@pulumi/juniper-mist
Version:
A Pulumi package for creating and managing Juniper Mist resources.
1,149 lines (1,148 loc) • 42.7 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* This resource manages the Org Wlans.
*
* The WLAN object contains all the required configuration to broadcast an SSID (Authentication, VLAN, ...)
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as junipermist from "@pulumi/juniper-mist";
*
* const wlanOne = new junipermist.org.Wlan("wlan_one", {
* ssid: "wlan_one",
* orgId: terraformTest.id,
* templateId: test101.id,
* bands: [
* "5",
* "6",
* ],
* vlanEnabled: true,
* vlanId: "143",
* wlanLimitUp: "10000",
* wlanLimitDown: "20000",
* clientLimitUp: "512",
* clientLimitDown: "1000",
* auth: {
* type: "psk",
* psk: "secretpsk",
* },
* "interface": "all",
* });
* ```
*
* ## Import
*
* Using `pulumi import`, import `mist_org_wlan` with:
*
* Org WLAN can be imported by specifying the org_id and the wlan_id
*
* ```sh
* $ pulumi import junipermist:org/wlan:Wlan wlan_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
* ```
*/
export declare class Wlan extends pulumi.CustomResource {
/**
* Get an existing Wlan resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WlanState, opts?: pulumi.CustomResourceOptions): Wlan;
/**
* Returns true if the given object is an instance of Wlan. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Wlan;
/**
* Enable coa-immediate-update and address-change-immediate-update on the access profile.
*/
readonly acctImmediateUpdate: pulumi.Output<boolean>;
/**
* How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request
* from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended
* when enabled
*/
readonly acctInterimInterval: pulumi.Output<number>;
/**
* List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
*/
readonly acctServers: pulumi.Output<outputs.org.WlanAcctServer[]>;
/**
* Airwatch wlan settings
*/
readonly airwatch: pulumi.Output<outputs.org.WlanAirwatch>;
/**
* Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
*/
readonly allowIpv6Ndp: pulumi.Output<boolean>;
/**
* Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
*/
readonly allowMdns: pulumi.Output<boolean>;
/**
* Only applicable when `limitBcast`==`true`, which allows SSDP
*/
readonly allowSsdp: pulumi.Output<boolean>;
/**
* List of device ids
*/
readonly apIds: pulumi.Output<string[]>;
/**
* Bandwidth limiting for apps (applies to up/down)
*/
readonly appLimit: pulumi.Output<outputs.org.WlanAppLimit | undefined>;
/**
* APp qos wlan settings
*/
readonly appQos: pulumi.Output<outputs.org.WlanAppQos>;
/**
* enum: `aps`, `site`, `wxtags`
*/
readonly applyTo: pulumi.Output<string>;
/**
* Whether to enable smart arp filter
*/
readonly arpFilter: pulumi.Output<boolean>;
/**
* Authentication wlan settings
*/
readonly auth: pulumi.Output<outputs.org.WlanAuth | undefined>;
/**
* When ordered, AP will prefer and go back to the first server if possible. enum: `ordered`, `unordered`
*/
readonly authServerSelection: pulumi.Output<string>;
/**
* List of RADIUS authentication servers, at least one is needed if `auth type`==`eap`, order matters where the first one
* is treated as primary
*/
readonly authServers: pulumi.Output<outputs.org.WlanAuthServer[]>;
/**
* Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
*/
readonly authServersNasId: pulumi.Output<string>;
/**
* Optional, NAS-IP-ADDRESS to use
*/
readonly authServersNasIp: pulumi.Output<string>;
/**
* Radius auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set
* to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default
* value to 3.
*/
readonly authServersRetries: pulumi.Output<number | undefined>;
/**
* Radius auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and
* ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when
* setting authServersTimeout and is set to default value of 10.
