SSID
Location in GUI: Design
» Network Settings
» Wireless
» SSIDs
Diagram
Section titled “Diagram”Classes
Section titled “Classes”wireless (catalyst_center)
Section titled “wireless (catalyst_center)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ssids | List | [ssids] | No |
ssids (catalyst_center.wireless)
Section titled “ssids (catalyst_center.wireless)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Yes | ||
auth_type | Choice | WPA2_ENTERPRISE , WPA2_PERSONAL , OPEN , WPA3_ENTERPRISE , WPA3_PERSONAL , WPA2_WPA3_PERSONAL , WPA2_WPA3_ENTERPRISE , OPEN_SECURED | Yes | |
wlan_type | Choice | Enterprise , Guest | Yes | |
aaa_override | Boolean | true , false | No | |
acct_servers | List | IP | No | |
acl_name | String | No | ||
ap_beacon_protection | Boolean | true , false | No | |
auth_key8021x | Boolean | true , false | No | |
auth_key8021x_plus_ft | Boolean | true , false | No | |
auth_key8021x_sha256 | Boolean | true , false | No | |
auth_key_easy_psk | Boolean | true , false | No | |
auth_key_easy_psk_sha256 | Boolean | true , false | No | |
auth_key_owe | Boolean | true , false | No | |
auth_key_psk | Boolean | true , false | No | |
auth_key_psk_plus_ft | Boolean | true , false | No | |
auth_key_sae | Boolean | true , false | No | |
auth_key_sae_ext | Boolean | true , false | No | |
auth_key_sae_ext_plus_ft | Boolean | true , false | No | |
auth_key_sae_plus_ft | Boolean | true , false | No | |
auth_key_suite_b1921x | Boolean | true , false | No | |
auth_key_suite_b1x | Boolean | true , false | No | |
auth_server | Choice | auth_ise , auth_external , auth_internal | No | |
auth_servers | List | IP | No | |
basic_service_set_client_idle_timeout | Integer | min: 15 , max: 100000 | No | |
basic_service_set_max_idle | Boolean | true , false | No | |
broadcast_ssid | Boolean | true , false | No | |
cckm | Boolean | true , false | No | |
cckm_tsf_tolerance | Any | Integer[min: 100 , max: 5000 ] or Integer[min: 0 , max: 0 ] | No | |
client_exclusion | Boolean | true , false | No | |
client_exclusion_timeout | Integer | min: 0 , max: 2147483647 | No | |
client_rate_limit | Any | Integer[min: 8000 , max: 100000000000 ] or Integer[min: 0 , max: 0 ] | No | |
coverage_hole_detection | Boolean | true , false | No | |
directed_multicast_service | Boolean | true , false | No | |
egress_qos | Choice | PLATINUM , SILVER , GOLD , BRONZE | No | |
enabled | Boolean | true , false | No | |
external_auth_ip_address | String | No | ||
fast_lane | Boolean | true , false | No | |
fast_transition | Choice | ADAPTIVE , DISABLE , ENABLE | No | |
fast_transition_over_the_distributed_system | Boolean | true , false | No | |
ghz24_policy | Choice | dot11-g-only , dot11-bg-only | No | |
ghz6_policy_client_steering | Boolean | true , false | No | |
hex | Boolean | true , false | No | |
ingress_qos | Choice | PLATINUM-UP , SILVER-UP , GOLD-UP , BRONZE-UP | No | |
l3_auth_type | Choice | open , web_auth | No | |
mac_filtering | Boolean | true , false | No | |
mft_client_protection | Choice | OPTIONAL , DISABLED , REQUIRED | No | |
multi_psk_settings | Class | [multi_psk_settings] | No | |
nas_options | List | String | No | |
neighbor_list | Boolean | true , false | No | |
open_ssid | Boolean | true , false | No | |
passphrase | String | No | ||
posturing | Boolean | true , false | No | |
profile_name | String | No | ||
protected_management_frame | Choice | REQUIRED , DISABLED , OPTIONAL | No | |
random_mac_filter | Boolean | true , false | No | |
rsn_cipher_suite_ccmp128 | Boolean | true , false | No | |
rsn_cipher_suite_gcmp128 | Boolean | true , false | No | |
rsn_cipher_suite_ccmp256 | Boolean | true , false | No | |
rsn_cipher_suite_gcmp256 | Boolean | true , false | No | |
session_timeout | Any | Integer[min: 1 , max: 86400 ] or Integer[min: 0 , max: 0 ] | No | |
session_timeout_enable | Boolean | true , false | No | |
sleeping_client | Boolean | true , false | No | |
sleeping_client_timeout | Integer | min: 10 , max: 43200 | No | |
ssid_radio_type | Choice | Triple Band , 5GHz , 2.4GHz , 6GHz , 2.4GHz and 5GHz , 2.4GHz and 6GHz , 5GHz and 6GHz | No |
