Skip to content

SSID

Location in GUI: Design » Network Settings » Wireless » SSIDs

Diagram
NameTypeConstraintMandatoryDefault Value
ssidsList[ssids]No

NameTypeConstraintMandatoryDefault Value
nameStringYes
auth_typeChoiceWPA2_ENTERPRISE, WPA2_PERSONAL, OPEN, WPA3_ENTERPRISE, WPA3_PERSONAL, WPA2_WPA3_PERSONAL, WPA2_WPA3_ENTERPRISE, OPEN_SECUREDYes
wlan_typeChoiceEnterprise, GuestYes
aaa_overrideBooleantrue, falseNo
acct_serversListIPNo
acl_nameStringNo
ap_beacon_protectionBooleantrue, falseNo
auth_key8021xBooleantrue, falseNo
auth_key8021x_plus_ftBooleantrue, falseNo
auth_key8021x_sha256Booleantrue, falseNo
auth_key_easy_pskBooleantrue, falseNo
auth_key_easy_psk_sha256Booleantrue, falseNo
auth_key_oweBooleantrue, falseNo
auth_key_pskBooleantrue, falseNo
auth_key_psk_plus_ftBooleantrue, falseNo
auth_key_saeBooleantrue, falseNo
auth_key_sae_extBooleantrue, falseNo
auth_key_sae_ext_plus_ftBooleantrue, falseNo
auth_key_sae_plus_ftBooleantrue, falseNo
auth_key_suite_b1921xBooleantrue, falseNo
auth_key_suite_b1xBooleantrue, falseNo
auth_serverChoiceauth_ise, auth_external, auth_internalNo
auth_serversListIPNo
basic_service_set_client_idle_timeoutIntegermin: 15, max: 100000No
basic_service_set_max_idleBooleantrue, falseNo
broadcast_ssidBooleantrue, falseNo
cckmBooleantrue, falseNo
cckm_tsf_toleranceAnyInteger[min: 100, max: 5000] or Integer[min: 0, max: 0]No
client_exclusionBooleantrue, falseNo
client_exclusion_timeoutIntegermin: 0, max: 2147483647No
client_rate_limitAnyInteger[min: 8000, max: 100000000000] or Integer[min: 0, max: 0]No
coverage_hole_detectionBooleantrue, falseNo
directed_multicast_serviceBooleantrue, falseNo
egress_qosChoicePLATINUM, SILVER, GOLD, BRONZENo
enabledBooleantrue, falseNo
external_auth_ip_addressStringNo
fast_laneBooleantrue, falseNo
fast_transitionChoiceADAPTIVE, DISABLE, ENABLENo
fast_transition_over_the_distributed_systemBooleantrue, falseNo
ghz24_policyChoicedot11-g-only, dot11-bg-onlyNo
ghz6_policy_client_steeringBooleantrue, falseNo
hexBooleantrue, falseNo
ingress_qosChoicePLATINUM-UP, SILVER-UP, GOLD-UP, BRONZE-UPNo
l3_auth_typeChoiceopen, web_authNo
mac_filteringBooleantrue, falseNo
mft_client_protectionChoiceOPTIONAL, DISABLED, REQUIREDNo
multi_psk_settingsClass[multi_psk_settings]No
nas_optionsListStringNo
neighbor_listBooleantrue, falseNo
open_ssidBooleantrue, falseNo
passphraseStringNo
posturingBooleantrue, falseNo
profile_nameStringNo
protected_management_frameChoiceREQUIRED, DISABLED, OPTIONALNo
random_mac_filterBooleantrue, falseNo
rsn_cipher_suite_ccmp128Booleantrue, falseNo
rsn_cipher_suite_gcmp128Booleantrue, falseNo
rsn_cipher_suite_ccmp256Booleantrue, falseNo
rsn_cipher_suite_gcmp256Booleantrue, falseNo
session_timeoutAnyInteger[min: 1, max: 86400] or Integer[min: 0, max: 0]No
session_timeout_enableBooleantrue, falseNo
sleeping_clientBooleantrue, falseNo
sleeping_client_timeoutIntegermin: 10, max: 43200No
ssid_radio_typeChoiceTriple Band, 5GHz, 2.4GHz, 6GHz, 2.4GHz and 5GHz, 2.4GHz and 6GHz, 5GHz and 6GHzNo

multi_psk_settings (catalyst_center.wireless.ssids)

Section titled “multi_psk_settings (catalyst_center.wireless.ssids)”
NameTypeConstraintMandatoryDefault Value
priorityStringYes
passphraseStringNo
passphrase_typeChoiceASCII, HEXNo

