Whether to disable this WLAN when the configured Mist tunnel is down
- disable
Wmm Boolean - Whether to disable WMM
- dns
Server Property MapRewrite - RADIUS group based DNS server rewrite settings for this WLAN
- dtim Number
- Delivery Traffic Indication Message interval for this WLAN
- dynamic
Psk Property Map - Per-user PSK selection settings for this WLAN
- dynamic
Vlan Property Map - VLAN assignment settings for 802.1X dynamic VLANs
- enable
Ftm Boolean - Enable FTM (Fine-Time Measurement, 802.11mc); configures the AP as an FTM Responder (target), allowing clients to perform ranging requests against it
- enable
Local BooleanKeycaching - Enable AP-AP keycaching via multicast
- enable
Wireless BooleanBridging - By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
- enable
Wireless BooleanBridging Dhcp Tracking - If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- If this wlan is enabled
- fast
Dot1x BooleanTimers - If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide
Ssid Boolean - Whether to hide SSID in beacon
- hostname
Ie Boolean - Include hostname inside IE in AP beacons / probe responses
- hotspot20 Property Map
- Passpoint and Hotspot 2.0 settings for this WLAN
- inject
Dhcp Property MapOption82 - DHCP Option 82 insertion settings for this WLAN
- interface String
- Network interface or tunnel where this WLAN bridges client traffic
- isolation Boolean
- Whether to stop clients to talk to each other
- l2Isolation Boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy
Overds Boolean - Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit
Bcast Boolean - Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit
Probe BooleanResponse - Limit probe response base on some heuristic rules
- max
Idletime Number - Max idle time in seconds
- max
Num NumberClients - Maximum number of client connected to the SSID.
0means unlimited - mist
Nac Property Map - Juniper Mist NAC settings used by this WLAN
- msp
Id String - Managed service provider identifier associated with this WLAN
- mxtunnel
Ids List<String> - Mist Tunnel identifiers used when
interface==mxtunnel - mxtunnel
Names List<String> - Mist Tunnel names used when
interface==siteMxedge - no
Static BooleanDns - Whether to only allow client to use DNS that we’ve learned from DHCP response
- no
Static BooleanIp - Whether to only allow client that we’ve learned from DHCP exchange to talk
- org
Id String - Owning organization associated with this WLAN
- portal Property Map
- Guest portal settings for this WLAN
- portal
Allowed List<String>Hostnames - Guest portal hostnames that clients may reach before authorization
- portal
Allowed List<String>Subnets - Guest portal CIDR subnets that clients may reach before authorization
- portal
Api StringSecret - API secret (auto-generated) that can be used to sign guest authorization requests, only generated when auth is set to
external - portal
Denied List<String>Hostnames - Guest portal hostnames denied before authorization, taking precedence over allowed hostnames
- portal
Image String - Url of portal background image
- portal
Sso StringUrl - URL used in the SSO process, auto-generated when auth is set to
sso - qos Property Map
- Quality-of-service settings for WLAN client traffic
- radsec Property Map
- TLS-secured RADIUS transport settings for this WLAN
- rateset Map<Property Map>
- Data rate settings by RF band for this WLAN
- reconnect
Clients BooleanWhen Roaming Mxcluster - When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam
Mode String - Fast roaming mode configured for this WLAN
- schedule Property Map
- Operating schedule controlling when this WLAN is active
- site
Id String - Mist site associated with this WLAN, when site-scoped
- sle
Excluded Boolean - Whether to exclude this WLAN from SLE metrics
- ssid String
- Name of the SSID
- use
Eapol BooleanV1 - If
auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices - vlan
Enabled Boolean - If vlan tagging is enabled
- vlan
Id String - Default VLAN ID, range, or variable used when
vlanEnabled==true - vlan
Ids List<String> - Pool of VLAN IDs used when
vlanEnabled==trueandvlanPooling==true - vlan
Pooling Boolean - Requires
vlanEnabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm - wlan
Limit StringDown - Downlink bandwidth limit applied to the whole WLAN
- wlan
Limit BooleanDown Enabled - If downlink limiting for whole wlan is enabled
- wlan
Limit StringUp - Uplink bandwidth limit applied to the whole WLAN
- wlan
Limit BooleanUp Enabled - If uplink limiting for whole wlan is enabled
- wxtag
Ids List<String> - Identifiers of WxLAN tags used when
applyTo==wxtags - wxtunnel
Id String - When
interface=wxtunnel, id of the WXLAN Tunnel - wxtunnel
Remote StringId - When
interface=wxtunnel, remote tunnel identifier
Supporting Types
WlanAcctServer, WlanAcctServerArgs
- Host string
- Address or hostname of the RADIUS accounting server
- Secret string
- Shared secret used with this RADIUS accounting server
- Keywrap
Enabled bool - Whether RADIUS keywrap is enabled for messages sent to this accounting server
- Keywrap
Format string - Encoding format for RADIUS keywrap KEK and MACK values
- Keywrap
Kek string - RADIUS keywrap key encryption key (KEK)
- Keywrap
Mack string - RADIUS keywrap message authentication code key (MACK)
- Port string
- UDP port used by the RADIUS accounting server
- Host string
- Address or hostname of the RADIUS accounting server
- Secret string
- Shared secret used with this RADIUS accounting server
- Keywrap
Enabled bool - Whether RADIUS keywrap is enabled for messages sent to this accounting server
- Keywrap
Format string - Encoding format for RADIUS keywrap KEK and MACK values
- Keywrap
Kek string - RADIUS keywrap key encryption key (KEK)
- Keywrap
Mack string - RADIUS keywrap message authentication code key (MACK)
- Port string
- UDP port used by the RADIUS accounting server
- host string
- Address or hostname of the RADIUS accounting server
- secret string
- Shared secret used with this RADIUS accounting server
- keywrap_
enabled bool - Whether RADIUS keywrap is enabled for messages sent to this accounting server
- keywrap_
format string - Encoding format for RADIUS keywrap KEK and MACK values
- keywrap_
kek string - RADIUS keywrap key encryption key (KEK)
- keywrap_
mack string - RADIUS keywrap message authentication code key (MACK)
- port string
- UDP port used by the RADIUS accounting server
- host String
- Address or hostname of the RADIUS accounting server
- secret String
- Shared secret used with this RADIUS accounting server
- keywrap
Enabled Boolean - Whether RADIUS keywrap is enabled for messages sent to this accounting server
- keywrap
Format String - Encoding format for RADIUS keywrap KEK and MACK values
- keywrap
Kek String - RADIUS keywrap key encryption key (KEK)
- keywrap
Mack String - RADIUS keywrap message authentication code key (MACK)
- port String
- UDP port used by the RADIUS accounting server
- host string
- Address or hostname of the RADIUS accounting server
- secret string
- Shared secret used with this RADIUS accounting server
- keywrap
Enabled boolean - Whether RADIUS keywrap is enabled for messages sent to this accounting server
- keywrap
Format string - Encoding format for RADIUS keywrap KEK and MACK values
- keywrap
Kek string - RADIUS keywrap key encryption key (KEK)
- keywrap
Mack string - RADIUS keywrap message authentication code key (MACK)
- port string
- UDP port used by the RADIUS accounting server
- host str
- Address or hostname of the RADIUS accounting server
- secret str
- Shared secret used with this RADIUS accounting server
- keywrap_
enabled bool - Whether RADIUS keywrap is enabled for messages sent to this accounting server
- keywrap_
format str - Encoding format for RADIUS keywrap KEK and MACK values
- keywrap_
kek str - RADIUS keywrap key encryption key (KEK)
- keywrap_
mack str - RADIUS keywrap message authentication code key (MACK)
- port str
- UDP port used by the RADIUS accounting server
- host String
- Address or hostname of the RADIUS accounting server
- secret String
- Shared secret used with this RADIUS accounting server
- keywrap
Enabled Boolean - Whether RADIUS keywrap is enabled for messages sent to this accounting server
- keywrap
Format String - Encoding format for RADIUS keywrap KEK and MACK values
- keywrap
Kek String - RADIUS keywrap key encryption key (KEK)
- keywrap
Mack String - RADIUS keywrap message authentication code key (MACK)
- port String
- UDP port used by the RADIUS accounting server
WlanAirwatch, WlanAirwatchArgs
- Api
Key string - API key used to authenticate to the AirWatch service
- Console
Url string - Base console URL of the AirWatch deployment
- Enabled bool
- Whether AirWatch integration is enabled for the WLAN
- Password string
- AirWatch integration account password for this WLAN
- Username string
- AirWatch integration account username for this WLAN
- Api
Key string - API key used to authenticate to the AirWatch service
- Console
Url string - Base console URL of the AirWatch deployment
- Enabled bool
- Whether AirWatch integration is enabled for the WLAN
- Password string
- AirWatch integration account password for this WLAN
- Username string
- AirWatch integration account username for this WLAN
- api_
key string - API key used to authenticate to the AirWatch service
- console_
url string - Base console URL of the AirWatch deployment
- enabled bool
- Whether AirWatch integration is enabled for the WLAN
- password string
- AirWatch integration account password for this WLAN
- username string
- AirWatch integration account username for this WLAN
- api
Key String - API key used to authenticate to the AirWatch service
- console
Url String - Base console URL of the AirWatch deployment
- enabled Boolean
- Whether AirWatch integration is enabled for the WLAN
- password String
- AirWatch integration account password for this WLAN
- username String
- AirWatch integration account username for this WLAN
- api
Key string - API key used to authenticate to the AirWatch service
- console
Url string - Base console URL of the AirWatch deployment
- enabled boolean
- Whether AirWatch integration is enabled for the WLAN
- password string
- AirWatch integration account password for this WLAN
- username string
- AirWatch integration account username for this WLAN
- api_
key str - API key used to authenticate to the AirWatch service
- console_
url str - Base console URL of the AirWatch deployment
- enabled bool
- Whether AirWatch integration is enabled for the WLAN
- password str
- AirWatch integration account password for this WLAN
- username str
- AirWatch integration account username for this WLAN
- api
Key String - API key used to authenticate to the AirWatch service
- console
Url String - Base console URL of the AirWatch deployment
- enabled Boolean
- Whether AirWatch integration is enabled for the WLAN
- password String
- AirWatch integration account password for this WLAN
- username String
- AirWatch integration account username for this WLAN
WlanAppLimit, WlanAppLimitArgs
- Apps Dictionary<string, int>
- Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
- Enabled bool
- Whether application bandwidth limits are enabled for this WLAN
- Wxtag
Ids Dictionary<string, int> - Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the
wxtagId
- Apps map[string]int
- Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
- Enabled bool
- Whether application bandwidth limits are enabled for this WLAN
- Wxtag
Ids map[string]int - Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the
wxtagId
- apps Map<String,Integer>
- Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
- enabled Boolean
- Whether application bandwidth limits are enabled for this WLAN
- wxtag
Ids Map<String,Integer> - Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the
wxtagId
- apps {[key: string]: number}
- Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
- enabled boolean
- Whether application bandwidth limits are enabled for this WLAN
- wxtag
Ids {[key: string]: number} - Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the
wxtagId
- apps Mapping[str, int]
- Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
- enabled bool
- Whether application bandwidth limits are enabled for this WLAN
- wxtag_
ids Mapping[str, int] - Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the
wxtagId
- apps Map<Number>
- Map from app key to bandwidth in kbps. Property key is the app key, defined in Get Application List
- enabled Boolean
- Whether application bandwidth limits are enabled for this WLAN
- wxtag
Ids Map<Number> - Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the
wxtagId
WlanAppQos, WlanAppQosArgs
- Apps
Dictionary<string, Pulumi.
Juniper Mist. Site. Inputs. Wlan App Qos Apps> - Map of application keys to QoS rewrite settings
- Enabled bool
- Whether application QoS rewrite rules are enabled for this WLAN
- Others
List<Pulumi.
