Juniper Mist v0.4.0 published on Wednesday, Apr 16, 2025 by Pulumi
junipermist.org.getWlans
Explore with Pulumi AI
This data source provides the list of Org Wlans.
The WLAN object contains all the required configuration to broadcast an SSID (Authentication, VLAN, …)
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as junipermist from "@pulumi/junipermist";
const orgWlans = junipermist.org.getWlans({
    orgId: "15fca2ac-b1a6-47cc-9953-cc6906281550",
});
import pulumi
import pulumi_junipermist as junipermist
org_wlans = junipermist.org.get_wlans(org_id="15fca2ac-b1a6-47cc-9953-cc6906281550")
package main
import (
	"github.com/pulumi/pulumi-junipermist/sdk/go/junipermist/org"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := org.GetWlans(ctx, &org.GetWlansArgs{
			OrgId: "15fca2ac-b1a6-47cc-9953-cc6906281550",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using JuniperMist = Pulumi.JuniperMist;
return await Deployment.RunAsync(() => 
{
    var orgWlans = JuniperMist.Org.GetWlans.Invoke(new()
    {
        OrgId = "15fca2ac-b1a6-47cc-9953-cc6906281550",
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.junipermist.org.OrgFunctions;
import com.pulumi.junipermist.org.inputs.GetWlansArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var orgWlans = OrgFunctions.getWlans(GetWlansArgs.builder()
            .orgId("15fca2ac-b1a6-47cc-9953-cc6906281550")
            .build());
    }
}
variables:
  orgWlans:
    fn::invoke:
      function: junipermist:org:getWlans
      arguments:
        orgId: 15fca2ac-b1a6-47cc-9953-cc6906281550
Using getWlans
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getWlans(args: GetWlansArgs, opts?: InvokeOptions): Promise<GetWlansResult>
function getWlansOutput(args: GetWlansOutputArgs, opts?: InvokeOptions): Output<GetWlansResult>def get_wlans(org_id: Optional[str] = None,
              opts: Optional[InvokeOptions] = None) -> GetWlansResult
def get_wlans_output(org_id: Optional[pulumi.Input[str]] = None,
              opts: Optional[InvokeOptions] = None) -> Output[GetWlansResult]func GetWlans(ctx *Context, args *GetWlansArgs, opts ...InvokeOption) (*GetWlansResult, error)
func GetWlansOutput(ctx *Context, args *GetWlansOutputArgs, opts ...InvokeOption) GetWlansResultOutput> Note: This function is named GetWlans in the Go SDK.
public static class GetWlans 
{
    public static Task<GetWlansResult> InvokeAsync(GetWlansArgs args, InvokeOptions? opts = null)
    public static Output<GetWlansResult> Invoke(GetWlansInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetWlansResult> getWlans(GetWlansArgs args, InvokeOptions options)
public static Output<GetWlansResult> getWlans(GetWlansArgs args, InvokeOptions options)
fn::invoke:
  function: junipermist:org/getWlans:getWlans
  arguments:
    # arguments dictionaryThe following arguments are supported:
- OrgId string
- OrgId string
- orgId String
- orgId string
- org_id str
- orgId String
getWlans Result
The following output properties are available:
- Id string
- The provider-assigned unique ID for this managed resource.
- OrgId string
- OrgWlans List<Pulumi.Juniper Mist. Org. Outputs. Get Wlans Org Wlan> 
- Id string
- The provider-assigned unique ID for this managed resource.
- OrgId string
- OrgWlans []GetWlans Org Wlan 
- id String
- The provider-assigned unique ID for this managed resource.
- orgId String
- orgWlans List<GetWlans Org Wlan> 
- id string
- The provider-assigned unique ID for this managed resource.
- orgId string
- orgWlans GetWlans Org Wlan[] 
- id str
- The provider-assigned unique ID for this managed resource.
- org_id str
- org_wlans Sequence[GetWlans Org Wlan] 
- id String
- The provider-assigned unique ID for this managed resource.
- orgId String
- orgWlans List<Property Map>
Supporting Types
GetWlansOrgWlan   
- AcctImmediate boolUpdate 
- Enable coa-immediate-update and address-change-immediate-update on the access profile.
- AcctInterim intInterval 
- How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- AcctServers List<Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Acct Server> 
- List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- Airwatch
Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Airwatch 
- Airwatch wlan settings
- AllowIpv6Ndp bool
- Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- AllowMdns bool
- Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- AllowSsdp bool
- Only applicable when limit_bcast==true, which allows SSDP
- ApIds List<string>
- List of device ids
- AppLimit Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan App Limit 
- Bandwidth limiting for apps (applies to up/down)
- AppQos Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan App Qos 
- APp qos wlan settings
- ApplyTo string
- enum: aps,site,wxtags
- ArpFilter bool
- Whether to enable smart arp filter
- Auth
Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Auth 
- Authentication wlan settings
- AuthServer stringSelection 
- When ordered, AP will prefer and go back to the first server if possible. enum: ordered,unordered
- AuthServers List<Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Auth Server> 
- List of RADIUS authentication servers, at least one is needed if auth type==eap, order matters where the first one is treated as primary
- AuthServers stringNas Id 
- Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- AuthServers stringNas Ip 
- Optional, NAS-IP-ADDRESS to use
- AuthServers intRetries 
- Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- AuthServers intTimeout 
- Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- BandSteer bool
- Whether to enable band_steering, this works only when band==both
- BandSteer boolForce Band5 
- Force dual_band capable client to connect to 5G
- Bands List<string>
- List of radios that the wlan should apply to.
- BlockBlacklist boolClients 
- Whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Bonjour 
- Bonjour gateway wlan settings
- CiscoCwa Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Cisco Cwa 
- Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- ClientLimit stringDown 
- ClientLimit boolDown Enabled 
- If downlink limiting per-client is enabled
- ClientLimit stringUp 
- ClientLimit boolUp Enabled 
- If uplink limiting per-client is enabled
- CoaServers List<Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Coa Server> 
- List of COA (change of authorization) servers, optional
- CreatedTime double
- When the object has been created, in epoch
- Disable11ax bool
- Some old WLAN drivers may not be compatible
- Disable11be bool
- To disable Wi-Fi 7 EHT IEs
- DisableHt boolVht Rates 
- To disable ht or vht rates
- DisableUapsd bool
- Whether to disable U-APSD
- DisableV1Roam boolNotify 
- Disable sending v2 roam notification messages
- DisableV2Roam boolNotify 
- Disable sending v2 roam notification messages
- DisableWhen boolGateway Unreachable 
- When any of the following is true, this WLAN will be disabled- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
 
- DisableWhen boolMxtunnel Down 
- DisableWmm bool
- Whether to disable WMM
- DnsServer Pulumi.Rewrite Juniper Mist. Org. Inputs. Get Wlans Org Wlan Dns Server Rewrite 
- For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- Dtim int
- DynamicPsk Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Dynamic Psk 
- For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e. enable_mac_authis assumed)
- AP sends BSSID:SSID as Caller-Station-ID
- auth_serversis required
- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
- multi_psk_onlyand- pskis ignored
- pairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
 
- DynamicVlan Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Dynamic Vlan 
- For 802.1x
- EnableLocal boolKeycaching 
- Enable AP-AP keycaching via multicast
- EnableWireless boolBridging 
- By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- EnableWireless boolBridging Dhcp Tracking 
- If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- If this wlan is enabled
- FastDot1x boolTimers 
- If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- HideSsid bool
- Whether to hide SSID in beacon
- HostnameIe bool
- Include hostname inside IE in AP beacons / probe responses
- Hotspot20
Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Hotspot20 
- Hostspot 2.0 wlan settings
- Id string
- Unique ID of the object instance in the Mist Organization
- InjectDhcp Pulumi.Option82 Juniper Mist. Org. Inputs. Get Wlans Org Wlan Inject Dhcp Option82 
- Interface string
- where this WLAN will be connected to. enum: all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel
- Isolation bool
- Whether to stop clients to talk to each other
- L2Isolation bool
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- LegacyOverds bool
- Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- LimitBcast bool
- Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- LimitProbe boolResponse 
- Limit probe response base on some heuristic rules
- MaxIdletime int
- Max idle time in seconds
- MaxNum intClients 
- Maximum number of client connected to the SSID. 0means unlimited
- MistNac Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Mist Nac 
- ModifiedTime double
- When the object has been modified for the last time, in epoch
- MspId string
- MxtunnelIds List<string>
- When interface=mxtunnel, id of the Mist Tunnel
- MxtunnelNames List<string>
- When interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting
- NoStatic boolDns 
- Whether to only allow client to use DNS that we’ve learned from DHCP response
- NoStatic boolIp 
- Whether to only allow client that we’ve learned from DHCP exchange to talk
- OrgId string
- Portal
Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Portal 
- Portal wlan settings
- PortalAllowed List<string>Hostnames 
- List of hostnames without http(s):// (matched by substring)
- PortalAllowed List<string>Subnets 
- List of CIDRs
- PortalApi stringSecret 
- APi secret (auto-generated) that can be used to sign guest authorization requests
- PortalDenied List<string>Hostnames 
- List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- PortalImage string
- Url of portal background image
- PortalSso stringUrl 
- Qos
Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Qos 
- Radsec
Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Radsec 
- RadSec settings
- Rateset
Dictionary<string, Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Rateset> 
- Property key is the RF band. enum: 24,5,6
- ReconnectClients boolWhen Roaming Mxcluster 
- When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- RoamMode string
- enum: 11r,OKC,NONE
- Schedule
Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Schedule 
- WLAN operating schedule, default is disabled
- SleExcluded bool
- Whether to exclude this WLAN from SLE metrics
- Ssid string
- Name of the SSID
- TemplateId string
- UseEapol boolV1 
- If auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
- VlanEnabled bool
- If vlan tagging is enabled
- VlanId string
- VlanIds List<string>
- if vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool
- VlanPooling bool
- Requires vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- WlanLimit stringDown 
- WlanLimit boolDown Enabled 
- If downlink limiting for whole wlan is enabled
- WlanLimit stringUp 
- WlanLimit boolUp Enabled 
- If uplink limiting for whole wlan is enabled
- WxtagIds List<string>
- List of wxtag_ids
- WxtunnelId string
- When interface=wxtunnel, id of the WXLAN Tunnel
- WxtunnelRemote stringId 
- When interface=wxtunnel, remote tunnel identifier
- AcctImmediate boolUpdate 
- Enable coa-immediate-update and address-change-immediate-update on the access profile.
- AcctInterim intInterval 
- How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- AcctServers []GetWlans Org Wlan Acct Server 
- List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- Airwatch
GetWlans Org Wlan Airwatch 
- Airwatch wlan settings
- AllowIpv6Ndp bool
- Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- AllowMdns bool
- Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- AllowSsdp bool
- Only applicable when limit_bcast==true, which allows SSDP
- ApIds []string
- List of device ids
- AppLimit GetWlans Org Wlan App Limit 
- Bandwidth limiting for apps (applies to up/down)
- AppQos GetWlans Org Wlan App Qos 
- APp qos wlan settings
- ApplyTo string
- enum: aps,site,wxtags
- ArpFilter bool
- Whether to enable smart arp filter
- Auth
GetWlans Org Wlan Auth 
- Authentication wlan settings
- AuthServer stringSelection 
- When ordered, AP will prefer and go back to the first server if possible. enum: ordered,unordered
- AuthServers []GetWlans Org Wlan Auth Server 
- List of RADIUS authentication servers, at least one is needed if auth type==eap, order matters where the first one is treated as primary
- AuthServers stringNas Id 
- Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- AuthServers stringNas Ip 
- Optional, NAS-IP-ADDRESS to use
- AuthServers intRetries 
- Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- AuthServers intTimeout 
- Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- BandSteer bool
- Whether to enable band_steering, this works only when band==both
- BandSteer boolForce Band5 
- Force dual_band capable client to connect to 5G
- Bands []string
- List of radios that the wlan should apply to.
- BlockBlacklist boolClients 
- Whether to block the clients in the blacklist (up to first 256 macs)
- Bonjour
GetWlans Org Wlan Bonjour 
- Bonjour gateway wlan settings
- CiscoCwa GetWlans Org Wlan Cisco Cwa 
- Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- ClientLimit stringDown 
- ClientLimit boolDown Enabled 
- If downlink limiting per-client is enabled
- ClientLimit stringUp 
- ClientLimit boolUp Enabled 
- If uplink limiting per-client is enabled
- CoaServers []GetWlans Org Wlan Coa Server 
- List of COA (change of authorization) servers, optional
- CreatedTime float64
- When the object has been created, in epoch
- Disable11ax bool
- Some old WLAN drivers may not be compatible
- Disable11be bool
- To disable Wi-Fi 7 EHT IEs
- DisableHt boolVht Rates 
- To disable ht or vht rates
- DisableUapsd bool
- Whether to disable U-APSD
- DisableV1Roam boolNotify 
- Disable sending v2 roam notification messages
- DisableV2Roam boolNotify 
- Disable sending v2 roam notification messages
- DisableWhen boolGateway Unreachable 
- When any of the following is true, this WLAN will be disabled- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
 
- DisableWhen boolMxtunnel Down 
- DisableWmm bool
- Whether to disable WMM
- DnsServer GetRewrite Wlans Org Wlan Dns Server Rewrite 
- For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- Dtim int
- DynamicPsk GetWlans Org Wlan Dynamic Psk 
- For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e. enable_mac_authis assumed)
- AP sends BSSID:SSID as Caller-Station-ID
- auth_serversis required
- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
- multi_psk_onlyand- pskis ignored
- pairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
 
