SSID
Location in GUI: Design » Network Settings » Wireless » SSIDs
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”wireless (catalyst_center)
Section titled “wireless (catalyst_center)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ssids | List | [ssids] | No |
ssids (catalyst_center.wireless)
Section titled “ssids (catalyst_center.wireless)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| auth_type | Choice | WPA2_ENTERPRISE, WPA2_PERSONAL, OPEN, WPA3_ENTERPRISE, WPA3_PERSONAL, WPA2_WPA3_PERSONAL, WPA2_WPA3_ENTERPRISE, OPEN_SECURED | Yes | |
| wlan_type | Choice | Enterprise, Guest | Yes | |
| aaa_override | Boolean | true, false | No | |
| acct_servers | List | IP | No | |
| acl_name | String | No | ||
| ap_beacon_protection | Boolean | true, false | No | |
| auth_key8021x | Boolean | true, false | No | |
| auth_key8021x_plus_ft | Boolean | true, false | No | |
| auth_key8021x_sha256 | Boolean | true, false | No | |
| auth_key_easy_psk | Boolean | true, false | No | |
| auth_key_easy_psk_sha256 | Boolean | true, false | No | |
| auth_key_owe | Boolean | true, false | No | |
| auth_key_psk | Boolean | true, false | No | |
| auth_key_psk_plus_ft | Boolean | true, false | No | |
| auth_key_sae | Boolean | true, false | No | |
| auth_key_sae_ext | Boolean | true, false | No | |
| auth_key_sae_ext_plus_ft | Boolean | true, false | No | |
| auth_key_sae_plus_ft | Boolean | true, false | No | |
| auth_key_suite_b1921x | Boolean | true, false | No | |
| auth_key_suite_b1x | Boolean | true, false | No | |
| auth_server | Choice | auth_ise, auth_external, auth_internal | No | |
| auth_servers | List | IP | No | |
| basic_service_set_client_idle_timeout | Integer | min: 15, max: 100000 | No | |
| basic_service_set_max_idle | Boolean | true, false | No | |
| broadcast_ssid | Boolean | true, false | No | |
| cckm | Boolean | true, false | No | |
| cckm_tsf_tolerance | Any | Integer[min: 100, max: 5000] or Integer[min: 0, max: 0] | No | |
| client_exclusion | Boolean | true, false | No | |
| client_exclusion_timeout | Integer | min: 0, max: 2147483647 | No | |
| client_rate_limit | Any | Integer[min: 8000, max: 100000000000] or Integer[min: 0, max: 0] | No | |
| coverage_hole_detection | Boolean | true, false | No | |
| directed_multicast_service | Boolean | true, false | No | |
| egress_qos | Choice | PLATINUM, SILVER, GOLD, BRONZE | No | |
| enabled | Boolean | true, false | No | |
| external_auth_ip_address | String | No | ||
| fast_lane | Boolean | true, false | No | |
| fast_transition | Choice | ADAPTIVE, DISABLE, ENABLE | No | |
| fast_transition_over_the_distributed_system | Boolean | true, false | No | |
| ghz24_policy | Choice | dot11-g-only, dot11-bg-only | No | |
| ghz6_policy_client_steering | Boolean | true, false | No | |
| hex | Boolean | true, false | No | |
| ingress_qos | Choice | PLATINUM-UP, SILVER-UP, GOLD-UP, BRONZE-UP | No | |
| l3_auth_type | Choice | open, web_auth | No | |
| mac_filtering | Boolean | true, false | No | |
| mft_client_protection | Choice | OPTIONAL, DISABLED, REQUIRED | No | |
| multi_psk_settings | Class | [multi_psk_settings] | No | |
| nas_options | List | String | No | |
| neighbor_list | Boolean | true, false | No | |
| open_ssid | Boolean | true, false | No | |
| passphrase | String | No | ||
| posturing | Boolean | true, false | No | |
| profile_name | String | No | ||
| protected_management_frame | Choice | REQUIRED, DISABLED, OPTIONAL | No | |
| random_mac_filter | Boolean | true, false | No | |
| rsn_cipher_suite_ccmp128 | Boolean | true, false | No | |
| rsn_cipher_suite_gcmp128 | Boolean | true, false | No | |
| rsn_cipher_suite_ccmp256 | Boolean | true, false | No | |
| rsn_cipher_suite_gcmp256 | Boolean | true, false | No | |
| session_timeout | Any | Integer[min: 1, max: 86400] or Integer[min: 0, max: 0] | No | |
| session_timeout_enable | Boolean | true, false | No | |
| sleeping_client | Boolean | true, false | No | |
| sleeping_client_timeout | Integer | min: 10, max: 43200 | No | |