Juniper Mist. Site. Inputs. Wlan App Qos Other> - Custom traffic QoS rules that are not tied to named applications
- Apps
map[string]Wlan
App Qos Apps - Map of application keys to QoS rewrite settings
- Enabled bool
- Whether application QoS rewrite rules are enabled for this WLAN
- Others
[]Wlan
App Qos Other - Custom traffic QoS rules that are not tied to named applications
- apps map(object)
- Map of application keys to QoS rewrite settings
- enabled bool
- Whether application QoS rewrite rules are enabled for this WLAN
- others list(object)
- Custom traffic QoS rules that are not tied to named applications
- apps
Map<String,Wlan
App Qos Apps> - Map of application keys to QoS rewrite settings
- enabled Boolean
- Whether application QoS rewrite rules are enabled for this WLAN
- others
List<Wlan
App Qos Other> - Custom traffic QoS rules that are not tied to named applications
- apps
{[key: string]: Wlan
App Qos Apps} - Map of application keys to QoS rewrite settings
- enabled boolean
- Whether application QoS rewrite rules are enabled for this WLAN
- others
Wlan
App Qos Other[] - Custom traffic QoS rules that are not tied to named applications
- apps
Mapping[str, Wlan
App Qos Apps] - Map of application keys to QoS rewrite settings
- enabled bool
- Whether application QoS rewrite rules are enabled for this WLAN
- others
Sequence[Wlan
App Qos Other] - Custom traffic QoS rules that are not tied to named applications
- apps Map<Property Map>
- Map of application keys to QoS rewrite settings
- enabled Boolean
- Whether application QoS rewrite rules are enabled for this WLAN
- others List<Property Map>
- Custom traffic QoS rules that are not tied to named applications
WlanAppQosApps, WlanAppQosAppsArgs
- dscp string
- DSCP value range between 0 and 63
- dst_
subnet string - Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
- src_
subnet string - Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
- dscp str
- DSCP value range between 0 and 63
- dst_
subnet str - Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
- src_
subnet str - Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
WlanAppQosOther, WlanAppQosOtherArgs
- Dscp string
- Differentiated Services Code Point value applied to matching traffic
- Dst
Subnet string - Destination subnet filter for this custom QoS rule
- Port
Ranges string - TCP or UDP port ranges matched by this custom QoS rule
- Protocol string
- IP protocol matched by this custom QoS rule
- Src
Subnet string - Source subnet filter for this custom QoS rule
- Dscp string
- Differentiated Services Code Point value applied to matching traffic
- Dst
Subnet string - Destination subnet filter for this custom QoS rule
- Port
Ranges string - TCP or UDP port ranges matched by this custom QoS rule
- Protocol string
- IP protocol matched by this custom QoS rule
- Src
Subnet string - Source subnet filter for this custom QoS rule
- dscp string
- Differentiated Services Code Point value applied to matching traffic
- dst_
subnet string - Destination subnet filter for this custom QoS rule
- port_
ranges string - TCP or UDP port ranges matched by this custom QoS rule
- protocol string
- IP protocol matched by this custom QoS rule
- src_
subnet string - Source subnet filter for this custom QoS rule
- dscp String
- Differentiated Services Code Point value applied to matching traffic
- dst
Subnet String - Destination subnet filter for this custom QoS rule
- port
Ranges String - TCP or UDP port ranges matched by this custom QoS rule
- protocol String
- IP protocol matched by this custom QoS rule
- src
Subnet String - Source subnet filter for this custom QoS rule
- dscp string
- Differentiated Services Code Point value applied to matching traffic
- dst
Subnet string - Destination subnet filter for this custom QoS rule
- port
Ranges string - TCP or UDP port ranges matched by this custom QoS rule
- protocol string
- IP protocol matched by this custom QoS rule
- src
Subnet string - Source subnet filter for this custom QoS rule
- dscp str
- Differentiated Services Code Point value applied to matching traffic
- dst_
subnet str - Destination subnet filter for this custom QoS rule
- port_
ranges str - TCP or UDP port ranges matched by this custom QoS rule
- protocol str
- IP protocol matched by this custom QoS rule
- src_
subnet str - Source subnet filter for this custom QoS rule
- dscp String
- Differentiated Services Code Point value applied to matching traffic
- dst
Subnet String - Destination subnet filter for this custom QoS rule
- port
Ranges String - TCP or UDP port ranges matched by this custom QoS rule
- protocol String
- IP protocol matched by this custom QoS rule
- src
Subnet String - Source subnet filter for this custom QoS rule
WlanAuth, WlanAuthArgs
- Anticlog
Threshold int - SAE anti-clogging token threshold
- Eap
Reauth bool - Whether to trigger EAP reauth when the session ends
- Enable
Beacon boolProtection - Enable Beacon Protection; default is false for better compatibility
- Enable
Gcmp256 bool - Enable GCMP-256 encryption suite; default is false for better compatibility
- Enable
Mac boolAuth - Whether to enable MAC Auth, uses the same auth_servers
- Key
Idx int - When
type==wep, index of the WEP key used as the default transmit key - Keys List<string>
- When
type==wep, WEP keys configured for this WLAN - Multi
Psk boolOnly - When
type==psk, whether to only use multi_psk - Owe string
- When
type==open, Opportunistic Wireless Encryption mode for this WLAN - Pairwises List<string>
- When
type==pskortype==eap, pairwise cipher suites allowed for this WLAN - Private
Wlan bool - When
multiPskOnly==true, whether private wlan is enabled - Psk string
- When
type==psk, 8-64 characters, or 64 hex characters - Type string
- Authentication mode used by this WLAN
- Wep
As boolSecondary Auth - Enable WEP as secondary auth
- Anticlog
Threshold int - SAE anti-clogging token threshold
- Eap
Reauth bool - Whether to trigger EAP reauth when the session ends
- Enable
Beacon boolProtection - Enable Beacon Protection; default is false for better compatibility
- Enable
Gcmp256 bool - Enable GCMP-256 encryption suite; default is false for better compatibility
- Enable
Mac boolAuth - Whether to enable MAC Auth, uses the same auth_servers
- Key
Idx int - When
type==wep, index of the WEP key used as the default transmit key - Keys []string
- When
type==wep, WEP keys configured for this WLAN - Multi
Psk boolOnly - When
type==psk, whether to only use multi_psk - Owe string
- When
type==open, Opportunistic Wireless Encryption mode for this WLAN - Pairwises []string
- When
type==pskortype==eap, pairwise cipher suites allowed for this WLAN - Private
Wlan bool - When
multiPskOnly==true, whether private wlan is enabled - Psk string
- When
type==psk, 8-64 characters, or 64 hex characters - Type string
- Authentication mode used by this WLAN
- Wep
As boolSecondary Auth - Enable WEP as secondary auth
- anticlog_
threshold number - SAE anti-clogging token threshold
- eap_
reauth bool - Whether to trigger EAP reauth when the session ends
- enable_
beacon_ boolprotection - Enable Beacon Protection; default is false for better compatibility
- enable_
gcmp256 bool - Enable GCMP-256 encryption suite; default is false for better compatibility
- enable_
mac_ boolauth - Whether to enable MAC Auth, uses the same auth_servers
- key_
idx number - When
type==wep, index of the WEP key used as the default transmit key - keys list(string)
- When
type==wep, WEP keys configured for this WLAN - multi_
psk_ boolonly - When
type==psk, whether to only use multi_psk - owe string
- When
type==open, Opportunistic Wireless Encryption mode for this WLAN - pairwises list(string)
- When
type==pskortype==eap, pairwise cipher suites allowed for this WLAN - private_
wlan bool - When
multiPskOnly==true, whether private wlan is enabled - psk string
- When
type==psk, 8-64 characters, or 64 hex characters - type string
- Authentication mode used by this WLAN
- wep_
as_ boolsecondary_ auth - Enable WEP as secondary auth
- anticlog
Threshold Integer - SAE anti-clogging token threshold
- eap
Reauth Boolean - Whether to trigger EAP reauth when the session ends
- enable
Beacon BooleanProtection - Enable Beacon Protection; default is false for better compatibility
- enable
Gcmp256 Boolean - Enable GCMP-256 encryption suite; default is false for better compatibility
- enable
Mac BooleanAuth - Whether to enable MAC Auth, uses the same auth_servers
- key
Idx Integer - When
type==wep, index of the WEP key used as the default transmit key - keys List<String>
- When
type==wep, WEP keys configured for this WLAN - multi
Psk BooleanOnly - When
type==psk, whether to only use multi_psk - owe String
- When
type==open, Opportunistic Wireless Encryption mode for this WLAN - pairwises List<String>
- When
type==pskortype==eap, pairwise cipher suites allowed for this WLAN - private
Wlan Boolean - When
multiPskOnly==true, whether private wlan is enabled - psk String
- When
type==psk, 8-64 characters, or 64 hex characters - type String
- Authentication mode used by this WLAN
- wep
As BooleanSecondary Auth - Enable WEP as secondary auth
- anticlog
Threshold number - SAE anti-clogging token threshold
- eap
Reauth boolean - Whether to trigger EAP reauth when the session ends
- enable
Beacon booleanProtection - Enable Beacon Protection; default is false for better compatibility
- enable
Gcmp256 boolean - Enable GCMP-256 encryption suite; default is false for better compatibility
- enable
Mac booleanAuth - Whether to enable MAC Auth, uses the same auth_servers
- key
Idx number - When
type==wep, index of the WEP key used as the default transmit key - keys string[]
- When
type==wep, WEP keys configured for this WLAN - multi
Psk booleanOnly - When
type==psk, whether to only use multi_psk - owe string
- When
type==open, Opportunistic Wireless Encryption mode for this WLAN - pairwises string[]
- When
type==pskortype==eap, pairwise cipher suites allowed for this WLAN - private
Wlan boolean - When
multiPskOnly==true, whether private wlan is enabled - psk string
- When
type==psk, 8-64 characters, or 64 hex characters - type string
- Authentication mode used by this WLAN
- wep
As booleanSecondary Auth - Enable WEP as secondary auth
- anticlog_
threshold int - SAE anti-clogging token threshold
- eap_
reauth bool - Whether to trigger EAP reauth when the session ends
- enable_
beacon_ boolprotection - Enable Beacon Protection; default is false for better compatibility
- enable_
gcmp256 bool - Enable GCMP-256 encryption suite; default is false for better compatibility
- enable_
mac_ boolauth - Whether to enable MAC Auth, uses the same auth_servers
- key_
idx int - When
type==wep, index of the WEP key used as the default transmit key - keys Sequence[str]
- When
type==wep, WEP keys configured for this WLAN - multi_
psk_ boolonly - When
type==psk, whether to only use multi_psk - owe str
- When
type==open, Opportunistic Wireless Encryption mode for this WLAN - pairwises Sequence[str]
- When
type==pskortype==eap, pairwise cipher suites allowed for this WLAN - private_
wlan bool - When
multiPskOnly==true, whether private wlan is enabled - psk str
- When
type==psk, 8-64 characters, or 64 hex characters - type str
- Authentication mode used by this WLAN
- wep_
as_ boolsecondary_ auth - Enable WEP as secondary auth
- anticlog
Threshold Number - SAE anti-clogging token threshold
- eap
Reauth Boolean - Whether to trigger EAP reauth when the session ends
- enable
Beacon BooleanProtection - Enable Beacon Protection; default is false for better compatibility
- enable
Gcmp256 Boolean - Enable GCMP-256 encryption suite; default is false for better compatibility
- enable
Mac BooleanAuth - Whether to enable MAC Auth, uses the same auth_servers
- key
Idx Number - When
type==wep, index of the WEP key used as the default transmit key - keys List<String>
- When
type==wep, WEP keys configured for this WLAN - multi
Psk BooleanOnly - When
type==psk, whether to only use multi_psk - owe String
- When
type==open, Opportunistic Wireless Encryption mode for this WLAN - pairwises List<String>
- When
type==pskortype==eap, pairwise cipher suites allowed for this WLAN - private
Wlan Boolean - When
multiPskOnly==true, whether private wlan is enabled - psk String
- When
type==psk, 8-64 characters, or 64 hex characters - type String
- Authentication mode used by this WLAN
- wep
As BooleanSecondary Auth - Enable WEP as secondary auth
WlanAuthServer, WlanAuthServerArgs
- Host string
- Address or hostname of the RADIUS authentication server
- Secret string
- Shared secret used with this RADIUS authentication server
- Keywrap
Enabled bool - Whether RADIUS keywrap is enabled for messages sent to this authentication server
- Keywrap
Format string - Encoding format for RADIUS keywrap KEK and MACK values
- Keywrap
Kek string - RADIUS keywrap key encryption key (KEK)
- Keywrap
Mack string - RADIUS keywrap message authentication code key (MACK)
- Port string
- UDP port used by the RADIUS authentication server
- Require
Message boolAuthenticator - Whether to require Message-Authenticator in requests
- Host string
- Address or hostname of the RADIUS authentication server
- Secret string
- Shared secret used with this RADIUS authentication server
- Keywrap
Enabled bool - Whether RADIUS keywrap is enabled for messages sent to this authentication server
- Keywrap
Format string - Encoding format for RADIUS keywrap KEK and MACK values
- Keywrap
Kek string - RADIUS keywrap key encryption key (KEK)
- Keywrap
Mack string - RADIUS keywrap message authentication code key (MACK)
- Port string
- UDP port used by the RADIUS authentication server
- Require
Message boolAuthenticator - Whether to require Message-Authenticator in requests
- host string
- Address or hostname of the RADIUS authentication server
- secret string
- Shared secret used with this RADIUS authentication server
- keywrap_
enabled bool - Whether RADIUS keywrap is enabled for messages sent to this authentication server
- keywrap_
format string - Encoding format for RADIUS keywrap KEK and MACK values
- keywrap_
kek string - RADIUS keywrap key encryption key (KEK)
- keywrap_
mack string - RADIUS keywrap message authentication code key (MACK)
- port string
- UDP port used by the RADIUS authentication server
- require_
message_ boolauthenticator - Whether to require Message-Authenticator in requests
- host String
- Address or hostname of the RADIUS authentication server
- secret String
- Shared secret used with this RADIUS authentication server
- keywrap
Enabled Boolean - Whether RADIUS keywrap is enabled for messages sent to this authentication server
- keywrap
Format String - Encoding format for RADIUS keywrap KEK and MACK values
- keywrap
Kek String - RADIUS keywrap key encryption key (KEK)
- keywrap
Mack String - RADIUS keywrap message authentication code key (MACK)
- port String
- UDP port used by the RADIUS authentication server
- require
Message BooleanAuthenticator - Whether to require Message-Authenticator in requests
- host string
- Address or hostname of the RADIUS authentication server
- secret string
- Shared secret used with this RADIUS authentication server
- keywrap
Enabled boolean - Whether RADIUS keywrap is enabled for messages sent to this authentication server
- keywrap
Format string - Encoding format for RADIUS keywrap KEK and MACK values
- keywrap
Kek string - RADIUS keywrap key encryption key (KEK)
- keywrap
Mack string - RADIUS keywrap message authentication code key (MACK)
- port string
- UDP port used by the RADIUS authentication server
- require
Message booleanAuthenticator - Whether to require Message-Authenticator in requests
- host str
- Address or hostname of the RADIUS authentication server
- secret str
- Shared secret used with this RADIUS authentication server
- keywrap_
enabled bool - Whether RADIUS keywrap is enabled for messages sent to this authentication server
- keywrap_
format str - Encoding format for RADIUS keywrap KEK and MACK values
- keywrap_
kek str - RADIUS keywrap key encryption key (KEK)
- keywrap_
mack str - RADIUS keywrap message authentication code key (MACK)
- port str
- UDP port used by the RADIUS authentication server
- require_
message_ boolauthenticator - Whether to require Message-Authenticator in requests
- host String
- Address or hostname of the RADIUS authentication server
- secret String
- Shared secret used with this RADIUS authentication server
- keywrap
Enabled Boolean - Whether RADIUS keywrap is enabled for messages sent to this authentication server
- keywrap
Format String - Encoding format for RADIUS keywrap KEK and MACK values
- keywrap
Kek String - RADIUS keywrap key encryption key (KEK)
- keywrap
Mack String - RADIUS keywrap message authentication code key (MACK)
- port String
- UDP port used by the RADIUS authentication server
- require
Message BooleanAuthenticator - Whether to require Message-Authenticator in requests
WlanBonjour, WlanBonjourArgs
- Additional
Vlan List<string>Ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- Enabled bool
- Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
- Services
Dictionary<string, Pulumi.
