createSiteWlan
POST https://{{host}}/api/v1/sites/:site_id/wlans
Body Parameters
| Parameter | Type | Description |
|---|
| ssid | string | the name of the SSID |
| enabled | boolean | if this wlan is enabled, default is True |
| auth | object | authentication/security policies |
| type | string | open / psk / wep / eap / psk-tkip / psk-wpa2-tkip, default is open |
| pairwise | list | when type=psk / eap, one of more of wpa2-ccmp / wpa1-tkip / wpa1-ccmp / wpa2-tkip, default is [wpa2-ccmp] |
| psk | string | when type=psk, 8-64 characters, or 64 hex characters |
| wepassecondary_auth | boolean | enable WEP as secondary auth |
| keys | list | when type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length |
| key_idx | int | when type=wep, 1 to 4, default is 1 |
| multipskonly | boolean | whether to only use multi_psk, default is false |
| private_wlan | boolean | whether private wlan is enabled. only applicable to multi_psk mode |
| enablemacauth | boolean | whether to enable MAC Auth, uses the same auth_servers, default is false |
| eap_reauth | boolean | whether to trigger EAP reauth when the session ends, default is false |
| roam_mode | string | none (default) / OKC / 11r |
| apply_to | string | site / wxtags / aps |
| wxtag_ids | list | list of wxtag_ids |
| ap_ids | list | list of device ids |
| bands | string | which radio the wlan should apply to, both (default) / 24 / 5 |
| band_steer | boolean | whether to enable band_steering, this works only when band==both, default is false |
| bandsteerforce_band5 | boolean | force dual-band capable client to connect to 5G, default is false |
| isolation | boolean | whether to allow clients to talk to each other, defualt is false |
| l2_isolation | boolean | if isolation is enabled, whether to deny clients to talk to L2 on the LAN, default is false |
| arp_filter | boolean | whether to enable smart arp filter, default is false |
| limit_bcast | boolean | whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through), default is false |
| allow_mdns | boolean | only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through, default is false |
| allow_ssdp | boolean | only applicable when limit_bcast==true, which allows SSDP, default is false |
| allowipv6ndp | boolean | only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through, default is true |
| nostaticip | boolean | whether to only allow client that we've learned from DHCP exchange to talk, default is false |
| nostaticdns | boolean | whether to only allow client to use DNS that we've learned from DHCP response, default is false |
| enablewirelessbridging | boolean | whether to enable wireless bridging, which allows more broadcast packets to go through |
| blockblacklistclients | boolean | whether to block the clients in the blacklist (up to first 256 macs) |
| vlan_enabled | boolean | if vlan tagging is enabled, default is false |
| vlan_id | int | Jan-94 |
| vlan_pooling | boolean | vlan pooling allows AP to place client on different VLAN using a deterministic algorithm, default is false |
| vlan_ids | list | list of VLAN ids |
| hide_ssid | boolean | whether to hide SSID in beacon, default is false |
| schedule | object | WLAN operating schedule, default is disabled |
| hours | object | time ranges, the key is mon / tue / wed / thu / fri / sat / sun, the value is time range in HH:MM-HH:MM (24-hour format), the minimum resolution is 30 minute |
| max_idletime | int | max idle time in seconds, default is 1800. valid range is 60-86400 |
| sle_excluded | boolean | whether to exclude this WLAN from SLE metrics, default is false |
| disablev1roam_notify | boolean | disable sending v1 roam notification messages |
| disablev2roam_notify | boolean | disable sending v2 roam notification messages |
NOTE: specifically, enablewirelessbridging allows forwarding of DHCP response to client not associated with the AP
RADIUS Parameters
| Parameter | Type | Description |
|---|
| Name | Type | Description |
| authserversnas_id | string | optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers |
| authserversnas_ip | string | optional, NAS-IP-ADDRESS to use |
| authserverstimeout | int | radius auth session timeout, default is 5 |
