routeros 1.83.1, Apr 28 25

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

routeros.InterfaceWirelessSecurityProfiles

Explore with Pulumi AI

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as routeros from "@pulumi/routeros";

const test = new routeros.InterfaceWirelessSecurityProfiles("test", {
    authenticationTypes: [
        "wpa-psk",
        "wpa2-psk",
    ],
    mode: "dynamic-keys",
    wpa2PreSharedKey: "wpa2_psk_key",
    wpaPreSharedKey: "wpa_psk_key",
});

import pulumi
import pulumi_routeros as routeros

test = routeros.InterfaceWirelessSecurityProfiles("test",
    authentication_types=[
        "wpa-psk",
        "wpa2-psk",
    ],
    mode="dynamic-keys",
    wpa2_pre_shared_key="wpa2_psk_key",
    wpa_pre_shared_key="wpa_psk_key")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/routeros/routeros"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := routeros.NewInterfaceWirelessSecurityProfiles(ctx, "test", &routeros.InterfaceWirelessSecurityProfilesArgs{
			AuthenticationTypes: pulumi.StringArray{
				pulumi.String("wpa-psk"),
				pulumi.String("wpa2-psk"),
			},
			Mode:             pulumi.String("dynamic-keys"),
			Wpa2PreSharedKey: pulumi.String("wpa2_psk_key"),
			WpaPreSharedKey:  pulumi.String("wpa_psk_key"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Routeros = Pulumi.Routeros;

return await Deployment.RunAsync(() => 
{
    var test = new Routeros.InterfaceWirelessSecurityProfiles("test", new()
    {
        AuthenticationTypes = new[]
        {
            "wpa-psk",
            "wpa2-psk",
        },
        Mode = "dynamic-keys",
        Wpa2PreSharedKey = "wpa2_psk_key",
        WpaPreSharedKey = "wpa_psk_key",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.routeros.InterfaceWirelessSecurityProfiles;
import com.pulumi.routeros.InterfaceWirelessSecurityProfilesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new InterfaceWirelessSecurityProfiles("test", InterfaceWirelessSecurityProfilesArgs.builder()
            .authenticationTypes(            
                "wpa-psk",
                "wpa2-psk")
            .mode("dynamic-keys")
            .wpa2PreSharedKey("wpa2_psk_key")
            .wpaPreSharedKey("wpa_psk_key")
            .build());

    }
}

resources:
  test:
    type: routeros:InterfaceWirelessSecurityProfiles
    properties:
      authenticationTypes:
        - wpa-psk
        - wpa2-psk
      mode: dynamic-keys
      wpa2PreSharedKey: wpa2_psk_key
      wpaPreSharedKey: wpa_psk_key

Create InterfaceWirelessSecurityProfiles Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new InterfaceWirelessSecurityProfiles(name: string, args?: InterfaceWirelessSecurityProfilesArgs, opts?: CustomResourceOptions);

@overload
def InterfaceWirelessSecurityProfiles(resource_name: str,
                                      args: Optional[InterfaceWirelessSecurityProfilesArgs] = None,
                                      opts: Optional[ResourceOptions] = None)

@overload
def InterfaceWirelessSecurityProfiles(resource_name: str,
                                      opts: Optional[ResourceOptions] = None,
                                      ___id_: Optional[float] = None,
                                      ___path_: Optional[str] = None,
                                      authentication_types: Optional[Sequence[str]] = None,
                                      comment: Optional[str] = None,
                                      disable_pmkid: Optional[bool] = None,
                                      eap_methods: Optional[str] = None,
                                      group_ciphers: Optional[str] = None,
                                      group_key_update: Optional[str] = None,
                                      interface_wireless_security_profiles_id: Optional[str] = None,
                                      interim_update: Optional[str] = None,
                                      management_protection: Optional[str] = None,
                                      management_protection_key: Optional[str] = None,
                                      mode: Optional[str] = None,
                                      mschapv2_password: Optional[str] = None,
                                      mschapv2_username: Optional[str] = None,
                                      name: Optional[str] = None,
                                      radius_called_format: Optional[str] = None,
                                      radius_eap_accounting: Optional[bool] = None,
                                      radius_mac_accounting: Optional[bool] = None,
                                      radius_mac_authentication: Optional[bool] = None,
                                      radius_mac_caching: Optional[str] = None,
                                      radius_mac_format: Optional[str] = None,
                                      radius_mac_mode: Optional[str] = None,
                                      static_algo0: Optional[str] = None,
                                      static_algo1: Optional[str] = None,
                                      static_algo2: Optional[str] = None,
                                      static_algo3: Optional[str] = None,
                                      static_key0: Optional[str] = None,
                                      static_key1: Optional[str] = None,
                                      static_key2: Optional[str] = None,
                                      static_key3: Optional[str] = None,
                                      static_sta_private_algo: Optional[str] = None,
                                      static_sta_private_key: Optional[str] = None,
                                      static_transmit_key: Optional[str] = None,
                                      supplicant_identity: Optional[str] = None,
                                      tls_certificate: Optional[str] = None,
                                      tls_mode: Optional[str] = None,
                                      unicast_ciphers: Optional[str] = None,
                                      wpa2_pre_shared_key: Optional[str] = None,
                                      wpa_pre_shared_key: Optional[str] = None)

