Create a new port profile by unique name

post

https://de1.api.central.arubanetworks.com/network-config/v1alpha1/ap-port-profiles/{profile-name}

List of Port profile, config parameters on the port such as VLAN settings, authentication methods, link speed, PoE settings, and more.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Path Params

profile-name

string

required

length ≤ 9999

Port profile name.

Query Params

object-type

string

LOCAL - To create local objects. SHARED - To create shared objects. Default - Defaults to SHARED if not provided

scope-id

string

Scope at which local object needs to be created. Mandatory if object-type = LOCAL. Should not be provided for object-type = SHARED.

device-function

string

Device function for which the local object needs to be created. Mandatory if object_type = LOCAL. Should not be provided for object_type = SHARED.

Body Params

profilebody object

switchport

object

Config VLAN parameters on an port, such like trunk or access, native VLAN ID, allowed VLANs.

mac-authentication

boolean

Defaults to false

Enable MAC authentication.

dot1x

boolean

Defaults to false

Enable 802.1X authentication.

dot1x-timer-idrequest-period

int32

1 to 65535

Defaults to 5

Time period (in seconds) to wait for a response from a client before retransmitting an EAPoL PDU.

l2-auth-failthrough

boolean

Defaults to false

Continue with 802.1x authentication even if MAC auth fail.

captive-portal

string

length between 1 and 128

Associate one Captive Portal profile under SSID profile or wired port profile.

captive-portal-type

string

enum

For Captive Portal Server, AP supports Central Network Access Control(NAC) and External Captive Portal.

Show Details

CENTRAL_NAC	Using Central Network Access Control(NAC) as the Captive Portal Server.
EXTERNAL_CP	Using External Captive Portal Server.
INTERNAL_CP	Using Internal Captive Portal Server.

Allowed:

exclude-uplink

array of strings

length ≤ 2147483647

Show Details

CELLULAR	Uplink is Cellular.
ETHERNET	Uplink is Ethernet.
MESH	Uplink is Mesh.
WIFI	Uplink is WIFI.

exclude-uplink

download-role

boolean

Defaults to false

A user is assigned a role by ClearPass Policy Manager. If the role is not defined on the Instant AP, the role attributes can also be downloaded automatically.

radius-ip-based-acct-session

boolean

Defaults to false

Enable ip-based accounting.

radius-loc-obj-in-access

boolean

Defaults to false

Enable location in radius access request.

radius-loc-obj-in-accting

boolean

Defaults to false

Enable location in radius accounting request.

radius-reauth-interval

int32

0 to 32768

Radius reauth interval, when session timeout, device do reauth.

server-load-balancing

boolean

Defaults to false

Enable server load balancing.

type

string

enum

Network type.

Show Details

EMPLOYEE	Employee.
GUEST	Guest
RECOVERY	Recovery
VOICE	Voice

Allowed:

use-ip-for-calling-station-id

boolean

Defaults to false

Use IP as Calling Station Id.

called-station-id

object

Configure this parameter to be sent with the RADIUS attribute Called Station ID for authentication and accounting requests. For AP, this API is applicable for
WLAN profile and AP port profile. For GW, this API is applicable for the authentication server profile. This feature is applicable for AP and GW.

auth-server-group

string

length between 1 and 80

Server group to be used for authentication under the SSID profile or wired port profile.

backup-auth-server

string

length between 1 and 63

Backup server for authentication under SSID profile or wired port profile.

cloud-auth

boolean

Defaults to false

Using cloud auth server.

internal-auth-server

string

enum

Internal server for authentication.

Show Details

INTERNAL_SERVER

Internal authentication server.

Allowed:

primary-auth-server

string

length between 1 and 63

Primary server for authentication under SSID profile or wired port profile.

acct-server-group

string

length between 1 and 80

Server group to be used for accounting under the SSID profile or wired port profile. The primary/backup accounting
server and accounting server group only support one configuration at a time. If both are configured simultaneously,
the accounting server group will be used during accounting.

backup-acct-server

string

length between 1 and 63

Backup accounting servers for radius accounting under the SSID profile or wired port profile.

cp-accounting-mode

string

enum

Defaults to USER_AUTHENTICATION

Radius Accounting Mode just for captive portal.

Show Details

USER_ASSOCIATION	When configured, the accounting starts when the client associates to the network successfully and stops when the client is disconnected.
USER_AUTHENTICATION	when configured, the accounting starts only after client authentication is successful and stops when the client logs out of the network.

