cisco.meraki.networks_wireless_ssids module -- Resource module for networks _wireless _ssids

Note

This module is part of the cisco.meraki collection (version 2.18.2).

To install it, use: ansible-galaxy collection install cisco.meraki. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cisco.meraki.networks_wireless_ssids.

New in cisco.meraki 2.16.0

Synopsis

  • Manage operation update of the resource networks _wireless _ssids.

  • Update the attributes of an MR SSID.

Note

This module has a corresponding action plugin.

Requirements

The below requirements are needed on the host that executes this module.

  • meraki >= 2.4.9

  • python >= 3.5

Parameters

Parameter

Comments

activeDirectory

dictionary

The current setting for Active Directory. Only valid if splashPage is 'Password-protected with Active Directory'.

credentials

dictionary

(Optional) The credentials of the user account to be used by the AP to bind to your Active Directory server. The Active Directory account should have permissions on all your Active Directory servers. Only valid if the splashPage is 'Password-protected with Active Directory'.

logonName

string

The logon name of the Active Directory account.

password

string

The password to the Active Directory user account.

servers

list / elements=dictionary

The Active Directory servers to be used for authentication.

host

string

IP address (or FQDN) of your Active Directory server.

port

integer

(Optional) UDP port the Active Directory server listens on. By default, uses port 3268.

adultContentFilteringEnabled

boolean

Boolean indicating whether or not adult content will be blocked.

Choices:

apTagsAndVlanIds

list / elements=dictionary

The list of tags and VLAN IDs used for VLAN tagging. This param is only valid when the ipAssignmentMode is 'Bridge mode' or 'Layer 3 roaming'.

tags

list / elements=string

Array of AP tags.

vlanId

integer

Numerical identifier that is assigned to the VLAN.

authMode

string

The association control method for the SSID ('open', 'open-enhanced', 'psk', 'open-with-radius', 'open-with-nac', '8021x-meraki', '8021x-nac', '8021x-radius', '8021x-google', '8021x-localradius', 'ipsk-with-radius', 'ipsk-without-radius' or 'ipsk-with-nac').

availabilityTags

list / elements=string

Accepts a list of tags for this SSID. If availableOnAllAps is false, then the SSID will only be broadcast by APs with tags matching any of the tags in this list.

availableOnAllAps

boolean

Boolean indicating whether all APs should broadcast the SSID or if it should be restricted to APs matching any availability tags. Can only be false if the SSID has availability tags.

Choices:

bandSelection

string

The client-serving radio frequencies of this SSID in the default indoor RF profile. ('Dual band operation', '5 GHz band only' or 'Dual band operation with Band Steering').

concentratorNetworkId

string

The concentrator to use when the ipAssignmentMode is 'Layer 3 roaming with a concentrator' or 'VPN'.

defaultVlanId

integer

The default VLAN ID used for 'all other APs'. This param is only valid when the ipAssignmentMode is 'Bridge mode' or 'Layer 3 roaming'.

disassociateClientsOnVpnFailover

boolean

Disassociate clients when 'VPN' concentrator failover occurs in order to trigger clients to re-associate and generate new DHCP requests. This param is only valid if ipAssignmentMode is 'VPN'.

Choices:

dnsRewrite

dictionary

DNS servers rewrite settings.

dnsCustomNameservers

list / elements=string

User specified DNS servers (up to two servers).

enabled

boolean

Boolean indicating whether or not DNS server rewrite is enabled. If disabled, upstream DNS will be used.

Choices:

dot11r

dictionary

The current setting for 802.11r.

adaptive

boolean

(Optional) Whether 802.11r is adaptive or not.

Choices:

enabled

boolean

dot11w

dictionary

The current setting for Protected Management Frames (802.11w).

enabled

boolean

required

boolean

(Optional) Whether 802.11w is required or not.

Choices:

enabled

boolean

encryptionMode

string

The psk encryption mode for the SSID ('wep' or 'wpa'). This param is only valid if the authMode is 'psk'.

enterpriseAdminAccess

string

Whether or not an SSID is accessible by 'enterprise' administrators ('access disabled' or 'access enabled').

gre

dictionary

Ethernet over GRE settings.

concentrator

dictionary

The EoGRE concentrator's settings.

host

string

The EoGRE concentrator's IP or FQDN. This param is required when ipAssignmentMode is 'Ethernet over GRE'.

key

integer

Optional numerical identifier that will add the GRE key field to the GRE header. Used to identify an individual traffic flow within a tunnel.

ipAssignmentMode

string

The client IP assignment mode ('NAT mode', 'Bridge mode', 'Layer 3 roaming', 'Ethernet over GRE', 'Layer 3 roaming with a concentrator' or 'VPN').

lanIsolationEnabled

boolean

Boolean indicating whether Layer 2 LAN isolation should be enabled or disabled. Only configurable when ipAssignmentMode is 'Bridge mode'.

