fortinet.fortimanager.fmgr_vap_dynamicmapping – Configure Virtual Access Points
Note
This plugin is part of the fortinet.fortimanager collection (version 2.1.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_vap_dynamicmapping.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| adom
string / required
|
the parameter (adom) in requested url
|
|||
| bypass_validation
boolean
|
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
|
||
| enable_log
boolean
|
|
Enable/Disable logging for task
|
||
| proposed_method
string
|
|
The overridden method for the underlying Json RPC request
|
||
| rc_failed
list / elements=string
|
the rc codes list with which the conditions to fail will be overriden
|
|||
| rc_succeeded
list / elements=string
|
the rc codes list with which the conditions to succeed will be overriden
|
|||
| state
string / required
|
|
the directive to create, update or delete an object
|
||
| vap
string / required
|
the parameter (vap) in requested url
|
|||
| vap_dynamicmapping
dictionary
|
the top level parameters set
|
|||
| _centmgmt
string
|
|
no description
|
||
| _dhcp_svr_id
string
|
no description
|
|||
| _intf_allowaccess
list / elements=string
|
|
no description
|
||
| _intf_device-access-list
string
|
no description
|
|||
| _intf_device-identification
string
|
|
no description
|
||
| _intf_device-netscan
string
|
|
no description
|
||
| _intf_dhcp-relay-ip
string
|
no description
|
|||
| _intf_dhcp-relay-service
string
|
|
no description
|
||
| _intf_dhcp-relay-type
string
|
|
no description
|
||
| _intf_dhcp6-relay-ip
string
|
no description
|
|||
| _intf_dhcp6-relay-service
string
|
|
no description
|
||
| _intf_dhcp6-relay-type
string
|
|
no description
|
||
| _intf_ip
string
|
no description
|
|||
| _intf_ip6-address
string
|
no description
|
|||
| _intf_ip6-allowaccess
list / elements=string
|
|
no description
|
||
| _intf_listen-forticlient-connection
string
|
|
no description
|
||
| _scope
list / elements=string
|
no description
|
|||
| name
string
|
no description
|
|||
| vdom
string
|
no description
|
|||
| access-control-list
string
|
no description
|
|||
| acct-interim-interval
integer
|
no description
|
|||
| additional-akms
list / elements=string
|
|
no description
|
||
| address-group
string
|
no description
|
|||
| alias
string
|
no description
|
|||
| atf-weight
integer
|
no description
|
|||
| auth
string
|
|
no description
|
||
| broadcast-ssid
string
|
|
no description
|
||
| broadcast-suppression
list / elements=string
|
|
no description
|
||
| bss-color-partial
string
|
|
no description
|
||
| bstm-disassociation-imminent
string
|
|
Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable).
|
||
| bstm-load-balancing-disassoc-timer
integer
|
Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = ...
|
|||
| bstm-rssi-disassoc-timer
integer
|
Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
|
|||
| captive-portal-ac-name
string
|
no description
|
|||
| captive-portal-auth-timeout
integer
|
no description
|
|||
| captive-portal-macauth-radius-secret
string
|
no description
|
|||
| captive-portal-macauth-radius-server
string
|
no description
|
|||
| captive-portal-radius-secret
string
|
no description
|
|||
| captive-portal-radius-server
string
|
no description
|
|||
| captive-portal-session-timeout-interval
integer
|
no description
|
|||
| client-count
integer
|
no description
|
|||
| dhcp-address-enforcement
string
|
|
Enable/disable DHCP address enforcement (default = disable).
|
||
| dhcp-lease-time
integer
|
no description
|
|||
| dhcp-option43-insertion
string
|
|
no description
|
||
| dhcp-option82-circuit-id-insertion
string
|
|
no description
|
||
| dhcp-option82-insertion
string
|
|
no description
|
||
| dhcp-option82-remote-id-insertion
string
|
|
no description
|
||
| dynamic-vlan
string
|
|
no description
|
||
| eap-reauth
string
|
|
no description
|
||
| eap-reauth-intv
integer
|
no description
|
|||
| eapol-key-retries
string
|
|
no description
|
||
| encrypt
string
|
|
no description
|
||
| external-fast-roaming
string
|
|
no description
|
||
| external-logout
string
|
no description
|
|||
| external-web
string
|
no description
|
|||
| external-web-format
string
|
|
no description
|
||
| fast-bss-transition
string
|
|
no description
|
||
| fast-roaming
string
|
|
no description
|
||
| ft-mobility-domain
integer
|
no description
|
|||
| ft-over-ds
string
|
|
no description
|
||
| ft-r0-key-lifetime
integer
|
no description
|
|||
| gas-comeback-delay
integer
|
GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
|
|||
| gas-fragmentation-limit
integer
|
GAS fragmentation limit (512 - 4096, default = 1024).