Juniper Mist. Site. Inputs. Wlan Bonjour Services> - What services are allowed. Property key is the service name
- Additional
Vlan []stringIds - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- Enabled bool
- Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
- Services
map[string]Wlan
Bonjour Services - What services are allowed. Property key is the service name
- additional_
vlan_ list(string)ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled bool
- Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
- services map(object)
- What services are allowed. Property key is the service name
- additional
Vlan List<String>Ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled Boolean
- Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
- services
Map<String,Wlan
Bonjour Services> - What services are allowed. Property key is the service name
- additional
Vlan string[]Ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled boolean
- Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
- services
{[key: string]: Wlan
Bonjour Services} - What services are allowed. Property key is the service name
- additional_
vlan_ Sequence[str]ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled bool
- Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
- services
Mapping[str, Wlan
Bonjour Services] - What services are allowed. Property key is the service name
- additional
Vlan List<String>Ids - additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled Boolean
- Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
- services Map<Property Map>
- What services are allowed. Property key is the service name
WlanBonjourServices, WlanBonjourServicesArgs
- Disable
Local bool - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- Radius
Groups List<string> - RADIUS groups allowed to discover this Bonjour service, when restricted
- Scope string
- Discovery scope for this Bonjour service on the WLAN
- Disable
Local bool - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- Radius
Groups []string - RADIUS groups allowed to discover this Bonjour service, when restricted
- Scope string
- Discovery scope for this Bonjour service on the WLAN
- disable_
local bool - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius_
groups list(string) - RADIUS groups allowed to discover this Bonjour service, when restricted
- scope string
- Discovery scope for this Bonjour service on the WLAN
- disable
Local Boolean - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius
Groups List<String> - RADIUS groups allowed to discover this Bonjour service, when restricted
- scope String
- Discovery scope for this Bonjour service on the WLAN
- disable
Local boolean - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius
Groups string[] - RADIUS groups allowed to discover this Bonjour service, when restricted
- scope string
- Discovery scope for this Bonjour service on the WLAN
- disable_
local bool - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius_
groups Sequence[str] - RADIUS groups allowed to discover this Bonjour service, when restricted
- scope str
- Discovery scope for this Bonjour service on the WLAN
- disable
Local Boolean - Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius
Groups List<String> - RADIUS groups allowed to discover this Bonjour service, when restricted
- scope String
- Discovery scope for this Bonjour service on the WLAN
WlanCiscoCwa, WlanCiscoCwaArgs
- Allowed
Hostnames List<string> - Hostnames allowed for Cisco CWA client access before authorization
- Allowed
Subnets List<string> - CIDR subnets allowed for Cisco CWA client access before authorization
- Blocked
Subnets List<string> - CIDR subnets blocked for Cisco CWA client access
- Enabled bool
- Whether Cisco CWA is enabled for this WLAN
- Allowed
Hostnames []string - Hostnames allowed for Cisco CWA client access before authorization
- Allowed
Subnets []string - CIDR subnets allowed for Cisco CWA client access before authorization
- Blocked
Subnets []string - CIDR subnets blocked for Cisco CWA client access
- Enabled bool
- Whether Cisco CWA is enabled for this WLAN
- allowed_
hostnames list(string) - Hostnames allowed for Cisco CWA client access before authorization
- allowed_
subnets list(string) - CIDR subnets allowed for Cisco CWA client access before authorization
- blocked_
subnets list(string) - CIDR subnets blocked for Cisco CWA client access
- enabled bool
- Whether Cisco CWA is enabled for this WLAN
- allowed
Hostnames List<String> - Hostnames allowed for Cisco CWA client access before authorization
- allowed
Subnets List<String> - CIDR subnets allowed for Cisco CWA client access before authorization
- blocked
Subnets List<String> - CIDR subnets blocked for Cisco CWA client access
- enabled Boolean
- Whether Cisco CWA is enabled for this WLAN
- allowed
Hostnames string[] - Hostnames allowed for Cisco CWA client access before authorization
- allowed
Subnets string[] - CIDR subnets allowed for Cisco CWA client access before authorization
- blocked
Subnets string[] - CIDR subnets blocked for Cisco CWA client access
- enabled boolean
- Whether Cisco CWA is enabled for this WLAN
- allowed_
hostnames Sequence[str] - Hostnames allowed for Cisco CWA client access before authorization
- allowed_
subnets Sequence[str] - CIDR subnets allowed for Cisco CWA client access before authorization
- blocked_
subnets Sequence[str] - CIDR subnets blocked for Cisco CWA client access
- enabled bool
- Whether Cisco CWA is enabled for this WLAN
- allowed
Hostnames List<String> - Hostnames allowed for Cisco CWA client access before authorization
- allowed
Subnets List<String> - CIDR subnets allowed for Cisco CWA client access before authorization
- blocked
Subnets List<String> - CIDR subnets blocked for Cisco CWA client access
- enabled Boolean
- Whether Cisco CWA is enabled for this WLAN
WlanCoaServer, WlanCoaServerArgs
- Ip string
- Server IPv4 address for RADIUS CoA messages
- Secret string
- Shared secret used to authenticate RADIUS CoA messages
- Disable
Event boolTimestamp Check - Whether to disable Event-Timestamp Check
- Enabled bool
- Whether this RADIUS CoA server is enabled
- Port string
- UDP port used to send RADIUS CoA messages to the server
- Ip string
- Server IPv4 address for RADIUS CoA messages
- Secret string
- Shared secret used to authenticate RADIUS CoA messages
- Disable
Event boolTimestamp Check - Whether to disable Event-Timestamp Check
- Enabled bool
- Whether this RADIUS CoA server is enabled
- Port string
- UDP port used to send RADIUS CoA messages to the server
- ip string
- Server IPv4 address for RADIUS CoA messages
- secret string
- Shared secret used to authenticate RADIUS CoA messages
- disable_
event_ booltimestamp_ check - Whether to disable Event-Timestamp Check
- enabled bool
- Whether this RADIUS CoA server is enabled
- port string
- UDP port used to send RADIUS CoA messages to the server
- ip String
- Server IPv4 address for RADIUS CoA messages
- secret String
- Shared secret used to authenticate RADIUS CoA messages
- disable
Event BooleanTimestamp Check - Whether to disable Event-Timestamp Check
- enabled Boolean
- Whether this RADIUS CoA server is enabled
- port String
- UDP port used to send RADIUS CoA messages to the server
- ip string
- Server IPv4 address for RADIUS CoA messages
- secret string
- Shared secret used to authenticate RADIUS CoA messages
- disable
Event booleanTimestamp Check - Whether to disable Event-Timestamp Check
- enabled boolean
- Whether this RADIUS CoA server is enabled
- port string
- UDP port used to send RADIUS CoA messages to the server
- ip str
- Server IPv4 address for RADIUS CoA messages
- secret str
- Shared secret used to authenticate RADIUS CoA messages
- disable_
event_ booltimestamp_ check - Whether to disable Event-Timestamp Check
- enabled bool
- Whether this RADIUS CoA server is enabled
- port str
- UDP port used to send RADIUS CoA messages to the server
- ip String
- Server IPv4 address for RADIUS CoA messages
- secret String
- Shared secret used to authenticate RADIUS CoA messages
- disable
Event BooleanTimestamp Check - Whether to disable Event-Timestamp Check
- enabled Boolean
- Whether this RADIUS CoA server is enabled
- port String
- UDP port used to send RADIUS CoA messages to the server
WlanDnsServerRewrite, WlanDnsServerRewriteArgs
- Enabled bool
- Whether DNS server rewrite by RADIUS group is enabled for this WLAN
- Radius
Groups Dictionary<string, string> - Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- Enabled bool
- Whether DNS server rewrite by RADIUS group is enabled for this WLAN
- Radius
Groups map[string]string - Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled bool
- Whether DNS server rewrite by RADIUS group is enabled for this WLAN
- radius_
groups map(string) - Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled Boolean
- Whether DNS server rewrite by RADIUS group is enabled for this WLAN
- radius
Groups Map<String,String> - Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled boolean
- Whether DNS server rewrite by RADIUS group is enabled for this WLAN
- radius
Groups {[key: string]: string} - Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled bool
- Whether DNS server rewrite by RADIUS group is enabled for this WLAN
- radius_
groups Mapping[str, str] - Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled Boolean
- Whether DNS server rewrite by RADIUS group is enabled for this WLAN
- radius
Groups Map<String> - Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
WlanDynamicPsk, WlanDynamicPskArgs
- Default
Psk string - Default PSK to use if cloud WLC is not available, 8-63 characters
- Default
Vlan stringId - Default VLAN ID used when dynamic PSK lookup does not return a VLAN
- Enabled bool
- Whether dynamic PSK is enabled for this WLAN
- Force
Lookup bool - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - Source string
- Origin used to retrieve per-user PSKs
- Default
Psk string - Default PSK to use if cloud WLC is not available, 8-63 characters
- Default
Vlan stringId - Default VLAN ID used when dynamic PSK lookup does not return a VLAN
- Enabled bool
- Whether dynamic PSK is enabled for this WLAN
- Force
Lookup bool - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - Source string
- Origin used to retrieve per-user PSKs
- default_
psk string - Default PSK to use if cloud WLC is not available, 8-63 characters
- default_
vlan_ stringid - Default VLAN ID used when dynamic PSK lookup does not return a VLAN
- enabled bool
- Whether dynamic PSK is enabled for this WLAN
- force_
lookup bool - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - source string
- Origin used to retrieve per-user PSKs
- default
Psk String - Default PSK to use if cloud WLC is not available, 8-63 characters
- default
Vlan StringId - Default VLAN ID used when dynamic PSK lookup does not return a VLAN
- enabled Boolean
- Whether dynamic PSK is enabled for this WLAN
- force
Lookup Boolean - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - source String
- Origin used to retrieve per-user PSKs
- default
Psk string - Default PSK to use if cloud WLC is not available, 8-63 characters
- default
Vlan stringId - Default VLAN ID used when dynamic PSK lookup does not return a VLAN
- enabled boolean
- Whether dynamic PSK is enabled for this WLAN
- force
Lookup boolean - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - source string
- Origin used to retrieve per-user PSKs
- default_
psk str - Default PSK to use if cloud WLC is not available, 8-63 characters
- default_
vlan_ strid - Default VLAN ID used when dynamic PSK lookup does not return a VLAN
- enabled bool
- Whether dynamic PSK is enabled for this WLAN
- force_
lookup bool - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - source str
- Origin used to retrieve per-user PSKs
- default
Psk String - Default PSK to use if cloud WLC is not available, 8-63 characters
- default
Vlan StringId - Default VLAN ID used when dynamic PSK lookup does not return a VLAN
- enabled Boolean
- Whether dynamic PSK is enabled for this WLAN
- force
Lookup Boolean - When 11r is enabled, we'll try to use the cached PMK, this can be disabled.
