@pulumi/juniper-mist 0.0.1

package/site/wlan.d.ts

@@ -0,0 +1,1112 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "../types/input";
+import * as outputs from "../types/output";
+/**
+ * This resource manages the Site Wlans.The WLAN object contains all the required configuration to broadcast an SSID (Authentication, VLAN, ...)
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as junipermist from "@pulumi/juniper-mist";
+ *
+ * const wlanOne = new junipermist.site.Wlan("wlan_one", {
+ *     ssid: "wlan_one",
+ *     siteId: terraformTest.id,
+ *     bands: [
+ *         "5",
+ *         "6",
+ *     ],
+ *     vlanId: "143",
+ *     wlanLimitUp: 10000,
+ *     wlanLimitDown: 20000,
+ *     clientLimitUp: 512,
+ *     clientLimitDown: 1000,
+ *     auth: {
+ *         type: "psk",
+ *         psk: "secretpsk",
+ *     },
+ *     "interface": "all",
+ * });
+ * ```
+ */
+export declare class Wlan extends pulumi.CustomResource {
+    /**
+     * Get an existing Wlan resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WlanState, opts?: pulumi.CustomResourceOptions): Wlan;
+    /**
+     * Returns true if the given object is an instance of Wlan.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is Wlan;
+    /**
+     * enable coa-immediate-update and address-change-immediate-update on the access profile.
+     */
+    readonly acctImmediateUpdate: pulumi.Output<boolean>;
+    /**
+     * how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request
+     * from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended
+     * when enabled
+     */
+    readonly acctInterimInterval: pulumi.Output<number>;
+    /**
+     * list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
+     */
+    readonly acctServers: pulumi.Output<outputs.site.WlanAcctServer[]>;
+    /**
+     * airwatch wlan settings
+     */
+    readonly airwatch: pulumi.Output<outputs.site.WlanAirwatch | undefined>;
+    /**
+     * only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
+     */
+    readonly allowIpv6Ndp: pulumi.Output<boolean>;
+    /**
+     * only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
+     */
+    readonly allowMdns: pulumi.Output<boolean>;
+    /**
+     * only applicable when `limitBcast`==`tru`e, which allows SSDP
+     */
+    readonly allowSsdp: pulumi.Output<boolean>;
+    /**
+     * list of device ids
+     */
+    readonly apIds: pulumi.Output<string[]>;
+    /**
+     * bandwidth limiting for apps (applies to up/down)
+     */
+    readonly appLimit: pulumi.Output<outputs.site.WlanAppLimit | undefined>;
+    /**
+     * app qos wlan settings
+     */
+    readonly appQos: pulumi.Output<outputs.site.WlanAppQos | undefined>;
+    /**
+     * enum: `aps`, `site`, `wxtags`
+     */
+    readonly applyTo: pulumi.Output<string | undefined>;
+    /**
+     * whether to enable smart arp filter
+     */
+    readonly arpFilter: pulumi.Output<boolean>;
+    /**
+     * authentication wlan settings
+     */
+    readonly auth: pulumi.Output<outputs.site.WlanAuth | undefined>;
+    /**
+     * When ordered, AP will prefer and go back to the first server if possible. enum: `ordered`, `unordered`
+     */
+    readonly authServerSelection: pulumi.Output<string>;
+    /**
+     * list of RADIUS authentication servers, at least one is needed if `auth type`==`eap`, order matters where the first one
+     * is treated as primary
+     */
+    readonly authServers: pulumi.Output<outputs.site.WlanAuthServer[]>;
+    /**
+     * optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
+     */
+    readonly authServersNasId: pulumi.Output<string | undefined>;
+    /**
+     * optional, NAS-IP-ADDRESS to use
+     */
+    readonly authServersNasIp: pulumi.Output<string | undefined>;
+    /**
+     * radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are
+     * set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to
+     * default value to 3.
+     */
+    readonly authServersRetries: pulumi.Output<number>;
+    /**
+     * radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled.
+     * ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’
+     * is also set when setting authServersTimeout and is set to default value of 10.