- DynamicVlan GetWlans Org Wlan Dynamic Vlan 
- For 802.1x
- EnableLocal boolKeycaching 
- Enable AP-AP keycaching via multicast
- EnableWireless boolBridging 
- By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- EnableWireless boolBridging Dhcp Tracking 
- If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- Enabled bool
- If this wlan is enabled
- FastDot1x boolTimers 
- If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- HideSsid bool
- Whether to hide SSID in beacon
- HostnameIe bool
- Include hostname inside IE in AP beacons / probe responses
- Hotspot20
GetWlans Org Wlan Hotspot20 
- Hostspot 2.0 wlan settings
- Id string
- Unique ID of the object instance in the Mist Organization
- InjectDhcp GetOption82 Wlans Org Wlan Inject Dhcp Option82 
- Interface string
- where this WLAN will be connected to. enum: all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel
- Isolation bool
- Whether to stop clients to talk to each other
- L2Isolation bool
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- LegacyOverds bool
- Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- LimitBcast bool
- Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- LimitProbe boolResponse 
- Limit probe response base on some heuristic rules
- MaxIdletime int
- Max idle time in seconds
- MaxNum intClients 
- Maximum number of client connected to the SSID. 0means unlimited
- MistNac GetWlans Org Wlan Mist Nac 
- ModifiedTime float64
- When the object has been modified for the last time, in epoch
- MspId string
- MxtunnelIds []string
- When interface=mxtunnel, id of the Mist Tunnel
- MxtunnelNames []string
- When interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting
- NoStatic boolDns 
- Whether to only allow client to use DNS that we’ve learned from DHCP response
- NoStatic boolIp 
- Whether to only allow client that we’ve learned from DHCP exchange to talk
- OrgId string
- Portal
GetWlans Org Wlan Portal 
- Portal wlan settings
- PortalAllowed []stringHostnames 
- List of hostnames without http(s):// (matched by substring)
- PortalAllowed []stringSubnets 
- List of CIDRs
- PortalApi stringSecret 
- APi secret (auto-generated) that can be used to sign guest authorization requests
- PortalDenied []stringHostnames 
- List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- PortalImage string
- Url of portal background image
- PortalSso stringUrl 
- Qos
GetWlans Org Wlan Qos 
- Radsec
GetWlans Org Wlan Radsec 
- RadSec settings
- Rateset
map[string]GetWlans Org Wlan Rateset 
- Property key is the RF band. enum: 24,5,6
- ReconnectClients boolWhen Roaming Mxcluster 
- When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- RoamMode string
- enum: 11r,OKC,NONE
- Schedule
GetWlans Org Wlan Schedule 
- WLAN operating schedule, default is disabled
- SleExcluded bool
- Whether to exclude this WLAN from SLE metrics
- Ssid string
- Name of the SSID
- TemplateId string
- UseEapol boolV1 
- If auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
- VlanEnabled bool
- If vlan tagging is enabled
- VlanId string
- VlanIds []string
- if vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool
- VlanPooling bool
- Requires vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- WlanLimit stringDown 
- WlanLimit boolDown Enabled 
- If downlink limiting for whole wlan is enabled
- WlanLimit stringUp 
- WlanLimit boolUp Enabled 
- If uplink limiting for whole wlan is enabled
- WxtagIds []string
- List of wxtag_ids
- WxtunnelId string
- When interface=wxtunnel, id of the WXLAN Tunnel
- WxtunnelRemote stringId 
- When interface=wxtunnel, remote tunnel identifier
- acctImmediate BooleanUpdate 
- Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acctInterim IntegerInterval 
- How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acctServers List<GetWlans Org Wlan Acct Server> 
- List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
GetWlans Org Wlan Airwatch 
- Airwatch wlan settings
- allowIpv6Ndp Boolean
- Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allowMdns Boolean
- Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allowSsdp Boolean
- Only applicable when limit_bcast==true, which allows SSDP
- apIds List<String>
- List of device ids
- appLimit GetWlans Org Wlan App Limit 
- Bandwidth limiting for apps (applies to up/down)
- appQos GetWlans Org Wlan App Qos 
- APp qos wlan settings
- applyTo String
- enum: aps,site,wxtags
- arpFilter Boolean
- Whether to enable smart arp filter
- auth
GetWlans Org Wlan Auth 
- Authentication wlan settings
- authServer StringSelection 
- When ordered, AP will prefer and go back to the first server if possible. enum: ordered,unordered
- authServers List<GetWlans Org Wlan Auth Server> 
- List of RADIUS authentication servers, at least one is needed if auth type==eap, order matters where the first one is treated as primary
- authServers StringNas Id 
- Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- authServers StringNas Ip 
- Optional, NAS-IP-ADDRESS to use
- authServers IntegerRetries 
- Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- authServers IntegerTimeout 
- Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- bandSteer Boolean
- Whether to enable band_steering, this works only when band==both
- bandSteer BooleanForce Band5 
- Force dual_band capable client to connect to 5G
- bands List<String>
- List of radios that the wlan should apply to.
- blockBlacklist BooleanClients 
- Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
GetWlans Org Wlan Bonjour 
- Bonjour gateway wlan settings
- ciscoCwa GetWlans Org Wlan Cisco Cwa 
- Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- clientLimit StringDown 
- clientLimit BooleanDown Enabled 
- If downlink limiting per-client is enabled
- clientLimit StringUp 
- clientLimit BooleanUp Enabled 
- If uplink limiting per-client is enabled
- coaServers List<GetWlans Org Wlan Coa Server> 
- List of COA (change of authorization) servers, optional
- createdTime Double
- When the object has been created, in epoch
- disable11ax Boolean
- Some old WLAN drivers may not be compatible
- disable11be Boolean
- To disable Wi-Fi 7 EHT IEs
- disableHt BooleanVht Rates 
- To disable ht or vht rates
- disableUapsd Boolean
- Whether to disable U-APSD
- disableV1Roam BooleanNotify 
- Disable sending v2 roam notification messages
- disableV2Roam BooleanNotify 
- Disable sending v2 roam notification messages
- disableWhen BooleanGateway Unreachable 
- When any of the following is true, this WLAN will be disabled- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
 
- disableWhen BooleanMxtunnel Down 
- disableWmm Boolean
- Whether to disable WMM
- dnsServer GetRewrite Wlans Org Wlan Dns Server Rewrite 
- For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim Integer
- dynamicPsk GetWlans Org Wlan Dynamic Psk 
- For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e. enable_mac_authis assumed)
- AP sends BSSID:SSID as Caller-Station-ID
- auth_serversis required
- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
- multi_psk_onlyand- pskis ignored
- pairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
 
- dynamicVlan GetWlans Org Wlan Dynamic Vlan 
- For 802.1x
- enableLocal BooleanKeycaching 
- Enable AP-AP keycaching via multicast
- enableWireless BooleanBridging 
- By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- enableWireless BooleanBridging Dhcp Tracking 
- If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- If this wlan is enabled
- fastDot1x BooleanTimers 
- If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hideSsid Boolean
- Whether to hide SSID in beacon
- hostnameIe Boolean
- Include hostname inside IE in AP beacons / probe responses
- hotspot20
GetWlans Org Wlan Hotspot20 
- Hostspot 2.0 wlan settings
- id String
- Unique ID of the object instance in the Mist Organization
- injectDhcp GetOption82 Wlans Org Wlan Inject Dhcp Option82 
- interface_ String
- where this WLAN will be connected to. enum: all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel
- isolation Boolean
- Whether to stop clients to talk to each other
- l2Isolation Boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacyOverds Boolean
- Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limitBcast Boolean
- Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limitProbe BooleanResponse 
- Limit probe response base on some heuristic rules
- maxIdletime Integer
- Max idle time in seconds
- maxNum IntegerClients 
- Maximum number of client connected to the SSID. 0means unlimited
- mistNac GetWlans Org Wlan Mist Nac 
- modifiedTime Double
- When the object has been modified for the last time, in epoch
- mspId String
- mxtunnelIds List<String>
- When interface=mxtunnel, id of the Mist Tunnel
- mxtunnelNames List<String>
- When interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting
- noStatic BooleanDns 
- Whether to only allow client to use DNS that we’ve learned from DHCP response
- noStatic BooleanIp 
- Whether to only allow client that we’ve learned from DHCP exchange to talk
- orgId String
- portal
GetWlans Org Wlan Portal 
- Portal wlan settings
- portalAllowed List<String>Hostnames 
- List of hostnames without http(s):// (matched by substring)
- portalAllowed List<String>Subnets 
- List of CIDRs
- portalApi StringSecret 
- APi secret (auto-generated) that can be used to sign guest authorization requests
- portalDenied List<String>Hostnames 
- List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- portalImage String
- Url of portal background image
- portalSso StringUrl 
- qos
GetWlans Org Wlan Qos 
- radsec
GetWlans Org Wlan Radsec 
- RadSec settings
- rateset
Map<String,GetWlans Org Wlan Rateset> 
- Property key is the RF band. enum: 24,5,6
- reconnectClients BooleanWhen Roaming Mxcluster 
- When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roamMode String
- enum: 11r,OKC,NONE
- schedule
GetWlans Org Wlan Schedule 
- WLAN operating schedule, default is disabled
- sleExcluded Boolean
- Whether to exclude this WLAN from SLE metrics
- ssid String
- Name of the SSID
- templateId String
- useEapol BooleanV1 
- If auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
- vlanEnabled Boolean
- If vlan tagging is enabled
- vlanId String
- vlanIds List<String>
- if vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool
- vlanPooling Boolean
- Requires vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- wlanLimit StringDown 
- wlanLimit BooleanDown Enabled 
- If downlink limiting for whole wlan is enabled
- wlanLimit StringUp 
- wlanLimit BooleanUp Enabled 
- If uplink limiting for whole wlan is enabled
- wxtagIds List<String>
- List of wxtag_ids
- wxtunnelId String
- When interface=wxtunnel, id of the WXLAN Tunnel
- wxtunnelRemote StringId 
- When interface=wxtunnel, remote tunnel identifier
- acctImmediate booleanUpdate 
- Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acctInterim numberInterval 
- How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acctServers GetWlans Org Wlan Acct Server[] 
- List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
GetWlans Org Wlan Airwatch 
- Airwatch wlan settings
- allowIpv6Ndp boolean
- Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allowMdns boolean
- Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allowSsdp boolean
- Only applicable when limit_bcast==true, which allows SSDP
- apIds string[]
- List of device ids
- appLimit GetWlans Org Wlan App Limit 
- Bandwidth limiting for apps (applies to up/down)
- appQos GetWlans Org Wlan App Qos 
- APp qos wlan settings
- applyTo string
- enum: aps,site,wxtags
- arpFilter boolean
- Whether to enable smart arp filter
- auth
GetWlans Org Wlan Auth 
- Authentication wlan settings
- authServer stringSelection 
- When ordered, AP will prefer and go back to the first server if possible. enum: ordered,unordered
- authServers GetWlans Org Wlan Auth Server[] 
- List of RADIUS authentication servers, at least one is needed if auth type==eap, order matters where the first one is treated as primary
- authServers stringNas Id 
- Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- authServers stringNas Ip 
- Optional, NAS-IP-ADDRESS to use
- authServers numberRetries 
- Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- authServers numberTimeout 
- Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- bandSteer boolean
- Whether to enable band_steering, this works only when band==both
- bandSteer booleanForce Band5 
- Force dual_band capable client to connect to 5G
- bands string[]
- List of radios that the wlan should apply to.
- blockBlacklist booleanClients 
- Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
GetWlans Org Wlan Bonjour 
- Bonjour gateway wlan settings
- ciscoCwa GetWlans Org Wlan Cisco Cwa 
- Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- clientLimit stringDown 
- clientLimit booleanDown Enabled 
- If downlink limiting per-client is enabled
- clientLimit stringUp 
- clientLimit booleanUp Enabled 
- If uplink limiting per-client is enabled
- coaServers GetWlans Org Wlan Coa Server[] 
- List of COA (change of authorization) servers, optional
- createdTime number
- When the object has been created, in epoch
- disable11ax boolean
- Some old WLAN drivers may not be compatible
- disable11be boolean
- To disable Wi-Fi 7 EHT IEs
- disableHt booleanVht Rates 
- To disable ht or vht rates
- disableUapsd boolean
- Whether to disable U-APSD
- disableV1Roam booleanNotify 
- Disable sending v2 roam notification messages
- disableV2Roam booleanNotify 
- Disable sending v2 roam notification messages
- disableWhen booleanGateway Unreachable 
- When any of the following is true, this WLAN will be disabled- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
 
- disableWhen booleanMxtunnel Down 
- disableWmm boolean
- Whether to disable WMM
- dnsServer GetRewrite Wlans Org Wlan Dns Server Rewrite 
- For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim number
- dynamicPsk GetWlans Org Wlan Dynamic Psk 
- For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e. enable_mac_authis assumed)
- AP sends BSSID:SSID as Caller-Station-ID
- auth_serversis required
- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
- multi_psk_onlyand- pskis ignored
- pairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
 
