createSiteWlan

POST https://{{host}}/api/v1/sites/:site_id/wlans

Body Parameters

ParameterTypeDescription
ssidstringthe name of the SSID
enabledbooleanif this wlan is enabled, default is True
authobjectauthentication/security policies
typestringopen / psk / wep / eap / psk-tkip / psk-wpa2-tkip, default is open
pairwiselistwhen type=psk / eap, one of more of wpa2-ccmp / wpa1-tkip / wpa1-ccmp / wpa2-tkip, default is [wpa2-ccmp]
pskstringwhen type=psk, 8-64 characters, or 64 hex characters
wepassecondary_authbooleanenable WEP as secondary auth
keyslistwhen type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
key_idxintwhen type=wep, 1 to 4, default is 1
multipskonlybooleanwhether to only use multi_psk, default is false
private_wlanbooleanwhether private wlan is enabled. only applicable to multi_psk mode
enablemacauthbooleanwhether to enable MAC Auth, uses the same auth_servers, default is false
eap_reauthbooleanwhether to trigger EAP reauth when the session ends, default is false
roam_modestringnone (default) / OKC / 11r
apply_tostringsite / wxtags / aps
wxtag_idslistlist of wxtag_ids
ap_idslistlist of device ids
bandsstringwhich radio the wlan should apply to, both (default) / 24 / 5
band_steerbooleanwhether to enable band_steering, this works only when band==both, default is false
bandsteerforce_band5booleanforce dual-band capable client to connect to 5G, default is false
isolationbooleanwhether to allow clients to talk to each other, defualt is false
l2_isolationbooleanif isolation is enabled, whether to deny clients to talk to L2 on the LAN, default is false
arp_filterbooleanwhether to enable smart arp filter, default is false
limit_bcastbooleanwhether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through), default is false
allow_mdnsbooleanonly applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through, default is false
allow_ssdpbooleanonly applicable when limit_bcast==true, which allows SSDP, default is false
allowipv6ndpbooleanonly applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through, default is true
nostaticipbooleanwhether to only allow client that we've learned from DHCP exchange to talk, default is false
nostaticdnsbooleanwhether to only allow client to use DNS that we've learned from DHCP response, default is false
enablewirelessbridgingbooleanwhether to enable wireless bridging, which allows more broadcast packets to go through
blockblacklistclientsbooleanwhether to block the clients in the blacklist (up to first 256 macs)
vlan_enabledbooleanif vlan tagging is enabled, default is false
vlan_idintJan-94
vlan_poolingbooleanvlan pooling allows AP to place client on different VLAN using a deterministic algorithm, default is false
vlan_idslistlist of VLAN ids
hide_ssidbooleanwhether to hide SSID in beacon, default is false
scheduleobjectWLAN operating schedule, default is disabled
hoursobjecttime ranges, the key is mon / tue / wed / thu / fri / sat / sun, the value is time range in HH:MM-HH:MM (24-hour format), the minimum resolution is 30 minute
max_idletimeintmax idle time in seconds, default is 1800. valid range is 60-86400
sle_excludedbooleanwhether to exclude this WLAN from SLE metrics, default is false
disablev1roam_notifybooleandisable sending v1 roam notification messages
disablev2roam_notifybooleandisable sending v2 roam notification messages

NOTE: specifically, enablewirelessbridging allows forwarding of DHCP response to client not associated with the AP

