SSID
Location in GUI:
Design » Network Settings » Wireless » SSIDs
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”wireless (catalyst_center)
Section titled “wireless (catalyst_center)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ssids | List | [ssids] | No |
ssids (catalyst_center.wireless)
Section titled “ssids (catalyst_center.wireless)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| auth_type | Choice | WPA2_ENTERPRISE, WPA2_PERSONAL, OPEN, WPA3_ENTERPRISE, WPA3_PERSONAL, WPA2_WPA3_PERSONAL, WPA2_WPA3_ENTERPRISE, OPEN_SECURED | Yes | |
| wlan_type | Choice | Enterprise, Guest | Yes | |
| aaa_override | Boolean | true, false | No | |
| acct_servers | List | IP | No | |
| acl_name | String | No | ||
| ap_beacon_protection | Boolean | true, false | No | |
| auth_key8021x | Boolean | true, false | No | |
| auth_key8021x_plus_ft | Boolean | true, false | No | |
| auth_key8021x_sha256 | Boolean | true, false | No | |
| auth_key_easy_psk | Boolean | true, false | No | |
| auth_key_easy_psk_sha256 | Boolean | true, false | No | |
| auth_key_owe | Boolean | true, false | No | |
| auth_key_psk | Boolean | true, false | No | |
| auth_key_psk_plus_ft | Boolean | true, false | No | |
| auth_key_sae | Boolean | true, false | No | |
| auth_key_sae_ext | Boolean | true, false | No | |
| auth_key_sae_ext_plus_ft | Boolean | true, false | No | |
| auth_key_sae_plus_ft | Boolean | true, false | No | |
| auth_key_suite_b1921x | Boolean | true, false | No | |
| auth_key_suite_b1x | Boolean | true, false | No | |
| auth_server | Choice | auth_ise, auth_external, auth_internal | No | |
| auth_servers | List | IP | No | |
| basic_service_set_client_idle_timeout | Integer | min: 15, max: 100000 | No | |
| basic_service_set_max_idle | Boolean | true, false | No | |
| broadcast_ssid | Boolean | true, false | No | |
| cckm | Boolean | true, false | No | |
| cckm_tsf_tolerance | Any | Integer[min: 100, max: 5000] or Integer[min: 0, max: 0] | No | |
| client_exclusion | Boolean | true, false | No | |
| client_exclusion_timeout | Integer | min: 0, max: 2147483647 | No | |
| client_rate_limit | Any | Integer[min: 8000, max: 100000000000] or Integer[min: 0, max: 0] | No | |
| coverage_hole_detection | Boolean | true, false | No | |
| directed_multicast_service | Boolean | true, false | No | |
| egress_qos | Choice | PLATINUM, SILVER, GOLD, BRONZE | No | |
| enabled | Boolean | true, false | No | |
| external_auth_ip_address | String | No | ||
| fast_lane | Boolean | true, false | No | |
| fast_transition | Choice | ADAPTIVE, DISABLE, ENABLE | No | |
| fast_transition_over_the_distributed_system | Boolean | true, false | No | |
| ghz24_policy | Choice | dot11-g-only, dot11-bg-only | No | |
| ghz6_policy_client_steering | Boolean | true, false | No | |
| hex | Boolean | true, false | No | |
| ingress_qos | Choice | PLATINUM-UP, SILVER-UP, GOLD-UP, BRONZE-UP | No | |
| l3_auth_type | Choice | open, web_auth | No | |
| mac_filtering | Boolean | true, false | No | |
| mft_client_protection | Choice | OPTIONAL, DISABLED, REQUIRED | No | |
| multi_psk_settings | Class | [multi_psk_settings] | No | |
| nas_options | List | String | No | |
| neighbor_list | Boolean | true, false | No | |
| open_ssid | Boolean | true, false | No | |
| passphrase | String | No | ||
| posturing | Boolean | true, false | No | |
| profile_name | String | No | ||
| protected_management_frame | Choice | REQUIRED, DISABLED, OPTIONAL | No | |
| random_mac_filter | Boolean | true, false | No | |
| rsn_cipher_suite_ccmp128 | Boolean | true, false | No | |
| rsn_cipher_suite_gcmp128 | Boolean | true, false | No | |
| rsn_cipher_suite_ccmp256 | Boolean | true, false | No | |
| rsn_cipher_suite_gcmp256 | Boolean | true, false | No | |
| session_timeout | Any | Integer[min: 1, max: 86400] or Integer[min: 0, max: 0] | No | |
| session_timeout_enable | Boolean | true, false | No | |
| sleeping_client | Boolean | true, false | No | |
| sleeping_client_timeout | Integer | min: 10, max: 43200 | No | |
| ssid_radio_type | Choice | Triple Band, 5GHz, 2.4GHz, 6GHz, 2.4GHz and 5GHz, 2.4GHz and 6GHz, 5GHz and 6GHz | No | |
| web_passthrough | Boolean | true, false | No | |
| wlan_band_select | Boolean | true, false | No |
multi_psk_settings (catalyst_center.wireless.ssids)
Section titled “multi_psk_settings (catalyst_center.wireless.ssids)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| priority | String | Yes | ||
| passphrase | String | No | ||
| passphrase_type | Choice | ASCII, HEX | No |
SSIDs define the wireless network identity and security settings that clients connect to. Each SSID is created at the Global level and can then be attached to one or more Wireless Network Profiles for site-level deployment. SSIDs are applicable to both SDA fabric and non-fabric (traditional/FlexConnect) deployments.