falsemeans auto - source String
- Origin used to retrieve per-user PSKs
WlanDynamicVlan, WlanDynamicVlanArgs
- Default
Vlan List<string>Ids - Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
- Enabled bool
- Requires
vlanEnabled==trueto be set totrue. Whether to enable dynamic vlan - Local
Vlan List<string>Ids - VLAN IDs that should be locally bridged for dynamic VLAN assignment
- Type string
- Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
- Vlans Dictionary<string, string>
- Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the VLAN ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
- if
- Default
Vlan []stringIds - Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
- Enabled bool
- Requires
vlanEnabled==trueto be set totrue. Whether to enable dynamic vlan - Local
Vlan []stringIds - VLAN IDs that should be locally bridged for dynamic VLAN assignment
- Type string
- Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
- Vlans map[string]string
- Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the VLAN ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
- if
- default_
vlan_ list(string)ids - Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
- enabled bool
- Requires
vlanEnabled==trueto be set totrue. Whether to enable dynamic vlan - local_
vlan_ list(string)ids - VLAN IDs that should be locally bridged for dynamic VLAN assignment
- type string
- Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
- vlans map(string)
- Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the VLAN ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
- if
- default
Vlan List<String>Ids - Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
- enabled Boolean
- Requires
vlanEnabled==trueto be set totrue. Whether to enable dynamic vlan - local
Vlan List<String>Ids - VLAN IDs that should be locally bridged for dynamic VLAN assignment
- type String
- Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
- vlans Map<String,String>
- Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the VLAN ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
- if
- default
Vlan string[]Ids - Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
- enabled boolean
- Requires
vlanEnabled==trueto be set totrue. Whether to enable dynamic vlan - local
Vlan string[]Ids - VLAN IDs that should be locally bridged for dynamic VLAN assignment
- type string
- Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
- vlans {[key: string]: string}
- Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the VLAN ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
- if
- default_
vlan_ Sequence[str]ids - Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
- enabled bool
- Requires
vlanEnabled==trueto be set totrue. Whether to enable dynamic vlan - local_
vlan_ Sequence[str]ids - VLAN IDs that should be locally bridged for dynamic VLAN assignment
- type str
- Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
- vlans Mapping[str, str]
- Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the VLAN ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
- if
- default
Vlan List<String>Ids - Fallback VLAN IDs, ranges, or variables used when no RADIUS VLAN match is returned
- enabled Boolean
- Requires
vlanEnabled==trueto be set totrue. Whether to enable dynamic vlan - local
Vlan List<String>Ids - VLAN IDs that should be locally bridged for dynamic VLAN assignment
- type String
- Dynamic VLAN mapping method used for RADIUS-provided VLAN attributes
- vlans Map<String>
- Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping
- if
dynamic_vlan.type==standard, property key is the VLAN ID and property value is "" - if
dynamic_vlan.type==airespace-interface-name, property key is the VLAN ID and property value is the Airespace Interface Name
- if
WlanHotspot20, WlanHotspot20Args
- Domain
Names List<string> - Advertised domain names for Hotspot 2.0 clients
- Enabled bool
- Whether to enable hotspot 2.0 config
- Nai
Realms List<string> - NAI realms advertised for Hotspot 2.0 authentication
- Operators List<string>
- Operator profiles supported by this Hotspot 2.0 configuration
- Rcois List<string>
- Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
- Venue
Name string - Venue name, default is site name
- Domain
Names []string - Advertised domain names for Hotspot 2.0 clients
- Enabled bool
- Whether to enable hotspot 2.0 config
- Nai
Realms []string - NAI realms advertised for Hotspot 2.0 authentication
- Operators []string
- Operator profiles supported by this Hotspot 2.0 configuration
- Rcois []string
- Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
- Venue
Name string - Venue name, default is site name
- domain_
names list(string) - Advertised domain names for Hotspot 2.0 clients
- enabled bool
- Whether to enable hotspot 2.0 config
- nai_
realms list(string) - NAI realms advertised for Hotspot 2.0 authentication
- operators list(string)
- Operator profiles supported by this Hotspot 2.0 configuration
- rcois list(string)
- Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
- venue_
name string - Venue name, default is site name
- domain
Names List<String> - Advertised domain names for Hotspot 2.0 clients
- enabled Boolean
- Whether to enable hotspot 2.0 config
- nai
Realms List<String> - NAI realms advertised for Hotspot 2.0 authentication
- operators List<String>
- Operator profiles supported by this Hotspot 2.0 configuration
- rcois List<String>
- Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
- venue
Name String - Venue name, default is site name
- domain
Names string[] - Advertised domain names for Hotspot 2.0 clients
- enabled boolean
- Whether to enable hotspot 2.0 config
- nai
Realms string[] - NAI realms advertised for Hotspot 2.0 authentication
- operators string[]
- Operator profiles supported by this Hotspot 2.0 configuration
- rcois string[]
- Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
- venue
Name string - Venue name, default is site name
- domain_
names Sequence[str] - Advertised domain names for Hotspot 2.0 clients
- enabled bool
- Whether to enable hotspot 2.0 config
- nai_
realms Sequence[str] - NAI realms advertised for Hotspot 2.0 authentication
- operators Sequence[str]
- Operator profiles supported by this Hotspot 2.0 configuration
- rcois Sequence[str]
- Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
- venue_
name str - Venue name, default is site name
- domain
Names List<String> - Advertised domain names for Hotspot 2.0 clients
- enabled Boolean
- Whether to enable hotspot 2.0 config
- nai
Realms List<String> - NAI realms advertised for Hotspot 2.0 authentication
- operators List<String>
- Operator profiles supported by this Hotspot 2.0 configuration
- rcois List<String>
- Roaming Consortium Organization Identifiers advertised for Hotspot 2.0
- venue
Name String - Venue name, default is site name
WlanInjectDhcpOption82, WlanInjectDhcpOption82Args
- Circuit
Id string - Information to set in the
circuitIdfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- Enabled bool
- Whether to inject option 82 when forwarding DHCP packets
- Circuit
Id string - Information to set in the
circuitIdfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- Enabled bool
- Whether to inject option 82 when forwarding DHCP packets
- circuit_
id string - Information to set in the
circuitIdfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- enabled bool
- Whether to inject option 82 when forwarding DHCP packets
- circuit
Id String - Information to set in the
circuitIdfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- enabled Boolean
- Whether to inject option 82 when forwarding DHCP packets
- circuit
Id string - Information to set in the
circuitIdfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- enabled boolean
- Whether to inject option 82 when forwarding DHCP packets
- circuit_
id str - Information to set in the
circuitIdfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- enabled bool
- Whether to inject option 82 when forwarding DHCP packets
- circuit
Id String - Information to set in the
circuitIdfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
- enabled Boolean
- Whether to inject option 82 when forwarding DHCP packets
WlanMistNac, WlanMistNacArgs
- Acct
Interim intInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
- Auth
Servers intRetries - RADIUS auth session retries. Following fast timers are set if
fastDot1xTimersknob is enabled. "retries" are set to value ofauthServersTimeout. "max-requests" is also set when settingauthServersRetriesis set to default value to 3. - Auth
Servers intTimeout - RADIUS auth session timeout. Following fast timers are set if
fastDot1xTimersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauthServersTimeout. "supplicant-timeout" is also set when settingauthServersTimeoutis set to default value of 10. - Coa
Enabled bool - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- Coa
Port int - the communication port used for “Change of Authorization” (CoA) messages
- Enabled bool
- When enabled:
authServersis ignoredacctServersis ignoredauth_servers_*are ignoredcoaServersis ignoredradsecis ignoredcoaEnabledis assumed
- Fast
Dot1x boolTimers - If set to true, sets default fast-timers with values calculated from
authServersTimeoutandauthServerRetries. - Network string
- Which network the mist nac server resides in
- Source
Ip string - In case there is a static IP for this network, we can specify it using source ip
- Acct
Interim intInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
- Auth
Servers intRetries - RADIUS auth session retries. Following fast timers are set if
fastDot1xTimersknob is enabled. "retries" are set to value ofauthServersTimeout. "max-requests" is also set when settingauthServersRetriesis set to default value to 3. - Auth
Servers intTimeout - RADIUS auth session timeout. Following fast timers are set if
fastDot1xTimersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauthServersTimeout. "supplicant-timeout" is also set when settingauthServersTimeoutis set to default value of 10. - Coa
Enabled bool - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- Coa
Port int - the communication port used for “Change of Authorization” (CoA) messages
- Enabled bool
- When enabled:
authServersis ignoredacctServersis ignoredauth_servers_*are ignoredcoaServersis ignoredradsecis ignoredcoaEnabledis assumed
- Fast
Dot1x boolTimers - If set to true, sets default fast-timers with values calculated from
authServersTimeoutandauthServerRetries. - Network string
- Which network the mist nac server resides in
- Source
Ip string - In case there is a static IP for this network, we can specify it using source ip
- acct_
interim_ numberinterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
- auth_
servers_ numberretries - RADIUS auth session retries. Following fast timers are set if
fastDot1xTimersknob is enabled. "retries" are set to value ofauthServersTimeout. "max-requests" is also set when settingauthServersRetriesis set to default value to 3. - auth_
servers_ numbertimeout - RADIUS auth session timeout. Following fast timers are set if
fastDot1xTimersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauthServersTimeout. "supplicant-timeout" is also set when settingauthServersTimeoutis set to default value of 10. - coa_
enabled bool - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- coa_
port number - the communication port used for “Change of Authorization” (CoA) messages
- enabled bool
- When enabled:
authServersis ignoredacctServersis ignoredauth_servers_*are ignoredcoaServersis ignoredradsecis ignoredcoaEnabledis assumed
- fast_
dot1x_ booltimers - If set to true, sets default fast-timers with values calculated from
authServersTimeoutandauthServerRetries. - network string
- Which network the mist nac server resides in
- source_
ip string - In case there is a static IP for this network, we can specify it using source ip
- acct
Interim IntegerInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
- auth
Servers IntegerRetries - RADIUS auth session retries. Following fast timers are set if
fastDot1xTimersknob is enabled. "retries" are set to value ofauthServersTimeout. "max-requests" is also set when settingauthServersRetriesis set to default value to 3. - auth
Servers IntegerTimeout - RADIUS auth session timeout. Following fast timers are set if
fastDot1xTimersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauthServersTimeout. "supplicant-timeout" is also set when settingauthServersTimeoutis set to default value of 10. - coa
Enabled Boolean - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- coa
Port Integer - the communication port used for “Change of Authorization” (CoA) messages
- enabled Boolean
- When enabled:
authServersis ignoredacctServersis ignoredauth_servers_*are ignoredcoaServersis ignoredradsecis ignoredcoaEnabledis assumed
- fast
Dot1x BooleanTimers - If set to true, sets default fast-timers with values calculated from
authServersTimeoutandauthServerRetries. - network String
- Which network the mist nac server resides in
- source
Ip String - In case there is a static IP for this network, we can specify it using source ip
- acct
Interim numberInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
- auth
Servers numberRetries - RADIUS auth session retries. Following fast timers are set if
fastDot1xTimersknob is enabled. "retries" are set to value ofauthServersTimeout. "max-requests" is also set when settingauthServersRetriesis set to default value to 3. - auth
Servers numberTimeout - RADIUS auth session timeout. Following fast timers are set if
fastDot1xTimersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauthServersTimeout. "supplicant-timeout" is also set when settingauthServersTimeoutis set to default value of 10. - coa
Enabled boolean - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- coa
Port number - the communication port used for “Change of Authorization” (CoA) messages
- enabled boolean
- When enabled:
authServersis ignoredacctServersis ignoredauth_servers_*are ignoredcoaServersis ignoredradsecis ignoredcoaEnabledis assumed
- fast
Dot1x booleanTimers - If set to true, sets default fast-timers with values calculated from
authServersTimeoutandauthServerRetries. - network string
- Which network the mist nac server resides in
- source
Ip string - In case there is a static IP for this network, we can specify it using source ip
- acct_
interim_ intinterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
- auth_
servers_ intretries - RADIUS auth session retries. Following fast timers are set if
fastDot1xTimersknob is enabled. "retries" are set to value ofauthServersTimeout. "max-requests" is also set when settingauthServersRetriesis set to default value to 3. - auth_
servers_ inttimeout - RADIUS auth session timeout. Following fast timers are set if
fastDot1xTimersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauthServersTimeout. "supplicant-timeout" is also set when settingauthServersTimeoutis set to default value of 10. - coa_
enabled bool - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- coa_
port int - the communication port used for “Change of Authorization” (CoA) messages
- enabled bool
- When enabled:
authServersis ignoredacctServersis ignoredauth_servers_*are ignoredcoaServersis ignoredradsecis ignoredcoaEnabledis assumed
- fast_
dot1x_ booltimers - If set to true, sets default fast-timers with values calculated from
authServersTimeoutandauthServerRetries. - network str
- Which network the mist nac server resides in
- source_
ip str - In case there is a static IP for this network, we can specify it using source ip
- acct
Interim NumberInterval - How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the RADIUS server, 600 and up is recommended when enabled.
