fortinet.fortimanager.fmgr_vap – Configure Virtual Access Points (VAPs).
Note
This plugin is part of the fortinet.fortimanager collection (version 2.0.1).
To install it use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_vap.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | |||
|---|---|---|---|---|---|
| adom string / required | the parameter (adom) in requested url | ||||
| bypass_validation boolean |
| only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | |||
| rc_failed list / elements=string | the rc codes list with which the conditions to fail will be overriden | ||||
| rc_succeeded list / elements=string | the rc codes list with which the conditions to succeed will be overriden | ||||
| state string / required |
| the directive to create, update or delete an object | |||
| vap dictionary | the top level parameters set | ||||
| _centmgmt string |
| no description | |||
| _dhcp_svr_id string | no description | ||||
| _intf_allowaccess list / elements=string |
| no description | |||
| _intf_device-identification string |
| no description | |||
| _intf_device-netscan string |
| no description | |||
| _intf_dhcp-relay-ip string | no description | ||||
| _intf_dhcp-relay-service string |
| no description | |||
| _intf_dhcp-relay-type string |
| no description | |||
| _intf_dhcp6-relay-ip string | no description | ||||
| _intf_dhcp6-relay-service string |
| no description | |||
| _intf_dhcp6-relay-type string |
| no description | |||
| _intf_ip string | no description | ||||
| _intf_ip6-address string | no description | ||||
| _intf_ip6-allowaccess list / elements=string |
| no description | |||
| _intf_listen-forticlient-connection string |
| no description | |||
| acct-interim-interval integer | WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0). | ||||
| alias string | Alias. | ||||
| auth string |
| Authentication protocol. | |||
| broadcast-ssid string |
| Enable/disable broadcasting the SSID (default = enable). | |||
| broadcast-suppression list / elements=string |
| no description | |||
| captive-portal-ac-name string | Local-bridging captive portal ac-name. | ||||
| captive-portal-macauth-radius-secret string | no description | ||||
| captive-portal-macauth-radius-server string | Captive portal external RADIUS server domain name or IP address. | ||||
| captive-portal-radius-secret string | no description | ||||
| captive-portal-radius-server string | Captive portal RADIUS server domain name or IP address. | ||||
| captive-portal-session-timeout-interval integer | Session timeout interval (0 - 864000 sec, default = 0). | ||||
| dhcp-lease-time integer | DHCP lease time in seconds for NAT IP address. | ||||
| dhcp-option82-circuit-id-insertion string |
| Enable/disable DHCP option 82 circuit-id insert (default = disable). | |||
| dhcp-option82-insertion string |
| Enable/disable DHCP option 82 insert (default = disable). | |||
| dhcp-option82-remote-id-insertion string |
| Enable/disable DHCP option 82 remote-id insert (default = disable). | |||
| dynamic-vlan string |
| Enable/disable dynamic VLAN assignment. | |||
| dynamic_mapping list / elements=string | no description | ||||
| _centmgmt string |
| no description | |||
| _dhcp_svr_id string | no description | ||||
| _intf_allowaccess list / elements=string |
| no description | |||
| _intf_device-identification string |
| no description | |||
| _intf_device-netscan string |
| no description | |||
| _intf_dhcp-relay-ip string | no description | ||||
| _intf_dhcp-relay-service string |
| no description | |||
| _intf_dhcp-relay-type string |
| no description | |||
| _intf_dhcp6-relay-ip string | no description | ||||
| _intf_dhcp6-relay-service string |
| no description | |||
| _intf_dhcp6-relay-type string |
| no description | |||
| _intf_ip string | no description | ||||
| _intf_ip6-address string | no description | ||||
| _intf_ip6-allowaccess list / elements=string |
| no description | |||
| _intf_listen-forticlient-connection string |
| no description | |||
| _scope list / elements=string | no description | ||||
| name string | no description | ||||
| vdom string | no description | ||||
| acct-interim-interval integer | no description | ||||
| address-group string | no description | ||||
| alias string | no description | ||||