Examples
Section titled “Examples”Example 1: Basic WPA3 Personal SSID configuration with triple-band support, featuring modern security settings including SAE authentication, protected management frames, and optimized client management for enterprise environments:
catalyst_center: wireless: ssids: - name: SSID_1 auth_type: WPA3_PERSONAL passphrase: Cisco123 fast_lane: false mac_filtering: false ssid_radio_type: Triple Band broadcast_ssid: true fast_transition: ADAPTIVE session_timeout_enable: true session_timeout: 1800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 directed_multicast_service: true neighbor_list: true mft_client_protection: OPTIONAL aaa_override: false protected_management_frame: REQUIRED rsn_cipher_suite_ccmp128: true wlan_type: Enterprise auth_key_sae_ext: true ghz24_policy: dot11-g-only hex: false random_mac_filter: falseExample 2: Comprehensive enterprise SSID deployment with multiple authentication types and advanced wireless features, demonstrating WPA2/WPA3 enterprise authentication, QoS settings, and detailed client management across different deployment scenarios:
catalyst_center: wireless: ssids: - name: 802_1X_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_ENTERPRISE ap_beacon_protection: true fast_transition: ADAPTIVE rsn_cipher_suite_ccmp128: true auth_key8021x: true auth_key8021x_sha256: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 1000000
- name: Guest_SSID wlan_type: Guest ssid_radio_type: "Triple Band" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: OPEN fast_transition: ADAPTIVE l3_auth_type: web_auth auth_server: auth_ise auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 1000000
- name: Guest_EXT_WEB_AUTH wlan_type: Guest ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: OPEN fast_transition: ADAPTIVE l3_auth_type: web_auth auth_server: auth_external external_auth_ip_address: "https://198.18.133.27/dummy.html" aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: PSK_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 5GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_PERSONAL ap_beacon_protection: false passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true auth_key_psk: true auth_key_psk_plus_ft: true mft_client_protection: OPTIONAL protected_management_frame: OPTIONAL neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: PSK_SSID_ENTERPRISE wlan_type: Enterprise ssid_radio_type: "5GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_ENTERPRISE ap_beacon_protection: true fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true cckm: true cckm_tsf_tolerance: 5000 auth_key8021x: true auth_key8021x_sha256: true auth_key_suite_b1921x: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: IPSK_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_PERSONAL ap_beacon_protection: true passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true auth_key_sae: true auth_key_sae_ext_plus_ft: true auth_key_psk: true auth_key_psk_plus_ft: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000Example 3: Advanced fabric-enabled SSID configuration with WPA2/WPA3 Personal authentication, demonstrating comprehensive security features including multiple cipher suites, fast transition capabilities, and enhanced authentication methods for Software-Defined Access (SDA) fabric deployments:
catalyst_center: wireless: ssids: - name: 802_1X_SSID_FABRIC wlan_type: Enterprise ssid_radio_type: "Triple Band" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_PERSONAL ap_beacon_protection: true passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true auth_key_sae: true auth_key_sae_ext_plus_ft: true auth_key_psk: true auth_key_psk_plus_ft: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000Location in GUI:
Design » Network Settings » Wireless » SSIDs
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”wireless (catalyst_center)
Section titled “wireless (catalyst_center)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ssids | List | [ssids] | No |
ssids (catalyst_center.wireless)
Section titled “ssids (catalyst_center.wireless)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| auth_type | Choice | WPA2_ENTERPRISE, WPA2_PERSONAL, OPEN, WPA3_ENTERPRISE, WPA3_PERSONAL, WPA2_WPA3_PERSONAL, WPA2_WPA3_ENTERPRISE, OPEN_SECURED | Yes | |