- dynamicVlan GetWlans Org Wlan Dynamic Vlan 
- For 802.1x
- enableLocal booleanKeycaching 
- Enable AP-AP keycaching via multicast
- enableWireless booleanBridging 
- By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- enableWireless booleanBridging Dhcp Tracking 
- If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled boolean
- If this wlan is enabled
- fastDot1x booleanTimers 
- If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hideSsid boolean
- Whether to hide SSID in beacon
- hostnameIe boolean
- Include hostname inside IE in AP beacons / probe responses
- hotspot20
GetWlans Org Wlan Hotspot20 
- Hostspot 2.0 wlan settings
- id string
- Unique ID of the object instance in the Mist Organization
- injectDhcp GetOption82 Wlans Org Wlan Inject Dhcp Option82 
- interface string
- where this WLAN will be connected to. enum: all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel
- isolation boolean
- Whether to stop clients to talk to each other
- l2Isolation boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacyOverds boolean
- Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limitBcast boolean
- Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limitProbe booleanResponse 
- Limit probe response base on some heuristic rules
- maxIdletime number
- Max idle time in seconds
- maxNum numberClients 
- Maximum number of client connected to the SSID. 0means unlimited
- mistNac GetWlans Org Wlan Mist Nac 
- modifiedTime number
- When the object has been modified for the last time, in epoch
- mspId string
- mxtunnelIds string[]
- When interface=mxtunnel, id of the Mist Tunnel
- mxtunnelNames string[]
- When interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting
- noStatic booleanDns 
- Whether to only allow client to use DNS that we’ve learned from DHCP response
- noStatic booleanIp 
- Whether to only allow client that we’ve learned from DHCP exchange to talk
- orgId string
- portal
GetWlans Org Wlan Portal 
- Portal wlan settings
- portalAllowed string[]Hostnames 
- List of hostnames without http(s):// (matched by substring)
- portalAllowed string[]Subnets 
- List of CIDRs
- portalApi stringSecret 
- APi secret (auto-generated) that can be used to sign guest authorization requests
- portalDenied string[]Hostnames 
- List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- portalImage string
- Url of portal background image
- portalSso stringUrl 
- qos
GetWlans Org Wlan Qos 
- radsec
GetWlans Org Wlan Radsec 
- RadSec settings
- rateset
{[key: string]: GetWlans Org Wlan Rateset} 
- Property key is the RF band. enum: 24,5,6
- reconnectClients booleanWhen Roaming Mxcluster 
- When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roamMode string
- enum: 11r,OKC,NONE
- schedule
GetWlans Org Wlan Schedule 
- WLAN operating schedule, default is disabled
- sleExcluded boolean
- Whether to exclude this WLAN from SLE metrics
- ssid string
- Name of the SSID
- templateId string
- useEapol booleanV1 
- If auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
- vlanEnabled boolean
- If vlan tagging is enabled
- vlanId string
- vlanIds string[]
- if vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool
- vlanPooling boolean
- Requires vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- wlanLimit stringDown 
- wlanLimit booleanDown Enabled 
- If downlink limiting for whole wlan is enabled
- wlanLimit stringUp 
- wlanLimit booleanUp Enabled 
- If uplink limiting for whole wlan is enabled
- wxtagIds string[]
- List of wxtag_ids
- wxtunnelId string
- When interface=wxtunnel, id of the WXLAN Tunnel
- wxtunnelRemote stringId 
- When interface=wxtunnel, remote tunnel identifier
- acct_immediate_ boolupdate 
- Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acct_interim_ intinterval 
- How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acct_servers Sequence[GetWlans Org Wlan Acct Server] 
- List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch
GetWlans Org Wlan Airwatch 
- Airwatch wlan settings
- allow_ipv6_ boolndp 
- Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allow_mdns bool
- Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allow_ssdp bool
- Only applicable when limit_bcast==true, which allows SSDP
- ap_ids Sequence[str]
- List of device ids
- app_limit GetWlans Org Wlan App Limit 
- Bandwidth limiting for apps (applies to up/down)
- app_qos GetWlans Org Wlan App Qos 
- APp qos wlan settings
- apply_to str
- enum: aps,site,wxtags
- arp_filter bool
- Whether to enable smart arp filter
- auth
GetWlans Org Wlan Auth 
- Authentication wlan settings
- auth_server_ strselection 
- When ordered, AP will prefer and go back to the first server if possible. enum: ordered,unordered
- auth_servers Sequence[GetWlans Org Wlan Auth Server] 
- List of RADIUS authentication servers, at least one is needed if auth type==eap, order matters where the first one is treated as primary
- auth_servers_ strnas_ id 
- Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- auth_servers_ strnas_ ip 
- Optional, NAS-IP-ADDRESS to use
- auth_servers_ intretries 
- Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- auth_servers_ inttimeout 
- Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- band_steer bool
- Whether to enable band_steering, this works only when band==both
- band_steer_ boolforce_ band5 
- Force dual_band capable client to connect to 5G
- bands Sequence[str]
- List of radios that the wlan should apply to.
- block_blacklist_ boolclients 
- Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour
GetWlans Org Wlan Bonjour 
- Bonjour gateway wlan settings
- cisco_cwa GetWlans Org Wlan Cisco Cwa 
- Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- client_limit_ strdown 
- client_limit_ booldown_ enabled 
- If downlink limiting per-client is enabled
- client_limit_ strup 
- client_limit_ boolup_ enabled 
- If uplink limiting per-client is enabled
- coa_servers Sequence[GetWlans Org Wlan Coa Server] 
- List of COA (change of authorization) servers, optional
- created_time float
- When the object has been created, in epoch
- disable11ax bool
- Some old WLAN drivers may not be compatible
- disable11be bool
- To disable Wi-Fi 7 EHT IEs
- disable_ht_ boolvht_ rates 
- To disable ht or vht rates
- disable_uapsd bool
- Whether to disable U-APSD
- disable_v1_ boolroam_ notify 
- Disable sending v2 roam notification messages
- disable_v2_ boolroam_ notify 
- Disable sending v2 roam notification messages
- disable_when_ boolgateway_ unreachable 
- When any of the following is true, this WLAN will be disabled- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
 
- disable_when_ boolmxtunnel_ down 
- disable_wmm bool
- Whether to disable WMM
- dns_server_ Getrewrite Wlans Org Wlan Dns Server Rewrite 
- For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim int
- dynamic_psk GetWlans Org Wlan Dynamic Psk 
- For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e. enable_mac_authis assumed)
- AP sends BSSID:SSID as Caller-Station-ID
- auth_serversis required
- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
- multi_psk_onlyand- pskis ignored
- pairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
 
- dynamic_vlan GetWlans Org Wlan Dynamic Vlan 
- For 802.1x
- enable_local_ boolkeycaching 
- Enable AP-AP keycaching via multicast
- enable_wireless_ boolbridging 
- By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- enable_wireless_ boolbridging_ dhcp_ tracking 
- If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled bool
- If this wlan is enabled
- fast_dot1x_ booltimers 
- If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hide_ssid bool
- Whether to hide SSID in beacon
- hostname_ie bool
- Include hostname inside IE in AP beacons / probe responses
- hotspot20
GetWlans Org Wlan Hotspot20 
- Hostspot 2.0 wlan settings
- id str
- Unique ID of the object instance in the Mist Organization
- inject_dhcp_ Getoption82 Wlans Org Wlan Inject Dhcp Option82 
- interface str
- where this WLAN will be connected to. enum: all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel
- isolation bool
- Whether to stop clients to talk to each other
- l2_isolation bool
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacy_overds bool
- Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limit_bcast bool
- Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limit_probe_ boolresponse 
- Limit probe response base on some heuristic rules
- max_idletime int
- Max idle time in seconds
- max_num_ intclients 
- Maximum number of client connected to the SSID. 0means unlimited
- mist_nac GetWlans Org Wlan Mist Nac 
- modified_time float
- When the object has been modified for the last time, in epoch
- msp_id str
- mxtunnel_ids Sequence[str]
- When interface=mxtunnel, id of the Mist Tunnel
- mxtunnel_names Sequence[str]
- When interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting
- no_static_ booldns 
- Whether to only allow client to use DNS that we’ve learned from DHCP response
- no_static_ boolip 
- Whether to only allow client that we’ve learned from DHCP exchange to talk
- org_id str
- portal
GetWlans Org Wlan Portal 
- Portal wlan settings
- portal_allowed_ Sequence[str]hostnames 
- List of hostnames without http(s):// (matched by substring)
- portal_allowed_ Sequence[str]subnets 
- List of CIDRs
- portal_api_ strsecret 
- APi secret (auto-generated) that can be used to sign guest authorization requests
- portal_denied_ Sequence[str]hostnames 
- List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- portal_image str
- Url of portal background image
- portal_sso_ strurl 
- qos
GetWlans Org Wlan Qos 
- radsec
GetWlans Org Wlan Radsec 
- RadSec settings
- rateset
Mapping[str, GetWlans Org Wlan Rateset] 
- Property key is the RF band. enum: 24,5,6
- reconnect_clients_ boolwhen_ roaming_ mxcluster 
- When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roam_mode str
- enum: 11r,OKC,NONE
- schedule
GetWlans Org Wlan Schedule 
- WLAN operating schedule, default is disabled
- sle_excluded bool
- Whether to exclude this WLAN from SLE metrics
- ssid str
- Name of the SSID
- template_id str
- use_eapol_ boolv1 
- If auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
- vlan_enabled bool
- If vlan tagging is enabled
- vlan_id str
- vlan_ids Sequence[str]
- if vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool
- vlan_pooling bool
- Requires vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- wlan_limit_ strdown 
- wlan_limit_ booldown_ enabled 
- If downlink limiting for whole wlan is enabled
- wlan_limit_ strup 
- wlan_limit_ boolup_ enabled 
- If uplink limiting for whole wlan is enabled
- wxtag_ids Sequence[str]
- List of wxtag_ids
- wxtunnel_id str
- When interface=wxtunnel, id of the WXLAN Tunnel
- wxtunnel_remote_ strid 
- When interface=wxtunnel, remote tunnel identifier
- acctImmediate BooleanUpdate 
- Enable coa-immediate-update and address-change-immediate-update on the access profile.
- acctInterim NumberInterval 
- How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
- acctServers List<Property Map>
- List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
- airwatch Property Map
- Airwatch wlan settings
- allowIpv6Ndp Boolean
- Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
- allowMdns Boolean
- Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
- allowSsdp Boolean
- Only applicable when limit_bcast==true, which allows SSDP
- apIds List<String>
- List of device ids
- appLimit Property Map
- Bandwidth limiting for apps (applies to up/down)
- appQos Property Map
- APp qos wlan settings
- applyTo String
- enum: aps,site,wxtags
- arpFilter Boolean
- Whether to enable smart arp filter
- auth Property Map
- Authentication wlan settings
- authServer StringSelection 
- When ordered, AP will prefer and go back to the first server if possible. enum: ordered,unordered
- authServers List<Property Map>
- List of RADIUS authentication servers, at least one is needed if auth type==eap, order matters where the first one is treated as primary
- authServers StringNas Id 
- Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
- authServers StringNas Ip 
- Optional, NAS-IP-ADDRESS to use
- authServers NumberRetries 
- Radius auth session retries. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3.
- authServers NumberTimeout 
- Radius auth session timeout. Following fast timers are set if "fast_dot1x_timers" knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10.
- bandSteer Boolean
- Whether to enable band_steering, this works only when band==both
- bandSteer BooleanForce Band5 
- Force dual_band capable client to connect to 5G
- bands List<String>
- List of radios that the wlan should apply to.
- blockBlacklist BooleanClients 
- Whether to block the clients in the blacklist (up to first 256 macs)
- bonjour Property Map
- Bonjour gateway wlan settings
- ciscoCwa Property Map
- Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- clientLimit StringDown 
- clientLimit BooleanDown Enabled 
- If downlink limiting per-client is enabled
- clientLimit StringUp 
- clientLimit BooleanUp Enabled 
- If uplink limiting per-client is enabled
- coaServers List<Property Map>
- List of COA (change of authorization) servers, optional
- createdTime Number
- When the object has been created, in epoch
- disable11ax Boolean
- Some old WLAN drivers may not be compatible
- disable11be Boolean
- To disable Wi-Fi 7 EHT IEs
- disableHt BooleanVht Rates 
- To disable ht or vht rates
- disableUapsd Boolean
- Whether to disable U-APSD
- disableV1Roam BooleanNotify 
- Disable sending v2 roam notification messages
- disableV2Roam BooleanNotify 
- Disable sending v2 roam notification messages
- disableWhen BooleanGateway Unreachable 
- When any of the following is true, this WLAN will be disabled- cannot get IP
- cannot obtain default gateway
- cannot reach default gateway
 
- disableWhen BooleanMxtunnel Down 
- disableWmm Boolean
- Whether to disable WMM
- dnsServer Property MapRewrite 
- For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
- dtim Number
- dynamicPsk Property Map
- For dynamic PSK where we get per_user PSK from Radius. dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)- PSK will come from RADIUS server
- AP sends client MAC as username and password (i.e. enable_mac_authis assumed)
- AP sends BSSID:SSID as Caller-Station-ID
- auth_serversis required
- PSK will come from cloud WLC if source is cloud_psks
- default_psk will be used if cloud WLC is not available
- multi_psk_onlyand- pskis ignored
- pairwisecan only be wpa2-ccmp (for now, wpa3 support on the roadmap)
 
