1. Packages
  2. Unifi
  3. API Docs
  4. Network
Unifi v0.2.0 published on Tuesday, Feb 17, 2026 by Pulumiverse
Schema (JSON)
pulumiverse/pulumi-unifi

unifi.Network

unifi logo
Unifi v0.2.0 published on Tuesday, Feb 17, 2026 by Pulumiverse
Schema (JSON)
pulumiverse/pulumi-unifi

    The unifi.Network resource manages networks in your UniFi environment, including WAN, LAN, and VLAN networks. This resource enables you to:

    • Create and manage different types of networks (corporate, guest, WAN, VLAN-only)
    • Configure network addressing and DHCP settings
    • Set up IPv6 networking features
    • Manage DHCP relay and DNS settings
    • Configure network groups and VLANs

    Common use cases include:

    • Setting up corporate and guest networks with different security policies
    • Configuring WAN connectivity with various authentication methods
    • Creating VLANs for network segmentation
    • Managing DHCP and DNS services for network clients

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
import * as unifi from "@pulumiverse/unifi";

const config = new pulumi.Config();
const vlanId = config.getNumber("vlanId") || 10;
const vlan = new unifi.Network("vlan", {
    name: "wifi-vlan",
    purpose: "corporate",
    subnet: "10.0.0.1/24",
    vlanId: vlanId,
    dhcpStart: "10.0.0.6",
    dhcpStop: "10.0.0.254",
    dhcpEnabled: true,
});
const wan = new unifi.Network("wan", {
    name: "wan",
    purpose: "wan",
    wanNetworkgroup: "WAN",
    wanType: "pppoe",
    wanIp: "192.168.1.1",
    wanEgressQos: 1,
    wanUsername: "username",
    xWanPassword: "password",
});

    import pulumi
import pulumiverse_unifi as unifi

config = pulumi.Config()
vlan_id = config.get_float("vlanId")
if vlan_id is None:
    vlan_id = 10
vlan = unifi.Network("vlan",
    name="wifi-vlan",
    purpose="corporate",
    subnet="10.0.0.1/24",
    vlan_id=vlan_id,
    dhcp_start="10.0.0.6",
    dhcp_stop="10.0.0.254",
    dhcp_enabled=True)
wan = unifi.Network("wan",
    name="wan",
    purpose="wan",
    wan_networkgroup="WAN",
    wan_type="pppoe",
    wan_ip="192.168.1.1",
    wan_egress_qos=1,
    wan_username="username",
    x_wan_password="password")

    package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
	"github.com/pulumiverse/pulumi-unifi/sdk/go/unifi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		vlanId := float64(10)
		if param := cfg.GetFloat64("vlanId"); param != 0 {
			vlanId = param
		}
		_, err := unifi.NewNetwork(ctx, "vlan", &unifi.NetworkArgs{
			Name:        pulumi.String("wifi-vlan"),
			Purpose:     pulumi.String("corporate"),
			Subnet:      pulumi.String("10.0.0.1/24"),
			VlanId:      pulumi.Float64(vlanId),
			DhcpStart:   pulumi.String("10.0.0.6"),
			DhcpStop:    pulumi.String("10.0.0.254"),
			DhcpEnabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = unifi.NewNetwork(ctx, "wan", &unifi.NetworkArgs{
			Name:            pulumi.String("wan"),
			Purpose:         pulumi.String("wan"),
			WanNetworkgroup: pulumi.String("WAN"),
			WanType:         pulumi.String("pppoe"),
			WanIp:           pulumi.String("192.168.1.1"),
			WanEgressQos:    pulumi.Int(1),
			WanUsername:     pulumi.String("username"),
			XWanPassword:    pulumi.String("password"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Unifi = Pulumiverse.Unifi;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var vlanId = config.GetDouble("vlanId") ?? 10;
    var vlan = new Unifi.Network("vlan", new()
    {
        Name = "wifi-vlan",
        Purpose = "corporate",
        Subnet = "10.0.0.1/24",
        VlanId = vlanId,
        DhcpStart = "10.0.0.6",
        DhcpStop = "10.0.0.254",
        DhcpEnabled = true,
    });

    var wan = new Unifi.Network("wan", new()
    {
        Name = "wan",
        Purpose = "wan",
        WanNetworkgroup = "WAN",
        WanType = "pppoe",
        WanIp = "192.168.1.1",
        WanEgressQos = 1,
        WanUsername = "username",
        XWanPassword = "password",
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumiverse.unifi.Network;
import com.pulumiverse.unifi.NetworkArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var vlanId = config.get("vlanId").orElse(10);
        var vlan = new Network("vlan", NetworkArgs.builder()
            .name("wifi-vlan")
            .purpose("corporate")
            .subnet("10.0.0.1/24")
            .vlanId(vlanId)
            .dhcpStart("10.0.0.6")
            .dhcpStop("10.0.0.254")
            .dhcpEnabled(true)
            .build());

        var wan = new Network("wan", NetworkArgs.builder()
            .name("wan")
            .purpose("wan")
            .wanNetworkgroup("WAN")
            .wanType("pppoe")
            .wanIp("192.168.1.1")
            .wanEgressQos(1)
            .wanUsername("username")
            .xWanPassword("password")
            .build());

    }
}

    configuration:
  vlanId:
    type: number
    default: 10
resources:
  vlan:
    type: unifi:Network
    properties:
      name: wifi-vlan
      purpose: corporate
      subnet: 10.0.0.1/24
      vlanId: ${vlanId}
      dhcpStart: 10.0.0.6
      dhcpStop: 10.0.0.254
      dhcpEnabled: true
  wan:
    type: unifi:Network
    properties:
      name: wan
      purpose: wan
      wanNetworkgroup: WAN
      wanType: pppoe
      wanIp: 192.168.1.1
      wanEgressQos: 1
      wanUsername: username
      xWanPassword: password

    Create Network Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Network(name: string, args: NetworkArgs, opts?: CustomResourceOptions);
    @overload
def Network(resource_name: str,
            args: NetworkArgs,
            opts: Optional[ResourceOptions] = None)

@overload
def Network(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            purpose: Optional[str] = None,
            dhcp_dns: Optional[Sequence[str]] = None,
            dhcp_enabled: Optional[bool] = None,
            dhcp_lease: Optional[int] = None,
            dhcp_relay_enabled: Optional[bool] = None,
            dhcp_start: Optional[str] = None,
            dhcp_stop: Optional[str] = None,
            dhcp_v6_dns: Optional[Sequence[str]] = None,
            dhcp_v6_dns_auto: Optional[bool] = None,
            dhcp_v6_enabled: Optional[bool] = None,
            dhcp_v6_lease: Optional[int] = None,
            dhcp_v6_start: Optional[str] = None,
            dhcp_v6_stop: Optional[str] = None,
            dhcpd_boot_enabled: Optional[bool] = None,
            dhcpd_boot_filename: Optional[str] = None,
            dhcpd_boot_server: Optional[str] = None,
            domain_name: Optional[str] = None,
            enabled: Optional[bool] = None,
            igmp_snooping: Optional[bool] = None,
            internet_access_enabled: Optional[bool] = None,
            ipv6_interface_type: Optional[str] = None,
            ipv6_pd_interface: Optional[str] = None,
            ipv6_pd_prefixid: Optional[str] = None,
            ipv6_pd_start: Optional[str] = None,
            ipv6_pd_stop: Optional[str] = None,
            ipv6_ra_enable: Optional[bool] = None,
            ipv6_ra_preferred_lifetime: Optional[int] = None,
            ipv6_ra_priority: Optional[str] = None,
            ipv6_ra_valid_lifetime: Optional[int] = None,
            ipv6_static_subnet: Optional[str] = None,
            multicast_dns: Optional[bool] = None,
            name: Optional[str] = None,
            network_group: Optional[str] = None,
            network_isolation_enabled: Optional[bool] = None,
            site: Optional[str] = None,
            subnet: Optional[str] = None,
            vlan_id: Optional[int] = None,
            wan_dhcp_v6_pd_size: Optional[int] = None,
            wan_dns: Optional[Sequence[str]] = None,
            wan_egress_qos: Optional[int] = None,
            wan_gateway: Optional[str] = None,
            wan_gateway_v6: Optional[str] = None,
            wan_ip: Optional[str] = None,
            wan_ipv6: Optional[str] = None,
            wan_netmask: Optional[str] = None,
            wan_networkgroup: Optional[str] = None,
            wan_prefixlen: Optional[int] = None,
            wan_type: Optional[str] = None,
            wan_type_v6: Optional[str] = None,
            wan_username: Optional[str] = None,
            x_wan_password: Optional[str] = None)
    func NewNetwork(ctx *Context, name string, args NetworkArgs, opts ...ResourceOption) (*Network, error)
    public Network(string name, NetworkArgs args, CustomResourceOptions? opts = null)
    public Network(String name, NetworkArgs args)
public Network(String name, NetworkArgs args, CustomResourceOptions options)

    type: unifi:Network
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args NetworkArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args NetworkArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args NetworkArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args NetworkArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args NetworkArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var networkResource = new Unifi.Network("networkResource", new()
{
    Purpose = "string",
    DhcpDns = new[]
    {
        "string",
    },
    DhcpEnabled = false,
    DhcpLease = 0,
    DhcpRelayEnabled = false,
    DhcpStart = "string",
    DhcpStop = "string",
    DhcpV6Dns = new[]
    {
        "string",
    },
    DhcpV6DnsAuto = false,
    DhcpV6Enabled = false,
    DhcpV6Lease = 0,
    DhcpV6Start = "string",
    DhcpV6Stop = "string",
    DhcpdBootEnabled = false,
    DhcpdBootFilename = "string",
    DhcpdBootServer = "string",
    DomainName = "string",
    Enabled = false,
    IgmpSnooping = false,
    InternetAccessEnabled = false,
    Ipv6InterfaceType = "string",
    Ipv6PdInterface = "string",
    Ipv6PdPrefixid = "string",
    Ipv6PdStart = "string",
    Ipv6PdStop = "string",
    Ipv6RaEnable = false,
    Ipv6RaPreferredLifetime = 0,
    Ipv6RaPriority = "string",
    Ipv6RaValidLifetime = 0,
    Ipv6StaticSubnet = "string",
    MulticastDns = false,
    Name = "string",
    NetworkGroup = "string",
    NetworkIsolationEnabled = false,
    Site = "string",
    Subnet = "string",
    VlanId = 0,
    WanDhcpV6PdSize = 0,
    WanDns = new[]
    {
        "string",
    },
    WanEgressQos = 0,
    WanGateway = "string",
    WanGatewayV6 = "string",
    WanIp = "string",
    WanIpv6 = "string",
    WanNetmask = "string",
    WanNetworkgroup = "string",
    WanPrefixlen = 0,
    WanType = "string",
    WanTypeV6 = "string",
    WanUsername = "string",
    XWanPassword = "string",
});

    example, err := unifi.NewNetwork(ctx, "networkResource", &unifi.NetworkArgs{
	Purpose: pulumi.String("string"),
	DhcpDns: pulumi.StringArray{
		pulumi.String("string"),
	},
	DhcpEnabled:      pulumi.Bool(false),
	DhcpLease:        pulumi.Int(0),
	DhcpRelayEnabled: pulumi.Bool(false),
	DhcpStart:        pulumi.String("string"),
	DhcpStop:         pulumi.String("string"),
	DhcpV6Dns: pulumi.StringArray{
		pulumi.String("string"),
	},
	DhcpV6DnsAuto:           pulumi.Bool(false),
	DhcpV6Enabled:           pulumi.Bool(false),
	DhcpV6Lease:             pulumi.Int(0),
	DhcpV6Start:             pulumi.String("string"),
	DhcpV6Stop:              pulumi.String("string"),
	DhcpdBootEnabled:        pulumi.Bool(false),
	DhcpdBootFilename:       pulumi.String("string"),
	DhcpdBootServer:         pulumi.String("string"),
	DomainName:              pulumi.String("string"),
	Enabled:                 pulumi.Bool(false),
	IgmpSnooping:            pulumi.Bool(false),
	InternetAccessEnabled:   pulumi.Bool(false),
	Ipv6InterfaceType:       pulumi.String("string"),
	Ipv6PdInterface:         pulumi.String("string"),
	Ipv6PdPrefixid:          pulumi.String("string"),
	Ipv6PdStart:             pulumi.String("string"),
	Ipv6PdStop:              pulumi.String("string"),
	Ipv6RaEnable:            pulumi.Bool(false),
	Ipv6RaPreferredLifetime: pulumi.Int(0),
	Ipv6RaPriority:          pulumi.String("string"),
	Ipv6RaValidLifetime:     pulumi.Int(0),
	Ipv6StaticSubnet:        pulumi.String("string"),
	MulticastDns:            pulumi.Bool(false),
	Name:                    pulumi.String("string"),
	NetworkGroup:            pulumi.String("string"),
	NetworkIsolationEnabled: pulumi.Bool(false),
	Site:                    pulumi.String("string"),
	Subnet:                  pulumi.String("string"),
	VlanId:                  pulumi.Int(0),
	WanDhcpV6PdSize:         pulumi.Int(0),
	WanDns: pulumi.StringArray{
		pulumi.String("string"),
	},
	WanEgressQos:    pulumi.Int(0),
	WanGateway:      pulumi.String("string"),
	WanGatewayV6:    pulumi.String("string"),
	WanIp:           pulumi.String("string"),
	WanIpv6:         pulumi.String("string"),
	WanNetmask:      pulumi.String("string"),
	WanNetworkgroup: pulumi.String("string"),
	WanPrefixlen:    pulumi.Int(0),
	WanType:         pulumi.String("string"),
	WanTypeV6:       pulumi.String("string"),
	WanUsername:     pulumi.String("string"),
	XWanPassword:    pulumi.String("string"),
})

    var networkResource = new Network("networkResource", NetworkArgs.builder()
    .purpose("string")
    .dhcpDns("string")
    .dhcpEnabled(false)
    .dhcpLease(0)
    .dhcpRelayEnabled(false)
    .dhcpStart("string")
    .dhcpStop("string")
    .dhcpV6Dns("string")
    .dhcpV6DnsAuto(false)
    .dhcpV6Enabled(false)
    .dhcpV6Lease(0)
    .dhcpV6Start("string")
    .dhcpV6Stop("string")
    .dhcpdBootEnabled(false)
    .dhcpdBootFilename("string")
    .dhcpdBootServer("string")
    .domainName("string")
    .enabled(false)
    .igmpSnooping(false)
    .internetAccessEnabled(false)
    .ipv6InterfaceType("string")
    .ipv6PdInterface("string")
    .ipv6PdPrefixid("string")
    .ipv6PdStart("string")
    .ipv6PdStop("string")
    .ipv6RaEnable(false)
    .ipv6RaPreferredLifetime(0)
    .ipv6RaPriority("string")
    .ipv6RaValidLifetime(0)
    .ipv6StaticSubnet("string")
    .multicastDns(false)
    .name("string")
    .networkGroup("string")
    .networkIsolationEnabled(false)
    .site("string")
    .subnet("string")
    .vlanId(0)
    .wanDhcpV6PdSize(0)
    .wanDns("string")
    .wanEgressQos(0)
    .wanGateway("string")
    .wanGatewayV6("string")
    .wanIp("string")
    .wanIpv6("string")
    .wanNetmask("string")
    .wanNetworkgroup("string")
    .wanPrefixlen(0)
    .wanType("string")
    .wanTypeV6("string")
    .wanUsername("string")
    .xWanPassword("string")
    .build());

    network_resource = unifi.Network("networkResource",
    purpose="string",
    dhcp_dns=["string"],
    dhcp_enabled=False,
    dhcp_lease=0,
    dhcp_relay_enabled=False,
    dhcp_start="string",
    dhcp_stop="string",
    dhcp_v6_dns=["string"],
    dhcp_v6_dns_auto=False,
    dhcp_v6_enabled=False,
    dhcp_v6_lease=0,
    dhcp_v6_start="string",
    dhcp_v6_stop="string",
    dhcpd_boot_enabled=False,
    dhcpd_boot_filename="string",
    dhcpd_boot_server="string",
    domain_name="string",
    enabled=False,
    igmp_snooping=False,
    internet_access_enabled=False,
    ipv6_interface_type="string",
    ipv6_pd_interface="string",
    ipv6_pd_prefixid="string",
    ipv6_pd_start="string",
    ipv6_pd_stop="string",
    ipv6_ra_enable=False,
    ipv6_ra_preferred_lifetime=0,
    ipv6_ra_priority="string",
    ipv6_ra_valid_lifetime=0,
    ipv6_static_subnet="string",
    multicast_dns=False,
    name="string",
    network_group="string",
    network_isolation_enabled=False,
    site="string",
    subnet="string",
    vlan_id=0,
    wan_dhcp_v6_pd_size=0,
    wan_dns=["string"],
    wan_egress_qos=0,
    wan_gateway="string",
    wan_gateway_v6="string",
    wan_ip="string",
    wan_ipv6="string",
    wan_netmask="string",
    wan_networkgroup="string",
    wan_prefixlen=0,
    wan_type="string",
    wan_type_v6="string",
    wan_username="string",
    x_wan_password="string")

    const networkResource = new unifi.Network("networkResource", {
    purpose: "string",
    dhcpDns: ["string"],
    dhcpEnabled: false,
    dhcpLease: 0,
    dhcpRelayEnabled: false,
    dhcpStart: "string",
    dhcpStop: "string",
    dhcpV6Dns: ["string"],
    dhcpV6DnsAuto: false,
    dhcpV6Enabled: false,
    dhcpV6Lease: 0,
    dhcpV6Start: "string",
    dhcpV6Stop: "string",
    dhcpdBootEnabled: false,
    dhcpdBootFilename: "string",
    dhcpdBootServer: "string",
    domainName: "string",
    enabled: false,
    igmpSnooping: false,
    internetAccessEnabled: false,
    ipv6InterfaceType: "string",
    ipv6PdInterface: "string",
    ipv6PdPrefixid: "string",
    ipv6PdStart: "string",
    ipv6PdStop: "string",
    ipv6RaEnable: false,
    ipv6RaPreferredLifetime: 0,
    ipv6RaPriority: "string",
    ipv6RaValidLifetime: 0,
    ipv6StaticSubnet: "string",
    multicastDns: false,
    name: "string",
    networkGroup: "string",
    networkIsolationEnabled: false,
    site: "string",
    subnet: "string",
    vlanId: 0,
    wanDhcpV6PdSize: 0,
    wanDns: ["string"],
    wanEgressQos: 0,
    wanGateway: "string",
    wanGatewayV6: "string",
    wanIp: "string",
    wanIpv6: "string",
    wanNetmask: "string",
    wanNetworkgroup: "string",
    wanPrefixlen: 0,
    wanType: "string",
    wanTypeV6: "string",
    wanUsername: "string",
    xWanPassword: "string",
});

    type: unifi:Network
properties:
    dhcpDns:
        - string
    dhcpEnabled: false
    dhcpLease: 0
    dhcpRelayEnabled: false
    dhcpStart: string
    dhcpStop: string
    dhcpV6Dns:
        - string
    dhcpV6DnsAuto: false
    dhcpV6Enabled: false
    dhcpV6Lease: 0
    dhcpV6Start: string
    dhcpV6Stop: string
    dhcpdBootEnabled: false
    dhcpdBootFilename: string
    dhcpdBootServer: string
    domainName: string
    enabled: false
    igmpSnooping: false
    internetAccessEnabled: false
    ipv6InterfaceType: string
    ipv6PdInterface: string
    ipv6PdPrefixid: string
    ipv6PdStart: string
    ipv6PdStop: string
    ipv6RaEnable: false
    ipv6RaPreferredLifetime: 0
    ipv6RaPriority: string
    ipv6RaValidLifetime: 0
    ipv6StaticSubnet: string
    multicastDns: false
    name: string
    networkGroup: string
    networkIsolationEnabled: false
    purpose: string
    site: string
    subnet: string
    vlanId: 0
    wanDhcpV6PdSize: 0
    wanDns:
        - string
    wanEgressQos: 0
    wanGateway: string
    wanGatewayV6: string
    wanIp: string
    wanIpv6: string
    wanNetmask: string
    wanNetworkgroup: string
    wanPrefixlen: 0
    wanType: string
    wanTypeV6: string
    wanUsername: string
    xWanPassword: string

