cisco.meraki.networks_wireless_ssids module – Resource module for networks _wireless _ssids
Note
This module is part of the cisco.meraki collection (version 2.17.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.meraki
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.meraki.networks_wireless_ssids
.
New in cisco.meraki 2.16.0
Synopsis
Manage operation update of the resource networks _wireless _ssids.
Update the attributes of an MR SSID.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
meraki >= 2.4.9
python >= 3.5
Parameters
Parameter |
Comments |
---|---|
The current setting for Active Directory. Only valid if splashPage is ‘Password-protected with Active Directory’. |
|
(Optional) The credentials of the user account to be used by the AP to bind to your Active Directory server. The Active Directory account should have permissions on all your Active Directory servers. Only valid if the splashPage is ‘Password-protected with Active Directory’. |
|
The logon name of the Active Directory account. |
|
The password to the Active Directory user account. |
|
The Active Directory servers to be used for authentication. |
|
IP address of your Active Directory server. |
|
(Optional) UDP port the Active Directory server listens on. By default, uses port 3268. |
|
Boolean indicating whether or not adult content will be blocked. Choices:
|
|
The list of tags and VLAN IDs used for VLAN tagging. This param is only valid when the ipAssignmentMode is ‘Bridge mode’ or ‘Layer 3 roaming’. |
|
Array of AP tags. |
|
Numerical identifier that is assigned to the VLAN. |
|
The association control method for the SSID (‘open’, ‘open-enhanced’, ‘psk’, ‘open-with-radius’, ‘open-with-nac’, ‘8021x-meraki’, ‘8021x-nac’, ‘8021x-radius’, ‘8021x-google’, ‘8021x-localradius’, ‘ipsk-with-radius’ or ‘ipsk-without-radius’). |
|
Accepts a list of tags for this SSID. If availableOnAllAps is false, then the SSID will only be broadcast by APs with tags matching any of the tags in this list. |
|
Boolean indicating whether all APs should broadcast the SSID or if it should be restricted to APs matching any availability tags. Can only be false if the SSID has availability tags. Choices:
|
|
The client-serving radio frequencies of this SSID in the default indoor RF profile. (‘Dual band operation’, ‘5 GHz band only’ or ‘Dual band operation with Band Steering’). |
|
The concentrator to use when the ipAssignmentMode is ‘Layer 3 roaming with a concentrator’ or ‘VPN’. |
|
The default VLAN ID used for ‘all other APs’. This param is only valid when the ipAssignmentMode is ‘Bridge mode’ or ‘Layer 3 roaming’. |
|
Disassociate clients when ‘VPN’ concentrator failover occurs in order to trigger clients to re-associate and generate new DHCP requests. This param is only valid if ipAssignmentMode is ‘VPN’. Choices:
|
|
DNS servers rewrite settings. |
|
User specified DNS servers (up to two servers). |
|
Boolean indicating whether or not DNS server rewrite is enabled. If disabled, upstream DNS will be used. Choices:
|
|
The current setting for 802.11r. |
|
(Optional) Whether 802.11r is adaptive or not. Choices:
|
|
Whether 802.11r is enabled or not. Choices:
|
|
The current setting for Protected Management Frames (802.11w). |
|
Whether 802.11w is enabled or not. Choices:
|
|
(Optional) Whether 802.11w is required or not. Choices:
|
|
Whether or not the SSID is enabled. Choices:
|
|
The psk encryption mode for the SSID (‘wep’ or ‘wpa’). This param is only valid if the authMode is ‘psk’. |
|
Whether or not an SSID is accessible by ‘enterprise’ administrators (‘access disabled’ or ‘access enabled’). |
|
Ethernet over GRE settings. |
|
The EoGRE concentrator’s settings. |
|
The EoGRE concentrator’s IP or FQDN. This param is required when ipAssignmentMode is ‘Ethernet over GRE’. |
|
Optional numerical identifier that will add the GRE key field to the GRE header. Used to identify an individual traffic flow within a tunnel. |
|
The client IP assignment mode (‘NAT mode’, ‘Bridge mode’, ‘Layer 3 roaming’, ‘Ethernet over GRE’, ‘Layer 3 roaming with a concentrator’ or ‘VPN’). |