| ssid_radio_type | Choice | Triple Band, 5GHz, 2.4GHz, 6GHz, 2.4GHz and 5GHz, 2.4GHz and 6GHz, 5GHz and 6GHz | No |
multi_psk_settings (catalyst_center.wireless.ssids)
Section titled “multi_psk_settings (catalyst_center.wireless.ssids)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| priority | String | Yes | ||
| passphrase | String | No | ||
| passphrase_type | Choice | ASCII, HEX | No |
Examples
Section titled “Examples”Example 1: Basic WPA3 Personal SSID configuration with triple-band support, featuring modern security settings including SAE authentication, protected management frames, and optimized client management for enterprise environments:
catalyst_center: wireless: ssids: - name: SSID_1 auth_type: WPA3_PERSONAL passphrase: Cisco123 fast_lane: false mac_filtering: false ssid_radio_type: Triple Band broadcast_ssid: true fast_transition: ADAPTIVE session_timeout_enable: true session_timeout: 1800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 directed_multicast_service: true neighbor_list: true mft_client_protection: OPTIONAL aaa_override: false protected_management_frame: REQUIRED rsn_cipher_suite_ccmp128: true wlan_type: Enterprise auth_key_sae_ext: true ghz24_policy: dot11-g-only hex: false random_mac_filter: falseExample 2: Comprehensive enterprise SSID deployment with multiple authentication types and advanced wireless features, demonstrating WPA2/WPA3 enterprise authentication, QoS settings, and detailed client management across different deployment scenarios:
catalyst_center: wireless: ssids: - name: 802_1X_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_ENTERPRISE ap_beacon_protection: true fast_transition: ADAPTIVE rsn_cipher_suite_ccmp128: true auth_key8021x: true auth_key8021x_sha256: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 1000000
- name: Guest_SSID wlan_type: Guest ssid_radio_type: "Triple Band" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: OPEN fast_transition: ADAPTIVE l3_auth_type: web_auth auth_server: auth_ise auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 1000000
- name: Guest_EXT_WEB_AUTH wlan_type: Guest ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: OPEN fast_transition: ADAPTIVE l3_auth_type: web_auth auth_server: auth_external external_auth_ip_address: "https://198.18.133.27/dummy.html" aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: PSK_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 5GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_PERSONAL ap_beacon_protection: false passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true auth_key_psk: true auth_key_psk_plus_ft: true mft_client_protection: OPTIONAL protected_management_frame: OPTIONAL neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: PSK_SSID_ENTERPRISE wlan_type: Enterprise ssid_radio_type: "5GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_ENTERPRISE ap_beacon_protection: true fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true cckm: true cckm_tsf_tolerance: 5000 auth_key8021x: true auth_key8021x_sha256: true auth_key_suite_b1921x: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: IPSK_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_PERSONAL ap_beacon_protection: true passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true auth_key_sae: true auth_key_sae_ext_plus_ft: true auth_key_psk: true auth_key_psk_plus_ft: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000Example 3: Advanced fabric-enabled SSID configuration with WPA2/WPA3 Personal authentication, demonstrating comprehensive security features including multiple cipher suites, fast transition capabilities, and enhanced authentication methods for Software-Defined Access (SDA) fabric deployments:
catalyst_center: wireless: ssids: - name: 802_1X_SSID_FABRIC wlan_type: Enterprise ssid_radio_type: "Triple Band" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_PERSONAL ap_beacon_protection: true passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true auth_key_sae: true auth_key_sae_ext_plus_ft: true auth_key_psk: true auth_key_psk_plus_ft: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000