Allowed:

primary-acct-server

string

length between 1 and 63

Primary accounting servers for radius accounting under the SSID profile or wired port profile.

radius-accounting

boolean

Defaults to false

Enable radius accounting.

radius-interim-accounting-interval

int32

0 to 60

Radius accounting interval.

default-role

string

length between 1 and 63

When Default role is configured, default role is used. If default role isn't configured, use the role that the role name is same as SSID profile name.

mac-auth-only-role

string

length between 1 and 63

Allow administrator to create a MAC Authentication only role for role-based access rule when MAC authentication is enabled for Captive Portal.
If MAC authentication is successful, the mac-auth-only role will be assigned to the client.

machine-auth

object

Configure a machine authentication rule. When a Windows device boots, it logs onto the network domain using a machine account. Within the domain, the device is authenticated
before computer group policies and software settings can be executed; this process is known as machine authentication. Machine authentication ensures that only authorized devices
are allowed on the network. You can configure 802.1X for both user and machine authentication. This tightens the authentication process further, since both the device and user need
to be authenticated. This feature is applicable for 802.1x authenticaion and it is only applicable for AP.

pre-auth-role

string

length between 1 and 63

Configure a pre-authentication role to allow some access to the guest users before the client authentication.

assignment-rules

object

Assign the client a user role, VLAN ID or VLAN name based on attributes. For GW and AP, the attributes is returned for the client by the authentication server and this API is applicable for
auth server group. For AP, this API is also applicable WLAN profile and if this API works in WLAN profile, the attributes can be returned for the client by the authentication server or other
attributes such as mac-address, dhcp-option, AP-Name, etc. Rules are ordered: the first rule that matches the configured condition is applied. VLAN IDs and VLAN names cannot be listed together.
This feature is only applicable for AP and GW.

client-isolation

boolean

Defaults to false

Disable all peer-to-peer communication in the VLAN network.

cluster-preemption

boolean

Defaults to false

Enable cluster preemption.

content-filtering

boolean

Defaults to false

Enable content filtering.

description

string

length between 1 and 128

User-defined description or comment for the Port Profile.

dot3az

boolean

Defaults to false

Enable 802.3az standard on an AP.

dot3bz

boolean

Defaults to false

Enable 802.3bz standard on an AP.

duplex

string

enum

Duplex mode.

Show Details

AUTO_DUPLEX	Auto-duplex.
FULL_DUPLEX	Full-duplex.
HALF_DUPLEX	Half-duplex.

Allowed:

enable

boolean

Defaults to false

Enable interface.

forward-mode

string

enum

Forwarding mode for the network on AP.

Show Details

BRIDGE	Bridge mode.
L2	Layer 2 mode.
L3	Layer 3 mode.
MIXED	Mixed mode.

Allowed:

inactivity-timeout

int64

60 to 86400

Defaults to 1000

Specify an interval for a client session timeout in seconds.

loop-protect

object

Config loop protection on the port.

out-of-service

string

enum

Out of service type for this wired profile.

Show Details

INTERNET_DOWN	Internet Down
NONE	None.
TUNNEL_DOWN	Tunnel Down
UPLINK_DOWN	Uplink Down

Allowed:

poe

object

Config PoE on the port, PoE is a technology for wired Ethernet LANs to carry electric power required for the device in the data cables.

port-bond

boolean

Defaults to false

Bond this Ethernet port into virtual port bond0 as uplink.

port-type

string

enum

Port works in WAN or LAN.

Show Details

LAN	Port type LAN.
WAN	Port type WAN.

Allowed:

profile-name

string

length between 1 and 32

Port profile name.

speed

string

enum

Defaults to SPEED_AUTO

Ethernet speed.

Show Details

SPEED_1000GB	1000 Gb/sec Ethernet.
SPEED_100GB	100 Gb/sec Ethernet.
SPEED_100MB	100 Mb/sec Ethernet.
SPEED_10GB	10 Gb/sec Ethernet.
SPEED_10MB	10 Mb/sec Ethernet.
SPEED_1GB	1 Gb/sec Ethernet.
SPEED_2_5GB	2.5 Gb/sec Ethernet.
SPEED_40GB	40 Gb/sec Ethernet.
SPEED_5GB	5 Gb/sec Ethernet.
SPEED_AUTO	Auto negotiation Ethernet.

stp

object

Config Spanning Tree Protocol (STP) on the port, Spanning Tree Protocol (STP) is a network protocol used to prevent loops in Ethernet networks.

trusted

boolean

Defaults to false

Mark as a trusted interface.

Responses

Language

Credentials

OAuth2

URL

Loading…

Response

Click Try It! to start a request and see the response here! Or choose an example:

application/json

200Successful Operation

400Bad Request

401Unauthorized Access

403Forbidden

404Not Found

406Not Acceptable

408Request Timeout

412Precondition Failed

429Rate limit exceeded

500Internal Server Error