+     */
+    readonly authServersTimeout: pulumi.Output<number>;
+    /**
+     * whether to enable band_steering, this works only when band==both
+     */
+    readonly bandSteer: pulumi.Output<boolean>;
+    /**
+     * force dualBand capable client to connect to 5G
+     */
+    readonly bandSteerForceBand5: pulumi.Output<boolean>;
+    /**
+     * list of radios that the wlan should apply to
+     */
+    readonly bands: pulumi.Output<string[] | undefined>;
+    /**
+     * whether to block the clients in the blacklist (up to first 256 macs)
+     */
+    readonly blockBlacklistClients: pulumi.Output<boolean>;
+    /**
+     * bonjour gateway wlan settings
+     */
+    readonly bonjour: pulumi.Output<outputs.site.WlanBonjour | undefined>;
+    /**
+     * Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA:
+     * https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
+     */
+    readonly ciscoCwa: pulumi.Output<outputs.site.WlanCiscoCwa | undefined>;
+    /**
+     * kbps
+     */
+    readonly clientLimitDown: pulumi.Output<number | undefined>;
+    /**
+     * if downlink limiting per-client is enabled
+     */
+    readonly clientLimitDownEnabled: pulumi.Output<boolean>;
+    /**
+     * kbps
+     */
+    readonly clientLimitUp: pulumi.Output<number | undefined>;
+    /**
+     * if uplink limiting per-client is enabled
+     */
+    readonly clientLimitUpEnabled: pulumi.Output<boolean>;
+    /**
+     * list of COA (change of authorization) servers, optional
+     */
+    readonly coaServers: pulumi.Output<outputs.site.WlanCoaServer[]>;
+    /**
+     * some old WLAN drivers may not be compatible
+     */
+    readonly disable11ax: pulumi.Output<boolean>;
+    /**
+     * to disable ht or vht rates
+     */
+    readonly disableHtVhtRates: pulumi.Output<boolean>;
+    /**
+     * whether to disable U-APSD
+     */
+    readonly disableUapsd: pulumi.Output<boolean>;
+    /**
+     * disable sending v2 roam notification messages
+     */
+    readonly disableV1RoamNotify: pulumi.Output<boolean>;
+    /**
+     * disable sending v2 roam notification messages
+     */
+    readonly disableV2RoamNotify: pulumi.Output<boolean>;
+    /**
+     * whether to disable WMM
+     */
+    readonly disableWmm: pulumi.Output<boolean>;
+    /**
+     * for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
+     */
+    readonly dnsServerRewrite: pulumi.Output<outputs.site.WlanDnsServerRewrite | undefined>;
+    readonly dtim: pulumi.Output<number>;
+    /**
+     * for dynamic PSK where we get perUser PSK from Radius. dynamicPsk allows PSK to be selected at runtime depending on
+     * context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
+     * AP sends client MAC as username ans password (i.e. `enableMacAuth` is assumed) * AP sends BSSID:SSID as
+     * Caller-Station-ID * `authServers` is required * PSK will come from cloud WLC if source is cloudPsks * defaultPsk will be
+     * used if cloud WLC is not available * `multiPskOnly` and `psk` is ignored * `pairwise` can only be wpa2-ccmp (for now,
+     * wpa3 support on the roadmap)
+     */
+    readonly dynamicPsk: pulumi.Output<outputs.site.WlanDynamicPsk | undefined>;
+    /**
+     * for 802.1x
+     */
+    readonly dynamicVlan: pulumi.Output<outputs.site.WlanDynamicVlan | undefined>;
+    /**
+     * enable AP-AP keycaching via multicast
+     */
+    readonly enableLocalKeycaching: pulumi.Output<boolean>;
+    /**
+     * by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where
+     * client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wirelessBridging can be enabled
+     */
+    readonly enableWirelessBridging: pulumi.Output<boolean>;
+    /**
+     * if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response
+     * packets to be forwarded to wireless
+     */
+    readonly enableWirelessBridgingDhcpTracking: pulumi.Output<boolean>;
+    /**
+     * if this wlan is enabled
+     */
+    readonly enabled: pulumi.Output<boolean>;
+    /**
+     * if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and
+     * ‘auth_server_retries’ .
+     */
+    readonly fastDot1xTimers: pulumi.Output<boolean>;
+    /**
+     * whether to hide SSID in beacon
+     */
+    readonly hideSsid: pulumi.Output<boolean>;
+    /**
+     * include hostname inside IE in AP beacons / probe responses
+     */
+    readonly hostnameIe: pulumi.Output<boolean>;
+    /**
+     * hostspot 2.0 wlan settings
+     */
+    readonly hotspot20: pulumi.Output<outputs.site.WlanHotspot20 | undefined>;
+    readonly injectDhcpOption82: pulumi.Output<outputs.site.WlanInjectDhcpOption82 | undefined>;
+    /**
+     * where this WLAN will be connected to. enum: `all`, `eth0`, `eth1`, `eth2`, `eth3`, `mxtunnel`, `siteMxedge`, `wxtunnel`
+     */
+    readonly interface: pulumi.Output<string>;
+    /**
+     * whether to stop clients to talk to each other
+     */
+    readonly isolation: pulumi.Output<boolean>;
+    /**
+     * if isolation is enabled, whether to deny clients to talk to L2 on the LAN
+     */
+    readonly l2Isolation: pulumi.Output<boolean>;
+    /**
+     * legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning!
+     * Enabling this will cause problem for iOS devices.
