cisco.meraki.meraki_mr_ssid – Manage wireless SSIDs in the Meraki cloud

Note

This plugin is part of the cisco.meraki collection (version 2.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cisco.meraki.

To use it in a playbook, specify: cisco.meraki.meraki_mr_ssid.

Synopsis

  • Allows for management of SSIDs in a Meraki wireless environment.

Parameters

Parameter

Comments

ap_tags_vlan_ids

list / elements=dictionary

List of VLAN tags.

Requires ip_assignment_mode to be Bridge mode or Layer 3 roaming.

Requires use_vlan_tagging to be True.

tags

list / elements=string

List of AP tags.

vlan_id

integer

Numerical identifier that is assigned to the VLAN.

auth_key

string / required

Authentication key provided by the dashboard. Required if environmental variable MERAKI_KEY is not set.

auth_mode

string

Set authentication mode of network.

Choices:

  • open

  • psk

  • open-with-radius

  • 8021x-meraki

  • 8021x-radius

band_selection

string

Set band selection mode.

Choices:

  • Dual band operation

  • 5 GHz band only

  • Dual band operation with Band Steering

concentrator_network_id

string

The concentrator to use for ‘Layer 3 roaming with a concentrator’ or ‘VPN’.

default_vlan_id

integer

Default VLAN ID.

Requires ip_assignment_mode to be Bridge mode or Layer 3 roaming.

enabled

boolean

Enable or disable SSID network.

Choices:

  • no

  • yes

encryption_mode

string

Set encryption mode of network.

Choices:

  • wpa

  • eap

  • wpa-eap

host

string

Hostname for Meraki dashboard.

Can be used to access regional Meraki environments, such as China.

Default: “api.meraki.com”

internal_error_retry_time

integer

Number of seconds to retry if server returns an internal server error.

Default: 60

ip_assignment_mode

string

Method of which SSID uses to assign IP addresses.

Choices:

  • NAT mode

  • Bridge mode

  • Layer 3 roaming

  • Layer 3 roaming with a concentrator

  • VPN

min_bitrate

float

Minimum bitrate (Mbps) allowed on SSID.

Choices:

  • 1

  • 2

  • 5.5

  • 6

  • 9

  • 11

  • 12

  • 18

  • 24

  • 36

  • 48

  • 54

name

string

Name of SSID.

net_id

string

ID of network.

net_name

string

Name of network.

number

aliases: ssid_number

integer

SSID number within network.

org_id

string

ID of organization.

org_name

aliases: organization

string

Name of organization.

output_format

string

Instructs module whether response keys should be snake case (ex. net_id) or camel case (ex. netId).

Choices:

  • snakecase ← (default)

  • camelcase

output_level

string

Set amount of debug output during module execution.

Choices:

  • debug

  • normal ← (default)

per_client_bandwidth_limit_down

integer

Maximum bandwidth in Mbps devices on SSID can download.

per_client_bandwidth_limit_up

integer

Maximum bandwidth in Mbps devices on SSID can upload.

psk

string

Password for wireless network.

Requires auth_mode to be set to psk.

radius_accounting_enabled

boolean

Enable or disable RADIUS accounting.

Choices:

  • no

  • yes

radius_accounting_servers

list / elements=dictionary

List of RADIUS servers for RADIUS accounting.

host

string / required

IP address or hostname of RADIUS server.

port

integer

Port number RADIUS server is listening to.

secret

string

RADIUS password.

Setting password is not idempotent.

radius_coa_enabled

boolean

Enable or disable RADIUS CoA (Change of Authorization) on SSID.

Choices:

  • no

  • yes

radius_failover_policy

string

Set client access policy in case RADIUS servers aren’t available.

Choices:

  • Deny access

  • Allow access

radius_load_balancing_policy

string

Set load balancing policy when multiple RADIUS servers are specified.

Choices:

  • Strict priority order

  • Round robin

radius_proxy_enabled

boolean

Enable or disable RADIUS Proxy on SSID.

Choices:

  • no

  • yes

radius_servers

list / elements=dictionary

List of RADIUS servers.

host

string / required

IP address or hostname of RADIUS server.

port

integer

Port number RADIUS server is listening to.

secret

string

RADIUS password.

Setting password is not idempotent.

rate_limit_retry_time

integer

Number of seconds to retry if rate limiter is triggered.

Default: 165

splash_page

string

Set to enable splash page and specify type of splash.