| wlan_type | Choice | Enterprise, Guest | Yes | |
| aaa_override | Boolean | true, false | No | |
| acct_servers | List | IP | No | |
| acl_name | String | No | ||
| ap_beacon_protection | Boolean | true, false | No | |
| auth_key8021x | Boolean | true, false | No | |
| auth_key8021x_plus_ft | Boolean | true, false | No | |
| auth_key8021x_sha256 | Boolean | true, false | No | |
| auth_key_easy_psk | Boolean | true, false | No | |
| auth_key_easy_psk_sha256 | Boolean | true, false | No | |
| auth_key_owe | Boolean | true, false | No | |
| auth_key_psk | Boolean | true, false | No | |
| auth_key_psk_plus_ft | Boolean | true, false | No | |
| auth_key_sae | Boolean | true, false | No | |
| auth_key_sae_ext | Boolean | true, false | No | |
| auth_key_sae_ext_plus_ft | Boolean | true, false | No | |
| auth_key_sae_plus_ft | Boolean | true, false | No | |
| auth_key_suite_b1921x | Boolean | true, false | No | |
| auth_key_suite_b1x | Boolean | true, false | No | |
| auth_server | Choice | auth_ise, auth_external, auth_internal | No | |
| auth_servers | List | IP | No | |
| basic_service_set_client_idle_timeout | Integer | min: 15, max: 100000 | No | |
| basic_service_set_max_idle | Boolean | true, false | No | |
| broadcast_ssid | Boolean | true, false | No | |
| cckm | Boolean | true, false | No | |
| cckm_tsf_tolerance | Any | Integer[min: 100, max: 5000] or Integer[min: 0, max: 0] | No | |
| client_exclusion | Boolean | true, false | No | |
| client_exclusion_timeout | Integer | min: 0, max: 2147483647 | No | |
| client_rate_limit | Any | Integer[min: 8000, max: 100000000000] or Integer[min: 0, max: 0] | No | |
| coverage_hole_detection | Boolean | true, false | No | |
| directed_multicast_service | Boolean | true, false | No | |
| egress_qos | Choice | PLATINUM, SILVER, GOLD, BRONZE | No | |
| enabled | Boolean | true, false | No | |
| external_auth_ip_address | String | No | ||
| fast_lane | Boolean | true, false | No | |
| fast_transition | Choice | ADAPTIVE, DISABLE, ENABLE | No | |
| fast_transition_over_the_distributed_system | Boolean | true, false | No | |
| ghz24_policy | Choice | dot11-g-only, dot11-bg-only | No | |
| ghz6_policy_client_steering | Boolean | true, false | No | |
| hex | Boolean | true, false | No | |
| ingress_qos | Choice | PLATINUM-UP, SILVER-UP, GOLD-UP, BRONZE-UP | No | |
| l3_auth_type | Choice | open, web_auth | No | |
| mac_filtering | Boolean | true, false | No | |
| mft_client_protection | Choice | OPTIONAL, DISABLED, REQUIRED | No | |
| multi_psk_settings | Class | [multi_psk_settings] | No | |
| nas_options | List | String | No | |
| neighbor_list | Boolean | true, false | No | |
| open_ssid | Boolean | true, false | No | |
| passphrase | String | No | ||
| posturing | Boolean | true, false | No | |
| profile_name | String | No | ||
| protected_management_frame | Choice | REQUIRED, DISABLED, OPTIONAL | No | |
| random_mac_filter | Boolean | true, false | No | |
| rsn_cipher_suite_ccmp128 | Boolean | true, false | No | |
| rsn_cipher_suite_gcmp128 | Boolean | true, false | No | |
| rsn_cipher_suite_ccmp256 | Boolean | true, false | No | |
| rsn_cipher_suite_gcmp256 | Boolean | true, false | No | |
| session_timeout | Any | Integer[min: 1, max: 86400] or Integer[min: 0, max: 0] | No | |
| session_timeout_enable | Boolean | true, false | No | |
| sleeping_client | Boolean | true, false | No | |
| sleeping_client_timeout | Integer | min: 10, max: 43200 | No | |
| ssid_radio_type | Choice | Triple Band, 5GHz, 2.4GHz, 6GHz, 2.4GHz and 5GHz, 2.4GHz and 6GHz, 5GHz and 6GHz | No | |
| web_passthrough | Boolean | true, false | No | |
| wlan_band_select | Boolean | true, false | No |
multi_psk_settings (catalyst_center.wireless.ssids)
Section titled “multi_psk_settings (catalyst_center.wireless.ssids)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| priority | String | Yes | ||
| passphrase | String | No | ||
| passphrase_type | Choice | ASCII, HEX | No |
Examples