    Network Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Network resource accepts the following input properties:

    Purpose string
    The purpose/type of the network. Must be one of:

    • corporate - Standard network for corporate use with full access
    • guest - Isolated network for guest access with limited permissions
    • wan - External network connection (WAN uplink)
    • vlan-only - VLAN network without DHCP services
    DhcpDns List<string>
    List of IPv4 DNS server addresses to be provided to DHCP clients. Examples:

    • Use ['8.8.8.8', '8.8.4.4'] for Google DNS
    • Use ['1.1.1.1', '1.0.0.1'] for Cloudflare DNS
    • Use internal DNS servers for corporate networks Maximum 4 servers can be specified.
    DhcpEnabled bool
    Controls whether DHCP server is enabled for this network. When enabled:

    • The network will automatically assign IP addresses to clients
    • DHCP options (DNS, lease time) will be provided to clients
    • Static IP assignments can still be made outside the DHCP range
    DhcpLease int
    The DHCP lease time in seconds. Common values:

    • 86400 (1 day) - Default, suitable for most networks
    • 3600 (1 hour) - For testing or temporary networks
    • 604800 (1 week) - For stable networks with static clients
    • 2592000 (30 days) - For very stable networks
    DhcpRelayEnabled bool
    Enables DHCP relay for this network. When enabled:

    • DHCP requests are forwarded to an external DHCP server
    • Local DHCP server is disabled
    • Useful for centralized DHCP management
    DhcpStart string
    The starting IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical start: '192.168.1.100'
    • For subnet 10.0.0.0/24, typical start: '10.0.0.100' Ensure this address is within the network's subnet.
    DhcpStop string
    The ending IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical stop: '192.168.1.254'
    • For subnet 10.0.0.0/24, typical stop: '10.0.0.254' Must be greater than dhcp_start and within the network's subnet.
    DhcpV6Dns List<string>
    List of IPv6 DNS server addresses for DHCPv6 clients. Examples:

    • Use ['2001:4860:4860::8888', '2001:4860:4860::8844'] for Google DNS
    • Use ['2606:4700:4700::1111', '2606:4700:4700::1001'] for Cloudflare DNS Only used when dhcp_v6_dns_auto is false. Maximum of 4 addresses are allowed.
    DhcpV6DnsAuto bool
    Controls DNS server source for DHCPv6 clients:

    • true - Use upstream DNS servers (recommended)
    • false - Use manually specified servers from dhcp_v6_dns Default is true for easier management.
    DhcpV6Enabled bool
    Enables stateful DHCPv6 for IPv6 address assignment. When enabled:

    • Provides IPv6 addresses to clients
    • Works alongside SLAAC if configured
    • Allows for more controlled IPv6 addressing
    DhcpV6Lease int
    The DHCPv6 lease time in seconds. Common values:

    • 86400 (1 day) - Default setting
    • 3600 (1 hour) - For testing
    • 604800 (1 week) - For stable networks Typically longer than IPv4 DHCP leases.
    DhcpV6Start string
    The starting IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be a valid IPv6 address within your allocated IPv6 subnet.
    DhcpV6Stop string
    The ending IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be after dhcp_v6_start in the IPv6 address space.
    DhcpdBootEnabled bool
    Enables DHCP boot options for PXE boot or network boot configurations. When enabled:

    • Allows network devices to boot from a TFTP server
    • Requires dhcpd_boot_server and dhcpd_boot_filename to be set
    • Commonly used for diskless workstations or network installations
    DhcpdBootFilename string
    The boot filename to be loaded from the TFTP server. Examples:

    • 'pxelinux.0' - Standard PXE boot loader
    • 'undionly.kpxe' - iPXE boot loader
    • Custom paths for specific boot images
    DhcpdBootServer string
    The IPv4 address of the TFTP server for network boot. This setting:

    • Is required when dhcpd_boot_enabled is true
    • Should be a reliable, always-on server
    • Must be accessible to all clients that need to boot
    DomainName string
    The domain name for this network. Examples:

    • 'corp.example.com' - For corporate networks
    • 'guest.example.com' - For guest networks
    • 'iot.example.com' - For IoT networks Used for internal DNS resolution and DHCP options.
    Enabled bool
    Controls whether this network is active. When disabled:

    • Network will not be available to clients
    • DHCP services will be stopped
    • Existing clients will be disconnected Useful for temporary network maintenance or security measures.
    IgmpSnooping bool
    Enables IGMP (Internet Group Management Protocol) snooping. When enabled:

    • Optimizes multicast traffic flow
    • Reduces network congestion
    • Improves performance for multicast applications (e.g., IPTV) Recommended for networks with multicast traffic.
    InternetAccessEnabled bool
    Controls internet access for this network. When disabled:

    • Clients cannot access external networks
    • Internal network access remains available
    • Useful for creating isolated or secure networks
    Ipv6InterfaceType string

    Specifies the IPv6 connection type. Must be one of:

    • none - IPv6 disabled (default)
    • static - Static IPv6 addressing
    • pd - Prefix Delegation from upstream

    Choose based on your IPv6 deployment strategy and ISP capabilities.

    Ipv6PdInterface string
    The WAN interface to use for IPv6 Prefix Delegation. Options:

    • wan - Primary WAN interface
    • wan2 - Secondary WAN interface Only applicable when ipv6_interface_type is 'pd'.
    Ipv6PdPrefixid string
    The IPv6 Prefix ID for Prefix Delegation. Used to:

    • Differentiate multiple delegated prefixes
    • Create unique subnets from the delegated prefix Typically a hexadecimal value (e.g., '0', '1', 'a1').
    Ipv6PdStart string
    The starting IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be within the delegated prefix range.
    Ipv6PdStop string
    The ending IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be after ipv6_pd_start within the delegated prefix.
    Ipv6RaEnable bool
    Enables IPv6 Router Advertisements (RA). When enabled:

    • Announces IPv6 prefix information to clients
    • Enables SLAAC address configuration
    • Required for most IPv6 deployments
    Ipv6RaPreferredLifetime int
    The preferred lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be less than or equal to ipv6_ra_valid_lifetime
    • Default: 14400 (4 hours)
    • After this time, addresses become deprecated but still usable
    Ipv6RaPriority string
    Sets the priority for IPv6 Router Advertisements. Options:

    • high - Preferred for primary networks
    • medium - Standard priority
    • low - For backup or secondary networks Affects router selection when multiple IPv6 routers exist.
    Ipv6RaValidLifetime int
    The valid lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be greater than or equal to ipv6_ra_preferred_lifetime
    • Default: 86400 (24 hours)
    • After this time, addresses become invalid
    Ipv6StaticSubnet string
    The static IPv6 subnet in CIDR notation (e.g., '2001:db8::/64') when using static IPv6. Only applicable when ipv6_interface_type is 'static'. Must be a valid IPv6 subnet allocated to your organization.
    MulticastDns bool
    Enables Multicast DNS (mDNS/Bonjour/Avahi) on the network. When enabled:

    • Allows device discovery (e.g., printers, Chromecasts)
    • Supports zero-configuration networking
    • Available on Controller version 7 and later
    Name string
    The name of the network. This should be a descriptive name that helps identify the network's purpose, such as 'Corporate-Main', 'Guest-Network', or 'IoT-VLAN'.
    NetworkGroup string
    The network group for this network. Default is 'LAN'. For WAN networks, use 'WAN' or 'WAN2'. Network groups help organize and apply policies to multiple networks.
    NetworkIsolationEnabled bool
    Enables network isolation. When enabled:

    • Prevents communication between clients on this network
    • Each client can only communicate with the gateway
    • Commonly used for guest networks or IoT devices
    Site string
    The name of the site to associate the network with.
    Subnet string
    The IPv4 subnet for this network in CIDR notation (e.g., '192.168.1.0/24'). This defines the network's address space and determines the range of IP addresses available for DHCP.
    VlanId int

    The VLAN ID for this network. Valid range is 0-4096. Common uses:

    • 1-4094: Standard VLAN range for network segmentation
    • 0: Untagged/native VLAN

    • 4094: Reserved for special purposes

    WanDhcpV6PdSize int
    The IPv6 prefix size to request from ISP. Must be between 48 and 64. Only applicable when wan_type_v6 is 'dhcpv6'.
    WanDns List<string>
    List of IPv4 DNS servers for WAN interface. Examples:

    • ISP provided DNS servers
    • Public DNS services (e.g., 8.8.8.8, 1.1.1.1)
    • Maximum 4 servers can be specified
    WanEgressQos int
    Quality of Service (QoS) priority for WAN egress traffic (0-7).

    • 0 (default) - Best effort
    • 1-4 - Increasing priority
    • 5-7 - Highest priority, use sparingly Higher values get preferential treatment.
    WanGateway string
    The IPv4 gateway address for WAN interface. Required when wan_type is 'static'. Typically the ISP's router IP address.
    WanGatewayV6 string
    The IPv6 gateway address for WAN interface. Required when wan_type_v6 is 'static'. Typically the ISP's router IPv6 address.
    WanIp string
    The static IPv4 address for WAN interface. Required when wan_type is 'static'. Must be a valid public IP address assigned by your ISP.
    WanIpv6 string
    The static IPv6 address for WAN interface. Required when wan_type_v6 is 'static'. Must be a valid public IPv6 address assigned by your ISP.
    WanNetmask string
    The IPv4 netmask for WAN interface (e.g., '255.255.255.0'). Required when wan_type is 'static'. Must match the subnet mask provided by your ISP.
    WanNetworkgroup string
    The WAN interface group assignment. Options:

    • WAN - Primary WAN interface
    • WAN2 - Secondary WAN interface
    • WAN_LTE_FAILOVER - LTE backup connection Used for dual WAN and failover configurations.
    WanPrefixlen int
    The IPv6 prefix length for WAN interface. Must be between 1 and 128. Only applicable when wan_type_v6 is 'static'.
    WanType string
    The IPv4 WAN connection type. Options:

    • disabled - WAN interface disabled
    • static - Static IP configuration
    • dhcp - Dynamic IP from ISP
    • pppoe - PPPoE connection (common for DSL) Choose based on your ISP's requirements.
    WanTypeV6 string
    The IPv6 WAN connection type. Options:

    • disabled - IPv6 disabled
    • static - Static IPv6 configuration
    • dhcpv6 - Dynamic IPv6 from ISP Choose based on your ISP's requirements.
    WanUsername string
    Username for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Cannot contain spaces or special characters
    XWanPassword string
    Password for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Must be kept secret
    Purpose string
    The purpose/type of the network. Must be one of:

    • corporate - Standard network for corporate use with full access
    • guest - Isolated network for guest access with limited permissions
    • wan - External network connection (WAN uplink)
    • vlan-only - VLAN network without DHCP services
    DhcpDns []string
    List of IPv4 DNS server addresses to be provided to DHCP clients. Examples:

    • Use ['8.8.8.8', '8.8.4.4'] for Google DNS
    • Use ['1.1.1.1', '1.0.0.1'] for Cloudflare DNS
    • Use internal DNS servers for corporate networks Maximum 4 servers can be specified.
    DhcpEnabled bool
    Controls whether DHCP server is enabled for this network. When enabled:

    • The network will automatically assign IP addresses to clients
    • DHCP options (DNS, lease time) will be provided to clients
    • Static IP assignments can still be made outside the DHCP range
    DhcpLease int
    The DHCP lease time in seconds. Common values:

    • 86400 (1 day) - Default, suitable for most networks
    • 3600 (1 hour) - For testing or temporary networks
    • 604800 (1 week) - For stable networks with static clients
    • 2592000 (30 days) - For very stable networks
    DhcpRelayEnabled bool
    Enables DHCP relay for this network. When enabled:

    • DHCP requests are forwarded to an external DHCP server
    • Local DHCP server is disabled
    • Useful for centralized DHCP management
    DhcpStart string
    The starting IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical start: '192.168.1.100'
    • For subnet 10.0.0.0/24, typical start: '10.0.0.100' Ensure this address is within the network's subnet.
    DhcpStop string
    The ending IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical stop: '192.168.1.254'
    • For subnet 10.0.0.0/24, typical stop: '10.0.0.254' Must be greater than dhcp_start and within the network's subnet.
    DhcpV6Dns []string
    List of IPv6 DNS server addresses for DHCPv6 clients. Examples:

    • Use ['2001:4860:4860::8888', '2001:4860:4860::8844'] for Google DNS
    • Use ['2606:4700:4700::1111', '2606:4700:4700::1001'] for Cloudflare DNS Only used when dhcp_v6_dns_auto is false. Maximum of 4 addresses are allowed.
    DhcpV6DnsAuto bool
    Controls DNS server source for DHCPv6 clients:

    • true - Use upstream DNS servers (recommended)
    • false - Use manually specified servers from dhcp_v6_dns Default is true for easier management.
    DhcpV6Enabled bool
    Enables stateful DHCPv6 for IPv6 address assignment. When enabled:

    • Provides IPv6 addresses to clients
    • Works alongside SLAAC if configured
    • Allows for more controlled IPv6 addressing
    DhcpV6Lease int
    The DHCPv6 lease time in seconds. Common values:

    • 86400 (1 day) - Default setting
    • 3600 (1 hour) - For testing
    • 604800 (1 week) - For stable networks Typically longer than IPv4 DHCP leases.
    DhcpV6Start string
    The starting IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be a valid IPv6 address within your allocated IPv6 subnet.
    DhcpV6Stop string
    The ending IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be after dhcp_v6_start in the IPv6 address space.
    DhcpdBootEnabled bool
    Enables DHCP boot options for PXE boot or network boot configurations. When enabled:

    • Allows network devices to boot from a TFTP server
    • Requires dhcpd_boot_server and dhcpd_boot_filename to be set
    • Commonly used for diskless workstations or network installations
    DhcpdBootFilename string
    The boot filename to be loaded from the TFTP server. Examples:

    • 'pxelinux.0' - Standard PXE boot loader
    • 'undionly.kpxe' - iPXE boot loader
    • Custom paths for specific boot images
    DhcpdBootServer string
    The IPv4 address of the TFTP server for network boot. This setting:

    • Is required when dhcpd_boot_enabled is true
    • Should be a reliable, always-on server
    • Must be accessible to all clients that need to boot
    DomainName string
    The domain name for this network. Examples:

    • 'corp.example.com' - For corporate networks
    • 'guest.example.com' - For guest networks
    • 'iot.example.com' - For IoT networks Used for internal DNS resolution and DHCP options.
    Enabled bool
    Controls whether this network is active. When disabled:

    • Network will not be available to clients
    • DHCP services will be stopped
    • Existing clients will be disconnected Useful for temporary network maintenance or security measures.
    IgmpSnooping bool
    Enables IGMP (Internet Group Management Protocol) snooping. When enabled:

    • Optimizes multicast traffic flow
    • Reduces network congestion
    • Improves performance for multicast applications (e.g., IPTV) Recommended for networks with multicast traffic.
    InternetAccessEnabled bool
    Controls internet access for this network. When disabled:

    • Clients cannot access external networks
    • Internal network access remains available
    • Useful for creating isolated or secure networks
    Ipv6InterfaceType string

    Specifies the IPv6 connection type. Must be one of:

    • none - IPv6 disabled (default)
    • static - Static IPv6 addressing
    • pd - Prefix Delegation from upstream

    Choose based on your IPv6 deployment strategy and ISP capabilities.

