Note
This plugin is part of the fortinet.fortios collection.
To install it use: ansible-galaxy collection install fortinet.fortios
.
To use it in a playbook, specify: fortinet.fortios.fortios_wireless_controller_vap
.
New in version 2.8: of fortinet.fortios
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
host string | FortiOS or FortiGate IP address. | |||
https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | ||
password string | Default: "" | FortiOS or FortiGate password. | ||
ssl_verify boolean added in 2.9 of fortinet.fortios |
| Ensures FortiGate certificate must be verified by a proper CA. | ||
state string added in 2.9 of fortinet.fortios |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | ||
username string | FortiOS or FortiGate username. | |||
vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||
wireless_controller_vap dictionary | Configure Virtual Access Points (VAPs). | |||
acct_interim_interval integer | WiFi RADIUS accounting interim interval (60 - 86400 sec). | |||
alias string | Alias. | |||
auth string |
| Authentication protocol. | ||
broadcast_ssid string |
| Enable/disable broadcasting the SSID . | ||
broadcast_suppression string |
| Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. | ||
captive_portal_ac_name string | Local-bridging captive portal ac-name. | |||
captive_portal_macauth_radius_secret string | Secret key to access the macauth RADIUS server. | |||
captive_portal_macauth_radius_server string | Captive portal external RADIUS server domain name or IP address. | |||
captive_portal_radius_secret string | Secret key to access the RADIUS server. | |||
captive_portal_radius_server string | Captive portal RADIUS server domain name or IP address. | |||
captive_portal_session_timeout_interval integer | Session timeout interval (0 - 864000 sec). | |||
dhcp_lease_time integer | DHCP lease time in seconds for NAT IP address. | |||
dhcp_option82_circuit_id_insertion string |
| Enable/disable DHCP option 82 circuit-id insert . | ||
dhcp_option82_insertion string |
| Enable/disable DHCP option 82 insert . | ||
dhcp_option82_remote_id_insertion string |
| Enable/disable DHCP option 82 remote-id insert . | ||
dynamic_vlan string |
| Enable/disable dynamic VLAN assignment. | ||
eap_reauth string |
| Enable/disable EAP re-authentication for WPA-Enterprise security. | ||
eap_reauth_intv integer | EAP re-authentication interval (1800 - 864000 sec). | |||
eapol_key_retries string |
| Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) . | ||
encrypt string |
| Encryption protocol to use (only available when security is set to a WPA type). | ||
external_fast_roaming string |
| Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate . | ||
external_logout string | URL of external authentication logout server. | |||
external_web string | URL of external authentication web server. | |||
fast_bss_transition string |
| Enable/disable 802.11r Fast BSS Transition (FT) . | ||
fast_roaming string |
| Enable/disable fast-roaming, or pre-authentication, where supported by clients . | ||
ft_mobility_domain integer | Mobility domain identifier in FT (1 - 65535). | |||
ft_over_ds string |
| Enable/disable FT over the Distribution System (DS). | ||
ft_r0_key_lifetime integer | Lifetime of the PMK-R0 key in FT, 1-65535 minutes. | |||
gtk_rekey string |
| Enable/disable GTK rekey for WPA security. | ||
gtk_rekey_intv integer | GTK rekey interval interval (1800 - 864000 sec). | |||
hotspot20_profile string | Hotspot 2.0 profile name. | |||
intra_vap_privacy string |
| Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) . | ||
ip string | IP address and subnet mask for the local standalone NAT subnet. | |||
key string | WEP Key. | |||
keyindex integer | WEP key index (1 - 4). | |||
ldpc string |
| VAP low-density parity-check (LDPC) coding configuration. | ||
local_authentication string |
| Enable/disable AP local authentication. | ||
local_bridging string |
| Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP . | ||
local_lan string |
| Allow/deny traffic destined for a Class A, B, or C private IP address . | ||
local_standalone string |
| Enable/disable AP local standalone . | ||
local_standalone_nat string |
| Enable/disable AP local standalone NAT mode. | ||
mac_auth_bypass string |
| Enable/disable MAC authentication bypass. | ||
mac_filter string |
| Enable/disable MAC filtering to block wireless clients by mac address. | ||
mac_filter_list list / elements=string | Create a list of MAC addresses for MAC address filtering. | |||
id integer / required | ID. | |||
mac string | MAC address. | |||
mac_filter_policy string |
| Deny or allow the client with this MAC address. | ||