RADIUS Parameters

ParameterTypeDescription
NameTypeDescription
authserversnas_idstringoptional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
authserversnas_ipstringoptional, NAS-IP-ADDRESS to use
authserverstimeoutintradius auth session timeout, default is 5
authserversretriesintradius auth session retries, default is 2
auth_serverslistlist of RADIUS authentication servers, at least one is needed if auth type == eap, order matters where the first one is treated as primary
hoststringip / hostname of RADIUS server
portintport of RADIUS server, default is 1812 for auth server and 1813 for acct server
secretstringsecret of RADIUS server
acct_serverslistlist of RADIUS accounting servers, optional, order matters where the first one is treated as primary
acctinterimintervalinthow frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
coa_serverobjectCOA (change of authorization) server, optional
disableeventtimestamp_checkbooleanwhether to disable Event-Timestamp Check, which is used to replay-protection, default is false (i.e. for better security)
dynamic_vlanobjectfor 802.1x
enabledbooleanwhether to enable dynamic vlan, default is false
typestringstandard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco)
vlansobjectmap between vlan_id (as string) to airespace interface names (comma-separated) or null for stndard mapping
defaultvlanidintvlan_id to use when there's no match from RADIUS, default is 999
localvlanidslistvlan_ids to be locally bridged
radsecobjectRadSec related, once enabled, authservers / acctservers / coa_server will be ignored
server_namestringname of the server to verify (against the cacerts in Org Setting)
dnsserverrewriteobjectfor radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
radius_groupsobjectmap between radius_group and the desired DNS server (IPv4 only)
dynamic_pskobjectfor dynamic PSK where we get per-user PSK from Radius / Cloud WLC
default_pskstringdefault PSK to use if cloud WLC is not available, 8-63 characters

Airwatch Parameters

ParameterTypeDescription
airwatchobjectAirwatch related
console_urlstringconsole URL
api_keystringAPI Key
usernamestringusername
passwordstringpassword

Cisco CWA Parameters

Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA (https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html).

ParameterTypeDescription
cisco_cwaobjectCisco CWA Related
enabledbooleanwhether to enable CWA,
allowed_subnetslistlist of CIDRs
allowed_hostnameslistlist of hostnames without http(s):// (matched by substring)

QoS Parameters

ParameterTypeDescription
overwritebooleanwhether to overwrite QoS
classstringbackground / best_effort (default) / video / voice

Bonjour Parameters

Note: bonjour settings supercedes allow_mdns

ParameterTypeDescription
bonjourobjectbonjour-related
enabledbooleanwhether to enable bonjour for this WLAN, default is false. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false
servicesobjectwhat services are allowed
scopestringhow bonjour services should be discovered for the same WLAN, samesite (default) / samemap / same_ap
radius_groupslistoptional, if the service is further restricted for certain RADIUS groups
additionalvlanidslistadditional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses

Hostpot 2.0 Parameters

ParameterTypeDescription
hotspot20objecthotspot 2.0
enabledbooleanwhether to enable hotspot 2.0 config
operatorslistlist of operators to support, options: att, google, tmobile, charter, boingo, default is att
venue_namestringvenue name, default is site name

Data Tunnels Parameters

ParameterTypeDescription
interfacestringwhere this WLAN will be connected to. all (all external ports, default) / eth0 / eth1 / wxtunnel / mxtunnel / site_mxedge
wxtunnel_idstringwhen interface=wxtunnel, id of the WXLAN Tunnel
wxtunnelremoteidstringwhen interface=wxtunnel, remote tunnel identifier
mxtunnel_idstringwhen interface=mxtunnel, id of the Mist Tunnel
mxtunnel_namestringwhen interface=site_medge, name of the mxtunnel that in mxtunnels under Site Setting, default is default
mxtunnelobjectwhen interface=site_medge, the definition of the Mist Tunnels (key is the name)

Others Parameters

ParameterTypeDescription
dtimintdtim, default is 2
disable_wmmbooleanwhether to disable WMM, default is false
disable_uapsdbooleanwhether to disable U-APSD, default is false
useeapolv1booleanif auth.type=='eap' or 'psk', should only be set for legacy client, such as pre-2004, 802.11b devices
legacy_overdsbooleanlegacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn't support it). Warning! Enabling this will cause problem for iOS devices.
hostname_iebooleaninclude hostname inside IE in AP beacons / probe responses, default is false
enablelocalkeycachingbooleanenable AP-AP keycaching via multicast, default is false