Example 1: Basic WPA3 Personal SSID configuration with triple-band support, featuring modern security settings including SAE authentication, protected management frames, and optimized client management for enterprise environments:

catalyst_center:
wireless:
ssids:
- name: SSID_1
auth_type: WPA3_PERSONAL
passphrase: Cisco123
fast_lane: false
mac_filtering: false
ssid_radio_type: Triple Band
broadcast_ssid: true
fast_transition: ADAPTIVE
session_timeout_enable: true
session_timeout: 1800
client_exclusion: true
client_exclusion_timeout: 1800
basic_service_set_max_idle: true
basic_service_set_client_idle_timeout: 300
directed_multicast_service: true
neighbor_list: true
mft_client_protection: OPTIONAL
aaa_override: false
protected_management_frame: REQUIRED
rsn_cipher_suite_ccmp128: true
wlan_type: Enterprise
auth_key_sae_ext: true
ghz24_policy: dot11-g-only
hex: false
random_mac_filter: false

Example 2: Comprehensive enterprise SSID deployment with multiple authentication types and advanced wireless features, demonstrating WPA2/WPA3 enterprise authentication, QoS settings, and detailed client management across different deployment scenarios:

catalyst_center:
wireless:
ssids:
- name: 802_1X_SSID
wlan_type: Enterprise
ssid_radio_type: "2.4GHz and 6GHz"
ghz24_policy: dot11-bg-only
fast_lane: false
egress_qos: PLATINUM
ingress_qos: PLATINUM-UP
enabled: true
broadcast_ssid: true
auth_type: WPA2_WPA3_ENTERPRISE
ap_beacon_protection: true
fast_transition: ADAPTIVE
rsn_cipher_suite_ccmp128: true
auth_key8021x: true
auth_key8021x_sha256: true
auth_servers: ["198.18.133.27"]
acct_servers: ["198.18.133.27"]
aaa_override: true
mac_filtering: true
random_mac_filter: false
posturing: false
mft_client_protection: OPTIONAL
protected_management_frame: REQUIRED
neighbor_list: true
coverage_hole_detection: true
session_timeout_enable: true
session_timeout: 28800
client_exclusion: true
client_exclusion_timeout: 1800
basic_service_set_max_idle: true
basic_service_set_client_idle_timeout: 300
sleeping_client_timeout: 500
directed_multicast_service: true
nas_options: ["System IP Address"]
client_rate_limit: 1000000
- name: Guest_SSID
wlan_type: Guest
ssid_radio_type: "Triple Band"
ghz24_policy: dot11-bg-only
fast_lane: false
egress_qos: PLATINUM
ingress_qos: PLATINUM-UP
enabled: true
broadcast_ssid: true
auth_type: OPEN
fast_transition: ADAPTIVE
l3_auth_type: web_auth
auth_server: auth_ise
auth_servers: ["198.18.133.27"]
acct_servers: ["198.18.133.27"]
aaa_override: true
mac_filtering: true
random_mac_filter: false
posturing: false
mft_client_protection: OPTIONAL
protected_management_frame: REQUIRED
neighbor_list: true
coverage_hole_detection: true
session_timeout_enable: true
session_timeout: 28800
client_exclusion: true
client_exclusion_timeout: 1800
basic_service_set_max_idle: true
basic_service_set_client_idle_timeout: 300
sleeping_client_timeout: 500
directed_multicast_service: true
nas_options: ["System IP Address"]
client_rate_limit: 1000000
- name: Guest_EXT_WEB_AUTH
wlan_type: Guest
ssid_radio_type: "2.4GHz and 6GHz"
ghz24_policy: dot11-bg-only
fast_lane: false
egress_qos: PLATINUM
ingress_qos: PLATINUM-UP
enabled: true
broadcast_ssid: true
auth_type: OPEN
fast_transition: ADAPTIVE
l3_auth_type: web_auth
auth_server: auth_external
external_auth_ip_address: "https://198.18.133.27/dummy.html"
aaa_override: true
mac_filtering: true
random_mac_filter: false
posturing: false
mft_client_protection: OPTIONAL
protected_management_frame: REQUIRED
neighbor_list: true
coverage_hole_detection: true
session_timeout_enable: true
session_timeout: 28800
client_exclusion: true
client_exclusion_timeout: 1800
basic_service_set_max_idle: true
basic_service_set_client_idle_timeout: 300
sleeping_client_timeout: 500
directed_multicast_service: true
nas_options: ["System IP Address"]
client_rate_limit: 10000
- name: PSK_SSID
wlan_type: Enterprise
ssid_radio_type: "2.4GHz and 5GHz"
ghz24_policy: dot11-bg-only
fast_lane: false
egress_qos: PLATINUM
ingress_qos: PLATINUM-UP
enabled: true
broadcast_ssid: true
auth_type: WPA2_PERSONAL
ap_beacon_protection: false
passphrase: PSKPass123
fast_transition: ENABLE
rsn_cipher_suite_ccmp128: true
auth_key_psk: true
auth_key_psk_plus_ft: true
mft_client_protection: OPTIONAL
protected_management_frame: OPTIONAL
neighbor_list: true
coverage_hole_detection: true
session_timeout_enable: true
session_timeout: 28800
client_exclusion: true
client_exclusion_timeout: 1800
basic_service_set_max_idle: true
basic_service_set_client_idle_timeout: 300
sleeping_client_timeout: 500
directed_multicast_service: true
nas_options: ["System IP Address"]
client_rate_limit: 10000
- name: PSK_SSID_ENTERPRISE
wlan_type: Enterprise
ssid_radio_type: "5GHz"
ghz24_policy: dot11-bg-only
fast_lane: false
egress_qos: PLATINUM
ingress_qos: PLATINUM-UP
enabled: true
broadcast_ssid: true
auth_type: WPA2_WPA3_ENTERPRISE
ap_beacon_protection: true
fast_transition: ENABLE
rsn_cipher_suite_ccmp128: true
rsn_cipher_suite_gcmp256: true
cckm: true
cckm_tsf_tolerance: 5000
auth_key8021x: true
auth_key8021x_sha256: true
auth_key_suite_b1921x: true
auth_servers: ["198.18.133.27"]
acct_servers: ["198.18.133.27"]
aaa_override: true
mac_filtering: true
posturing: false
mft_client_protection: OPTIONAL
protected_management_frame: REQUIRED
neighbor_list: true
coverage_hole_detection: true
session_timeout_enable: true
session_timeout: 28800
client_exclusion: true
client_exclusion_timeout: 1800
basic_service_set_max_idle: true
basic_service_set_client_idle_timeout: 300
sleeping_client_timeout: 500
directed_multicast_service: true
nas_options: ["System IP Address"]
client_rate_limit: 10000
- name: IPSK_SSID
wlan_type: Enterprise
ssid_radio_type: "2.4GHz and 6GHz"
ghz24_policy: dot11-bg-only
fast_lane: false
egress_qos: PLATINUM
ingress_qos: PLATINUM-UP
enabled: true
broadcast_ssid: true
auth_type: WPA2_WPA3_PERSONAL
ap_beacon_protection: true
passphrase: PSKPass123
fast_transition: ENABLE
rsn_cipher_suite_ccmp128: true
rsn_cipher_suite_gcmp256: true
auth_key_sae: true
auth_key_sae_ext_plus_ft: true
auth_key_psk: true
auth_key_psk_plus_ft: true
auth_servers: ["198.18.133.27"]
acct_servers: ["198.18.133.27"]
aaa_override: true
posturing: false
mft_client_protection: OPTIONAL
protected_management_frame: REQUIRED
neighbor_list: true
coverage_hole_detection: true
session_timeout_enable: true
session_timeout: 28800
client_exclusion: true
client_exclusion_timeout: 1800
basic_service_set_max_idle: true
basic_service_set_client_idle_timeout: 300
sleeping_client_timeout: 500
directed_multicast_service: true
nas_options: ["System IP Address"]
client_rate_limit: 10000

