cisco.meraki.meraki_mr_ssid – Manage wireless SSIDs in the Meraki cloud

Note

This plugin is part of the cisco.meraki collection (version 2.2.1).

To install it use: ansible-galaxy collection install cisco.meraki.

To use it in a playbook, specify: cisco.meraki.meraki_mr_ssid.

Synopsis

  • Allows for management of SSIDs in a Meraki wireless environment.

Parameters

Parameter Choices/Defaults Comments
ap_tags_vlan_ids
list / elements=dictionary
List of VLAN tags.
Requires ip_assignment_mode to be Bridge mode or Layer 3 roaming.
Requires use_vlan_tagging to be True.
tags
list / elements=string
List of AP tags.
vlan_id
integer
Numerical identifier that is assigned to the VLAN.
auth_key
string / required
Authentication key provided by the dashboard. Required if environmental variable MERAKI_KEY is not set.
auth_mode
string
    Choices:
  • open
  • psk
  • open-with-radius
  • 8021x-meraki
  • 8021x-radius
Set authentication mode of network.
band_selection
string
    Choices:
  • Dual band operation
  • 5 GHz band only
  • Dual band operation with Band Steering
Set band selection mode.
concentrator_network_id
string
The concentrator to use for 'Layer 3 roaming with a concentrator' or 'VPN'.
default_vlan_id
integer
Default VLAN ID.
Requires ip_assignment_mode to be Bridge mode or Layer 3 roaming.
enabled
boolean
    Choices:
  • no
  • yes
Enable or disable SSID network.
encryption_mode
string
    Choices:
  • wpa
  • eap
  • wpa-eap
Set encryption mode of network.
host
string
Default:
"api.meraki.com"
Hostname for Meraki dashboard.
Can be used to access regional Meraki environments, such as China.
internal_error_retry_time
integer
Default:
60
Number of seconds to retry if server returns an internal server error.
ip_assignment_mode
string
    Choices:
  • NAT mode
  • Bridge mode
  • Layer 3 roaming
  • Layer 3 roaming with a concentrator
  • VPN
Method of which SSID uses to assign IP addresses.
min_bitrate
float
    Choices:
  • 1
  • 2
  • 5.5
  • 6
  • 9
  • 11
  • 12
  • 18
  • 24
  • 36
  • 48
  • 54
Minimum bitrate (Mbps) allowed on SSID.
name
string
Name of SSID.
net_id
string
ID of network.
net_name
string
Name of network.
number
integer
SSID number within network.

aliases: ssid_number
org_id
string
ID of organization.
org_name
string
Name of organization.

aliases: organization
output_format
string
    Choices:
  • snakecase ←
  • camelcase
Instructs module whether response keys should be snake case (ex. net_id) or camel case (ex. netId).
output_level
string
    Choices:
  • debug
  • normal ←
Set amount of debug output during module execution.
per_client_bandwidth_limit_down
integer
Maximum bandwidth in Mbps devices on SSID can download.
per_client_bandwidth_limit_up
integer
Maximum bandwidth in Mbps devices on SSID can upload.
psk
string
Password for wireless network.
Requires auth_mode to be set to psk.
radius_accounting_enabled
boolean
    Choices:
  • no
  • yes
Enable or disable RADIUS accounting.
radius_accounting_servers
list / elements=dictionary
List of RADIUS servers for RADIUS accounting.
host
string / required
IP address or hostname of RADIUS server.
port
integer
Port number RADIUS server is listening to.
secret
string
RADIUS password.
Setting password is not idempotent.
radius_coa_enabled
boolean
    Choices:
  • no
  • yes
Enable or disable RADIUS CoA (Change of Authorization) on SSID.
radius_failover_policy
string
    Choices:
  • Deny access
  • Allow access
Set client access policy in case RADIUS servers aren't available.
radius_load_balancing_policy
string
    Choices:
  • Strict priority order
  • Round robin
Set load balancing policy when multiple RADIUS servers are specified.
radius_servers
list / elements=dictionary
List of RADIUS servers.
host
string / required
IP address or hostname of RADIUS server.
port
integer
Port number RADIUS server is listening to.
secret
string
RADIUS password.
Setting password is not idempotent.
rate_limit_retry_time
integer
Default:
165
Number of seconds to retry if rate limiter is triggered.
splash_page
string
    Choices:
  • None
  • Click-through splash page
  • Billing
  • Password-protected with Meraki RADIUS
  • Password-protected with custom RADIUS
  • Password-protected with Active Directory
  • Password-protected with LDAP
  • SMS authentication
  • Systems Manager Sentry
  • Facebook Wi-Fi
  • Google OAuth
  • Sponsored guest
  • Cisco ISE
Set to enable splash page and specify type of splash.
state
string
    Choices:
  • absent
  • query
  • present ←
Specifies whether SNMP information should be queried or modified.
timeout
integer
Default:
30
Time to timeout for HTTP requests.
use_https
boolean
    Choices:
  • no
  • yes ←
If no, it will use HTTP. Otherwise it will use HTTPS.
Only useful for internal Meraki developers.
use_proxy
boolean
    Choices:
  • no ←
  • yes
If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
use_vlan_tagging
boolean
    Choices:
  • no
  • yes
Set whether to use VLAN tagging.
Requires default_vlan_id to be set.
validate_certs
boolean
    Choices:
  • no
  • yes ←
Whether to validate HTTP certificates.
vlan_id
integer
ID number of VLAN on SSID.
Requires ip_assignment_mode to be ayer 3 roaming with a concentrator or VPN.
walled_garden_enabled
boolean
    Choices:
  • no
  • yes
Enable or disable walled garden functionality.
walled_garden_ranges
list / elements=string
List of walled garden ranges.
wpa_encryption_mode
string
    Choices:
  • WPA1 and WPA2
  • WPA2 only
  • WPA3 Transition Mode
  • WPA3 only
Encryption mode within WPA specification.