|
|||
| gtk-rekey
string
|
|
no description
|
||
| gtk-rekey-intv
integer
|
no description
|
|||
| high-efficiency
string
|
|
no description
|
||
| hotspot20-profile
string
|
no description
|
|||
| igmp-snooping
string
|
|
Enable/disable IGMP snooping.
|
||
| intra-vap-privacy
string
|
|
no description
|
||
| ip
string
|
no description
|
|||
| ipv6-rules
list / elements=string
|
|
no description
|
||
| key
string
|
no description
|
|||
| keyindex
integer
|
no description
|
|||
| ldpc
string
|
|
no description
|
||
| local-authentication
string
|
|
no description
|
||
| local-bridging
string
|
|
no description
|
||
| local-lan
string
|
|
no description
|
||
| local-standalone
string
|
|
no description
|
||
| local-standalone-nat
string
|
|
no description
|
||
| local-switching
string
|
|
no description
|
||
| mac-auth-bypass
string
|
|
no description
|
||
| mac-called-station-delimiter
string
|
|
MAC called station delimiter (default = hyphen).
|
||
| mac-calling-station-delimiter
string
|
|
MAC calling station delimiter (default = hyphen).
|
||
| mac-case
string
|
|
MAC case (default = uppercase).
|
||
| mac-filter
string
|
|
no description
|
||
| mac-filter-policy-other
string
|
|
no description
|
||
| mac-password-delimiter
string
|
|
MAC authentication password delimiter (default = hyphen).
|
||
| mac-username-delimiter
string
|
|
MAC authentication username delimiter (default = hyphen).
|
||
| max-clients
integer
|
no description
|
|||
| max-clients-ap
integer
|
no description
|
|||
| mbo
string
|
|
Enable/disable Multiband Operation (default = disable).
|
||
| mbo-cell-data-conn-pref
string
|
|
MBO cell data connection preference (0, 1, or 255, default = 1).
|
||
| me-disable-thresh
integer
|
no description
|
|||
| mesh-backhaul
string
|
|
no description
|
||
| mpsk
string
|
|
no description
|
||
| mpsk-concurrent-clients
integer
|
no description
|
|||
| mpsk-profile
string
|
no description
|
|||
| mu-mimo
string
|
|
no description
|
||
| multicast-enhance
string
|
|
no description
|
||
| multicast-rate
string
|
|
no description
|
||
| nac
string
|
|
Enable/disable network access control.
|
||
| nac-profile
string
|
NAC profile name.
|
|||
| neighbor-report-dual-band
string
|
|
Enable/disable dual-band neighbor report (default = disable).
|
||
| okc
string
|
|
no description
|
||
| owe-groups
list / elements=string
|
|
no description
|
||
| owe-transition
string
|
|
no description
|
||
| owe-transition-ssid
string
|
no description
|
|||
| passphrase
string
|
no description
|
|||
| pmf
string
|
|
no description
|
||
| pmf-assoc-comeback-timeout
integer
|
no description
|
|||
| pmf-sa-query-retry-timeout
integer
|
no description
|
|||
| port-macauth
string
|
|
Enable/disable LAN port MAC authentication (default = disable).
|
||
| port-macauth-reauth-timeout
integer
|
LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
|
|||
| port-macauth-timeout
integer
|
LAN port MAC authentication idle timeout value (default = 600 sec).