Data Rates Parameters

ParameterTypeDescription
ratesetobjectrateset (data rates to support)
min_rssiintMinimum RSSI for client to connect, 0 means not enforcing
templatestringno-legacy (basically no 11b and only supports 6 or 12 and up for 11a/g) / compatible (allow more, the default for now) / high-density (only 11n and 11ac) / custom / legacy-only (disable HT/VHT IEs)
legacylistlist of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If template=custom is configured and legacy does not define at least one basic rate, it will use no-legacy default values
htstringMCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g.'00ff 00f0 001f'limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
vhtstringMCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g.'03ff 01ff 00ff'limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
disable_11axbooleansome old WLAN drivers may not be compatible , default is false

Rate Limit Parameters

ParameterTypeDescription
wlanlimitup_enabledbooleanif uplink limiting for whole wlan is enabled, default is false
wlanlimitupintkbps
wlanlimitdown_enabledbooleanif downlink limiting for whole wlan is enabled, default is false
wlanlimitdownintkbps
clientlimitup_enabledbooleanif uplink limiting per-client is enabled, default is false
clientlimitupintkbps
clientlimitdown_enabledbooleanif downlink limiting per-client is enabled, default is false
clientlimitdownintkbps
app_limitobjectbandwidth limiting for apps (applies to up/down)
appsobjectmap from app key to bandwidth in kbps. app key defined in'Get Application List
wxtag_idsobjectmap from wxtag_id of Hostname Wxlan Tags to bandwidth in kbps