Section titled “Examples”Example 1: Basic WPA3 Personal SSID configuration with triple-band support, featuring modern security settings including SAE authentication, protected management frames, and optimized client management for enterprise environments:
catalyst_center: wireless: ssids: - name: SSID_1 auth_type: WPA3_PERSONAL passphrase: Cisco123 fast_lane: false mac_filtering: false ssid_radio_type: Triple Band broadcast_ssid: true fast_transition: ADAPTIVE session_timeout_enable: true session_timeout: 1800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 directed_multicast_service: true neighbor_list: true mft_client_protection: OPTIONAL aaa_override: false protected_management_frame: REQUIRED rsn_cipher_suite_ccmp128: true wlan_type: Enterprise auth_key_sae_ext: true ghz24_policy: dot11-g-only hex: false random_mac_filter: falseExample 2: Comprehensive enterprise SSID deployment with multiple authentication types and advanced wireless features, demonstrating WPA2/WPA3 enterprise authentication, QoS settings, and detailed client management across different deployment scenarios:
catalyst_center: wireless: ssids: - name: 802_1X_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_ENTERPRISE ap_beacon_protection: true fast_transition: ADAPTIVE rsn_cipher_suite_ccmp128: true auth_key8021x: true auth_key8021x_sha256: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 1000000
- name: Guest_SSID wlan_type: Guest ssid_radio_type: "Triple Band" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: OPEN fast_transition: ADAPTIVE l3_auth_type: web_auth auth_server: auth_ise auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 1000000
- name: Guest_EXT_WEB_AUTH wlan_type: Guest ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: OPEN fast_transition: ADAPTIVE l3_auth_type: web_auth auth_server: auth_external external_auth_ip_address: "https://198.18.133.27/dummy.html" aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: PSK_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 5GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_PERSONAL ap_beacon_protection: false passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true auth_key_psk: true auth_key_psk_plus_ft: true mft_client_protection: OPTIONAL protected_management_frame: OPTIONAL neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: PSK_SSID_ENTERPRISE wlan_type: Enterprise ssid_radio_type: "5GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_ENTERPRISE ap_beacon_protection: true fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true cckm: true cckm_tsf_tolerance: 5000 auth_key8021x: true auth_key8021x_sha256: true auth_key_suite_b1921x: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: IPSK_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_PERSONAL ap_beacon_protection: true passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true auth_key_sae: true auth_key_sae_ext_plus_ft: true auth_key_psk: true auth_key_psk_plus_ft: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000Example 3: Advanced fabric-enabled SSID configuration with WPA2/WPA3 Personal authentication, demonstrating comprehensive security features including multiple cipher suites, fast transition capabilities, and enhanced authentication methods for Software-Defined Access (SDA) fabric deployments:
catalyst_center: wireless: ssids: - name: 802_1X_SSID_FABRIC wlan_type: Enterprise ssid_radio_type: "Triple Band" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_PERSONAL ap_beacon_protection: true passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true auth_key_sae: true auth_key_sae_ext_plus_ft: true auth_key_psk: true auth_key_psk_plus_ft: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000Location in GUI:
Design » Network Settings » Wireless » SSIDs
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”wireless (catalyst_center)
Section titled “wireless (catalyst_center)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ssids | List | [ssids] | No |
ssids (catalyst_center.wireless)
Section titled “ssids (catalyst_center.wireless)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| auth_type | Choice | WPA2_ENTERPRISE, WPA2_PERSONAL, OPEN, WPA3_ENTERPRISE, WPA3_PERSONAL, WPA2_WPA3_PERSONAL, WPA2_WPA3_ENTERPRISE, OPEN_SECURED | Yes | |