|
|||
| portal-message-override-group
string
|
no description
|
|||
| portal-type
string
|
|
no description
|
||
| primary-wag-profile
string
|
no description
|
|||
| probe-resp-suppression
string
|
|
no description
|
||
| probe-resp-threshold
string
|
no description
|
|||
| ptk-rekey
string
|
|
no description
|
||
| ptk-rekey-intv
integer
|
no description
|
|||
| qos-profile
string
|
no description
|
|||
| quarantine
string
|
|
no description
|
||
| radio-2g-threshold
string
|
no description
|
|||
| radio-5g-threshold
string
|
no description
|
|||
| radio-sensitivity
string
|
|
no description
|
||
| radius-mac-auth
string
|
|
no description
|
||
| radius-mac-auth-server
string
|
no description
|
|||
| radius-mac-auth-usergroups
string
|
no description
|
|||
| radius-server
string
|
no description
|
|||
| rates-11a
list / elements=string
|
|
no description
|
||
| rates-11ac-ss12
list / elements=string
|
|
no description
|
||
| rates-11ac-ss34
list / elements=string
|
|
no description
|
||
| rates-11bg
list / elements=string
|
|
no description
|
||
| rates-11n-ss12
list / elements=string
|
|
no description
|
||
| rates-11n-ss34
list / elements=string
|
|
no description
|
||
| sae-groups
list / elements=string
|
|
no description
|
||
| sae-password
string
|
no description
|
|||
| schedule
string
|
no description
|
|||
| secondary-wag-profile
string
|
no description
|
|||
| security
string
|
|
no description
|
||
| security-exempt-list
string
|
no description
|
|||
| security-obsolete-option
string
|
|
no description
|
||
| security-redirect-url
string
|
no description
|
|||
| selected-usergroups
string
|
no description
|
|||
| split-tunneling
string
|
|
no description
|
||
| ssid
string
|
no description
|
|||
| sticky-client-remove
string
|
|
no description
|
||
| sticky-client-threshold-2g
string
|
no description
|
|||
| sticky-client-threshold-5g
string
|
no description
|
|||
| target-wake-time
string
|
|
no description
|
||
| tkip-counter-measure
string
|
|
no description
|
||
| tunnel-echo-interval
integer
|
no description
|
|||
| tunnel-fallback-interval
integer
|
no description
|
|||
| usergroup
string
|
no description
|
|||
| utm-profile
string
|
no description
|
|||
| vdom
string
|
no description
|
|||
| vlan-auto
string
|
|
no description
|
||
| vlan-pooling
string
|
|
no description
|
||
| vlanid
integer
|
no description
|
|||
| voice-enterprise
string
|
|
no description
|
||
| workspace_locking_adom
string
|
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
|
|||
| workspace_locking_timeout
integer
|
Default:
300
|
the maximum time in seconds to wait for other user to release the workspace lock
|
||
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points
fmgr_vap_dynamicmapping:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
vap: <your own value>
state: <value in [present, absent]>
vap_dynamicmapping:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <value of string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
_intf_device-identification: <value in [disable, enable]>
_intf_device-netscan: <value in [disable, enable]>
_intf_dhcp-relay-ip: <value of string>
_intf_dhcp-relay-service: <value in [disable, enable]>
_intf_dhcp-relay-type: <value in [regular, ipsec]>
_intf_dhcp6-relay-ip: <value of string>
_intf_dhcp6-relay-service: <value in [disable, enable]>
_intf_dhcp6-relay-type: <value in [regular]>
_intf_ip: <value of string>
_intf_ip6-address: <value of string>
_intf_ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen-forticlient-connection: <value in [disable, enable]>
_scope:
-
name: <value of string>
vdom: <value of string>
acct-interim-interval: <value of integer>
address-group: <value of string>
alias: <value of string>
atf-weight: <value of integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast-ssid: <value in [disable, enable]>
broadcast-suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive-portal-ac-name: <value of string>
captive-portal-macauth-radius-secret: <value of string>
captive-portal-macauth-radius-server: <value of string>
captive-portal-radius-secret: <value of string>
captive-portal-radius-server: <value of string>
captive-portal-session-timeout-interval: <value of integer>
client-count: <value of integer>
dhcp-lease-time: <value of integer>
dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
dhcp-option82-insertion: <value in [disable, enable]>
dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
dynamic-vlan: <value in [disable, enable]>
eap-reauth: <value in [disable, enable]>
eap-reauth-intv: <value of integer>
eapol-key-retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external-fast-roaming: <value in [disable, enable]>
external-logout: <value of string>
external-web: <value of string>
fast-bss-transition: <value in [disable, enable]>
fast-roaming: <value in [disable, enable]>
ft-mobility-domain: <value of integer>
ft-over-ds: <value in [disable, enable]>