func NewInterfaceWirelessSecurityProfiles(ctx *Context, name string, args *InterfaceWirelessSecurityProfilesArgs, opts ...ResourceOption) (*InterfaceWirelessSecurityProfiles, error)

public InterfaceWirelessSecurityProfiles(string name, InterfaceWirelessSecurityProfilesArgs? args = null, CustomResourceOptions? opts = null)

public InterfaceWirelessSecurityProfiles(String name, InterfaceWirelessSecurityProfilesArgs args)
public InterfaceWirelessSecurityProfiles(String name, InterfaceWirelessSecurityProfilesArgs args, CustomResourceOptions options)

type: routeros:InterfaceWirelessSecurityProfiles
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args InterfaceWirelessSecurityProfilesArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args InterfaceWirelessSecurityProfilesArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args InterfaceWirelessSecurityProfilesArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args InterfaceWirelessSecurityProfilesArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args InterfaceWirelessSecurityProfilesArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

InterfaceWirelessSecurityProfiles Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The InterfaceWirelessSecurityProfiles resource accepts the following input properties:

AuthenticationTypes List<string>: Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
Comment string
DisablePmkid bool: Whether to include PMKID into the EAPOL frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. yes - removes PMKID from EAPOL frames (improves security, reduces compatibility). no - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
EapMethods string: Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication. passthrough - Access Point will relay authentication process to the RADIUS server. peap - Use Protected EAP authentication.
GroupCiphers string: Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. tkip - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. aes-ccm - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
GroupKeyUpdate string: Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
InterfaceWirelessSecurityProfilesId string: The ID of this resource.
InterimUpdate string: When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
ManagementProtection string: Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: disabled - management protection is disabled (default), allowed - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), required - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
ManagementProtectionKey string: Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
Mode string: Encryption mode for the security profile. none - Encryption is not used. Encrypted frames are not accepted. static-keys-required - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. static-keys-optional - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in static-keys-required mode. See also: static-sta-private-algo, static-transmit-key. dynamic-keys - WPA mode.
Mschapv2Password string: Password to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
Mschapv2Username string: Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
Name string: Name of the security profile.
RadiusCalledFormat string: mac | mac:ssid | ssid
RadiusEapAccounting bool
RadiusMacAccounting bool
RadiusMacAuthentication bool: This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
RadiusMacCaching string: If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
RadiusMacFormat string: Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
RadiusMacMode string: By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
StaticAlgo0 string: Encryption algorithm to use with the corresponding key.
StaticAlgo1 string: Encryption algorithm to use with the corresponding key.
StaticAlgo2 string: Encryption algorithm to use with the corresponding key.
StaticAlgo3 string: Encryption algorithm to use with the corresponding key.
StaticKey0 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticKey1 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticKey2 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticKey3 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticStaPrivateAlgo string: Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
StaticStaPrivateKey string: Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
StaticTransmitKey string: Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
SupplicantIdentity string: EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
TlsCertificate string: Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
TlsMode string: This property has effect only when eap-methods contains eap-tls. verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate. no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
UnicastCiphers string: Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
Wpa2PreSharedKey string: WPA2 pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
WpaPreSharedKey string: WPA pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.
___id_ double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