*/
readonly authServersTimeout: pulumi.Output<number | undefined>;
/**
* Whether to enable band_steering, this works only when band==both
*/
readonly bandSteer: pulumi.Output<boolean>;
/**
* Force dualBand capable client to connect to 5G
*/
readonly bandSteerForceBand5: pulumi.Output<boolean | undefined>;
/**
* list of radios that the wlan should apply to. enum: `24`, `5`, `6`
*/
readonly bands: pulumi.Output<string[] | undefined>;
/**
* Whether to block the clients in the blacklist (up to first 256 macs)
*/
readonly blockBlacklistClients: pulumi.Output<boolean | undefined>;
/**
* Bonjour gateway wlan settings
*/
readonly bonjour: pulumi.Output<outputs.org.WlanBonjour | undefined>;
/**
* Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA:
* https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
*/
readonly ciscoCwa: pulumi.Output<outputs.org.WlanCiscoCwa>;
readonly clientLimitDown: pulumi.Output<string>;
/**
* If downlink limiting per-client is enabled
*/
readonly clientLimitDownEnabled: pulumi.Output<boolean | undefined>;
readonly clientLimitUp: pulumi.Output<string>;
/**
* If uplink limiting per-client is enabled
*/
readonly clientLimitUpEnabled: pulumi.Output<boolean | undefined>;
/**
* List of COA (change of authorization) servers, optional
*/
readonly coaServers: pulumi.Output<outputs.org.WlanCoaServer[] | undefined>;
/**
* Some old WLAN drivers may not be compatible
*/
readonly disable11ax: pulumi.Output<boolean>;
/**
* To disable Wi-Fi 7 EHT IEs
*/
readonly disable11be: pulumi.Output<boolean | undefined>;
/**
* To disable ht or vht rates
*/
readonly disableHtVhtRates: pulumi.Output<boolean | undefined>;
/**
* Whether to disable U-APSD
*/
readonly disableUapsd: pulumi.Output<boolean>;
/**
* Disable sending v2 roam notification messages
*/
readonly disableV1RoamNotify: pulumi.Output<boolean | undefined>;
/**
* Disable sending v2 roam notification messages
*/
readonly disableV2RoamNotify: pulumi.Output<boolean | undefined>;
/**
* When any of the following is true, this WLAN will be disabled * cannot get IP * cannot obtain default gateway * cannot
* reach default gateway
*/
readonly disableWhenGatewayUnreachable: pulumi.Output<boolean | undefined>;
readonly disableWhenMxtunnelDown: pulumi.Output<boolean | undefined>;
/**
* Whether to disable WMM
*/
readonly disableWmm: pulumi.Output<boolean>;
/**
* For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
*/
readonly dnsServerRewrite: pulumi.Output<outputs.org.WlanDnsServerRewrite | undefined>;
readonly dtim: pulumi.Output<number>;
/**
* For dynamic PSK where we get perUser PSK from Radius. dynamicPsk allows PSK to be selected at runtime depending on
* context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
* AP sends client MAC as username and password (i.e. `enableMacAuth` is assumed) * AP sends BSSID:SSID as
* Caller-Station-ID * `authServers` is required * PSK will come from cloud WLC if source is cloudPsks * defaultPsk will be
* used if cloud WLC is not available * `multiPskOnly` and `psk` is ignored * `pairwise` can only be wpa2-ccmp (for now,
* wpa3 support on the roadmap)
*/
readonly dynamicPsk: pulumi.Output<outputs.org.WlanDynamicPsk | undefined>;
/**
* For 802.1x
*/
readonly dynamicVlan: pulumi.Output<outputs.org.WlanDynamicVlan | undefined>;
/**
* Enable AP-AP keycaching via multicast
*/
readonly enableLocalKeycaching: pulumi.Output<boolean | undefined>;
/**
* By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where
* client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
*/
readonly enableWirelessBridging: pulumi.Output<boolean | undefined>;
/**
* If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response
* packets to be forwarded to wireless
*/
readonly enableWirelessBridgingDhcpTracking: pulumi.Output<boolean | undefined>;
/**
* If this wlan is enabled
*/
readonly enabled: pulumi.Output<boolean>;
/**
* If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and
* ‘auth_server_retries’ .
*/
readonly fastDot1xTimers: pulumi.Output<boolean | undefined>;
/**
* Whether to hide SSID in beacon
*/
readonly hideSsid: pulumi.Output<boolean>;
/**
* Include hostname inside IE in AP beacons / probe responses
*/
readonly hostnameIe: pulumi.Output<boolean>;
/**
* Hostspot 2.0 wlan settings
*/
readonly hotspot20: pulumi.Output<outputs.org.WlanHotspot20 | undefined>;
readonly injectDhcpOption82: pulumi.Output<outputs.org.WlanInjectDhcpOption82 | undefined>;
/**
* where this WLAN will be connected to. enum: `all`, `eth0`, `eth1`, `eth2`, `eth3`, `mxtunnel`, `siteMxedge`, `wxtunnel`
*/
readonly interface: pulumi.Output<string>;
/**
* Whether to stop clients to talk to each other
*/
readonly isolation: pulumi.Output<boolean | undefined>;
/**
* If isolation is enabled, whether to deny clients to talk to L2 on the LAN
*/
readonly l2Isolation: pulumi.Output<boolean | undefined>;
/**
* Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning!
* Enabling this will cause problem for iOS devices.