- dynamicVlan Property Map
- For 802.1x
- enableLocal BooleanKeycaching 
- Enable AP-AP keycaching via multicast
- enableWireless BooleanBridging 
- By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
- enableWireless BooleanBridging Dhcp Tracking 
- If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
- enabled Boolean
- If this wlan is enabled
- fastDot1x BooleanTimers 
- If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
- hideSsid Boolean
- Whether to hide SSID in beacon
- hostnameIe Boolean
- Include hostname inside IE in AP beacons / probe responses
- hotspot20 Property Map
- Hostspot 2.0 wlan settings
- id String
- Unique ID of the object instance in the Mist Organization
- injectDhcp Property MapOption82 
- interface String
- where this WLAN will be connected to. enum: all,eth0,eth1,eth2,eth3,mxtunnel,site_mxedge,wxtunnel
- isolation Boolean
- Whether to stop clients to talk to each other
- l2Isolation Boolean
- If isolation is enabled, whether to deny clients to talk to L2 on the LAN
- legacyOverds Boolean
- Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
- limitBcast Boolean
- Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
- limitProbe BooleanResponse 
- Limit probe response base on some heuristic rules
- maxIdletime Number
- Max idle time in seconds
- maxNum NumberClients 
- Maximum number of client connected to the SSID. 0means unlimited
- mistNac Property Map
- modifiedTime Number
- When the object has been modified for the last time, in epoch
- mspId String
- mxtunnelIds List<String>
- When interface=mxtunnel, id of the Mist Tunnel
- mxtunnelNames List<String>
- When interface=site_mxedge, name of the mxtunnel that in mxtunnels under Site Setting
- noStatic BooleanDns 
- Whether to only allow client to use DNS that we’ve learned from DHCP response
- noStatic BooleanIp 
- Whether to only allow client that we’ve learned from DHCP exchange to talk
- orgId String
- portal Property Map
- Portal wlan settings
- portalAllowed List<String>Hostnames 
- List of hostnames without http(s):// (matched by substring)
- portalAllowed List<String>Subnets 
- List of CIDRs
- portalApi StringSecret 
- APi secret (auto-generated) that can be used to sign guest authorization requests
- portalDenied List<String>Hostnames 
- List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
- portalImage String
- Url of portal background image
- portalSso StringUrl 
- qos Property Map
- radsec Property Map
- RadSec settings
- rateset Map<Property Map>
- Property key is the RF band. enum: 24,5,6
- reconnectClients BooleanWhen Roaming Mxcluster 
- When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
- roamMode String
- enum: 11r,OKC,NONE
- schedule Property Map
- WLAN operating schedule, default is disabled
- sleExcluded Boolean
- Whether to exclude this WLAN from SLE metrics
- ssid String
- Name of the SSID
- templateId String
- useEapol BooleanV1 
- If auth.type==eaporauth.type==psk, should only be set for legacy client, such as pre-2004, 802.11b devices
- vlanEnabled Boolean
- If vlan tagging is enabled
- vlanId String
- vlanIds List<String>
- if vlan_enabled==trueandvlan_pooling==true. List of VLAN IDs (comma separated) to be used in the VLAN Pool
- vlanPooling Boolean
- Requires vlan_enabled==trueto be set totrue. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
- wlanLimit StringDown 
- wlanLimit BooleanDown Enabled 
- If downlink limiting for whole wlan is enabled
- wlanLimit StringUp 
- wlanLimit BooleanUp Enabled 
- If uplink limiting for whole wlan is enabled
- wxtagIds List<String>
- List of wxtag_ids
- wxtunnelId String
- When interface=wxtunnel, id of the WXLAN Tunnel
- wxtunnelRemote StringId 
- When interface=wxtunnel, remote tunnel identifier
GetWlansOrgWlanAcctServer     
- Host string
- IP/ hostname of RADIUS server
- KeywrapEnabled bool
- KeywrapFormat string
- enum: ascii,hex
- KeywrapKek string
- KeywrapMack string
- Port string
- Secret string
- Secret of RADIUS server
- Host string
- IP/ hostname of RADIUS server
- KeywrapEnabled bool
- KeywrapFormat string
- enum: ascii,hex
- KeywrapKek string
- KeywrapMack string
- Port string
- Secret string
- Secret of RADIUS server
- host String
- IP/ hostname of RADIUS server
- keywrapEnabled Boolean
- keywrapFormat String
- enum: ascii,hex
- keywrapKek String
- keywrapMack String
- port String
- secret String
- Secret of RADIUS server
- host string
- IP/ hostname of RADIUS server
- keywrapEnabled boolean
- keywrapFormat string
- enum: ascii,hex
- keywrapKek string
- keywrapMack string
- port string
- secret string
- Secret of RADIUS server
- host str
- IP/ hostname of RADIUS server
- keywrap_enabled bool
- keywrap_format str
- enum: ascii,hex
- keywrap_kek str
- keywrap_mack str
- port str
- secret str
- Secret of RADIUS server
- host String
- IP/ hostname of RADIUS server
- keywrapEnabled Boolean
- keywrapFormat String
- enum: ascii,hex
- keywrapKek String
- keywrapMack String
- port String
- secret String
- Secret of RADIUS server
GetWlansOrgWlanAirwatch    
- ApiKey string
- API Key
- ConsoleUrl string
- Console URL
- Enabled bool
- Password string
- Password
- Username string
- Username
- ApiKey string
- API Key
- ConsoleUrl string
- Console URL
- Enabled bool
- Password string
- Password
- Username string
- Username
- apiKey String
- API Key
- consoleUrl String
- Console URL
- enabled Boolean
- password String
- Password
- username String
- Username
- apiKey string
- API Key
- consoleUrl string
- Console URL
- enabled boolean
- password string
- Password
- username string
- Username
- api_key str
- API Key
- console_url str
- Console URL
- enabled bool
- password str
- Password
- username str
- Username
- apiKey String
- API Key
- consoleUrl String
- Console URL
- enabled Boolean
- password String
- Password
- username String
- Username
GetWlansOrgWlanAppLimit     
GetWlansOrgWlanAppQos     
- Apps
Dictionary<string, Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan App Qos Apps> 
- Enabled bool
- Others
List<Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan App Qos Other> 
- Apps
map[string]GetWlans Org Wlan App Qos Apps 
- Enabled bool
- Others
[]GetWlans Org Wlan App Qos Other 
- apps
Map<String,GetWlans Org Wlan App Qos Apps> 
- enabled Boolean
- others
List<GetWlans Org Wlan App Qos Other> 
- apps
{[key: string]: GetWlans Org Wlan App Qos Apps} 
- enabled boolean
- others
GetWlans Org Wlan App Qos Other[] 
- apps
Mapping[str, GetWlans Org Wlan App Qos Apps] 
- enabled bool
- others
Sequence[GetWlans Org Wlan App Qos Other] 
- apps Map<Property Map>
- enabled Boolean
- others List<Property Map>
GetWlansOrgWlanAppQosApps      
- dscp str
- dst_subnet str
- Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
- src_subnet str
- Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
GetWlansOrgWlanAppQosOther      
- Dscp string
- DstSubnet string
- PortRanges string
- Protocol string
- SrcSubnet string
- Dscp string
- DstSubnet string
- PortRanges string
- Protocol string
- SrcSubnet string
- dscp String
- dstSubnet String
- portRanges String
- protocol String
- srcSubnet String
- dscp string
- dstSubnet string
- portRanges string
- protocol string
- srcSubnet string
- dscp str
- dst_subnet str
- port_ranges str
- protocol str
- src_subnet str
- dscp String
- dstSubnet String
- portRanges String
- protocol String
- srcSubnet String
GetWlansOrgWlanAuth    
- AnticlogThreshold int
- SAE anti-clogging token threshold
- EapReauth bool
- Whether to trigger EAP reauth when the session ends
- EnableMac boolAuth 
- Whether to enable MAC Auth, uses the same auth_servers
- KeyIdx int
- When type==wep
- Keys List<string>
- When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- MultiPsk boolOnly 
- When type==psk, whether to only use multi_psk
- Owe string
- if type==open. enum:disabled,enabled(means transition mode),required
- Pairwises List<string>
- When type=pskortype=eap, one or more ofwpa1-ccmp,wpa1-tkip,wpa2-ccmp,wpa2-tkip,wpa3
- PrivateWlan bool
- When multi_psk_only==true, whether private wlan is enabled
- Psk string
- When type==psk, 8-64 characters, or 64 hex characters
- Type string
- enum: eap,eap192,open,psk,psk-tkip,psk-wpa2-tkip,wep
- WepAs boolSecondary Auth 
- Enable WEP as secondary auth
- AnticlogThreshold int
- SAE anti-clogging token threshold
- EapReauth bool
- Whether to trigger EAP reauth when the session ends
- EnableMac boolAuth 
- Whether to enable MAC Auth, uses the same auth_servers
- KeyIdx int
- When type==wep
- Keys []string
- When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- MultiPsk boolOnly 
- When type==psk, whether to only use multi_psk
- Owe string
- if type==open. enum:disabled,enabled(means transition mode),required
- Pairwises []string
- When type=pskortype=eap, one or more ofwpa1-ccmp,wpa1-tkip,wpa2-ccmp,wpa2-tkip,wpa3
- PrivateWlan bool
- When multi_psk_only==true, whether private wlan is enabled
- Psk string
- When type==psk, 8-64 characters, or 64 hex characters
- Type string
- enum: eap,eap192,open,psk,psk-tkip,psk-wpa2-tkip,wep
- WepAs boolSecondary Auth 
- Enable WEP as secondary auth
- anticlogThreshold Integer
- SAE anti-clogging token threshold
- eapReauth Boolean
- Whether to trigger EAP reauth when the session ends
- enableMac BooleanAuth 
- Whether to enable MAC Auth, uses the same auth_servers
- keyIdx Integer
- When type==wep
- keys List<String>
- When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- multiPsk BooleanOnly 
- When type==psk, whether to only use multi_psk
- owe String
- if type==open. enum:disabled,enabled(means transition mode),required
- pairwises List<String>
- When type=pskortype=eap, one or more ofwpa1-ccmp,wpa1-tkip,wpa2-ccmp,wpa2-tkip,wpa3
- privateWlan Boolean
- When multi_psk_only==true, whether private wlan is enabled
- psk String
- When type==psk, 8-64 characters, or 64 hex characters
- type String
- enum: eap,eap192,open,psk,psk-tkip,psk-wpa2-tkip,wep
- wepAs BooleanSecondary Auth 
- Enable WEP as secondary auth
- anticlogThreshold number
- SAE anti-clogging token threshold
- eapReauth boolean
- Whether to trigger EAP reauth when the session ends
- enableMac booleanAuth 
- Whether to enable MAC Auth, uses the same auth_servers
- keyIdx number
- When type==wep
- keys string[]
- When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- multiPsk booleanOnly 
- When type==psk, whether to only use multi_psk
- owe string
- if type==open. enum:disabled,enabled(means transition mode),required
- pairwises string[]
- When type=pskortype=eap, one or more ofwpa1-ccmp,wpa1-tkip,wpa2-ccmp,wpa2-tkip,wpa3
- privateWlan boolean
- When multi_psk_only==true, whether private wlan is enabled
- psk string
- When type==psk, 8-64 characters, or 64 hex characters
- type string
- enum: eap,eap192,open,psk,psk-tkip,psk-wpa2-tkip,wep
- wepAs booleanSecondary Auth 
- Enable WEP as secondary auth
- anticlog_threshold int
- SAE anti-clogging token threshold
- eap_reauth bool
- Whether to trigger EAP reauth when the session ends
- enable_mac_ boolauth 
- Whether to enable MAC Auth, uses the same auth_servers
- key_idx int
- When type==wep
- keys Sequence[str]
- When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- multi_psk_ boolonly 
- When type==psk, whether to only use multi_psk
- owe str
- if type==open. enum:disabled,enabled(means transition mode),required
- pairwises Sequence[str]
- When type=pskortype=eap, one or more ofwpa1-ccmp,wpa1-tkip,wpa2-ccmp,wpa2-tkip,wpa3
- private_wlan bool
- When multi_psk_only==true, whether private wlan is enabled
- psk str
- When type==psk, 8-64 characters, or 64 hex characters
- type str
- enum: eap,eap192,open,psk,psk-tkip,psk-wpa2-tkip,wep
- wep_as_ boolsecondary_ auth 
- Enable WEP as secondary auth
- anticlogThreshold Number
- SAE anti-clogging token threshold
- eapReauth Boolean
- Whether to trigger EAP reauth when the session ends
- enableMac BooleanAuth 
- Whether to enable MAC Auth, uses the same auth_servers
- keyIdx Number
- When type==wep
- keys List<String>
- When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
- multiPsk BooleanOnly 
- When type==psk, whether to only use multi_psk
- owe String
- if type==open. enum:disabled,enabled(means transition mode),required
- pairwises List<String>
- When type=pskortype=eap, one or more ofwpa1-ccmp,wpa1-tkip,wpa2-ccmp,wpa2-tkip,wpa3
- privateWlan Boolean
- When multi_psk_only==true, whether private wlan is enabled
- psk String
- When type==psk, 8-64 characters, or 64 hex characters
- type String
- enum: eap,eap192,open,psk,psk-tkip,psk-wpa2-tkip,wep
- wepAs BooleanSecondary Auth 
- Enable WEP as secondary auth
GetWlansOrgWlanAuthServer     
- Host string
- IP/ hostname of RADIUS server
- KeywrapEnabled bool
- KeywrapFormat string
- enum: ascii,hex
- KeywrapKek string
- KeywrapMack string
- Port string
- RequireMessage boolAuthenticator 
- Whether to require Message-Authenticator in requests
- Secret string
- Secret of RADIUS server
- Host string
- IP/ hostname of RADIUS server
- KeywrapEnabled bool
- KeywrapFormat string
- enum: ascii,hex
- KeywrapKek string
- KeywrapMack string
- Port string
- RequireMessage boolAuthenticator 
- Whether to require Message-Authenticator in requests
- Secret string
- Secret of RADIUS server
- host String
- IP/ hostname of RADIUS server
- keywrapEnabled Boolean
- keywrapFormat String
- enum: ascii,hex
- keywrapKek String
- keywrapMack String
- port String
- requireMessage BooleanAuthenticator 
- Whether to require Message-Authenticator in requests
- secret String
- Secret of RADIUS server
- host string
- IP/ hostname of RADIUS server
- keywrapEnabled boolean
- keywrapFormat string
- enum: ascii,hex
- keywrapKek string
- keywrapMack string
- port string
- requireMessage booleanAuthenticator 
- Whether to require Message-Authenticator in requests
- secret string
- Secret of RADIUS server
- host str
- IP/ hostname of RADIUS server
- keywrap_enabled bool
- keywrap_format str
- enum: ascii,hex
- keywrap_kek str
- keywrap_mack str
- port str
- require_message_ boolauthenticator 
- Whether to require Message-Authenticator in requests
- secret str
- Secret of RADIUS server
- host String
- IP/ hostname of RADIUS server
- keywrapEnabled Boolean
- keywrapFormat String
- enum: ascii,hex
- keywrapKek String
- keywrapMack String
- port String
- requireMessage BooleanAuthenticator 
- Whether to require Message-Authenticator in requests
- secret String
- Secret of RADIUS server
GetWlansOrgWlanBonjour    
- AdditionalVlan List<string>Ids 
- additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- Enabled bool
- Whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- Services
Dictionary<string, Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Bonjour Services> 
- What services are allowed. Property key is the service name
- AdditionalVlan []stringIds 
- additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- Enabled bool
- Whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- Services
map[string]GetWlans Org Wlan Bonjour Services 
- What services are allowed. Property key is the service name
- additionalVlan List<String>Ids 
- additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled Boolean
- Whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- services
Map<String,GetWlans Org Wlan Bonjour Services> 
- What services are allowed. Property key is the service name
- additionalVlan string[]Ids 
- additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled boolean
- Whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- services
{[key: string]: GetWlans Org Wlan Bonjour Services} 
- What services are allowed. Property key is the service name
- additional_vlan_ Sequence[str]ids 
- additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled bool
- Whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- services
Mapping[str, GetWlans Org Wlan Bonjour Services] 
- What services are allowed. Property key is the service name
- additionalVlan List<String>Ids 
- additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
- enabled Boolean
- Whether to enable bonjour for this WLAN. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
- services Map<Property Map>
- What services are allowed. Property key is the service name
GetWlansOrgWlanBonjourServices     
- DisableLocal bool
- Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- RadiusGroups List<string>
- Optional, if the service is further restricted for certain RADIUS groups
- Scope string
- how bonjour services should be discovered for the same WLAN. enum: same_ap,same_map,same_site
- DisableLocal bool
- Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- RadiusGroups []string
- Optional, if the service is further restricted for certain RADIUS groups
- Scope string
- how bonjour services should be discovered for the same WLAN. enum: same_ap,same_map,same_site
- disableLocal Boolean
- Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radiusGroups List<String>
- Optional, if the service is further restricted for certain RADIUS groups
- scope String
- how bonjour services should be discovered for the same WLAN. enum: same_ap,same_map,same_site
- disableLocal boolean
- Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radiusGroups string[]
- Optional, if the service is further restricted for certain RADIUS groups
- scope string
- how bonjour services should be discovered for the same WLAN. enum: same_ap,same_map,same_site
- disable_local bool
- Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radius_groups Sequence[str]
- Optional, if the service is further restricted for certain RADIUS groups
- scope str
- how bonjour services should be discovered for the same WLAN. enum: same_ap,same_map,same_site
- disableLocal Boolean
- Whether to prevent wireless clients to discover bonjour devices on the same WLAN
- radiusGroups List<String>
- Optional, if the service is further restricted for certain RADIUS groups
- scope String
- how bonjour services should be discovered for the same WLAN. enum: same_ap,same_map,same_site
GetWlansOrgWlanCiscoCwa     
- AllowedHostnames List<string>
- List of hostnames without http(s):// (matched by substring)
- AllowedSubnets List<string>
- List of CIDRs
- BlockedSubnets List<string>
- List of blocked CIDRs
- Enabled bool
- AllowedHostnames []string
- List of hostnames without http(s):// (matched by substring)
- AllowedSubnets []string
- List of CIDRs
- BlockedSubnets []string
- List of blocked CIDRs
- Enabled bool
- allowedHostnames List<String>
- List of hostnames without http(s):// (matched by substring)
- allowedSubnets List<String>
- List of CIDRs
- blockedSubnets List<String>
- List of blocked CIDRs
- enabled Boolean
- allowedHostnames string[]
- List of hostnames without http(s):// (matched by substring)
- allowedSubnets string[]
- List of CIDRs
- blockedSubnets string[]
- List of blocked CIDRs
- enabled boolean
- allowed_hostnames Sequence[str]
- List of hostnames without http(s):// (matched by substring)
- allowed_subnets Sequence[str]
- List of CIDRs
- blocked_subnets Sequence[str]
- List of blocked CIDRs
- enabled bool
- allowedHostnames List<String>
- List of hostnames without http(s):// (matched by substring)
- allowedSubnets List<String>
- List of CIDRs
- blockedSubnets List<String>
- List of blocked CIDRs
- enabled Boolean
GetWlansOrgWlanCoaServer     
- DisableEvent boolTimestamp Check 
- Whether to disable Event-Timestamp Check
- Enabled bool
- Ip string
- Port string
- Secret string
- DisableEvent boolTimestamp Check 
- Whether to disable Event-Timestamp Check
- Enabled bool
- Ip string
- Port string
- Secret string
- disableEvent BooleanTimestamp Check 
- Whether to disable Event-Timestamp Check
- enabled Boolean
- ip String
- port String
- secret String
- disableEvent booleanTimestamp Check 
- Whether to disable Event-Timestamp Check
- enabled boolean
- ip string
- port string
- secret string
- disable_event_ booltimestamp_ check 
- Whether to disable Event-Timestamp Check
- enabled bool
- ip str
- port str
- secret str
- disableEvent BooleanTimestamp Check 
- Whether to disable Event-Timestamp Check
- enabled Boolean
- ip String
- port String
- secret String
GetWlansOrgWlanDnsServerRewrite      
- Enabled bool
- RadiusGroups Dictionary<string, string>
- Map between radius_group and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- Enabled bool
- RadiusGroups map[string]string
- Map between radius_group and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled Boolean
- radiusGroups Map<String,String>
- Map between radius_group and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled boolean
- radiusGroups {[key: string]: string}
- Map between radius_group and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled bool
- radius_groups Mapping[str, str]
- Map between radius_group and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
- enabled Boolean
- radiusGroups Map<String>
- Map between radius_group and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
GetWlansOrgWlanDynamicPsk     
- DefaultPsk string
- Default PSK to use if cloud WLC is not available, 8-63 characters
- DefaultVlan stringId 
- Enabled bool
- ForceLookup bool
- When 11r is enabled, we'll try to use the cached PMK, this can be disabled. falsemeans auto
- Source string
- enum: cloud_psks,radius
- DefaultPsk string
- Default PSK to use if cloud WLC is not available, 8-63 characters
- DefaultVlan stringId 
- Enabled bool
- ForceLookup bool
- When 11r is enabled, we'll try to use the cached PMK, this can be disabled. falsemeans auto
- Source string
- enum: cloud_psks,radius
- defaultPsk String
- Default PSK to use if cloud WLC is not available, 8-63 characters
- defaultVlan StringId 
- enabled Boolean
- forceLookup Boolean
- When 11r is enabled, we'll try to use the cached PMK, this can be disabled. falsemeans auto
- source String
- enum: cloud_psks,radius
- defaultPsk string
- Default PSK to use if cloud WLC is not available, 8-63 characters
- defaultVlan stringId 
- enabled boolean
- forceLookup boolean
- When 11r is enabled, we'll try to use the cached PMK, this can be disabled. falsemeans auto
- source string
- enum: cloud_psks,radius
- default_psk str
- Default PSK to use if cloud WLC is not available, 8-63 characters
- default_vlan_ strid 
- enabled bool
- force_lookup bool
- When 11r is enabled, we'll try to use the cached PMK, this can be disabled. falsemeans auto
- source str
- enum: cloud_psks,radius
- defaultPsk String
- Default PSK to use if cloud WLC is not available, 8-63 characters
- defaultVlan StringId 
- enabled Boolean
- forceLookup Boolean
- When 11r is enabled, we'll try to use the cached PMK, this can be disabled. falsemeans auto
- source String
- enum: cloud_psks,radius
GetWlansOrgWlanDynamicVlan     
- DefaultVlan List<string>Ids 
- Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- Enabled bool
- Requires vlan_enabled==trueto be set totrue. Whether to enable dynamic vlan
- LocalVlan List<string>Ids 
- VLAN_ids to be locally bridged
- Type string
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum: airespace-interface-name,standard
- Vlans Dictionary<string, string>
- Map between vlan_id (as string) to airespace interface names (comma-separated) or null for standard mapping- if dynamic_vlan.type==standard, property key is the Vlan ID and property value is ""
- if dynamic_vlan.type==airespace-interface-name, property key is the Vlan ID and property value is the Airespace Interface Name
 
