Type: object

OpenWrt uCentral schema

Type: integer

The unique ID of the configuration. This is the unix timestamp of when the config was created.

Type: object

A device has certain properties that describe its identity and location. These properties are described inside this object.

Type: string

This is a free text field, stating the administrative name of the device. It may contain spaces and special characters.

Type: string

This is a free text field, stating the location of the device. It may contain spaces and special characters.

Type: string

This allows you to change the TZ of the device.


Examples:

"UTC"
"EST5"
"CET-1CEST,M3.5.0,M10.5.0/3"

Type: boolean Default: true

This allows forcing all LEDs off.

Type: boolean Default: false

The device shall create a random root password and tell the gateway about it.

Type: object

A device has certain global properties that are used to derive parts of the final configuration that gets applied.

Type: string

Define the IPv4 range that is delegatable to the downstream interfaces This is described as a CIDR block. (192.168.0.0/16, 172.16.128/17)


Example:

"192.168.0.0/16"

Type: string

Define the IPv6 range that is delegatable to the downstream interfaces This is described as a CIDR block. (fdca:1234:4567::/48)


Example:

"fdca:1234:4567::/48"

Type: object No Additional Properties

Define the default WMM behaviour of all SSIDs on the device. Each access category can be assigned a default class selector that gets used for packet matching.

Type: array of enum (of string)

Each item of this array must be:

Type: enum (of string)

Must be one of:

  • "CS0"
  • "CS1"
  • "CS2"
  • "CS3"
  • "CS4"
  • "CS5"
  • "CS6"
  • "CS7"
  • "AF11"
  • "AF12"
  • "AF13"
  • "AF21"
  • "AF22"
  • "AF23"
  • "AF31"
  • "AF32"
  • "AF33"
  • "AF41"
  • "AF42"
  • "AF43"
  • "DF"
  • "EF"
  • "VA"
  • "LE"
Type: object No Additional Properties

Type: enum (of string)

Define a default profile that shall be used for the WMM behaviour of all SSIDs on the device.

Must be one of:

  • "enterprise"
  • "rfc8325"
  • "3gpp"

Type: object

This section is used to define templates that can be referenced by a configuration. This avoids duplication of data. A RADIUS server can be defined here for example and then referenced by several SSIDs.

Type: object

A dictionary of wireless encryption templates which can be referenced by the corresponding property name.

All property whose name matches the following regular expression must respect the following conditions

Property name regular expression: .+
Type: object No Additional Properties

Type: string

Type: array

Each item of this array must be:

Type: object

This section defines the linkk speed and duplex mode of the physical copper/fiber ports of the device.

Type: array of string

The list of physical network devices that shall be configured. The names are logical ones and wildcardable.

Each item of this array must be:

Type: string
Examples:

"LAN1"
"LAN2"
"LAN3"
"LAN4"
"LAN*"
"WAN*"
"*"

Type: enum (of integer)

The link speed that shall be forced.

Must be one of:

  • 10
  • 100
  • 1000
  • 2500
  • 5000
  • 10000

Type: enum (of string)

The duplex mode that shall be forced.

Must be one of:

  • "half"
  • "full"

Type: array of string

The services that shall be offered on this L2 interface.

Each item of this array must be:

Type: string
Example:

"quality-of-service"

Type: object

This section defines the switch fabric specific features of a physical switch.

Type: object

Enable mirror of traffic from multiple minotor ports to a single analysis port.

Type: array of string

The list of ports that we want to mirror.

Each item of this array must be:

Type: string

Type: string

The port that mirror'ed packets should be sent to.

Type: object

Enable loop detection on the L2 switches/bridge.

Type: enum (of string) Default: "rstp"

Define which protocol shall be used for loop detection.

Must be one of:

  • "rstp"

Type: array of enum (of string)

Define on which logical switches/bridges we want to provide loop-detection.

Each item of this array must be:

Type: enum (of string)

Must be one of:

  • "upstream"
  • "downstream"

Type: array

Each item of this array must be:

Type: object

Describe a physical radio on the AP. A radio is be parent to several VAPs. They all share the same physical properties.

Type: enum (of string)

Specifies the wireless band to configure the radio for. Available radio device phys on the target system are matched by the wireless band given here. If multiple radio phys support the same band, the settings specified here will be applied to all of them.

Must be one of:

  • "2G"
  • "5G"
  • "5G-lower"
  • "5G-upper"
  • "6G"

Type: enum (of integer)

Specifies a narrow channel width in MHz, possible values are 5, 10, 20.

Must be one of:

  • 5
  • 10
  • 20

Specifies the wireless channel to use. A value of 'auto' starts the ACS algorithm.

Type: integer

Value must be greater or equal to 1 and lesser or equal to 171

Type: const Specific value: "auto"

Type: string

Specifies the country code, affects the available channels and transmission powers.

Must be at least 2 characters long

Must be at most 2 characters long


Example:

"US"

Type: enum (of string) Default: "HE"

Define the ideal channel mode that the radio shall use. This can be 802.11n, 802.11ac or 802.11ax. This is just a hint for the AP. If the requested value is not supported then the AP will use the highest common denominator.

Must be one of:

  • "HT"
  • "VHT"
  • "HE"

Type: enum (of integer) Default: 80

The channel width that the radio shall use. This is just a hint for the AP. If the requested value is not supported then the AP will use the highest common denominator.

Must be one of:

  • 20
  • 40
  • 80
  • 160
  • 8080

Type: enum (of string)

Stations that do no fulfill these HT modes will be rejected.

Must be one of:

  • "HT"
  • "VHT"
  • "HE"

Type: enum (of string)

This option allows configuring the antenna pairs that shall be used. This is just a hint for the AP. If the requested value is not supported then the AP will use the highest common denominator.