- auth
Servers NumberRetries - RADIUS auth session retries. Following fast timers are set if
fastDot1xTimersknob is enabled. "retries" are set to value ofauthServersTimeout. "max-requests" is also set when settingauthServersRetriesis set to default value to 3. - auth
Servers NumberTimeout - RADIUS auth session timeout. Following fast timers are set if
fastDot1xTimersknob is enabled. "quite-period" and "transmit-period" are set to half the value ofauthServersTimeout. "supplicant-timeout" is also set when settingauthServersTimeoutis set to default value of 10. - coa
Enabled Boolean - Allows a RADIUS server to dynamically modify the authorization status of a user session.
- coa
Port Number - the communication port used for “Change of Authorization” (CoA) messages
- enabled Boolean
- When enabled:
authServersis ignoredacctServersis ignoredauth_servers_*are ignoredcoaServersis ignoredradsecis ignoredcoaEnabledis assumed
- fast
Dot1x BooleanTimers - If set to true, sets default fast-timers with values calculated from
authServersTimeoutandauthServerRetries. - network String
- Which network the mist nac server resides in
- source
Ip String - In case there is a static IP for this network, we can specify it using source ip
WlanPortal, WlanPortalArgs
- Allow
Wlan boolId Roam - Optional if
amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming) - Amazon
Client stringId - Optional if
amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - Amazon
Client stringSecret - Optional if
amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank. - Amazon
Email List<string>Domains - Optional if
amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed. - Amazon
Enabled bool - Whether amazon is enabled as a login method
- Amazon
Expire int - Optional if
amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - Auth string
- Guest portal login scheme used by the WLAN
- Azure
Client stringId - Required if
azureEnabled==true. Azure active directory app client id - Azure
Client stringSecret - Required if
azureEnabled==true. Azure active directory app client secret - Azure
Enabled bool - Whether Azure Active Directory is enabled as a login method
- Azure
Expire int - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- Azure
Tenant stringId - Required if
azureEnabled==true. Azure active directory tenant id. - Broadnet
Password string - Required if
smsProvider==broadnet. Password for the Broadnet SMS provider account - Broadnet
Sid string - Required if
smsProvider==broadnet. SID for the Broadnet SMS provider account - Broadnet
User stringId - Required if
smsProvider==broadnet. User ID for the Broadnet SMS provider account - Bypass
When boolCloud Down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- Clickatell
Api stringKey - Required if
smsProvider==clickatell. API key for the Clickatell SMS provider account - Cross
Site bool - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming) - Email
Enabled bool - Whether email (access code verification) is enabled as a login method
- Enabled bool
- Whether guest portal is enabled
- Expire int
- How long to remain authorized, in minutes
- External
Portal stringUrl - Required if
wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - Facebook
Client stringId - Required if
facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - Facebook
Client stringSecret - Required if
facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank. - Facebook
Email List<string>Domains - Optional if
facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed. - Facebook
Enabled bool - Whether facebook is enabled as a login method
- Facebook
Expire int - Optional if
facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - Forward bool
- Whether to forward the user to another URL after authorized
- Forward
Url string - URL to forward the user to
- Google
Client stringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- Google
Client stringSecret - Optional if
googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank. - Google
Email List<string>Domains - Optional if
googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed. - Google
Enabled bool - Whether Google is enabled as login method
- Google
Expire int - Optional if
googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - Gupshup
Password string - Required if
smsProvider==gupshup. Password for the Gupshup SMS provider account - Gupshup
Userid string - Required if
smsProvider==gupshup. User ID for the Gupshup SMS provider account - Microsoft
Client stringId - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - Microsoft
Client stringSecret - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank. - Microsoft
Email List<string>Domains - Optional if
microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed. - Microsoft
Enabled bool - Whether microsoft 365 is enabled as a login method
- Microsoft
Expire int - Optional if
microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - Passphrase
Enabled bool - Whether password is enabled
- Passphrase
Expire int - Optional if
passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - Password string
- Required if
passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled - Predefined
Sponsors boolEnabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsorNotifyAllandpredefinedSponsorsEnabledare false, behavior is acc tosponsorEmailDomains - Predefined
Sponsors boolHide Email - Whether to hide sponsor’s email from list of sponsors
- Privacy bool
- Whether to show the privacy policy in the WLAN guest portal
- Puzzel
Password string - Required if
smsProvider==puzzel. Password for the Puzzel SMS provider account - Puzzel
Service stringId - Required if
smsProvider==puzzel. Service ID for the Puzzel SMS provider account - Puzzel
Username string - Required if
smsProvider==puzzel. Username for the Puzzel SMS provider account - Sms
Enabled bool - Whether sms is enabled as a login method
- Sms
Expire int - Optional if
smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - Sms
Message stringFormat - Optional if
smsEnabled==true. SMS Message format - Sms
Provider string - Optional if
smsEnabled==true. SMS provider used to deliver guest portal access codes - Smsglobal
Api stringKey - Required if
smsProvider==smsglobal, Client API Key - Smsglobal
Api stringSecret - Required if
smsProvider==smsglobal, Client secret - Smsglobal
Sender string - Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
- Sponsor
Auto boolApprove - Optional if
sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled - Sponsor
Email List<string>Domains - Email domains allowed for sponsor email addresses. Required if
sponsorEnabledistrueandsponsorsis empty. - Sponsor
Enabled bool - Whether sponsor is enabled
- Sponsor
Expire int - Optional if
sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - Sponsor
Link stringValidity Duration - Optional if
sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - Sponsor
Notify boolAll - Optional if
sponsorEnabled==true. whether to notify all sponsors that are mentioned insponsorsobject. BothsponsorNotifyAllandpredefinedSponsorsEnabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - Sponsor
Status boolNotify - Optional if
sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - Sponsors Dictionary<string, string>
- object of allowed sponsors email with name. Required if
sponsorEnabledistrueandsponsorEmailDomainsis empty.Property key is the sponsor email, Property value is the sponsor name - Sso
Default stringRole - Optional if
wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - Sso
Forced stringRole - Optional if
wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used - Sso
Idp stringCert - Required if
wlanPortalAuth==sso. IDP Cert (used to verify the signed response) - Sso
Idp stringSign Algo - Optional if
wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider - Sso
Idp stringSso Url - Required if
wlanPortalAuth==sso, IDP Single-Sign-On URL - Sso
Issuer string - Required if
wlanPortalAuth==sso, IDP issuer URL - Sso
Nameid stringFormat - Optional if
wlanPortalAuth==sso. SAML NameID format expected from the identity provider - Telstra
Client stringId - Required if
smsProvider==telstra, Client ID provided by Telstra - Telstra
Client stringSecret - Required if
smsProvider==telstra, Client secret provided by Telstra - Twilio
Auth stringToken - Required if
smsProvider==twilio, Auth token account with twilio account - Twilio
Phone stringNumber - Required if
smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format. - Twilio
Sid string - Required if
smsProvider==twilio, Account SID provided by Twilio
- Allow
Wlan boolId Roam - Optional if
amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming) - Amazon
Client stringId - Optional if
amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - Amazon
Client stringSecret - Optional if
amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank. - Amazon
Email []stringDomains - Optional if
amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed. - Amazon
Enabled bool - Whether amazon is enabled as a login method
- Amazon
Expire int - Optional if
amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - Auth string
- Guest portal login scheme used by the WLAN
- Azure
Client stringId - Required if
azureEnabled==true. Azure active directory app client id - Azure
Client stringSecret - Required if
azureEnabled==true. Azure active directory app client secret - Azure
Enabled bool - Whether Azure Active Directory is enabled as a login method
- Azure
Expire int - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- Azure
Tenant stringId - Required if
azureEnabled==true. Azure active directory tenant id. - Broadnet
Password string - Required if
smsProvider==broadnet. Password for the Broadnet SMS provider account - Broadnet
Sid string - Required if
smsProvider==broadnet. SID for the Broadnet SMS provider account - Broadnet
User stringId - Required if
smsProvider==broadnet. User ID for the Broadnet SMS provider account - Bypass
When boolCloud Down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- Clickatell
Api stringKey - Required if
smsProvider==clickatell. API key for the Clickatell SMS provider account - Cross
Site bool - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming) - Email
Enabled bool - Whether email (access code verification) is enabled as a login method
- Enabled bool
- Whether guest portal is enabled
- Expire int
- How long to remain authorized, in minutes
- External
Portal stringUrl - Required if
wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - Facebook
Client stringId - Required if
facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - Facebook
Client stringSecret - Required if
facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank. - Facebook
Email []stringDomains - Optional if
facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed. - Facebook
Enabled bool - Whether facebook is enabled as a login method
- Facebook
Expire int - Optional if
facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - Forward bool
- Whether to forward the user to another URL after authorized
- Forward
Url string - URL to forward the user to
- Google
Client stringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- Google
Client stringSecret - Optional if
googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank. - Google
Email []stringDomains - Optional if
googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed. - Google
Enabled bool - Whether Google is enabled as login method
- Google
Expire int - Optional if
googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - Gupshup
Password string - Required if
smsProvider==gupshup. Password for the Gupshup SMS provider account - Gupshup
Userid string - Required if
smsProvider==gupshup. User ID for the Gupshup SMS provider account - Microsoft
Client stringId - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - Microsoft
Client stringSecret - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank. - Microsoft
Email []stringDomains - Optional if
microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed. - Microsoft
Enabled bool - Whether microsoft 365 is enabled as a login method
- Microsoft
Expire int - Optional if
microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - Passphrase
Enabled bool - Whether password is enabled
- Passphrase
Expire int - Optional if
passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - Password string
- Required if
passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled - Predefined
Sponsors boolEnabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsorNotifyAllandpredefinedSponsorsEnabledare false, behavior is acc tosponsorEmailDomains - Predefined
Sponsors boolHide Email - Whether to hide sponsor’s email from list of sponsors
- Privacy bool
- Whether to show the privacy policy in the WLAN guest portal
- Puzzel
Password string - Required if
smsProvider==puzzel. Password for the Puzzel SMS provider account - Puzzel
Service stringId - Required if
smsProvider==puzzel. Service ID for the Puzzel SMS provider account - Puzzel
Username string - Required if
smsProvider==puzzel. Username for the Puzzel SMS provider account - Sms
Enabled bool - Whether sms is enabled as a login method
- Sms
Expire int - Optional if
smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - Sms
Message stringFormat - Optional if
smsEnabled==true. SMS Message format - Sms
Provider string - Optional if
smsEnabled==true. SMS provider used to deliver guest portal access codes - Smsglobal
Api stringKey - Required if
smsProvider==smsglobal, Client API Key - Smsglobal
Api stringSecret - Required if
smsProvider==smsglobal, Client secret - Smsglobal
Sender string - Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
- Sponsor
Auto boolApprove - Optional if
sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled - Sponsor
Email []stringDomains - Email domains allowed for sponsor email addresses. Required if
sponsorEnabledistrueandsponsorsis empty. - Sponsor
Enabled bool - Whether sponsor is enabled
- Sponsor
Expire int - Optional if
sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - Sponsor
Link stringValidity Duration - Optional if
sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - Sponsor
Notify boolAll - Optional if
sponsorEnabled==true. whether to notify all sponsors that are mentioned insponsorsobject. BothsponsorNotifyAllandpredefinedSponsorsEnabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - Sponsor
Status boolNotify - Optional if
sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - Sponsors map[string]string
- object of allowed sponsors email with name. Required if
sponsorEnabledistrueandsponsorEmailDomainsis empty.Property key is the sponsor email, Property value is the sponsor name - Sso
Default stringRole - Optional if
wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - Sso
Forced stringRole - Optional if
wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used - Sso
Idp stringCert - Required if
wlanPortalAuth==sso. IDP Cert (used to verify the signed response) - Sso
Idp stringSign Algo - Optional if
wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider - Sso
Idp stringSso Url - Required if
wlanPortalAuth==sso, IDP Single-Sign-On URL - Sso
Issuer string - Required if
wlanPortalAuth==sso, IDP issuer URL - Sso
Nameid stringFormat - Optional if
wlanPortalAuth==sso. SAML NameID format expected from the identity provider - Telstra
Client stringId - Required if
smsProvider==telstra, Client ID provided by Telstra - Telstra
Client stringSecret - Required if
smsProvider==telstra, Client secret provided by Telstra - Twilio
Auth stringToken - Required if
smsProvider==twilio, Auth token account with twilio account - Twilio
Phone stringNumber - Required if
smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format. - Twilio
Sid string - Required if
smsProvider==twilio, Account SID provided by Twilio
- allow_