| authserversretries | int | radius auth session retries, default is 2 |
| auth_servers | list | list of RADIUS authentication servers, at least one is needed if auth type == eap, order matters where the first one is treated as primary |
| host | string | ip / hostname of RADIUS server |
| port | int | port of RADIUS server, default is 1812 for auth server and 1813 for acct server |
| secret | string | secret of RADIUS server |
| acct_servers | list | list of RADIUS accounting servers, optional, order matters where the first one is treated as primary |
| acctinteriminterval | int | how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled |
| coa_server | object | COA (change of authorization) server, optional |
| disableeventtimestamp_check | boolean | whether to disable Event-Timestamp Check, which is used to replay-protection, default is false (i.e. for better security) |
| dynamic_vlan | object | for 802.1x |
| enabled | boolean | whether to enable dynamic vlan, default is false |
| type | string | standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco) |
| vlans | object | map between vlan_id (as string) to airespace interface names (comma-separated) or null for stndard mapping |
| defaultvlanid | int | vlan_id to use when there's no match from RADIUS, default is 999 |
| localvlanids | list | vlan_ids to be locally bridged |
| radsec | object | RadSec related, once enabled, authservers / acctservers / coa_server will be ignored |
| server_name | string | name of the server to verify (against the cacerts in Org Setting) |
| dnsserverrewrite | object | for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns) |
| radius_groups | object | map between radius_group and the desired DNS server (IPv4 only) |
| dynamic_psk | object | for dynamic PSK where we get per-user PSK from Radius / Cloud WLC |
| default_psk | string | default PSK to use if cloud WLC is not available, 8-63 characters |
Airwatch Parameters
| Parameter | Type | Description |
|---|
| airwatch | object | Airwatch related |
| console_url | string | console URL |
| api_key | string | API Key |
| username | string | username |
| password | string | password |
Cisco CWA Parameters
Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA (https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html).
| Parameter | Type | Description |
|---|
| cisco_cwa | object | Cisco CWA Related |
| enabled | boolean | whether to enable CWA, |
| allowed_subnets | list | list of CIDRs |
| allowed_hostnames | list | list of hostnames without http(s):// (matched by substring) |
QoS Parameters
| Parameter | Type | Description |
|---|
| overwrite | boolean | whether to overwrite QoS |
| class | string | background / best_effort (default) / video / voice |
Bonjour Parameters
Note: bonjour settings supercedes allow_mdns
| Parameter | Type | Description |
|---|
| bonjour | object | bonjour-related |
| enabled | boolean | whether to enable bonjour for this WLAN, default is false. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false |
| services | object | what services are allowed |
| scope | string | how bonjour services should be discovered for the same WLAN, samesite (default) / samemap / same_ap |
| radius_groups | list | optional, if the service is further restricted for certain RADIUS groups |
| additionalvlanids | list | additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses |
Hostpot 2.0 Parameters
| Parameter | Type | Description |
|---|
| hotspot20 | object | hotspot 2.0 |
| enabled | boolean | whether to enable hotspot 2.0 config |
| operators | list | list of operators to support, options: att, google, tmobile, charter, boingo, default is att |
| venue_name | string | venue name, default is site name |
Data Tunnels Parameters
| Parameter | Type | Description |
|---|
| interface | string | where this WLAN will be connected to. all (all external ports, default) / eth0 / eth1 / wxtunnel / mxtunnel / site_mxedge |
| wxtunnel_id | string | when interface=wxtunnel, id of the WXLAN Tunnel |
| wxtunnelremoteid | string | when interface=wxtunnel, remote tunnel identifier |
| mxtunnel_id | string | when interface=mxtunnel, id of the Mist Tunnel |