AuthenticationTypes []string: Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
Comment string
DisablePmkid bool: Whether to include PMKID into the EAPOL frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. yes - removes PMKID from EAPOL frames (improves security, reduces compatibility). no - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
EapMethods string: Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication. passthrough - Access Point will relay authentication process to the RADIUS server. peap - Use Protected EAP authentication.
GroupCiphers string: Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. tkip - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. aes-ccm - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
GroupKeyUpdate string: Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
InterfaceWirelessSecurityProfilesId string: The ID of this resource.
InterimUpdate string: When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
ManagementProtection string: Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: disabled - management protection is disabled (default), allowed - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), required - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
ManagementProtectionKey string: Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
Mode string: Encryption mode for the security profile. none - Encryption is not used. Encrypted frames are not accepted. static-keys-required - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. static-keys-optional - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in static-keys-required mode. See also: static-sta-private-algo, static-transmit-key. dynamic-keys - WPA mode.
Mschapv2Password string: Password to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
Mschapv2Username string: Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
Name string: Name of the security profile.
RadiusCalledFormat string: mac | mac:ssid | ssid
RadiusEapAccounting bool
RadiusMacAccounting bool
RadiusMacAuthentication bool: This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
RadiusMacCaching string: If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
RadiusMacFormat string: Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
RadiusMacMode string: By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
StaticAlgo0 string: Encryption algorithm to use with the corresponding key.
StaticAlgo1 string: Encryption algorithm to use with the corresponding key.
StaticAlgo2 string: Encryption algorithm to use with the corresponding key.
StaticAlgo3 string: Encryption algorithm to use with the corresponding key.
StaticKey0 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticKey1 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticKey2 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticKey3 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticStaPrivateAlgo string: Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
StaticStaPrivateKey string: Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
StaticTransmitKey string: Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
SupplicantIdentity string: EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
TlsCertificate string: Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
TlsMode string: This property has effect only when eap-methods contains eap-tls. verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate. no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
UnicastCiphers string: Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
Wpa2PreSharedKey string: WPA2 pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
WpaPreSharedKey string: WPA pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.
___id_ float64: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

___id_ Double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
authenticationTypes List<String>: Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
comment String
disablePmkid Boolean: Whether to include PMKID into the EAPOL frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. yes - removes PMKID from EAPOL frames (improves security, reduces compatibility). no - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
eapMethods String: Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication. passthrough - Access Point will relay authentication process to the RADIUS server. peap - Use Protected EAP authentication.
groupCiphers String: Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. tkip - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. aes-ccm - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
groupKeyUpdate String: Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
interfaceWirelessSecurityProfilesId String: The ID of this resource.
interimUpdate String: When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
managementProtection String: Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: disabled - management protection is disabled (default), allowed - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), required - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
managementProtectionKey String: Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
mode String: Encryption mode for the security profile. none - Encryption is not used. Encrypted frames are not accepted. static-keys-required - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. static-keys-optional - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in static-keys-required mode. See also: static-sta-private-algo, static-transmit-key. dynamic-keys - WPA mode.
mschapv2Password String: Password to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
mschapv2Username String: Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
name String: Name of the security profile.
radiusCalledFormat String: mac | mac:ssid | ssid
radiusEapAccounting Boolean
radiusMacAccounting Boolean
radiusMacAuthentication Boolean: This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
radiusMacCaching String: If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
radiusMacFormat String: Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
radiusMacMode String: By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
staticAlgo0 String: Encryption algorithm to use with the corresponding key.
staticAlgo1 String: Encryption algorithm to use with the corresponding key.
staticAlgo2 String: Encryption algorithm to use with the corresponding key.
staticAlgo3 String: Encryption algorithm to use with the corresponding key.
staticKey0 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey1 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey2 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey3 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticStaPrivateAlgo String: Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
staticStaPrivateKey String: Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
staticTransmitKey String: Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
supplicantIdentity String: EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
tlsCertificate String: Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
tlsMode String: This property has effect only when eap-methods contains eap-tls. verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate. no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
unicastCiphers String: Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
wpa2PreSharedKey String: WPA2 pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
wpaPreSharedKey String: WPA pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.

