API ReferenceNew CentralGuidesMRT APIConfiguration API
GithubAirheads Developer Community
API Reference
GithubAirheads Developer Community

Update existing WLAN SSID profile configuration

patch
https://de1.api.central.arubanetworks.com/network-config/v1alpha1/wlan-ssids/

WLAN SSID profile.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Path Params
string
required
length ≤ 9999

WLAN SSID profile name

Query Params
string

LOCAL - To update local objects. SHARED - To update shared objects. Default - Defaults to SHARED if not provided

string

Scope at which local object needs to be updated. Mandatory if object-type = LOCAL. Should not be provided for object-type = SHARED.

string

Device function for which the local object needs to be updated. Mandatory if object_type = LOCAL. Should not be provided for object_type = SHARED.

Body Params

wlan-ssidbody object

string
enum
Defaults to BCAST_FILTER_ARP

Broadcast filter for SSID.

Show Details
BCAST_FILTER_ALLFilter all broadcast
BCAST_FILTER_ARPFilter ARP broadcast
BCAST_FILTER_ARP_ONLYFilter ARP only
BCAST_FILTER_NONENo broadcast filter
Allowed:
string
enum
Defaults to FILTER_NONE

IPv6 broadcast filter for SSID.

Show Details
FILTER_NONENo filter
UCAST_FILTER_RAConvert to unicast RA
Allowed:
dmo
object

DMO Configuration.

boolean
Defaults to false

Respond to the IPv6 NDP on behalf of connected clients.

boolean
Defaults to false

Multicast rate optimization parameter.

a-legacy-rates
object

Configures 802.11a rates related settings.
This includes configuring basic rates, beacon rate, transmit rates.

boolean
Defaults to false

Enable broadcast of AP Name information in the beacons frames and probe responses.

boolean
Defaults to false

Enable broadcast of the AP Location Co-ordinate Information by unicast messages in FTM responder frames
and by broadcast messages in beacons frames and probe responses. Location Coordinate Information (LCI)
configuration in aruba-lci.yang is needed.

boolean
Defaults to false

In IEEE Standard 802.11, enable sending programmed civic information in Access Network Query Protocol (ANQP)
and neighbor report responses.

advertise-location-identifier
object

Configuration for a public location identifier. The location identifier is from IEEE Standard 802.11,
it includes an indirect Uniform Resource Identifier (URI) or FQND to the location information for the
location subject.

boolean
Defaults to false

Broadcast time advertisement and time zone IEs in beacon and probe response frames.

string
enum
Defaults to ALL_5G

5GHz radio to which the SSID should be assigned.

Show Details
ALL_5Gfirst and second 5GHz radio
FIRST_5Gthe first 5GHz radio
SECOND_5Gthe second 5GHz radio
Allowed:
string
enum
Defaults to ALL_6GHZ

Control the creation of SSIDs on the first, second, or all 6GHz radios.

Show Details
ALL_6GHZAllow a SSID to be up on all 6GHz radios.
FIRST_6GHZAllow a SSID to be up on first 6GHz radio.
SECOND_6GHZAllow a SSID to be up on second 6GHz radio.
Allowed:
string
enum
Defaults to DYNAMIC

When FT auth failure, AP send the corresponding reason code to client.

Show Details
DYNAMICFT auth failure dafault status code. If the RSNIE in the Authentication Request frame contains an invalid PMKR0Name and the AP has determined that it is an invalid PMKR0Name, the AP shall reject the Authentication Request with status code 53 (i.e., Invalid PMKID). If the requested R0KH is not reachable, the AP shall respond to the Authentication Request with status code 28 (i.e., R0KH unreachable).
WLAN_STATUS_FAILED_INVALID_PMKIDFT auth failure status code. AP shall reject the Authentication Request with status code 53 (i.e., Invalid PMKID) both ROKH UNREACHABLE and Invalid PMKID cases.
WLAN_STATUS_R0KH_UNREACHABLEFT auth failure status code. AP shall respond to the Authentication Request with status code 28 (i.e., R0KH unreachable) for both ROKH UNREACHABLE and Invalid PMKID cases.
Allowed:
int32
0 to 100
Defaults to 0

SNR threshold below which incoming authentication requests are ignored.
Use this parameter instead of the local probe request threshold parameter to filter out low SNR authentication request.

boolean
Defaults to false

Advertizes the Cellular Data Capability (CDC) attribute of an MBO.

boolean
Defaults to false

This is used when there are more than 3 6GHz SSIDs are created. It has to be set so that AP can know which SSID needs to be
disabled when mesh enabled. This might be no use later.