|
Boolean indicating whether Layer 2 LAN isolation should be enabled or disabled. Only configurable when ipAssignmentMode is ‘Bridge mode’. Choices:
|
|
The current setting for LDAP. Only valid if splashPage is ‘Password-protected with LDAP’. |
|
The base distinguished name of users on the LDAP server. |
|
(Optional) The credentials of the user account to be used by the AP to bind to your LDAP server. The LDAP account should have permissions on all your LDAP servers. |
|
The distinguished name of the LDAP user account (example cn=user,dc=meraki,dc=com). |
|
The password of the LDAP user account. |
|
The CA certificate used to sign the LDAP server’s key. |
|
The contents of the CA certificate. Must be in PEM or DER format. |
|
The LDAP servers to be used for authentication. |
|
IP address of your LDAP server. |
|
UDP port the LDAP server listens on. |
|
The current setting for Local Authentication, a built-in RADIUS server on the access point. Only valid if authMode is ‘8021x-localradius’. |
|
The duration (in seconds) for which LDAP and OCSP lookups are cached. |
|
The current setting for certificate verification. |
|
The Client CA Certificate used to sign the client certificate. |
|
The contents of the Client CA Certificate. Must be in PEM or DER format. |
|
Whether or not to use EAP-TLS certificate-based authentication to validate wireless clients. Choices:
|
|
(Optional) The URL of the OCSP responder to verify client certificate status. |
|
Whether or not to verify the certificate with LDAP. Choices:
|
|
Whether or not to verify the certificate with OCSP. Choices:
|
|
The current setting for password-based authentication. |
|
Whether or not to use EAP-TTLS/PAP or PEAP-GTC password-based authentication via LDAP lookup. Choices:
|
|
If true, Mandatory DHCP will enforce that clients connecting to this SSID must use the IP address assigned by the DHCP server. Clients who use a static IP address won’t be able to associate. Choices:
|
|
meraki_action_batch_retry_wait_time (integer), action batch concurrency error retry wait time Default: |
|
meraki_api_key (string), API key generated in dashboard; can also be set as an environment variable MERAKI_DASHBOARD_API_KEY |
|
meraki_base_url (string), preceding all endpoint resources Default: |
|
meraki_be_geo_id (string), optional partner identifier for API usage tracking; can also be set as an environment variable BE_GEO_ID Default: |
|
meraki_caller (string), optional identifier for API usage tracking; can also be set as an environment variable MERAKI_PYTHON_SDK_CALLER Default: |
|
meraki_certificate_path (string), path for TLS/SSL certificate verification if behind local proxy Default: |
|
meraki_inherit_logging_config (boolean), Inherits your own logger instance Choices:
|
|
meraki_log_file_prefix (string), log file name appended with date and timestamp Default: |
|
log_path (string), path to output log; by default, working directory of script if not specified Default: |
|
meraki_maximum_retries (integer), retry up to this many times when encountering 429s or other server-side errors Default: |
|
meraki_nginx_429_retry_wait_time (integer), Nginx 429 retry wait time Default: |
|
meraki_output_log (boolean), create an output log file? Choices:
|
|
meraki_print_console (boolean), print logging output to console? Choices:
|
|
meraki_requests_proxy (string), proxy server and port, if needed, for HTTPS Default: |
|
meraki_retry_4xx_error (boolean), retry if encountering other 4XX error (besides 429)? Choices:
|
|
meraki_retry_4xx_error_wait_time (integer), other 4XX error retry wait time Default: |
|
meraki_simulate (boolean), simulate POST/PUT/DELETE calls to prevent changes? Choices:
|
|
meraki_single_request_timeout (integer), maximum number of seconds for each API call Default: |
|
meraki_suppress_logging (boolean), disable all logging? you’re on your own then! Choices:
|
|
meraki_use_iterator_for_get_pages (boolean), list* methods will return an iterator with each object instead of a complete list with all items Choices:
|
|