multi_psk_settings (catalyst_center.wireless.ssids)
Section titled “multi_psk_settings (catalyst_center.wireless.ssids)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
priority | String | Yes | ||
passphrase | String | No | ||
passphrase_type | Choice | ASCII , HEX | No |
Examples
Section titled “Examples”Example 1: Basic WPA3 Personal SSID configuration with triple-band support, featuring modern security settings including SAE authentication, protected management frames, and optimized client management for enterprise environments:
catalyst_center: wireless: ssids: - name: SSID_1 auth_type: WPA3_PERSONAL passphrase: Cisco123 fast_lane: false mac_filtering: false ssid_radio_type: Triple Band broadcast_ssid: true fast_transition: ADAPTIVE session_timeout_enable: true session_timeout: 1800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 directed_multicast_service: true neighbor_list: true mft_client_protection: OPTIONAL aaa_override: false protected_management_frame: REQUIRED rsn_cipher_suite_ccmp128: true wlan_type: Enterprise auth_key_sae_ext: true ghz24_policy: dot11-g-only hex: false random_mac_filter: false
Example 2: Comprehensive enterprise SSID deployment with multiple authentication types and advanced wireless features, demonstrating WPA2/WPA3 enterprise authentication, QoS settings, and detailed client management across different deployment scenarios:
catalyst_center: wireless: ssids: - name: 802_1X_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_ENTERPRISE ap_beacon_protection: true fast_transition: ADAPTIVE rsn_cipher_suite_ccmp128: true auth_key8021x: true auth_key8021x_sha256: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 1000000
- name: Guest_SSID wlan_type: Guest ssid_radio_type: "Triple Band" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: OPEN fast_transition: ADAPTIVE l3_auth_type: web_auth auth_server: auth_ise auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 1000000
- name: Guest_EXT_WEB_AUTH wlan_type: Guest ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: OPEN fast_transition: ADAPTIVE l3_auth_type: web_auth auth_server: auth_external external_auth_ip_address: "https://198.18.133.27/dummy.html" aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: PSK_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 5GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_PERSONAL ap_beacon_protection: false passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true auth_key_psk: true auth_key_psk_plus_ft: true mft_client_protection: OPTIONAL protected_management_frame: OPTIONAL neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: PSK_SSID_ENTERPRISE wlan_type: Enterprise ssid_radio_type: "5GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_ENTERPRISE ap_beacon_protection: true fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true cckm: true cckm_tsf_tolerance: 5000 auth_key8021x: true auth_key8021x_sha256: true auth_key_suite_b1921x: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: IPSK_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_PERSONAL ap_beacon_protection: true passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true auth_key_sae: true auth_key_sae_ext_plus_ft: true auth_key_psk: true auth_key_psk_plus_ft: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
Example 3: Advanced fabric-enabled SSID configuration with WPA2/WPA3 Personal authentication, demonstrating comprehensive security features including multiple cipher suites, fast transition capabilities, and enhanced authentication methods for Software-Defined Access (SDA) fabric deployments:
catalyst_center: wireless: ssids: - name: 802_1X_SSID_FABRIC wlan_type: Enterprise ssid_radio_type: "Triple Band" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_PERSONAL ap_beacon_protection: true passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true auth_key_sae: true auth_key_sae_ext_plus_ft: true auth_key_psk: true auth_key_psk_plus_ft: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000