+     */
+    readonly legacyOverds: pulumi.Output<boolean>;
+    /**
+     * whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
+     */
+    readonly limitBcast: pulumi.Output<boolean>;
+    /**
+     * limit probe response base on some heuristic rules
+     */
+    readonly limitProbeResponse: pulumi.Output<boolean>;
+    /**
+     * max idle time in seconds
+     */
+    readonly maxIdletime: pulumi.Output<number>;
+    readonly mistNac: pulumi.Output<outputs.site.WlanMistNac | undefined>;
+    readonly mspId: pulumi.Output<string>;
+    /**
+     * when `interface`=`mxtunnel`, id of the Mist Tunnel
+     */
+    readonly mxtunnelIds: pulumi.Output<string[]>;
+    /**
+     * when `interface`=`siteMedge`, name of the mxtunnel that in mxtunnels under Site Setting
+     */
+    readonly mxtunnelNames: pulumi.Output<string[]>;
+    /**
+     * whether to only allow client to use DNS that we’ve learned from DHCP response
+     */
+    readonly noStaticDns: pulumi.Output<boolean>;
+    /**
+     * whether to only allow client that we’ve learned from DHCP exchange to talk
+     */
+    readonly noStaticIp: pulumi.Output<boolean>;
+    readonly orgId: pulumi.Output<string>;
+    /**
+     * portal wlan settings
+     */
+    readonly portal: pulumi.Output<outputs.site.WlanPortal | undefined>;
+    /**
+     * list of hostnames without http(s):// (matched by substring)
+     */
+    readonly portalAllowedHostnames: pulumi.Output<string[]>;
+    /**
+     * list of CIDRs
+     */
+    readonly portalAllowedSubnets: pulumi.Output<string[]>;
+    /**
+     * api secret (auto-generated) that can be used to sign guest authorization requests
+     */
+    readonly portalApiSecret: pulumi.Output<string>;
+    /**
+     * list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
+     */
+    readonly portalDeniedHostnames: pulumi.Output<string[]>;
+    /**
+     * Url of portal background image
+     */
+    readonly portalImage: pulumi.Output<string>;
+    readonly portalSsoUrl: pulumi.Output<string>;
+    /**
+     * N.B portalTemplate will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url.
+     * To update portal_template, use Wlan Portal Template.
+     */
+    readonly portalTemplateUrl: pulumi.Output<string>;
+    readonly qos: pulumi.Output<outputs.site.WlanQos | undefined>;
+    /**
+     * Radsec settings
+     */
+    readonly radsec: pulumi.Output<outputs.site.WlanRadsec | undefined>;
+    /**
+     * enum: `11r`, `OKC`, `none`
+     */
+    readonly roamMode: pulumi.Output<string>;
+    /**
+     * WLAN operating schedule, default is disabled
+     */
+    readonly schedule: pulumi.Output<outputs.site.WlanSchedule | undefined>;
+    readonly siteId: pulumi.Output<string>;
+    /**
+     * whether to exclude this WLAN from SLE metrics
+     */
+    readonly sleExcluded: pulumi.Output<boolean>;
+    /**
+     * the name of the SSID
+     */
+    readonly ssid: pulumi.Output<string>;
+    /**
+     * Url of portal background image thumbnail
+     */
+    readonly thumbnail: pulumi.Output<string>;
+    /**
+     * if `auth.type`==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices
+     */
+    readonly useEapolV1: pulumi.Output<boolean>;
+    /**
+     * if vlan tagging is enabled
+     */
+    readonly vlanEnabled: pulumi.Output<boolean>;
+    readonly vlanId: pulumi.Output<string | undefined>;
+    /**
+     * vlan_ids to use when there’s no match from RA
+     */
+    readonly vlanIds: pulumi.Output<string[]>;
+    /**
+     * vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
+     */
+    readonly vlanPooling: pulumi.Output<boolean>;
+    /**
+     * kbps
+     */
+    readonly wlanLimitDown: pulumi.Output<number>;
+    /**
+     * if downlink limiting for whole wlan is enabled
+     */
+    readonly wlanLimitDownEnabled: pulumi.Output<boolean>;
+    /**
+     * kbps
+     */
+    readonly wlanLimitUp: pulumi.Output<number>;
+    /**
+     * if uplink limiting for whole wlan is enabled
+     */
+    readonly wlanLimitUpEnabled: pulumi.Output<boolean>;
+    /**
+     * list of wxtag_ids
+     */
+    readonly wxtagIds: pulumi.Output<string[]>;
+    /**
+     * when `interface`=`wxtunnel`, id of the WXLAN Tunnel
+     */
+    readonly wxtunnelId: pulumi.Output<string>;
+    /**
+     * when `interface`=`wxtunnel`, remote tunnel identifier
+     */
+    readonly wxtunnelRemoteId: pulumi.Output<string>;
+    /**
+     * Create a Wlan resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: WlanArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering Wlan resources.