| mxtunnel_name | string | when interface=site_medge, name of the mxtunnel that in mxtunnels under Site Setting, default is default |
| mxtunnel | object | when interface=site_medge, the definition of the Mist Tunnels (key is the name) |
Others Parameters
| Parameter | Type | Description |
|---|
| dtim | int | dtim, default is 2 |
| disable_wmm | boolean | whether to disable WMM, default is false |
| disable_uapsd | boolean | whether to disable U-APSD, default is false |
| useeapolv1 | boolean | if auth.type=='eap' or 'psk', should only be set for legacy client, such as pre-2004, 802.11b devices |
| legacy_overds | boolean | legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn't support it). Warning! Enabling this will cause problem for iOS devices. |
| hostname_ie | boolean | include hostname inside IE in AP beacons / probe responses, default is false |
| enablelocalkeycaching | boolean | enable AP-AP keycaching via multicast, default is false |
Data Rates Parameters
| Parameter | Type | Description |
|---|
| rateset | object | rateset (data rates to support) |
| min_rssi | int | Minimum RSSI for client to connect, 0 means not enforcing |
| template | string | no-legacy (basically no 11b and only supports 6 or 12 and up for 11a/g) / compatible (allow more, the default for now) / high-density (only 11n and 11ac) / custom / legacy-only (disable HT/VHT IEs) |
| legacy | list | list of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If template=custom is configured and legacy does not define at least one basic rate, it will use no-legacy default values |
| ht | string | MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g.'00ff 00f0 001f'limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) |
| vht | string | MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g.'03ff 01ff 00ff'limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams. |
| disable_11ax | boolean | some old WLAN drivers may not be compatible , default is false |
Rate Limit Parameters
| Parameter | Type | Description |
|---|
| wlanlimitup_enabled | boolean | if uplink limiting for whole wlan is enabled, default is false |
| wlanlimitup | int | kbps |
| wlanlimitdown_enabled | boolean | if downlink limiting for whole wlan is enabled, default is false |
| wlanlimitdown | int | kbps |
| clientlimitup_enabled | boolean | if uplink limiting per-client is enabled, default is false |
| clientlimitup | int | kbps |
| clientlimitdown_enabled | boolean | if downlink limiting per-client is enabled, default is false |
| clientlimitdown | int | kbps |
| app_limit | object | bandwidth limiting for apps (applies to up/down) |
| apps | object | map from app key to bandwidth in kbps. app key defined in'Get Application List |
| wxtag_ids | object | map from wxtag_id of Hostname Wxlan Tags to bandwidth in kbps |
Guest Portal Parameters
| Name | Type | Description |
|---|
portal | object | portal-related configurations |
enabled | boolean | whether guest portal is enabled, default is false |
auth | string | authentication scheme, none (default, supporting multi auth) / external (external portal) / sso |
forward | boolean | whether to forward the user to another URL after authorized, default is false, this takes precedence |
forward_url | string | the URL to forward the user to |
external_portal_url | string | external portal URL (e.g. https://host/url) where we can append our query parameters to |
privacy | boolean | if enabled, personal information will not be stored (email, name, fields*), default is false |
password | string | passphrase |
passphrase_expire | long | interval for which guest remains authorized using passphrase auth (in minutes), default is none, if not provided, uses expire |
sms_enabled | boolean | when auth=multi, whether sms is enabled |
sms_expire | long | interval for which guest remains authorized using sms auth (in minutes), default is none, if not provided, uses expire |
passphrase_enabled | boolean | whether password is enabled |
facebook_enabled | boolean | whether facebook is enabled as a login method |
facebook_client_id | string | facebook OAuth2 app id. This is mandatory, if facebook_enabled is true |
facebook_client_secret | string | facebook OAuth2 app secret. This is mandatory, if facebook_enabled is true |