Notes

Note

  • Deleting an SSID does not delete RADIUS servers.

  • More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.

  • Some of the options are likely only used for developers within Meraki.

  • As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the ANSIBLE_MERAKI_FORMAT environment variable to camelcase.

  • Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.

  • Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.

Examples

- name: Enable and name SSID
  meraki_ssid:
    auth_key: abc123
    state: present
    org_name: YourOrg
    net_name: WiFi
    name: GuestSSID
    enabled: true
  delegate_to: localhost

- name: Set PSK with invalid encryption mode
  meraki_ssid:
    auth_key: abc123
    state: present
    org_name: YourOrg
    net_name: WiFi
    name: GuestSSID
    auth_mode: psk
    psk: abc1234
    encryption_mode: eap
  ignore_errors: yes
  delegate_to: localhost

- name: Configure RADIUS servers
  meraki_ssid:
    auth_key: abc123
    state: present
    org_name: YourOrg
    net_name: WiFi
    name: GuestSSID
    auth_mode: open-with-radius
    radius_servers:
      - host: 192.0.1.200
        port: 1234
        secret: abc98765
  delegate_to: localhost

- name: Enable click-through splash page
  meraki_ssid:
    auth_key: abc123
    state: present
    org_name: YourOrg
    net_name: WiFi
    name: GuestSSID
    splash_page: Click-through splash page
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
data
complex
success
List of wireless SSIDs.
 
auth_mode
string
success
Authentication method.

Sample:
psk
 
band_selection
string
success
Wireless RF frequency wireless network will be broadcast on.

Sample:
5 GHz band only
 
enabled
boolean
success
Enabled state of wireless network.

Sample:
True
 
encryption_mode
string
success
Wireless traffic encryption method.

Sample:
wpa
 
ip_assignment_mode
string
success
Wireless client IP assignment method.

Sample:
NAT mode
 
min_bitrate
integer
success
Minimum bitrate a wireless client can connect at.

Sample:
11
 
name
string
success
Name of wireless SSID.
This value is what is broadcasted.

Sample:
CorpWireless
 
number
integer
success
Zero-based index number for SSIDs.
 
per_client_bandwidth_limit_down
integer
success
Maximum download bandwidth a client can use.
 
per_client_bandwidth_limit_up
integer
success
Maximum upload bandwidth a client can use.

Sample:
1000
 
psk
string
success
Secret wireless password.

Sample:
SecretWiFiPass
 
splash_page
string
success
Splash page to show when user authenticates.

Sample:
Click-through splash page
 
ssid_admin_accessible
boolean
success
Whether SSID is administratively accessible.

Sample:
True
 
wpa_encryption_mode
string
success
Enabled WPA versions.

Sample:
WPA2 only


Authors

  • Kevin Breit (@kbreit)