+ */
+export interface WlanState {
+    /**
+     * enable coa-immediate-update and address-change-immediate-update on the access profile.
+     */
+    acctImmediateUpdate?: pulumi.Input<boolean>;
+    /**
+     * how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request
+     * from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended
+     * when enabled
+     */
+    acctInterimInterval?: pulumi.Input<number>;
+    /**
+     * list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
+     */
+    acctServers?: pulumi.Input<pulumi.Input<inputs.site.WlanAcctServer>[]>;
+    /**
+     * airwatch wlan settings
+     */
+    airwatch?: pulumi.Input<inputs.site.WlanAirwatch>;
+    /**
+     * only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
+     */
+    allowIpv6Ndp?: pulumi.Input<boolean>;
+    /**
+     * only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
+     */
+    allowMdns?: pulumi.Input<boolean>;
+    /**
+     * only applicable when `limitBcast`==`tru`e, which allows SSDP
+     */
+    allowSsdp?: pulumi.Input<boolean>;
+    /**
+     * list of device ids
+     */
+    apIds?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * bandwidth limiting for apps (applies to up/down)
+     */
+    appLimit?: pulumi.Input<inputs.site.WlanAppLimit>;
+    /**
+     * app qos wlan settings
+     */
+    appQos?: pulumi.Input<inputs.site.WlanAppQos>;
+    /**
+     * enum: `aps`, `site`, `wxtags`
+     */
+    applyTo?: pulumi.Input<string>;
+    /**
+     * whether to enable smart arp filter
+     */
+    arpFilter?: pulumi.Input<boolean>;
+    /**
+     * authentication wlan settings
+     */
+    auth?: pulumi.Input<inputs.site.WlanAuth>;
+    /**
+     * When ordered, AP will prefer and go back to the first server if possible. enum: `ordered`, `unordered`
+     */
+    authServerSelection?: pulumi.Input<string>;
+    /**
+     * list of RADIUS authentication servers, at least one is needed if `auth type`==`eap`, order matters where the first one
+     * is treated as primary
+     */
+    authServers?: pulumi.Input<pulumi.Input<inputs.site.WlanAuthServer>[]>;
+    /**
+     * optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
+     */
+    authServersNasId?: pulumi.Input<string>;
+    /**
+     * optional, NAS-IP-ADDRESS to use
+     */
+    authServersNasIp?: pulumi.Input<string>;
+    /**
+     * radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are
+     * set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to
+     * default value to 3.
+     */
+    authServersRetries?: pulumi.Input<number>;
+    /**
+     * radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled.
+     * ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’
+     * is also set when setting authServersTimeout and is set to default value of 10.
+     */
+    authServersTimeout?: pulumi.Input<number>;
+    /**
+     * whether to enable band_steering, this works only when band==both
+     */
+    bandSteer?: pulumi.Input<boolean>;
+    /**
+     * force dualBand capable client to connect to 5G
+     */
+    bandSteerForceBand5?: pulumi.Input<boolean>;
+    /**
+     * list of radios that the wlan should apply to
+     */
+    bands?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * whether to block the clients in the blacklist (up to first 256 macs)
+     */
+    blockBlacklistClients?: pulumi.Input<boolean>;
+    /**
+     * bonjour gateway wlan settings
+     */
+    bonjour?: pulumi.Input<inputs.site.WlanBonjour>;
+    /**
+     * Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA:
+     * https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
+     */
+    ciscoCwa?: pulumi.Input<inputs.site.WlanCiscoCwa>;
+    /**
+     * kbps
+     */
+    clientLimitDown?: pulumi.Input<number>;
+    /**
+     * if downlink limiting per-client is enabled
+     */
+    clientLimitDownEnabled?: pulumi.Input<boolean>;
+    /**
+     * kbps
+     */
+    clientLimitUp?: pulumi.Input<number>;
+    /**
+     * if uplink limiting per-client is enabled
+     */
+    clientLimitUpEnabled?: pulumi.Input<boolean>;
+    /**
+     * list of COA (change of authorization) servers, optional
+     */
+    coaServers?: pulumi.Input<pulumi.Input<inputs.site.WlanCoaServer>[]>;
+    /**
+     * some old WLAN drivers may not be compatible
+     */
+    disable11ax?: pulumi.Input<boolean>;
+    /**
+     * to disable ht or vht rates
+     */
+    disableHtVhtRates?: pulumi.Input<boolean>;
+    /**
+     * whether to disable U-APSD
+     */
+    disableUapsd?: pulumi.Input<boolean>;
+    /**
+     * disable sending v2 roam notification messages
+     */
+    disableV1RoamNotify?: pulumi.Input<boolean>;
+    /**
+     * disable sending v2 roam notification messages
+     */
+    disableV2RoamNotify?: pulumi.Input<boolean>;
+    /**
