github/terraform-provider-unifi
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
terraform-provider-unifi/docs/resources/wlan.md
Mateusz Filipowicz b1688313c0 docs: improve provider documentation (#29) 
* docs: improve provider documentation

* fix accidentally changed type of stormctrl_ucast_rate

* docs: add badges and plans to readme
2025-02-26 18:56:45 +01:00

135 lines
8.0 KiB
Markdown
Raw Permalink Blame History

---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "unifi_wlan Resource - terraform-provider-unifi"
subcategory: ""
description: |-
The unifi_wlan resource manages wireless networks (SSIDs) on UniFi access points.
This resource allows you to create and manage WiFi networks with various security options including WPA2, WPA3, and enterprise authentication. You can configure features such as guest policies, minimum data rates, band steering, and scheduled availability.
Each WLAN can be customized with different security settings, VLAN assignments, and client options to meet specific networking requirements.
---
# unifi_wlan (Resource)
The `unifi_wlan` resource manages wireless networks (SSIDs) on UniFi access points.
This resource allows you to create and manage WiFi networks with various security options including WPA2, WPA3, and enterprise authentication. You can configure features such as guest policies, minimum data rates, band steering, and scheduled availability.
Each WLAN can be customized with different security settings, VLAN assignments, and client options to meet specific networking requirements.
## Example Usage
```terraform
variable "vlan_id" {
default = 10
}
data "unifi_ap_group" "default" {
}
data "unifi_user_group" "default" {
}
resource "unifi_network" "vlan" {
name = "wifi-vlan"
purpose = "corporate"
subnet = "10.0.0.1/24"
vlan_id = var.vlan_id
dhcp_start = "10.0.0.6"
dhcp_stop = "10.0.0.254"
dhcp_enabled = true
}
resource "unifi_wlan" "wifi" {
name = "myssid"
passphrase = "12345678"
security = "wpapsk"
# enable WPA2/WPA3 support
wpa3_support = true
wpa3_transition = true
pmf_mode = "optional"
network_id = unifi_network.vlan.id
ap_group_ids = [data.unifi_ap_group.default.id]
user_group_id = data.unifi_user_group.default.id
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Required
- `name` (String) The SSID (network name) that will be broadcast by the access points. Must be between 1 and 32 characters long.
- `security` (String) The security protocol for the wireless network. Valid values are:
* `wpapsk` - WPA Personal (PSK) with WPA2/WPA3 options
* `wpaeap` - WPA Enterprise (802.1x)
* `open` - Open network (no encryption)
- `user_group_id` (String) The ID of the user group that defines the rate limiting and firewall rules for clients on this network.
### Optional
- `ap_group_ids` (Set of String) IDs of the AP groups that should broadcast this SSID. Used to control which access points broadcast this network.
- `bss_transition` (Boolean) Enable BSS Transition Management to help clients roam between APs more efficiently. Defaults to `true`.
- `fast_roaming_enabled` (Boolean) Enable 802.11r Fast BSS Transition for seamless roaming between APs. Requires client device support. Defaults to `false`.
- `hide_ssid` (Boolean) When enabled, the access points will not broadcast the network name (SSID). Clients will need to manually enter the SSID to connect.
- `is_guest` (Boolean) Mark this as a guest network. Guest networks are isolated from other networks and can have special restrictions like captive portals.
- `l2_isolation` (Boolean) Isolates wireless clients from each other at layer 2 (ethernet) level. When enabled, devices on this WLAN cannot communicate directly with each other, improving security especially for guest networks or IoT devices. Each client can only communicate with the gateway/router. Defaults to `false`.
- `mac_filter_enabled` (Boolean) Enable MAC address filtering to control network access based on client MAC addresses. Works in conjunction with `mac_filter_list` and `mac_filter_policy`.
- `mac_filter_list` (Set of String) List of MAC addresses to filter in XX:XX:XX:XX:XX:XX format. Only applied when `mac_filter_enabled` is true. MAC addresses are case-insensitive.
- `mac_filter_policy` (String) MAC address filter policy. Valid values are:
* `allow` - Only allow listed MAC addresses
* `deny` - Block listed MAC addresses Defaults to `deny`.
- `minimum_data_rate_2g_kbps` (Number) Minimum data rate for 2.4GHz devices in Kbps. Use `0` to disable. Valid values: `1000`, `2000`, `5500`, `6000`, `9000`, `11000`, `12000`, `18000`, `24000`, `36000`, `48000`, and `54000`
- `minimum_data_rate_5g_kbps` (Number) Minimum data rate for 5GHz devices in Kbps. Use `0` to disable. Valid values: `6000`, `9000`, `12000`, `18000`, `24000`, `36000`, `48000`, and `54000`
- `multicast_enhance` (Boolean) Enable multicast enhancement to convert multicast traffic to unicast for better reliability and performance, especially for applications like video streaming.
- `network_id` (String) ID of the network (VLAN) for this SSID. Used to assign the WLAN to a specific network segment.
- `no2ghz_oui` (Boolean) When enabled, devices from specific manufacturers (identified by their OUI - Organizationally Unique Identifier) will be prevented from connecting on 2.4GHz and forced to use 5GHz. This improves overall network performance by ensuring capable devices use the less congested 5GHz band. Common examples include newer smartphones and laptops. Defaults to `true`.
- `passphrase` (String, Sensitive) The WPA pre-shared key (password) for the network. Required when security is not set to `open`.
- `pmf_mode` (String) Protected Management Frames (PMF) mode. It cannot be disabled if using WPA3. Valid values are:
* `required` - All clients must support PMF (required for WPA3)
* `optional` - Clients can optionally use PMF (recommended when transitioning from WPA2 to WPA3)
* `disabled` - PMF is disabled (not compatible with WPA3) Defaults to `disabled`.
- `proxy_arp` (Boolean) Enable ARP proxy on this WLAN. When enabled, the UniFi controller will respond to ARP requests on behalf of clients, reducing broadcast traffic and potentially improving network performance. This is particularly useful in high-density wireless environments. Defaults to `false`.
- `radius_profile_id` (String) ID of the RADIUS profile to use for WPA Enterprise authentication (when security is 'wpaeap'). Reference existing profiles using the `unifi_radius_profile` data source.
- `schedule` (Block List) Time-based access control configuration for the wireless network. Allows automatic enabling/disabling of the network on specified schedules. (see [below for nested schema](#nestedblock--schedule))
- `site` (String) The name of the UniFi site where the wireless network should be created. If not specified, the default site will be used.
- `uapsd` (Boolean) Enable Unscheduled Automatic Power Save Delivery to improve battery life for mobile devices. Defaults to `false`.
- `wlan_band` (String) Radio band selection. Valid values:
* `both` - Both 2.4GHz and 5GHz (default)
* `2g` - 2.4GHz only
* `5g` - 5GHz only Defaults to `both`.
- `wpa3_support` (Boolean) Enable WPA3 security protocol. Requires security to be set to `wpapsk` and PMF mode to be enabled. WPA3 provides enhanced security features over WPA2.
- `wpa3_transition` (Boolean) Enable WPA3 transition mode, which allows both WPA2 and WPA3 clients to connect. This provides backward compatibility while gradually transitioning to WPA3. Requires security to be set to `wpapsk` and `wpa3_support` to be true.
### Read-Only
- `id` (String) The unique identifier of the wireless network in the UniFi controller.
<a id="nestedblock--schedule"></a>
### Nested Schema for `schedule`
Required:
- `day_of_week` (String) Day of week. Valid values: `sun`, `mon`, `tue`, `wed`, `thu`, `fri`, `sat`.
- `duration` (Number) Duration in minutes that the network should remain active.
- `start_hour` (Number) Start hour in 24-hour format (0-23).
Optional:
- `name` (String) Friendly name for this schedule block (e.g., 'Business Hours', 'Weekend Access').
- `start_minute` (Number) Start minute (0-59). Defaults to `0`.
## Import
Import is supported using the following syntax:
```shell
# import from provider configured site
terraform import unifi_wlan.mywlan 5dc28e5e9106d105bdc87217
# import from another site
terraform import unifi_wlan.mywlan bfa2l6i7:5dc28e5e9106d105bdc87217
```
Reference in New Issue View Git Blame Copy Permalink