Guest Portal Parameters

NameTypeDescription
portalobjectportal-related configurations
enabledbooleanwhether guest portal is enabled, default is false
authstringauthentication scheme, none (default, supporting multi auth) / external (external portal) / sso
forwardbooleanwhether to forward the user to another URL after authorized, default is false, this takes precedence
forward_urlstringthe URL to forward the user to
external_portal_urlstringexternal portal URL (e.g. https://host/url) where we can append our query parameters to
privacybooleanif enabled, personal information will not be stored (email, name, fields*), default is false
passwordstringpassphrase
passphrase_expirelonginterval for which guest remains authorized using passphrase auth (in minutes), default is none, if not provided, uses expire
sms_enabledbooleanwhen auth=multi, whether sms is enabled
sms_expirelonginterval for which guest remains authorized using sms auth (in minutes), default is none, if not provided, uses expire
passphrase_enabledbooleanwhether password is enabled
facebook_enabledbooleanwhether facebook is enabled as a login method
facebook_client_idstringfacebook OAuth2 app id. This is mandatory, if facebook_enabled is true
facebook_client_secretstringfacebook OAuth2 app secret. This is mandatory, if facebook_enabled is true
facebook_email_domainslistMatches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
facebook_expirelonginterval for which guest remains authorized using facebook auth (in minutes), default is none, if not provided, uses expire
google_enabledbooleanwhether google is enabled as login method
google_email_domainslistMatches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
google_expirelonginterval for which guest remains authorized using google auth (in minutes), default is none, if not provided, uses expire
amazon_enabledbooleanwhether amazon is enabled as a login method
amazon_client_idstringamazon OAuth2 client id. This is optional. If not provided, it will use a default one.
amazon_client_secretstringamazon OAuth2 client secret. If amazon_client_id was provided, provide a correspoinding value. Else leave blank.
amazon_email_domainslistMatches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
amazon_expirelonginterval for which guest remains authorized using amazon auth (in minutes), default is none, if not provided, uses expire
microsoft_enabledbooleanwhether microsoft 365 is enabled as a login method
microsoft_client_idstringmicrosoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
microsoft_client_secretstringmicrosoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a correspoinding value. Else leave blank.
microsoft_email_domainslistMatches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
microsoft_expirelonginterval for which guest remains authorized using microsoft auth (in minutes), default is none, if not provided, uses expire
azure_enabledbooleanwhether Azure Active Directory is enabled as a login method
azure_tenant_idstringazure active directory tenant id. This is mandatory if azure_enabled is true.
azure_client_idstringazure active directory app client id.This is mandatory if azure_enabled is true.
azure_client_secretstringazure active directory app client secret. This is mandatory if azure_enabled is true.
azure_expirelonginterval for which guest remains authorized using azure auth (in minutes), default is none, if not provided, uses expire
sms_enabledbooleanwhether sms is enabled as a login method
email_enabledbooleanwhether email (access code verification) is enabled as a login method
email_expirelonginterval for which guest remains authorized using email auth (in minutes), default is none, if not provided, uses expire
sms_providerstringhow the sms is routed. choices are manual, twilio,broadnet,clickatell, puzzel, gupshup, telstra. default is manual, where user has to select carrier.
twilio_sidstringAccount SID provided by Twilio
twilio_auth_tokenstringAuth token account with twilio account
twilio_phone_numberstringTwilio phone number associated with the account. See example for accepted format.
broadnet_user_idstringUser name supplied by BroadNet
broadnet_passwordstringPassword supplied by BroadNet
broadnet_sidstringSender Id for BroadNet (default is ‘MIST’)
clickatell_api_keystringAPI key provided by Clickatell
puzzel_service_idstringService ID provided by Puzzel
puzzel_usernamestringUsername provided by Puzzel
puzzel_passwordstringPassword provided by Puzzel
gupshup_useridstringUser id provided by Gupshup
gupshup_passwordstringPassword provided by Gupshup
telstra_client_idstringClient ID provided by Telstra
telstra_client_secretstringClient secret provided by Telstra
expirelonghow long to remain authorized, in minutes, default is 1440 (24 hours)
sponsor_enabledbooleanwhether sponsor is enabled
sponsor_email_domainslistlist of domain allowed for sponsor email. Required if sponsor_enabled is true and sponsors is empty.
sponsorsobjectobject of allowed sponsors email with name. Required if sponsor_enabled is true and sponsor_email_domains is empty.
sponsor_link_validity_durationinthow long to remain valid sponsored guest request approve/deny link received in email, in minutes, default is 60 minutes, min is 5 minutes and max is 60 minutes.
sponsor_notify_allbooleanwhether to notify all sponsors that are mentioned in sponsors object. Both sponsor_notify_all and predefined_sponsors_enabled should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
predefined_sponsors_enabledbooleanwhether to show list of sponsor emails mentioned in sponsors object as a dropdown. If both sponsor_notify_all and predefined_sponsors_enabled are false, behaviour is acc to sponsor_email_domains
sponsor_auto_approvebooleanwhether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled
predefined_sponsors_hide_emailbooleanwhether to hide sponsor’s email from list of sponsors, default is false
sponsor_status_notifybooleanwhether to notify guest about sponsor’s status via email
sponsor_expirelonginterval for which guest remains authorized using sponsor auth (in minutes), default is none, if not provided, uses expire
portal_api_secretstringapi secret (auto-generated) that can be used to sign guest authorization requests
portal_imagestringUrl of portal background image
thumbnailstringUrl of portal background image thumbnail
portal_allowed_subnetslistlist of CIDRs
portal_allowed_hostnameslistlist of hostnames without http(s):// (matched by substring)
portal_denied_hostnameslistlist of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
bypass_when_cloud_downbooleanwhether to bypass the guest portal when cloud not reachable (and apply the default policies), default is false
sso_issuerstringIDP issuer URL
sso_idp_certstringIDP Cert (used to verify the signed response)
sso_idp_sso_urlstringIDP Single-Sign-On URL
sso_idp_sign_algostringsigning algorithm for SAML Assertion
sso_nameid_formatstringemail (default) / unspecified
sso_default_rolestringdefault role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
portal_sso_urlstringfor SAML, this is used as the ACS URL
cross_sitebooleanwhether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication. default is false. (disable random_mac for seamless roaming)