    Ipv6PdInterface string
    The WAN interface to use for IPv6 Prefix Delegation. Options:

    • wan - Primary WAN interface
    • wan2 - Secondary WAN interface Only applicable when ipv6_interface_type is 'pd'.
    Ipv6PdPrefixid string
    The IPv6 Prefix ID for Prefix Delegation. Used to:

    • Differentiate multiple delegated prefixes
    • Create unique subnets from the delegated prefix Typically a hexadecimal value (e.g., '0', '1', 'a1').
    Ipv6PdStart string
    The starting IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be within the delegated prefix range.
    Ipv6PdStop string
    The ending IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be after ipv6_pd_start within the delegated prefix.
    Ipv6RaEnable bool
    Enables IPv6 Router Advertisements (RA). When enabled:

    • Announces IPv6 prefix information to clients
    • Enables SLAAC address configuration
    • Required for most IPv6 deployments
    Ipv6RaPreferredLifetime int
    The preferred lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be less than or equal to ipv6_ra_valid_lifetime
    • Default: 14400 (4 hours)
    • After this time, addresses become deprecated but still usable
    Ipv6RaPriority string
    Sets the priority for IPv6 Router Advertisements. Options:

    • high - Preferred for primary networks
    • medium - Standard priority
    • low - For backup or secondary networks Affects router selection when multiple IPv6 routers exist.
    Ipv6RaValidLifetime int
    The valid lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be greater than or equal to ipv6_ra_preferred_lifetime
    • Default: 86400 (24 hours)
    • After this time, addresses become invalid
    Ipv6StaticSubnet string
    The static IPv6 subnet in CIDR notation (e.g., '2001:db8::/64') when using static IPv6. Only applicable when ipv6_interface_type is 'static'. Must be a valid IPv6 subnet allocated to your organization.
    MulticastDns bool
    Enables Multicast DNS (mDNS/Bonjour/Avahi) on the network. When enabled:

    • Allows device discovery (e.g., printers, Chromecasts)
    • Supports zero-configuration networking
    • Available on Controller version 7 and later
    Name string
    The name of the network. This should be a descriptive name that helps identify the network's purpose, such as 'Corporate-Main', 'Guest-Network', or 'IoT-VLAN'.
    NetworkGroup string
    The network group for this network. Default is 'LAN'. For WAN networks, use 'WAN' or 'WAN2'. Network groups help organize and apply policies to multiple networks.
    NetworkIsolationEnabled bool
    Enables network isolation. When enabled:

    • Prevents communication between clients on this network
    • Each client can only communicate with the gateway
    • Commonly used for guest networks or IoT devices
    Site string
    The name of the site to associate the network with.
    Subnet string
    The IPv4 subnet for this network in CIDR notation (e.g., '192.168.1.0/24'). This defines the network's address space and determines the range of IP addresses available for DHCP.
    VlanId int

    The VLAN ID for this network. Valid range is 0-4096. Common uses:

    • 1-4094: Standard VLAN range for network segmentation
    • 0: Untagged/native VLAN

    • 4094: Reserved for special purposes

    WanDhcpV6PdSize int
    The IPv6 prefix size to request from ISP. Must be between 48 and 64. Only applicable when wan_type_v6 is 'dhcpv6'.
    WanDns []string
    List of IPv4 DNS servers for WAN interface. Examples:

    • ISP provided DNS servers
    • Public DNS services (e.g., 8.8.8.8, 1.1.1.1)
    • Maximum 4 servers can be specified
    WanEgressQos int
    Quality of Service (QoS) priority for WAN egress traffic (0-7).

    • 0 (default) - Best effort
    • 1-4 - Increasing priority
    • 5-7 - Highest priority, use sparingly Higher values get preferential treatment.
    WanGateway string
    The IPv4 gateway address for WAN interface. Required when wan_type is 'static'. Typically the ISP's router IP address.
    WanGatewayV6 string
    The IPv6 gateway address for WAN interface. Required when wan_type_v6 is 'static'. Typically the ISP's router IPv6 address.
    WanIp string
    The static IPv4 address for WAN interface. Required when wan_type is 'static'. Must be a valid public IP address assigned by your ISP.
    WanIpv6 string
    The static IPv6 address for WAN interface. Required when wan_type_v6 is 'static'. Must be a valid public IPv6 address assigned by your ISP.
    WanNetmask string
    The IPv4 netmask for WAN interface (e.g., '255.255.255.0'). Required when wan_type is 'static'. Must match the subnet mask provided by your ISP.
    WanNetworkgroup string
    The WAN interface group assignment. Options:

    • WAN - Primary WAN interface
    • WAN2 - Secondary WAN interface
    • WAN_LTE_FAILOVER - LTE backup connection Used for dual WAN and failover configurations.
    WanPrefixlen int
    The IPv6 prefix length for WAN interface. Must be between 1 and 128. Only applicable when wan_type_v6 is 'static'.
    WanType string
    The IPv4 WAN connection type. Options:

    • disabled - WAN interface disabled
    • static - Static IP configuration
    • dhcp - Dynamic IP from ISP
    • pppoe - PPPoE connection (common for DSL) Choose based on your ISP's requirements.
    WanTypeV6 string
    The IPv6 WAN connection type. Options:

    • disabled - IPv6 disabled
    • static - Static IPv6 configuration
    • dhcpv6 - Dynamic IPv6 from ISP Choose based on your ISP's requirements.
    WanUsername string
    Username for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Cannot contain spaces or special characters
    XWanPassword string
    Password for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Must be kept secret
    purpose String
    The purpose/type of the network. Must be one of:

    • corporate - Standard network for corporate use with full access
    • guest - Isolated network for guest access with limited permissions
    • wan - External network connection (WAN uplink)
    • vlan-only - VLAN network without DHCP services
    dhcpDns List<String>
    List of IPv4 DNS server addresses to be provided to DHCP clients. Examples:

    • Use ['8.8.8.8', '8.8.4.4'] for Google DNS
    • Use ['1.1.1.1', '1.0.0.1'] for Cloudflare DNS
    • Use internal DNS servers for corporate networks Maximum 4 servers can be specified.
    dhcpEnabled Boolean
    Controls whether DHCP server is enabled for this network. When enabled:

    • The network will automatically assign IP addresses to clients
    • DHCP options (DNS, lease time) will be provided to clients
    • Static IP assignments can still be made outside the DHCP range
    dhcpLease Integer
    The DHCP lease time in seconds. Common values:

    • 86400 (1 day) - Default, suitable for most networks
    • 3600 (1 hour) - For testing or temporary networks
    • 604800 (1 week) - For stable networks with static clients
    • 2592000 (30 days) - For very stable networks
    dhcpRelayEnabled Boolean
    Enables DHCP relay for this network. When enabled:

    • DHCP requests are forwarded to an external DHCP server
    • Local DHCP server is disabled
    • Useful for centralized DHCP management
    dhcpStart String
    The starting IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical start: '192.168.1.100'
    • For subnet 10.0.0.0/24, typical start: '10.0.0.100' Ensure this address is within the network's subnet.
    dhcpStop String
    The ending IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical stop: '192.168.1.254'
    • For subnet 10.0.0.0/24, typical stop: '10.0.0.254' Must be greater than dhcp_start and within the network's subnet.
    dhcpV6Dns List<String>
    List of IPv6 DNS server addresses for DHCPv6 clients. Examples:

    • Use ['2001:4860:4860::8888', '2001:4860:4860::8844'] for Google DNS
    • Use ['2606:4700:4700::1111', '2606:4700:4700::1001'] for Cloudflare DNS Only used when dhcp_v6_dns_auto is false. Maximum of 4 addresses are allowed.
    dhcpV6DnsAuto Boolean
    Controls DNS server source for DHCPv6 clients:

    • true - Use upstream DNS servers (recommended)
    • false - Use manually specified servers from dhcp_v6_dns Default is true for easier management.
    dhcpV6Enabled Boolean
    Enables stateful DHCPv6 for IPv6 address assignment. When enabled:

    • Provides IPv6 addresses to clients
    • Works alongside SLAAC if configured
    • Allows for more controlled IPv6 addressing
    dhcpV6Lease Integer
    The DHCPv6 lease time in seconds. Common values:

    • 86400 (1 day) - Default setting
    • 3600 (1 hour) - For testing
    • 604800 (1 week) - For stable networks Typically longer than IPv4 DHCP leases.
    dhcpV6Start String
    The starting IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be a valid IPv6 address within your allocated IPv6 subnet.
    dhcpV6Stop String
    The ending IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be after dhcp_v6_start in the IPv6 address space.
    dhcpdBootEnabled Boolean
    Enables DHCP boot options for PXE boot or network boot configurations. When enabled:

    • Allows network devices to boot from a TFTP server
    • Requires dhcpd_boot_server and dhcpd_boot_filename to be set
    • Commonly used for diskless workstations or network installations
    dhcpdBootFilename String
    The boot filename to be loaded from the TFTP server. Examples:

    • 'pxelinux.0' - Standard PXE boot loader
    • 'undionly.kpxe' - iPXE boot loader
    • Custom paths for specific boot images
    dhcpdBootServer String
    The IPv4 address of the TFTP server for network boot. This setting:

    • Is required when dhcpd_boot_enabled is true
    • Should be a reliable, always-on server
    • Must be accessible to all clients that need to boot
    domainName String
    The domain name for this network. Examples:

    • 'corp.example.com' - For corporate networks
    • 'guest.example.com' - For guest networks
    • 'iot.example.com' - For IoT networks Used for internal DNS resolution and DHCP options.
    enabled Boolean
    Controls whether this network is active. When disabled:

    • Network will not be available to clients
    • DHCP services will be stopped
    • Existing clients will be disconnected Useful for temporary network maintenance or security measures.
    igmpSnooping Boolean
    Enables IGMP (Internet Group Management Protocol) snooping. When enabled:

    • Optimizes multicast traffic flow
    • Reduces network congestion
    • Improves performance for multicast applications (e.g., IPTV) Recommended for networks with multicast traffic.
    internetAccessEnabled Boolean
    Controls internet access for this network. When disabled:

    • Clients cannot access external networks
    • Internal network access remains available
    • Useful for creating isolated or secure networks
    ipv6InterfaceType String

    Specifies the IPv6 connection type. Must be one of:

    • none - IPv6 disabled (default)
    • static - Static IPv6 addressing
    • pd - Prefix Delegation from upstream

    Choose based on your IPv6 deployment strategy and ISP capabilities.

    ipv6PdInterface String
    The WAN interface to use for IPv6 Prefix Delegation. Options:

    • wan - Primary WAN interface
    • wan2 - Secondary WAN interface Only applicable when ipv6_interface_type is 'pd'.
    ipv6PdPrefixid String
    The IPv6 Prefix ID for Prefix Delegation. Used to:

    • Differentiate multiple delegated prefixes
    • Create unique subnets from the delegated prefix Typically a hexadecimal value (e.g., '0', '1', 'a1').
    ipv6PdStart String
    The starting IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be within the delegated prefix range.
    ipv6PdStop String
    The ending IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be after ipv6_pd_start within the delegated prefix.
    ipv6RaEnable Boolean
    Enables IPv6 Router Advertisements (RA). When enabled:

    • Announces IPv6 prefix information to clients
    • Enables SLAAC address configuration
    • Required for most IPv6 deployments
    ipv6RaPreferredLifetime Integer
    The preferred lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be less than or equal to ipv6_ra_valid_lifetime
    • Default: 14400 (4 hours)
    • After this time, addresses become deprecated but still usable
    ipv6RaPriority String
    Sets the priority for IPv6 Router Advertisements. Options:

    • high - Preferred for primary networks
    • medium - Standard priority
    • low - For backup or secondary networks Affects router selection when multiple IPv6 routers exist.
    ipv6RaValidLifetime Integer
    The valid lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be greater than or equal to ipv6_ra_preferred_lifetime
    • Default: 86400 (24 hours)
    • After this time, addresses become invalid
    ipv6StaticSubnet String
    The static IPv6 subnet in CIDR notation (e.g., '2001:db8::/64') when using static IPv6. Only applicable when ipv6_interface_type is 'static'. Must be a valid IPv6 subnet allocated to your organization.
    multicastDns Boolean
    Enables Multicast DNS (mDNS/Bonjour/Avahi) on the network. When enabled:

    • Allows device discovery (e.g., printers, Chromecasts)
    • Supports zero-configuration networking
    • Available on Controller version 7 and later
    name String
    The name of the network. This should be a descriptive name that helps identify the network's purpose, such as 'Corporate-Main', 'Guest-Network', or 'IoT-VLAN'.
    networkGroup String
    The network group for this network. Default is 'LAN'. For WAN networks, use 'WAN' or 'WAN2'. Network groups help organize and apply policies to multiple networks.
    networkIsolationEnabled Boolean
    Enables network isolation. When enabled:

    • Prevents communication between clients on this network
    • Each client can only communicate with the gateway
    • Commonly used for guest networks or IoT devices
    site String
    The name of the site to associate the network with.
    subnet String
    The IPv4 subnet for this network in CIDR notation (e.g., '192.168.1.0/24'). This defines the network's address space and determines the range of IP addresses available for DHCP.
    vlanId Integer

    The VLAN ID for this network. Valid range is 0-4096. Common uses:

    • 1-4094: Standard VLAN range for network segmentation
    • 0: Untagged/native VLAN

    • 4094: Reserved for special purposes

    wanDhcpV6PdSize Integer
    The IPv6 prefix size to request from ISP. Must be between 48 and 64. Only applicable when wan_type_v6 is 'dhcpv6'.
    wanDns List<String>
    List of IPv4 DNS servers for WAN interface. Examples:

    • ISP provided DNS servers
    • Public DNS services (e.g., 8.8.8.8, 1.1.1.1)
    • Maximum 4 servers can be specified
    wanEgressQos Integer
    Quality of Service (QoS) priority for WAN egress traffic (0-7).

    • 0 (default) - Best effort
    • 1-4 - Increasing priority
    • 5-7 - Highest priority, use sparingly Higher values get preferential treatment.
    wanGateway String
    The IPv4 gateway address for WAN interface. Required when wan_type is 'static'. Typically the ISP's router IP address.
    wanGatewayV6 String
    The IPv6 gateway address for WAN interface. Required when wan_type_v6 is 'static'. Typically the ISP's router IPv6 address.
    wanIp String
    The static IPv4 address for WAN interface. Required when wan_type is 'static'. Must be a valid public IP address assigned by your ISP.
    wanIpv6 String
    The static IPv6 address for WAN interface. Required when wan_type_v6 is 'static'. Must be a valid public IPv6 address assigned by your ISP.
    wanNetmask String
    The IPv4 netmask for WAN interface (e.g., '255.255.255.0'). Required when wan_type is 'static'. Must match the subnet mask provided by your ISP.
    wanNetworkgroup String
    The WAN interface group assignment. Options:

    • WAN - Primary WAN interface
    • WAN2 - Secondary WAN interface
    • WAN_LTE_FAILOVER - LTE backup connection Used for dual WAN and failover configurations.
    wanPrefixlen Integer
    The IPv6 prefix length for WAN interface. Must be between 1 and 128. Only applicable when wan_type_v6 is 'static'.
    wanType String
    The IPv4 WAN connection type. Options:

    • disabled - WAN interface disabled
    • static - Static IP configuration
    • dhcp - Dynamic IP from ISP
    • pppoe - PPPoE connection (common for DSL) Choose based on your ISP's requirements.
    wanTypeV6 String
    The IPv6 WAN connection type. Options:

    • disabled - IPv6 disabled
    • static - Static IPv6 configuration
    • dhcpv6 - Dynamic IPv6 from ISP Choose based on your ISP's requirements.
    wanUsername String
    Username for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Cannot contain spaces or special characters
    xWanPassword String
    Password for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Must be kept secret
    purpose string
    The purpose/type of the network. Must be one of:

    • corporate - Standard network for corporate use with full access
    • guest - Isolated network for guest access with limited permissions
    • wan - External network connection (WAN uplink)
    • vlan-only - VLAN network without DHCP services
    dhcpDns string[]
    List of IPv4 DNS server addresses to be provided to DHCP clients. Examples:

    • Use ['8.8.8.8', '8.8.4.4'] for Google DNS
    • Use ['1.1.1.1', '1.0.0.1'] for Cloudflare DNS
    • Use internal DNS servers for corporate networks Maximum 4 servers can be specified.
    dhcpEnabled boolean
    Controls whether DHCP server is enabled for this network. When enabled:

    • The network will automatically assign IP addresses to clients
    • DHCP options (DNS, lease time) will be provided to clients
    • Static IP assignments can still be made outside the DHCP range
    dhcpLease number
    The DHCP lease time in seconds. Common values:

    • 86400 (1 day) - Default, suitable for most networks
    • 3600 (1 hour) - For testing or temporary networks
    • 604800 (1 week) - For stable networks with static clients
    • 2592000 (30 days) - For very stable networks
    dhcpRelayEnabled boolean
    Enables DHCP relay for this network. When enabled:

    • DHCP requests are forwarded to an external DHCP server
    • Local DHCP server is disabled
    • Useful for centralized DHCP management
    dhcpStart string
    The starting IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical start: '192.168.1.100'
    • For subnet 10.0.0.0/24, typical start: '10.0.0.100' Ensure this address is within the network's subnet.
    dhcpStop string
    The ending IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical stop: '192.168.1.254'
    • For subnet 10.0.0.0/24, typical stop: '10.0.0.254' Must be greater than dhcp_start and within the network's subnet.
    dhcpV6Dns string[]
    List of IPv6 DNS server addresses for DHCPv6 clients. Examples:

    • Use ['2001:4860:4860::8888', '2001:4860:4860::8844'] for Google DNS
    • Use ['2606:4700:4700::1111', '2606:4700:4700::1001'] for Cloudflare DNS Only used when dhcp_v6_dns_auto is false. Maximum of 4 addresses are allowed.
    dhcpV6DnsAuto boolean
    Controls DNS server source for DHCPv6 clients:

    • true - Use upstream DNS servers (recommended)
    • false - Use manually specified servers from dhcp_v6_dns Default is true for easier management.
    dhcpV6Enabled boolean
    Enables stateful DHCPv6 for IPv6 address assignment. When enabled:

    • Provides IPv6 addresses to clients
    • Works alongside SLAAC if configured
    • Allows for more controlled IPv6 addressing
    dhcpV6Lease number
    The DHCPv6 lease time in seconds. Common values:

    • 86400 (1 day) - Default setting
    • 3600 (1 hour) - For testing
    • 604800 (1 week) - For stable networks Typically longer than IPv4 DHCP leases.
    dhcpV6Start string
    The starting IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be a valid IPv6 address within your allocated IPv6 subnet.
    dhcpV6Stop string
    The ending IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be after dhcp_v6_start in the IPv6 address space.
    dhcpdBootEnabled boolean
    Enables DHCP boot options for PXE boot or network boot configurations. When enabled:

    • Allows network devices to boot from a TFTP server
    • Requires dhcpd_boot_server and dhcpd_boot_filename to be set
    • Commonly used for diskless workstations or network installations
    dhcpdBootFilename string
    The boot filename to be loaded from the TFTP server. Examples:

    • 'pxelinux.0' - Standard PXE boot loader
    • 'undionly.kpxe' - iPXE boot loader
    • Custom paths for specific boot images
    dhcpdBootServer string
    The IPv4 address of the TFTP server for network boot. This setting:

    • Is required when dhcpd_boot_enabled is true
    • Should be a reliable, always-on server
    • Must be accessible to all clients that need to boot
    domainName string
    The domain name for this network. Examples:

    • 'corp.example.com' - For corporate networks
    • 'guest.example.com' - For guest networks
    • 'iot.example.com' - For IoT networks Used for internal DNS resolution and DHCP options.
    enabled boolean
    Controls whether this network is active. When disabled:

    • Network will not be available to clients
    • DHCP services will be stopped
    • Existing clients will be disconnected Useful for temporary network maintenance or security measures.
    igmpSnooping boolean
    Enables IGMP (Internet Group Management Protocol) snooping. When enabled:

    • Optimizes multicast traffic flow
    • Reduces network congestion
    • Improves performance for multicast applications (e.g., IPTV) Recommended for networks with multicast traffic.
    internetAccessEnabled boolean
    Controls internet access for this network. When disabled:

    • Clients cannot access external networks
    • Internal network access remains available
    • Useful for creating isolated or secure networks
    ipv6InterfaceType string

    Specifies the IPv6 connection type. Must be one of:

    • none - IPv6 disabled (default)
    • static - Static IPv6 addressing
    • pd - Prefix Delegation from upstream

    Choose based on your IPv6 deployment strategy and ISP capabilities.

    ipv6PdInterface string
    The WAN interface to use for IPv6 Prefix Delegation. Options:

    • wan - Primary WAN interface
    • wan2 - Secondary WAN interface Only applicable when ipv6_interface_type is 'pd'.
    ipv6PdPrefixid string
    The IPv6 Prefix ID for Prefix Delegation. Used to:

    • Differentiate multiple delegated prefixes
    • Create unique subnets from the delegated prefix Typically a hexadecimal value (e.g., '0', '1', 'a1').
    ipv6PdStart string
    The starting IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be within the delegated prefix range.
    ipv6PdStop string
    The ending IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be after ipv6_pd_start within the delegated prefix.
    ipv6RaEnable boolean
    Enables IPv6 Router Advertisements (RA). When enabled:

    • Announces IPv6 prefix information to clients
    • Enables SLAAC address configuration
    • Required for most IPv6 deployments
    ipv6RaPreferredLifetime number
    The preferred lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be less than or equal to ipv6_ra_valid_lifetime
    • Default: 14400 (4 hours)
    • After this time, addresses become deprecated but still usable
    ipv6RaPriority string
    Sets the priority for IPv6 Router Advertisements. Options:

    • high - Preferred for primary networks
    • medium - Standard priority
    • low - For backup or secondary networks Affects router selection when multiple IPv6 routers exist.
    ipv6RaValidLifetime number
    The valid lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be greater than or equal to ipv6_ra_preferred_lifetime
    • Default: 86400 (24 hours)
    • After this time, addresses become invalid
    ipv6StaticSubnet string
    The static IPv6 subnet in CIDR notation (e.g., '2001:db8::/64') when using static IPv6. Only applicable when ipv6_interface_type is 'static'. Must be a valid IPv6 subnet allocated to your organization.
    multicastDns boolean
    Enables Multicast DNS (mDNS/Bonjour/Avahi) on the network. When enabled:

    • Allows device discovery (e.g., printers, Chromecasts)
    • Supports zero-configuration networking
    • Available on Controller version 7 and later
    name string
    The name of the network. This should be a descriptive name that helps identify the network's purpose, such as 'Corporate-Main', 'Guest-Network', or 'IoT-VLAN'.
    networkGroup string
    The network group for this network. Default is 'LAN'. For WAN networks, use 'WAN' or 'WAN2'. Network groups help organize and apply policies to multiple networks.
    networkIsolationEnabled boolean
    Enables network isolation. When enabled:

    • Prevents communication between clients on this network
    • Each client can only communicate with the gateway
    • Commonly used for guest networks or IoT devices
    site string
    The name of the site to associate the network with.
    subnet string
    The IPv4 subnet for this network in CIDR notation (e.g., '192.168.1.0/24'). This defines the network's address space and determines the range of IP addresses available for DHCP.
    vlanId number

    The VLAN ID for this network. Valid range is 0-4096. Common uses:

    • 1-4094: Standard VLAN range for network segmentation
    • 0: Untagged/native VLAN

    • 4094: Reserved for special purposes

    wanDhcpV6PdSize number
    The IPv6 prefix size to request from ISP. Must be between 48 and 64. Only applicable when wan_type_v6 is 'dhcpv6'.
    wanDns string[]
    List of IPv4 DNS servers for WAN interface. Examples:

    • ISP provided DNS servers
    • Public DNS services (e.g., 8.8.8.8, 1.1.1.1)
    • Maximum 4 servers can be specified
    wanEgressQos number
    Quality of Service (QoS) priority for WAN egress traffic (0-7).

    • 0 (default) - Best effort
    • 1-4 - Increasing priority
    • 5-7 - Highest priority, use sparingly Higher values get preferential treatment.
    wanGateway string
    The IPv4 gateway address for WAN interface. Required when wan_type is 'static'. Typically the ISP's router IP address.
    wanGatewayV6 string
    The IPv6 gateway address for WAN interface. Required when wan_type_v6 is 'static'. Typically the ISP's router IPv6 address.
    wanIp string
    The static IPv4 address for WAN interface. Required when wan_type is 'static'. Must be a valid public IP address assigned by your ISP.
    wanIpv6 string
    The static IPv6 address for WAN interface. Required when wan_type_v6 is 'static'. Must be a valid public IPv6 address assigned by your ISP.
    wanNetmask string
    The IPv4 netmask for WAN interface (e.g., '255.255.255.0'). Required when wan_type is 'static'. Must match the subnet mask provided by your ISP.
    wanNetworkgroup string
    The WAN interface group assignment. Options:

    • WAN - Primary WAN interface
    • WAN2 - Secondary WAN interface
    • WAN_LTE_FAILOVER - LTE backup connection Used for dual WAN and failover configurations.
    wanPrefixlen number
    The IPv6 prefix length for WAN interface. Must be between 1 and 128. Only applicable when wan_type_v6 is 'static'.
    wanType string
    The IPv4 WAN connection type. Options:

    • disabled - WAN interface disabled
    • static - Static IP configuration
    • dhcp - Dynamic IP from ISP
    • pppoe - PPPoE connection (common for DSL) Choose based on your ISP's requirements.
    wanTypeV6 string
    The IPv6 WAN connection type. Options:

    • disabled - IPv6 disabled
    • static - Static IPv6 configuration
    • dhcpv6 - Dynamic IPv6 from ISP Choose based on your ISP's requirements.
    wanUsername string
    Username for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Cannot contain spaces or special characters
    xWanPassword string
    Password for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Must be kept secret
    purpose str
    The purpose/type of the network. Must be one of:

    • corporate - Standard network for corporate use with full access
    • guest - Isolated network for guest access with limited permissions
    • wan - External network connection (WAN uplink)
    • vlan-only - VLAN network without DHCP services
    dhcp_dns Sequence[str]
    List of IPv4 DNS server addresses to be provided to DHCP clients. Examples:

    • Use ['8.8.8.8', '8.8.4.4'] for Google DNS
    • Use ['1.1.1.1', '1.0.0.1'] for Cloudflare DNS
    • Use internal DNS servers for corporate networks Maximum 4 servers can be specified.
    dhcp_enabled bool
    Controls whether DHCP server is enabled for this network. When enabled:

    • The network will automatically assign IP addresses to clients
    • DHCP options (DNS, lease time) will be provided to clients
    • Static IP assignments can still be made outside the DHCP range
    dhcp_lease int
    The DHCP lease time in seconds. Common values:

    • 86400 (1 day) - Default, suitable for most networks
    • 3600 (1 hour) - For testing or temporary networks
    • 604800 (1 week) - For stable networks with static clients
    • 2592000 (30 days) - For very stable networks
    dhcp_relay_enabled bool
    Enables DHCP relay for this network. When enabled:

    • DHCP requests are forwarded to an external DHCP server
    • Local DHCP server is disabled
    • Useful for centralized DHCP management
    dhcp_start str
    The starting IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical start: '192.168.1.100'
    • For subnet 10.0.0.0/24, typical start: '10.0.0.100' Ensure this address is within the network's subnet.
    dhcp_stop str
    The ending IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical stop: '192.168.1.254'
    • For subnet 10.0.0.0/24, typical stop: '10.0.0.254' Must be greater than dhcp_start and within the network's subnet.
    dhcp_v6_dns Sequence[str]
    List of IPv6 DNS server addresses for DHCPv6 clients. Examples:

    • Use ['2001:4860:4860::8888', '2001:4860:4860::8844'] for Google DNS
    • Use ['2606:4700:4700::1111', '2606:4700:4700::1001'] for Cloudflare DNS Only used when dhcp_v6_dns_auto is false. Maximum of 4 addresses are allowed.
    dhcp_v6_dns_auto bool
    Controls DNS server source for DHCPv6 clients:

    • true - Use upstream DNS servers (recommended)
    • false - Use manually specified servers from dhcp_v6_dns Default is true for easier management.
    dhcp_v6_enabled bool
    Enables stateful DHCPv6 for IPv6 address assignment. When enabled:

    • Provides IPv6 addresses to clients
    • Works alongside SLAAC if configured
    • Allows for more controlled IPv6 addressing
    dhcp_v6_lease int
    The DHCPv6 lease time in seconds. Common values:

    • 86400 (1 day) - Default setting
    • 3600 (1 hour) - For testing
    • 604800 (1 week) - For stable networks Typically longer than IPv4 DHCP leases.
    dhcp_v6_start str
    The starting IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be a valid IPv6 address within your allocated IPv6 subnet.
    dhcp_v6_stop str
    The ending IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be after dhcp_v6_start in the IPv6 address space.
    dhcpd_boot_enabled bool
    Enables DHCP boot options for PXE boot or network boot configurations. When enabled:

    • Allows network devices to boot from a TFTP server
    • Requires dhcpd_boot_server and dhcpd_boot_filename to be set
    • Commonly used for diskless workstations or network installations
    dhcpd_boot_filename str
    The boot filename to be loaded from the TFTP server. Examples:

    • 'pxelinux.0' - Standard PXE boot loader
    • 'undionly.kpxe' - iPXE boot loader
    • Custom paths for specific boot images
    dhcpd_boot_server str
    The IPv4 address of the TFTP server for network boot. This setting:

    • Is required when dhcpd_boot_enabled is true
    • Should be a reliable, always-on server
    • Must be accessible to all clients that need to boot
    domain_name str
    The domain name for this network. Examples:

    • 'corp.example.com' - For corporate networks
    • 'guest.example.com' - For guest networks
    • 'iot.example.com' - For IoT networks Used for internal DNS resolution and DHCP options.
    enabled bool
    Controls whether this network is active. When disabled:

    • Network will not be available to clients
    • DHCP services will be stopped
    • Existing clients will be disconnected Useful for temporary network maintenance or security measures.
    igmp_snooping bool
    Enables IGMP (Internet Group Management Protocol) snooping. When enabled:

    • Optimizes multicast traffic flow
    • Reduces network congestion
    • Improves performance for multicast applications (e.g., IPTV) Recommended for networks with multicast traffic.
    internet_access_enabled bool
    Controls internet access for this network. When disabled:

    • Clients cannot access external networks
    • Internal network access remains available
    • Useful for creating isolated or secure networks
    ipv6_interface_type str

    Specifies the IPv6 connection type. Must be one of:

    • none - IPv6 disabled (default)
    • static - Static IPv6 addressing
    • pd - Prefix Delegation from upstream

    Choose based on your IPv6 deployment strategy and ISP capabilities.

    ipv6_pd_interface str
    The WAN interface to use for IPv6 Prefix Delegation. Options:

    • wan - Primary WAN interface
    • wan2 - Secondary WAN interface Only applicable when ipv6_interface_type is 'pd'.
    ipv6_pd_prefixid str
    The IPv6 Prefix ID for Prefix Delegation. Used to:

    • Differentiate multiple delegated prefixes
    • Create unique subnets from the delegated prefix Typically a hexadecimal value (e.g., '0', '1', 'a1').
    ipv6_pd_start str
    The starting IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be within the delegated prefix range.
    ipv6_pd_stop str
    The ending IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be after ipv6_pd_start within the delegated prefix.
    ipv6_ra_enable bool
    Enables IPv6 Router Advertisements (RA). When enabled:

    • Announces IPv6 prefix information to clients
    • Enables SLAAC address configuration
    • Required for most IPv6 deployments
    ipv6_ra_preferred_lifetime int
    The preferred lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be less than or equal to ipv6_ra_valid_lifetime
    • Default: 14400 (4 hours)
    • After this time, addresses become deprecated but still usable
    ipv6_ra_priority str
    Sets the priority for IPv6 Router Advertisements. Options:

    • high - Preferred for primary networks
    • medium - Standard priority
    • low - For backup or secondary networks Affects router selection when multiple IPv6 routers exist.
    ipv6_ra_valid_lifetime int
    The valid lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be greater than or equal to ipv6_ra_preferred_lifetime
    • Default: 86400 (24 hours)
    • After this time, addresses become invalid
    ipv6_static_subnet str
    The static IPv6 subnet in CIDR notation (e.g., '2001:db8::/64') when using static IPv6. Only applicable when ipv6_interface_type is 'static'. Must be a valid IPv6 subnet allocated to your organization.
    multicast_dns bool
    Enables Multicast DNS (mDNS/Bonjour/Avahi) on the network. When enabled:

    • Allows device discovery (e.g., printers, Chromecasts)
    • Supports zero-configuration networking
    • Available on Controller version 7 and later
    name str
    The name of the network. This should be a descriptive name that helps identify the network's purpose, such as 'Corporate-Main', 'Guest-Network', or 'IoT-VLAN'.
    network_group str
    The network group for this network. Default is 'LAN'. For WAN networks, use 'WAN' or 'WAN2'. Network groups help organize and apply policies to multiple networks.
    network_isolation_enabled bool
    Enables network isolation. When enabled:

    • Prevents communication between clients on this network
    • Each client can only communicate with the gateway
    • Commonly used for guest networks or IoT devices
    site str
    The name of the site to associate the network with.
    subnet str
    The IPv4 subnet for this network in CIDR notation (e.g., '192.168.1.0/24'). This defines the network's address space and determines the range of IP addresses available for DHCP.
    vlan_id int

    The VLAN ID for this network. Valid range is 0-4096. Common uses:

    • 1-4094: Standard VLAN range for network segmentation
    • 0: Untagged/native VLAN

    • 4094: Reserved for special purposes

    wan_dhcp_v6_pd_size int
    The IPv6 prefix size to request from ISP. Must be between 48 and 64. Only applicable when wan_type_v6 is 'dhcpv6'.
    wan_dns Sequence[str]
    List of IPv4 DNS servers for WAN interface. Examples:

    • ISP provided DNS servers
    • Public DNS services (e.g., 8.8.8.8, 1.1.1.1)
    • Maximum 4 servers can be specified
    wan_egress_qos int
    Quality of Service (QoS) priority for WAN egress traffic (0-7).

    • 0 (default) - Best effort
    • 1-4 - Increasing priority
    • 5-7 - Highest priority, use sparingly Higher values get preferential treatment.
    wan_gateway str
    The IPv4 gateway address for WAN interface. Required when wan_type is 'static'. Typically the ISP's router IP address.
    wan_gateway_v6 str
    The IPv6 gateway address for WAN interface. Required when wan_type_v6 is 'static'. Typically the ISP's router IPv6 address.
    wan_ip str
    The static IPv4 address for WAN interface. Required when wan_type is 'static'. Must be a valid public IP address assigned by your ISP.
    wan_ipv6 str
    The static IPv6 address for WAN interface. Required when wan_type_v6 is 'static'. Must be a valid public IPv6 address assigned by your ISP.
    wan_netmask str
    The IPv4 netmask for WAN interface (e.g., '255.255.255.0'). Required when wan_type is 'static'. Must match the subnet mask provided by your ISP.
    wan_networkgroup str
    The WAN interface group assignment. Options:

    • WAN - Primary WAN interface
    • WAN2 - Secondary WAN interface
    • WAN_LTE_FAILOVER - LTE backup connection Used for dual WAN and failover configurations.
    wan_prefixlen int
    The IPv6 prefix length for WAN interface. Must be between 1 and 128. Only applicable when wan_type_v6 is 'static'.
    wan_type str
    The IPv4 WAN connection type. Options:

    • disabled - WAN interface disabled
    • static - Static IP configuration
    • dhcp - Dynamic IP from ISP
    • pppoe - PPPoE connection (common for DSL) Choose based on your ISP's requirements.
    wan_type_v6 str
    The IPv6 WAN connection type. Options:

    • disabled - IPv6 disabled
    • static - Static IPv6 configuration
    • dhcpv6 - Dynamic IPv6 from ISP Choose based on your ISP's requirements.
    wan_username str
    Username for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Cannot contain spaces or special characters
    x_wan_password str
    Password for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Must be kept secret
    purpose String
    The purpose/type of the network. Must be one of:

    • corporate - Standard network for corporate use with full access
    • guest - Isolated network for guest access with limited permissions
    • wan - External network connection (WAN uplink)
    • vlan-only - VLAN network without DHCP services
    dhcpDns List<String>
    List of IPv4 DNS server addresses to be provided to DHCP clients. Examples:

    • Use ['8.8.8.8', '8.8.4.4'] for Google DNS
    • Use ['1.1.1.1', '1.0.0.1'] for Cloudflare DNS
    • Use internal DNS servers for corporate networks Maximum 4 servers can be specified.
    dhcpEnabled Boolean
    Controls whether DHCP server is enabled for this network. When enabled:

    • The network will automatically assign IP addresses to clients
    • DHCP options (DNS, lease time) will be provided to clients
    • Static IP assignments can still be made outside the DHCP range
    dhcpLease Number
    The DHCP lease time in seconds. Common values:

    • 86400 (1 day) - Default, suitable for most networks
    • 3600 (1 hour) - For testing or temporary networks
    • 604800 (1 week) - For stable networks with static clients
    • 2592000 (30 days) - For very stable networks
    dhcpRelayEnabled Boolean
    Enables DHCP relay for this network. When enabled:

    • DHCP requests are forwarded to an external DHCP server
    • Local DHCP server is disabled
    • Useful for centralized DHCP management
    dhcpStart String
    The starting IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical start: '192.168.1.100'
    • For subnet 10.0.0.0/24, typical start: '10.0.0.100' Ensure this address is within the network's subnet.
    dhcpStop String
    The ending IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical stop: '192.168.1.254'
    • For subnet 10.0.0.0/24, typical stop: '10.0.0.254' Must be greater than dhcp_start and within the network's subnet.
    dhcpV6Dns List<String>
    List of IPv6 DNS server addresses for DHCPv6 clients. Examples:

    • Use ['2001:4860:4860::8888', '2001:4860:4860::8844'] for Google DNS
    • Use ['2606:4700:4700::1111', '2606:4700:4700::1001'] for Cloudflare DNS Only used when dhcp_v6_dns_auto is false. Maximum of 4 addresses are allowed.
    dhcpV6DnsAuto Boolean
    Controls DNS server source for DHCPv6 clients:

    • true - Use upstream DNS servers (recommended)
    • false - Use manually specified servers from dhcp_v6_dns Default is true for easier management.
    dhcpV6Enabled Boolean
    Enables stateful DHCPv6 for IPv6 address assignment. When enabled:

    • Provides IPv6 addresses to clients
    • Works alongside SLAAC if configured
    • Allows for more controlled IPv6 addressing
    dhcpV6Lease Number
    The DHCPv6 lease time in seconds. Common values:

    • 86400 (1 day) - Default setting
    • 3600 (1 hour) - For testing
    • 604800 (1 week) - For stable networks Typically longer than IPv4 DHCP leases.
    dhcpV6Start String
    The starting IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be a valid IPv6 address within your allocated IPv6 subnet.
    dhcpV6Stop String
    The ending IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be after dhcp_v6_start in the IPv6 address space.
    dhcpdBootEnabled Boolean
    Enables DHCP boot options for PXE boot or network boot configurations. When enabled:

    • Allows network devices to boot from a TFTP server
    • Requires dhcpd_boot_server and dhcpd_boot_filename to be set
    • Commonly used for diskless workstations or network installations
    dhcpdBootFilename String
    The boot filename to be loaded from the TFTP server. Examples:

    • 'pxelinux.0' - Standard PXE boot loader
    • 'undionly.kpxe' - iPXE boot loader
    • Custom paths for specific boot images
    dhcpdBootServer String
    The IPv4 address of the TFTP server for network boot. This setting:

    • Is required when dhcpd_boot_enabled is true
    • Should be a reliable, always-on server
    • Must be accessible to all clients that need to boot
    domainName String
    The domain name for this network. Examples:

    • 'corp.example.com' - For corporate networks
    • 'guest.example.com' - For guest networks
    • 'iot.example.com' - For IoT networks Used for internal DNS resolution and DHCP options.
    enabled Boolean
    Controls whether this network is active. When disabled:

    • Network will not be available to clients
    • DHCP services will be stopped
    • Existing clients will be disconnected Useful for temporary network maintenance or security measures.
    igmpSnooping Boolean
    Enables IGMP (Internet Group Management Protocol) snooping. When enabled:

    • Optimizes multicast traffic flow
    • Reduces network congestion
    • Improves performance for multicast applications (e.g., IPTV) Recommended for networks with multicast traffic.
    internetAccessEnabled Boolean
    Controls internet access for this network. When disabled:

    • Clients cannot access external networks
    • Internal network access remains available
    • Useful for creating isolated or secure networks
    ipv6InterfaceType String

    Specifies the IPv6 connection type. Must be one of:

    • none - IPv6 disabled (default)
    • static - Static IPv6 addressing
    • pd - Prefix Delegation from upstream

    Choose based on your IPv6 deployment strategy and ISP capabilities.

    ipv6PdInterface String
    The WAN interface to use for IPv6 Prefix Delegation. Options:

    • wan - Primary WAN interface
    • wan2 - Secondary WAN interface Only applicable when ipv6_interface_type is 'pd'.
    ipv6PdPrefixid String
    The IPv6 Prefix ID for Prefix Delegation. Used to:

    • Differentiate multiple delegated prefixes
    • Create unique subnets from the delegated prefix Typically a hexadecimal value (e.g., '0', '1', 'a1').
    ipv6PdStart String
    The starting IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be within the delegated prefix range.
    ipv6PdStop String
    The ending IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be after ipv6_pd_start within the delegated prefix.
    ipv6RaEnable Boolean
    Enables IPv6 Router Advertisements (RA). When enabled:

    • Announces IPv6 prefix information to clients
    • Enables SLAAC address configuration
    • Required for most IPv6 deployments
    ipv6RaPreferredLifetime Number
    The preferred lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be less than or equal to ipv6_ra_valid_lifetime
    • Default: 14400 (4 hours)
    • After this time, addresses become deprecated but still usable
    ipv6RaPriority String
    Sets the priority for IPv6 Router Advertisements. Options:

    • high - Preferred for primary networks
    • medium - Standard priority
    • low - For backup or secondary networks Affects router selection when multiple IPv6 routers exist.
    ipv6RaValidLifetime Number
    The valid lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be greater than or equal to ipv6_ra_preferred_lifetime
    • Default: 86400 (24 hours)
    • After this time, addresses become invalid
    ipv6StaticSubnet String
    The static IPv6 subnet in CIDR notation (e.g., '2001:db8::/64') when using static IPv6. Only applicable when ipv6_interface_type is 'static'. Must be a valid IPv6 subnet allocated to your organization.
    multicastDns Boolean
    Enables Multicast DNS (mDNS/Bonjour/Avahi) on the network. When enabled:

    • Allows device discovery (e.g., printers, Chromecasts)
    • Supports zero-configuration networking
    • Available on Controller version 7 and later
    name String
    The name of the network. This should be a descriptive name that helps identify the network's purpose, such as 'Corporate-Main', 'Guest-Network', or 'IoT-VLAN'.
    networkGroup String
    The network group for this network. Default is 'LAN'. For WAN networks, use 'WAN' or 'WAN2'. Network groups help organize and apply policies to multiple networks.
    networkIsolationEnabled Boolean
    Enables network isolation. When enabled:

    • Prevents communication between clients on this network
    • Each client can only communicate with the gateway
    • Commonly used for guest networks or IoT devices
    site String
    The name of the site to associate the network with.
    subnet String
    The IPv4 subnet for this network in CIDR notation (e.g., '192.168.1.0/24'). This defines the network's address space and determines the range of IP addresses available for DHCP.
    vlanId Number

    The VLAN ID for this network. Valid range is 0-4096. Common uses:

    • 1-4094: Standard VLAN range for network segmentation
    • 0: Untagged/native VLAN

    • 4094: Reserved for special purposes

    wanDhcpV6PdSize Number
    The IPv6 prefix size to request from ISP. Must be between 48 and 64. Only applicable when wan_type_v6 is 'dhcpv6'.
    wanDns List<String>
    List of IPv4 DNS servers for WAN interface. Examples:

    • ISP provided DNS servers
    • Public DNS services (e.g., 8.8.8.8, 1.1.1.1)
    • Maximum 4 servers can be specified
    wanEgressQos Number
    Quality of Service (QoS) priority for WAN egress traffic (0-7).

    • 0 (default) - Best effort
    • 1-4 - Increasing priority
    • 5-7 - Highest priority, use sparingly Higher values get preferential treatment.
    wanGateway String
    The IPv4 gateway address for WAN interface. Required when wan_type is 'static'. Typically the ISP's router IP address.
    wanGatewayV6 String
    The IPv6 gateway address for WAN interface. Required when wan_type_v6 is 'static'. Typically the ISP's router IPv6 address.
    wanIp String
    The static IPv4 address for WAN interface. Required when wan_type is 'static'. Must be a valid public IP address assigned by your ISP.
    wanIpv6 String
    The static IPv6 address for WAN interface. Required when wan_type_v6 is 'static'. Must be a valid public IPv6 address assigned by your ISP.
    wanNetmask String
    The IPv4 netmask for WAN interface (e.g., '255.255.255.0'). Required when wan_type is 'static'. Must match the subnet mask provided by your ISP.
    wanNetworkgroup String
    The WAN interface group assignment. Options:

    • WAN - Primary WAN interface
    • WAN2 - Secondary WAN interface
    • WAN_LTE_FAILOVER - LTE backup connection Used for dual WAN and failover configurations.
    wanPrefixlen Number
    The IPv6 prefix length for WAN interface. Must be between 1 and 128. Only applicable when wan_type_v6 is 'static'.
    wanType String
    The IPv4 WAN connection type. Options:

    • disabled - WAN interface disabled
    • static - Static IP configuration
    • dhcp - Dynamic IP from ISP
    • pppoe - PPPoE connection (common for DSL) Choose based on your ISP's requirements.
    wanTypeV6 String
    The IPv6 WAN connection type. Options:

    • disabled - IPv6 disabled
    • static - Static IPv6 configuration
    • dhcpv6 - Dynamic IPv6 from ISP Choose based on your ISP's requirements.
    wanUsername String
    Username for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Cannot contain spaces or special characters
    xWanPassword String
    Password for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Must be kept secret

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Network resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Network Resource

    Get an existing Network resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: NetworkState, opts?: CustomResourceOptions): Network
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        dhcp_dns: Optional[Sequence[str]] = None,
        dhcp_enabled: Optional[bool] = None,
        dhcp_lease: Optional[int] = None,
        dhcp_relay_enabled: Optional[bool] = None,
        dhcp_start: Optional[str] = None,
        dhcp_stop: Optional[str] = None,
        dhcp_v6_dns: Optional[Sequence[str]] = None,
        dhcp_v6_dns_auto: Optional[bool] = None,
        dhcp_v6_enabled: Optional[bool] = None,
        dhcp_v6_lease: Optional[int] = None,
        dhcp_v6_start: Optional[str] = None,
        dhcp_v6_stop: Optional[str] = None,
        dhcpd_boot_enabled: Optional[bool] = None,
        dhcpd_boot_filename: Optional[str] = None,
        dhcpd_boot_server: Optional[str] = None,
        domain_name: Optional[str] = None,
        enabled: Optional[bool] = None,
        igmp_snooping: Optional[bool] = None,
        internet_access_enabled: Optional[bool] = None,
        ipv6_interface_type: Optional[str] = None,
        ipv6_pd_interface: Optional[str] = None,
        ipv6_pd_prefixid: Optional[str] = None,
        ipv6_pd_start: Optional[str] = None,
        ipv6_pd_stop: Optional[str] = None,
        ipv6_ra_enable: Optional[bool] = None,
        ipv6_ra_preferred_lifetime: Optional[int] = None,
        ipv6_ra_priority: Optional[str] = None,
        ipv6_ra_valid_lifetime: Optional[int] = None,
        ipv6_static_subnet: Optional[str] = None,
        multicast_dns: Optional[bool] = None,
        name: Optional[str] = None,
        network_group: Optional[str] = None,
        network_isolation_enabled: Optional[bool] = None,
        purpose: Optional[str] = None,
        site: Optional[str] = None,
        subnet: Optional[str] = None,
        vlan_id: Optional[int] = None,
        wan_dhcp_v6_pd_size: Optional[int] = None,
        wan_dns: Optional[Sequence[str]] = None,
        wan_egress_qos: Optional[int] = None,
        wan_gateway: Optional[str] = None,
        wan_gateway_v6: Optional[str] = None,
        wan_ip: Optional[str] = None,
        wan_ipv6: Optional[str] = None,
        wan_netmask: Optional[str] = None,
        wan_networkgroup: Optional[str] = None,
        wan_prefixlen: Optional[int] = None,
        wan_type: Optional[str] = None,
        wan_type_v6: Optional[str] = None,
        wan_username: Optional[str] = None,
        x_wan_password: Optional[str] = None) -> Network
    func GetNetwork(ctx *Context, name string, id IDInput, state *NetworkState, opts ...ResourceOption) (*Network, error)
    public static Network Get(string name, Input<string> id, NetworkState? state, CustomResourceOptions? opts = null)
    public static Network get(String name, Output<String> id, NetworkState state, CustomResourceOptions options)
    resources:  _:    type: unifi:Network    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DhcpDns List<string>
    List of IPv4 DNS server addresses to be provided to DHCP clients. Examples:

    • Use ['8.8.8.8', '8.8.4.4'] for Google DNS
    • Use ['1.1.1.1', '1.0.0.1'] for Cloudflare DNS
    • Use internal DNS servers for corporate networks Maximum 4 servers can be specified.
    DhcpEnabled bool
    Controls whether DHCP server is enabled for this network. When enabled:

    • The network will automatically assign IP addresses to clients
    • DHCP options (DNS, lease time) will be provided to clients
    • Static IP assignments can still be made outside the DHCP range
    DhcpLease int
    The DHCP lease time in seconds. Common values:

    • 86400 (1 day) - Default, suitable for most networks
    • 3600 (1 hour) - For testing or temporary networks
    • 604800 (1 week) - For stable networks with static clients
    • 2592000 (30 days) - For very stable networks
    DhcpRelayEnabled bool
    Enables DHCP relay for this network. When enabled:

    • DHCP requests are forwarded to an external DHCP server
    • Local DHCP server is disabled
    • Useful for centralized DHCP management
    DhcpStart string
    The starting IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical start: '192.168.1.100'
    • For subnet 10.0.0.0/24, typical start: '10.0.0.100' Ensure this address is within the network's subnet.
    DhcpStop string
    The ending IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical stop: '192.168.1.254'
    • For subnet 10.0.0.0/24, typical stop: '10.0.0.254' Must be greater than dhcp_start and within the network's subnet.
    DhcpV6Dns List<string>
    List of IPv6 DNS server addresses for DHCPv6 clients. Examples:

    • Use ['2001:4860:4860::8888', '2001:4860:4860::8844'] for Google DNS
    • Use ['2606:4700:4700::1111', '2606:4700:4700::1001'] for Cloudflare DNS Only used when dhcp_v6_dns_auto is false. Maximum of 4 addresses are allowed.
    DhcpV6DnsAuto bool
    Controls DNS server source for DHCPv6 clients:

    • true - Use upstream DNS servers (recommended)
    • false - Use manually specified servers from dhcp_v6_dns Default is true for easier management.
    DhcpV6Enabled bool
    Enables stateful DHCPv6 for IPv6 address assignment. When enabled:

    • Provides IPv6 addresses to clients
    • Works alongside SLAAC if configured
    • Allows for more controlled IPv6 addressing
    DhcpV6Lease int
    The DHCPv6 lease time in seconds. Common values:

    • 86400 (1 day) - Default setting
    • 3600 (1 hour) - For testing
    • 604800 (1 week) - For stable networks Typically longer than IPv4 DHCP leases.
    DhcpV6Start string
    The starting IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be a valid IPv6 address within your allocated IPv6 subnet.
    DhcpV6Stop string
    The ending IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be after dhcp_v6_start in the IPv6 address space.
    DhcpdBootEnabled bool
    Enables DHCP boot options for PXE boot or network boot configurations. When enabled:

    • Allows network devices to boot from a TFTP server
    • Requires dhcpd_boot_server and dhcpd_boot_filename to be set
    • Commonly used for diskless workstations or network installations
    DhcpdBootFilename string
    The boot filename to be loaded from the TFTP server. Examples:

    • 'pxelinux.0' - Standard PXE boot loader
    • 'undionly.kpxe' - iPXE boot loader
    • Custom paths for specific boot images
    DhcpdBootServer string
    The IPv4 address of the TFTP server for network boot. This setting:

    • Is required when dhcpd_boot_enabled is true
    • Should be a reliable, always-on server
    • Must be accessible to all clients that need to boot
    DomainName string
    The domain name for this network. Examples:

    • 'corp.example.com' - For corporate networks
    • 'guest.example.com' - For guest networks
    • 'iot.example.com' - For IoT networks Used for internal DNS resolution and DHCP options.
    Enabled bool
    Controls whether this network is active. When disabled:

    • Network will not be available to clients
    • DHCP services will be stopped
    • Existing clients will be disconnected Useful for temporary network maintenance or security measures.
    IgmpSnooping bool
    Enables IGMP (Internet Group Management Protocol) snooping. When enabled:

    • Optimizes multicast traffic flow
    • Reduces network congestion
    • Improves performance for multicast applications (e.g., IPTV) Recommended for networks with multicast traffic.
    InternetAccessEnabled bool
    Controls internet access for this network. When disabled:

    • Clients cannot access external networks
    • Internal network access remains available
    • Useful for creating isolated or secure networks
    Ipv6InterfaceType string

    Specifies the IPv6 connection type. Must be one of:

    • none - IPv6 disabled (default)
    • static - Static IPv6 addressing
    • pd - Prefix Delegation from upstream

    Choose based on your IPv6 deployment strategy and ISP capabilities.

    Ipv6PdInterface string
    The WAN interface to use for IPv6 Prefix Delegation. Options:

    • wan - Primary WAN interface
    • wan2 - Secondary WAN interface Only applicable when ipv6_interface_type is 'pd'.
    Ipv6PdPrefixid string
    The IPv6 Prefix ID for Prefix Delegation. Used to:

    • Differentiate multiple delegated prefixes
    • Create unique subnets from the delegated prefix Typically a hexadecimal value (e.g., '0', '1', 'a1').
    Ipv6PdStart string
    The starting IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be within the delegated prefix range.
    Ipv6PdStop string
    The ending IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be after ipv6_pd_start within the delegated prefix.
    Ipv6RaEnable bool
    Enables IPv6 Router Advertisements (RA). When enabled:

    • Announces IPv6 prefix information to clients
    • Enables SLAAC address configuration
    • Required for most IPv6 deployments
    Ipv6RaPreferredLifetime int
    The preferred lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be less than or equal to ipv6_ra_valid_lifetime
    • Default: 14400 (4 hours)
    • After this time, addresses become deprecated but still usable
    Ipv6RaPriority string
    Sets the priority for IPv6 Router Advertisements. Options:

    • high - Preferred for primary networks
    • medium - Standard priority
    • low - For backup or secondary networks Affects router selection when multiple IPv6 routers exist.
    Ipv6RaValidLifetime int
    The valid lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be greater than or equal to ipv6_ra_preferred_lifetime
    • Default: 86400 (24 hours)
    • After this time, addresses become invalid
    Ipv6StaticSubnet string
    The static IPv6 subnet in CIDR notation (e.g., '2001:db8::/64') when using static IPv6. Only applicable when ipv6_interface_type is 'static'. Must be a valid IPv6 subnet allocated to your organization.
    MulticastDns bool
    Enables Multicast DNS (mDNS/Bonjour/Avahi) on the network. When enabled:

    • Allows device discovery (e.g., printers, Chromecasts)
    • Supports zero-configuration networking
    • Available on Controller version 7 and later
    Name string
    The name of the network. This should be a descriptive name that helps identify the network's purpose, such as 'Corporate-Main', 'Guest-Network', or 'IoT-VLAN'.
    NetworkGroup string
    The network group for this network. Default is 'LAN'. For WAN networks, use 'WAN' or 'WAN2'. Network groups help organize and apply policies to multiple networks.
    NetworkIsolationEnabled bool
    Enables network isolation. When enabled:

    • Prevents communication between clients on this network
    • Each client can only communicate with the gateway
    • Commonly used for guest networks or IoT devices
    Purpose string
    The purpose/type of the network. Must be one of:

    • corporate - Standard network for corporate use with full access
    • guest - Isolated network for guest access with limited permissions
    • wan - External network connection (WAN uplink)
    • vlan-only - VLAN network without DHCP services
    Site string
    The name of the site to associate the network with.
    Subnet string
    The IPv4 subnet for this network in CIDR notation (e.g., '192.168.1.0/24'). This defines the network's address space and determines the range of IP addresses available for DHCP.
    VlanId int

    The VLAN ID for this network. Valid range is 0-4096. Common uses:

    • 1-4094: Standard VLAN range for network segmentation
    • 0: Untagged/native VLAN

    • 4094: Reserved for special purposes

    WanDhcpV6PdSize int
    The IPv6 prefix size to request from ISP. Must be between 48 and 64. Only applicable when wan_type_v6 is 'dhcpv6'.
    WanDns List<string>
    List of IPv4 DNS servers for WAN interface. Examples:

    • ISP provided DNS servers
    • Public DNS services (e.g., 8.8.8.8, 1.1.1.1)
    • Maximum 4 servers can be specified
    WanEgressQos int
    Quality of Service (QoS) priority for WAN egress traffic (0-7).