meraki_wait_on_rate_limit (boolean), retry if 429 rate limit error encountered? Choices:
|
|
The minimum bitrate in Mbps of this SSID in the default indoor RF profile. (‘1’, ‘2’, ‘5.5’, ‘6’, ‘9’, ‘11’, ‘12’, ‘18’, ‘24’, ‘36’, ‘48’ or ‘54’). |
|
The name of the SSID. |
|
NetworkId path parameter. Network ID. |
|
Number path parameter. |
|
The OAuth settings of this SSID. Only valid if splashPage is ‘Google OAuth’. |
|
(Optional) The list of domains allowed access to the network. |
|
The download bandwidth limit in Kbps. (0 represents no limit.). |
|
The upload bandwidth limit in Kbps. (0 represents no limit.). |
|
The total download bandwidth limit in Kbps. (0 represents no limit.). |
|
The total upload bandwidth limit in Kbps. (0 represents no limit.). |
|
The passkey for the SSID. This param is only valid if the authMode is ‘psk’. |
|
Whether or not RADIUS accounting is enabled. This param is only valid if the authMode is ‘open-with-radius’, ‘8021x-radius’ or ‘ipsk-with-radius’. Choices:
|
|
The interval (in seconds) in which accounting information is updated and sent to the RADIUS accounting server. |
|
The RADIUS accounting 802.1X servers to be used for authentication. This param is only valid if the authMode is ‘open-with-radius’, ‘8021x-radius’ or ‘ipsk-with-radius’ and radiusAccountingEnabled is ‘true’. |
|
Certificate used for authorization for the RADSEC Server. |
|
IP address to which the APs will send RADIUS accounting messages. |
|
Port on the RADIUS server that is listening for accounting messages. |
|
Use RADSEC (TLS over TCP) to connect to this RADIUS accounting server. Requires radiusProxyEnabled. Choices:
|
|
Shared key used to authenticate messages between the APs and RADIUS server. |
|
Specify the RADIUS attribute used to look up group policies (‘Filter-Id’, ‘Reply-Message’, ‘Airespace-ACL-Name’ or ‘Aruba-User-Role’). Access points must receive this attribute in the RADIUS Access-Accept message. |
|
The template of the NAS identifier to be used for RADIUS authentication (ex. $NODE_MAC$ $VAP_NUM$). |
|
The template of the called station identifier to be used for RADIUS (ex. $NODE_MAC$ $VAP_NUM$). |
|
If true, Meraki devices will act as a RADIUS Dynamic Authorization Server and will respond to RADIUS Change-of-Authorization and Disconnect messages sent by the RADIUS server. Choices:
|
|
This policy determines how authentication requests should be handled in the event that all of the configured RADIUS servers are unreachable (‘Deny access’ or ‘Allow access’). |
|
Whether or not higher priority RADIUS servers should be retried after 60 seconds. Choices:
|
|
Whether or not RADIUS Guest VLAN is enabled. This param is only valid if the authMode is ‘open-with-radius’ and addressing mode is not set to ‘isolated’ or ‘nat’ mode. Choices:
|
|
VLAN ID of the RADIUS Guest VLAN. This param is only valid if the authMode is ‘open-with-radius’ and addressing mode is not set to ‘isolated’ or ‘nat’ mode. |
|
This policy determines which RADIUS server will be contacted first in an authentication attempt and the ordering of any necessary retry attempts (‘Strict priority order’ or ‘Round robin’). |
|
If true, the RADIUS response can override VLAN tag. This is not valid when ipAssignmentMode is ‘NAT mode’. Choices:
|
|
If true, Meraki devices will proxy RADIUS messages through the Meraki cloud to the configured RADIUS auth and accounting servers. Choices:
|
|
The maximum number of transmit attempts after which a RADIUS server is failed over (must be between 1-5). |
|
The RADIUS 802.1X servers to be used for authentication. This param is only valid if the authMode is ‘open-with-radius’, ‘8021x-radius’ or ‘ipsk-with-radius’. |
|
Certificate used for authorization for the RADSEC Server. |
|
IP address of your RADIUS server. |
|
The ID of the Openroaming Certificate attached to radius server. |
|
UDP port the RADIUS server listens on for Access-requests. |
|
Use RADSEC (TLS over TCP) to connect to this RADIUS server. Requires radiusProxyEnabled. Choices:
|
|
RADIUS client shared secret. |
|