| atf-weight integer | no description | ||||
| auth string |
| no description | |||
| broadcast-ssid string |
| no description | |||
| broadcast-suppression list / elements=string |
| no description | |||
| captive-portal-ac-name string | no description | ||||
| captive-portal-macauth-radius-secret string | no description | ||||
| captive-portal-macauth-radius-server string | no description | ||||
| captive-portal-radius-secret string | no description | ||||
| captive-portal-radius-server string | no description | ||||
| captive-portal-session-timeout-interval integer | no description | ||||
| client-count integer | no description | ||||
| dhcp-lease-time integer | no description | ||||
| dhcp-option82-circuit-id-insertion string |
| no description | |||
| dhcp-option82-insertion string |
| no description | |||
| dhcp-option82-remote-id-insertion string |
| no description | |||
| dynamic-vlan string |
| no description | |||
| eap-reauth string |
| no description | |||
| eap-reauth-intv integer | no description | ||||
| eapol-key-retries string |
| no description | |||
| encrypt string |
| no description | |||
| external-fast-roaming string |
| no description | |||
| external-logout string | no description | ||||
| external-web string | no description | ||||
| fast-bss-transition string |
| no description | |||
| fast-roaming string |
| no description | |||
| ft-mobility-domain integer | no description | ||||
| ft-over-ds string |
| no description | |||
| ft-r0-key-lifetime integer | no description | ||||
| gtk-rekey string |
| no description | |||
| gtk-rekey-intv integer | no description | ||||
| hotspot20-profile string | no description | ||||
| intra-vap-privacy string |
| no description | |||
| ip string | no description | ||||
| key string | no description | ||||
| keyindex integer | no description | ||||
| ldpc string |
| no description | |||
| local-authentication string |
| no description | |||
| local-bridging string |
| no description | |||
| local-lan string |
| no description | |||
| local-standalone string |
| no description | |||
| local-standalone-nat string |
| no description | |||
| local-switching string |
| no description | |||
| mac-auth-bypass string |
| no description | |||
| mac-filter string |
| no description | |||
| mac-filter-policy-other string |
| no description | |||
| max-clients integer | no description | ||||
| max-clients-ap integer | no description | ||||
| me-disable-thresh integer | no description | ||||
| mesh-backhaul string |
| no description | |||
| mpsk string |
| no description | |||
| mpsk-concurrent-clients integer | no description | ||||
| multicast-enhance string |
| no description | |||
| multicast-rate string |
| no description | |||
| okc string |
| no description | |||
| owe-groups list / elements=string |
| no description | |||
| owe-transition string |
| no description | |||
| owe-transition-ssid string | no description | ||||
| passphrase string | no description | ||||
| pmf string |
| no description | |||
| pmf-assoc-comeback-timeout integer | no description | ||||
| pmf-sa-query-retry-timeout integer | no description | ||||
| portal-message-override-group string | no description | ||||
| portal-type string |
| no description | |||
| probe-resp-suppression string |
| no description | |||
| probe-resp-threshold string | no description | ||||
| ptk-rekey string |
| no description | |||
| ptk-rekey-intv integer | no description | ||||
| qos-profile string | no description | ||||
| quarantine string |
| no description | |||
| radio-2g-threshold string | no description | ||||
| radio-5g-threshold string | no description | ||||
| radio-sensitivity string |
| no description | |||
| radius-mac-auth string |
| no description | |||
| radius-mac-auth-server string | no description | ||||
| radius-mac-auth-usergroups string | no description | ||||
| radius-server string | no description | ||||
| rates-11a list / elements=string |
| no description | |||
| rates-11ac-ss12 list / elements=string |
| no description | |||
| rates-11ac-ss34 list / elements=string |
| no description | |||
| rates-11bg list / elements=string |
| no description | |||
| rates-11n-ss12 list / elements=string |
| no description | |||
| rates-11n-ss34 list / elements=string |
| no description | |||