Request Body

{"ssid"=>"corporate", "enabled"=>true, "auth"=>{"type"=>"psk", "psk"=>"foryoureyesonly", "enable_mac_auth"=>false, "multi_psk_only"=>false, "pairwise"=>["wpa1-ccmp", "wpa2-tkip", "wpa1-tkip", "wpa2-ccmp", "wpa3"], "wep_as_secondary_auth"=>false, "keys"=>["1234567890", nil, "0987654321", nil], "key_idx"=>1, "eap_reauth"=>false, "owe"=>"enabled", "private_wlan"=>true, "anticlog_threshold"=>16}, "dynamic_psk"=>{"enabled"=>true, "source"=>"radius", "default_vlan_id"=>999, "default_psk"=>"foryoureyesonly", "force_lookup"=>false}, "roam_mode"=>"none", "auth_servers_nas_id"=>"5c5b350e0101-nas", "auth_servers_nas_ip"=>"15.3.1.5", "auth_servers_timeout"=>5, "auth_servers_retries"=>3, "auth_server_selection"=>"ordered", "auth_servers"=>[{"host"=>"1.2.3.4", "port"=>1812, "secret"=>"testing123"}, {"host"=>"radius.internal", "port"=>1812, "secret"=>"testing123"}, {"host"=>"radius2", "port"=>1812, "secret"=>"testing123", "keywrap_enabled"=>true, "keywrap_format"=>"hex", "keywrap_kek"=>"1122334455", "keywrap_mack"=>"1122334455"}], "acct_servers"=>[{"host"=>"1.2.3.4", "port"=>1812, "secret"=>"testing123"}, {"host"=>"radius2", "port"=>1812, "secret"=>"testing123", "keywrap_enabled"=>true, "keywrap_format"=>"hex", "keywrap_kek"=>"1122334455", "keywrap_mack"=>"1122334455"}], "acct_interim_interval"=>0, "dynamic_vlan"=>{"enabled"=>true, "type"=>"airespace-interface-name", "vlans"=>[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, "default", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, "fast,video"], "default_vlan_id"=>999}, "dns_server_rewrite"=>{"enabled"=>true, "radius_groups"=>{"contractor"=>"172.1.1.1", "guest"=>"8.8.8.8"}}, "coa_servers"=>[{"enabled"=>false, "ip"=>"1.2.3.4", "port"=>3799, "secret"=>"testing456", "disable_event_timestamp_check"=>false}], "radsec"=>{"enabled"=>true, "server_name"=>"radsec.abc.com", "servers"=>[{"host"=>"1.1.1.1", "port"=>1812}, {"host"=>"radsec", "port"=>1812}], "idle_timeout"=>60, "use_mxedge"=>true, "coa_enabled"=>true, "mxcluster_ids"=>["572586b7-f97b-a22b-526c-8b97a3f609c4"], "use_site_mxedge"=>false, "proxy_hosts"=>["mxedge1.local"]}, "mist_nac"=>{"enabled"=>true}, "airwatch"=>{"enabled"=>true, "console_url"=>"https://hs1.airwatchportals.com", "api_key"=>"aHhlbGxvYXNkZmFzZGZhc2Rmc2RmCg==", "username"=>"user1", "password"=>"test123"}, "cisco_cwa"=>{"enabled"=>false, "allowed_subnets"=>["63.5.3.0/24"], "blocked_subnets"=>["192.168.0.0/16", "172.16.0.0/12"], "allowed_hostnames"=>["snapchat.com", "ibm.com"]}, "band"=>"24", "bands"=>["24", "5", "6"], "band_steer"=>true, "band_steer_force_band5"=>true, "rateset"=>[nil, nil, nil, nil, nil, {"min_rssi"=>-70, "template"=>"custom", "legacy"=>["6", "9", "12", "18", "24b", "36", "48", "54"], "ht"=>"00ff00ff00ff", "vht"=>"03ff03ff03ff01ff"}, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, {"min_rssi"=>0, "template"=>"default", "legacy"=>["1", "2b", "5.5", "11", "6", "9", "12", "18", "24", "36", "48", "54"], "ht"=>"00ff00ff00ff"}], "disable_ht_vht_rates"=>true, "disable_11ax"=>false, "interface"=>"site_mxedge", "vlan_enabled"=>false, "vlan_id"=>3, "vlan_pooling"=>false, "vlan_ids"=>[3, 