*/
readonly legacyOverds: pulumi.Output<boolean | undefined>;
/**
* Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
*/
readonly limitBcast: pulumi.Output<boolean>;
/**
* Limit probe response base on some heuristic rules
*/
readonly limitProbeResponse: pulumi.Output<boolean>;
/**
* Max idle time in seconds
*/
readonly maxIdletime: pulumi.Output<number>;
/**
* Maximum number of client connected to the SSID. `0` means unlimited
*/
readonly maxNumClients: pulumi.Output<number | undefined>;
readonly mistNac: pulumi.Output<outputs.org.WlanMistNac>;
readonly mspId: pulumi.Output<string>;
/**
* When `interface`=`mxtunnel`, id of the Mist Tunnel
*/
readonly mxtunnelIds: pulumi.Output<string[]>;
/**
* When `interface`=`siteMxedge`, name of the mxtunnel that in mxtunnels under Site Setting
*/
readonly mxtunnelNames: pulumi.Output<string[]>;
/**
* Whether to only allow client to use DNS that we’ve learned from DHCP response
*/
readonly noStaticDns: pulumi.Output<boolean>;
/**
* Whether to only allow client that we’ve learned from DHCP exchange to talk
*/
readonly noStaticIp: pulumi.Output<boolean>;
readonly orgId: pulumi.Output<string>;
/**
* Portal wlan settings
*/
readonly portal: pulumi.Output<outputs.org.WlanPortal>;
/**
* List of hostnames without http(s):// (matched by substring)
*/
readonly portalAllowedHostnames: pulumi.Output<string[]>;
/**
* List of CIDRs
*/
readonly portalAllowedSubnets: pulumi.Output<string[]>;
/**
* APi secret (auto-generated) that can be used to sign guest authorization requests
*/
readonly portalApiSecret: pulumi.Output<string>;
/**
* List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
*/
readonly portalDeniedHostnames: pulumi.Output<string[]>;
/**
* Url of portal background image
*/
readonly portalImage: pulumi.Output<string>;
readonly portalSsoUrl: pulumi.Output<string>;
readonly qos: pulumi.Output<outputs.org.WlanQos>;
/**
* RadSec settings
*/
readonly radsec: pulumi.Output<outputs.org.WlanRadsec>;
/**
* Property key is the RF band. enum: `24`, `5`, `6`
*/
readonly rateset: pulumi.Output<{
[key: string]: outputs.org.WlanRateset;
}>;
/**
* When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
*/
readonly reconnectClientsWhenRoamingMxcluster: pulumi.Output<boolean | undefined>;
/**
* enum: `11r`, `OKC`, `NONE`
*/
readonly roamMode: pulumi.Output<string | undefined>;
/**
* WLAN operating schedule, default is disabled
*/
readonly schedule: pulumi.Output<outputs.org.WlanSchedule>;
/**
* Whether to exclude this WLAN from SLE metrics
*/
readonly sleExcluded: pulumi.Output<boolean | undefined>;
/**
* Name of the SSID
*/
readonly ssid: pulumi.Output<string>;
readonly templateId: pulumi.Output<string>;
/**
* If `auth.type`==`eap` or `auth.type`==`psk`, should only be set for legacy client, such as pre-2004, 802.11b devices
*/
readonly useEapolV1: pulumi.Output<boolean>;
/**
* If vlan tagging is enabled
*/
readonly vlanEnabled: pulumi.Output<boolean>;
readonly vlanId: pulumi.Output<string | undefined>;
/**
* if `vlanEnabled`==`true` and `vlanPooling`==`true`. List of VLAN IDs (comma separated) to be used in the VLAN Pool
*/
readonly vlanIds: pulumi.Output<string[]>;
/**
* Requires `vlanEnabled`==`true` to be set to `true`. Vlan pooling allows AP to place client on different VLAN using a
* deterministic algorithm
*/
readonly vlanPooling: pulumi.Output<boolean>;
readonly wlanLimitDown: pulumi.Output<string>;
/**
* If downlink limiting for whole wlan is enabled
*/
readonly wlanLimitDownEnabled: pulumi.Output<boolean | undefined>;
readonly wlanLimitUp: pulumi.Output<string>;
/**
* If uplink limiting for whole wlan is enabled
*/
readonly wlanLimitUpEnabled: pulumi.Output<boolean | undefined>;
/**
* List of wxtag_ids
*/
readonly wxtagIds: pulumi.Output<string[]>;
/**
* When `interface`=`wxtunnel`, id of the WXLAN Tunnel
*/
readonly wxtunnelId: pulumi.Output<string>;
/**
* When `interface`=`wxtunnel`, remote tunnel identifier
*/
readonly wxtunnelRemoteId: pulumi.Output<string>;
/**
* Create a Wlan resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: WlanArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Wlan resources.