| wlan_type | Choice | Enterprise, Guest | Yes | |
| aaa_override | Boolean | true, false | No | |
| acct_servers | List | IP | No | |
| acl_name | String | No | ||
| ap_beacon_protection | Boolean | true, false | No | |
| auth_key8021x | Boolean | true, false | No | |
| auth_key8021x_plus_ft | Boolean | true, false | No | |
| auth_key8021x_sha256 | Boolean | true, false | No | |
| auth_key_easy_psk | Boolean | true, false | No | |
| auth_key_easy_psk_sha256 | Boolean | true, false | No | |
| auth_key_owe | Boolean | true, false | No | |
| auth_key_psk | Boolean | true, false | No | |
| auth_key_psk_plus_ft | Boolean | true, false | No | |
| auth_key_sae | Boolean | true, false | No | |
| auth_key_sae_ext | Boolean | true, false | No | |
| auth_key_sae_ext_plus_ft | Boolean | true, false | No | |
| auth_key_sae_plus_ft | Boolean | true, false | No | |
| auth_key_suite_b1921x | Boolean | true, false | No | |
| auth_key_suite_b1x | Boolean | true, false | No | |
| auth_server | Choice | auth_ise, auth_external, auth_internal | No | |
| auth_servers | List | IP | No | |
| basic_service_set_client_idle_timeout | Integer | min: 15, max: 100000 | No | |
| basic_service_set_max_idle | Boolean | true, false | No | |
| broadcast_ssid | Boolean | true, false | No | |
| cckm | Boolean | true, false | No | |
| cckm_tsf_tolerance | Any | Integer[min: 100, max: 5000] or Integer[min: 0, max: 0] | No | |
| client_exclusion | Boolean | true, false | No | |
| client_exclusion_timeout | Integer | min: 0, max: 2147483647 | No | |
| client_rate_limit | Any | Integer[min: 8000, max: 100000000000] or Integer[min: 0, max: 0] | No | |
| coverage_hole_detection | Boolean | true, false | No | |
| directed_multicast_service | Boolean | true, false | No | |
| egress_qos | Choice | PLATINUM, SILVER, GOLD, BRONZE | No | |
| enabled | Boolean | true, false | No | |
| external_auth_ip_address | String | No | ||
| fast_lane | Boolean | true, false | No | |
| fast_transition | Choice | ADAPTIVE, DISABLE, ENABLE | No | |
| fast_transition_over_the_distributed_system | Boolean | true, false | No | |
| ghz24_policy | Choice | dot11-g-only, dot11-bg-only | No | |
| ghz6_policy_client_steering | Boolean | true, false | No | |
| hex | Boolean | true, false | No | |
| ingress_qos | Choice | PLATINUM-UP, SILVER-UP, GOLD-UP, BRONZE-UP | No | |
| l3_auth_type | Choice | open, web_auth | No | |
| mac_filtering | Boolean | true, false | No | |
| mft_client_protection | Choice | OPTIONAL, DISABLED, REQUIRED | No | |
| multi_psk_settings | Class | [multi_psk_settings] | No | |
| nas_options | List | String | No | |
| neighbor_list | Boolean | true, false | No | |
| open_ssid | Boolean | true, false | No | |
| passphrase | String | No | ||
| posturing | Boolean | true, false | No | |
| profile_name | String | No | ||
| protected_management_frame | Choice | REQUIRED, DISABLED, OPTIONAL | No | |
| random_mac_filter | Boolean | true, false | No | |
| rsn_cipher_suite_ccmp128 | Boolean | true, false | No | |
| rsn_cipher_suite_gcmp128 | Boolean | true, false | No | |
| rsn_cipher_suite_ccmp256 | Boolean | true, false | No | |
| rsn_cipher_suite_gcmp256 | Boolean | true, false | No | |
| session_timeout | Any | Integer[min: 1, max: 86400] or Integer[min: 0, max: 0] | No | |
| session_timeout_enable | Boolean | true, false | No | |
| sleeping_client | Boolean | true, false | No | |
| sleeping_client_timeout | Integer | min: 10, max: 43200 | No | |
| ssid_radio_type | Choice | Triple Band, 5GHz, 2.4GHz, 6GHz, 2.4GHz and 5GHz, 2.4GHz and 6GHz, 5GHz and 6GHz | No | |
| web_passthrough | Boolean | true, false | No | |
| wlan_band_select | Boolean | true, false | No |
multi_psk_settings (catalyst_center.wireless.ssids)
Section titled “multi_psk_settings (catalyst_center.wireless.ssids)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| priority | String | Yes | ||
| passphrase | String | No | ||
| passphrase_type | Choice | ASCII, HEX | No |
Examples
Section titled “Examples”Example 1: Basic WPA3 Personal SSID configuration with triple-band support, featuring modern security settings including SAE authentication, protected management frames, and optimized client management for enterprise environments:
catalyst_center: wireless: ssids: - name: SSID_1 auth_type: WPA3_PERSONAL passphrase: Cisco123 fast_lane: false mac_filtering: false ssid_radio_type: Triple Band broadcast_ssid: true fast_transition: ADAPTIVE session_timeout_enable: true session_timeout: 1800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 directed_multicast_service: true neighbor_list: true mft_client_protection: OPTIONAL aaa_override: false protected_management_frame: REQUIRED rsn_cipher_suite_ccmp128: true wlan_type: Enterprise auth_key_sae_ext: true ghz24_policy: dot11-g-only hex: false random_mac_filter: falseExample 2: Comprehensive enterprise SSID deployment with multiple authentication types and advanced wireless features, demonstrating WPA2/WPA3 enterprise authentication, QoS settings, and detailed client management across different deployment scenarios:
catalyst_center: wireless: ssids: - name: 802_1X_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_ENTERPRISE ap_beacon_protection: true fast_transition: ADAPTIVE rsn_cipher_suite_ccmp128: true auth_key8021x: true auth_key8021x_sha256: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 1000000
- name: Guest_SSID wlan_type: Guest ssid_radio_type: "Triple Band" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: OPEN fast_transition: ADAPTIVE l3_auth_type: web_auth auth_server: auth_ise auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 1000000
- name: Guest_EXT_WEB_AUTH wlan_type: Guest ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: OPEN fast_transition: ADAPTIVE l3_auth_type: web_auth auth_server: auth_external external_auth_ip_address: "https://198.18.133.27/dummy.html" aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: PSK_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 5GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_PERSONAL ap_beacon_protection: false passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true auth_key_psk: true auth_key_psk_plus_ft: true mft_client_protection: OPTIONAL protected_management_frame: OPTIONAL neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: PSK_SSID_ENTERPRISE wlan_type: Enterprise ssid_radio_type: "5GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_ENTERPRISE ap_beacon_protection: true fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true cckm: true cckm_tsf_tolerance: 5000 auth_key8021x: true auth_key8021x_sha256: true auth_key_suite_b1921x: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: IPSK_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_PERSONAL ap_beacon_protection: true passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true auth_key_sae: true auth_key_sae_ext_plus_ft: true auth_key_psk: true auth_key_psk_plus_ft: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000Example 3: Advanced fabric-enabled SSID configuration with WPA2/WPA3 Personal authentication, demonstrating comprehensive security features including multiple cipher suites, fast transition capabilities, and enhanced authentication methods for Software-Defined Access (SDA) fabric deployments:
catalyst_center: wireless: ssids: - name: 802_1X_SSID_FABRIC wlan_type: Enterprise ssid_radio_type: "Triple Band" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_PERSONAL ap_beacon_protection: true passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true auth_key_sae: true auth_key_sae_ext_plus_ft: true auth_key_psk: true auth_key_psk_plus_ft: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000Location in GUI:
Design » Network Settings » Wireless » SSIDs
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”wireless (catalyst_center)
Section titled “wireless (catalyst_center)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ssids | List | [ssids] | No |
ssids (catalyst_center.wireless)
Section titled “ssids (catalyst_center.wireless)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| auth_type | Choice | WPA2_ENTERPRISE, WPA2_PERSONAL, OPEN, WPA3_ENTERPRISE, WPA3_PERSONAL, WPA2_WPA3_PERSONAL, WPA2_WPA3_ENTERPRISE, OPEN_SECURED | Yes | |
| wlan_type | Choice | Enterprise, Guest | Yes | |