___id_ number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
authenticationTypes string[]: Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
comment string
disablePmkid boolean: Whether to include PMKID into the EAPOL frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. yes - removes PMKID from EAPOL frames (improves security, reduces compatibility). no - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
eapMethods string: Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication. passthrough - Access Point will relay authentication process to the RADIUS server. peap - Use Protected EAP authentication.
groupCiphers string: Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. tkip - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. aes-ccm - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
groupKeyUpdate string: Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
interfaceWirelessSecurityProfilesId string: The ID of this resource.
interimUpdate string: When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
managementProtection string: Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: disabled - management protection is disabled (default), allowed - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), required - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
managementProtectionKey string: Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
mode string: Encryption mode for the security profile. none - Encryption is not used. Encrypted frames are not accepted. static-keys-required - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. static-keys-optional - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in static-keys-required mode. See also: static-sta-private-algo, static-transmit-key. dynamic-keys - WPA mode.
mschapv2Password string: Password to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
mschapv2Username string: Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
name string: Name of the security profile.
radiusCalledFormat string: mac | mac:ssid | ssid
radiusEapAccounting boolean
radiusMacAccounting boolean
radiusMacAuthentication boolean: This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
radiusMacCaching string: If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
radiusMacFormat string: Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
radiusMacMode string: By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
staticAlgo0 string: Encryption algorithm to use with the corresponding key.
staticAlgo1 string: Encryption algorithm to use with the corresponding key.
staticAlgo2 string: Encryption algorithm to use with the corresponding key.
staticAlgo3 string: Encryption algorithm to use with the corresponding key.
staticKey0 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey1 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey2 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey3 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticStaPrivateAlgo string: Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
staticStaPrivateKey string: Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
staticTransmitKey string: Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
supplicantIdentity string: EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
tlsCertificate string: Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
tlsMode string: This property has effect only when eap-methods contains eap-tls. verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate. no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
unicastCiphers string: Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
wpa2PreSharedKey string: WPA2 pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
wpaPreSharedKey string: WPA pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.

___id_ float: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ str: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
authentication_types Sequence[str]: Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
comment str
disable_pmkid bool: Whether to include PMKID into the EAPOL frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. yes - removes PMKID from EAPOL frames (improves security, reduces compatibility). no - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
eap_methods str: Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication. passthrough - Access Point will relay authentication process to the RADIUS server. peap - Use Protected EAP authentication.
group_ciphers str: Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. tkip - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. aes-ccm - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
group_key_update str: Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
interface_wireless_security_profiles_id str: The ID of this resource.
interim_update str: When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
management_protection str: Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: disabled - management protection is disabled (default), allowed - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), required - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
management_protection_key str: Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
mode str: Encryption mode for the security profile. none - Encryption is not used. Encrypted frames are not accepted. static-keys-required - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. static-keys-optional - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in static-keys-required mode. See also: static-sta-private-algo, static-transmit-key. dynamic-keys - WPA mode.
mschapv2_password str: Password to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
mschapv2_username str: Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
name str: Name of the security profile.
radius_called_format str: mac | mac:ssid | ssid
radius_eap_accounting bool
radius_mac_accounting bool
radius_mac_authentication bool: This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
radius_mac_caching str: If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
radius_mac_format str: Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
radius_mac_mode str: By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
static_algo0 str: Encryption algorithm to use with the corresponding key.
static_algo1 str: Encryption algorithm to use with the corresponding key.
static_algo2 str: Encryption algorithm to use with the corresponding key.
static_algo3 str: Encryption algorithm to use with the corresponding key.
static_key0 str: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
static_key1 str: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
static_key2 str: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
static_key3 str: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
static_sta_private_algo str: Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
static_sta_private_key str: Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
static_transmit_key str: Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
supplicant_identity str: EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
tls_certificate str: Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
tls_mode str: This property has effect only when eap-methods contains eap-tls. verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate. no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
unicast_ciphers str: Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
wpa2_pre_shared_key str: WPA2 pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
wpa_pre_shared_key str: WPA pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.

___id_ Number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
authenticationTypes List<String>: Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
comment String
disablePmkid Boolean: Whether to include PMKID into the EAPOL frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. yes - removes PMKID from EAPOL frames (improves security, reduces compatibility). no - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
eapMethods String: Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication. passthrough - Access Point will relay authentication process to the RADIUS server. peap - Use Protected EAP authentication.
groupCiphers String: Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. tkip - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. aes-ccm - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
groupKeyUpdate String: Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
interfaceWirelessSecurityProfilesId String: The ID of this resource.
interimUpdate String: When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
managementProtection String: Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: disabled - management protection is disabled (default), allowed - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), required - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
managementProtectionKey String: Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
mode String: Encryption mode for the security profile. none - Encryption is not used. Encrypted frames are not accepted. static-keys-required - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. static-keys-optional - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in static-keys-required mode. See also: static-sta-private-algo, static-transmit-key. dynamic-keys - WPA mode.
mschapv2Password String: Password to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
mschapv2Username String: Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
name String: Name of the security profile.
radiusCalledFormat String: mac | mac:ssid | ssid
radiusEapAccounting Boolean
radiusMacAccounting Boolean
radiusMacAuthentication Boolean: This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
radiusMacCaching String: If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
radiusMacFormat String: Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
radiusMacMode String: By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
staticAlgo0 String: Encryption algorithm to use with the corresponding key.
staticAlgo1 String: Encryption algorithm to use with the corresponding key.
staticAlgo2 String: Encryption algorithm to use with the corresponding key.
staticAlgo3 String: Encryption algorithm to use with the corresponding key.
staticKey0 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey1 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey2 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey3 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticStaPrivateAlgo String: Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
staticStaPrivateKey String: Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
staticTransmitKey String: Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
supplicantIdentity String: EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
tlsCertificate String: Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
tlsMode String: This property has effect only when eap-methods contains eap-tls. verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate. no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
unicastCiphers String: Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
wpa2PreSharedKey String: WPA2 pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
wpaPreSharedKey String: WPA pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.