wlan_ boolid_ roam - Optional if
amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming) - amazon_
client_ stringid - Optional if
amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - amazon_
client_ stringsecret - Optional if
amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank. - amazon_
email_ list(string)domains - Optional if
amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed. - amazon_
enabled bool - Whether amazon is enabled as a login method
- amazon_
expire number - Optional if
amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - auth string
- Guest portal login scheme used by the WLAN
- azure_
client_ stringid - Required if
azureEnabled==true. Azure active directory app client id - azure_
client_ stringsecret - Required if
azureEnabled==true. Azure active directory app client secret - azure_
enabled bool - Whether Azure Active Directory is enabled as a login method
- azure_
expire number - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure_
tenant_ stringid - Required if
azureEnabled==true. Azure active directory tenant id. - broadnet_
password string - Required if
smsProvider==broadnet. Password for the Broadnet SMS provider account - broadnet_
sid string - Required if
smsProvider==broadnet. SID for the Broadnet SMS provider account - broadnet_
user_ stringid - Required if
smsProvider==broadnet. User ID for the Broadnet SMS provider account - bypass_
when_ boolcloud_ down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell_
api_ stringkey - Required if
smsProvider==clickatell. API key for the Clickatell SMS provider account - cross_
site bool - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming) - email_
enabled bool - Whether email (access code verification) is enabled as a login method
- enabled bool
- Whether guest portal is enabled
- expire number
- How long to remain authorized, in minutes
- external_
portal_ stringurl - Required if
wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - facebook_
client_ stringid - Required if
facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook_
client_ stringsecret - Required if
facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank. - facebook_
email_ list(string)domains - Optional if
facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed. - facebook_
enabled bool - Whether facebook is enabled as a login method
- facebook_
expire number - Optional if
facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - forward bool
- Whether to forward the user to another URL after authorized
- forward_
url string - URL to forward the user to
- google_
client_ stringid - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google_
client_ stringsecret - Optional if
googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank. - google_
email_ list(string)domains - Optional if
googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed. - google_
enabled bool - Whether Google is enabled as login method
- google_
expire number - Optional if
googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - gupshup_
password string - Required if
smsProvider==gupshup. Password for the Gupshup SMS provider account - gupshup_
userid string - Required if
smsProvider==gupshup. User ID for the Gupshup SMS provider account - microsoft_
client_ stringid - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - microsoft_
client_ stringsecret - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank. - microsoft_
email_ list(string)domains - Optional if
microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed. - microsoft_
enabled bool - Whether microsoft 365 is enabled as a login method
- microsoft_
expire number - Optional if
microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - passphrase_
enabled bool - Whether password is enabled
- passphrase_
expire number - Optional if
passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - password string
- Required if
passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled - predefined_
sponsors_ boolenabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsorNotifyAllandpredefinedSponsorsEnabledare false, behavior is acc tosponsorEmailDomains - predefined_
sponsors_ boolhide_ email - Whether to hide sponsor’s email from list of sponsors
- privacy bool
- Whether to show the privacy policy in the WLAN guest portal
- puzzel_
password string - Required if
smsProvider==puzzel. Password for the Puzzel SMS provider account - puzzel_
service_ stringid - Required if
smsProvider==puzzel. Service ID for the Puzzel SMS provider account - puzzel_
username string - Required if
smsProvider==puzzel. Username for the Puzzel SMS provider account - sms_
enabled bool - Whether sms is enabled as a login method
- sms_
expire number - Optional if
smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - sms_
message_ stringformat - Optional if
smsEnabled==true. SMS Message format - sms_
provider string - Optional if
smsEnabled==true. SMS provider used to deliver guest portal access codes - smsglobal_
api_ stringkey - Required if
smsProvider==smsglobal, Client API Key - smsglobal_
api_ stringsecret - Required if
smsProvider==smsglobal, Client secret - smsglobal_
sender string - Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
- sponsor_
auto_ boolapprove - Optional if
sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled - sponsor_
email_ list(string)domains - Email domains allowed for sponsor email addresses. Required if
sponsorEnabledistrueandsponsorsis empty. - sponsor_
enabled bool - Whether sponsor is enabled
- sponsor_
expire number - Optional if
sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - sponsor_
link_ stringvalidity_ duration - Optional if
sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - sponsor_
notify_ boolall - Optional if
sponsorEnabled==true. whether to notify all sponsors that are mentioned insponsorsobject. BothsponsorNotifyAllandpredefinedSponsorsEnabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor_
status_ boolnotify - Optional if
sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - sponsors map(string)
- object of allowed sponsors email with name. Required if
sponsorEnabledistrueandsponsorEmailDomainsis empty.Property key is the sponsor email, Property value is the sponsor name - sso_
default_ stringrole - Optional if
wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - sso_
forced_ stringrole - Optional if
wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used - sso_
idp_ stringcert - Required if
wlanPortalAuth==sso. IDP Cert (used to verify the signed response) - sso_
idp_ stringsign_ algo - Optional if
wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider - sso_
idp_ stringsso_ url - Required if
wlanPortalAuth==sso, IDP Single-Sign-On URL - sso_
issuer string - Required if
wlanPortalAuth==sso, IDP issuer URL - sso_
nameid_ stringformat - Optional if
wlanPortalAuth==sso. SAML NameID format expected from the identity provider - telstra_
client_ stringid - Required if
smsProvider==telstra, Client ID provided by Telstra - telstra_
client_ stringsecret - Required if
smsProvider==telstra, Client secret provided by Telstra - twilio_
auth_ stringtoken - Required if
smsProvider==twilio, Auth token account with twilio account - twilio_
phone_ stringnumber - Required if
smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format. - twilio_
sid string - Required if
smsProvider==twilio, Account SID provided by Twilio
- allow
Wlan BooleanId Roam - Optional if
amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming) - amazon
Client StringId - Optional if
amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - amazon
Client StringSecret - Optional if
amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank. - amazon
Email List<String>Domains - Optional if
amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed. - amazon
Enabled Boolean - Whether amazon is enabled as a login method
- amazon
Expire Integer - Optional if
amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - auth String
- Guest portal login scheme used by the WLAN
- azure
Client StringId - Required if
azureEnabled==true. Azure active directory app client id - azure
Client StringSecret - Required if
azureEnabled==true. Azure active directory app client secret - azure
Enabled Boolean - Whether Azure Active Directory is enabled as a login method
- azure
Expire Integer - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure
Tenant StringId - Required if
azureEnabled==true. Azure active directory tenant id. - broadnet
Password String - Required if
smsProvider==broadnet. Password for the Broadnet SMS provider account - broadnet
Sid String - Required if
smsProvider==broadnet. SID for the Broadnet SMS provider account - broadnet
User StringId - Required if
smsProvider==broadnet. User ID for the Broadnet SMS provider account - bypass
When BooleanCloud Down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell
Api StringKey - Required if
smsProvider==clickatell. API key for the Clickatell SMS provider account - cross
Site Boolean - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming) - email
Enabled Boolean - Whether email (access code verification) is enabled as a login method
- enabled Boolean
- Whether guest portal is enabled
- expire Integer
- How long to remain authorized, in minutes
- external
Portal StringUrl - Required if
wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - facebook
Client StringId - Required if
facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook
Client StringSecret - Required if
facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank. - facebook
Email List<String>Domains - Optional if
facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed. - facebook
Enabled Boolean - Whether facebook is enabled as a login method
- facebook
Expire Integer - Optional if
facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - forward Boolean
- Whether to forward the user to another URL after authorized
- forward
Url String - URL to forward the user to
- google
Client StringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google
Client StringSecret - Optional if
googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank. - google
Email List<String>Domains - Optional if
googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed. - google
Enabled Boolean - Whether Google is enabled as login method
- google
Expire Integer - Optional if
googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - gupshup
Password String - Required if
smsProvider==gupshup. Password for the Gupshup SMS provider account - gupshup
Userid String - Required if
smsProvider==gupshup. User ID for the Gupshup SMS provider account - microsoft
Client StringId - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - microsoft
Client StringSecret - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank. - microsoft
Email List<String>Domains - Optional if
microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed. - microsoft
Enabled Boolean - Whether microsoft 365 is enabled as a login method
- microsoft
Expire Integer - Optional if
microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - passphrase
Enabled Boolean - Whether password is enabled
- passphrase
Expire Integer - Optional if
passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - password String
- Required if
passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled - predefined
Sponsors BooleanEnabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsorNotifyAllandpredefinedSponsorsEnabledare false, behavior is acc tosponsorEmailDomains - predefined
Sponsors BooleanHide Email - Whether to hide sponsor’s email from list of sponsors
- privacy Boolean
- Whether to show the privacy policy in the WLAN guest portal
- puzzel
Password String - Required if
smsProvider==puzzel. Password for the Puzzel SMS provider account - puzzel
Service StringId - Required if
smsProvider==puzzel. Service ID for the Puzzel SMS provider account - puzzel
Username String - Required if
smsProvider==puzzel. Username for the Puzzel SMS provider account - sms
Enabled Boolean - Whether sms is enabled as a login method
- sms
Expire Integer - Optional if
smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - sms
Message StringFormat - Optional if
smsEnabled==true. SMS Message format - sms
Provider String - Optional if
smsEnabled==true. SMS provider used to deliver guest portal access codes - smsglobal
Api StringKey - Required if
smsProvider==smsglobal, Client API Key - smsglobal
Api StringSecret - Required if
smsProvider==smsglobal, Client secret - smsglobal
Sender String - Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
- sponsor
Auto BooleanApprove - Optional if
sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled - sponsor
Email List<String>Domains - Email domains allowed for sponsor email addresses. Required if
sponsorEnabledistrueandsponsorsis empty. - sponsor
Enabled Boolean - Whether sponsor is enabled
- sponsor
Expire Integer - Optional if
sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - sponsor
Link StringValidity Duration - Optional if
sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - sponsor
Notify BooleanAll - Optional if
sponsorEnabled==true. whether to notify all sponsors that are mentioned insponsorsobject. BothsponsorNotifyAllandpredefinedSponsorsEnabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor
Status BooleanNotify - Optional if
sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - sponsors Map<String,String>
- object of allowed sponsors email with name. Required if
sponsorEnabledistrueandsponsorEmailDomainsis empty.Property key is the sponsor email, Property value is the sponsor name - sso
Default StringRole - Optional if
wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - sso
Forced StringRole - Optional if
wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used - sso
Idp StringCert - Required if
wlanPortalAuth==sso. IDP Cert (used to verify the signed response) - sso
Idp StringSign Algo - Optional if
wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider - sso
Idp StringSso Url - Required if
wlanPortalAuth==sso, IDP Single-Sign-On URL - sso
Issuer String - Required if
wlanPortalAuth==sso, IDP issuer URL - sso
Nameid StringFormat - Optional if
wlanPortalAuth==sso. SAML NameID format expected from the identity provider - telstra
Client StringId - Required if
smsProvider==telstra, Client ID provided by Telstra - telstra
Client StringSecret - Required if
smsProvider==telstra, Client secret provided by Telstra - twilio
Auth StringToken - Required if
smsProvider==twilio, Auth token account with twilio account - twilio
Phone StringNumber - Required if
smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format. - twilio
Sid String - Required if
smsProvider==twilio, Account SID provided by Twilio
- allow
Wlan booleanId Roam - Optional if
amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming) - amazon
Client stringId - Optional if
amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - amazon
Client stringSecret - Optional if
amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank. - amazon
Email string[]Domains - Optional if
amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed. - amazon
Enabled boolean - Whether amazon is enabled as a login method
- amazon
Expire number - Optional if
amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - auth string
- Guest portal login scheme used by the WLAN
- azure
Client stringId - Required if
azureEnabled==true. Azure active directory app client id - azure
Client stringSecret - Required if
azureEnabled==true. Azure active directory app client secret - azure
Enabled boolean - Whether Azure Active Directory is enabled as a login method
- azure
Expire number - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure
Tenant stringId - Required if
azureEnabled==true. Azure active directory tenant id. - broadnet