- if 
- DefaultVlan []stringIds 
- Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- Enabled bool
- Requires vlan_enabled==trueto be set totrue. Whether to enable dynamic vlan
- LocalVlan []stringIds 
- VLAN_ids to be locally bridged
- Type string
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum: airespace-interface-name,standard
- Vlans map[string]string
- Map between vlan_id (as string) to airespace interface names (comma-separated) or null for standard mapping- if dynamic_vlan.type==standard, property key is the Vlan ID and property value is ""
- if dynamic_vlan.type==airespace-interface-name, property key is the Vlan ID and property value is the Airespace Interface Name
 
- if 
- defaultVlan List<String>Ids 
- Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- enabled Boolean
- Requires vlan_enabled==trueto be set totrue. Whether to enable dynamic vlan
- localVlan List<String>Ids 
- VLAN_ids to be locally bridged
- type String
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum: airespace-interface-name,standard
- vlans Map<String,String>
- Map between vlan_id (as string) to airespace interface names (comma-separated) or null for standard mapping- if dynamic_vlan.type==standard, property key is the Vlan ID and property value is ""
- if dynamic_vlan.type==airespace-interface-name, property key is the Vlan ID and property value is the Airespace Interface Name
 
- if 
- defaultVlan string[]Ids 
- Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- enabled boolean
- Requires vlan_enabled==trueto be set totrue. Whether to enable dynamic vlan
- localVlan string[]Ids 
- VLAN_ids to be locally bridged
- type string
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum: airespace-interface-name,standard
- vlans {[key: string]: string}
- Map between vlan_id (as string) to airespace interface names (comma-separated) or null for standard mapping- if dynamic_vlan.type==standard, property key is the Vlan ID and property value is ""
- if dynamic_vlan.type==airespace-interface-name, property key is the Vlan ID and property value is the Airespace Interface Name
 
- if 
- default_vlan_ Sequence[str]ids 
- Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- enabled bool
- Requires vlan_enabled==trueto be set totrue. Whether to enable dynamic vlan
- local_vlan_ Sequence[str]ids 
- VLAN_ids to be locally bridged
- type str
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum: airespace-interface-name,standard
- vlans Mapping[str, str]
- Map between vlan_id (as string) to airespace interface names (comma-separated) or null for standard mapping- if dynamic_vlan.type==standard, property key is the Vlan ID and property value is ""
- if dynamic_vlan.type==airespace-interface-name, property key is the Vlan ID and property value is the Airespace Interface Name
 
- if 
- defaultVlan List<String>Ids 
- Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
- enabled Boolean
- Requires vlan_enabled==trueto be set totrue. Whether to enable dynamic vlan
- localVlan List<String>Ids 
- VLAN_ids to be locally bridged
- type String
- standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum: airespace-interface-name,standard
- vlans Map<String>
- Map between vlan_id (as string) to airespace interface names (comma-separated) or null for standard mapping- if dynamic_vlan.type==standard, property key is the Vlan ID and property value is ""
- if dynamic_vlan.type==airespace-interface-name, property key is the Vlan ID and property value is the Airespace Interface Name
 
- if 
GetWlansOrgWlanHotspot20    
- domain_names Sequence[str]
- enabled bool
- Whether to enable hotspot 2.0 config
- nai_realms Sequence[str]
- operators Sequence[str]
- List of operators to support
- rcois Sequence[str]
- venue_name str
- Venue name, default is site name
GetWlansOrgWlanInjectDhcpOption82      
- CircuitId string
- Information to set in the circuit_idfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
 
- Enabled bool
- Whether to inject option 82 when forwarding DHCP packets
- CircuitId string
- Information to set in the circuit_idfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
 
- Enabled bool
- Whether to inject option 82 when forwarding DHCP packets
- circuitId String
- Information to set in the circuit_idfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
 
- enabled Boolean
- Whether to inject option 82 when forwarding DHCP packets
- circuitId string
- Information to set in the circuit_idfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
 
- enabled boolean
- Whether to inject option 82 when forwarding DHCP packets
- circuit_id str
- Information to set in the circuit_idfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
 
- enabled bool
- Whether to inject option 82 when forwarding DHCP packets
- circuitId String
- Information to set in the circuit_idfield of the DHCP Option 82. It is possible to use static string or the following variables (e.g.{{SSID}}:{{AP_MAC}}):- {{AP_MAC}}
- {{AP_MAC_DASHED}}
- {{AP_MODEL}}
- {{AP_NAME}}
- {{SITE_NAME}}
- {{SSID}}
 
- enabled Boolean
- Whether to inject option 82 when forwarding DHCP packets
GetWlansOrgWlanMistNac     
- Enabled bool
- When enabled:- auth_serversis ignored
- acct_serversis ignored
- auth_servers_*are ignored
- coa_serversis ignored
- radsecis ignored
- coa_enabledis assumed
 
- Enabled bool
- When enabled:- auth_serversis ignored
- acct_serversis ignored
- auth_servers_*are ignored
- coa_serversis ignored
- radsecis ignored
- coa_enabledis assumed
 
- enabled Boolean
- When enabled:- auth_serversis ignored
- acct_serversis ignored
- auth_servers_*are ignored
- coa_serversis ignored
- radsecis ignored
- coa_enabledis assumed
 
- enabled boolean
- When enabled:- auth_serversis ignored
- acct_serversis ignored
- auth_servers_*are ignored
- coa_serversis ignored
- radsecis ignored
- coa_enabledis assumed
 
- enabled bool
- When enabled:- auth_serversis ignored
- acct_serversis ignored
- auth_servers_*are ignored
- coa_serversis ignored
- radsecis ignored
- coa_enabledis assumed
 
- enabled Boolean
- When enabled:- auth_serversis ignored
- acct_serversis ignored
- auth_servers_*are ignored
- coa_serversis ignored
- radsecis ignored
- coa_enabledis assumed
 