Outputs

All input properties are implicitly available as output properties. Additionally, the InterfaceWirelessSecurityProfiles resource produces the following output properties:

Default bool: It's the default item.
Id string: The provider-assigned unique ID for this managed resource.

Default bool: It's the default item.
Id string: The provider-assigned unique ID for this managed resource.

default_ Boolean: It's the default item.
id String: The provider-assigned unique ID for this managed resource.

default boolean: It's the default item.
id string: The provider-assigned unique ID for this managed resource.

default bool: It's the default item.
id str: The provider-assigned unique ID for this managed resource.

default Boolean: It's the default item.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing InterfaceWirelessSecurityProfiles Resource

Get an existing InterfaceWirelessSecurityProfiles resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: InterfaceWirelessSecurityProfilesState, opts?: CustomResourceOptions): InterfaceWirelessSecurityProfiles

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        ___id_: Optional[float] = None,
        ___path_: Optional[str] = None,
        authentication_types: Optional[Sequence[str]] = None,
        comment: Optional[str] = None,
        default: Optional[bool] = None,
        disable_pmkid: Optional[bool] = None,
        eap_methods: Optional[str] = None,
        group_ciphers: Optional[str] = None,
        group_key_update: Optional[str] = None,
        interface_wireless_security_profiles_id: Optional[str] = None,
        interim_update: Optional[str] = None,
        management_protection: Optional[str] = None,
        management_protection_key: Optional[str] = None,
        mode: Optional[str] = None,
        mschapv2_password: Optional[str] = None,
        mschapv2_username: Optional[str] = None,
        name: Optional[str] = None,
        radius_called_format: Optional[str] = None,
        radius_eap_accounting: Optional[bool] = None,
        radius_mac_accounting: Optional[bool] = None,
        radius_mac_authentication: Optional[bool] = None,
        radius_mac_caching: Optional[str] = None,
        radius_mac_format: Optional[str] = None,
        radius_mac_mode: Optional[str] = None,
        static_algo0: Optional[str] = None,
        static_algo1: Optional[str] = None,
        static_algo2: Optional[str] = None,
        static_algo3: Optional[str] = None,
        static_key0: Optional[str] = None,
        static_key1: Optional[str] = None,
        static_key2: Optional[str] = None,
        static_key3: Optional[str] = None,
        static_sta_private_algo: Optional[str] = None,
        static_sta_private_key: Optional[str] = None,
        static_transmit_key: Optional[str] = None,
        supplicant_identity: Optional[str] = None,
        tls_certificate: Optional[str] = None,
        tls_mode: Optional[str] = None,
        unicast_ciphers: Optional[str] = None,
        wpa2_pre_shared_key: Optional[str] = None,
        wpa_pre_shared_key: Optional[str] = None) -> InterfaceWirelessSecurityProfiles

func GetInterfaceWirelessSecurityProfiles(ctx *Context, name string, id IDInput, state *InterfaceWirelessSecurityProfilesState, opts ...ResourceOption) (*InterfaceWirelessSecurityProfiles, error)

public static InterfaceWirelessSecurityProfiles Get(string name, Input<string> id, InterfaceWirelessSecurityProfilesState? state, CustomResourceOptions? opts = null)

public static InterfaceWirelessSecurityProfiles get(String name, Output<String> id, InterfaceWirelessSecurityProfilesState state, CustomResourceOptions options)