Password string - Required if
smsProvider==broadnet. Password for the Broadnet SMS provider account - broadnet
Sid string - Required if
smsProvider==broadnet. SID for the Broadnet SMS provider account - broadnet
User stringId - Required if
smsProvider==broadnet. User ID for the Broadnet SMS provider account - bypass
When booleanCloud Down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell
Api stringKey - Required if
smsProvider==clickatell. API key for the Clickatell SMS provider account - cross
Site boolean - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming) - email
Enabled boolean - Whether email (access code verification) is enabled as a login method
- enabled boolean
- Whether guest portal is enabled
- expire number
- How long to remain authorized, in minutes
- external
Portal stringUrl - Required if
wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - facebook
Client stringId - Required if
facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook
Client stringSecret - Required if
facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank. - facebook
Email string[]Domains - Optional if
facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed. - facebook
Enabled boolean - Whether facebook is enabled as a login method
- facebook
Expire number - Optional if
facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - forward boolean
- Whether to forward the user to another URL after authorized
- forward
Url string - URL to forward the user to
- google
Client stringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google
Client stringSecret - Optional if
googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank. - google
Email string[]Domains - Optional if
googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed. - google
Enabled boolean - Whether Google is enabled as login method
- google
Expire number - Optional if
googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - gupshup
Password string - Required if
smsProvider==gupshup. Password for the Gupshup SMS provider account - gupshup
Userid string - Required if
smsProvider==gupshup. User ID for the Gupshup SMS provider account - microsoft
Client stringId - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - microsoft
Client stringSecret - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank. - microsoft
Email string[]Domains - Optional if
microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed. - microsoft
Enabled boolean - Whether microsoft 365 is enabled as a login method
- microsoft
Expire number - Optional if
microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - passphrase
Enabled boolean - Whether password is enabled
- passphrase
Expire number - Optional if
passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - password string
- Required if
passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled - predefined
Sponsors booleanEnabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsorNotifyAllandpredefinedSponsorsEnabledare false, behavior is acc tosponsorEmailDomains - predefined
Sponsors booleanHide Email - Whether to hide sponsor’s email from list of sponsors
- privacy boolean
- Whether to show the privacy policy in the WLAN guest portal
- puzzel
Password string - Required if
smsProvider==puzzel. Password for the Puzzel SMS provider account - puzzel
Service stringId - Required if
smsProvider==puzzel. Service ID for the Puzzel SMS provider account - puzzel
Username string - Required if
smsProvider==puzzel. Username for the Puzzel SMS provider account - sms
Enabled boolean - Whether sms is enabled as a login method
- sms
Expire number - Optional if
smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - sms
Message stringFormat - Optional if
smsEnabled==true. SMS Message format - sms
Provider string - Optional if
smsEnabled==true. SMS provider used to deliver guest portal access codes - smsglobal
Api stringKey - Required if
smsProvider==smsglobal, Client API Key - smsglobal
Api stringSecret - Required if
smsProvider==smsglobal, Client secret - smsglobal
Sender string - Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
- sponsor
Auto booleanApprove - Optional if
sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled - sponsor
Email string[]Domains - Email domains allowed for sponsor email addresses. Required if
sponsorEnabledistrueandsponsorsis empty. - sponsor
Enabled boolean - Whether sponsor is enabled
- sponsor
Expire number - Optional if
sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - sponsor
Link stringValidity Duration - Optional if
sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - sponsor
Notify booleanAll - Optional if
sponsorEnabled==true. whether to notify all sponsors that are mentioned insponsorsobject. BothsponsorNotifyAllandpredefinedSponsorsEnabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor
Status booleanNotify - Optional if
sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - sponsors {[key: string]: string}
- object of allowed sponsors email with name. Required if
sponsorEnabledistrueandsponsorEmailDomainsis empty.Property key is the sponsor email, Property value is the sponsor name - sso
Default stringRole - Optional if
wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - sso
Forced stringRole - Optional if
wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used - sso
Idp stringCert - Required if
wlanPortalAuth==sso. IDP Cert (used to verify the signed response) - sso
Idp stringSign Algo - Optional if
wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider - sso
Idp stringSso Url - Required if
wlanPortalAuth==sso, IDP Single-Sign-On URL - sso
Issuer string - Required if
wlanPortalAuth==sso, IDP issuer URL - sso
Nameid stringFormat - Optional if
wlanPortalAuth==sso. SAML NameID format expected from the identity provider - telstra
Client stringId - Required if
smsProvider==telstra, Client ID provided by Telstra - telstra
Client stringSecret - Required if
smsProvider==telstra, Client secret provided by Telstra - twilio
Auth stringToken - Required if
smsProvider==twilio, Auth token account with twilio account - twilio
Phone stringNumber - Required if
smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format. - twilio
Sid string - Required if
smsProvider==twilio, Account SID provided by Twilio
- allow_
wlan_ boolid_ roam - Optional if
amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming) - amazon_
client_ strid - Optional if
amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - amazon_
client_ strsecret - Optional if
amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank. - amazon_
email_ Sequence[str]domains - Optional if
amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed. - amazon_
enabled bool - Whether amazon is enabled as a login method
- amazon_
expire int - Optional if
amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - auth str
- Guest portal login scheme used by the WLAN
- azure_
client_ strid - Required if
azureEnabled==true. Azure active directory app client id - azure_
client_ strsecret - Required if
azureEnabled==true. Azure active directory app client secret - azure_
enabled bool - Whether Azure Active Directory is enabled as a login method
- azure_
expire int - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure_
tenant_ strid - Required if
azureEnabled==true. Azure active directory tenant id. - broadnet_
password str - Required if
smsProvider==broadnet. Password for the Broadnet SMS provider account - broadnet_
sid str - Required if
smsProvider==broadnet. SID for the Broadnet SMS provider account - broadnet_
user_ strid - Required if
smsProvider==broadnet. User ID for the Broadnet SMS provider account - bypass_
when_ boolcloud_ down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell_
api_ strkey - Required if
smsProvider==clickatell. API key for the Clickatell SMS provider account - cross_
site bool - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming) - email_
enabled bool - Whether email (access code verification) is enabled as a login method
- enabled bool
- Whether guest portal is enabled
- expire int
- How long to remain authorized, in minutes
- external_
portal_ strurl - Required if
wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - facebook_
client_ strid - Required if
facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook_
client_ strsecret - Required if
facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank. - facebook_
email_ Sequence[str]domains - Optional if
facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed. - facebook_
enabled bool - Whether facebook is enabled as a login method
- facebook_
expire int - Optional if
facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - forward bool
- Whether to forward the user to another URL after authorized
- forward_
url str - URL to forward the user to
- google_
client_ strid - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google_
client_ strsecret - Optional if
googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank. - google_
email_ Sequence[str]domains - Optional if
googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed. - google_
enabled bool - Whether Google is enabled as login method
- google_
expire int - Optional if
googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - gupshup_
password str - Required if
smsProvider==gupshup. Password for the Gupshup SMS provider account - gupshup_
userid str - Required if
smsProvider==gupshup. User ID for the Gupshup SMS provider account - microsoft_
client_ strid - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - microsoft_
client_ strsecret - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank. - microsoft_
email_ Sequence[str]domains - Optional if
microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed. - microsoft_
enabled bool - Whether microsoft 365 is enabled as a login method
- microsoft_
expire int - Optional if
microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - passphrase_
enabled bool - Whether password is enabled
- passphrase_
expire int - Optional if
passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - password str
- Required if
passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled - predefined_
sponsors_ boolenabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsorNotifyAllandpredefinedSponsorsEnabledare false, behavior is acc tosponsorEmailDomains - predefined_
sponsors_ boolhide_ email - Whether to hide sponsor’s email from list of sponsors
- privacy bool
- Whether to show the privacy policy in the WLAN guest portal
- puzzel_
password str - Required if
smsProvider==puzzel. Password for the Puzzel SMS provider account - puzzel_
service_ strid - Required if
smsProvider==puzzel. Service ID for the Puzzel SMS provider account - puzzel_
username str - Required if
smsProvider==puzzel. Username for the Puzzel SMS provider account - sms_
enabled bool - Whether sms is enabled as a login method
- sms_
expire int - Optional if
smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - sms_
message_ strformat - Optional if
smsEnabled==true. SMS Message format - sms_
provider str - Optional if
smsEnabled==true. SMS provider used to deliver guest portal access codes - smsglobal_
api_ strkey - Required if
smsProvider==smsglobal, Client API Key - smsglobal_
api_ strsecret - Required if
smsProvider==smsglobal, Client secret - smsglobal_
sender str - Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
- sponsor_
auto_ boolapprove - Optional if
sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled - sponsor_
email_ Sequence[str]domains - Email domains allowed for sponsor email addresses. Required if
sponsorEnabledistrueandsponsorsis empty. - sponsor_
enabled bool - Whether sponsor is enabled
- sponsor_
expire int - Optional if
sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - sponsor_
link_ strvalidity_ duration - Optional if
sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - sponsor_
notify_ boolall - Optional if
sponsorEnabled==true. whether to notify all sponsors that are mentioned insponsorsobject. BothsponsorNotifyAllandpredefinedSponsorsEnabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor_
status_ boolnotify - Optional if
sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - sponsors Mapping[str, str]
- object of allowed sponsors email with name. Required if
sponsorEnabledistrueandsponsorEmailDomainsis empty.Property key is the sponsor email, Property value is the sponsor name - sso_
default_ strrole - Optional if
wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - sso_
forced_ strrole - Optional if
wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used - sso_
idp_ strcert - Required if
wlanPortalAuth==sso. IDP Cert (used to verify the signed response) - sso_
idp_ strsign_ algo - Optional if
wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider - sso_
idp_ strsso_ url - Required if
wlanPortalAuth==sso, IDP Single-Sign-On URL - sso_
issuer str - Required if
wlanPortalAuth==sso, IDP issuer URL - sso_
nameid_ strformat - Optional if
wlanPortalAuth==sso. SAML NameID format expected from the identity provider - telstra_
client_ strid - Required if
smsProvider==telstra, Client ID provided by Telstra - telstra_
client_ strsecret - Required if
smsProvider==telstra, Client secret provided by Telstra - twilio_
auth_ strtoken - Required if
smsProvider==twilio, Auth token account with twilio account - twilio_
phone_ strnumber - Required if
smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format. - twilio_
sid str - Required if
smsProvider==twilio, Account SID provided by Twilio
- allow
Wlan BooleanId Roam - Optional if
amazonEnabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable randomMac for seamless roaming) - amazon
Client StringId - Optional if
amazonEnabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one. - amazon
Client StringSecret - Optional if
amazonEnabled==true. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank. - amazon
Email List<String>Domains - Optional if
amazonEnabled==true. Email domains allowed for Amazon-authenticated guest users. If null or empty, any authenticated Amazon email domain is allowed. - amazon
Enabled Boolean - Whether amazon is enabled as a login method
- amazon
Expire Number - Optional if
amazonEnabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire` - auth String
- Guest portal login scheme used by the WLAN
- azure
Client StringId - Required if
azureEnabled==true. Azure active directory app client id - azure
Client StringSecret - Required if
azureEnabled==true. Azure active directory app client secret - azure
Enabled Boolean - Whether Azure Active Directory is enabled as a login method
- azure
Expire Number - Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure
Tenant StringId - Required if
azureEnabled==true. Azure active directory tenant id. - broadnet
Password String - Required if
smsProvider==broadnet. Password for the Broadnet SMS provider account - broadnet
Sid String - Required if
smsProvider==broadnet. SID for the Broadnet SMS provider account - broadnet
User StringId - Required if
smsProvider==broadnet. User ID for the Broadnet SMS provider account - bypass
When BooleanCloud Down - Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell
Api StringKey - Required if
smsProvider==clickatell. API key for the Clickatell SMS provider account - cross
Site Boolean - Whether to allow guest to roam between WLANs (with same
WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming) - email
Enabled Boolean - Whether email (access code verification) is enabled as a login method
- enabled Boolean
- Whether guest portal is enabled
- expire Number
- How long to remain authorized, in minutes
- external
Portal StringUrl - Required if
wlanPortalAuth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to - facebook
Client StringId - Required if
facebookEnabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one. - facebook