boolean
Defaults to false

Enables 802.11k roaming on the SSID profile.The 802.11k protocol enables APs and clients to
dynamically measure the available radio resources.

string
length between 1 and 63

To set the bound dot11k profile name

boolean
Defaults to false

Enables 802.11r on the SSID profile.802.11r or fast BSS FT is an IEEE standard that permits continuous
connectivity across wireless devices during client mobility. Fast BSS Transition mechanism minimizes
the delay in roaming when a client transitions from one BSS to another within the same cluster.

int64
0 to 4294967295
Defaults to 3600

IEEE 802.11r R1 key duration.

boolean
Defaults to true

Enables 802.11r on demand key fetch from cloud key management service when the AP's local key cache lookup fails for
client matching pairwise key to complete fast roaming.

boolean
Defaults to false

Enable/Disable BSS Transition Management features defined by the 802.11v standard.

int32
1 to 10
Defaults to 1

The DTIM interval determines how often the AP should deliver the buffered broadcast and multicast frames to associated clients in the powersaving mode.
When configured, the client checks for buffered data on the AP at the specified number of beacons.
You can also configure a higher value for DTIM interval for power saving.

essid
object

Name that uniquely identifies a wireless network.
The ESSID can be up to 32 characters.
If the ESSID includes spaces, you must enclose it in quotation marks.
This includes configuring use-alias, alias, name.

boolean
Defaults to false

Allows APs to send a deauthentication frame to the client and clear client entry.

extremely-high-throughput
object

Extremely High Throughput (EHT) is a feature set introduced in Wi-Fi 7 (802.11be) to enhance wireless performance,
particularly in high-density and high-throughput environments.
This includes configuring MLO, MCS map, beacon protection, etc.

boolean
Defaults to false

Enables the AP to send responses to Fine Time Measurement (FTM) queries sent from clients. This feature is supported on 500 Series and 600 Series access points.

g-legacy-rates
object

Configures 802.11b/g rates related settings.
This includes configuring basic rates, beacon rate, transmit rates.

boolean
Defaults to false

Enable hiding the SSID in beacons

high-efficiency
object

a group of high effenciency related parameters, might be used both in rf profile and ssid profile.
In rf profile, this is used for all radios.

high-throughput
object

High Throughput (HT): Introduced in 802.11n (Wi-Fi 4), includes features like wider channels (up to 40 MHz),
MIMO (up to 4 spatial streams), 64-QAM, short guard interval, and frame aggregation to increase data rates and performance.
Very High Throughput (VHT): Introduced in 802.11ac (Wi-Fi 5), includes features like even wider channels (up to 160 MHz),
higher modulation (256-QAM), more spatial streams (up to 8), MU-MIMO, and beamforming to further enhance data rates and network efficiency.
This configures high-throughput (HT) and very-high-throughput (VHT) related settings.
These features collectively enhance the data rates, capacity, and overall performance of wireless networks,
making them capable of handling large amounts of data efficiently.

int64
60 to 86400
Defaults to 1000

Configures a timeout value for the inactive client sessions.
When a client session is inactive for the specified duration, the session expires and the clients are required to log in again.

int32
0 to 100
Defaults to 0

RSSI (Received Signal Strength Indicator) threshold value to limit the number of incoming probe requests.
When enabled, controls the system response to the broadcast probe requests
sent by clients to search for the available SSIDs and ignores the probe request if required.

int32
0 to 1024
Defaults to 64

Maximum number of wireless clients for the AP.
This parameter is limited to 1024 clients per radio. Default value for this parameter is the maximum number of clients supported by the AP.

int32
0 to 15
Defaults to 4

Maximum number of retries allowed for the AP to send a frame.

boolean
Defaults to false

Enables the Agile Multiband Operations (MBO). Enables the mfp-capable, 802.11k and 802.11u-interworking implicitly on the AP.

int32
1 to 5
Defaults to 5

Time in seconds before client can associate after MFP try again later reject

boolean
Defaults to false

When enabled, the SSID supports management frame protection (MFP) capable clients and traditional clients.

boolean
Defaults to false

When enabled, the SSID only supports MFP capable clients.

int64
1 to 65535

Mobility Domain Identifier. An AP uses this parameter to announce that it is a part of the AP group that
constitutes a mobility domain.

boolean
Defaults to false

Enables the AP to advertise the QBSS load element.

qos-management
object

Wi-Fi Quality of Service (QoS) Management certification delivers a standardized approach to QoS for devices and
applications to prioritize traffic flows for both client devices and APs.
This includes configuring QoS Management related configuration.

string
enum
Defaults to RX_TX

The refresh direction of WLAN SSID profile.