mac_filter_policy_other string |
| Allow or block clients with MAC addresses that are not in the filter list. | ||
max_clients integer | Maximum number of clients that can connect simultaneously to the VAP . | |||
max_clients_ap integer | Maximum number of clients that can connect simultaneously to each radio . | |||
me_disable_thresh integer | Disable multicast enhancement when this many clients are receiving multicast traffic. | |||
mesh_backhaul string |
| Enable/disable using this VAP as a WiFi mesh backhaul . This entry is only available when security is set to a WPA type or open. | ||
mpsk string |
| Enable/disable multiple pre-shared keys (PSKs.) | ||
mpsk_concurrent_clients integer | Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled. | |||
mpsk_key list / elements=string | Pre-shared keys that can be used to connect to this virtual access point. | |||
comment string | Comment. | |||
concurrent_clients string | Number of clients that can connect using this pre-shared key. | |||
key_name string | Pre-shared key name. | |||
passphrase string | WPA Pre-shared key. | |||
multicast_enhance string |
| Enable/disable converting multicast to unicast to improve performance . | ||
multicast_rate string |
| Multicast rate (0, 6000, 12000, or 24000 kbps). | ||
name string / required | Virtual AP name. | |||
okc string |
| Enable/disable Opportunistic Key Caching (OKC) . | ||
passphrase string | WPA pre-shard key (PSK) to be used to authenticate WiFi users. | |||
pmf string |
| Protected Management Frames (PMF) support . | ||
pmf_assoc_comeback_timeout integer | Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). | |||
pmf_sa_query_retry_timeout integer | Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). | |||
portal_message_override_group string | Replacement message group for this VAP (only available when security is set to a captive portal type). | |||
portal_message_overrides dictionary | Individual message overrides. | |||
auth_disclaimer_page string | Override auth-disclaimer-page message with message from portal-message-overrides group. | |||
auth_login_failed_page string | Override auth-login-failed-page message with message from portal-message-overrides group. | |||
auth_login_page string | Override auth-login-page message with message from portal-message-overrides group. | |||
auth_reject_page string | Override auth-reject-page message with message from portal-message-overrides group. | |||
portal_type string |
| Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. | ||
probe_resp_suppression string |
| Enable/disable probe response suppression (to ignore weak signals) . | ||
probe_resp_threshold string | Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20). | |||
ptk_rekey string |
| Enable/disable PTK rekey for WPA-Enterprise security. | ||
ptk_rekey_intv integer | PTK rekey interval interval (1800 - 864000 sec). | |||
qos_profile string | Quality of service profile name. | |||
quarantine string |
| Enable/disable station quarantine . | ||
radius_mac_auth string |
| Enable/disable RADIUS-based MAC authentication of clients . | ||
radius_mac_auth_server string | RADIUS-based MAC authentication server. | |||
radius_server string | RADIUS server to be used to authenticate WiFi users. | |||
rates_11a string |
| Allowed data rates for 802.11a. | ||
rates_11ac_ss12 string |
| Allowed data rates for 802.11ac with 1 or 2 spatial streams. | ||
rates_11ac_ss34 string |
| Allowed data rates for 802.11ac with 3 or 4 spatial streams. | ||
rates_11bg string |
| Allowed data rates for 802.11b/g. | ||
rates_11n_ss12 string |
| Allowed data rates for 802.11n with 1 or 2 spatial streams. | ||
rates_11n_ss34 string |
| Allowed data rates for 802.11n with 3 or 4 spatial streams. | ||
schedule string | VAP schedule name. | |||
security string |
| Security mode for the wireless interface . | ||
security_exempt_list string | Optional security exempt list for captive portal authentication. | |||
security_obsolete_option string |
| Enable/disable obsolete security options. | ||
security_redirect_url string | Optional URL for redirecting users after they pass captive portal authentication. | |||
selected_usergroups list / elements=string | Selective user groups that are permitted to authenticate. | |||
name string / required | User group name. | |||
split_tunneling string |
| Enable/disable split tunneling . | ||
ssid string | IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name. | |||
state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | ||
tkip_counter_measure string |
| Enable/disable TKIP counter measure. | ||
usergroup list / elements=string | Firewall user group to be used to authenticate WiFi users. | |||