GetWlansOrgWlanPortal    
- AllowWlan boolId Roam 
- Optional if amazon_enabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable random_mac for seamless roaming)
- AmazonClient stringId 
- Optional if amazon_enabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
- AmazonClient stringSecret 
- Optional if amazon_enabled==true. Amazon OAuth2 client secret. If amazon_client_id was provided, provide a corresponding value. Else leave blank.
- AmazonEmail List<string>Domains 
- Optional if amazon_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- AmazonEnabled bool
- Whether amazon is enabled as a login method
- AmazonExpire int
- Optional if amazon_enabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
- Auth string
- authentication scheme. enum: amazon,azure,email,external,facebook,google,microsoft,multi,none,password,sms,sponsor,sso
- AzureClient stringId 
- Required if azure_enabled==true. Azure active directory app client id
- AzureClient stringSecret 
- Required if azure_enabled==true. Azure active directory app client secret
- AzureEnabled bool
- Whether Azure Active Directory is enabled as a login method
- AzureExpire int
- Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- AzureTenant stringId 
- Required if azure_enabled==true. Azure active directory tenant id.
- BroadnetPassword string
- Required if sms_provider==broadnet
- BroadnetSid string
- Required if sms_provider==broadnet
- BroadnetUser stringId 
- Required if sms_provider==broadnet
- BypassWhen boolCloud Down 
- Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- ClickatellApi stringKey 
- Required if sms_provider==clickatell
- CrossSite bool
- Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming)
- EmailEnabled bool
- Whether email (access code verification) is enabled as a login method
- Enabled bool
- Whether guest portal is enabled
- Expire int
- How long to remain authorized, in minutes
- ExternalPortal stringUrl 
- Required if wlan_portal_auth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
- FacebookClient stringId 
- Required if facebook_enabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
- FacebookClient stringSecret 
- Required if facebook_enabled==true. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a corresponding value. Else leave blank.
- FacebookEmail List<string>Domains 
- Optional if facebook_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- FacebookEnabled bool
- Whether facebook is enabled as a login method
- FacebookExpire int
- Optional if facebook_enabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
- Forward bool
- Whether to forward the user to another URL after authorized
- ForwardUrl string
- URL to forward the user to
- GoogleClient stringId 
- Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- GoogleClient stringSecret 
- Optional if google_enabled==true. Google OAuth2 app secret. If google_client_id was provided, provide a corresponding value. Else leave blank.
- GoogleEmail List<string>Domains 
- Optional if google_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- GoogleEnabled bool
- Whether Google is enabled as login method
- GoogleExpire int
- Optional if google_enabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
- GupshupPassword string
- Required if sms_provider==gupshup
- GupshupUserid string
- Required if sms_provider==gupshup
- MicrosoftClient stringId 
- Optional if microsoft_enabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
- MicrosoftClient stringSecret 
- Optional if microsoft_enabled==true. Microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a corresponding value. Else leave blank.
- MicrosoftEmail List<string>Domains 
- Optional if microsoft_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- MicrosoftEnabled bool
- Whether microsoft 365 is enabled as a login method
- MicrosoftExpire int
- Optional if microsoft_enabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
- PassphraseEnabled bool
- Whether password is enabled
- PassphraseExpire int
- Optional if passphrase_enabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire
- Password string
- Required if passphrase_enabled==true.
- PredefinedSponsors boolEnabled 
- Whether to show list of sponsor emails mentioned in sponsorsobject as a dropdown. If bothsponsor_notify_allandpredefined_sponsors_enabledare false, behaviour is acc tosponsor_email_domains
- PredefinedSponsors boolHide Email 
- Whether to hide sponsor’s email from list of sponsors
- Privacy bool
- PuzzelPassword string
- Required if sms_provider==puzzel
- PuzzelService stringId 
- Required if sms_provider==puzzel
- PuzzelUsername string
- Required if sms_provider==puzzel
- SmsEnabled bool
- Whether sms is enabled as a login method
- SmsExpire int
- Optional if sms_enabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
- SmsMessage stringFormat 
- Optional if sms_enabled==true. SMS Message format
- SmsProvider string
- Optioanl if sms_enabled==true. enum:broadnet,clickatell,gupshup,manual,puzzel,telstra,twilio
- SponsorAuto boolApprove 
- Optional if sponsor_enabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
- SponsorEmail List<string>Domains 
- List of domain allowed for sponsor email. Required if sponsor_enabledistrueandsponsorsis empty.
- SponsorEnabled bool
- Whether sponsor is enabled
- SponsorExpire int
- Optional if sponsor_enabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
- SponsorLink stringValidity Duration 
- SponsorNotify boolAll 
- Optional if sponsor_enabled==true. whether to notify all sponsors that are mentioned insponsorsobject. Bothsponsor_notify_allandpredefined_sponsors_enabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
- SponsorStatus boolNotify 
- Optional if sponsor_enabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
- Sponsors Dictionary<string, string>
- object of allowed sponsors email with name. Required if sponsor_enabledistrueandsponsor_email_domainsis empty.Property key is the sponsor email, Property value is the sponsor name
- SsoDefault stringRole 
- Optional if wlan_portal_auth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- SsoForced stringRole 
- Optional if wlan_portal_auth==sso
- SsoIdp stringCert 
- Required if wlan_portal_auth==sso. IDP Cert (used to verify the signed response)
- SsoIdp stringSign Algo 
- Optioanl if wlan_portal_auth==sso, Signing algorithm for SAML Assertion. enum:sha1,sha256,sha384,sha512
- SsoIdp stringSso Url 
- Required if wlan_portal_auth==sso, IDP Single-Sign-On URL
- SsoIssuer string
- Required if wlan_portal_auth==sso, IDP issuer URL
- SsoNameid stringFormat 
- Optional if wlan_portal_auth==sso. enum:email,unspecified
- TelstraClient stringId 
- Required if sms_provider==telstra, Client ID provided by Telstra
- TelstraClient stringSecret 
- Required if sms_provider==telstra, Client secret provided by Telstra
- TwilioAuth stringToken 
- Required if sms_provider==twilio, Auth token account with twilio account
- TwilioPhone stringNumber 
- Required if sms_provider==twilio, Twilio phone number associated with the account. See example for accepted format.
- TwilioSid string
- Required if sms_provider==twilio, Account SID provided by Twilio
- AllowWlan boolId Roam 
- Optional if amazon_enabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable random_mac for seamless roaming)
- AmazonClient stringId 
- Optional if amazon_enabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
- AmazonClient stringSecret 
- Optional if amazon_enabled==true. Amazon OAuth2 client secret. If amazon_client_id was provided, provide a corresponding value. Else leave blank.
- AmazonEmail []stringDomains 
- Optional if amazon_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- AmazonEnabled bool
- Whether amazon is enabled as a login method
- AmazonExpire int
- Optional if amazon_enabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
- Auth string
- authentication scheme. enum: amazon,azure,email,external,facebook,google,microsoft,multi,none,password,sms,sponsor,sso
- AzureClient stringId 
- Required if azure_enabled==true. Azure active directory app client id
- AzureClient stringSecret 
- Required if azure_enabled==true. Azure active directory app client secret
- AzureEnabled bool
- Whether Azure Active Directory is enabled as a login method
- AzureExpire int
- Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- AzureTenant stringId 
- Required if azure_enabled==true. Azure active directory tenant id.
- BroadnetPassword string
- Required if sms_provider==broadnet
- BroadnetSid string
- Required if sms_provider==broadnet
- BroadnetUser stringId 
- Required if sms_provider==broadnet
- BypassWhen boolCloud Down 
- Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- ClickatellApi stringKey 
- Required if sms_provider==clickatell
- CrossSite bool
- Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming)
- EmailEnabled bool
- Whether email (access code verification) is enabled as a login method
- Enabled bool
- Whether guest portal is enabled
- Expire int
- How long to remain authorized, in minutes
- ExternalPortal stringUrl 
- Required if wlan_portal_auth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
- FacebookClient stringId 
- Required if facebook_enabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
- FacebookClient stringSecret 
- Required if facebook_enabled==true. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a corresponding value. Else leave blank.
- FacebookEmail []stringDomains 
- Optional if facebook_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- FacebookEnabled bool
- Whether facebook is enabled as a login method
- FacebookExpire int
- Optional if facebook_enabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
- Forward bool
- Whether to forward the user to another URL after authorized
- ForwardUrl string
- URL to forward the user to
- GoogleClient stringId 
- Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- GoogleClient stringSecret 
- Optional if google_enabled==true. Google OAuth2 app secret. If google_client_id was provided, provide a corresponding value. Else leave blank.
- GoogleEmail []stringDomains 
- Optional if google_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- GoogleEnabled bool
- Whether Google is enabled as login method
- GoogleExpire int
- Optional if google_enabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
- GupshupPassword string
- Required if sms_provider==gupshup
- GupshupUserid string
- Required if sms_provider==gupshup
- MicrosoftClient stringId 
- Optional if microsoft_enabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
- MicrosoftClient stringSecret 
- Optional if microsoft_enabled==true. Microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a corresponding value. Else leave blank.
- MicrosoftEmail []stringDomains 
- Optional if microsoft_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- MicrosoftEnabled bool
- Whether microsoft 365 is enabled as a login method
- MicrosoftExpire int
- Optional if microsoft_enabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
- PassphraseEnabled bool
- Whether password is enabled
- PassphraseExpire int
- Optional if passphrase_enabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire
- Password string
- Required if passphrase_enabled==true.
- PredefinedSponsors boolEnabled 
- Whether to show list of sponsor emails mentioned in sponsorsobject as a dropdown. If bothsponsor_notify_allandpredefined_sponsors_enabledare false, behaviour is acc tosponsor_email_domains
- PredefinedSponsors boolHide Email 
- Whether to hide sponsor’s email from list of sponsors
- Privacy bool
- PuzzelPassword string
- Required if sms_provider==puzzel
- PuzzelService stringId 
- Required if sms_provider==puzzel
- PuzzelUsername string
- Required if sms_provider==puzzel
- SmsEnabled bool
- Whether sms is enabled as a login method
- SmsExpire int
- Optional if sms_enabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
- SmsMessage stringFormat 
- Optional if sms_enabled==true. SMS Message format
- SmsProvider string
- Optioanl if sms_enabled==true. enum:broadnet,clickatell,gupshup,manual,puzzel,telstra,twilio
- SponsorAuto boolApprove 
- Optional if sponsor_enabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
- SponsorEmail []stringDomains 
- List of domain allowed for sponsor email. Required if sponsor_enabledistrueandsponsorsis empty.
- SponsorEnabled bool
- Whether sponsor is enabled
- SponsorExpire int
- Optional if sponsor_enabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
- SponsorLink stringValidity Duration 
- SponsorNotify boolAll 
- Optional if sponsor_enabled==true. whether to notify all sponsors that are mentioned insponsorsobject. Bothsponsor_notify_allandpredefined_sponsors_enabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
- SponsorStatus boolNotify 
- Optional if sponsor_enabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
- Sponsors map[string]string
- object of allowed sponsors email with name. Required if sponsor_enabledistrueandsponsor_email_domainsis empty.Property key is the sponsor email, Property value is the sponsor name
- SsoDefault stringRole 
- Optional if wlan_portal_auth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- SsoForced stringRole 
- Optional if wlan_portal_auth==sso
- SsoIdp stringCert 
- Required if wlan_portal_auth==sso. IDP Cert (used to verify the signed response)
- SsoIdp stringSign Algo 
- Optioanl if wlan_portal_auth==sso, Signing algorithm for SAML Assertion. enum:sha1,sha256,sha384,sha512
- SsoIdp stringSso Url 
- Required if wlan_portal_auth==sso, IDP Single-Sign-On URL
- SsoIssuer string
- Required if wlan_portal_auth==sso, IDP issuer URL
- SsoNameid stringFormat 
- Optional if wlan_portal_auth==sso. enum:email,unspecified
- TelstraClient stringId 
- Required if sms_provider==telstra, Client ID provided by Telstra
- TelstraClient stringSecret 
- Required if sms_provider==telstra, Client secret provided by Telstra
- TwilioAuth stringToken 
- Required if sms_provider==twilio, Auth token account with twilio account
- TwilioPhone stringNumber 
- Required if sms_provider==twilio, Twilio phone number associated with the account. See example for accepted format.
- TwilioSid string
- Required if sms_provider==twilio, Account SID provided by Twilio
- allowWlan BooleanId Roam 
- Optional if amazon_enabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable random_mac for seamless roaming)
- amazonClient StringId 
- Optional if amazon_enabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
- amazonClient StringSecret 
- Optional if amazon_enabled==true. Amazon OAuth2 client secret. If amazon_client_id was provided, provide a corresponding value. Else leave blank.
- amazonEmail List<String>Domains 
- Optional if amazon_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- amazonEnabled Boolean
- Whether amazon is enabled as a login method
- amazonExpire Integer
- Optional if amazon_enabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
- auth String
- authentication scheme. enum: amazon,azure,email,external,facebook,google,microsoft,multi,none,password,sms,sponsor,sso
- azureClient StringId 
- Required if azure_enabled==true. Azure active directory app client id
- azureClient StringSecret 
- Required if azure_enabled==true. Azure active directory app client secret
- azureEnabled Boolean
- Whether Azure Active Directory is enabled as a login method
- azureExpire Integer
- Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azureTenant StringId 
- Required if azure_enabled==true. Azure active directory tenant id.
- broadnetPassword String
- Required if sms_provider==broadnet
- broadnetSid String
- Required if sms_provider==broadnet
- broadnetUser StringId 
- Required if sms_provider==broadnet
- bypassWhen BooleanCloud Down 
- Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatellApi StringKey 
- Required if sms_provider==clickatell
- crossSite Boolean
- Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming)
- emailEnabled Boolean
- Whether email (access code verification) is enabled as a login method
- enabled Boolean
- Whether guest portal is enabled
- expire Integer
- How long to remain authorized, in minutes
- externalPortal StringUrl 
- Required if wlan_portal_auth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
- facebookClient StringId 
- Required if facebook_enabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
- facebookClient StringSecret 
- Required if facebook_enabled==true. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a corresponding value. Else leave blank.
- facebookEmail List<String>Domains 
- Optional if facebook_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- facebookEnabled Boolean
- Whether facebook is enabled as a login method
- facebookExpire Integer
- Optional if facebook_enabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
- forward Boolean
- Whether to forward the user to another URL after authorized
- forwardUrl String
- URL to forward the user to
- googleClient StringId 
- Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- googleClient StringSecret 
- Optional if google_enabled==true. Google OAuth2 app secret. If google_client_id was provided, provide a corresponding value. Else leave blank.
- googleEmail List<String>Domains 
- Optional if google_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- googleEnabled Boolean
- Whether Google is enabled as login method
- googleExpire Integer
- Optional if google_enabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
- gupshupPassword String
- Required if sms_provider==gupshup
- gupshupUserid String
- Required if sms_provider==gupshup
- microsoftClient StringId 
- Optional if microsoft_enabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
- microsoftClient StringSecret 
- Optional if microsoft_enabled==true. Microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a corresponding value. Else leave blank.
- microsoftEmail List<String>Domains 
- Optional if microsoft_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- microsoftEnabled Boolean
- Whether microsoft 365 is enabled as a login method
- microsoftExpire Integer
- Optional if microsoft_enabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
- passphraseEnabled Boolean
- Whether password is enabled
- passphraseExpire Integer
- Optional if passphrase_enabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire
- password String
- Required if passphrase_enabled==true.
- predefinedSponsors BooleanEnabled 
- Whether to show list of sponsor emails mentioned in sponsorsobject as a dropdown. If bothsponsor_notify_allandpredefined_sponsors_enabledare false, behaviour is acc tosponsor_email_domains
- predefinedSponsors BooleanHide Email 
- Whether to hide sponsor’s email from list of sponsors
- privacy Boolean
- puzzelPassword String
- Required if sms_provider==puzzel
- puzzelService StringId 
- Required if sms_provider==puzzel
- puzzelUsername String
- Required if sms_provider==puzzel
- smsEnabled Boolean
- Whether sms is enabled as a login method
- smsExpire Integer
- Optional if sms_enabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
- smsMessage StringFormat 
- Optional if sms_enabled==true. SMS Message format
- smsProvider String
- Optioanl if sms_enabled==true. enum:broadnet,clickatell,gupshup,manual,puzzel,telstra,twilio
- sponsorAuto BooleanApprove 
- Optional if sponsor_enabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
- sponsorEmail List<String>Domains 
- List of domain allowed for sponsor email. Required if sponsor_enabledistrueandsponsorsis empty.
- sponsorEnabled Boolean
- Whether sponsor is enabled
- sponsorExpire Integer
- Optional if sponsor_enabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
- sponsorLink StringValidity Duration 
- sponsorNotify BooleanAll 
- Optional if sponsor_enabled==true. whether to notify all sponsors that are mentioned insponsorsobject. Bothsponsor_notify_allandpredefined_sponsors_enabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
- sponsorStatus BooleanNotify 
- Optional if sponsor_enabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
- sponsors Map<String,String>
- object of allowed sponsors email with name. Required if sponsor_enabledistrueandsponsor_email_domainsis empty.Property key is the sponsor email, Property value is the sponsor name
- ssoDefault StringRole 
- Optional if wlan_portal_auth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- ssoForced StringRole 
- Optional if wlan_portal_auth==sso
- ssoIdp StringCert 
- Required if wlan_portal_auth==sso. IDP Cert (used to verify the signed response)
- ssoIdp StringSign Algo 
- Optioanl if wlan_portal_auth==sso, Signing algorithm for SAML Assertion. enum:sha1,sha256,sha384,sha512
- ssoIdp StringSso Url 
- Required if wlan_portal_auth==sso, IDP Single-Sign-On URL
- ssoIssuer String
- Required if wlan_portal_auth==sso, IDP issuer URL
- ssoNameid StringFormat 
- Optional if wlan_portal_auth==sso. enum:email,unspecified
- telstraClient StringId 
- Required if sms_provider==telstra, Client ID provided by Telstra
- telstraClient StringSecret 
- Required if sms_provider==telstra, Client secret provided by Telstra
- twilioAuth StringToken 
- Required if sms_provider==twilio, Auth token account with twilio account
- twilioPhone StringNumber 
- Required if sms_provider==twilio, Twilio phone number associated with the account. See example for accepted format.
- twilioSid String
- Required if sms_provider==twilio, Account SID provided by Twilio
- allowWlan booleanId Roam 
- Optional if amazon_enabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable random_mac for seamless roaming)
- amazonClient stringId 
- Optional if amazon_enabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
- amazonClient stringSecret 
- Optional if amazon_enabled==true. Amazon OAuth2 client secret. If amazon_client_id was provided, provide a corresponding value. Else leave blank.
- amazonEmail string[]Domains 
- Optional if amazon_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- amazonEnabled boolean
- Whether amazon is enabled as a login method
- amazonExpire number
- Optional if amazon_enabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
- auth string
- authentication scheme. enum: amazon,azure,email,external,facebook,google,microsoft,multi,none,password,sms,sponsor,sso
- azureClient stringId 
- Required if azure_enabled==true. Azure active directory app client id
- azureClient stringSecret 
- Required if azure_enabled==true. Azure active directory app client secret
- azureEnabled boolean
- Whether Azure Active Directory is enabled as a login method
- azureExpire number
- Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azureTenant stringId 
- Required if azure_enabled==true. Azure active directory tenant id.
- broadnetPassword string
- Required if sms_provider==broadnet
- broadnetSid string
- Required if sms_provider==broadnet
- broadnetUser stringId 
- Required if sms_provider==broadnet
- bypassWhen booleanCloud Down 
- Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatellApi stringKey 
- Required if sms_provider==clickatell
- crossSite boolean
- Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming)
- emailEnabled boolean
- Whether email (access code verification) is enabled as a login method
- enabled boolean
- Whether guest portal is enabled
- expire number
- How long to remain authorized, in minutes
- externalPortal stringUrl 
- Required if wlan_portal_auth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
- facebookClient stringId 
- Required if facebook_enabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
- facebookClient stringSecret 
- Required if facebook_enabled==true. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a corresponding value. Else leave blank.
- facebookEmail string[]Domains 
- Optional if facebook_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- facebookEnabled boolean
- Whether facebook is enabled as a login method
- facebookExpire number
- Optional if facebook_enabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