Choices:

ldap

dictionary

The current setting for LDAP. Only valid if splashPage is 'Password-protected with LDAP'.

baseDistinguishedName

string

The base distinguished name of users on the LDAP server.

credentials

dictionary

(Optional) The credentials of the user account to be used by the AP to bind to your LDAP server. The LDAP account should have permissions on all your LDAP servers.

distinguishedName

string

The distinguished name of the LDAP user account (example cn=user,dc=meraki,dc=com).

password

string

The password of the LDAP user account.

serverCaCertificate

dictionary

The CA certificate used to sign the LDAP server's key.

contents

string

The contents of the CA certificate. Must be in PEM or DER format.

servers

list / elements=dictionary

The LDAP servers to be used for authentication.

host

string

IP address (or FQDN) of your LDAP server.

port

integer

UDP port the LDAP server listens on.

localRadius

dictionary

The current setting for Local Authentication, a built-in RADIUS server on the access point. Only valid if authMode is '8021x-localradius'.

cacheTimeout

integer

The duration (in seconds) for which LDAP and OCSP lookups are cached.

certificateAuthentication

dictionary

The current setting for certificate verification.

clientRootCaCertificate

dictionary

The Client CA Certificate used to sign the client certificate.

contents

string

The contents of the Client CA Certificate. Must be in PEM or DER format.

enabled

boolean

Whether or not to use EAP-TLS certificate-based authentication to validate wireless clients.

Choices:

ocspResponderUrl

string

(Optional) The URL of the OCSP responder to verify client certificate status.

useLdap

boolean

Whether or not to verify the certificate with LDAP.

Choices:

useOcsp

boolean

Whether or not to verify the certificate with OCSP.

Choices:

passwordAuthentication

dictionary

The current setting for password-based authentication.

enabled

boolean

Whether or not to use EAP-TTLS/PAP or PEAP-GTC password-based authentication via LDAP lookup.

Choices:

mandatoryDhcpEnabled

boolean

If true, Mandatory DHCP will enforce that clients connecting to this SSID must use the IP address assigned by the DHCP server. Clients who use a static IP address won't be able to associate.

Choices:

meraki_action_batch_retry_wait_time

integer

meraki_action_batch_retry_wait_time (integer), action batch concurrency error retry wait time

Default: :ansible-option-default:`60`

meraki_api_key

string / required

meraki_api_key (string), API key generated in dashboard; can also be set as an environment variable MERAKI_DASHBOARD_API_KEY

meraki_base_url

string

meraki_base_url (string), preceding all endpoint resources

Default: :ansible-option-default:`"https://api.meraki.com/api/v1"`

meraki_be_geo_id

string

meraki_be_geo_id (string), optional partner identifier for API usage tracking; can also be set as an environment variable BE_GEO_ID

Default: :ansible-option-default:`""`

meraki_caller

string

meraki_caller (string), optional identifier for API usage tracking; can also be set as an environment variable MERAKI_PYTHON_SDK_CALLER

Default: :ansible-option-default:`""`

meraki_certificate_path

string

meraki_certificate_path (string), path for TLS/SSL certificate verification if behind local proxy

Default: :ansible-option-default:`""`

meraki_inherit_logging_config

boolean

meraki_inherit_logging_config (boolean), Inherits your own logger instance

Choices:

meraki_log_file_prefix

string

meraki_log_file_prefix (string), log file name appended with date and timestamp

Default: :ansible-option-default:`"meraki\_api\_"`

meraki_log_path

string

log_path (string), path to output log; by default, working directory of script if not specified

Default: :ansible-option-default:`""`

meraki_maximum_retries

integer

meraki_maximum_retries (integer), retry up to this many times when encountering 429s or other server-side errors

Default: :ansible-option-default:`2`

meraki_nginx_429_retry_wait_time

integer

meraki_nginx_429_retry_wait_time (integer), Nginx 429 retry wait time

Default: :ansible-option-default:`60`

meraki_output_log

boolean

meraki_output_log (boolean), create an output log file?

Choices:

meraki_print_console

boolean

meraki_print_console (boolean), print logging output to console?