facebook_email_domains | list | Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. |
facebook_expire | long | interval for which guest remains authorized using facebook auth (in minutes), default is none, if not provided, uses expire |
google_enabled | boolean | whether google is enabled as login method |
google_email_domains | list | Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. |
google_expire | long | interval for which guest remains authorized using google auth (in minutes), default is none, if not provided, uses expire |
amazon_enabled | boolean | whether amazon is enabled as a login method |
amazon_client_id | string | amazon OAuth2 client id. This is optional. If not provided, it will use a default one. |
amazon_client_secret | string | amazon OAuth2 client secret. If amazon_client_id was provided, provide a correspoinding value. Else leave blank. |
amazon_email_domains | list | Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. |
amazon_expire | long | interval for which guest remains authorized using amazon auth (in minutes), default is none, if not provided, uses expire |
microsoft_enabled | boolean | whether microsoft 365 is enabled as a login method |
microsoft_client_id | string | microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. |
microsoft_client_secret | string | microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a correspoinding value. Else leave blank. |
microsoft_email_domains | list | Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. |
microsoft_expire | long | interval for which guest remains authorized using microsoft auth (in minutes), default is none, if not provided, uses expire |
azure_enabled | boolean | whether Azure Active Directory is enabled as a login method |
azure_tenant_id | string | azure active directory tenant id. This is mandatory if azure_enabled is true. |
azure_client_id | string | azure active directory app client id.This is mandatory if azure_enabled is true. |
azure_client_secret | string | azure active directory app client secret. This is mandatory if azure_enabled is true. |
azure_expire | long | interval for which guest remains authorized using azure auth (in minutes), default is none, if not provided, uses expire |
sms_enabled | boolean | whether sms is enabled as a login method |
email_enabled | boolean | whether email (access code verification) is enabled as a login method |
email_expire | long | interval for which guest remains authorized using email auth (in minutes), default is none, if not provided, uses expire |
sms_provider | string | how the sms is routed. choices are manual, twilio,broadnet,clickatell, puzzel, gupshup, telstra. default is manual, where user has to select carrier. |
twilio_sid | string | Account SID provided by Twilio |
twilio_auth_token | string | Auth token account with twilio account |
twilio_phone_number | string | Twilio phone number associated with the account. See example for accepted format. |
broadnet_user_id | string | User name supplied by BroadNet |
broadnet_password | string | Password supplied by BroadNet |
broadnet_sid | string | Sender Id for BroadNet (default is ‘MIST’) |
clickatell_api_key | string | API key provided by Clickatell |
puzzel_service_id | string | Service ID provided by Puzzel |
puzzel_username | string | Username provided by Puzzel |
puzzel_password | string | Password provided by Puzzel |
gupshup_userid | string | User id provided by Gupshup |
gupshup_password | string | Password provided by Gupshup |
telstra_client_id | string | Client ID provided by Telstra |
telstra_client_secret | string | Client secret provided by Telstra |
expire | long | how long to remain authorized, in minutes, default is 1440 (24 hours) |
sponsor_enabled | boolean | whether sponsor is enabled |
sponsor_email_domains | list | list of domain allowed for sponsor email. Required if sponsor_enabled is true and sponsors is empty. |
sponsors | object | object of allowed sponsors email with name. Required if sponsor_enabled is true and sponsor_email_domains is empty. |
sponsor_link_validity_duration | int | how long to remain valid sponsored guest request approve/deny link received in email, in minutes, default is 60 minutes, min is 5 minutes and max is 60 minutes. |