+     * whether to disable WMM
+     */
+    disableWmm?: pulumi.Input<boolean>;
+    /**
+     * for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
+     */
+    dnsServerRewrite?: pulumi.Input<inputs.site.WlanDnsServerRewrite>;
+    dtim?: pulumi.Input<number>;
+    /**
+     * for dynamic PSK where we get perUser PSK from Radius. dynamicPsk allows PSK to be selected at runtime depending on
+     * context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
+     * AP sends client MAC as username ans password (i.e. `enableMacAuth` is assumed) * AP sends BSSID:SSID as
+     * Caller-Station-ID * `authServers` is required * PSK will come from cloud WLC if source is cloudPsks * defaultPsk will be
+     * used if cloud WLC is not available * `multiPskOnly` and `psk` is ignored * `pairwise` can only be wpa2-ccmp (for now,
+     * wpa3 support on the roadmap)
+     */
+    dynamicPsk?: pulumi.Input<inputs.site.WlanDynamicPsk>;
+    /**
+     * for 802.1x
+     */
+    dynamicVlan?: pulumi.Input<inputs.site.WlanDynamicVlan>;
+    /**
+     * enable AP-AP keycaching via multicast
+     */
+    enableLocalKeycaching?: pulumi.Input<boolean>;
+    /**
+     * by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where
+     * client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wirelessBridging can be enabled
+     */
+    enableWirelessBridging?: pulumi.Input<boolean>;
+    /**
+     * if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response
+     * packets to be forwarded to wireless
+     */
+    enableWirelessBridgingDhcpTracking?: pulumi.Input<boolean>;
+    /**
+     * if this wlan is enabled
+     */
+    enabled?: pulumi.Input<boolean>;
+    /**
+     * if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and
+     * ‘auth_server_retries’ .
+     */
+    fastDot1xTimers?: pulumi.Input<boolean>;
+    /**
+     * whether to hide SSID in beacon
+     */
+    hideSsid?: pulumi.Input<boolean>;
+    /**
+     * include hostname inside IE in AP beacons / probe responses
+     */
+    hostnameIe?: pulumi.Input<boolean>;
+    /**
+     * hostspot 2.0 wlan settings
+     */
+    hotspot20?: pulumi.Input<inputs.site.WlanHotspot20>;
+    injectDhcpOption82?: pulumi.Input<inputs.site.WlanInjectDhcpOption82>;
+    /**
+     * where this WLAN will be connected to. enum: `all`, `eth0`, `eth1`, `eth2`, `eth3`, `mxtunnel`, `siteMxedge`, `wxtunnel`
+     */
+    interface?: pulumi.Input<string>;
+    /**
+     * whether to stop clients to talk to each other
+     */
+    isolation?: pulumi.Input<boolean>;
+    /**
+     * if isolation is enabled, whether to deny clients to talk to L2 on the LAN
+     */
+    l2Isolation?: pulumi.Input<boolean>;
+    /**
+     * legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning!
+     * Enabling this will cause problem for iOS devices.
+     */
+    legacyOverds?: pulumi.Input<boolean>;
+    /**
+     * whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
+     */
+    limitBcast?: pulumi.Input<boolean>;
+    /**
+     * limit probe response base on some heuristic rules
+     */
+    limitProbeResponse?: pulumi.Input<boolean>;
+    /**
+     * max idle time in seconds
+     */
+    maxIdletime?: pulumi.Input<number>;
+    mistNac?: pulumi.Input<inputs.site.WlanMistNac>;
+    mspId?: pulumi.Input<string>;
+    /**
+     * when `interface`=`mxtunnel`, id of the Mist Tunnel
+     */
+    mxtunnelIds?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * when `interface`=`siteMedge`, name of the mxtunnel that in mxtunnels under Site Setting
+     */
+    mxtunnelNames?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * whether to only allow client to use DNS that we’ve learned from DHCP response
+     */
+    noStaticDns?: pulumi.Input<boolean>;
+    /**
+     * whether to only allow client that we’ve learned from DHCP exchange to talk
+     */
+    noStaticIp?: pulumi.Input<boolean>;
+    orgId?: pulumi.Input<string>;
+    /**
+     * portal wlan settings
+     */
+    portal?: pulumi.Input<inputs.site.WlanPortal>;
+    /**
+     * list of hostnames without http(s):// (matched by substring)
+     */
+    portalAllowedHostnames?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * list of CIDRs
+     */
+    portalAllowedSubnets?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * api secret (auto-generated) that can be used to sign guest authorization requests
+     */
+    portalApiSecret?: pulumi.Input<string>;
+    /**
+     * list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
+     */
+    portalDeniedHostnames?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Url of portal background image
+     */
+    portalImage?: pulumi.Input<string>;
+    portalSsoUrl?: pulumi.Input<string>;
+    /**
+     * N.B portalTemplate will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url.