Choices:

meraki_requests_proxy

string

meraki_requests_proxy (string), proxy server and port, if needed, for HTTPS

Default: :ansible-option-default:`""`

meraki_retry_4xx_error

boolean

meraki_retry_4xx_error (boolean), retry if encountering other 4XX error (besides 429)?

Choices:

meraki_retry_4xx_error_wait_time

integer

meraki_retry_4xx_error_wait_time (integer), other 4XX error retry wait time

Default: :ansible-option-default:`60`

meraki_simulate

boolean

meraki_simulate (boolean), simulate POST/PUT/DELETE calls to prevent changes?

Choices:

meraki_single_request_timeout

integer

meraki_single_request_timeout (integer), maximum number of seconds for each API call

Default: :ansible-option-default:`60`

meraki_suppress_logging

boolean

meraki_suppress_logging (boolean), disable all logging? you're on your own then!

Choices:

meraki_use_iterator_for_get_pages

boolean

meraki_use_iterator_for_get_pages (boolean), list* methods will return an iterator with each object instead of a complete list with all items

Choices:

meraki_wait_on_rate_limit

boolean

meraki_wait_on_rate_limit (boolean), retry if 429 rate limit error encountered?

Choices:

minBitrate

float

The minimum bitrate in Mbps of this SSID in the default indoor RF profile. ('1', '2', '5.5', '6', '9', '11', '12', '18', '24', '36', '48' or '54').

name

string

The name of the SSID.

namedVlans

dictionary

Named VLAN settings.

radius

dictionary

RADIUS settings. This param is only valid when authMode is 'open-with-radius' and ipAssignmentMode is not 'NAT mode'.

guestVlan

dictionary

Guest VLAN settings. Used to direct traffic to a guest VLAN when none of the RADIUS servers are reachable or a client receives access-reject from the RADIUS server.

enabled

boolean

Whether or not RADIUS guest named VLAN is enabled.

Choices:

name

string

RADIUS guest VLAN name.

tagging

dictionary

VLAN tagging settings. This param is only valid when ipAssignmentMode is 'Bridge mode' or 'Layer 3 roaming'.

byApTags

list / elements=dictionary

The list of AP tags and VLAN names used for named VLAN tagging. If an AP has a tag matching one in the list, then traffic on this SSID will be directed to use the VLAN name associated to the tag.

tags

list / elements=string

List of AP tags.

vlanName

string

VLAN name that will be used to tag traffic.

defaultVlanName

string

The default VLAN name used to tag traffic in the absence of a matching AP tag.

enabled

boolean

Whether or not traffic should be directed to use specific VLAN names.

Choices:

networkId

string

NetworkId path parameter. Network ID.

number

string

Number path parameter.

oauth

dictionary

The OAuth settings of this SSID. Only valid if splashPage is 'Google OAuth'.

allowedDomains

list / elements=string

(Optional) The list of domains allowed access to the network.

perClientBandwidthLimitDown

integer

The download bandwidth limit in Kbps. (0 represents no limit.).

perClientBandwidthLimitUp

integer

The upload bandwidth limit in Kbps. (0 represents no limit.).

perSsidBandwidthLimitDown

integer

The total download bandwidth limit in Kbps. (0 represents no limit.).

perSsidBandwidthLimitUp

integer

The total upload bandwidth limit in Kbps. (0 represents no limit.).

psk

string

The passkey for the SSID. This param is only valid if the authMode is 'psk'.

radiusAccountingEnabled

boolean

Whether or not RADIUS accounting is enabled. This param is only valid if the authMode is 'open-with-radius', '8021x-radius' or 'ipsk-with-radius'.

Choices:

radiusAccountingInterimInterval

integer

The interval (in seconds) in which accounting information is updated and sent to the RADIUS accounting server.

radiusAccountingServers

list / elements=dictionary

The RADIUS accounting 802.1X servers to be used for authentication. This param is only valid if the authMode is 'open-with-radius', '8021x-radius' or 'ipsk-with-radius' and radiusAccountingEnabled is 'true'.

caCertificate

string

Certificate used for authorization for the RADSEC Server.

host

string

IP address (or FQDN) to which the APs will send RADIUS accounting messages.

port

integer

Port on the RADIUS server that is listening for accounting messages.

radsecEnabled

boolean

Use RADSEC (TLS over TCP) to connect to this RADIUS accounting server. Requires radiusProxyEnabled.