| aaa_override | Boolean | true, false | No | |
| acct_servers | List | IP | No | |
| acl_name | String | No | ||
| ap_beacon_protection | Boolean | true, false | No | |
| auth_key8021x | Boolean | true, false | No | |
| auth_key8021x_plus_ft | Boolean | true, false | No | |
| auth_key8021x_sha256 | Boolean | true, false | No | |
| auth_key_easy_psk | Boolean | true, false | No | |
| auth_key_easy_psk_sha256 | Boolean | true, false | No | |
| auth_key_owe | Boolean | true, false | No | |
| auth_key_psk | Boolean | true, false | No | |
| auth_key_psk_plus_ft | Boolean | true, false | No | |
| auth_key_sae | Boolean | true, false | No | |
| auth_key_sae_ext | Boolean | true, false | No | |
| auth_key_sae_ext_plus_ft | Boolean | true, false | No | |
| auth_key_sae_plus_ft | Boolean | true, false | No | |
| auth_key_suite_b1921x | Boolean | true, false | No | |
| auth_key_suite_b1x | Boolean | true, false | No | |
| auth_server | Choice | auth_ise, auth_external, auth_internal | No | |
| auth_servers | List | IP | No | |
| basic_service_set_client_idle_timeout | Integer | min: 15, max: 100000 | No | |
| basic_service_set_max_idle | Boolean | true, false | No | |
| broadcast_ssid | Boolean | true, false | No | |
| cckm | Boolean | true, false | No | |
| cckm_tsf_tolerance | Any | Integer[min: 100, max: 5000] or Integer[min: 0, max: 0] | No | |
| client_exclusion | Boolean | true, false | No | |
| client_exclusion_timeout | Integer | min: 0, max: 2147483647 | No | |
| client_rate_limit | Any | Integer[min: 8000, max: 100000000000] or Integer[min: 0, max: 0] | No | |
| coverage_hole_detection | Boolean | true, false | No | |
| directed_multicast_service | Boolean | true, false | No | |
| egress_qos | Choice | PLATINUM, SILVER, GOLD, BRONZE | No | |
| enabled | Boolean | true, false | No | |
| external_auth_ip_address | String | No | ||
| fast_lane | Boolean | true, false | No | |
| fast_transition | Choice | ADAPTIVE, DISABLE, ENABLE | No | |
| fast_transition_over_the_distributed_system | Boolean | true, false | No | |
| ghz24_policy | Choice | dot11-g-only, dot11-bg-only | No | |
| ghz6_policy_client_steering | Boolean | true, false | No | |
| hex | Boolean | true, false | No | |
| ingress_qos | Choice | PLATINUM-UP, SILVER-UP, GOLD-UP, BRONZE-UP | No | |
| l3_auth_type | Choice | open, web_auth | No | |
| mac_filtering | Boolean | true, false | No | |
| mft_client_protection | Choice | OPTIONAL, DISABLED, REQUIRED | No | |
| multi_psk_settings | Class | [multi_psk_settings] | No | |
| nas_options | List | String | No | |
| neighbor_list | Boolean | true, false | No | |
| open_ssid | Boolean | true, false | No | |
| passphrase | String | No | ||
| posturing | Boolean | true, false | No | |
| profile_name | String | No | ||
| protected_management_frame | Choice | REQUIRED, DISABLED, OPTIONAL | No | |
| random_mac_filter | Boolean | true, false | No | |
| rsn_cipher_suite_ccmp128 | Boolean | true, false | No | |
| rsn_cipher_suite_gcmp128 | Boolean | true, false | No | |
| rsn_cipher_suite_ccmp256 | Boolean | true, false | No | |
| rsn_cipher_suite_gcmp256 | Boolean | true, false | No | |
| session_timeout | Any | Integer[min: 1, max: 86400] or Integer[min: 0, max: 0] | No | |
| session_timeout_enable | Boolean | true, false | No | |
| sleeping_client | Boolean | true, false | No | |
| sleeping_client_timeout | Integer | min: 10, max: 43200 | No | |
| ssid_radio_type | Choice | Triple Band, 5GHz, 2.4GHz, 6GHz, 2.4GHz and 5GHz, 2.4GHz and 6GHz, 5GHz and 6GHz | No |
multi_psk_settings (catalyst_center.wireless.ssids)
Section titled “multi_psk_settings (catalyst_center.wireless.ssids)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| priority | String | Yes | ||
| passphrase | String | No | ||
| passphrase_type | Choice | ASCII, HEX | No |
Examples
Section titled “Examples”Example 1: Basic WPA3 Personal SSID configuration with triple-band support, featuring modern security settings including SAE authentication, protected management frames, and optimized client management for enterprise environments:
catalyst_center: wireless: ssids: - name: SSID_1 auth_type: WPA3_PERSONAL passphrase: Cisco123 fast_lane: false mac_filtering: false ssid_radio_type: Triple Band broadcast_ssid: true fast_transition: ADAPTIVE session_timeout_enable: true session_timeout: 1800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 directed_multicast_service: true neighbor_list: true mft_client_protection: OPTIONAL aaa_override: false protected_management_frame: REQUIRED rsn_cipher_suite_ccmp128: true wlan_type: Enterprise auth_key_sae_ext: true ghz24_policy: dot11-g-only hex: false random_mac_filter: falseExample 2: Comprehensive enterprise SSID deployment with multiple authentication types and advanced wireless features, demonstrating WPA2/WPA3 enterprise authentication, QoS settings, and detailed client management across different deployment scenarios:
catalyst_center: wireless: ssids: - name: 802_1X_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_ENTERPRISE ap_beacon_protection: true fast_transition: ADAPTIVE rsn_cipher_suite_ccmp128: true auth_key8021x: true auth_key8021x_sha256: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 1000000
- name: Guest_SSID wlan_type: Guest ssid_radio_type: "Triple Band" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: OPEN fast_transition: ADAPTIVE l3_auth_type: web_auth auth_server: auth_ise auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 1000000
- name: Guest_EXT_WEB_AUTH wlan_type: Guest ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: OPEN fast_transition: ADAPTIVE l3_auth_type: web_auth auth_server: auth_external external_auth_ip_address: "https://198.18.133.27/dummy.html" aaa_override: true mac_filtering: true random_mac_filter: false posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: PSK_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 5GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_PERSONAL ap_beacon_protection: false passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true auth_key_psk: true auth_key_psk_plus_ft: true mft_client_protection: OPTIONAL protected_management_frame: OPTIONAL neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: PSK_SSID_ENTERPRISE wlan_type: Enterprise ssid_radio_type: "5GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_ENTERPRISE ap_beacon_protection: true fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true cckm: true cckm_tsf_tolerance: 5000 auth_key8021x: true auth_key8021x_sha256: true auth_key_suite_b1921x: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true mac_filtering: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000
- name: IPSK_SSID wlan_type: Enterprise ssid_radio_type: "2.4GHz and 6GHz" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_PERSONAL ap_beacon_protection: true passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true auth_key_sae: true auth_key_sae_ext_plus_ft: true auth_key_psk: true auth_key_psk_plus_ft: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000Example 3: Advanced fabric-enabled SSID configuration with WPA2/WPA3 Personal authentication, demonstrating comprehensive security features including multiple cipher suites, fast transition capabilities, and enhanced authentication methods for Software-Defined Access (SDA) fabric deployments:
catalyst_center: wireless: ssids: - name: 802_1X_SSID_FABRIC wlan_type: Enterprise ssid_radio_type: "Triple Band" ghz24_policy: dot11-bg-only fast_lane: false egress_qos: PLATINUM ingress_qos: PLATINUM-UP enabled: true broadcast_ssid: true auth_type: WPA2_WPA3_PERSONAL ap_beacon_protection: true passphrase: PSKPass123 fast_transition: ENABLE rsn_cipher_suite_ccmp128: true rsn_cipher_suite_gcmp256: true auth_key_sae: true auth_key_sae_ext_plus_ft: true auth_key_psk: true auth_key_psk_plus_ft: true auth_servers: ["198.18.133.27"] acct_servers: ["198.18.133.27"] aaa_override: true posturing: false mft_client_protection: OPTIONAL protected_management_frame: REQUIRED neighbor_list: true coverage_hole_detection: true session_timeout_enable: true session_timeout: 28800 client_exclusion: true client_exclusion_timeout: 1800 basic_service_set_max_idle: true basic_service_set_client_idle_timeout: 300 sleeping_client_timeout: 500 directed_multicast_service: true nas_options: ["System IP Address"] client_rate_limit: 10000