sponsor_notify_all | boolean | whether to notify all sponsors that are mentioned in sponsors object. Both sponsor_notify_all and predefined_sponsors_enabled should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. |
predefined_sponsors_enabled | boolean | whether to show list of sponsor emails mentioned in sponsors object as a dropdown. If both sponsor_notify_all and predefined_sponsors_enabled are false, behaviour is acc to sponsor_email_domains |
sponsor_auto_approve | boolean | whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled |
predefined_sponsors_hide_email | boolean | whether to hide sponsor’s email from list of sponsors, default is false |
sponsor_status_notify | boolean | whether to notify guest about sponsor’s status via email |
sponsor_expire | long | interval for which guest remains authorized using sponsor auth (in minutes), default is none, if not provided, uses expire |
portal_api_secret | string | api secret (auto-generated) that can be used to sign guest authorization requests |
portal_image | string | Url of portal background image |
thumbnail | string | Url of portal background image thumbnail |
portal_allowed_subnets | list | list of CIDRs |
portal_allowed_hostnames | list | list of hostnames without http(s):// (matched by substring) |
portal_denied_hostnames | list | list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames |
bypass_when_cloud_down | boolean | whether to bypass the guest portal when cloud not reachable (and apply the default policies), default is false |
sso_issuer | string | IDP issuer URL |
sso_idp_cert | string | IDP Cert (used to verify the signed response) |
sso_idp_sso_url | string | IDP Single-Sign-On URL |
sso_idp_sign_algo | string | signing algorithm for SAML Assertion |
sso_nameid_format | string | email (default) / unspecified |
sso_default_role | string | default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched |
portal_sso_url | string | for SAML, this is used as the ACS URL |
cross_site | boolean | whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication. default is false. (disable random_mac for seamless roaming) |
Request Body
{"ssid"=>"corporate", "enabled"=>true, "auth"=>{"type"=>"psk", "psk"=>"foryoureyesonly", "enable_mac_auth"=>false, "multi_psk_only"=>false, "pairwise"=>["wpa1-ccmp", "wpa2-tkip", "wpa1-tkip", "wpa2-ccmp", "wpa3"], "wep_as_secondary_auth"=>false, "keys"=>["1234567890", nil, "0987654321", nil], "key_idx"=>1, "eap_reauth"=>false, "owe"=>"enabled", "private_wlan"=>true, "anticlog_threshold"=>16}, "dynamic_psk"=>{"enabled"=>true, "source"=>"radius", "default_vlan_id"=>999, "default_psk"=>"foryoureyesonly", "force_lookup"=>false}, "roam_mode"=>"none", "auth_servers_nas_id"=>"5c5b350e0101-nas", "auth_servers_nas_ip"=>"15.3.1.5", "auth_servers_timeout"=>5, "auth_servers_retries"=>3, "auth_server_selection"=>"ordered", "auth_servers"=>[{"host"=>"1.2.3.4", "port"=>1812, "secret"=>"testing123"}, {"host"=>"radius.internal", "port"=>1812, "secret"=>"testing123"}, {"host"=>"radius2", "port"=>1812, "secret"=>"testing123", "keywrap_enabled"=>true, "keywrap_format"=>"hex", "keywrap_kek"=>"1122334455", "keywrap_mack"=>"1122334455"}], "acct_servers"=>[{"host"=>"1.2.3.4", "port"=>1812, "secret"=>"testing123"}, {"host"=>"radius2", "port"=>1812, "secret"=>"testing123", "keywrap_enabled"=>true, "keywrap_format"=>"hex", "keywrap_kek"=>"1122334455", "keywrap_mack"=>"1122334455"}], "acct_interim_interval"=>0, "dynamic_vlan"=>{"enabled"=>true, "type"=>"airespace-interface-name", "vlans"=>[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, "default", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, "fast,video"], "default_vlan_id"=>999}, "dns_server_rewrite"=>{"enabled"=>true, "radius_groups"=>{"contractor"=>"172.1.1.1", "guest"=>"8.8.8.8"}}, "coa_servers"=>[{"enabled"=>false, "ip"=>"1.2.3.4", "port"=>3799, "secret"=>"testing456", "disable_event_timestamp_check"=>false}], "radsec"=>{"enabled"=>true, "server_name"=>"radsec.abc.com", "servers"=>[{"host"=>"1.1.1.1", "port"=>1812}, {"host"=>"radsec", "port"=>1812}], "idle_timeout"=>60, "use_mxedge"=>true, "coa_enabled"=>true, "mxcluster_ids"=>["572586b7-f97b-a22b-526c-8b97a3f609c4"], "use_site_mxedge"=>false, "proxy_hosts"=>["mxedge1.local"]}, "mist_nac"=>{"enabled"=>true}, "airwatch"=>{"enabled"=>true, "console_url"=>"https://hs1.airwatchportals.com", "api_key"=>"aHhlbGxvYXNkZmFzZGZhc2Rmc2RmCg==", "username"=>"user1", "password"=>"test123"}, "cisco_cwa"=>{"enabled"=>false, "allowed_subnets"=>["63.5.3.0/24"], "blocked_subnets"=>["192.168.0.0/16", "172.16.0.0/12"], "allowed_hostnames"=>["snapchat.com", "ibm.com"]}, "band"=>"24", "bands"=>["24", "5", "6"], "band_steer"=>true, "band_steer_force_band5"=>true, "rateset"=>[nil, nil, nil, nil, nil, {"min_rssi"=>-70, "template"=>"custom", "legacy"=>["6", "9", "12", "18", "24b", "36", "48", "54"], "ht"=>"00ff00ff00ff", "vht"=>"03ff03ff03ff01ff"}, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, {"min_rssi"=>0, "template"=>"default", "legacy"=>["1", "2b", "5.5", "11", "6", "9", "12", "18", "24", "36", "48", "54"], "ht"=>"00ff00ff00ff"}], "disable_ht_vht_rates"=>true, "disable_11ax"=>false, "interface"=>"site_mxedge", "vlan_enabled"=>false, "vlan_id"=>3, "vlan_pooling"=>false, "vlan_ids"=>[3, 4, 5], "wxtunnel_id"=>"7dae216d-7c98-a51b-e068-dd7d477b7216", "wxtunnel_remote_id"=>"wifiguest", "mxtunnel_ids"=>["08cd7499-5841-51c8-e663-fb16b6f3b45e"], "mxtunnel_names"=>["default"], "hide_ssid"=>false, "dtim"=>2, "disable_wmm"=>false, "disable_uapsd"=>false, "use_eapol_v1"=>false, "legacy_overds"=>false, "hostname_ie"=>false, "enable_local_keycaching"=>true, "isolation"=>false, "l2_isolation"=>false, "arp_filter"=>true, "limit_bcast"=>false, "allow_mdns"=>false, "allow_ssdp"=>false, "allow_ipv6_ndp"=>true, "no_static_ip"=>false, "no_static_dns"=>false, "limit_probe_response"=>false, "enable_wireless_bridging"=>false, "enable_wireless_bridging_dhcp_tracking"=>false, "block_blacklist_clients"=>false, "apply_to"=>"site", "wlan_limit_up_enabled"=>true, "wlan_limit_up"=>10240, "wlan_limit_down_enabled"=>true, "wlan_limit_down"=>20480, "client_limit_up_enabled"=>true, "client_limit_up"=>512, "client_limit_down_enabled"=>true, "client_limit_down"=>1024, "schedule"=>{"enabled"=>true, "hours"=>{"mon"=>"09:00-17:00", "fri"=>"09:00-17:00"}}, "qos"=>{"overwrite"=>true, "class"=>"best_effort"}, "app_limit"=>{"enabled"=>true, "apps"=>{"netflix"=>60, "dropbox"=>300}, "wxtag_ids"=>{"f99862d9-2726-931f-7559-3dfdf5d070d3"=>30}}, "app_qos"=>{"enabled"=>true, "apps"=>{"skype-business-voice"=>{"dscp"=>46}, "skype-business-video"=>{"dscp"=>32, "src_subnet"=>"10.2.0.0/16", "dst_subnet"=>"10.2.0.0/16"}}, "others"=>[{"protocol"=>"udp", "src_subnet"=>"10.2.0.0/16", "dst_subnet"=>"10.2.0.0/16", "port_ranges"=>"80,1024-65535", "dscp"=>32}]}, "bonjour"=>{"enabled"=>true, "services"=>{"airprint"=>{"scope"=>"same_map"}, "airplay"=>{"scope"=>"same_ap", "radius_groups"=>["teachers"]}}, "additional_vlan_ids"=>[80], "disable_local"=>false}, "hotspot20"=>{"enabled"=>true, "operators"=>["google", "att"], "venue_name"=>"some_name", "domain_name"=>["mist.com"], "rcoi"=>["5A03BA0000"], "nai_realms"=>[{"id"=>"mistsys.com", "eap_type"=>"tls"}]}, "inject_dhcp_option_82"=>{"enabled"=>true, "circuit_id"=>"{{SSID}}:{{AP_MAC}}"}, "max_idletime"=>1800, "sle_excluded"=>false, "disable_v1_roam_notify"=>true, "disable_v2_roam_notify"=>false, "portal"=>{"enabled"=>true, "auth"=>"sso", "sso_issuer"=>"https://app.onelogin.com/saml/metadata/138130", "sso_idp_cert"=>"-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----", "sso_idp_sign_algo"=>"sha256", "sso_idp_sso_url"=>"https://yourorg.onelogin.com/trust/saml2/http-post/sso/138130", "sso_nameid_format"=>"email", "sso_forced_role"=>"desired", "sso_default_role"=>"guest"}, "portal_template_url"=>"https://......", "portal_image"=>"https://url/to/image.png", "thumbnail"=>"https://url/to/image.png", "portal_api_secret"=>"EIfPMOykI3lMlDdNPub2WcbqT6dNOtWwmYHAd6bY", "portal_sso_url"=>"https://portal.mist.com/saml/be22bba7-8e22-e1cf-5185-b880816fe2cf/login", "portal_allowed_subnets"=>["63.5.3.0/24"], "portal_allowed_hostnames"=>["snapchat.com", "ibm.com"], "portal_denied_hostnames"=>["msg.snapchat.com"]}
| Key | Datatype | Required | Description |
|---|
Accept | string | | |
X-CSRFToken | string | | |
Content-Type | string | | |