Choices:

secret

string

Shared key used to authenticate messages between the APs and RADIUS server.

radiusAttributeForGroupPolicies

string

Specify the RADIUS attribute used to look up group policies ('Filter-Id', 'Reply-Message', 'Airespace-ACL-Name' or 'Aruba-User-Role'). Access points must receive this attribute in the RADIUS Access-Accept message.

radiusAuthenticationNasId

string

The template of the NAS identifier to be used for RADIUS authentication (ex. $NODE_MAC$ $VAP_NUM$).

radiusCalledStationId

string

The template of the called station identifier to be used for RADIUS (ex. $NODE_MAC$ $VAP_NUM$).

radiusCoaEnabled

boolean

If true, Meraki devices will act as a RADIUS Dynamic Authorization Server and will respond to RADIUS Change-of-Authorization and Disconnect messages sent by the RADIUS server.

Choices:

radiusFailoverPolicy

string

This policy determines how authentication requests should be handled in the event that all of the configured RADIUS servers are unreachable ('Deny access' or 'Allow access').

radiusFallbackEnabled

boolean

Whether or not higher priority RADIUS servers should be retried after 60 seconds.

Choices:

radiusGuestVlanEnabled

boolean

Whether or not RADIUS Guest VLAN is enabled. This param is only valid if the authMode is 'open-with-radius' and addressing mode is not set to 'isolated' or 'nat' mode.

Choices:

radiusGuestVlanId

integer

VLAN ID of the RADIUS Guest VLAN. This param is only valid if the authMode is 'open-with-radius' and addressing mode is not set to 'isolated' or 'nat' mode.

radiusLoadBalancingPolicy

string

This policy determines which RADIUS server will be contacted first in an authentication attempt and the ordering of any necessary retry attempts ('Strict priority order' or 'Round robin').

radiusOverride

boolean

If true, the RADIUS response can override VLAN tag. This is not valid when ipAssignmentMode is 'NAT mode'.

Choices:

radiusProxyEnabled

boolean

If true, Meraki devices will proxy RADIUS messages through the Meraki cloud to the configured RADIUS auth and accounting servers.

Choices:

radiusServerAttemptsLimit

integer

The maximum number of transmit attempts after which a RADIUS server is failed over (must be between 1-5).

radiusServers

list / elements=dictionary

The RADIUS 802.1X servers to be used for authentication. This param is only valid if the authMode is 'open-with-radius', '8021x-radius' or 'ipsk-with-radius'.

caCertificate

string

Certificate used for authorization for the RADSEC Server.

host

string

IP address (or FQDN) of your RADIUS server.

openRoamingCertificateId

integer

The ID of the Openroaming Certificate attached to radius server.

port

integer

UDP port the RADIUS server listens on for Access-requests.

radsecEnabled

boolean

Use RADSEC (TLS over TCP) to connect to this RADIUS server. Requires radiusProxyEnabled.

Choices:

secret

string

RADIUS client shared secret.

radiusServerTimeout

integer

The amount of time for which a RADIUS client waits for a reply from the RADIUS server (must be between 1-10 seconds).

radiusTestingEnabled

boolean

If true, Meraki devices will periodically send Access-Request messages to configured RADIUS servers using identity 'meraki_8021x_test' to ensure that the RADIUS servers are reachable.

Choices:

secondaryConcentratorNetworkId

string

The secondary concentrator to use when the ipAssignmentMode is 'VPN'. If configured, the APs will switch to using this concentrator if the primary concentrator is unreachable. This param is optional. ('disabled' represents no secondary concentrator.).

speedBurst

dictionary

The SpeedBurst setting for this SSID'.

enabled

boolean

Boolean indicating whether or not to allow users to temporarily exceed the bandwidth limit for short periods while still keeping them under the bandwidth limit over time.

Choices:

splashGuestSponsorDomains

list / elements=string

Array of valid sponsor email domains for sponsored guest splash type.

splashPage

string

The type of splash page for the SSID ('None', 'Click-through splash page', 'Billing', 'Password-protected with Meraki RADIUS', 'Password-protected with custom RADIUS', 'Password-protected with Active Directory', 'Password-protected with LDAP', 'SMS authentication', 'Systems Manager Sentry', 'Facebook Wi-Fi', 'Google OAuth', 'Sponsored guest', 'Cisco ISE' or 'Google Apps domain'). This attribute is not supported for template children.

useVlanTagging

boolean

Whether or not traffic should be directed to use specific VLANs. This param is only valid if the ipAssignmentMode is 'Bridge mode' or 'Layer 3 roaming'.

Choices:

visible

boolean

Boolean indicating whether APs should advertise or hide this SSID. APs will only broadcast this SSID if set to true.