*/
export interface WlanState {
/**
* Enable coa-immediate-update and address-change-immediate-update on the access profile.
*/
acctImmediateUpdate?: pulumi.Input<boolean>;
/**
* How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request
* from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended
* when enabled
*/
acctInterimInterval?: pulumi.Input<number>;
/**
* List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
*/
acctServers?: pulumi.Input<pulumi.Input<inputs.org.WlanAcctServer>[]>;
/**
* Airwatch wlan settings
*/
airwatch?: pulumi.Input<inputs.org.WlanAirwatch>;
/**
* Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
*/
allowIpv6Ndp?: pulumi.Input<boolean>;
/**
* Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
*/
allowMdns?: pulumi.Input<boolean>;
/**
* Only applicable when `limitBcast`==`true`, which allows SSDP
*/
allowSsdp?: pulumi.Input<boolean>;
/**
* List of device ids
*/
apIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Bandwidth limiting for apps (applies to up/down)
*/
appLimit?: pulumi.Input<inputs.org.WlanAppLimit>;
/**
* APp qos wlan settings
*/
appQos?: pulumi.Input<inputs.org.WlanAppQos>;
/**
* enum: `aps`, `site`, `wxtags`
*/
applyTo?: pulumi.Input<string>;
/**
* Whether to enable smart arp filter
*/
arpFilter?: pulumi.Input<boolean>;
/**
* Authentication wlan settings
*/
auth?: pulumi.Input<inputs.org.WlanAuth>;
/**
* When ordered, AP will prefer and go back to the first server if possible. enum: `ordered`, `unordered`
*/
authServerSelection?: pulumi.Input<string>;
/**
* List of RADIUS authentication servers, at least one is needed if `auth type`==`eap`, order matters where the first one
* is treated as primary
*/
authServers?: pulumi.Input<pulumi.Input<inputs.org.WlanAuthServer>[]>;
/**
* Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
*/
authServersNasId?: pulumi.Input<string>;
/**
* Optional, NAS-IP-ADDRESS to use
*/
authServersNasIp?: pulumi.Input<string>;
/**
* Radius auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set
* to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default
* value to 3.
*/
authServersRetries?: pulumi.Input<number>;
/**
* Radius auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and
* ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when
* setting authServersTimeout and is set to default value of 10.
*/
authServersTimeout?: pulumi.Input<number>;
/**
* Whether to enable band_steering, this works only when band==both
*/
bandSteer?: pulumi.Input<boolean>;
/**
* Force dualBand capable client to connect to 5G
*/
bandSteerForceBand5?: pulumi.Input<boolean>;
/**
* list of radios that the wlan should apply to. enum: `24`, `5`, `6`
*/
bands?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether to block the clients in the blacklist (up to first 256 macs)
*/
blockBlacklistClients?: pulumi.Input<boolean>;
/**
* Bonjour gateway wlan settings
*/
bonjour?: pulumi.Input<inputs.org.WlanBonjour>;
/**
* Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA:
* https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
*/
ciscoCwa?: pulumi.Input<inputs.org.WlanCiscoCwa>;
clientLimitDown?: pulumi.Input<string>;
/**
* If downlink limiting per-client is enabled
*/
clientLimitDownEnabled?: pulumi.Input<boolean>;
clientLimitUp?: pulumi.Input<string>;
/**
* If uplink limiting per-client is enabled
*/
clientLimitUpEnabled?: pulumi.Input<boolean>;
/**
* List of COA (change of authorization) servers, optional
*/
coaServers?: pulumi.Input<pulumi.Input<inputs.org.WlanCoaServer>[]>;
/**
* Some old WLAN drivers may not be compatible
*/
disable11ax?: pulumi.Input<boolean>;
/**
* To disable Wi-Fi 7 EHT IEs
*/
disable11be?: pulumi.Input<boolean>;
/**
* To disable ht or vht rates
*/
disableHtVhtRates?: pulumi.Input<boolean>;
/**
* Whether to disable U-APSD
*/
disableUapsd?: pulumi.Input<boolean>;
/**
* Disable sending v2 roam notification messages
*/
disableV1RoamNotify?: pulumi.Input<boolean>;
/**
* Disable sending v2 roam notification messages
*/
disableV2RoamNotify?: pulumi.Input<boolean>;
/**
* When any of the following is true, this WLAN will be disabled * cannot get IP * cannot obtain default gateway * cannot