resources:  _:    type: routeros:InterfaceWirelessSecurityProfiles    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthenticationTypes List<string>: Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
Comment string
Default bool: It's the default item.
DisablePmkid bool: Whether to include PMKID into the EAPOL frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. yes - removes PMKID from EAPOL frames (improves security, reduces compatibility). no - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
EapMethods string: Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication. passthrough - Access Point will relay authentication process to the RADIUS server. peap - Use Protected EAP authentication.
GroupCiphers string: Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. tkip - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. aes-ccm - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
GroupKeyUpdate string: Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
InterfaceWirelessSecurityProfilesId string: The ID of this resource.
InterimUpdate string: When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
ManagementProtection string: Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: disabled - management protection is disabled (default), allowed - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), required - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
ManagementProtectionKey string: Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
Mode string: Encryption mode for the security profile. none - Encryption is not used. Encrypted frames are not accepted. static-keys-required - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. static-keys-optional - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in static-keys-required mode. See also: static-sta-private-algo, static-transmit-key. dynamic-keys - WPA mode.
Mschapv2Password string: Password to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
Mschapv2Username string: Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
Name string: Name of the security profile.
RadiusCalledFormat string: mac | mac:ssid | ssid
RadiusEapAccounting bool
RadiusMacAccounting bool
RadiusMacAuthentication bool: This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
RadiusMacCaching string: If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
RadiusMacFormat string: Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
RadiusMacMode string: By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
StaticAlgo0 string: Encryption algorithm to use with the corresponding key.
StaticAlgo1 string: Encryption algorithm to use with the corresponding key.
StaticAlgo2 string: Encryption algorithm to use with the corresponding key.
StaticAlgo3 string: Encryption algorithm to use with the corresponding key.
StaticKey0 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticKey1 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticKey2 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticKey3 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticStaPrivateAlgo string: Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
StaticStaPrivateKey string: Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
StaticTransmitKey string: Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
SupplicantIdentity string: EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
TlsCertificate string: Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
TlsMode string: This property has effect only when eap-methods contains eap-tls. verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate. no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
UnicastCiphers string: Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
Wpa2PreSharedKey string: WPA2 pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
WpaPreSharedKey string: WPA pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.
___id_ double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

AuthenticationTypes []string: Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
Comment string
Default bool: It's the default item.
DisablePmkid bool: Whether to include PMKID into the EAPOL frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. yes - removes PMKID from EAPOL frames (improves security, reduces compatibility). no - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
EapMethods string: Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication. passthrough - Access Point will relay authentication process to the RADIUS server. peap - Use Protected EAP authentication.
GroupCiphers string: Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. tkip - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. aes-ccm - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
GroupKeyUpdate string: Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
InterfaceWirelessSecurityProfilesId string: The ID of this resource.
InterimUpdate string: When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
ManagementProtection string: Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: disabled - management protection is disabled (default), allowed - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), required - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
ManagementProtectionKey string: Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
Mode string: Encryption mode for the security profile. none - Encryption is not used. Encrypted frames are not accepted. static-keys-required - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. static-keys-optional - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in static-keys-required mode. See also: static-sta-private-algo, static-transmit-key. dynamic-keys - WPA mode.
Mschapv2Password string: Password to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
Mschapv2Username string: Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
Name string: Name of the security profile.
RadiusCalledFormat string: mac | mac:ssid | ssid
RadiusEapAccounting bool
RadiusMacAccounting bool
RadiusMacAuthentication bool: This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
RadiusMacCaching string: If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
RadiusMacFormat string: Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
RadiusMacMode string: By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
StaticAlgo0 string: Encryption algorithm to use with the corresponding key.
StaticAlgo1 string: Encryption algorithm to use with the corresponding key.
StaticAlgo2 string: Encryption algorithm to use with the corresponding key.
StaticAlgo3 string: Encryption algorithm to use with the corresponding key.
StaticKey0 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticKey1 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticKey2 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticKey3 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
StaticStaPrivateAlgo string: Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
StaticStaPrivateKey string: Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
StaticTransmitKey string: Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
SupplicantIdentity string: EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
TlsCertificate string: Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
TlsMode string: This property has effect only when eap-methods contains eap-tls. verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate. no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
UnicastCiphers string: Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
Wpa2PreSharedKey string: WPA2 pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
WpaPreSharedKey string: WPA pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.
___id_ float64: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