+     * To update portal_template, use Wlan Portal Template.
+     */
+    portalTemplateUrl?: pulumi.Input<string>;
+    qos?: pulumi.Input<inputs.site.WlanQos>;
+    /**
+     * Radsec settings
+     */
+    radsec?: pulumi.Input<inputs.site.WlanRadsec>;
+    /**
+     * enum: `11r`, `OKC`, `none`
+     */
+    roamMode?: pulumi.Input<string>;
+    /**
+     * WLAN operating schedule, default is disabled
+     */
+    schedule?: pulumi.Input<inputs.site.WlanSchedule>;
+    siteId?: pulumi.Input<string>;
+    /**
+     * whether to exclude this WLAN from SLE metrics
+     */
+    sleExcluded?: pulumi.Input<boolean>;
+    /**
+     * the name of the SSID
+     */
+    ssid?: pulumi.Input<string>;
+    /**
+     * Url of portal background image thumbnail
+     */
+    thumbnail?: pulumi.Input<string>;
+    /**
+     * if `auth.type`==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices
+     */
+    useEapolV1?: pulumi.Input<boolean>;
+    /**
+     * if vlan tagging is enabled
+     */
+    vlanEnabled?: pulumi.Input<boolean>;
+    vlanId?: pulumi.Input<string>;
+    /**
+     * vlan_ids to use when there’s no match from RA
+     */
+    vlanIds?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
+     */
+    vlanPooling?: pulumi.Input<boolean>;
+    /**
+     * kbps
+     */
+    wlanLimitDown?: pulumi.Input<number>;
+    /**
+     * if downlink limiting for whole wlan is enabled
+     */
+    wlanLimitDownEnabled?: pulumi.Input<boolean>;
+    /**
+     * kbps
+     */
+    wlanLimitUp?: pulumi.Input<number>;
+    /**
+     * if uplink limiting for whole wlan is enabled
+     */
+    wlanLimitUpEnabled?: pulumi.Input<boolean>;
+    /**
+     * list of wxtag_ids
+     */
+    wxtagIds?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * when `interface`=`wxtunnel`, id of the WXLAN Tunnel
+     */
+    wxtunnelId?: pulumi.Input<string>;
+    /**
+     * when `interface`=`wxtunnel`, remote tunnel identifier
+     */
+    wxtunnelRemoteId?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a Wlan resource.
+ */
+export interface WlanArgs {
+    /**
+     * enable coa-immediate-update and address-change-immediate-update on the access profile.
+     */
+    acctImmediateUpdate?: pulumi.Input<boolean>;
+    /**
+     * how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request
+     * from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended
+     * when enabled
+     */
+    acctInterimInterval?: pulumi.Input<number>;
+    /**
+     * list of RADIUS accounting servers, optional, order matters where the first one is treated as primary
+     */
+    acctServers?: pulumi.Input<pulumi.Input<inputs.site.WlanAcctServer>[]>;
+    /**
+     * airwatch wlan settings
+     */
+    airwatch?: pulumi.Input<inputs.site.WlanAirwatch>;
+    /**
+     * only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
+     */
+    allowIpv6Ndp?: pulumi.Input<boolean>;
+    /**
+     * only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
+     */
+    allowMdns?: pulumi.Input<boolean>;
+    /**
+     * only applicable when `limitBcast`==`tru`e, which allows SSDP
+     */
+    allowSsdp?: pulumi.Input<boolean>;
+    /**
+     * list of device ids
+     */
+    apIds?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * bandwidth limiting for apps (applies to up/down)
+     */
+    appLimit?: pulumi.Input<inputs.site.WlanAppLimit>;
+    /**
+     * app qos wlan settings
+     */
+    appQos?: pulumi.Input<inputs.site.WlanAppQos>;
+    /**
+     * enum: `aps`, `site`, `wxtags`
+     */
+    applyTo?: pulumi.Input<string>;
+    /**
+     * whether to enable smart arp filter
+     */
+    arpFilter?: pulumi.Input<boolean>;
+    /**
+     * authentication wlan settings
+     */
+    auth?: pulumi.Input<inputs.site.WlanAuth>;
+    /**
+     * When ordered, AP will prefer and go back to the first server if possible. enum: `ordered`, `unordered`
+     */
+    authServerSelection?: pulumi.Input<string>;
+    /**
+     * list of RADIUS authentication servers, at least one is needed if `auth type`==`eap`, order matters where the first one
+     * is treated as primary
+     */
+    authServers?: pulumi.Input<pulumi.Input<inputs.site.WlanAuthServer>[]>;
+    /**
+     * optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
+     */
+    authServersNasId?: pulumi.Input<string>;
+    /**
+     * optional, NAS-IP-ADDRESS to use
+     */
+    authServersNasIp?: pulumi.Input<string>;
+    /**
+     * radius auth session retries. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are
+     * set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to
+     * default value to 3.