name string / required | User group name. | |||
utm_profile string | UTM profile name. | |||
vdom string | Name of the VDOM that the Virtual AP has been added to. Source system.vdom.name. | |||
vlan_auto string |
| Enable/disable automatic management of SSID VLAN interface. | ||
vlan_pool list / elements=string | VLAN pool. | |||
id integer / required | ID. | |||
wtp_group string | WTP group name. | |||
vlan_pooling string |
| Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools . When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. | ||
vlanid integer | Optional VLAN ID. | |||
voice_enterprise string |
| Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming . |
Note
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure Virtual Access Points (VAPs). fortios_wireless_controller_vap: vdom: "{{ vdom }}" state: "present" wireless_controller_vap: acct_interim_interval: "3" alias: "<your_own_value>" auth: "psk" broadcast_ssid: "enable" broadcast_suppression: "dhcp-up" captive_portal_ac_name: "<your_own_value>" captive_portal_macauth_radius_secret: "<your_own_value>" captive_portal_macauth_radius_server: "<your_own_value>" captive_portal_radius_secret: "<your_own_value>" captive_portal_radius_server: "<your_own_value>" captive_portal_session_timeout_interval: "13" dhcp_lease_time: "14" dhcp_option82_circuit_id_insertion: "style-1" dhcp_option82_insertion: "enable" dhcp_option82_remote_id_insertion: "style-1" dynamic_vlan: "enable" eap_reauth: "enable" eap_reauth_intv: "20" eapol_key_retries: "disable" encrypt: "TKIP" external_fast_roaming: "enable" external_logout: "<your_own_value>" external_web: "<your_own_value>" fast_bss_transition: "disable" fast_roaming: "enable" ft_mobility_domain: "28" ft_over_ds: "disable" ft_r0_key_lifetime: "30" gtk_rekey: "enable" gtk_rekey_intv: "32" hotspot20_profile: "<your_own_value>" intra_vap_privacy: "enable" ip: "<your_own_value>" key: "<your_own_value>" keyindex: "37" ldpc: "disable" local_authentication: "enable" local_bridging: "enable" local_lan: "allow" local_standalone: "enable" local_standalone_nat: "enable" mac_auth_bypass: "enable" mac_filter: "enable" mac_filter_list: - id: "47" mac: "<your_own_value>" mac_filter_policy: "allow" mac_filter_policy_other: "allow" max_clients: "51" max_clients_ap: "52" me_disable_thresh: "53" mesh_backhaul: "enable" mpsk: "enable" mpsk_concurrent_clients: "56" mpsk_key: - comment: "Comment." concurrent_clients: "<your_own_value>" key_name: "<your_own_value>" passphrase: "<your_own_value>" multicast_enhance: "enable" multicast_rate: "0" name: "default_name_64" okc: "disable" passphrase: "<your_own_value>" pmf: "disable" pmf_assoc_comeback_timeout: "68" pmf_sa_query_retry_timeout: "69" portal_message_override_group: "<your_own_value>" portal_message_overrides: auth_disclaimer_page: "<your_own_value>" auth_login_failed_page: "<your_own_value>" auth_login_page: "<your_own_value>" auth_reject_page: "<your_own_value>" portal_type: "auth" probe_resp_suppression: "enable" probe_resp_threshold: "<your_own_value>" ptk_rekey: "enable" ptk_rekey_intv: "80" qos_profile: "<your_own_value>" quarantine: "enable" radius_mac_auth: "enable" radius_mac_auth_server: "<your_own_value>" radius_server: "<your_own_value>" rates_11a: "1" rates_11ac_ss12: "mcs0/1" rates_11ac_ss34: "mcs0/3" rates_11bg: "1" rates_11n_ss12: "mcs0/1" rates_11n_ss34: "mcs16/3" schedule: "<your_own_value>" security: "open" security_exempt_list: "<your_own_value>" security_obsolete_option: "enable" security_redirect_url: "<your_own_value>" selected_usergroups: - name: "default_name_98" split_tunneling: "enable" ssid: "<your_own_value>" tkip_counter_measure: "enable" usergroup: - name: "default_name_103" utm_profile: "<your_own_value>" vdom: "<your_own_value> (source system.vdom.name)" vlan_auto: "enable" vlan_pool: - id: "108" wtp_group: "<your_own_value>" vlan_pooling: "wtp-group" vlanid: "111" voice_enterprise: "disable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build string | always | Build number of the fortigate image Sample: 1547 |
http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
name string | always | Name of the table used to fulfill the request Sample: urlfilter |
path string | always | Path of the table used to fulfill the request Sample: webfilter |
revision string | always | Internal revision number Sample: 17.0.2.10658 |
serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
status string | always | Indication of the operation's result Sample: success |
vdom string | always | Virtual domain used Sample: root |
version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_wireless_controller_vap_module.html