* reach default gateway
*/
disableWhenGatewayUnreachable?: pulumi.Input<boolean>;
disableWhenMxtunnelDown?: pulumi.Input<boolean>;
/**
* Whether to disable WMM
*/
disableWmm?: pulumi.Input<boolean>;
/**
* For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
*/
dnsServerRewrite?: pulumi.Input<inputs.org.WlanDnsServerRewrite>;
dtim?: pulumi.Input<number>;
/**
* For dynamic PSK where we get perUser PSK from Radius. dynamicPsk allows PSK to be selected at runtime depending on
* context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
* AP sends client MAC as username and password (i.e. `enableMacAuth` is assumed) * AP sends BSSID:SSID as
* Caller-Station-ID * `authServers` is required * PSK will come from cloud WLC if source is cloudPsks * defaultPsk will be
* used if cloud WLC is not available * `multiPskOnly` and `psk` is ignored * `pairwise` can only be wpa2-ccmp (for now,
* wpa3 support on the roadmap)
*/
dynamicPsk?: pulumi.Input<inputs.org.WlanDynamicPsk>;
/**
* For 802.1x
*/
dynamicVlan?: pulumi.Input<inputs.org.WlanDynamicVlan>;
/**
* Enable AP-AP keycaching via multicast
*/
enableLocalKeycaching?: pulumi.Input<boolean>;
/**
* By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where
* client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
*/
enableWirelessBridging?: pulumi.Input<boolean>;
/**
* If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response
* packets to be forwarded to wireless
*/
enableWirelessBridgingDhcpTracking?: pulumi.Input<boolean>;
/**
* If this wlan is enabled
*/
enabled?: pulumi.Input<boolean>;
/**
* If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and
* ‘auth_server_retries’ .
*/
fastDot1xTimers?: pulumi.Input<boolean>;
/**
* Whether to hide SSID in beacon
*/
hideSsid?: pulumi.Input<boolean>;
/**
* Include hostname inside IE in AP beacons / probe responses
*/
hostnameIe?: pulumi.Input<boolean>;
/**
* Hostspot 2.0 wlan settings
*/
hotspot20?: pulumi.Input<inputs.org.WlanHotspot20>;
injectDhcpOption82?: pulumi.Input<inputs.org.WlanInjectDhcpOption82>;
/**
* where this WLAN will be connected to. enum: `all`, `eth0`, `eth1`, `eth2`, `eth3`, `mxtunnel`, `siteMxedge`, `wxtunnel`
*/
interface?: pulumi.Input<string>;
/**
* Whether to stop clients to talk to each other
*/
isolation?: pulumi.Input<boolean>;
/**
* If isolation is enabled, whether to deny clients to talk to L2 on the LAN
*/
l2Isolation?: pulumi.Input<boolean>;
/**
* Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning!
* Enabling this will cause problem for iOS devices.
*/
legacyOverds?: pulumi.Input<boolean>;
/**
* Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
*/
limitBcast?: pulumi.Input<boolean>;
/**
* Limit probe response base on some heuristic rules
*/
limitProbeResponse?: pulumi.Input<boolean>;
/**
* Max idle time in seconds
*/
maxIdletime?: pulumi.Input<number>;
/**
* Maximum number of client connected to the SSID. `0` means unlimited
*/
maxNumClients?: pulumi.Input<number>;
mistNac?: pulumi.Input<inputs.org.WlanMistNac>;
mspId?: pulumi.Input<string>;
/**
* When `interface`=`mxtunnel`, id of the Mist Tunnel
*/
mxtunnelIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* When `interface`=`siteMxedge`, name of the mxtunnel that in mxtunnels under Site Setting
*/
mxtunnelNames?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether to only allow client to use DNS that we’ve learned from DHCP response
*/
noStaticDns?: pulumi.Input<boolean>;
/**
* Whether to only allow client that we’ve learned from DHCP exchange to talk
*/
noStaticIp?: pulumi.Input<boolean>;
orgId?: pulumi.Input<string>;
/**
* Portal wlan settings
*/
portal?: pulumi.Input<inputs.org.WlanPortal>;
/**
* List of hostnames without http(s):// (matched by substring)
*/
portalAllowedHostnames?: pulumi.Input<pulumi.Input<string>[]>;
/**
* List of CIDRs
*/
portalAllowedSubnets?: pulumi.Input<pulumi.Input<string>[]>;
/**
* APi secret (auto-generated) that can be used to sign guest authorization requests
*/
portalApiSecret?: pulumi.Input<string>;
/**
* List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
*/
portalDeniedHostnames?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Url of portal background image