- forward boolean
- Whether to forward the user to another URL after authorized
- forwardUrl string
- URL to forward the user to
- googleClient stringId 
- Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- googleClient stringSecret 
- Optional if google_enabled==true. Google OAuth2 app secret. If google_client_id was provided, provide a corresponding value. Else leave blank.
- googleEmail string[]Domains 
- Optional if google_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- googleEnabled boolean
- Whether Google is enabled as login method
- googleExpire number
- Optional if google_enabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
- gupshupPassword string
- Required if sms_provider==gupshup
- gupshupUserid string
- Required if sms_provider==gupshup
- microsoftClient stringId 
- Optional if microsoft_enabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
- microsoftClient stringSecret 
- Optional if microsoft_enabled==true. Microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a corresponding value. Else leave blank.
- microsoftEmail string[]Domains 
- Optional if microsoft_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- microsoftEnabled boolean
- Whether microsoft 365 is enabled as a login method
- microsoftExpire number
- Optional if microsoft_enabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
- passphraseEnabled boolean
- Whether password is enabled
- passphraseExpire number
- Optional if passphrase_enabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire
- password string
- Required if passphrase_enabled==true.
- predefinedSponsors booleanEnabled 
- Whether to show list of sponsor emails mentioned in sponsorsobject as a dropdown. If bothsponsor_notify_allandpredefined_sponsors_enabledare false, behaviour is acc tosponsor_email_domains
- predefinedSponsors booleanHide Email 
- Whether to hide sponsor’s email from list of sponsors
- privacy boolean
- puzzelPassword string
- Required if sms_provider==puzzel
- puzzelService stringId 
- Required if sms_provider==puzzel
- puzzelUsername string
- Required if sms_provider==puzzel
- smsEnabled boolean
- Whether sms is enabled as a login method
- smsExpire number
- Optional if sms_enabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
- smsMessage stringFormat 
- Optional if sms_enabled==true. SMS Message format
- smsProvider string
- Optioanl if sms_enabled==true. enum:broadnet,clickatell,gupshup,manual,puzzel,telstra,twilio
- sponsorAuto booleanApprove 
- Optional if sponsor_enabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
- sponsorEmail string[]Domains 
- List of domain allowed for sponsor email. Required if sponsor_enabledistrueandsponsorsis empty.
- sponsorEnabled boolean
- Whether sponsor is enabled
- sponsorExpire number
- Optional if sponsor_enabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
- sponsorLink stringValidity Duration 
- sponsorNotify booleanAll 
- Optional if sponsor_enabled==true. whether to notify all sponsors that are mentioned insponsorsobject. Bothsponsor_notify_allandpredefined_sponsors_enabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
- sponsorStatus booleanNotify 
- Optional if sponsor_enabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
- sponsors {[key: string]: string}
- object of allowed sponsors email with name. Required if sponsor_enabledistrueandsponsor_email_domainsis empty.Property key is the sponsor email, Property value is the sponsor name
- ssoDefault stringRole 
- Optional if wlan_portal_auth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- ssoForced stringRole 
- Optional if wlan_portal_auth==sso
- ssoIdp stringCert 
- Required if wlan_portal_auth==sso. IDP Cert (used to verify the signed response)
- ssoIdp stringSign Algo 
- Optioanl if wlan_portal_auth==sso, Signing algorithm for SAML Assertion. enum:sha1,sha256,sha384,sha512
- ssoIdp stringSso Url 
- Required if wlan_portal_auth==sso, IDP Single-Sign-On URL
- ssoIssuer string
- Required if wlan_portal_auth==sso, IDP issuer URL
- ssoNameid stringFormat 
- Optional if wlan_portal_auth==sso. enum:email,unspecified
- telstraClient stringId 
- Required if sms_provider==telstra, Client ID provided by Telstra
- telstraClient stringSecret 
- Required if sms_provider==telstra, Client secret provided by Telstra
- twilioAuth stringToken 
- Required if sms_provider==twilio, Auth token account with twilio account
- twilioPhone stringNumber 
- Required if sms_provider==twilio, Twilio phone number associated with the account. See example for accepted format.
- twilioSid string
- Required if sms_provider==twilio, Account SID provided by Twilio
- allow_wlan_ boolid_ roam 
- Optional if amazon_enabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable random_mac for seamless roaming)
- amazon_client_ strid 
- Optional if amazon_enabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
- amazon_client_ strsecret 
- Optional if amazon_enabled==true. Amazon OAuth2 client secret. If amazon_client_id was provided, provide a corresponding value. Else leave blank.
- amazon_email_ Sequence[str]domains 
- Optional if amazon_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- amazon_enabled bool
- Whether amazon is enabled as a login method
- amazon_expire int
- Optional if amazon_enabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
- auth str
- authentication scheme. enum: amazon,azure,email,external,facebook,google,microsoft,multi,none,password,sms,sponsor,sso
- azure_client_ strid 
- Required if azure_enabled==true. Azure active directory app client id
- azure_client_ strsecret 
- Required if azure_enabled==true. Azure active directory app client secret
- azure_enabled bool
- Whether Azure Active Directory is enabled as a login method
- azure_expire int
- Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azure_tenant_ strid 
- Required if azure_enabled==true. Azure active directory tenant id.
- broadnet_password str
- Required if sms_provider==broadnet
- broadnet_sid str
- Required if sms_provider==broadnet
- broadnet_user_ strid 
- Required if sms_provider==broadnet
- bypass_when_ boolcloud_ down 
- Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatell_api_ strkey 
- Required if sms_provider==clickatell
- cross_site bool
- Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming)
- email_enabled bool
- Whether email (access code verification) is enabled as a login method
- enabled bool
- Whether guest portal is enabled
- expire int
- How long to remain authorized, in minutes
- external_portal_ strurl 
- Required if wlan_portal_auth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
- facebook_client_ strid 
- Required if facebook_enabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
- facebook_client_ strsecret 
- Required if facebook_enabled==true. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a corresponding value. Else leave blank.
- facebook_email_ Sequence[str]domains 
- Optional if facebook_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- facebook_enabled bool
- Whether facebook is enabled as a login method
- facebook_expire int
- Optional if facebook_enabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
- forward bool
- Whether to forward the user to another URL after authorized
- forward_url str
- URL to forward the user to
- google_client_ strid 
- Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- google_client_ strsecret 
- Optional if google_enabled==true. Google OAuth2 app secret. If google_client_id was provided, provide a corresponding value. Else leave blank.
- google_email_ Sequence[str]domains 
- Optional if google_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- google_enabled bool
- Whether Google is enabled as login method
- google_expire int
- Optional if google_enabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
- gupshup_password str
- Required if sms_provider==gupshup
- gupshup_userid str
- Required if sms_provider==gupshup
- microsoft_client_ strid 
- Optional if microsoft_enabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
- microsoft_client_ strsecret 
- Optional if microsoft_enabled==true. Microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a corresponding value. Else leave blank.
- microsoft_email_ Sequence[str]domains 
- Optional if microsoft_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- microsoft_enabled bool
- Whether microsoft 365 is enabled as a login method
- microsoft_expire int
- Optional if microsoft_enabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
- passphrase_enabled bool
- Whether password is enabled
- passphrase_expire int
- Optional if passphrase_enabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire
- password str
- Required if passphrase_enabled==true.
- predefined_sponsors_ boolenabled 
- Whether to show list of sponsor emails mentioned in sponsorsobject as a dropdown. If bothsponsor_notify_allandpredefined_sponsors_enabledare false, behaviour is acc tosponsor_email_domains
- predefined_sponsors_ boolhide_ email 
- Whether to hide sponsor’s email from list of sponsors
- privacy bool
- puzzel_password str
- Required if sms_provider==puzzel
- puzzel_service_ strid 
- Required if sms_provider==puzzel
- puzzel_username str
- Required if sms_provider==puzzel
- sms_enabled bool
- Whether sms is enabled as a login method
- sms_expire int
- Optional if sms_enabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
- sms_message_ strformat 
- Optional if sms_enabled==true. SMS Message format
- sms_provider str
- Optioanl if sms_enabled==true. enum:broadnet,clickatell,gupshup,manual,puzzel,telstra,twilio
- sponsor_auto_ boolapprove 
- Optional if sponsor_enabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
- sponsor_email_ Sequence[str]domains 
- List of domain allowed for sponsor email. Required if sponsor_enabledistrueandsponsorsis empty.
- sponsor_enabled bool
- Whether sponsor is enabled
- sponsor_expire int
- Optional if sponsor_enabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
- sponsor_link_ strvalidity_ duration 
- sponsor_notify_ boolall 
- Optional if sponsor_enabled==true. whether to notify all sponsors that are mentioned insponsorsobject. Bothsponsor_notify_allandpredefined_sponsors_enabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
- sponsor_status_ boolnotify 
- Optional if sponsor_enabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
- sponsors Mapping[str, str]
- object of allowed sponsors email with name. Required if sponsor_enabledistrueandsponsor_email_domainsis empty.Property key is the sponsor email, Property value is the sponsor name
- sso_default_ strrole 
- Optional if wlan_portal_auth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- sso_forced_ strrole 
- Optional if wlan_portal_auth==sso
- sso_idp_ strcert 
- Required if wlan_portal_auth==sso. IDP Cert (used to verify the signed response)
- sso_idp_ strsign_ algo 
- Optioanl if wlan_portal_auth==sso, Signing algorithm for SAML Assertion. enum:sha1,sha256,sha384,sha512
- sso_idp_ strsso_ url 
- Required if wlan_portal_auth==sso, IDP Single-Sign-On URL
- sso_issuer str
- Required if wlan_portal_auth==sso, IDP issuer URL
- sso_nameid_ strformat 
- Optional if wlan_portal_auth==sso. enum:email,unspecified
- telstra_client_ strid 
- Required if sms_provider==telstra, Client ID provided by Telstra
- telstra_client_ strsecret 
- Required if sms_provider==telstra, Client secret provided by Telstra
- twilio_auth_ strtoken 
- Required if sms_provider==twilio, Auth token account with twilio account
- twilio_phone_ strnumber 
- Required if sms_provider==twilio, Twilio phone number associated with the account. See example for accepted format.
- twilio_sid str
- Required if sms_provider==twilio, Account SID provided by Twilio
- allowWlan BooleanId Roam 
- Optional if amazon_enabled==true. Whether to allow guest to connect to other Guest WLANs (with differentWLAN.ssid) of same org without reauthentication (disable random_mac for seamless roaming)
- amazonClient StringId 
- Optional if amazon_enabled==true. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
- amazonClient StringSecret 
- Optional if amazon_enabled==true. Amazon OAuth2 client secret. If amazon_client_id was provided, provide a corresponding value. Else leave blank.
- amazonEmail List<String>Domains 
- Optional if amazon_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- amazonEnabled Boolean
- Whether amazon is enabled as a login method
- amazonExpire Number
- Optional if amazon_enabled==true. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
- auth String
- authentication scheme. enum: amazon,azure,email,external,facebook,google,microsoft,multi,none,password,sms,sponsor,sso
- azureClient StringId 
- Required if azure_enabled==true. Azure active directory app client id
- azureClient StringSecret 
- Required if azure_enabled==true. Azure active directory app client secret
- azureEnabled Boolean
- Whether Azure Active Directory is enabled as a login method
- azureExpire Number
- Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
- azureTenant StringId 
- Required if azure_enabled==true. Azure active directory tenant id.
- broadnetPassword String
- Required if sms_provider==broadnet
- broadnetSid String
- Required if sms_provider==broadnet
- broadnetUser StringId 
- Required if sms_provider==broadnet
- bypassWhen BooleanCloud Down 
- Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
- clickatellApi StringKey 
- Required if sms_provider==clickatell
- crossSite Boolean
- Whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication (disable random_mac for seamless roaming)
- emailEnabled Boolean
- Whether email (access code verification) is enabled as a login method
- enabled Boolean
- Whether guest portal is enabled
- expire Number
- How long to remain authorized, in minutes
- externalPortal StringUrl 
- Required if wlan_portal_auth==external. External portal URL (e.g. https://host/url) where we can append our query parameters to
- facebookClient StringId 
- Required if facebook_enabled==true. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
- facebookClient StringSecret 
- Required if facebook_enabled==true. Facebook OAuth2 app secret. If facebook_client_id was provided, provide a corresponding value. Else leave blank.
- facebookEmail List<String>Domains 
- Optional if facebook_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- facebookEnabled Boolean
- Whether facebook is enabled as a login method
- facebookExpire Number
- Optional if facebook_enabled==true. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
- forward Boolean
- Whether to forward the user to another URL after authorized
- forwardUrl String
- URL to forward the user to
- googleClient StringId 
- Google OAuth2 app id. This is optional. If not provided, it will use a default one.
- googleClient StringSecret 
- Optional if google_enabled==true. Google OAuth2 app secret. If google_client_id was provided, provide a corresponding value. Else leave blank.
- googleEmail List<String>Domains 
- Optional if google_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- googleEnabled Boolean
- Whether Google is enabled as login method
- googleExpire Number
- Optional if google_enabled==true. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
- gupshupPassword String
- Required if sms_provider==gupshup
- gupshupUserid String
- Required if sms_provider==gupshup
- microsoftClient StringId 
- Optional if microsoft_enabled==true. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
- microsoftClient StringSecret 
- Optional if microsoft_enabled==true. Microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a corresponding value. Else leave blank.
- microsoftEmail List<String>Domains 
- Optional if microsoft_enabled==true. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
- microsoftEnabled Boolean
- Whether microsoft 365 is enabled as a login method
- microsoftExpire Number
- Optional if microsoft_enabled==true. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
- passphraseEnabled Boolean
- Whether password is enabled
- passphraseExpire Number
- Optional if passphrase_enabled==true. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, usesexpire
- password String
- Required if passphrase_enabled==true.
- predefinedSponsors BooleanEnabled 
- Whether to show list of sponsor emails mentioned in sponsorsobject as a dropdown. If bothsponsor_notify_allandpredefined_sponsors_enabledare false, behaviour is acc tosponsor_email_domains
- predefinedSponsors BooleanHide Email 
- Whether to hide sponsor’s email from list of sponsors
- privacy Boolean
- puzzelPassword String
- Required if sms_provider==puzzel
- puzzelService StringId 
- Required if sms_provider==puzzel
- puzzelUsername String
- Required if sms_provider==puzzel
- smsEnabled Boolean
- Whether sms is enabled as a login method
- smsExpire Number
- Optional if sms_enabled==true. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
- smsMessage StringFormat 
- Optional if sms_enabled==true. SMS Message format
- smsProvider String
- Optioanl if sms_enabled==true. enum:broadnet,clickatell,gupshup,manual,puzzel,telstra,twilio
- sponsorAuto BooleanApprove 
- Optional if sponsor_enabled==true. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
- sponsorEmail List<String>Domains 
- List of domain allowed for sponsor email. Required if sponsor_enabledistrueandsponsorsis empty.
- sponsorEnabled Boolean
- Whether sponsor is enabled
- sponsorExpire Number
- Optional if sponsor_enabled==true. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
- sponsorLink StringValidity Duration 
- sponsorNotify BooleanAll 
- Optional if sponsor_enabled==true. whether to notify all sponsors that are mentioned insponsorsobject. Bothsponsor_notify_allandpredefined_sponsors_enabledshould be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
- sponsorStatus BooleanNotify 
- Optional if sponsor_enabled==true. If enabled, guest will get email about sponsor's action (approve/deny)
- sponsors Map<String>
- object of allowed sponsors email with name. Required if sponsor_enabledistrueandsponsor_email_domainsis empty.Property key is the sponsor email, Property value is the sponsor name
- ssoDefault StringRole 
- Optional if wlan_portal_auth==sso, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- ssoForced StringRole 
- Optional if wlan_portal_auth==sso
- ssoIdp StringCert 
- Required if wlan_portal_auth==sso. IDP Cert (used to verify the signed response)
- ssoIdp StringSign Algo 
- Optioanl if wlan_portal_auth==sso, Signing algorithm for SAML Assertion. enum:sha1,sha256,sha384,sha512
- ssoIdp StringSso Url 
- Required if wlan_portal_auth==sso, IDP Single-Sign-On URL
- ssoIssuer String
- Required if wlan_portal_auth==sso, IDP issuer URL
- ssoNameid StringFormat 
- Optional if wlan_portal_auth==sso. enum:email,unspecified
- telstraClient StringId 
- Required if sms_provider==telstra, Client ID provided by Telstra
- telstraClient StringSecret 
- Required if sms_provider==telstra, Client secret provided by Telstra
- twilioAuth StringToken 
- Required if sms_provider==twilio, Auth token account with twilio account
- twilioPhone StringNumber 
- Required if sms_provider==twilio, Twilio phone number associated with the account. See example for accepted format.
- twilioSid String
- Required if sms_provider==twilio, Account SID provided by Twilio
GetWlansOrgWlanQos    
GetWlansOrgWlanRadsec    
- CoaEnabled bool
- Enabled bool
- IdleTimeout string
- MxclusterIds List<string>
- To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- ProxyHosts List<string>
- Default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts. Whenradsec.proxy_hostsare not used, tunnel peers (org or site mxedges) are used irrespective ofuse_site_mxedge
- ServerName string
- Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- Servers
List<Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Radsec Server> 
- List of RadSec Servers. Only if not Mist Edge.
- UseMxedge bool
- use mxedge(s) as RadSec Proxy
- UseSite boolMxedge 
- To use Site mxedges when this WLAN does not use mxtunnel
- CoaEnabled bool
- Enabled bool
- IdleTimeout string
- MxclusterIds []string
- To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- ProxyHosts []string
- Default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts. Whenradsec.proxy_hostsare not used, tunnel peers (org or site mxedges) are used irrespective ofuse_site_mxedge
- ServerName string
- Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- Servers
[]GetWlans Org Wlan Radsec Server 
- List of RadSec Servers. Only if not Mist Edge.
- UseMxedge bool
- use mxedge(s) as RadSec Proxy
- UseSite boolMxedge 
- To use Site mxedges when this WLAN does not use mxtunnel
- coaEnabled Boolean
- enabled Boolean
- idleTimeout String
- mxclusterIds List<String>
- To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- proxyHosts List<String>
- Default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts. Whenradsec.proxy_hostsare not used, tunnel peers (org or site mxedges) are used irrespective ofuse_site_mxedge
- serverName String
- Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- servers
List<GetWlans Org Wlan Radsec Server> 
- List of RadSec Servers. Only if not Mist Edge.
- useMxedge Boolean
- use mxedge(s) as RadSec Proxy
- useSite BooleanMxedge 
- To use Site mxedges when this WLAN does not use mxtunnel
- coaEnabled boolean
- enabled boolean
- idleTimeout string
- mxclusterIds string[]
- To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- proxyHosts string[]
- Default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts. Whenradsec.proxy_hostsare not used, tunnel peers (org or site mxedges) are used irrespective ofuse_site_mxedge
- serverName string
- Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- servers
GetWlans Org Wlan Radsec Server[] 
- List of RadSec Servers. Only if not Mist Edge.
- useMxedge boolean
- use mxedge(s) as RadSec Proxy
- useSite booleanMxedge 
- To use Site mxedges when this WLAN does not use mxtunnel
- coa_enabled bool
- enabled bool
- idle_timeout str
- mxcluster_ids Sequence[str]
- To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- proxy_hosts Sequence[str]
- Default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts. Whenradsec.proxy_hostsare not used, tunnel peers (org or site mxedges) are used irrespective ofuse_site_mxedge
- server_name str
- Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- servers
Sequence[GetWlans Org Wlan Radsec Server] 
- List of RadSec Servers. Only if not Mist Edge.
- use_mxedge bool
- use mxedge(s) as RadSec Proxy
- use_site_ boolmxedge 
- To use Site mxedges when this WLAN does not use mxtunnel
- coaEnabled Boolean
- enabled Boolean
- idleTimeout String
- mxclusterIds List<String>
- To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
- proxyHosts List<String>
- Default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts. Whenradsec.proxy_hostsare not used, tunnel peers (org or site mxedges) are used irrespective ofuse_site_mxedge
- serverName String
- Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
- servers List<Property Map>
- List of RadSec Servers. Only if not Mist Edge.
- useMxedge Boolean
- use mxedge(s) as RadSec Proxy
- useSite BooleanMxedge 
- To use Site mxedges when this WLAN does not use mxtunnel
GetWlansOrgWlanRadsecServer     
GetWlansOrgWlanRateset    
- Eht string
- If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
- He string
- If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
- Ht string
- If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
- Legacies List<string>
- If template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values
- MinRssi int
- Minimum RSSI for client to connect, 0 means not enforcing
- Template string
- Data Rates template to apply. enum:- no-legacy: no 11b
- compatible: all, like before, default setting that Broadcom/Atheros used
- legacy-only: disable 802.11n and 802.11ac
- high-density: no 11b, no low rates
- custom: user defined
 