| sae-groups list / elements=string |
| no description | |||
| sae-password string | no description | ||||
| schedule string | no description | ||||
| security string |
| no description | |||
| security-exempt-list string | no description | ||||
| security-obsolete-option string |
| no description | |||
| security-redirect-url string | no description | ||||
| selected-usergroups string | no description | ||||
| split-tunneling string |
| no description | |||
| ssid string | no description | ||||
| tkip-counter-measure string |
| no description | |||
| usergroup string | no description | ||||
| utm-profile string | no description | ||||
| vdom string | no description | ||||
| vlan-auto string |
| no description | |||
| vlan-pooling string |
| no description | |||
| vlanid integer | no description | ||||
| voice-enterprise string |
| no description | |||
| eap-reauth string |
| Enable/disable EAP re-authentication for WPA-Enterprise security. | |||
| eap-reauth-intv integer | EAP re-authentication interval (1800 - 864000 sec, default = 86400). | ||||
| eapol-key-retries string |
| Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). | |||
| encrypt string |
| Encryption protocol to use (only available when security is set to a WPA type). | |||
| external-fast-roaming string |
| Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). | |||
| external-logout string | URL of external authentication logout server. | ||||
| external-web string | URL of external authentication web server. | ||||
| fast-bss-transition string |
| Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). | |||
| fast-roaming string |
| Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). | |||
| ft-mobility-domain integer | Mobility domain identifier in FT (1 - 65535, default = 1000). | ||||
| ft-over-ds string |
| Enable/disable FT over the Distribution System (DS). | |||
| ft-r0-key-lifetime integer | Lifetime of the PMK-R0 key in FT, 1-65535 minutes. | ||||
| gtk-rekey string |
| Enable/disable GTK rekey for WPA security. | |||
| gtk-rekey-intv integer | GTK rekey interval (1800 - 864000 sec, default = 86400). | ||||
| hotspot20-profile string | Hotspot 2.0 profile name. | ||||
| intra-vap-privacy string |
| Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). | |||
| ip string | IP address and subnet mask for the local standalone NAT subnet. | ||||
| key string | no description | ||||
| keyindex integer | WEP key index (1 - 4). | ||||
| ldpc string |
| VAP low-density parity-check (LDPC) coding configuration. | |||
| local-authentication string |
| Enable/disable AP local authentication. | |||
| local-bridging string |
| Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). | |||
| local-lan string |
| Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). | |||
| local-standalone string |
| Enable/disable AP local standalone (default = disable). | |||
| local-standalone-nat string |
| Enable/disable AP local standalone NAT mode. | |||
| mac-auth-bypass string |
| Enable/disable MAC authentication bypass. | |||
| mac-filter string |
| Enable/disable MAC filtering to block wireless clients by mac address. | |||
| mac-filter-list list / elements=string | no description | ||||
| id integer | ID. | ||||
| mac string | MAC address. | ||||
| mac-filter-policy string |
| Deny or allow the client with this MAC address. | |||
| mac-filter-policy-other string |
| Allow or block clients with MAC addresses that are not in the filter list. | |||
| max-clients integer | Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation). | ||||
| max-clients-ap integer | Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation). | ||||
| me-disable-thresh integer | Disable multicast enhancement when this many clients are receiving multicast traffic. | ||||
| mesh-backhaul string |
| Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set t... | |||
| mpsk string |
| Enable/disable multiple pre-shared keys (PSKs.) | |||
| mpsk-concurrent-clients integer | Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled. | ||||
| mpsk-key list / elements=string | no description | ||||
| comment string | Comment. | ||||
| concurrent-clients string | Number of clients that can connect using this pre-shared key. | ||||
| key-name string | Pre-shared key name. | ||||
| passphrase string | no description | ||||