Example 3: Advanced fabric-enabled SSID configuration with WPA2/WPA3 Personal authentication, demonstrating comprehensive security features including multiple cipher suites, fast transition capabilities, and enhanced authentication methods for Software-Defined Access (SDA) fabric deployments:

catalyst_center:
wireless:
ssids:
- name: 802_1X_SSID_FABRIC
wlan_type: Enterprise
ssid_radio_type: "Triple Band"
ghz24_policy: dot11-bg-only
fast_lane: false
egress_qos: PLATINUM
ingress_qos: PLATINUM-UP
enabled: true
broadcast_ssid: true
auth_type: WPA2_WPA3_PERSONAL
ap_beacon_protection: true
passphrase: PSKPass123
fast_transition: ENABLE
rsn_cipher_suite_ccmp128: true
rsn_cipher_suite_gcmp256: true
auth_key_sae: true
auth_key_sae_ext_plus_ft: true
auth_key_psk: true
auth_key_psk_plus_ft: true
auth_servers: ["198.18.133.27"]
acct_servers: ["198.18.133.27"]
aaa_override: true
posturing: false
mft_client_protection: OPTIONAL
protected_management_frame: REQUIRED
neighbor_list: true
coverage_hole_detection: true
session_timeout_enable: true
session_timeout: 28800
client_exclusion: true
client_exclusion_timeout: 1800
basic_service_set_max_idle: true
basic_service_set_client_idle_timeout: 300
sleeping_client_timeout: 500
directed_multicast_service: true
nas_options: ["System IP Address"]
client_rate_limit: 10000