Show Details
RX_ONLYReceived data frames that are used for station refresh.
RX_TXidirectiona
TX_ONLYTransmitted data frames that are used for station refresh.
Allowed:
string
enum
Defaults to 24GHZ_5GHZ

Radio frequency band on which this SSID will be broadcast. You can select one of the following options:

Show Details
24GHZ2.4GHz only
24GHZ_5GHZ2.4GHz + 5GHz
24GHZ_6GHZ2.4GHz + 6GHz
5GHZ5GHz only
5GHZ_6GHZ5GHz + 6GHz
6GHZ6GHz only
BAND_ALL2.4GHz + 5GHz +6GHz
BAND_NONEdisable all bands
boolean
Defaults to false

Enable Radio Resource Management (RRM) IE profile to define the information elements advertised by an AP.

int32
0 to 2347
Defaults to 2333

Wireless clients transmitting frames larger than this threshold must issue RTS and wait for the AP to respond with CTS.
This helps prevent mid-air collisions for wireless clients that are not within wireless peer range and cannot detect when other wireless clients are transmitting.

boolean
Defaults to true

Enables short preamble for 802.11b/g radios. Network performance may be higher when short preamble is enabled.
In mixed radio environments, some 802.11b wireless client stations may experience difficulty associating with the AP using
short preamble. To use only long preamble, disable short preamble. Legacy client devices that use only long preamble generally
can be updated to support short preamble.

boolean
Defaults to false

Encodes the SSID. When enabled, the SSID name is displayed in the UTF-8 format.SSIDs are not encoded by default.

wmm-cfg
object

Wi-Fi Multimedia (WMM) refers to a Wi-Fi Alliance interoperability certification,
based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks.
WMM prioritizes traffic according to four Access Categories (ACs): voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK).
This includes configuring Enhanced Distributed Channel Access (EDCA) parameters for each AC of AP and Station (STA),
mapping between WMM ACs and Differentiated Services Codepoint (DSCP) tags.

string
enum

Key management.

Show Details
BOTH_WPA_WPA2_DOT1XWPA with TKIP and WPA with AES and WPA-2 with TKIP and WPA-2 with AES encryption using 802.1x.
BOTH_WPA_WPA2_PSKWPA with TKIP and WPA with AES and WPA-2 with TKIP and WPA-2 with AES encryption using a PSK.
DPPDevice Provisioning Protocol. It is a Wi-Fi Alliance protocol designed to simplify the process of securely provisioning and onboarding devices onto a network without needing a pre-shared key (PSK).
DYNAMIC_WEPWEP with dynamic keys.
ENHANCED_OPENImproved data encryption in open Wi-Fi networks and protects data from sniffing. Enhanced open replaces open system as the default opmode.
OPENNo authentication and encryption.
STATIC_WEPWEP with static keys.
WPA2_AES_DPPWPA-2 with AES and dpp encryption using 802.1x.
WPA2_ENTERPRISEWPA-2 with AES encryption and dynamic keys using 802.1X.
WPA2_MPSK_AESMPSK with AES encryption.
WPA2_MPSK_LOCALMultiple Pre-Shared Keys(MPSK) local using the local database to do authentication.
WPA2_PERSONALWPA-2 with AES encryption using a preshared key.
WPA2_PSK_AES_DPPWPA-2 with AES and DPP encryption using a psk.
WPA3_AES_CCM_128_DPPWPA3 with AES CCM-128 and DPP encryption and dynamic keys using 802.1X.
WPA3_AES_GCM_256_DPPWPA3 with AES GCM-256 and DPP encryption.
WPA3_ENTERPRISE_CCM_128WPA3 with AES CCM-128 encryption and dynamic keys using 802.1X.
WPA3_ENTERPRISE_CNSAWPA3 with AES GCM-256 encryption using CNSA (192 bit).
WPA3_ENTERPRISE_GCM_256WPA3 with AES GCM-256 encryption.
WPA3_SAEWPA3 with AES encryption using Simultaneous Authentication of Equals.
WPA3_SAE_DPPWPA3 with AES and DPP encryption using Simultaneous Authentication of Equals.
WPA_ENTERPRISEWPA with TKIP encryption and dynamic keys using 802.1X.
WPA_PERSONALWPA with TKIP and WPA with AES encryption using a PSK.
boolean
Defaults to false

Enable MAC authentication.

boolean
Defaults to false

Enable 802.1X authentication.

int32
1 to 65535
Defaults to 5

Time period (in seconds) to wait for a response from a client before retransmitting an EAPoL PDU.

boolean
Defaults to false

Continue with 802.1x authentication even if MAC auth fail.

personal-security
object

WLAN Personal Security refers to a wireless network security mode designed for home and small office environments,
where network access is secured using a pre-shared key (PSK) instead of complex authentication methods like those used in enterprise networks.
WLAN Personal Security is using WPA, WPA2-Personal or WPA3-Personal. This feature is only applicable for AP.

string
length between 1 and 128

Associate one Captive Portal profile under SSID profile or wired port profile.

string
enum

For Captive Portal Server, AP supports Central Network Access Control(NAC) and External Captive Portal.