Choices:

vlanId

integer

The VLAN ID used for VLAN tagging. This param is only valid when the ipAssignmentMode is 'Layer 3 roaming with a concentrator' or 'VPN'.

walledGardenEnabled

boolean

Allow access to a configurable list of IP ranges, which users may access prior to sign-on.

Choices:

walledGardenRanges

list / elements=string

Specify your walled garden by entering an array of addresses, ranges using CIDR notation, domain names, and domain wildcards (e.g. '192.168.1.1/24', '192.168.37.10/32', 'www.yahoo.com', '*.google.com'). Meraki's splash page is automatically included in your walled garden.

wpaEncryptionMode

string

The types of WPA encryption. ('WPA1 only', 'WPA1 and WPA2', 'WPA2 only', 'WPA3 Transition Mode', 'WPA3 only' or 'WPA3 192-bit Security').

Notes

Note

  • SDK Method used are wireless.Wireless.update_network_wireless_ssid,

  • Paths used are put /networks/{networkId}/wireless/ssids/{number},

  • Does not support check_mode

  • The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco DNAC SDK

  • The parameters starting with dnac_ are used by the Cisco DNAC Python SDK to establish the connection

See Also

See also

Cisco Meraki documentation for wireless updateNetworkWirelessSsid

Complete reference of the updateNetworkWirelessSsid API.