4, 5], "wxtunnel_id"=>"7dae216d-7c98-a51b-e068-dd7d477b7216", "wxtunnel_remote_id"=>"wifiguest", "mxtunnel_ids"=>["08cd7499-5841-51c8-e663-fb16b6f3b45e"], "mxtunnel_names"=>["default"], "hide_ssid"=>false, "dtim"=>2, "disable_wmm"=>false, "disable_uapsd"=>false, "use_eapol_v1"=>false, "legacy_overds"=>false, "hostname_ie"=>false, "enable_local_keycaching"=>true, "isolation"=>false, "l2_isolation"=>false, "arp_filter"=>true, "limit_bcast"=>false, "allow_mdns"=>false, "allow_ssdp"=>false, "allow_ipv6_ndp"=>true, "no_static_ip"=>false, "no_static_dns"=>false, "limit_probe_response"=>false, "enable_wireless_bridging"=>false, "enable_wireless_bridging_dhcp_tracking"=>false, "block_blacklist_clients"=>false, "apply_to"=>"site", "wlan_limit_up_enabled"=>true, "wlan_limit_up"=>10240, "wlan_limit_down_enabled"=>true, "wlan_limit_down"=>20480, "client_limit_up_enabled"=>true, "client_limit_up"=>512, "client_limit_down_enabled"=>true, "client_limit_down"=>1024, "schedule"=>{"enabled"=>true, "hours"=>{"mon"=>"09:00-17:00", "fri"=>"09:00-17:00"}}, "qos"=>{"overwrite"=>true, "class"=>"best_effort"}, "app_limit"=>{"enabled"=>true, "apps"=>{"netflix"=>60, "dropbox"=>300}, "wxtag_ids"=>{"f99862d9-2726-931f-7559-3dfdf5d070d3"=>30}}, "app_qos"=>{"enabled"=>true, "apps"=>{"skype-business-voice"=>{"dscp"=>46}, "skype-business-video"=>{"dscp"=>32, "src_subnet"=>"10.2.0.0/16", "dst_subnet"=>"10.2.0.0/16"}}, "others"=>[{"protocol"=>"udp", "src_subnet"=>"10.2.0.0/16", "dst_subnet"=>"10.2.0.0/16", "port_ranges"=>"80,1024-65535", "dscp"=>32}]}, "bonjour"=>{"enabled"=>true, "services"=>{"airprint"=>{"scope"=>"same_map"}, "airplay"=>{"scope"=>"same_ap", "radius_groups"=>["teachers"]}}, "additional_vlan_ids"=>[80], "disable_local"=>false}, "hotspot20"=>{"enabled"=>true, "operators"=>["google", "att"], "venue_name"=>"some_name", "domain_name"=>["mist.com"], "rcoi"=>["5A03BA0000"], "nai_realms"=>[{"id"=>"mistsys.com", "eap_type"=>"tls"}]}, "inject_dhcp_option_82"=>{"enabled"=>true, "circuit_id"=>"{{SSID}}:{{AP_MAC}}"}, "max_idletime"=>1800, "sle_excluded"=>false, "disable_v1_roam_notify"=>true, "disable_v2_roam_notify"=>false, "portal"=>{"enabled"=>true, "auth"=>"sso", "sso_issuer"=>"https://app.onelogin.com/saml/metadata/138130", "sso_idp_cert"=>"-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----", "sso_idp_sign_algo"=>"sha256", "sso_idp_sso_url"=>"https://yourorg.onelogin.com/trust/saml2/http-post/sso/138130", "sso_nameid_format"=>"email", "sso_forced_role"=>"desired", "sso_default_role"=>"guest"}, "portal_template_url"=>"https://......", "portal_image"=>"https://url/to/image.png", "thumbnail"=>"https://url/to/image.png", "portal_api_secret"=>"EIfPMOykI3lMlDdNPub2WcbqT6dNOtWwmYHAd6bY", "portal_sso_url"=>"https://portal.mist.com/saml/be22bba7-8e22-e1cf-5185-b880816fe2cf/login", "portal_allowed_subnets"=>["63.5.3.0/24"], "portal_allowed_hostnames"=>["snapchat.com", "ibm.com"], "portal_denied_hostnames"=>["msg.snapchat.com"]}

HEADERS

KeyDatatypeRequiredDescription
Acceptstring
X-CSRFTokenstring
Content-Typestring