+     */
+    authServersRetries?: pulumi.Input<number>;
+    /**
+     * radius auth session timeout. Following fast timers are set if “fast_dot1x_timers” knob is enabled.
+     * ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’
+     * is also set when setting authServersTimeout and is set to default value of 10.
+     */
+    authServersTimeout?: pulumi.Input<number>;
+    /**
+     * whether to enable band_steering, this works only when band==both
+     */
+    bandSteer?: pulumi.Input<boolean>;
+    /**
+     * force dualBand capable client to connect to 5G
+     */
+    bandSteerForceBand5?: pulumi.Input<boolean>;
+    /**
+     * list of radios that the wlan should apply to
+     */
+    bands?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * whether to block the clients in the blacklist (up to first 256 macs)
+     */
+    blockBlacklistClients?: pulumi.Input<boolean>;
+    /**
+     * bonjour gateway wlan settings
+     */
+    bonjour?: pulumi.Input<inputs.site.WlanBonjour>;
+    /**
+     * Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA:
+     * https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
+     */
+    ciscoCwa?: pulumi.Input<inputs.site.WlanCiscoCwa>;
+    /**
+     * kbps
+     */
+    clientLimitDown?: pulumi.Input<number>;
+    /**
+     * if downlink limiting per-client is enabled
+     */
+    clientLimitDownEnabled?: pulumi.Input<boolean>;
+    /**
+     * kbps
+     */
+    clientLimitUp?: pulumi.Input<number>;
+    /**
+     * if uplink limiting per-client is enabled
+     */
+    clientLimitUpEnabled?: pulumi.Input<boolean>;
+    /**
+     * list of COA (change of authorization) servers, optional
+     */
+    coaServers?: pulumi.Input<pulumi.Input<inputs.site.WlanCoaServer>[]>;
+    /**
+     * some old WLAN drivers may not be compatible
+     */
+    disable11ax?: pulumi.Input<boolean>;
+    /**
+     * to disable ht or vht rates
+     */
+    disableHtVhtRates?: pulumi.Input<boolean>;
+    /**
+     * whether to disable U-APSD
+     */
+    disableUapsd?: pulumi.Input<boolean>;
+    /**
+     * disable sending v2 roam notification messages
+     */
+    disableV1RoamNotify?: pulumi.Input<boolean>;
+    /**
+     * disable sending v2 roam notification messages
+     */
+    disableV2RoamNotify?: pulumi.Input<boolean>;
+    /**
+     * whether to disable WMM
+     */
+    disableWmm?: pulumi.Input<boolean>;
+    /**
+     * for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
+     */
+    dnsServerRewrite?: pulumi.Input<inputs.site.WlanDnsServerRewrite>;
+    dtim?: pulumi.Input<number>;
+    /**
+     * for dynamic PSK where we get perUser PSK from Radius. dynamicPsk allows PSK to be selected at runtime depending on
+     * context (wlan/site/user/...) thus following configurations are assumed (currently) * PSK will come from RADIUS server *
+     * AP sends client MAC as username ans password (i.e. `enableMacAuth` is assumed) * AP sends BSSID:SSID as
+     * Caller-Station-ID * `authServers` is required * PSK will come from cloud WLC if source is cloudPsks * defaultPsk will be
+     * used if cloud WLC is not available * `multiPskOnly` and `psk` is ignored * `pairwise` can only be wpa2-ccmp (for now,
+     * wpa3 support on the roadmap)
+     */
+    dynamicPsk?: pulumi.Input<inputs.site.WlanDynamicPsk>;
+    /**
+     * for 802.1x
+     */
+    dynamicVlan?: pulumi.Input<inputs.site.WlanDynamicVlan>;
+    /**
+     * enable AP-AP keycaching via multicast
+     */
+    enableLocalKeycaching?: pulumi.Input<boolean>;
+    /**
+     * by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where
+     * client is a wireless bridge (DHCP packets for other MACs will need to be orwarded), wirelessBridging can be enabled
+     */
+    enableWirelessBridging?: pulumi.Input<boolean>;
+    /**
+     * if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response
+     * packets to be forwarded to wireless
+     */
+    enableWirelessBridgingDhcpTracking?: pulumi.Input<boolean>;
+    /**
+     * if this wlan is enabled
+     */
+    enabled?: pulumi.Input<boolean>;
+    /**
+     * if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and
+     * ‘auth_server_retries’ .