| multicast-enhance string |
| Enable/disable converting multicast to unicast to improve performance (default = disable). | |||
| multicast-rate string |
| Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). | |||
| name string | Virtual AP name. | ||||
| okc string |
| Enable/disable Opportunistic Key Caching (OKC) (default = enable). | |||
| passphrase string | no description | ||||
| pmf string |
| Protected Management Frames (PMF) support (default = disable). | |||
| pmf-assoc-comeback-timeout integer | Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). | ||||
| pmf-sa-query-retry-timeout integer | Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). | ||||
| portal-message-override-group string | Replacement message group for this VAP (only available when security is set to a captive portal type). | ||||
| portal-type string |
| Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. | |||
| probe-resp-suppression string |
| Enable/disable probe response suppression (to ignore weak signals) (default = disable). | |||
| probe-resp-threshold string | Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80). | ||||
| ptk-rekey string |
| Enable/disable PTK rekey for WPA-Enterprise security. | |||
| ptk-rekey-intv integer | PTK rekey interval (1800 - 864000 sec, default = 86400). | ||||
| qos-profile string | Quality of service profile name. | ||||
| quarantine string |
| Enable/disable station quarantine (default = enable). | |||
| radio-2g-threshold string | Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79). | ||||
| radio-5g-threshold string | Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76). | ||||
| radio-sensitivity string |
| Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). | |||
| radius-mac-auth string |
| Enable/disable RADIUS-based MAC authentication of clients (default = disable). | |||
| radius-mac-auth-server string | RADIUS-based MAC authentication server. | ||||
| radius-mac-auth-usergroups string | no description | ||||
| radius-server string | RADIUS server to be used to authenticate WiFi users. | ||||
| rates-11a list / elements=string |
| no description | |||
| rates-11ac-ss12 list / elements=string |
| no description | |||
| rates-11ac-ss34 list / elements=string |
| no description | |||
| rates-11bg list / elements=string |
| no description | |||
| rates-11n-ss12 list / elements=string |
| no description | |||
| rates-11n-ss34 list / elements=string |
| no description | |||
| schedule string | VAP schedule name. | ||||
| security string |
| Security mode for the wireless interface (default = wpa2-only-personal). | |||
| security-exempt-list string | Optional security exempt list for captive portal authentication. | ||||
| security-obsolete-option string |
| Enable/disable obsolete security options. | |||
| security-redirect-url string | Optional URL for redirecting users after they pass captive portal authentication. | ||||
| selected-usergroups string | Selective user groups that are permitted to authenticate. | ||||
| split-tunneling string |
| Enable/disable split tunneling (default = disable). | |||
| ssid string | IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configur... | ||||
| tkip-counter-measure string |
| Enable/disable TKIP counter measure. | |||
| usergroup string | Firewall user group to be used to authenticate WiFi users. | ||||
| utm-profile string | UTM profile name. | ||||
| vdom string | Name of the VDOM that the Virtual AP has been added to. | ||||
| vlan-auto string |
| Enable/disable automatic management of SSID VLAN interface. | |||
| vlan-pool list / elements=string | no description | ||||
| _wtp-group string | no description | ||||
| id integer | ID. | ||||
| wtp-group string | WTP group name. | ||||
| vlan-pooling string |
| Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When... | |||
| vlanid integer | Optional VLAN ID. | ||||
| voice-enterprise string |
| Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). | |||
| workspace_locking_adom string | the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | ||||
| workspace_locking_timeout integer | Default: 300 | the maximum time in seconds to wait for other user to release the workspace lock | |||
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points (VAPs).