    • 0 (default) - Best effort
    • 1-4 - Increasing priority
    • 5-7 - Highest priority, use sparingly Higher values get preferential treatment.
    WanGateway string
    The IPv4 gateway address for WAN interface. Required when wan_type is 'static'. Typically the ISP's router IP address.
    WanGatewayV6 string
    The IPv6 gateway address for WAN interface. Required when wan_type_v6 is 'static'. Typically the ISP's router IPv6 address.
    WanIp string
    The static IPv4 address for WAN interface. Required when wan_type is 'static'. Must be a valid public IP address assigned by your ISP.
    WanIpv6 string
    The static IPv6 address for WAN interface. Required when wan_type_v6 is 'static'. Must be a valid public IPv6 address assigned by your ISP.
    WanNetmask string
    The IPv4 netmask for WAN interface (e.g., '255.255.255.0'). Required when wan_type is 'static'. Must match the subnet mask provided by your ISP.
    WanNetworkgroup string
    The WAN interface group assignment. Options:

    • WAN - Primary WAN interface
    • WAN2 - Secondary WAN interface
    • WAN_LTE_FAILOVER - LTE backup connection Used for dual WAN and failover configurations.
    WanPrefixlen int
    The IPv6 prefix length for WAN interface. Must be between 1 and 128. Only applicable when wan_type_v6 is 'static'.
    WanType string
    The IPv4 WAN connection type. Options:

    • disabled - WAN interface disabled
    • static - Static IP configuration
    • dhcp - Dynamic IP from ISP
    • pppoe - PPPoE connection (common for DSL) Choose based on your ISP's requirements.
    WanTypeV6 string
    The IPv6 WAN connection type. Options:

    • disabled - IPv6 disabled
    • static - Static IPv6 configuration
    • dhcpv6 - Dynamic IPv6 from ISP Choose based on your ISP's requirements.
    WanUsername string
    Username for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Cannot contain spaces or special characters
    XWanPassword string
    Password for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Must be kept secret
    DhcpDns []string
    List of IPv4 DNS server addresses to be provided to DHCP clients. Examples:

    • Use ['8.8.8.8', '8.8.4.4'] for Google DNS
    • Use ['1.1.1.1', '1.0.0.1'] for Cloudflare DNS
    • Use internal DNS servers for corporate networks Maximum 4 servers can be specified.
    DhcpEnabled bool
    Controls whether DHCP server is enabled for this network. When enabled:

    • The network will automatically assign IP addresses to clients
    • DHCP options (DNS, lease time) will be provided to clients
    • Static IP assignments can still be made outside the DHCP range
    DhcpLease int
    The DHCP lease time in seconds. Common values:

    • 86400 (1 day) - Default, suitable for most networks
    • 3600 (1 hour) - For testing or temporary networks
    • 604800 (1 week) - For stable networks with static clients
    • 2592000 (30 days) - For very stable networks
    DhcpRelayEnabled bool
    Enables DHCP relay for this network. When enabled:

    • DHCP requests are forwarded to an external DHCP server
    • Local DHCP server is disabled
    • Useful for centralized DHCP management
    DhcpStart string
    The starting IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical start: '192.168.1.100'
    • For subnet 10.0.0.0/24, typical start: '10.0.0.100' Ensure this address is within the network's subnet.
    DhcpStop string
    The ending IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical stop: '192.168.1.254'
    • For subnet 10.0.0.0/24, typical stop: '10.0.0.254' Must be greater than dhcp_start and within the network's subnet.
    DhcpV6Dns []string
    List of IPv6 DNS server addresses for DHCPv6 clients. Examples:

    • Use ['2001:4860:4860::8888', '2001:4860:4860::8844'] for Google DNS
    • Use ['2606:4700:4700::1111', '2606:4700:4700::1001'] for Cloudflare DNS Only used when dhcp_v6_dns_auto is false. Maximum of 4 addresses are allowed.
    DhcpV6DnsAuto bool
    Controls DNS server source for DHCPv6 clients:

    • true - Use upstream DNS servers (recommended)
    • false - Use manually specified servers from dhcp_v6_dns Default is true for easier management.
    DhcpV6Enabled bool
    Enables stateful DHCPv6 for IPv6 address assignment. When enabled:

    • Provides IPv6 addresses to clients
    • Works alongside SLAAC if configured
    • Allows for more controlled IPv6 addressing
    DhcpV6Lease int
    The DHCPv6 lease time in seconds. Common values:

    • 86400 (1 day) - Default setting
    • 3600 (1 hour) - For testing
    • 604800 (1 week) - For stable networks Typically longer than IPv4 DHCP leases.
    DhcpV6Start string
    The starting IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be a valid IPv6 address within your allocated IPv6 subnet.
    DhcpV6Stop string
    The ending IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be after dhcp_v6_start in the IPv6 address space.
    DhcpdBootEnabled bool
    Enables DHCP boot options for PXE boot or network boot configurations. When enabled:

    • Allows network devices to boot from a TFTP server
    • Requires dhcpd_boot_server and dhcpd_boot_filename to be set
    • Commonly used for diskless workstations or network installations
    DhcpdBootFilename string
    The boot filename to be loaded from the TFTP server. Examples:

    • 'pxelinux.0' - Standard PXE boot loader
    • 'undionly.kpxe' - iPXE boot loader
    • Custom paths for specific boot images
    DhcpdBootServer string
    The IPv4 address of the TFTP server for network boot. This setting:

    • Is required when dhcpd_boot_enabled is true
    • Should be a reliable, always-on server
    • Must be accessible to all clients that need to boot
    DomainName string
    The domain name for this network. Examples:

    • 'corp.example.com' - For corporate networks
    • 'guest.example.com' - For guest networks
    • 'iot.example.com' - For IoT networks Used for internal DNS resolution and DHCP options.
    Enabled bool
    Controls whether this network is active. When disabled:

    • Network will not be available to clients
    • DHCP services will be stopped
    • Existing clients will be disconnected Useful for temporary network maintenance or security measures.
    IgmpSnooping bool
    Enables IGMP (Internet Group Management Protocol) snooping. When enabled:

    • Optimizes multicast traffic flow
    • Reduces network congestion
    • Improves performance for multicast applications (e.g., IPTV) Recommended for networks with multicast traffic.
    InternetAccessEnabled bool
    Controls internet access for this network. When disabled:

    • Clients cannot access external networks
    • Internal network access remains available
    • Useful for creating isolated or secure networks
    Ipv6InterfaceType string

    Specifies the IPv6 connection type. Must be one of:

    • none - IPv6 disabled (default)
    • static - Static IPv6 addressing
    • pd - Prefix Delegation from upstream

    Choose based on your IPv6 deployment strategy and ISP capabilities.

    Ipv6PdInterface string
    The WAN interface to use for IPv6 Prefix Delegation. Options:

    • wan - Primary WAN interface
    • wan2 - Secondary WAN interface Only applicable when ipv6_interface_type is 'pd'.
    Ipv6PdPrefixid string
    The IPv6 Prefix ID for Prefix Delegation. Used to:

    • Differentiate multiple delegated prefixes
    • Create unique subnets from the delegated prefix Typically a hexadecimal value (e.g., '0', '1', 'a1').
    Ipv6PdStart string
    The starting IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be within the delegated prefix range.
    Ipv6PdStop string
    The ending IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be after ipv6_pd_start within the delegated prefix.
    Ipv6RaEnable bool
    Enables IPv6 Router Advertisements (RA). When enabled:

    • Announces IPv6 prefix information to clients
    • Enables SLAAC address configuration
    • Required for most IPv6 deployments
    Ipv6RaPreferredLifetime int
    The preferred lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be less than or equal to ipv6_ra_valid_lifetime
    • Default: 14400 (4 hours)
    • After this time, addresses become deprecated but still usable
    Ipv6RaPriority string
    Sets the priority for IPv6 Router Advertisements. Options:

    • high - Preferred for primary networks
    • medium - Standard priority
    • low - For backup or secondary networks Affects router selection when multiple IPv6 routers exist.
    Ipv6RaValidLifetime int
    The valid lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be greater than or equal to ipv6_ra_preferred_lifetime
    • Default: 86400 (24 hours)
    • After this time, addresses become invalid
    Ipv6StaticSubnet string
    The static IPv6 subnet in CIDR notation (e.g., '2001:db8::/64') when using static IPv6. Only applicable when ipv6_interface_type is 'static'. Must be a valid IPv6 subnet allocated to your organization.
    MulticastDns bool
    Enables Multicast DNS (mDNS/Bonjour/Avahi) on the network. When enabled:

    • Allows device discovery (e.g., printers, Chromecasts)
    • Supports zero-configuration networking
    • Available on Controller version 7 and later
    Name string
    The name of the network. This should be a descriptive name that helps identify the network's purpose, such as 'Corporate-Main', 'Guest-Network', or 'IoT-VLAN'.
    NetworkGroup string
    The network group for this network. Default is 'LAN'. For WAN networks, use 'WAN' or 'WAN2'. Network groups help organize and apply policies to multiple networks.
    NetworkIsolationEnabled bool
    Enables network isolation. When enabled:

    • Prevents communication between clients on this network
    • Each client can only communicate with the gateway
    • Commonly used for guest networks or IoT devices
    Purpose string
    The purpose/type of the network. Must be one of:

    • corporate - Standard network for corporate use with full access
    • guest - Isolated network for guest access with limited permissions
    • wan - External network connection (WAN uplink)
    • vlan-only - VLAN network without DHCP services
    Site string
    The name of the site to associate the network with.
    Subnet string
    The IPv4 subnet for this network in CIDR notation (e.g., '192.168.1.0/24'). This defines the network's address space and determines the range of IP addresses available for DHCP.
    VlanId int

    The VLAN ID for this network. Valid range is 0-4096. Common uses:

    • 1-4094: Standard VLAN range for network segmentation
    • 0: Untagged/native VLAN

    • 4094: Reserved for special purposes

    WanDhcpV6PdSize int
    The IPv6 prefix size to request from ISP. Must be between 48 and 64. Only applicable when wan_type_v6 is 'dhcpv6'.
    WanDns []string
    List of IPv4 DNS servers for WAN interface. Examples:

    • ISP provided DNS servers
    • Public DNS services (e.g., 8.8.8.8, 1.1.1.1)
    • Maximum 4 servers can be specified
    WanEgressQos int
    Quality of Service (QoS) priority for WAN egress traffic (0-7).

    • 0 (default) - Best effort
    • 1-4 - Increasing priority
    • 5-7 - Highest priority, use sparingly Higher values get preferential treatment.
    WanGateway string
    The IPv4 gateway address for WAN interface. Required when wan_type is 'static'. Typically the ISP's router IP address.
    WanGatewayV6 string
    The IPv6 gateway address for WAN interface. Required when wan_type_v6 is 'static'. Typically the ISP's router IPv6 address.
    WanIp string
    The static IPv4 address for WAN interface. Required when wan_type is 'static'. Must be a valid public IP address assigned by your ISP.
    WanIpv6 string
    The static IPv6 address for WAN interface. Required when wan_type_v6 is 'static'. Must be a valid public IPv6 address assigned by your ISP.
    WanNetmask string
    The IPv4 netmask for WAN interface (e.g., '255.255.255.0'). Required when wan_type is 'static'. Must match the subnet mask provided by your ISP.
    WanNetworkgroup string
    The WAN interface group assignment. Options:

    • WAN - Primary WAN interface
    • WAN2 - Secondary WAN interface
    • WAN_LTE_FAILOVER - LTE backup connection Used for dual WAN and failover configurations.
    WanPrefixlen int
    The IPv6 prefix length for WAN interface. Must be between 1 and 128. Only applicable when wan_type_v6 is 'static'.
    WanType string
    The IPv4 WAN connection type. Options:

    • disabled - WAN interface disabled
    • static - Static IP configuration
    • dhcp - Dynamic IP from ISP
    • pppoe - PPPoE connection (common for DSL) Choose based on your ISP's requirements.
    WanTypeV6 string
    The IPv6 WAN connection type. Options:

    • disabled - IPv6 disabled
    • static - Static IPv6 configuration
    • dhcpv6 - Dynamic IPv6 from ISP Choose based on your ISP's requirements.
    WanUsername string
    Username for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Cannot contain spaces or special characters
    XWanPassword string
    Password for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Must be kept secret
    dhcpDns List<String>
    List of IPv4 DNS server addresses to be provided to DHCP clients. Examples:

    • Use ['8.8.8.8', '8.8.4.4'] for Google DNS
    • Use ['1.1.1.1', '1.0.0.1'] for Cloudflare DNS
    • Use internal DNS servers for corporate networks Maximum 4 servers can be specified.
    dhcpEnabled Boolean
    Controls whether DHCP server is enabled for this network. When enabled:

    • The network will automatically assign IP addresses to clients
    • DHCP options (DNS, lease time) will be provided to clients
    • Static IP assignments can still be made outside the DHCP range
    dhcpLease Integer
    The DHCP lease time in seconds. Common values:

    • 86400 (1 day) - Default, suitable for most networks
    • 3600 (1 hour) - For testing or temporary networks
    • 604800 (1 week) - For stable networks with static clients
    • 2592000 (30 days) - For very stable networks
    dhcpRelayEnabled Boolean
    Enables DHCP relay for this network. When enabled:

    • DHCP requests are forwarded to an external DHCP server
    • Local DHCP server is disabled
    • Useful for centralized DHCP management
    dhcpStart String
    The starting IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical start: '192.168.1.100'
    • For subnet 10.0.0.0/24, typical start: '10.0.0.100' Ensure this address is within the network's subnet.
    dhcpStop String
    The ending IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical stop: '192.168.1.254'
    • For subnet 10.0.0.0/24, typical stop: '10.0.0.254' Must be greater than dhcp_start and within the network's subnet.
    dhcpV6Dns List<String>
    List of IPv6 DNS server addresses for DHCPv6 clients. Examples:

    • Use ['2001:4860:4860::8888', '2001:4860:4860::8844'] for Google DNS
    • Use ['2606:4700:4700::1111', '2606:4700:4700::1001'] for Cloudflare DNS Only used when dhcp_v6_dns_auto is false. Maximum of 4 addresses are allowed.
    dhcpV6DnsAuto Boolean
    Controls DNS server source for DHCPv6 clients:

    • true - Use upstream DNS servers (recommended)
    • false - Use manually specified servers from dhcp_v6_dns Default is true for easier management.
    dhcpV6Enabled Boolean
    Enables stateful DHCPv6 for IPv6 address assignment. When enabled:

    • Provides IPv6 addresses to clients
    • Works alongside SLAAC if configured
    • Allows for more controlled IPv6 addressing
    dhcpV6Lease Integer
    The DHCPv6 lease time in seconds. Common values:

    • 86400 (1 day) - Default setting
    • 3600 (1 hour) - For testing
    • 604800 (1 week) - For stable networks Typically longer than IPv4 DHCP leases.
    dhcpV6Start String
    The starting IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be a valid IPv6 address within your allocated IPv6 subnet.
    dhcpV6Stop String
    The ending IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be after dhcp_v6_start in the IPv6 address space.
    dhcpdBootEnabled Boolean
    Enables DHCP boot options for PXE boot or network boot configurations. When enabled:

    • Allows network devices to boot from a TFTP server
    • Requires dhcpd_boot_server and dhcpd_boot_filename to be set
    • Commonly used for diskless workstations or network installations
    dhcpdBootFilename String
    The boot filename to be loaded from the TFTP server. Examples:

    • 'pxelinux.0' - Standard PXE boot loader
    • 'undionly.kpxe' - iPXE boot loader
    • Custom paths for specific boot images
    dhcpdBootServer String
    The IPv4 address of the TFTP server for network boot. This setting:

    • Is required when dhcpd_boot_enabled is true
    • Should be a reliable, always-on server
    • Must be accessible to all clients that need to boot
    domainName String
    The domain name for this network. Examples:

    • 'corp.example.com' - For corporate networks
    • 'guest.example.com' - For guest networks
    • 'iot.example.com' - For IoT networks Used for internal DNS resolution and DHCP options.
    enabled Boolean
    Controls whether this network is active. When disabled:

    • Network will not be available to clients
    • DHCP services will be stopped
    • Existing clients will be disconnected Useful for temporary network maintenance or security measures.
    igmpSnooping Boolean
    Enables IGMP (Internet Group Management Protocol) snooping. When enabled:

    • Optimizes multicast traffic flow
    • Reduces network congestion
    • Improves performance for multicast applications (e.g., IPTV) Recommended for networks with multicast traffic.
    internetAccessEnabled Boolean
    Controls internet access for this network. When disabled:

    • Clients cannot access external networks
    • Internal network access remains available
    • Useful for creating isolated or secure networks
    ipv6InterfaceType String

    Specifies the IPv6 connection type. Must be one of:

    • none - IPv6 disabled (default)
    • static - Static IPv6 addressing
    • pd - Prefix Delegation from upstream

    Choose based on your IPv6 deployment strategy and ISP capabilities.

    ipv6PdInterface String
    The WAN interface to use for IPv6 Prefix Delegation. Options:

    • wan - Primary WAN interface
    • wan2 - Secondary WAN interface Only applicable when ipv6_interface_type is 'pd'.
    ipv6PdPrefixid String
    The IPv6 Prefix ID for Prefix Delegation. Used to:

    • Differentiate multiple delegated prefixes
    • Create unique subnets from the delegated prefix Typically a hexadecimal value (e.g., '0', '1', 'a1').
    ipv6PdStart String
    The starting IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be within the delegated prefix range.
    ipv6PdStop String
    The ending IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be after ipv6_pd_start within the delegated prefix.
    ipv6RaEnable Boolean
    Enables IPv6 Router Advertisements (RA). When enabled:

    • Announces IPv6 prefix information to clients
    • Enables SLAAC address configuration
    • Required for most IPv6 deployments
    ipv6RaPreferredLifetime Integer
    The preferred lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be less than or equal to ipv6_ra_valid_lifetime
    • Default: 14400 (4 hours)
    • After this time, addresses become deprecated but still usable
    ipv6RaPriority String
    Sets the priority for IPv6 Router Advertisements. Options:

    • high - Preferred for primary networks
    • medium - Standard priority
    • low - For backup or secondary networks Affects router selection when multiple IPv6 routers exist.
    ipv6RaValidLifetime Integer
    The valid lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be greater than or equal to ipv6_ra_preferred_lifetime
    • Default: 86400 (24 hours)
    • After this time, addresses become invalid
    ipv6StaticSubnet String
    The static IPv6 subnet in CIDR notation (e.g., '2001:db8::/64') when using static IPv6. Only applicable when ipv6_interface_type is 'static'. Must be a valid IPv6 subnet allocated to your organization.
    multicastDns Boolean
    Enables Multicast DNS (mDNS/Bonjour/Avahi) on the network. When enabled:

    • Allows device discovery (e.g., printers, Chromecasts)
    • Supports zero-configuration networking
    • Available on Controller version 7 and later
    name String
    The name of the network. This should be a descriptive name that helps identify the network's purpose, such as 'Corporate-Main', 'Guest-Network', or 'IoT-VLAN'.
    networkGroup String
    The network group for this network. Default is 'LAN'. For WAN networks, use 'WAN' or 'WAN2'. Network groups help organize and apply policies to multiple networks.
    networkIsolationEnabled Boolean
    Enables network isolation. When enabled:

    • Prevents communication between clients on this network
    • Each client can only communicate with the gateway
    • Commonly used for guest networks or IoT devices
    purpose String
    The purpose/type of the network. Must be one of:

    • corporate - Standard network for corporate use with full access
    • guest - Isolated network for guest access with limited permissions
    • wan - External network connection (WAN uplink)
    • vlan-only - VLAN network without DHCP services
    site String
    The name of the site to associate the network with.
    subnet String
    The IPv4 subnet for this network in CIDR notation (e.g., '192.168.1.0/24'). This defines the network's address space and determines the range of IP addresses available for DHCP.
    vlanId Integer

    The VLAN ID for this network. Valid range is 0-4096. Common uses:

    • 1-4094: Standard VLAN range for network segmentation
    • 0: Untagged/native VLAN

    • 4094: Reserved for special purposes

    wanDhcpV6PdSize Integer
    The IPv6 prefix size to request from ISP. Must be between 48 and 64. Only applicable when wan_type_v6 is 'dhcpv6'.
    wanDns List<String>
    List of IPv4 DNS servers for WAN interface. Examples:

    • ISP provided DNS servers
    • Public DNS services (e.g., 8.8.8.8, 1.1.1.1)
    • Maximum 4 servers can be specified
    wanEgressQos Integer
    Quality of Service (QoS) priority for WAN egress traffic (0-7).

    • 0 (default) - Best effort
    • 1-4 - Increasing priority
    • 5-7 - Highest priority, use sparingly Higher values get preferential treatment.
    wanGateway String
    The IPv4 gateway address for WAN interface. Required when wan_type is 'static'. Typically the ISP's router IP address.
    wanGatewayV6 String
    The IPv6 gateway address for WAN interface. Required when wan_type_v6 is 'static'. Typically the ISP's router IPv6 address.
    wanIp String
    The static IPv4 address for WAN interface. Required when wan_type is 'static'. Must be a valid public IP address assigned by your ISP.
    wanIpv6 String
    The static IPv6 address for WAN interface. Required when wan_type_v6 is 'static'. Must be a valid public IPv6 address assigned by your ISP.
    wanNetmask String
    The IPv4 netmask for WAN interface (e.g., '255.255.255.0'). Required when wan_type is 'static'. Must match the subnet mask provided by your ISP.
    wanNetworkgroup String
    The WAN interface group assignment. Options:

    • WAN - Primary WAN interface
    • WAN2 - Secondary WAN interface
    • WAN_LTE_FAILOVER - LTE backup connection Used for dual WAN and failover configurations.
    wanPrefixlen Integer
    The IPv6 prefix length for WAN interface. Must be between 1 and 128. Only applicable when wan_type_v6 is 'static'.
    wanType String
    The IPv4 WAN connection type. Options:

    • disabled - WAN interface disabled
    • static - Static IP configuration
    • dhcp - Dynamic IP from ISP
    • pppoe - PPPoE connection (common for DSL) Choose based on your ISP's requirements.
    wanTypeV6 String
    The IPv6 WAN connection type. Options:

    • disabled - IPv6 disabled
    • static - Static IPv6 configuration
    • dhcpv6 - Dynamic IPv6 from ISP Choose based on your ISP's requirements.
    wanUsername String
    Username for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Cannot contain spaces or special characters
    xWanPassword String
    Password for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Must be kept secret
    dhcpDns string[]
    List of IPv4 DNS server addresses to be provided to DHCP clients. Examples:

    • Use ['8.8.8.8', '8.8.4.4'] for Google DNS
    • Use ['1.1.1.1', '1.0.0.1'] for Cloudflare DNS
    • Use internal DNS servers for corporate networks Maximum 4 servers can be specified.
    dhcpEnabled boolean
    Controls whether DHCP server is enabled for this network. When enabled:

    • The network will automatically assign IP addresses to clients
    • DHCP options (DNS, lease time) will be provided to clients
    • Static IP assignments can still be made outside the DHCP range
    dhcpLease number
    The DHCP lease time in seconds. Common values:

    • 86400 (1 day) - Default, suitable for most networks
    • 3600 (1 hour) - For testing or temporary networks
    • 604800 (1 week) - For stable networks with static clients
    • 2592000 (30 days) - For very stable networks
    dhcpRelayEnabled boolean
    Enables DHCP relay for this network. When enabled:

    • DHCP requests are forwarded to an external DHCP server
    • Local DHCP server is disabled
    • Useful for centralized DHCP management
    dhcpStart string
    The starting IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical start: '192.168.1.100'
    • For subnet 10.0.0.0/24, typical start: '10.0.0.100' Ensure this address is within the network's subnet.
    dhcpStop string
    The ending IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical stop: '192.168.1.254'
    • For subnet 10.0.0.0/24, typical stop: '10.0.0.254' Must be greater than dhcp_start and within the network's subnet.
    dhcpV6Dns string[]
    List of IPv6 DNS server addresses for DHCPv6 clients. Examples:

    • Use ['2001:4860:4860::8888', '2001:4860:4860::8844'] for Google DNS
    • Use ['2606:4700:4700::1111', '2606:4700:4700::1001'] for Cloudflare DNS Only used when dhcp_v6_dns_auto is false. Maximum of 4 addresses are allowed.
    dhcpV6DnsAuto boolean
    Controls DNS server source for DHCPv6 clients:

    • true - Use upstream DNS servers (recommended)
    • false - Use manually specified servers from dhcp_v6_dns Default is true for easier management.
    dhcpV6Enabled boolean
    Enables stateful DHCPv6 for IPv6 address assignment. When enabled:

    • Provides IPv6 addresses to clients
    • Works alongside SLAAC if configured
    • Allows for more controlled IPv6 addressing
    dhcpV6Lease number
    The DHCPv6 lease time in seconds. Common values:

    • 86400 (1 day) - Default setting
    • 3600 (1 hour) - For testing
    • 604800 (1 week) - For stable networks Typically longer than IPv4 DHCP leases.
    dhcpV6Start string
    The starting IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be a valid IPv6 address within your allocated IPv6 subnet.
    dhcpV6Stop string
    The ending IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be after dhcp_v6_start in the IPv6 address space.
    dhcpdBootEnabled boolean
    Enables DHCP boot options for PXE boot or network boot configurations. When enabled:

    • Allows network devices to boot from a TFTP server
    • Requires dhcpd_boot_server and dhcpd_boot_filename to be set
    • Commonly used for diskless workstations or network installations
    dhcpdBootFilename string
    The boot filename to be loaded from the TFTP server. Examples:

    • 'pxelinux.0' - Standard PXE boot loader
    • 'undionly.kpxe' - iPXE boot loader
    • Custom paths for specific boot images
    dhcpdBootServer string
    The IPv4 address of the TFTP server for network boot. This setting:

    • Is required when dhcpd_boot_enabled is true
    • Should be a reliable, always-on server
    • Must be accessible to all clients that need to boot
    domainName string
    The domain name for this network. Examples:

    • 'corp.example.com' - For corporate networks
    • 'guest.example.com' - For guest networks
    • 'iot.example.com' - For IoT networks Used for internal DNS resolution and DHCP options.
    enabled boolean
    Controls whether this network is active. When disabled:

    • Network will not be available to clients
    • DHCP services will be stopped
    • Existing clients will be disconnected Useful for temporary network maintenance or security measures.
    igmpSnooping boolean
    Enables IGMP (Internet Group Management Protocol) snooping. When enabled:

    • Optimizes multicast traffic flow
    • Reduces network congestion
    • Improves performance for multicast applications (e.g., IPTV) Recommended for networks with multicast traffic.
    internetAccessEnabled boolean
    Controls internet access for this network. When disabled:

    • Clients cannot access external networks
    • Internal network access remains available
    • Useful for creating isolated or secure networks
    ipv6InterfaceType string

    Specifies the IPv6 connection type. Must be one of:

    • none - IPv6 disabled (default)
    • static - Static IPv6 addressing
    • pd - Prefix Delegation from upstream

    Choose based on your IPv6 deployment strategy and ISP capabilities.

    ipv6PdInterface string
    The WAN interface to use for IPv6 Prefix Delegation. Options:

    • wan - Primary WAN interface
    • wan2 - Secondary WAN interface Only applicable when ipv6_interface_type is 'pd'.
    ipv6PdPrefixid string
    The IPv6 Prefix ID for Prefix Delegation. Used to:

    • Differentiate multiple delegated prefixes
    • Create unique subnets from the delegated prefix Typically a hexadecimal value (e.g., '0', '1', 'a1').
    ipv6PdStart string
    The starting IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be within the delegated prefix range.
    ipv6PdStop string
    The ending IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be after ipv6_pd_start within the delegated prefix.
    ipv6RaEnable boolean
    Enables IPv6 Router Advertisements (RA). When enabled:

    • Announces IPv6 prefix information to clients
    • Enables SLAAC address configuration
    • Required for most IPv6 deployments
    ipv6RaPreferredLifetime number
    The preferred lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be less than or equal to ipv6_ra_valid_lifetime
    • Default: 14400 (4 hours)
    • After this time, addresses become deprecated but still usable
    ipv6RaPriority string
    Sets the priority for IPv6 Router Advertisements. Options:

    • high - Preferred for primary networks
    • medium - Standard priority
    • low - For backup or secondary networks Affects router selection when multiple IPv6 routers exist.
    ipv6RaValidLifetime number
    The valid lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be greater than or equal to ipv6_ra_preferred_lifetime
    • Default: 86400 (24 hours)
    • After this time, addresses become invalid
    ipv6StaticSubnet string
    The static IPv6 subnet in CIDR notation (e.g., '2001:db8::/64') when using static IPv6. Only applicable when ipv6_interface_type is 'static'. Must be a valid IPv6 subnet allocated to your organization.
    multicastDns boolean
    Enables Multicast DNS (mDNS/Bonjour/Avahi) on the network. When enabled:

    • Allows device discovery (e.g., printers, Chromecasts)
    • Supports zero-configuration networking
    • Available on Controller version 7 and later
    name string
    The name of the network. This should be a descriptive name that helps identify the network's purpose, such as 'Corporate-Main', 'Guest-Network', or 'IoT-VLAN'.
    networkGroup string
    The network group for this network. Default is 'LAN'. For WAN networks, use 'WAN' or 'WAN2'. Network groups help organize and apply policies to multiple networks.
    networkIsolationEnabled boolean
    Enables network isolation. When enabled:

    • Prevents communication between clients on this network
    • Each client can only communicate with the gateway
    • Commonly used for guest networks or IoT devices
    purpose string
    The purpose/type of the network. Must be one of:

    • corporate - Standard network for corporate use with full access
    • guest - Isolated network for guest access with limited permissions
    • wan - External network connection (WAN uplink)
    • vlan-only - VLAN network without DHCP services
    site string
    The name of the site to associate the network with.
    subnet string
    The IPv4 subnet for this network in CIDR notation (e.g., '192.168.1.0/24'). This defines the network's address space and determines the range of IP addresses available for DHCP.
    vlanId number

    The VLAN ID for this network. Valid range is 0-4096. Common uses:

    • 1-4094: Standard VLAN range for network segmentation
    • 0: Untagged/native VLAN

    • 4094: Reserved for special purposes

    wanDhcpV6PdSize number
    The IPv6 prefix size to request from ISP. Must be between 48 and 64. Only applicable when wan_type_v6 is 'dhcpv6'.
    wanDns string[]
    List of IPv4 DNS servers for WAN interface. Examples:

    • ISP provided DNS servers
    • Public DNS services (e.g., 8.8.8.8, 1.1.1.1)
    • Maximum 4 servers can be specified
    wanEgressQos number
    Quality of Service (QoS) priority for WAN egress traffic (0-7).

    • 0 (default) - Best effort
    • 1-4 - Increasing priority
    • 5-7 - Highest priority, use sparingly Higher values get preferential treatment.
    wanGateway string
    The IPv4 gateway address for WAN interface. Required when wan_type is 'static'. Typically the ISP's router IP address.
    wanGatewayV6 string
    The IPv6 gateway address for WAN interface. Required when wan_type_v6 is 'static'. Typically the ISP's router IPv6 address.
    wanIp string
    The static IPv4 address for WAN interface. Required when wan_type is 'static'. Must be a valid public IP address assigned by your ISP.
    wanIpv6 string
    The static IPv6 address for WAN interface. Required when wan_type_v6 is 'static'. Must be a valid public IPv6 address assigned by your ISP.
    wanNetmask string
    The IPv4 netmask for WAN interface (e.g., '255.255.255.0'). Required when wan_type is 'static'. Must match the subnet mask provided by your ISP.
    wanNetworkgroup string
    The WAN interface group assignment. Options:

    • WAN - Primary WAN interface
    • WAN2 - Secondary WAN interface
    • WAN_LTE_FAILOVER - LTE backup connection Used for dual WAN and failover configurations.
    wanPrefixlen number
    The IPv6 prefix length for WAN interface. Must be between 1 and 128. Only applicable when wan_type_v6 is 'static'.
    wanType string
    The IPv4 WAN connection type. Options:

    • disabled - WAN interface disabled
    • static - Static IP configuration
    • dhcp - Dynamic IP from ISP
    • pppoe - PPPoE connection (common for DSL) Choose based on your ISP's requirements.
    wanTypeV6 string
    The IPv6 WAN connection type. Options:

    • disabled - IPv6 disabled
    • static - Static IPv6 configuration
    • dhcpv6 - Dynamic IPv6 from ISP Choose based on your ISP's requirements.
    wanUsername string
    Username for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Cannot contain spaces or special characters
    xWanPassword string
    Password for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Must be kept secret
    dhcp_dns Sequence[str]
    List of IPv4 DNS server addresses to be provided to DHCP clients. Examples:

    • Use ['8.8.8.8', '8.8.4.4'] for Google DNS
    • Use ['1.1.1.1', '1.0.0.1'] for Cloudflare DNS
    • Use internal DNS servers for corporate networks Maximum 4 servers can be specified.
    dhcp_enabled bool
    Controls whether DHCP server is enabled for this network. When enabled:

    • The network will automatically assign IP addresses to clients
    • DHCP options (DNS, lease time) will be provided to clients
    • Static IP assignments can still be made outside the DHCP range
    dhcp_lease int
    The DHCP lease time in seconds. Common values:

    • 86400 (1 day) - Default, suitable for most networks
    • 3600 (1 hour) - For testing or temporary networks
    • 604800 (1 week) - For stable networks with static clients
    • 2592000 (30 days) - For very stable networks
    dhcp_relay_enabled bool
    Enables DHCP relay for this network. When enabled:

    • DHCP requests are forwarded to an external DHCP server
    • Local DHCP server is disabled
    • Useful for centralized DHCP management
    dhcp_start str
    The starting IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical start: '192.168.1.100'
    • For subnet 10.0.0.0/24, typical start: '10.0.0.100' Ensure this address is within the network's subnet.
    dhcp_stop str
    The ending IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical stop: '192.168.1.254'
    • For subnet 10.0.0.0/24, typical stop: '10.0.0.254' Must be greater than dhcp_start and within the network's subnet.
    dhcp_v6_dns Sequence[str]
    List of IPv6 DNS server addresses for DHCPv6 clients. Examples:

    • Use ['2001:4860:4860::8888', '2001:4860:4860::8844'] for Google DNS
    • Use ['2606:4700:4700::1111', '2606:4700:4700::1001'] for Cloudflare DNS Only used when dhcp_v6_dns_auto is false. Maximum of 4 addresses are allowed.
    dhcp_v6_dns_auto bool
    Controls DNS server source for DHCPv6 clients:

    • true - Use upstream DNS servers (recommended)
    • false - Use manually specified servers from dhcp_v6_dns Default is true for easier management.
    dhcp_v6_enabled bool
    Enables stateful DHCPv6 for IPv6 address assignment. When enabled:

    • Provides IPv6 addresses to clients
    • Works alongside SLAAC if configured
    • Allows for more controlled IPv6 addressing
    dhcp_v6_lease int
    The DHCPv6 lease time in seconds. Common values:

    • 86400 (1 day) - Default setting
    • 3600 (1 hour) - For testing
    • 604800 (1 week) - For stable networks Typically longer than IPv4 DHCP leases.
    dhcp_v6_start str
    The starting IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be a valid IPv6 address within your allocated IPv6 subnet.
    dhcp_v6_stop str
    The ending IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be after dhcp_v6_start in the IPv6 address space.
    dhcpd_boot_enabled bool
    Enables DHCP boot options for PXE boot or network boot configurations. When enabled:

    • Allows network devices to boot from a TFTP server
    • Requires dhcpd_boot_server and dhcpd_boot_filename to be set
    • Commonly used for diskless workstations or network installations
    dhcpd_boot_filename str
    The boot filename to be loaded from the TFTP server. Examples:

    • 'pxelinux.0' - Standard PXE boot loader
    • 'undionly.kpxe' - iPXE boot loader
    • Custom paths for specific boot images
    dhcpd_boot_server str
    The IPv4 address of the TFTP server for network boot. This setting:

    • Is required when dhcpd_boot_enabled is true
    • Should be a reliable, always-on server
    • Must be accessible to all clients that need to boot
    domain_name str
    The domain name for this network. Examples:

    • 'corp.example.com' - For corporate networks
    • 'guest.example.com' - For guest networks
    • 'iot.example.com' - For IoT networks Used for internal DNS resolution and DHCP options.
    enabled bool
    Controls whether this network is active. When disabled:

    • Network will not be available to clients
    • DHCP services will be stopped
    • Existing clients will be disconnected Useful for temporary network maintenance or security measures.
    igmp_snooping bool
    Enables IGMP (Internet Group Management Protocol) snooping. When enabled:

    • Optimizes multicast traffic flow
    • Reduces network congestion
    • Improves performance for multicast applications (e.g., IPTV) Recommended for networks with multicast traffic.
    internet_access_enabled bool
    Controls internet access for this network. When disabled:

    • Clients cannot access external networks
    • Internal network access remains available
    • Useful for creating isolated or secure networks
    ipv6_interface_type str

    Specifies the IPv6 connection type. Must be one of:

    • none - IPv6 disabled (default)
    • static - Static IPv6 addressing
    • pd - Prefix Delegation from upstream

    Choose based on your IPv6 deployment strategy and ISP capabilities.

    ipv6_pd_interface str
    The WAN interface to use for IPv6 Prefix Delegation. Options:

    • wan - Primary WAN interface
    • wan2 - Secondary WAN interface Only applicable when ipv6_interface_type is 'pd'.
    ipv6_pd_prefixid str
    The IPv6 Prefix ID for Prefix Delegation. Used to:

    • Differentiate multiple delegated prefixes
    • Create unique subnets from the delegated prefix Typically a hexadecimal value (e.g., '0', '1', 'a1').
    ipv6_pd_start str
    The starting IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be within the delegated prefix range.
    ipv6_pd_stop str
    The ending IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be after ipv6_pd_start within the delegated prefix.
    ipv6_ra_enable bool
    Enables IPv6 Router Advertisements (RA). When enabled:

    • Announces IPv6 prefix information to clients
    • Enables SLAAC address configuration
    • Required for most IPv6 deployments
    ipv6_ra_preferred_lifetime int
    The preferred lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be less than or equal to ipv6_ra_valid_lifetime
    • Default: 14400 (4 hours)
    • After this time, addresses become deprecated but still usable
    ipv6_ra_priority str
    Sets the priority for IPv6 Router Advertisements. Options:

    • high - Preferred for primary networks
    • medium - Standard priority
    • low - For backup or secondary networks Affects router selection when multiple IPv6 routers exist.
    ipv6_ra_valid_lifetime int
    The valid lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be greater than or equal to ipv6_ra_preferred_lifetime
    • Default: 86400 (24 hours)
    • After this time, addresses become invalid
    ipv6_static_subnet str
    The static IPv6 subnet in CIDR notation (e.g., '2001:db8::/64') when using static IPv6. Only applicable when ipv6_interface_type is 'static'. Must be a valid IPv6 subnet allocated to your organization.
    multicast_dns bool
    Enables Multicast DNS (mDNS/Bonjour/Avahi) on the network. When enabled:

    • Allows device discovery (e.g., printers, Chromecasts)
    • Supports zero-configuration networking
    • Available on Controller version 7 and later
    name str
    The name of the network. This should be a descriptive name that helps identify the network's purpose, such as 'Corporate-Main', 'Guest-Network', or 'IoT-VLAN'.
    network_group str
    The network group for this network. Default is 'LAN'. For WAN networks, use 'WAN' or 'WAN2'. Network groups help organize and apply policies to multiple networks.
    network_isolation_enabled bool
    Enables network isolation. When enabled:

    • Prevents communication between clients on this network
    • Each client can only communicate with the gateway
    • Commonly used for guest networks or IoT devices
    purpose str
    The purpose/type of the network. Must be one of:

    • corporate - Standard network for corporate use with full access
    • guest - Isolated network for guest access with limited permissions
    • wan - External network connection (WAN uplink)
    • vlan-only - VLAN network without DHCP services
    site str
    The name of the site to associate the network with.
    subnet str
    The IPv4 subnet for this network in CIDR notation (e.g., '192.168.1.0/24'). This defines the network's address space and determines the range of IP addresses available for DHCP.
    vlan_id int

    The VLAN ID for this network. Valid range is 0-4096. Common uses:

    • 1-4094: Standard VLAN range for network segmentation
    • 0: Untagged/native VLAN

    • 4094: Reserved for special purposes

    wan_dhcp_v6_pd_size int
    The IPv6 prefix size to request from ISP. Must be between 48 and 64. Only applicable when wan_type_v6 is 'dhcpv6'.
    wan_dns Sequence[str]
    List of IPv4 DNS servers for WAN interface. Examples:

    • ISP provided DNS servers
    • Public DNS services (e.g., 8.8.8.8, 1.1.1.1)
    • Maximum 4 servers can be specified
    wan_egress_qos int
    Quality of Service (QoS) priority for WAN egress traffic (0-7).

    • 0 (default) - Best effort
    • 1-4 - Increasing priority
    • 5-7 - Highest priority, use sparingly Higher values get preferential treatment.
    wan_gateway str
    The IPv4 gateway address for WAN interface. Required when wan_type is 'static'. Typically the ISP's router IP address.
    wan_gateway_v6 str
    The IPv6 gateway address for WAN interface. Required when wan_type_v6 is 'static'. Typically the ISP's router IPv6 address.
    wan_ip str
    The static IPv4 address for WAN interface. Required when wan_type is 'static'. Must be a valid public IP address assigned by your ISP.
    wan_ipv6 str
    The static IPv6 address for WAN interface. Required when wan_type_v6 is 'static'. Must be a valid public IPv6 address assigned by your ISP.
    wan_netmask str
    The IPv4 netmask for WAN interface (e.g., '255.255.255.0'). Required when wan_type is 'static'. Must match the subnet mask provided by your ISP.
    wan_networkgroup str
    The WAN interface group assignment. Options:

    • WAN - Primary WAN interface
    • WAN2 - Secondary WAN interface
    • WAN_LTE_FAILOVER - LTE backup connection Used for dual WAN and failover configurations.
    wan_prefixlen int
    The IPv6 prefix length for WAN interface. Must be between 1 and 128. Only applicable when wan_type_v6 is 'static'.
    wan_type str
    The IPv4 WAN connection type. Options:

    • disabled - WAN interface disabled
    • static - Static IP configuration
    • dhcp - Dynamic IP from ISP
    • pppoe - PPPoE connection (common for DSL) Choose based on your ISP's requirements.
    wan_type_v6 str
    The IPv6 WAN connection type. Options:

    • disabled - IPv6 disabled
    • static - Static IPv6 configuration
    • dhcpv6 - Dynamic IPv6 from ISP Choose based on your ISP's requirements.
    wan_username str
    Username for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Cannot contain spaces or special characters
    x_wan_password str
    Password for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Must be kept secret
    dhcpDns List<String>
    List of IPv4 DNS server addresses to be provided to DHCP clients. Examples:

    • Use ['8.8.8.8', '8.8.4.4'] for Google DNS
    • Use ['1.1.1.1', '1.0.0.1'] for Cloudflare DNS
    • Use internal DNS servers for corporate networks Maximum 4 servers can be specified.
    dhcpEnabled Boolean
    Controls whether DHCP server is enabled for this network. When enabled:

    • The network will automatically assign IP addresses to clients
    • DHCP options (DNS, lease time) will be provided to clients
    • Static IP assignments can still be made outside the DHCP range
    dhcpLease Number
    The DHCP lease time in seconds. Common values:

    • 86400 (1 day) - Default, suitable for most networks
    • 3600 (1 hour) - For testing or temporary networks
    • 604800 (1 week) - For stable networks with static clients
    • 2592000 (30 days) - For very stable networks
    dhcpRelayEnabled Boolean
    Enables DHCP relay for this network. When enabled:

    • DHCP requests are forwarded to an external DHCP server
    • Local DHCP server is disabled
    • Useful for centralized DHCP management
    dhcpStart String
    The starting IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical start: '192.168.1.100'
    • For subnet 10.0.0.0/24, typical start: '10.0.0.100' Ensure this address is within the network's subnet.
    dhcpStop String
    The ending IPv4 address of the DHCP range. Examples:

    • For subnet 192.168.1.0/24, typical stop: '192.168.1.254'
    • For subnet 10.0.0.0/24, typical stop: '10.0.0.254' Must be greater than dhcp_start and within the network's subnet.
    dhcpV6Dns List<String>
    List of IPv6 DNS server addresses for DHCPv6 clients. Examples:

    • Use ['2001:4860:4860::8888', '2001:4860:4860::8844'] for Google DNS
    • Use ['2606:4700:4700::1111', '2606:4700:4700::1001'] for Cloudflare DNS Only used when dhcp_v6_dns_auto is false. Maximum of 4 addresses are allowed.
    dhcpV6DnsAuto Boolean
    Controls DNS server source for DHCPv6 clients:

    • true - Use upstream DNS servers (recommended)
    • false - Use manually specified servers from dhcp_v6_dns Default is true for easier management.
    dhcpV6Enabled Boolean
    Enables stateful DHCPv6 for IPv6 address assignment. When enabled:

    • Provides IPv6 addresses to clients
    • Works alongside SLAAC if configured
    • Allows for more controlled IPv6 addressing
    dhcpV6Lease Number
    The DHCPv6 lease time in seconds. Common values:

    • 86400 (1 day) - Default setting
    • 3600 (1 hour) - For testing
    • 604800 (1 week) - For stable networks Typically longer than IPv4 DHCP leases.
    dhcpV6Start String
    The starting IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be a valid IPv6 address within your allocated IPv6 subnet.
    dhcpV6Stop String
    The ending IPv6 address for the DHCPv6 range. Used in static DHCPv6 configuration. Must be after dhcp_v6_start in the IPv6 address space.
    dhcpdBootEnabled Boolean
    Enables DHCP boot options for PXE boot or network boot configurations. When enabled:

    • Allows network devices to boot from a TFTP server
    • Requires dhcpd_boot_server and dhcpd_boot_filename to be set
    • Commonly used for diskless workstations or network installations
    dhcpdBootFilename String
    The boot filename to be loaded from the TFTP server. Examples:

    • 'pxelinux.0' - Standard PXE boot loader
    • 'undionly.kpxe' - iPXE boot loader
    • Custom paths for specific boot images
    dhcpdBootServer String
    The IPv4 address of the TFTP server for network boot. This setting:

    • Is required when dhcpd_boot_enabled is true
    • Should be a reliable, always-on server
    • Must be accessible to all clients that need to boot
    domainName String
    The domain name for this network. Examples:

    • 'corp.example.com' - For corporate networks
    • 'guest.example.com' - For guest networks
    • 'iot.example.com' - For IoT networks Used for internal DNS resolution and DHCP options.
    enabled Boolean
    Controls whether this network is active. When disabled:

    • Network will not be available to clients
    • DHCP services will be stopped
    • Existing clients will be disconnected Useful for temporary network maintenance or security measures.
    igmpSnooping Boolean
    Enables IGMP (Internet Group Management Protocol) snooping. When enabled:

    • Optimizes multicast traffic flow
    • Reduces network congestion
    • Improves performance for multicast applications (e.g., IPTV) Recommended for networks with multicast traffic.
    internetAccessEnabled Boolean
    Controls internet access for this network. When disabled:

    • Clients cannot access external networks
    • Internal network access remains available
    • Useful for creating isolated or secure networks
    ipv6InterfaceType String

    Specifies the IPv6 connection type. Must be one of:

    • none - IPv6 disabled (default)
    • static - Static IPv6 addressing
    • pd - Prefix Delegation from upstream

    Choose based on your IPv6 deployment strategy and ISP capabilities.

    ipv6PdInterface String
    The WAN interface to use for IPv6 Prefix Delegation. Options:

    • wan - Primary WAN interface
    • wan2 - Secondary WAN interface Only applicable when ipv6_interface_type is 'pd'.
    ipv6PdPrefixid String
    The IPv6 Prefix ID for Prefix Delegation. Used to:

    • Differentiate multiple delegated prefixes
    • Create unique subnets from the delegated prefix Typically a hexadecimal value (e.g., '0', '1', 'a1').
    ipv6PdStart String
    The starting IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be within the delegated prefix range.
    ipv6PdStop String
    The ending IPv6 address for Prefix Delegation range. Only used when ipv6_interface_type is 'pd'. Must be after ipv6_pd_start within the delegated prefix.
    ipv6RaEnable Boolean
    Enables IPv6 Router Advertisements (RA). When enabled:

    • Announces IPv6 prefix information to clients
    • Enables SLAAC address configuration
    • Required for most IPv6 deployments
    ipv6RaPreferredLifetime Number
    The preferred lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be less than or equal to ipv6_ra_valid_lifetime
    • Default: 14400 (4 hours)
    • After this time, addresses become deprecated but still usable
    ipv6RaPriority String
    Sets the priority for IPv6 Router Advertisements. Options:

    • high - Preferred for primary networks
    • medium - Standard priority
    • low - For backup or secondary networks Affects router selection when multiple IPv6 routers exist.
    ipv6RaValidLifetime Number
    The valid lifetime (in seconds) for IPv6 addresses in Router Advertisements.

    • Must be greater than or equal to ipv6_ra_preferred_lifetime
    • Default: 86400 (24 hours)
    • After this time, addresses become invalid
    ipv6StaticSubnet String
    The static IPv6 subnet in CIDR notation (e.g., '2001:db8::/64') when using static IPv6. Only applicable when ipv6_interface_type is 'static'. Must be a valid IPv6 subnet allocated to your organization.
    multicastDns Boolean
    Enables Multicast DNS (mDNS/Bonjour/Avahi) on the network. When enabled:

    • Allows device discovery (e.g., printers, Chromecasts)
    • Supports zero-configuration networking
    • Available on Controller version 7 and later
    name String
    The name of the network. This should be a descriptive name that helps identify the network's purpose, such as 'Corporate-Main', 'Guest-Network', or 'IoT-VLAN'.
    networkGroup String
    The network group for this network. Default is 'LAN'. For WAN networks, use 'WAN' or 'WAN2'. Network groups help organize and apply policies to multiple networks.
    networkIsolationEnabled Boolean
    Enables network isolation. When enabled:

    • Prevents communication between clients on this network
    • Each client can only communicate with the gateway
    • Commonly used for guest networks or IoT devices
    purpose String
    The purpose/type of the network. Must be one of:

    • corporate - Standard network for corporate use with full access
    • guest - Isolated network for guest access with limited permissions
    • wan - External network connection (WAN uplink)
    • vlan-only - VLAN network without DHCP services
    site String
    The name of the site to associate the network with.
    subnet String
    The IPv4 subnet for this network in CIDR notation (e.g., '192.168.1.0/24'). This defines the network's address space and determines the range of IP addresses available for DHCP.
    vlanId Number

    The VLAN ID for this network. Valid range is 0-4096. Common uses:

    • 1-4094: Standard VLAN range for network segmentation
    • 0: Untagged/native VLAN

    • 4094: Reserved for special purposes

    wanDhcpV6PdSize Number
    The IPv6 prefix size to request from ISP. Must be between 48 and 64. Only applicable when wan_type_v6 is 'dhcpv6'.
    wanDns List<String>
    List of IPv4 DNS servers for WAN interface. Examples:

    • ISP provided DNS servers
    • Public DNS services (e.g., 8.8.8.8, 1.1.1.1)
    • Maximum 4 servers can be specified
    wanEgressQos Number
    Quality of Service (QoS) priority for WAN egress traffic (0-7).

    • 0 (default) - Best effort
    • 1-4 - Increasing priority
    • 5-7 - Highest priority, use sparingly Higher values get preferential treatment.
    wanGateway String
    The IPv4 gateway address for WAN interface. Required when wan_type is 'static'. Typically the ISP's router IP address.
    wanGatewayV6 String
    The IPv6 gateway address for WAN interface. Required when wan_type_v6 is 'static'. Typically the ISP's router IPv6 address.
    wanIp String
    The static IPv4 address for WAN interface. Required when wan_type is 'static'. Must be a valid public IP address assigned by your ISP.
    wanIpv6 String
    The static IPv6 address for WAN interface. Required when wan_type_v6 is 'static'. Must be a valid public IPv6 address assigned by your ISP.
    wanNetmask String
    The IPv4 netmask for WAN interface (e.g., '255.255.255.0'). Required when wan_type is 'static'. Must match the subnet mask provided by your ISP.
    wanNetworkgroup String
    The WAN interface group assignment. Options:

    • WAN - Primary WAN interface
    • WAN2 - Secondary WAN interface
    • WAN_LTE_FAILOVER - LTE backup connection Used for dual WAN and failover configurations.
    wanPrefixlen Number
    The IPv6 prefix length for WAN interface. Must be between 1 and 128. Only applicable when wan_type_v6 is 'static'.
    wanType String
    The IPv4 WAN connection type. Options:

    • disabled - WAN interface disabled
    • static - Static IP configuration
    • dhcp - Dynamic IP from ISP
    • pppoe - PPPoE connection (common for DSL) Choose based on your ISP's requirements.
    wanTypeV6 String
    The IPv6 WAN connection type. Options:

    • disabled - IPv6 disabled
    • static - Static IPv6 configuration
    • dhcpv6 - Dynamic IPv6 from ISP Choose based on your ISP's requirements.
    wanUsername String
    Username for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Cannot contain spaces or special characters
    xWanPassword String
    Password for WAN authentication.

    • Required for PPPoE connections
    • May be needed for some ISP configurations
    • Must be kept secret

    Import

    import from provider configured site

    $ pulumi import unifi:index/network:Network mynetwork 5dc28e5e9106d105bdc87217

    import from another site

    $ pulumi import unifi:index/network:Network mynetwork bfa2l6i7:5dc28e5e9106d105bdc87217

    import network by name

    $ pulumi import unifi:index/network:Network mynetwork name=LAN

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    unifi pulumiverse/pulumi-unifi
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the unifi Terraform Provider.
    unifi logo
    Unifi v0.2.0 published on Tuesday, Feb 17, 2026 by Pulumiverse
    Schema (JSON)
    pulumiverse/pulumi-unifi
      Meet Neo: Your AI Platform Teammate