Examples

- name: Update by id
  cisco.meraki.networks_wireless_ssids:
    meraki_api_key: "{{meraki_api_key}}"
    meraki_base_url: "{{meraki_base_url}}"
    meraki_single_request_timeout: "{{meraki_single_request_timeout}}"
    meraki_certificate_path: "{{meraki_certificate_path}}"
    meraki_requests_proxy: "{{meraki_requests_proxy}}"
    meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}"
    meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}"
    meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}"
    meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}"
    meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}"
    meraki_maximum_retries: "{{meraki_maximum_retries}}"
    meraki_output_log: "{{meraki_output_log}}"
    meraki_log_file_prefix: "{{meraki_log_file_prefix}}"
    meraki_log_path: "{{meraki_log_path}}"
    meraki_print_console: "{{meraki_print_console}}"
    meraki_suppress_logging: "{{meraki_suppress_logging}}"
    meraki_simulate: "{{meraki_simulate}}"
    meraki_be_geo_id: "{{meraki_be_geo_id}}"
    meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}"
    meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}"
    state: present
    activeDirectory:
      credentials:
        logonName: user
        password: password
      servers:
      - host: 127.0.0.1
        port: 3268
    adultContentFilteringEnabled: false
    apTagsAndVlanIds:
    - tags:
      - tag1
      - tag2
      vlanId: 100
    authMode: 8021x-radius
    availabilityTags:
    - tag1
    - tag2
    availableOnAllAps: false
    bandSelection: 5 GHz band only
    concentratorNetworkId: N_24329156
    defaultVlanId: 1
    disassociateClientsOnVpnFailover: false
    dnsRewrite:
      dnsCustomNameservers:
      - 8.8.8.8
      - 8.8.4.4
      enabled: true
    dot11r:
      adaptive: true
      enabled: true
    dot11w:
      enabled: true
      required: false
    enabled: true
    encryptionMode: wpa
    enterpriseAdminAccess: access enabled
    gre:
      concentrator:
        host: 192.168.1.1
      key: 5
    ipAssignmentMode: NAT mode
    lanIsolationEnabled: true
    ldap:
      baseDistinguishedName: dc=example,dc=com
      credentials:
        distinguishedName: cn=user,dc=example,dc=com
        password: password
      serverCaCertificate:
        contents: '-----BEGIN CERTIFICATE-----
          MIIEKjCCAxKgAwIBAgIRANb+lsED3eb4+6YKLFFYqEkwDQYJKoZIhvcNAQELBQAw
          gYcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhT
          YW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjESMBAGA1UECwwJ
          RE5BU3BhY2VzMR4wHAYDVQQDDBVjaXNjby5vcGVucm9hbWluZy5vcmcwHhcNMjAx
          MTA1MjEzMzM1WhcNMjExMTA1MjIzMzM1WjCBpDEcMBoGCgmSJomT8ixkAQETDGRu
          YXNwYWNlczpVUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQ4wDAYDVQQKEwVD
          aXNjbzEcMBoGA1UECxMTV0JBOldSSVggRW5kLUVudGl0eTE8MDoGA1UEAxMzNjQ3
          MDcwNDM4NDQ5NjQxMjAwMDAuMTg4MzQuaHMuY2lzY28ub3BlbnJvYW1pbmcub3Jn
          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqjP9QgRGyUO3p7SH9QK
          uTq6UYK7nAyjImgS4yQxeBkyZ5f2EUkX8m/AOcewpPxxPBhjPKRwxGeX3S50ksiA
          ayFomUeslR0S0Z7RN9rzJa+CFyi9MwWIHMbLgXpB8tsSpgTAqwrzoTzOGq9fgC6u
          pZhdZrBkg3FeJgD88goCi9mZDsY2YAoeGRLFJ2fR8iICqIVQy+Htq9pE22WBLpnS
          KjL3+mR9FArHNFtWlhKF2YHMUqyHHrnZnF/Ns7QNoMMF7/CK18iAKgnb+2wuGKM
          aEMddOeOTtz+i/rgjkp/RGMt011EdCsso0/cTo9qqX/bxOOCE4/Mne/ChMkQPnNU
          CwIDAQABo3IwcDAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFIG+4l5yiB01gP0sw4ML
          USopqYcuMB0GA1UdDgQWBBSby1T9leYVOVVdOZXiHCSaDDEMiDAOBgNVHQ8BAf8E
          BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAEyE
          1mjSUyY6uNp6W4l20w7SskALSJDRKkOeZxAgF3VMxlsCuEl70s9oEfntwIpyQtSa
          jON/9yJHbwm/Az824bmk8Dc7AXIPhay+dftXb8j529gPuYB9AKoPNg0NctkyYCQh
          a/3YQVdDWX7XgmEiXkL57M7G6+IdcPDONLArfjOcT9qHdkVVq1AIjlMSx3OQQmm/