fmgr_vap:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
vap:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <value of string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
_intf_device-identification: <value in [disable, enable]>
_intf_device-netscan: <value in [disable, enable]>
_intf_dhcp-relay-ip: <value of string>
_intf_dhcp-relay-service: <value in [disable, enable]>
_intf_dhcp-relay-type: <value in [regular, ipsec]>
_intf_dhcp6-relay-ip: <value of string>
_intf_dhcp6-relay-service: <value in [disable, enable]>
_intf_dhcp6-relay-type: <value in [regular]>
_intf_ip: <value of string>
_intf_ip6-address: <value of string>
_intf_ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen-forticlient-connection: <value in [disable, enable]>
acct-interim-interval: <value of integer>
alias: <value of string>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast-ssid: <value in [disable, enable]>
broadcast-suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive-portal-ac-name: <value of string>
captive-portal-macauth-radius-secret: <value of string>
captive-portal-macauth-radius-server: <value of string>
captive-portal-radius-secret: <value of string>
captive-portal-radius-server: <value of string>
captive-portal-session-timeout-interval: <value of integer>
dhcp-lease-time: <value of integer>
dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2]>
dhcp-option82-insertion: <value in [disable, enable]>
dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
dynamic-vlan: <value in [disable, enable]>
dynamic_mapping:
-
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <value of string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
_intf_device-identification: <value in [disable, enable]>
_intf_device-netscan: <value in [disable, enable]>
_intf_dhcp-relay-ip: <value of string>
_intf_dhcp-relay-service: <value in [disable, enable]>
_intf_dhcp-relay-type: <value in [regular, ipsec]>
_intf_dhcp6-relay-ip: <value of string>
_intf_dhcp6-relay-service: <value in [disable, enable]>
_intf_dhcp6-relay-type: <value in [regular]>
_intf_ip: <value of string>
_intf_ip6-address: <value of string>
_intf_ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen-forticlient-connection: <value in [disable, enable]>
_scope:
-
name: <value of string>
vdom: <value of string>
acct-interim-interval: <value of integer>
address-group: <value of string>
alias: <value of string>
atf-weight: <value of integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast-ssid: <value in [disable, enable]>
broadcast-suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive-portal-ac-name: <value of string>
captive-portal-macauth-radius-secret: <value of string>
captive-portal-macauth-radius-server: <value of string>
captive-portal-radius-secret: <value of string>
captive-portal-radius-server: <value of string>
captive-portal-session-timeout-interval: <value of integer>
client-count: <value of integer>
dhcp-lease-time: <value of integer>
dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2]>
dhcp-option82-insertion: <value in [disable, enable]>
dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
dynamic-vlan: <value in [disable, enable]>
eap-reauth: <value in [disable, enable]>
eap-reauth-intv: <value of integer>
eapol-key-retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external-fast-roaming: <value in [disable, enable]>
external-logout: <value of string>
external-web: <value of string>
fast-bss-transition: <value in [disable, enable]>
fast-roaming: <value in [disable, enable]>
ft-mobility-domain: <value of integer>
ft-over-ds: <value in [disable, enable]>
ft-r0-key-lifetime: <value of integer>
gtk-rekey: <value in [disable, enable]>
gtk-rekey-intv: <value of integer>
hotspot20-profile: <value of string>
intra-vap-privacy: <value in [disable, enable]>
ip: <value of string>
key: <value of string>
keyindex: <value of integer>
ldpc: <value in [disable, tx, rx, ...]>
local-authentication: <value in [disable, enable]>
local-bridging: <value in [disable, enable]>
local-lan: <value in [deny, allow]>
local-standalone: <value in [disable, enable]>
local-standalone-nat: <value in [disable, enable]>
local-switching: <value in [disable, enable]>
mac-auth-bypass: <value in [disable, enable]>
mac-filter: <value in [disable, enable]>
mac-filter-policy-other: <value in [deny, allow]>
max-clients: <value of integer>
max-clients-ap: <value of integer>
me-disable-thresh: <value of integer>
mesh-backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk-concurrent-clients: <value of integer>
multicast-enhance: <value in [disable, enable]>
multicast-rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe-groups:
- 19
- 20
- 21
owe-transition: <value in [disable, enable]>
owe-transition-ssid: <value of string>
passphrase: <value of string>
pmf: <value in [disable, enable, optional]>
pmf-assoc-comeback-timeout: <value of integer>
pmf-sa-query-retry-timeout: <value of integer>
portal-message-override-group: <value of string>
portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe-resp-suppression: <value in [disable, enable]>
probe-resp-threshold: <value of string>
ptk-rekey: <value in [disable, enable]>
ptk-rekey-intv: <value of integer>
qos-profile: <value of string>
quarantine: <value in [disable, enable]>