___id_ Double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
authenticationTypes List<String>: Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
comment String
default_ Boolean: It's the default item.
disablePmkid Boolean: Whether to include PMKID into the EAPOL frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. yes - removes PMKID from EAPOL frames (improves security, reduces compatibility). no - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
eapMethods String: Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication. passthrough - Access Point will relay authentication process to the RADIUS server. peap - Use Protected EAP authentication.
groupCiphers String: Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. tkip - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. aes-ccm - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
groupKeyUpdate String: Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
interfaceWirelessSecurityProfilesId String: The ID of this resource.
interimUpdate String: When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
managementProtection String: Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: disabled - management protection is disabled (default), allowed - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), required - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
managementProtectionKey String: Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
mode String: Encryption mode for the security profile. none - Encryption is not used. Encrypted frames are not accepted. static-keys-required - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. static-keys-optional - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in static-keys-required mode. See also: static-sta-private-algo, static-transmit-key. dynamic-keys - WPA mode.
mschapv2Password String: Password to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
mschapv2Username String: Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
name String: Name of the security profile.
radiusCalledFormat String: mac | mac:ssid | ssid
radiusEapAccounting Boolean
radiusMacAccounting Boolean
radiusMacAuthentication Boolean: This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
radiusMacCaching String: If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
radiusMacFormat String: Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
radiusMacMode String: By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
staticAlgo0 String: Encryption algorithm to use with the corresponding key.
staticAlgo1 String: Encryption algorithm to use with the corresponding key.
staticAlgo2 String: Encryption algorithm to use with the corresponding key.
staticAlgo3 String: Encryption algorithm to use with the corresponding key.
staticKey0 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey1 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey2 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey3 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticStaPrivateAlgo String: Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
staticStaPrivateKey String: Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
staticTransmitKey String: Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
supplicantIdentity String: EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
tlsCertificate String: Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
tlsMode String: This property has effect only when eap-methods contains eap-tls. verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate. no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
unicastCiphers String: Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
wpa2PreSharedKey String: WPA2 pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
wpaPreSharedKey String: WPA pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.

___id_ number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
authenticationTypes string[]: Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
comment string
default boolean: It's the default item.
disablePmkid boolean: Whether to include PMKID into the EAPOL frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. yes - removes PMKID from EAPOL frames (improves security, reduces compatibility). no - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
eapMethods string: Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication. passthrough - Access Point will relay authentication process to the RADIUS server. peap - Use Protected EAP authentication.
groupCiphers string: Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. tkip - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. aes-ccm - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
groupKeyUpdate string: Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
interfaceWirelessSecurityProfilesId string: The ID of this resource.
interimUpdate string: When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
managementProtection string: Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: disabled - management protection is disabled (default), allowed - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), required - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
managementProtectionKey string: Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
mode string: Encryption mode for the security profile. none - Encryption is not used. Encrypted frames are not accepted. static-keys-required - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. static-keys-optional - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in static-keys-required mode. See also: static-sta-private-algo, static-transmit-key. dynamic-keys - WPA mode.
mschapv2Password string: Password to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
mschapv2Username string: Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
name string: Name of the security profile.
radiusCalledFormat string: mac | mac:ssid | ssid
radiusEapAccounting boolean
radiusMacAccounting boolean
radiusMacAuthentication boolean: This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
radiusMacCaching string: If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
radiusMacFormat string: Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
radiusMacMode string: By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
staticAlgo0 string: Encryption algorithm to use with the corresponding key.
staticAlgo1 string: Encryption algorithm to use with the corresponding key.
staticAlgo2 string: Encryption algorithm to use with the corresponding key.
staticAlgo3 string: Encryption algorithm to use with the corresponding key.
staticKey0 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey1 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey2 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey3 string: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticStaPrivateAlgo string: Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
staticStaPrivateKey string: Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
staticTransmitKey string: Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
supplicantIdentity string: EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
tlsCertificate string: Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
tlsMode string: This property has effect only when eap-methods contains eap-tls. verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate. no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
unicastCiphers string: Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
wpa2PreSharedKey string: WPA2 pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
wpaPreSharedKey string: WPA pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.