Show Details
CENTRAL_NACUsing Central Network Access Control(NAC) as the Captive Portal Server.
EXTERNAL_CPUsing External Captive Portal Server.
INTERNAL_CPUsing Internal Captive Portal Server.
Allowed:
exclude-uplink
array of strings
length ≤ 2147483647
Show Details
CELLULARUplink is Cellular.
ETHERNETUplink is Ethernet.
MESHUplink is Mesh.
WIFIUplink is WIFI.
exclude-uplink
boolean
Defaults to false

A user is assigned a role by ClearPass Policy Manager. If the role is not defined on the Instant AP, the role attributes can also be downloaded automatically.

boolean
Defaults to false

Enable ip-based accounting.

boolean
Defaults to false

Enable location in radius access request.

boolean
Defaults to false

Enable location in radius accounting request.

int32
0 to 32768

Radius reauth interval, when session timeout, device do reauth.

boolean
Defaults to false

Enable server load balancing.

string
enum

Network type.

Show Details
EMPLOYEEEmployee.
GUESTGuest
RECOVERYRecovery
VOICEVoice
Allowed:
boolean
Defaults to false

Use IP as Calling Station Id.

called-station-id
object

Configure this parameter to be sent with the RADIUS attribute Called Station ID for authentication and accounting requests. For AP, this API is applicable for
WLAN profile and AP port profile. For GW, this API is applicable for the authentication server profile. This feature is applicable for AP and GW.

string
length between 1 and 80

Server group to be used for authentication under the SSID profile or wired port profile.

string
length between 1 and 63

Backup server for authentication under SSID profile or wired port profile.

boolean
Defaults to false

Using cloud auth server.

string
enum

Internal server for authentication.

Show Details
INTERNAL_SERVERInternal authentication server.
Allowed:
string
length between 1 and 63

Primary server for authentication under SSID profile or wired port profile.

string
length between 1 and 80

Server group to be used for accounting under the SSID profile or wired port profile. The primary/backup accounting
server and accounting server group only support one configuration at a time. If both are configured simultaneously,
the accounting server group will be used during accounting.

string
length between 1 and 63

Backup accounting servers for radius accounting under the SSID profile or wired port profile.

string
enum
Defaults to USER_AUTHENTICATION

Radius Accounting Mode just for captive portal.

Show Details
USER_ASSOCIATIONWhen configured, the accounting starts when the client associates to the network successfully and stops when the client is disconnected.
USER_AUTHENTICATIONwhen configured, the accounting starts only after client authentication is successful and stops when the client logs out of the network.
Allowed:
string
length between 1 and 63

Primary accounting servers for radius accounting under the SSID profile or wired port profile.

boolean
Defaults to false

Enable radius accounting.

int32
0 to 60

Radius accounting interval.

string
length between 1 and 63

When Default role is configured, default role is used. If default role isn't configured, use the role that the role name is same as SSID profile name.

string
length between 1 and 63

Allow administrator to create a MAC Authentication only role for role-based access rule when MAC authentication is enabled for Captive Portal.
If MAC authentication is successful, the mac-auth-only role will be assigned to the client.

machine-auth
object

Configure a machine authentication rule. When a Windows device boots, it logs onto the network domain using a machine account. Within the domain, the device is authenticated
before computer group policies and software settings can be executed; this process is known as machine authentication. Machine authentication ensures that only authorized devices
are allowed on the network. You can configure 802.1X for both user and machine authentication. This tightens the authentication process further, since both the device and user need
to be authenticated. This feature is applicable for 802.1x authenticaion and it is only applicable for AP.

string
length between 1 and 63

Configure a pre-authentication role to allow some access to the guest users before the client authentication.

assignment-rules
object

Assign the client a user role, VLAN ID or VLAN name based on attributes. For GW and AP, the attributes is returned for the client by the authentication server and this API is applicable for
auth server group. For AP, this API is also applicable WLAN profile and if this API works in WLAN profile, the attributes can be returned for the client by the authentication server or other
attributes such as mac-address, dhcp-option, AP-Name, etc. Rules are ordered: the first rule that matches the configured condition is applied. VLAN IDs and VLAN names cannot be listed together.
This feature is only applicable for AP and GW.