*/
portalImage?: pulumi.Input<string>;
portalSsoUrl?: pulumi.Input<string>;
qos?: pulumi.Input<inputs.org.WlanQos>;
/**
* RadSec settings
*/
radsec?: pulumi.Input<inputs.org.WlanRadsec>;
/**
* Property key is the RF band. enum: `24`, `5`, `6`
*/
rateset?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.org.WlanRateset>;
}>;
/**
* When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
*/
reconnectClientsWhenRoamingMxcluster?: pulumi.Input<boolean>;
/**
* enum: `11r`, `OKC`, `NONE`
*/
roamMode?: pulumi.Input<string>;
/**
* WLAN operating schedule, default is disabled
*/
schedule?: pulumi.Input<inputs.org.WlanSchedule>;
/**
* Whether to exclude this WLAN from SLE metrics
*/
sleExcluded?: pulumi.Input<boolean>;
/**
* Name of the SSID
*/
ssid?: pulumi.Input<string>;
templateId?: pulumi.Input<string>;
/**
* If `auth.type`==`eap` or `auth.type`==`psk`, should only be set for legacy client, such as pre-2004, 802.11b devices
*/
useEapolV1?: pulumi.Input<boolean>;
/**
* If vlan tagging is enabled
*/
vlanEnabled?: pulumi.Input<boolean>;
vlanId?: pulumi.Input<string>;
/**
* if `vlanEnabled`==`true` and `vlanPooling`==`true`. List of VLAN IDs (comma separated) to be used in the VLAN Pool
*/
vlanIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Requires `vlanEnabled`==`true` to be set to `true`. Vlan pooling allows AP to place client on different VLAN using a
* deterministic algorithm
*/
vlanPooling?: pulumi.Input<boolean>;
wlanLimitDown?: pulumi.Input<string>;
/**
* If downlink limiting for whole wlan is enabled
*/
wlanLimitDownEnabled?: pulumi.Input<boolean>;
wlanLimitUp?: pulumi.Input<string>;
/**
* If uplink limiting for whole wlan is enabled
*/
wlanLimitUpEnabled?: pulumi.Input<boolean>;
/**
* List of wxtag_ids
*/
wxtagIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* When `interface`=`wxtunnel`, id of the WXLAN Tunnel
*/
wxtunnelId?: pulumi.Input<string>;
/**
* When `interface`=`wxtunnel`, remote tunnel identifier
*/
wxtunnelRemoteId?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Wlan resource.
*/
export interface WlanArgs {
/**
* Enable coa-immediate-update and address-change-immediate-update on the access profile.
*/
acctImmediateUpdate?: pulumi.Input<boolean>;
/**
* How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request
* from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended
* when enabled
*/
acctInterimInterval?: pulumi.Input<number>;
/**
* List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
*/
acctServers?: pulumi.Input<pulumi.Input<inputs.org.WlanAcctServer>[]>;
/**
* Airwatch wlan settings
*/
airwatch?: pulumi.Input<inputs.org.WlanAirwatch>;
/**
* Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
*/
allowIpv6Ndp?: pulumi.Input<boolean>;
/**
* Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
*/
allowMdns?: pulumi.Input<boolean>;
/**
* Only applicable when `limitBcast`==`true`, which allows SSDP
*/
allowSsdp?: pulumi.Input<boolean>;
/**
* List of device ids
*/
apIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Bandwidth limiting for apps (applies to up/down)
*/
appLimit?: pulumi.Input<inputs.org.WlanAppLimit>;
/**
* APp qos wlan settings
*/
appQos?: pulumi.Input<inputs.org.WlanAppQos>;
/**
* enum: `aps`, `site`, `wxtags`
*/
applyTo?: pulumi.Input<string>;
/**
* Whether to enable smart arp filter
*/
arpFilter?: pulumi.Input<boolean>;
/**
* Authentication wlan settings
*/
auth?: pulumi.Input<inputs.org.WlanAuth>;
/**
* When ordered, AP will prefer and go back to the first server if possible. enum: `ordered`, `unordered`
*/
authServerSelection?: pulumi.Input<string>;
/**
* List of RADIUS authentication servers, at least one is needed if `auth type`==`eap`, order matters where the first one
* is treated as primary
*/
authServers?: pulumi.Input<pulumi.Input<inputs.org.WlanAuthServer>[]>;
/**
* Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
*/
authServersNasId?: pulumi.Input<string>;
/**
* Optional, NAS-IP-ADDRESS to use
*/
authServersNasIp?: pulumi.Input<string>;
/**
* Radius auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’ are set
* to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default
* value to 3.