___id_ float: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ str: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
authentication_types Sequence[str]: Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
comment str
default bool: It's the default item.
disable_pmkid bool: Whether to include PMKID into the EAPOL frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. yes - removes PMKID from EAPOL frames (improves security, reduces compatibility). no - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
eap_methods str: Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication. passthrough - Access Point will relay authentication process to the RADIUS server. peap - Use Protected EAP authentication.
group_ciphers str: Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. tkip - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. aes-ccm - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
group_key_update str: Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
interface_wireless_security_profiles_id str: The ID of this resource.
interim_update str: When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
management_protection str: Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: disabled - management protection is disabled (default), allowed - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), required - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
management_protection_key str: Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
mode str: Encryption mode for the security profile. none - Encryption is not used. Encrypted frames are not accepted. static-keys-required - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. static-keys-optional - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in static-keys-required mode. See also: static-sta-private-algo, static-transmit-key. dynamic-keys - WPA mode.
mschapv2_password str: Password to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
mschapv2_username str: Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
name str: Name of the security profile.
radius_called_format str: mac | mac:ssid | ssid
radius_eap_accounting bool
radius_mac_accounting bool
radius_mac_authentication bool: This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
radius_mac_caching str: If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
radius_mac_format str: Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
radius_mac_mode str: By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
static_algo0 str: Encryption algorithm to use with the corresponding key.
static_algo1 str: Encryption algorithm to use with the corresponding key.
static_algo2 str: Encryption algorithm to use with the corresponding key.
static_algo3 str: Encryption algorithm to use with the corresponding key.
static_key0 str: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
static_key1 str: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
static_key2 str: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
static_key3 str: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
static_sta_private_algo str: Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
static_sta_private_key str: Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
static_transmit_key str: Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
supplicant_identity str: EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
tls_certificate str: Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
tls_mode str: This property has effect only when eap-methods contains eap-tls. verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate. no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
unicast_ciphers str: Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
wpa2_pre_shared_key str: WPA2 pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
wpa_pre_shared_key str: WPA pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.

___id_ Number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
authenticationTypes List<String>: Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
comment String
default Boolean: It's the default item.
disablePmkid Boolean: Whether to include PMKID into the EAPOL frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. yes - removes PMKID from EAPOL frames (improves security, reduces compatibility). no - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
eapMethods String: Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication. passthrough - Access Point will relay authentication process to the RADIUS server. peap - Use Protected EAP authentication.
groupCiphers String: Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. tkip - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. aes-ccm - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
groupKeyUpdate String: Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
interfaceWirelessSecurityProfilesId String: The ID of this resource.
interimUpdate String: When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
managementProtection String: Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: disabled - management protection is disabled (default), allowed - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), required - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
managementProtectionKey String: Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
mode String: Encryption mode for the security profile. none - Encryption is not used. Encrypted frames are not accepted. static-keys-required - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. static-keys-optional - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in static-keys-required mode. See also: static-sta-private-algo, static-transmit-key. dynamic-keys - WPA mode.
mschapv2Password String: Password to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
mschapv2Username String: Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
name String: Name of the security profile.
radiusCalledFormat String: mac | mac:ssid | ssid
radiusEapAccounting Boolean
radiusMacAccounting Boolean
radiusMacAuthentication Boolean: This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
radiusMacCaching String: If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
radiusMacFormat String: Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
radiusMacMode String: By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
staticAlgo0 String: Encryption algorithm to use with the corresponding key.
staticAlgo1 String: Encryption algorithm to use with the corresponding key.
staticAlgo2 String: Encryption algorithm to use with the corresponding key.
staticAlgo3 String: Encryption algorithm to use with the corresponding key.
staticKey0 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey1 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey2 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticKey3 String: Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
staticStaPrivateAlgo String: Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
staticStaPrivateKey String: Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
staticTransmitKey String: Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
supplicantIdentity String: EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
tlsCertificate String: Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
tlsMode String: This property has effect only when eap-methods contains eap-tls. verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate. no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
unicastCiphers String: Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
wpa2PreSharedKey String: WPA2 pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
wpaPreSharedKey String: WPA pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.

Import

#The ID can be found via API or the terminal

#The command for the terminal is -> :put [/interface/wireless/security-profiles get [print show-ids]]

$ pulumi import routeros:index/interfaceWirelessSecurityProfiles:InterfaceWirelessSecurityProfiles test *3

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: routeros terraform-routeros/terraform-provider-routeros
License
Notes: This Pulumi package is based on the routeros Terraform Provider.

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

routeros.InterfaceWirelessSecurityProfiles

On this page

On this page

Example Usage

Create InterfaceWirelessSecurityProfiles Resource

Constructor syntax

Parameters

InterfaceWirelessSecurityProfiles Resource Properties

Inputs

Outputs

Look up Existing InterfaceWirelessSecurityProfiles Resource

Import

Package Details

On this page

On this page