Choices:

  • None

  • Click-through splash page

  • Billing

  • Password-protected with Meraki RADIUS

  • Password-protected with custom RADIUS

  • Password-protected with Active Directory

  • Password-protected with LDAP

  • SMS authentication

  • Systems Manager Sentry

  • Facebook Wi-Fi

  • Google OAuth

  • Sponsored guest

  • Cisco ISE

state

string

Specifies whether SNMP information should be queried or modified.

Choices:

  • absent

  • query

  • present ← (default)

timeout

integer

Time to timeout for HTTP requests.

Default: 30

use_https

boolean

If no, it will use HTTP. Otherwise it will use HTTPS.

Only useful for internal Meraki developers.

Choices:

  • no

  • yes ← (default)

use_proxy

boolean

If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.

Choices:

  • no ← (default)

  • yes

use_vlan_tagging

boolean

Set whether to use VLAN tagging.

Requires default_vlan_id to be set.

Choices:

  • no

  • yes

validate_certs

boolean

Whether to validate HTTP certificates.

Choices:

  • no

  • yes ← (default)

vlan_id

integer

ID number of VLAN on SSID.

Requires ip_assignment_mode to be ayer 3 roaming with a concentrator or VPN.

walled_garden_enabled

boolean

Enable or disable walled garden functionality.

Choices:

  • no

  • yes

walled_garden_ranges

list / elements=string

List of walled garden ranges.

wpa_encryption_mode

string

Encryption mode within WPA specification.

Choices:

  • WPA1 and WPA2

  • WPA2 only

  • WPA3 Transition Mode

  • WPA3 only

Notes

Note

  • Deleting an SSID does not delete RADIUS servers.

  • More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.

  • Some of the options are likely only used for developers within Meraki.

  • As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the ANSIBLE_MERAKI_FORMAT environment variable to camelcase.

  • Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.

  • Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.

Examples

- name: Enable and name SSID
  meraki_ssid:
    auth_key: abc123
    state: present
    org_name: YourOrg
    net_name: WiFi
    name: GuestSSID
    enabled: true
  delegate_to: localhost

- name: Set PSK with invalid encryption mode
  meraki_ssid:
    auth_key: abc123
    state: present
    org_name: YourOrg
    net_name: WiFi
    name: GuestSSID
    auth_mode: psk
    psk: abc1234
    encryption_mode: eap
  ignore_errors: yes
  delegate_to: localhost

- name: Configure RADIUS servers
  meraki_ssid:
    auth_key: abc123
    state: present
    org_name: YourOrg
    net_name: WiFi
    name: GuestSSID
    auth_mode: open-with-radius
    radius_servers:
      - host: 192.0.1.200
        port: 1234
        secret: abc98765
  delegate_to: localhost

- name: Enable click-through splash page
  meraki_ssid:
    auth_key: abc123
    state: present
    org_name: YourOrg
    net_name: WiFi
    name: GuestSSID
    splash_page: Click-through splash page
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

data

complex

List of wireless SSIDs.

Returned: success

auth_mode

string

Authentication method.

Returned: success

Sample: “psk”

band_selection

string

Wireless RF frequency wireless network will be broadcast on.

Returned: success

Sample: “5 GHz band only”

enabled

boolean

Enabled state of wireless network.

Returned: success

Sample: true

encryption_mode

string

Wireless traffic encryption method.

Returned: success

Sample: “wpa”

ip_assignment_mode

string

Wireless client IP assignment method.

Returned: success

Sample: “NAT mode”

min_bitrate

integer

Minimum bitrate a wireless client can connect at.

Returned: success

Sample: 11

name

string

Name of wireless SSID.

This value is what is broadcasted.

Returned: success

Sample: “CorpWireless”

number

integer

Zero-based index number for SSIDs.

Returned: success

Sample: 0

per_client_bandwidth_limit_down

integer

Maximum download bandwidth a client can use.

Returned: success

Sample: 0

per_client_bandwidth_limit_up

integer

Maximum upload bandwidth a client can use.

Returned: success

Sample: 1000

psk

string

Secret wireless password.

Returned: success

Sample: “SecretWiFiPass”

splash_page

string

Splash page to show when user authenticates.

Returned: success

Sample: “Click-through splash page”

ssid_admin_accessible

boolean

Whether SSID is administratively accessible.

Returned: success

Sample: true

wpa_encryption_mode

string

Enabled WPA versions.

Returned: success

Sample: “WPA2 only”

Authors

  • Kevin Breit (@kbreit)