radio-2g-threshold: <value of string>
radio-5g-threshold: <value of string>
radio-sensitivity: <value in [disable, enable]>
radius-mac-auth: <value in [disable, enable]>
radius-mac-auth-server: <value of string>
radius-mac-auth-usergroups: <value of string>
radius-server: <value of string>
rates-11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11ac-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates-11ac-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates-11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11n-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates-11n-ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
sae-groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae-password: <value of string>
schedule: <value of string>
security: <value in [None, WEP64, wep64, ...]>
security-exempt-list: <value of string>
security-obsolete-option: <value in [disable, enable]>
security-redirect-url: <value of string>
selected-usergroups: <value of string>
split-tunneling: <value in [disable, enable]>
ssid: <value of string>
tkip-counter-measure: <value in [disable, enable]>
usergroup: <value of string>
utm-profile: <value of string>
vdom: <value of string>
vlan-auto: <value in [disable, enable]>
vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <value of integer>
voice-enterprise: <value in [disable, enable]>
eap-reauth: <value in [disable, enable]>
eap-reauth-intv: <value of integer>
eapol-key-retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external-fast-roaming: <value in [disable, enable]>
external-logout: <value of string>
external-web: <value of string>
fast-bss-transition: <value in [disable, enable]>
fast-roaming: <value in [disable, enable]>
ft-mobility-domain: <value of integer>
ft-over-ds: <value in [disable, enable]>
ft-r0-key-lifetime: <value of integer>
gtk-rekey: <value in [disable, enable]>
gtk-rekey-intv: <value of integer>
hotspot20-profile: <value of string>
intra-vap-privacy: <value in [disable, enable]>
ip: <value of string>
key: <value of string>
keyindex: <value of integer>
ldpc: <value in [disable, tx, rx, ...]>
local-authentication: <value in [disable, enable]>
local-bridging: <value in [disable, enable]>
local-lan: <value in [deny, allow]>
local-standalone: <value in [disable, enable]>
local-standalone-nat: <value in [disable, enable]>
mac-auth-bypass: <value in [disable, enable]>
mac-filter: <value in [disable, enable]>
mac-filter-list:
-
id: <value of integer>
mac: <value of string>
mac-filter-policy: <value in [deny, allow]>
mac-filter-policy-other: <value in [deny, allow]>
max-clients: <value of integer>
max-clients-ap: <value of integer>
me-disable-thresh: <value of integer>
mesh-backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk-concurrent-clients: <value of integer>
mpsk-key:
-
comment: <value of string>
concurrent-clients: <value of string>
key-name: <value of string>
passphrase: <value of string>
multicast-enhance: <value in [disable, enable]>
multicast-rate: <value in [0, 6000, 12000, ...]>
name: <value of string>
okc: <value in [disable, enable]>
passphrase: <value of string>
pmf: <value in [disable, enable, optional]>
pmf-assoc-comeback-timeout: <value of integer>
pmf-sa-query-retry-timeout: <value of integer>
portal-message-override-group: <value of string>
portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe-resp-suppression: <value in [disable, enable]>
probe-resp-threshold: <value of string>
ptk-rekey: <value in [disable, enable]>
ptk-rekey-intv: <value of integer>
qos-profile: <value of string>
quarantine: <value in [disable, enable]>
radio-2g-threshold: <value of string>
radio-5g-threshold: <value of string>
radio-sensitivity: <value in [disable, enable]>
radius-mac-auth: <value in [disable, enable]>
radius-mac-auth-server: <value of string>
radius-mac-auth-usergroups: <value of string>
radius-server: <value of string>
rates-11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11ac-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates-11ac-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates-11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11n-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates-11n-ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
schedule: <value of string>
security: <value in [None, WEP64, wep64, ...]>
security-exempt-list: <value of string>
security-obsolete-option: <value in [disable, enable]>
security-redirect-url: <value of string>
selected-usergroups: <value of string>
split-tunneling: <value in [disable, enable]>
ssid: <value of string>
tkip-counter-measure: <value in [disable, enable]>
usergroup: <value of string>
utm-profile: <value of string>
vdom: <value of string>
vlan-auto: <value in [disable, enable]>
vlan-pool:
-
_wtp-group: <value of string>
id: <value of integer>
wtp-group: <value of string>
vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <value of integer>
voice-enterprise: <value in [disable, enable]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url string | always | The full url requested Sample: /sys/login/user |
| response_code integer | always | The status of api request |
| response_message string | always | The descriptive message of the api response Sample: OK. |
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_vap_module.html