          uoLb/G9q/97QA2/l8shG/Na8HjVqGLcl5TNZdbNhs2w9ogxr/GNzqdvym6RQ8vT/
          UR2n+uwH4n1MUxmHYYeyot5dnIV1IJ6hQ54JAncM9HvCLFk1WHz6RKshQUCuPBiJ
          wTw70BVktzJnb0VLeDg=
          -----END CERTIFICATE-----'
      servers:
      - host: 127.0.0.1
        port: 389
    localRadius:
      cacheTimeout: 60
      certificateAuthentication:
        clientRootCaCertificate:
          contents: '-----BEGIN CERTIFICATE-----
          MIIEKjCCAxKgAwIBAgIRANb+lsED3eb4+6YKLFFYqEkwDQYJKoZIhvcNAQELBQAw
          gYcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhT
          YW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjESMBAGA1UECwwJ
          RE5BU3BhY2VzMR4wHAYDVQQDDBVjaXNjby5vcGVucm9hbWluZy5vcmcwHhcNMjAx
          MTA1MjEzMzM1WhcNMjExMTA1MjIzMzM1WjCBpDEcMBoGCgmSJomT8ixkAQETDGRu
          YXNwYWNlczpVUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQ4wDAYDVQQKEwVD
          aXNjbzEcMBoGA1UECxMTV0JBOldSSVggRW5kLUVudGl0eTE8MDoGA1UEAxMzNjQ3
          MDcwNDM4NDQ5NjQxMjAwMDAuMTg4MzQuaHMuY2lzY28ub3BlbnJvYW1pbmcub3Jn
          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqjP9QgRGyUO3p7SH9QK
          uTq6UYK7nAyjImgS4yQxeBkyZ5f2EUkX8m/AOcewpPxxPBhjPKRwxGeX3S50ksiA
          ayFomUeslR0S0Z7RN9rzJa+CFyi9MwWIHMbLgXpB8tsSpgTAqwrzoTzOGq9fgC6u
          pZhdZrBkg3FeJgD88goCi9mZDsY2YAoeGRLFJ2fR8iICqIVQy+Htq9pE22WBLpnS
          KjL3+mR9FArHNFtWlhKF2YHMUqyHHrnZnF/Ns7QNoMMF7/CK18iAKgnb+2wuGKM
          aEMddOeOTtz+i/rgjkp/RGMt011EdCsso0/cTo9qqX/bxOOCE4/Mne/ChMkQPnNU
          CwIDAQABo3IwcDAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFIG+4l5yiB01gP0sw4ML
          USopqYcuMB0GA1UdDgQWBBSby1T9leYVOVVdOZXiHCSaDDEMiDAOBgNVHQ8BAf8E
          BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAEyE
          1mjSUyY6uNp6W4l20w7SskALSJDRKkOeZxAgF3VMxlsCuEl70s9oEfntwIpyQtSa
          jON/9yJHbwm/Az824bmk8Dc7AXIPhay+dftXb8j529gPuYB9AKoPNg0NctkyYCQh
          a/3YQVdDWX7XgmEiXkL57M7G6+IdcPDONLArfjOcT9qHdkVVq1AIjlMSx3OQQmm/
          uoLb/G9q/97QA2/l8shG/Na8HjVqGLcl5TNZdbNhs2w9ogxr/GNzqdvym6RQ8vT/
          UR2n+uwH4n1MUxmHYYeyot5dnIV1IJ6hQ54JAncM9HvCLFk1WHz6RKshQUCuPBiJ
          wTw70BVktzJnb0VLeDg=
          -----END CERTIFICATE-----'
        enabled: true
        ocspResponderUrl: http://ocsp-server.example.com
        useLdap: false
        useOcsp: true
      passwordAuthentication:
        enabled: false
    mandatoryDhcpEnabled: false
    minBitrate: 5.5
    name: My SSID
    namedVlans:
      radius:
        guestVlan:
          enabled: true
          name: Guest VLAN
      tagging:
        byApTags:
        - tags:
          - tag1
          - tag2
          vlanName: My VLAN
        defaultVlanName: My VLAN
        enabled: true
    networkId: string
    number: string
    oauth:
      allowedDomains:
      - example.com
    perClientBandwidthLimitDown: 0
    perClientBandwidthLimitUp: 0
    perSsidBandwidthLimitDown: 0
    perSsidBandwidthLimitUp: 0
    psk: deadbeef
    radiusAccountingEnabled: true
    radiusAccountingInterimInterval: 5
    radiusAccountingServers:
    - caCertificate: '-----BEGIN CERTIFICATE-----
          MIIEKjCCAxKgAwIBAgIRANb+lsED3eb4+6YKLFFYqEkwDQYJKoZIhvcNAQELBQAw
          gYcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhT
          YW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjESMBAGA1UECwwJ
          RE5BU3BhY2VzMR4wHAYDVQQDDBVjaXNjby5vcGVucm9hbWluZy5vcmcwHhcNMjAx
          MTA1MjEzMzM1WhcNMjExMTA1MjIzMzM1WjCBpDEcMBoGCgmSJomT8ixkAQETDGRu
          YXNwYWNlczpVUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQ4wDAYDVQQKEwVD
          aXNjbzEcMBoGA1UECxMTV0JBOldSSVggRW5kLUVudGl0eTE8MDoGA1UEAxMzNjQ3
          MDcwNDM4NDQ5NjQxMjAwMDAuMTg4MzQuaHMuY2lzY28ub3BlbnJvYW1pbmcub3Jn
          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqjP9QgRGyUO3p7SH9QK
          uTq6UYK7nAyjImgS4yQxeBkyZ5f2EUkX8m/AOcewpPxxPBhjPKRwxGeX3S50ksiA
          ayFomUeslR0S0Z7RN9rzJa+CFyi9MwWIHMbLgXpB8tsSpgTAqwrzoTzOGq9fgC6u