boolean
Defaults to false

Enable Airpass under WLAN profile.

int32
0 to 5
Defaults to 1

The delay time of landing redirect-url page after captive-portal authentication is successful.

captive-portal-proxy-server
object

Configure a Captive Portal proxy server to match your browser configuration by specifying the IP address and port number.

boolean
Defaults to false

Denylist client when Security-Context-Override attack.

boolean
Defaults to false

Enable Opportunistic Key Caching (WPA2/WPA3 Only).

string
length between 1 and 64

Passpoint is a WFA specification based upon the 802.11u protocol that provides wireless clients
with a streamlined mechanism to discover and authenticate to suitable networks, and allows
mobile users the ability to roam between partner networks without additional authentication.

boolean
Defaults to false

Delete key cache entry when user entry is deleted.

boolean
Defaults to false

Enable wispr configuration.

int32
1 to 65535
Defaults to 1500

Set the time period between each WPA/WPA2/WPA3 key exchange.

int32
1 to 65535
Defaults to 3

Set the Number of times WPA/WPA2/WPA3 Key Messages are retried.

boolean
Defaults to true

Enable WPA3 transition mode.

boolean
Defaults to false

Enable auth survivability.

boolean
Defaults to false

Enable Deny-listing.

boolean
Defaults to false

Require IP address to be obtained using DHCP.

boolean
Defaults to false

Enable external server.

string
enum
Defaults to NONE

The MAC address format to be used in the RADIUS request messages for authentication.

Show Details
COLON XX:XX:XX:XX:XX:XX
COMMAXX,XX,XX,XX,XX,XX
DASHXX-XX-XX-XX-XX-XX
NONEXXXXXXXXXXXX
OUI_NICXXXXXX-XXXXXX
PERCENTXX%XX%XX%XX%XX%XX
SLASHXX/XX/XX/XX/XX/XX
Allowed:
boolean
Defaults to false

The case for MAC address format to be used in the RADIUS request messages for authentication.

int32
0 to 10

Number of consecutive authentication failures, before Station is denylisted.

boolean
Defaults to false

Personal Area Network.

boolean
Defaults to false

Local cache exist, local cache priority.

boolean
Defaults to false

Enable 802.1X Termination.

vlan-id-range
array of strings
length ≤ 2147483647
vlan-id-range
string
length between 1 and 32

Named-VLAN to map to this SSID

string
enum

Method to specify the VLAN(s) for this SSID:
If it is 'VLAN_RANGES', it can be a combination of
list of VLAN-ID-ranges and list of VLAN-IDs
Example: 61-65,67,69,71-75

Show Details
NAMED_VLANConfigure the VLAN(s) using a named-VLAN
VLAN_RANGESConfigure the VLAN(s) as a list of VLAN ranges
Allowed:
boolean
Defaults to false

Deny intra VLAN traffic.
Allowed traffic to be added into the global intra-vlan-traffic profile

boolean
Defaults to false

Content filtering configuration at WLAN SSID level.
This option control access to websites and applications based on their content, adding more security.

boolean
Defaults to false

Deny inter user bridging.

boolean
Defaults to false

Deny local routing configuration.

int32
1 to 32
Defaults to 1

Maximum number of wired IPv4 users
that can connect to the wireless client bridge.

string
enum

Out of service type for this SSID

Show Details
INTERNET_DOWNInternet Down
NONENone.
TUNNEL_DOWNTunnel Down
UPLINK_DOWNUplink Down
Allowed:
boolean
Defaults to false

This option allows ssid to work without uplink.

int32
1 to 65535

Bandwidth limit in kbps

boolean
Defaults to false

Cluster preemption

string
length between 1 and 256

SSID profile description.

boolean
Defaults to true

Enable SSID profile

string
enum
Defaults to FORWARD_MODE_BRIDGE

SSID forward mode

Show Details
FORWARD_MODE_BRIDGEBridge mode SSID
FORWARD_MODE_L2L2 tunnel mode SSID
FORWARD_MODE_L3L3 Routed/NATed mode SSID
FORWARD_MODE_MIXEDMixed mode SSID
Allowed:
string
length between 1 and 64

Reference to hotspot2.0 profile.

string
length between 1 and 256

Bind a MBSSID group to the SSID (Only affects 6GHz VAPs).

string
length between 1 and 32

WLAN SSID profile name

time-range
object

Timerange Configuration.

zone
array of strings
length ≤ 2147483647
zone
Responses

Updated 11 days ago

Language
Credentials
OAuth2
URL
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json

Updated 11 days ago