Client StringSecret - Required if
facebookEnabled==true. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank. - facebook
Email List<String>Domains - Optional if
facebookEnabled==true. Email domains allowed for Facebook-authenticated guest users. If null or empty, any authenticated Facebook email domain is allowed. - facebook
Enabled Boolean - Whether facebook is enabled as a login method
- facebook
Expire Number - Optional if
facebookEnabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire` - forward Boolean
- Whether to forward the user to another URL after authorized
- forward
Url String - URL to forward the user to
- google
Client StringId - Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google
Client StringSecret - Optional if
googleEnabled==true. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank. - google
Email List<String>Domains - Optional if
googleEnabled==true. Email domains allowed for Google-authenticated guest users. If null or empty, any authenticated Google email domain is allowed. - google
Enabled Boolean - Whether Google is enabled as login method
- google
Expire Number - Optional if
googleEnabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire` - gupshup
Password String - Required if
smsProvider==gupshup. Password for the Gupshup SMS provider account - gupshup
Userid String - Required if
smsProvider==gupshup. User ID for the Gupshup SMS provider account - microsoft
Client StringId - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. - microsoft
Client StringSecret - Optional if
microsoftEnabled==true. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank. - microsoft
Email List<String>Domains - Optional if
microsoftEnabled==true. Email domains allowed for Microsoft 365-authenticated guest users. If null or empty, any authenticated Microsoft 365 email domain is allowed. - microsoft
Enabled Boolean - Whether microsoft 365 is enabled as a login method
- microsoft
Expire Number - Optional if
microsoftEnabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire` - passphrase
Enabled Boolean - Whether password is enabled
- passphrase
Expire Number - Optional if
passphraseEnabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire - password String
- Required if
passphraseEnabled==true. Passphrase guests must enter when passphrase authentication is enabled - predefined
Sponsors BooleanEnabled - Whether to show list of sponsor emails mentioned in
sponsorsobject as a dropdown. If bothsponsorNotifyAllandpredefinedSponsorsEnabledare false, behavior is acc tosponsorEmailDomains - predefined
Sponsors BooleanHide Email - Whether to hide sponsor’s email from list of sponsors
- privacy Boolean
- Whether to show the privacy policy in the WLAN guest portal
- puzzel
Password String - Required if
smsProvider==puzzel. Password for the Puzzel SMS provider account - puzzel
Service StringId - Required if
smsProvider==puzzel. Service ID for the Puzzel SMS provider account - puzzel
Username String - Required if
smsProvider==puzzel. Username for the Puzzel SMS provider account - sms
Enabled Boolean - Whether sms is enabled as a login method
- sms
Expire Number - Optional if
smsEnabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire` - sms
Message StringFormat - Optional if
smsEnabled==true. SMS Message format - sms
Provider String - Optional if
smsEnabled==true. SMS provider used to deliver guest portal access codes - smsglobal
Api StringKey - Required if
smsProvider==smsglobal, Client API Key - smsglobal
Api StringSecret - Required if
smsProvider==smsglobal, Client secret - smsglobal
Sender String - Optional sender's number or sender ID for SMSGlobal. If not provided, uses the default number associated with the account
- sponsor
Auto BooleanApprove - Optional if
sponsorEnabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled - sponsor
Email List<String>Domains - Email domains allowed for sponsor email addresses. Required if
sponsorEnabledistrueandsponsorsis empty. - sponsor
Enabled Boolean - Whether sponsor is enabled
- sponsor
Expire Number - Optional if
sponsorEnabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire` - sponsor
Link StringValidity Duration - Optional if
sponsorEnabled==true. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes. - sponsor
Notify BooleanAll - Optional if
sponsorEnabled==true. whether to notify all sponsors that are mentioned insponsorsobject. BothsponsorNotifyAllandpredefinedSponsorsEnabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. - sponsor
Status BooleanNotify - Optional if
sponsorEnabled==true. If enabled, guest will get email about sponsor's action (approve/deny) - sponsors Map<String>
- object of allowed sponsors email with name. Required if
sponsorEnabledistrueandsponsorEmailDomainsis empty.Property key is the sponsor email, Property value is the sponsor name - sso
Default StringRole - Optional if
wlanPortalAuth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched - sso
Forced StringRole - Optional if
wlanPortalAuth==sso. Role assigned to authenticated users when guest SSO is used - sso
Idp StringCert - Required if
wlanPortalAuth==sso. IDP Cert (used to verify the signed response) - sso
Idp StringSign Algo - Optional if
wlanPortalAuth==sso. Signing algorithm used for SAML assertions from the identity provider - sso
Idp StringSso Url - Required if
wlanPortalAuth==sso, IDP Single-Sign-On URL - sso
Issuer String - Required if
wlanPortalAuth==sso, IDP issuer URL - sso
Nameid StringFormat - Optional if
wlanPortalAuth==sso. SAML NameID format expected from the identity provider - telstra
Client StringId - Required if
smsProvider==telstra, Client ID provided by Telstra - telstra
Client StringSecret - Required if
smsProvider==telstra, Client secret provided by Telstra - twilio
Auth StringToken - Required if
smsProvider==twilio, Auth token account with twilio account - twilio
Phone StringNumber - Required if
smsProvider==twilio, Twilio phone number associated with the account. See example for accepted format. - twilio
Sid String - Required if
smsProvider==twilio, Account SID provided by Twilio
WlanQos, WlanQosArgs
WlanRadsec, WlanRadsecArgs
- Coa
Enabled bool - Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
- Enabled bool
- Whether RadSec is enabled
- Idle
Timeout string - Idle timeout, in seconds, for RadSec connections
- Mxcluster
Ids List<string> - Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
- Proxy
Hosts List<string> - RadSec proxy hostnames advertised to APs
- Server
Name string - TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
- Servers
List<Pulumi.
Juniper Mist. Site. Inputs. Wlan Radsec Server> - External RadSec servers. Only if not Mist Edge.
- Use
Mxedge bool - Whether to use organization Mist Edge instances as RadSec proxies
- Use
Site boolMxedge - Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
- Coa
Enabled bool - Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
- Enabled bool
- Whether RadSec is enabled
- Idle
Timeout string - Idle timeout, in seconds, for RadSec connections
- Mxcluster
Ids []string - Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
- Proxy
Hosts []string - RadSec proxy hostnames advertised to APs
- Server
Name string - TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
- Servers
[]Wlan
Radsec Server - External RadSec servers. Only if not Mist Edge.
- Use
Mxedge bool - Whether to use organization Mist Edge instances as RadSec proxies
- Use
Site boolMxedge - Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
- coa_
enabled bool - Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
- enabled bool
- Whether RadSec is enabled
- idle_
timeout string - Idle timeout, in seconds, for RadSec connections
- mxcluster_
ids list(string) - Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
- proxy_
hosts list(string) - RadSec proxy hostnames advertised to APs
- server_
name string - TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
- servers list(object)
- External RadSec servers. Only if not Mist Edge.
- use_
mxedge bool - Whether to use organization Mist Edge instances as RadSec proxies
- use_
site_ boolmxedge - Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
- coa
Enabled Boolean - Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
- enabled Boolean
- Whether RadSec is enabled
- idle
Timeout String - Idle timeout, in seconds, for RadSec connections
- mxcluster
Ids List<String> - Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
- proxy
Hosts List<String> - RadSec proxy hostnames advertised to APs
- server
Name String - TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
- servers
List<Wlan
Radsec Server> - External RadSec servers. Only if not Mist Edge.
- use
Mxedge Boolean - Whether to use organization Mist Edge instances as RadSec proxies
- use
Site BooleanMxedge - Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
- coa
Enabled boolean - Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
- enabled boolean
- Whether RadSec is enabled
- idle
Timeout string - Idle timeout, in seconds, for RadSec connections
- mxcluster
Ids string[] - Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
- proxy
Hosts string[] - RadSec proxy hostnames advertised to APs
- server
Name string - TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
- servers
Wlan
Radsec Server[] - External RadSec servers. Only if not Mist Edge.
- use
Mxedge boolean - Whether to use organization Mist Edge instances as RadSec proxies
- use
Site booleanMxedge - Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
- coa_
enabled bool - Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
- enabled bool
- Whether RadSec is enabled
- idle_
timeout str - Idle timeout, in seconds, for RadSec connections
- mxcluster_
ids Sequence[str] - Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
- proxy_
hosts Sequence[str] - RadSec proxy hostnames advertised to APs
- server_
name str - TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
- servers
Sequence[Wlan
Radsec Server] - External RadSec servers. Only if not Mist Edge.
- use_
mxedge bool - Whether to use organization Mist Edge instances as RadSec proxies
- use_
site_ boolmxedge - Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
- coa
Enabled Boolean - Whether RADIUS Change of Authorization (CoA) is enabled for RadSec traffic
- enabled Boolean
- Whether RadSec is enabled
- idle
Timeout String - Idle timeout, in seconds, for RadSec connections
- mxcluster
Ids List<String> - Mist Edge cluster IDs used as RadSec proxies when the WLAN does not use mxtunnel
- proxy
Hosts List<String> - RadSec proxy hostnames advertised to APs
- server
Name String - TLS server name to verify against the CA certificates in Org Setting. Only if not Mist Edge.
- servers List<Property Map>
- External RadSec servers. Only if not Mist Edge.
- use
Mxedge Boolean - Whether to use organization Mist Edge instances as RadSec proxies
- use
Site BooleanMxedge - Whether to use site Mist Edge instances when this WLAN does not use mxtunnel
WlanRadsecServer, WlanRadsecServerArgs
WlanRateset, WlanRatesetArgs
- Eht string
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - He string
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - Ht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - Legacies List<string>
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - Min
Rssi int - Minimum RSSI for client to connect, 0 means not enforcing
- Template string
- Data rate template used to derive WLAN rate settings
- Vht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- Eht string
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - He string
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - Ht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - Legacies []string
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - Min
Rssi int - Minimum RSSI for client to connect, 0 means not enforcing
- Template string
- Data rate template used to derive WLAN rate settings
- Vht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht string
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - he string
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - ht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - legacies list(string)
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - min_
rssi number - Minimum RSSI for client to connect, 0 means not enforcing
- template string
- Data rate template used to derive WLAN rate settings
- vht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht String
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - he String
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - ht String
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - legacies List<String>
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - min
Rssi Integer - Minimum RSSI for client to connect, 0 means not enforcing
- template String
- Data rate template used to derive WLAN rate settings
- vht String
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht string
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - he string
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - ht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - legacies string[]
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - min
Rssi number - Minimum RSSI for client to connect, 0 means not enforcing
- template string
- Data rate template used to derive WLAN rate settings
- vht string
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht str
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - he str
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - ht str
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - legacies Sequence[str]
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - min_
rssi int - Minimum RSSI for client to connect, 0 means not enforcing
- template str
- Data rate template used to derive WLAN rate settings
- vht str
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht String
- If
template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) - he String
- If
template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit - ht String
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) - legacies List<String>
- if
template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values. enum:1,11,11b,12,12b,18,18b,1b,2,24,24b,2b,36,36b,48,48b,5.5,5.5b,54,54b,6,6b,9,9b - min
Rssi Number - Minimum RSSI for client to connect, 0 means not enforcing
- template String
- Data rate template used to derive WLAN rate settings
- vht String
- If
template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
WlanSchedule, WlanScheduleArgs
- Enabled bool
- Whether the WLAN operating schedule is enabled
- Hours
Pulumi.
Juniper Mist. Site. Inputs. Wlan Schedule Hours - Time ranges when the WLAN is scheduled to operate
- Enabled bool
- Whether the WLAN operating schedule is enabled
- Hours
Wlan
Schedule Hours - Time ranges when the WLAN is scheduled to operate
- enabled Boolean
- Whether the WLAN operating schedule is enabled
- hours
Wlan
Schedule Hours - Time ranges when the WLAN is scheduled to operate
- enabled boolean
- Whether the WLAN operating schedule is enabled
- hours
Wlan
Schedule Hours - Time ranges when the WLAN is scheduled to operate
- enabled bool
- Whether the WLAN operating schedule is enabled
- hours
Wlan
Schedule Hours - Time ranges when the WLAN is scheduled to operate
- enabled Boolean
- Whether the WLAN operating schedule is enabled
- hours Property Map
- Time ranges when the WLAN is scheduled to operate
WlanScheduleHours, WlanScheduleHoursArgs
Import
Using pulumi import, import junipermist.site.Wlan with:
Site WLAN can be imported by specifying the siteId and the wlanId
$ pulumi import junipermist:site/wlan:Wlan wlan_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- junipermist pulumi/pulumi-junipermist
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mistTerraform Provider.
published on Friday, Jul 10, 2026 by Pulumi