ft-r0-key-lifetime: <value of integer>
gtk-rekey: <value in [disable, enable]>
gtk-rekey-intv: <value of integer>
hotspot20-profile: <value of string>
intra-vap-privacy: <value in [disable, enable]>
ip: <value of string>
key: <value of string>
keyindex: <value of integer>
ldpc: <value in [disable, tx, rx, ...]>
local-authentication: <value in [disable, enable]>
local-bridging: <value in [disable, enable]>
local-lan: <value in [deny, allow]>
local-standalone: <value in [disable, enable]>
local-standalone-nat: <value in [disable, enable]>
local-switching: <value in [disable, enable]>
mac-auth-bypass: <value in [disable, enable]>
mac-filter: <value in [disable, enable]>
mac-filter-policy-other: <value in [deny, allow]>
max-clients: <value of integer>
max-clients-ap: <value of integer>
me-disable-thresh: <value of integer>
mesh-backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk-concurrent-clients: <value of integer>
multicast-enhance: <value in [disable, enable]>
multicast-rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe-groups:
- 19
- 20
- 21
owe-transition: <value in [disable, enable]>
owe-transition-ssid: <value of string>
passphrase: <value of string>
pmf: <value in [disable, enable, optional]>
pmf-assoc-comeback-timeout: <value of integer>
pmf-sa-query-retry-timeout: <value of integer>
portal-message-override-group: <value of string>
portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe-resp-suppression: <value in [disable, enable]>
probe-resp-threshold: <value of string>
ptk-rekey: <value in [disable, enable]>
ptk-rekey-intv: <value of integer>
qos-profile: <value of string>
quarantine: <value in [disable, enable]>
radio-2g-threshold: <value of string>
radio-5g-threshold: <value of string>
radio-sensitivity: <value in [disable, enable]>
radius-mac-auth: <value in [disable, enable]>
radius-mac-auth-server: <value of string>
radius-mac-auth-usergroups: <value of string>
radius-server: <value of string>
rates-11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11ac-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates-11ac-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates-11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11n-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates-11n-ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
sae-groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae-password: <value of string>
schedule: <value of string>
security: <value in [None, WEP64, wep64, ...]>
security-exempt-list: <value of string>
security-obsolete-option: <value in [disable, enable]>
security-redirect-url: <value of string>
selected-usergroups: <value of string>
split-tunneling: <value in [disable, enable]>
ssid: <value of string>
tkip-counter-measure: <value in [disable, enable]>
usergroup: <value of string>
utm-profile: <value of string>
vdom: <value of string>
vlan-auto: <value in [disable, enable]>
vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <value of integer>
voice-enterprise: <value in [disable, enable]>
mu-mimo: <value in [disable, enable]>
_intf_device-access-list: <value of string>
external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
high-efficiency: <value in [disable, enable]>
primary-wag-profile: <value of string>
secondary-wag-profile: <value of string>
target-wake-time: <value in [disable, enable]>
tunnel-echo-interval: <value of integer>
tunnel-fallback-interval: <value of integer>
access-control-list: <value of string>
captive-portal-auth-timeout: <value of integer>
ipv6-rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky-client-remove: <value in [disable, enable]>
sticky-client-threshold-2g: <value of string>
sticky-client-threshold-5g: <value of string>
bss-color-partial: <value in [disable, enable]>
dhcp-option43-insertion: <value in [disable, enable]>
mpsk-profile: <value of string>
igmp-snooping: <value in [disable, enable]>
port-macauth: <value in [disable, radius, address-group]>
port-macauth-reauth-timeout: <value of integer>
port-macauth-timeout: <value of integer>
additional-akms:
- akm6
bstm-disassociation-imminent: <value in [disable, enable]>
bstm-load-balancing-disassoc-timer: <value of integer>
bstm-rssi-disassoc-timer: <value of integer>
dhcp-address-enforcement: <value in [disable, enable]>
gas-comeback-delay: <value of integer>
gas-fragmentation-limit: <value of integer>
mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-case: <value in [uppercase, lowercase]>
mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac-profile: <value of string>
neighbor-report-dual-band: <value in [disable, enable]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url
string
|
always |
The full url requested
Sample:
/sys/login/user
|
| response_code
integer
|
always |
The status of api request
|
| response_message
string
|
always |
The descriptive message of the api response
Sample:
OK.
|
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_vap_dynamicmapping_module.html