- Vht string
- If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- Eht string
- If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
- He string
- If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
- Ht string
- If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
- Legacies []string
- If template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values
- MinRssi int
- Minimum RSSI for client to connect, 0 means not enforcing
- Template string
- Data Rates template to apply. enum:- no-legacy: no 11b
- compatible: all, like before, default setting that Broadcom/Atheros used
- legacy-only: disable 802.11n and 802.11ac
- high-density: no 11b, no low rates
- custom: user defined
 
- Vht string
- If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht String
- If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
- he String
- If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
- ht String
- If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
- legacies List<String>
- If template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values
- minRssi Integer
- Minimum RSSI for client to connect, 0 means not enforcing
- template String
- Data Rates template to apply. enum:- no-legacy: no 11b
- compatible: all, like before, default setting that Broadcom/Atheros used
- legacy-only: disable 802.11n and 802.11ac
- high-density: no 11b, no low rates
- custom: user defined
 
- vht String
- If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht string
- If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
- he string
- If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
- ht string
- If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
- legacies string[]
- If template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values
- minRssi number
- Minimum RSSI for client to connect, 0 means not enforcing
- template string
- Data Rates template to apply. enum:- no-legacy: no 11b
- compatible: all, like before, default setting that Broadcom/Atheros used
- legacy-only: disable 802.11n and 802.11ac
- high-density: no 11b, no low rates
- custom: user defined
 
- vht string
- If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht str
- If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
- he str
- If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
- ht str
- If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
- legacies Sequence[str]
- If template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values
- min_rssi int
- Minimum RSSI for client to connect, 0 means not enforcing
- template str
- Data Rates template to apply. enum:- no-legacy: no 11b
- compatible: all, like before, default setting that Broadcom/Atheros used
- legacy-only: disable 802.11n and 802.11ac
- high-density: no 11b, no low rates
- custom: user defined
 
- vht str
- If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
- eht String
- If template==custom. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
- he String
- If template==custom. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
- ht String
- If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
- legacies List<String>
- If template==custom. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. Iftemplate==customis configured and legacy does not define at least one basic rate, it will useno-legacydefault values
- minRssi Number
- Minimum RSSI for client to connect, 0 means not enforcing
- template String
- Data Rates template to apply. enum:- no-legacy: no 11b
- compatible: all, like before, default setting that Broadcom/Atheros used
- legacy-only: disable 802.11n and 802.11ac
- high-density: no 11b, no low rates
- custom: user defined
 
- vht String
- If template==custom. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
GetWlansOrgWlanSchedule    
- Enabled bool
- Hours
Pulumi.Juniper Mist. Org. Inputs. Get Wlans Org Wlan Schedule Hours 
- Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
- Enabled bool
- Hours
GetWlans Org Wlan Schedule Hours 
- Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
- enabled Boolean
- hours
GetWlans Org Wlan Schedule Hours 
- Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
- enabled boolean
- hours
GetWlans Org Wlan Schedule Hours 
- Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
- enabled bool
- hours
GetWlans Org Wlan Schedule Hours 
- Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
- enabled Boolean
- hours Property Map
- Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
GetWlansOrgWlanScheduleHours     
- Fri string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Mon string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Sat string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Sun string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Thu string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Tue string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Wed string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Fri string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Mon string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Sat string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Sun string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Thu string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Tue string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- Wed string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- fri String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- mon String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- sat String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- sun String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- thu String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- tue String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- wed String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- fri string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- mon string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- sat string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- sun string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- thu string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- tue string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- wed string
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- fri str
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- mon str
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- sat str
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- sun str
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- thu str
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- tue str
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- wed str
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- fri String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- mon String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- sat String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- sun String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- thu String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- tue String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
- wed String
- Hour range of the day (e.g. 09:00-17:00). If the hour is not defined then it's treated as 00:00-23:59.
Package Details
- Repository
- junipermist pulumi/pulumi-junipermist
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the mistTerraform Provider.