+     */
+    fastDot1xTimers?: pulumi.Input<boolean>;
+    /**
+     * whether to hide SSID in beacon
+     */
+    hideSsid?: pulumi.Input<boolean>;
+    /**
+     * include hostname inside IE in AP beacons / probe responses
+     */
+    hostnameIe?: pulumi.Input<boolean>;
+    /**
+     * hostspot 2.0 wlan settings
+     */
+    hotspot20?: pulumi.Input<inputs.site.WlanHotspot20>;
+    injectDhcpOption82?: pulumi.Input<inputs.site.WlanInjectDhcpOption82>;
+    /**
+     * where this WLAN will be connected to. enum: `all`, `eth0`, `eth1`, `eth2`, `eth3`, `mxtunnel`, `siteMxedge`, `wxtunnel`
+     */
+    interface?: pulumi.Input<string>;
+    /**
+     * whether to stop clients to talk to each other
+     */
+    isolation?: pulumi.Input<boolean>;
+    /**
+     * if isolation is enabled, whether to deny clients to talk to L2 on the LAN
+     */
+    l2Isolation?: pulumi.Input<boolean>;
+    /**
+     * legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning!
+     * Enabling this will cause problem for iOS devices.
+     */
+    legacyOverds?: pulumi.Input<boolean>;
+    /**
+     * whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
+     */
+    limitBcast?: pulumi.Input<boolean>;
+    /**
+     * limit probe response base on some heuristic rules
+     */
+    limitProbeResponse?: pulumi.Input<boolean>;
+    /**
+     * max idle time in seconds
+     */
+    maxIdletime?: pulumi.Input<number>;
+    mistNac?: pulumi.Input<inputs.site.WlanMistNac>;
+    /**
+     * when `interface`=`mxtunnel`, id of the Mist Tunnel
+     */
+    mxtunnelIds?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * when `interface`=`siteMedge`, name of the mxtunnel that in mxtunnels under Site Setting
+     */
+    mxtunnelNames?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * whether to only allow client to use DNS that we’ve learned from DHCP response
+     */
+    noStaticDns?: pulumi.Input<boolean>;
+    /**
+     * whether to only allow client that we’ve learned from DHCP exchange to talk
+     */
+    noStaticIp?: pulumi.Input<boolean>;
+    /**
+     * portal wlan settings
+     */
+    portal?: pulumi.Input<inputs.site.WlanPortal>;
+    /**
+     * list of hostnames without http(s):// (matched by substring)
+     */
+    portalAllowedHostnames?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * list of CIDRs
+     */
+    portalAllowedSubnets?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
+     */
+    portalDeniedHostnames?: pulumi.Input<pulumi.Input<string>[]>;
+    qos?: pulumi.Input<inputs.site.WlanQos>;
+    /**
+     * Radsec settings
+     */
+    radsec?: pulumi.Input<inputs.site.WlanRadsec>;
+    /**
+     * enum: `11r`, `OKC`, `none`
+     */
+    roamMode?: pulumi.Input<string>;
+    /**
+     * WLAN operating schedule, default is disabled
+     */
+    schedule?: pulumi.Input<inputs.site.WlanSchedule>;
+    siteId: pulumi.Input<string>;
+    /**
+     * whether to exclude this WLAN from SLE metrics
+     */
+    sleExcluded?: pulumi.Input<boolean>;
+    /**
+     * the name of the SSID
+     */
+    ssid: pulumi.Input<string>;
+    /**
+     * if `auth.type`==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices
+     */
+    useEapolV1?: pulumi.Input<boolean>;
+    /**
+     * if vlan tagging is enabled
+     */
+    vlanEnabled?: pulumi.Input<boolean>;
+    vlanId?: pulumi.Input<string>;
+    /**
+     * vlan_ids to use when there’s no match from RA
+     */
+    vlanIds?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
+     */
+    vlanPooling?: pulumi.Input<boolean>;
+    /**
+     * kbps
+     */
+    wlanLimitDown?: pulumi.Input<number>;
+    /**
+     * if downlink limiting for whole wlan is enabled
+     */
+    wlanLimitDownEnabled?: pulumi.Input<boolean>;
+    /**
+     * kbps
+     */
+    wlanLimitUp?: pulumi.Input<number>;
+    /**
+     * if uplink limiting for whole wlan is enabled
+     */
+    wlanLimitUpEnabled?: pulumi.Input<boolean>;
+    /**
+     * list of wxtag_ids
+     */
+    wxtagIds?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * when `interface`=`wxtunnel`, id of the WXLAN Tunnel
+     */
+    wxtunnelId?: pulumi.Input<string>;
+    /**
+     * when `interface`=`wxtunnel`, remote tunnel identifier
+     */
+    wxtunnelRemoteId?: pulumi.Input<string>;
+}