*/
authServersRetries?: pulumi.Input<number>;
/**
* Radius auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’ and
* ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when
* setting authServersTimeout and is set to default value of 10.
*/
authServersTimeout?: pulumi.Input<number>;
/**
* Whether to enable band_steering, this works only when band==both
*/
bandSteer?: pulumi.Input<boolean>;
/**
* Force dualBand capable client to connect to 5G
*/
bandSteerForceBand5?: pulumi.Input<boolean>;
/**
* list of radios that the wlan should apply to. enum: `24`, `5`, `6`
*/
bands?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether to block the clients in the blacklist (up to first 256 macs)
*/
blockBlacklistClients?: pulumi.Input<boolean>;
/**
* Bonjour gateway wlan settings
*/
bonjour?: pulumi.Input<inputs.org.WlanBonjour>;
/**
* Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA:
* https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
*/
ciscoCwa?: pulumi.Input<inputs.org.WlanCiscoCwa>;
clientLimitDown?: pulumi.Input<string>;
/**
* If downlink limiting per-client is enabled
*/
clientLimitDownEnabled?: pulumi.Input<boolean>;
clientLimitUp?: pulumi.Input<string>;
/**
* If uplink limiting per-client is enabled
*/
clientLimitUpEnabled?: pulumi.Input<boolean>;
/**
* List of COA (change of authorization) servers, optional
*/
coaServers?: pulumi.Input<pulumi.Input<inputs.org.WlanCoaServer>[]>;
/**
* Some old WLAN drivers may not be compatible
*/
disable11ax?: pulumi.Input<boolean>;
/**
* To disable Wi-Fi 7 EHT IEs
*/
disable11be?: pulumi.Input<boolean>;
/**
* To disable ht or vht rates
*/
disableHtVhtRates?: pulumi.Input<boolean>;
/**
* Whether to disable U-APSD
*/
disableUapsd?: pulumi.Input<boolean>;
/**
* Disable sending v2 roam notification messages
*/
disableV1RoamNotify?: pulumi.Input<boolean>;
/**
* Disable sending v2 roam notification messages
*/
disableV2RoamNotify?: pulumi.Input<boolean>;
/**
* When any of the following is true, this WLAN will be disabled * cannot get IP * cannot obtain default gateway * cannot
* reach default gateway
*/
disableWhenGatewayUnreachable?: pulumi.Input<boolean>;
disableWhenMxtunnelDown?: pulumi.Input<boolean>;
/**
* Whether to disable WMM
*/
disableWmm?: pulumi.Input<boolean>;
/**
* For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
*/
dnsServerRewrite?: pulumi.Input<inputs.org.WlanDnsServerRewrite>;
dtim?: pulumi.Input<number>;
/**
* For dynamic PSK where we get perUser PSK from Radius. dynamicPsk allows PSK to be selected at runtime depending on
* context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
* AP sends client MAC as username and password (i.e. `enableMacAuth` is assumed) * AP sends BSSID:SSID as
* Caller-Station-ID * `authServers` is required * PSK will come from cloud WLC if source is cloudPsks * defaultPsk will be
* used if cloud WLC is not available * `multiPskOnly` and `psk` is ignored * `pairwise` can only be wpa2-ccmp (for now,
* wpa3 support on the roadmap)
*/
dynamicPsk?: pulumi.Input<inputs.org.WlanDynamicPsk>;
/**
* For 802.1x
*/
dynamicVlan?: pulumi.Input<inputs.org.WlanDynamicVlan>;
/**
* Enable AP-AP keycaching via multicast
*/
enableLocalKeycaching?: pulumi.Input<boolean>;
/**
* By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where
* client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
*/
enableWirelessBridging?: pulumi.Input<boolean>;
/**
* If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response
* packets to be forwarded to wireless
*/
enableWirelessBridgingDhcpTracking?: pulumi.Input<boolean>;
/**
* If this wlan is enabled
*/
enabled?: pulumi.Input<boolean>;
/**
* If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and
* ‘auth_server_retries’ .
*/
fastDot1xTimers?: pulumi.Input<boolean>;
/**
* Whether to hide SSID in beacon
*/
hideSsid?: pulumi.Input<boolean>;
/**
* Include hostname inside IE in AP beacons / probe responses
*/
hostnameIe?: pulumi.Input<boolean>;
/**
* Hostspot 2.0 wlan settings
*/
hotspot20?: pulumi.Input<inputs.org.WlanHotspot20>;
injectDhcpOption82?: pulumi.Input<inputs.org.WlanInjectDhcpOption82>;
/**
* where this WLAN will be connected to. enum: `all`, `eth0`, `eth1`, `eth2`, `eth3`, `mxtunnel`, `siteMxedge`, `wxtunnel`
*/
interface?: pulumi.Input<string>;
/**
* Whether to stop clients to talk to each other
*/
isolation?: pulumi.Input<boolean>;
/**
* If isolation is enabled, whether to deny clients to talk to L2 on the LAN
*/
l2Isolation?: pulumi.Input<boolean>;
/**
* Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning!