          pZhdZrBkg3FeJgD88goCi9mZDsY2YAoeGRLFJ2fR8iICqIVQy+Htq9pE22WBLpnS
          KjL3+mR9FArHNFtWlhKF2YHMUqyHHrnZnF/Ns7QNoMMF7/CK18iAKgnb+2wuGKM
          aEMddOeOTtz+i/rgjkp/RGMt011EdCsso0/cTo9qqX/bxOOCE4/Mne/ChMkQPnNU
          CwIDAQABo3IwcDAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFIG+4l5yiB01gP0sw4ML
          USopqYcuMB0GA1UdDgQWBBSby1T9leYVOVVdOZXiHCSaDDEMiDAOBgNVHQ8BAf8E
          BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAEyE
          1mjSUyY6uNp6W4l20w7SskALSJDRKkOeZxAgF3VMxlsCuEl70s9oEfntwIpyQtSa
          jON/9yJHbwm/Az824bmk8Dc7AXIPhay+dftXb8j529gPuYB9AKoPNg0NctkyYCQh
          a/3YQVdDWX7XgmEiXkL57M7G6+IdcPDONLArfjOcT9qHdkVVq1AIjlMSx3OQQmm/
          uoLb/G9q/97QA2/l8shG/Na8HjVqGLcl5TNZdbNhs2w9ogxr/GNzqdvym6RQ8vT/
          UR2n+uwH4n1MUxmHYYeyot5dnIV1IJ6hQ54JAncM9HvCLFk1WHz6RKshQUCuPBiJ
          wTw70BVktzJnb0VLeDg=
          -----END CERTIFICATE-----'
      host: 0.0.0.0
      port: 3000
      radsecEnabled: true
      secret: secret-string
    radiusAttributeForGroupPolicies: Filter-Id
    radiusAuthenticationNasId: 00-11-22-33-44-55:AP1
    radiusCalledStationId: 00-11-22-33-44-55:AP1
    radiusCoaEnabled: true
    radiusFailoverPolicy: Deny access
    radiusFallbackEnabled: true
    radiusGuestVlanEnabled: true
    radiusGuestVlanId: 1
    radiusLoadBalancingPolicy: Round robin
    radiusOverride: false
    radiusProxyEnabled: false
    radiusServerAttemptsLimit: 5
    radiusServerTimeout: 5
    radiusServers:
    - caCertificate: '-----BEGIN CERTIFICATE-----
          MIIEKjCCAxKgAwIBAgIRANb+lsED3eb4+6YKLFFYqEkwDQYJKoZIhvcNAQELBQAw
          gYcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhT
          YW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjESMBAGA1UECwwJ
          RE5BU3BhY2VzMR4wHAYDVQQDDBVjaXNjby5vcGVucm9hbWluZy5vcmcwHhcNMjAx
          MTA1MjEzMzM1WhcNMjExMTA1MjIzMzM1WjCBpDEcMBoGCgmSJomT8ixkAQETDGRu
          YXNwYWNlczpVUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQ4wDAYDVQQKEwVD
          aXNjbzEcMBoGA1UECxMTV0JBOldSSVggRW5kLUVudGl0eTE8MDoGA1UEAxMzNjQ3
          MDcwNDM4NDQ5NjQxMjAwMDAuMTg4MzQuaHMuY2lzY28ub3BlbnJvYW1pbmcub3Jn
          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqjP9QgRGyUO3p7SH9QK
          uTq6UYK7nAyjImgS4yQxeBkyZ5f2EUkX8m/AOcewpPxxPBhjPKRwxGeX3S50ksiA
          ayFomUeslR0S0Z7RN9rzJa+CFyi9MwWIHMbLgXpB8tsSpgTAqwrzoTzOGq9fgC6u
          pZhdZrBkg3FeJgD88goCi9mZDsY2YAoeGRLFJ2fR8iICqIVQy+Htq9pE22WBLpnS
          KjL3+mR9FArHNFtWlhKF2YHMUqyHHrnZnF/Ns7QNoMMF7/CK18iAKgnb+2wuGKM
          aEMddOeOTtz+i/rgjkp/RGMt011EdCsso0/cTo9qqX/bxOOCE4/Mne/ChMkQPnNU
          CwIDAQABo3IwcDAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFIG+4l5yiB01gP0sw4ML
          USopqYcuMB0GA1UdDgQWBBSby1T9leYVOVVdOZXiHCSaDDEMiDAOBgNVHQ8BAf8E
          BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAEyE
          1mjSUyY6uNp6W4l20w7SskALSJDRKkOeZxAgF3VMxlsCuEl70s9oEfntwIpyQtSa
          jON/9yJHbwm/Az824bmk8Dc7AXIPhay+dftXb8j529gPuYB9AKoPNg0NctkyYCQh
          a/3YQVdDWX7XgmEiXkL57M7G6+IdcPDONLArfjOcT9qHdkVVq1AIjlMSx3OQQmm/
          uoLb/G9q/97QA2/l8shG/Na8HjVqGLcl5TNZdbNhs2w9ogxr/GNzqdvym6RQ8vT/
          UR2n+uwH4n1MUxmHYYeyot5dnIV1IJ6hQ54JAncM9HvCLFk1WHz6RKshQUCuPBiJ
          wTw70BVktzJnb0VLeDg=
          -----END CERTIFICATE-----'
      host: 0.0.0.0
      openRoamingCertificateId: 2
      port: 3000
      radsecEnabled: true
      secret: secret-string
    radiusTestingEnabled: true
    secondaryConcentratorNetworkId: disabled
    speedBurst:
      enabled: true
    splashGuestSponsorDomains:
    - example.com
    splashPage: Click-through splash page
    useVlanTagging: false
    visible: true
    vlanId: 10
    walledGardenEnabled: true
    walledGardenRanges:
    - example.com
    - 1.1.1.1/32
    wpaEncryptionMode: WPA2 only

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meraki_response

dictionary

Authors

  • Francisco Munoz (@fmunoz)