The amount of time for which a RADIUS client waits for a reply from the RADIUS server (must be between 1-10 seconds). |
|
If true, Meraki devices will periodically send Access-Request messages to configured RADIUS servers using identity ‘meraki_8021x_test’ to ensure that the RADIUS servers are reachable. Choices:
|
|
The secondary concentrator to use when the ipAssignmentMode is ‘VPN’. If configured, the APs will switch to using this concentrator if the primary concentrator is unreachable. This param is optional. (‘disabled’ represents no secondary concentrator.). |
|
The SpeedBurst setting for this SSID’. |
|
Boolean indicating whether or not to allow users to temporarily exceed the bandwidth limit for short periods while still keeping them under the bandwidth limit over time. Choices:
|
|
Array of valid sponsor email domains for sponsored guest splash type. |
|
The type of splash page for the SSID (‘None’, ‘Click-through splash page’, ‘Billing’, ‘Password-protected with Meraki RADIUS’, ‘Password-protected with custom RADIUS’, ‘Password-protected with Active Directory’, ‘Password-protected with LDAP’, ‘SMS authentication’, ‘Systems Manager Sentry’, ‘Facebook Wi-Fi’, ‘Google OAuth’, ‘Sponsored guest’, ‘Cisco ISE’ or ‘Google Apps domain’). This attribute is not supported for template children. |
|
Whether or not traffic should be directed to use specific VLANs. This param is only valid if the ipAssignmentMode is ‘Bridge mode’ or ‘Layer 3 roaming’. Choices:
|
|
Boolean indicating whether APs should advertise or hide this SSID. APs will only broadcast this SSID if set to true. Choices:
|
|
The VLAN ID used for VLAN tagging. This param is only valid when the ipAssignmentMode is ‘Layer 3 roaming with a concentrator’ or ‘VPN’. |
|
Allow access to a configurable list of IP ranges, which users may access prior to sign-on. Choices:
|
|
Specify your walled garden by entering an array of addresses, ranges using CIDR notation, domain names, and domain wildcards (e.g. ‘192.168.1.1/24’, ‘192.168.37.10/32’, ‘www.yahoo.com’, ‘*.google.com’). Meraki’s splash page is automatically included in your walled garden. |
|
The types of WPA encryption. (‘WPA1 only’, ‘WPA1 and WPA2’, ‘WPA2 only’, ‘WPA3 Transition Mode’, ‘WPA3 only’ or ‘WPA3 192-bit Security’). |
Notes
Note
SDK Method used are wireless.Wireless.update_network_wireless_ssid,
Paths used are put /networks/{networkId}/wireless/ssids/{number},
Does not support
check_mode
The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco DNAC SDK
The parameters starting with dnac_ are used by the Cisco DNAC Python SDK to establish the connection
See Also
See also
- Cisco Meraki documentation for wireless updateNetworkWirelessSsid
Complete reference of the updateNetworkWirelessSsid API.
Examples
- name: Update by id
cisco.meraki.networks_wireless_ssids:
meraki_api_key: "{{meraki_api_key}}"
meraki_base_url: "{{meraki_base_url}}"
meraki_single_request_timeout: "{{meraki_single_request_timeout}}"
meraki_certificate_path: "{{meraki_certificate_path}}"
meraki_requests_proxy: "{{meraki_requests_proxy}}"
meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}"
meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}"
meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}"
meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}"
meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}"
meraki_maximum_retries: "{{meraki_maximum_retries}}"
meraki_output_log: "{{meraki_output_log}}"
meraki_log_file_prefix: "{{meraki_log_file_prefix}}"
meraki_log_path: "{{meraki_log_path}}"
meraki_print_console: "{{meraki_print_console}}"
meraki_suppress_logging: "{{meraki_suppress_logging}}"
meraki_simulate: "{{meraki_simulate}}"
meraki_be_geo_id: "{{meraki_be_geo_id}}"
meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}"
meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}"
state: present
enabled: true
name: My SSID
networkId: string
number: string
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A dictionary or list with the response returned by the Cisco Meraki Python SDK Returned: always Sample: |