* Enabling this will cause problem for iOS devices.
*/
legacyOverds?: pulumi.Input<boolean>;
/**
* Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
*/
limitBcast?: pulumi.Input<boolean>;
/**
* Limit probe response base on some heuristic rules
*/
limitProbeResponse?: pulumi.Input<boolean>;
/**
* Max idle time in seconds
*/
maxIdletime?: pulumi.Input<number>;
/**
* Maximum number of client connected to the SSID. `0` means unlimited
*/
maxNumClients?: pulumi.Input<number>;
mistNac?: pulumi.Input<inputs.org.WlanMistNac>;
/**
* When `interface`=`mxtunnel`, id of the Mist Tunnel
*/
mxtunnelIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* When `interface`=`siteMxedge`, name of the mxtunnel that in mxtunnels under Site Setting
*/
mxtunnelNames?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether to only allow client to use DNS that we’ve learned from DHCP response
*/
noStaticDns?: pulumi.Input<boolean>;
/**
* Whether to only allow client that we’ve learned from DHCP exchange to talk
*/
noStaticIp?: pulumi.Input<boolean>;
orgId: pulumi.Input<string>;
/**
* Portal wlan settings
*/
portal?: pulumi.Input<inputs.org.WlanPortal>;
/**
* List of hostnames without http(s):// (matched by substring)
*/
portalAllowedHostnames?: pulumi.Input<pulumi.Input<string>[]>;
/**
* List of CIDRs
*/
portalAllowedSubnets?: pulumi.Input<pulumi.Input<string>[]>;
/**
* List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
*/
portalDeniedHostnames?: pulumi.Input<pulumi.Input<string>[]>;
qos?: pulumi.Input<inputs.org.WlanQos>;
/**
* RadSec settings
*/
radsec?: pulumi.Input<inputs.org.WlanRadsec>;
/**
* Property key is the RF band. enum: `24`, `5`, `6`
*/
rateset?: pulumi.Input<{
[key: string]: pulumi.Input<inputs.org.WlanRateset>;
}>;
/**
* When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
*/
reconnectClientsWhenRoamingMxcluster?: pulumi.Input<boolean>;
/**
* enum: `11r`, `OKC`, `NONE`
*/
roamMode?: pulumi.Input<string>;
/**
* WLAN operating schedule, default is disabled
*/
schedule?: pulumi.Input<inputs.org.WlanSchedule>;
/**
* Whether to exclude this WLAN from SLE metrics
*/
sleExcluded?: pulumi.Input<boolean>;
/**
* Name of the SSID
*/
ssid: pulumi.Input<string>;
templateId: pulumi.Input<string>;
/**
* If `auth.type`==`eap` or `auth.type`==`psk`, should only be set for legacy client, such as pre-2004, 802.11b devices
*/
useEapolV1?: pulumi.Input<boolean>;
/**
* If vlan tagging is enabled
*/
vlanEnabled?: pulumi.Input<boolean>;
vlanId?: pulumi.Input<string>;
/**
* if `vlanEnabled`==`true` and `vlanPooling`==`true`. List of VLAN IDs (comma separated) to be used in the VLAN Pool
*/
vlanIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Requires `vlanEnabled`==`true` to be set to `true`. Vlan pooling allows AP to place client on different VLAN using a
* deterministic algorithm
*/
vlanPooling?: pulumi.Input<boolean>;
wlanLimitDown?: pulumi.Input<string>;
/**
* If downlink limiting for whole wlan is enabled
*/
wlanLimitDownEnabled?: pulumi.Input<boolean>;
wlanLimitUp?: pulumi.Input<string>;
/**
* If uplink limiting for whole wlan is enabled
*/
wlanLimitUpEnabled?: pulumi.Input<boolean>;
/**
* List of wxtag_ids
*/
wxtagIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* When `interface`=`wxtunnel`, id of the WXLAN Tunnel
*/
wxtunnelId?: pulumi.Input<string>;
/**
* When `interface`=`wxtunnel`, remote tunnel identifier
*/
wxtunnelRemoteId?: pulumi.Input<string>;
}