Must be one of:

  • "1x1"
  • "2x2"
  • "3x3"
  • "4x4"
  • "5x5"
  • "6x6"
  • "7x7"
  • "8x8"

Type: integer

This option specifies the transmission power in dBm

Value must be greater or equal to 0 and lesser or equal to 30

Type: boolean Default: false

Allow legacy 802.11b data rates.

Type: integer Default: 100

Beacon interval in kus (1.024 ms).

Value must be greater or equal to 15 and lesser or equal to 65535

Type: integer Default: 2

Set the DTIM (delivery traffic information message) period. There will be one DTIM per this many beacon frames. This may be set between 1 and 255. This option only has an effect on ap wifi-ifaces.

Value must be greater or equal to 1 and lesser or equal to 255

Type: integer

Set the maximum number of clients that may connect to this radio. This value is accumulative for all attached VAP interfaces.

Type: object

The rate configuration of this BSS.

Type: enum (of integer) Default: 6000

The beacon rate that shall be used by the BSS. Values are in Mbps.

Must be one of:

  • 0
  • 1000
  • 2000
  • 5500
  • 6000
  • 9000
  • 11000
  • 12000
  • 18000
  • 24000
  • 36000
  • 48000
  • 54000

Type: enum (of integer) Default: 24000

The multicast rate that shall be used by the BSS. Values are in Mbps.

Must be one of:

  • 0
  • 1000
  • 2000
  • 5500
  • 6000
  • 9000
  • 11000
  • 12000
  • 18000
  • 24000
  • 36000
  • 48000
  • 54000

Type: object

This section describes the HE specific configuration options of the BSS.

Type: boolean Default: false

Enabling this option will make the PHY broadcast its BSSs using the multiple BSSID beacon IE.

Type: boolean Default: false

Enableing this option will make the PHY broadcast its multiple BSSID beacons using EMA.

Type: integer Default: 64

This enables BSS Coloring on the PHY. setting it to 0 disables the feature 1-63 sets the color and 64 will make hostapd pick a random color.

Type: array of string

This array allows passing raw hostapd.conf lines.

Each item of this array must be:

Type: string
Examples:

"ap_table_expiration_time=3600"
"device_type=6-0050F204-1"
"ieee80211h=1"
"rssi_ignore_probe_request=-75"
"time_zone=EST5"
"uuid=12345678-9abc-def0-1234-56789abcdef0"
"venue_url=1:http://www.example.com/info-eng"
"wpa_deny_ptk0_rekey=0"

Type: array

Each item of this array must be:

Type: object

This section describes the logical network interfaces of the device. Interfaces as their primary have a role that is upstream, downstream, guest, ....

Type: string

This is a free text field, stating the administrative name of the interface. It may contain spaces and special characters.


Example:

"LAN"

Type: enum (of string)

The role defines if the interface is upstream or downstream facing.

Must be one of:

  • "upstream"
  • "downstream"

Type: boolean

This option makes sure that any traffic leaving this interface is isolated and all local IP ranges are blocked. It essentially enforces "guest network" firewall settings.

Type: integer

The routing metric of this logical interface. Lower values have higher priority.

Value must be greater or equal to 0 and lesser or equal to 4294967295

Type: array of string

The services that shall be offered on this logical interface. These are just strings such as "ssh", "lldp", "mdns"

Each item of this array must be:

Type: string
Examples:

"ssh"
"lldp"

Type: object

This section describes the vlan behaviour of a logical network interface.

Type: integer

This is the pvid of the vlan that shall be assigned to the interface. The individual physical network devices contained within the interface need to be told explicitly if egress traffic shall be tagged.

Value must be lesser or equal to 4050

Type: enum (of string) Default: "802.1q"

Must be one of:

  • "802.1ad"
  • "802.1q"

Type: object

This section describes the bridge behaviour of a logical network interface.

Type: integer

The MTU that shall be used by the network interface.

Value must be greater or equal to 256 and lesser or equal to 65535


Example:

1500

Type: integer

The Transmit Queue Length is a TCP/IP stack network interface value that sets the number of packets allowed per kernel transmit queue of a network interface device.


Example:

5000

Type: boolean Default: false

Isolates the bridge ports from each other.

Type: array

Each item of this array must be:

Type: object

This section defines the physical copper/fiber ports that are members of the interface. Network devices are referenced by their logical names.

Type: array of string

The list of physical network devices that shall be added to the interface. The names are logical ones and wildcardable. "WAN" will use whatever the hardwares default upstream facing port is. "LANx" will use the "x'th" downstream facing ethernet port. LAN* will use all downstream ports.

Each item of this array must be:

Type: string
Examples:

"LAN1"
"LAN2"
"LAN3"
"LAN4"
"LAN*"
"WAN*"
"*"

Type: boolean Default: true

Enable multicast support.

Type: boolean Default: true

Controls whether a given port will learn MAC addresses from received traffic or not. If learning if off, the bridge will end up flooding any traffic for which it has no FDB entry. By default this flag is on.

Type: boolean Default: false

Only allow communication with non-isolated bridge ports when enabled.

Type: string

Enforce a specific MAC to these ports.

Type: boolean Default: false

Reverse Path filtering is a method used by the Linux Kernel to help prevent attacks used by Spoofing IP Addresses.

Type: enum (of string) Default: "auto"

Shall the port have a vlan tag.

Must be one of:

  • "tagged"
  • "un-tagged"
  • "auto"

Type: object

This section describes the IPv4 properties of a logical interface.

Type: enum (of string)

This option defines the method by which the IPv4 address of the interface is chosen.

Must be one of:

  • "dynamic"
  • "static"

Example:

"static"

Type: string

This option defines the static IPv4 of the logical interface in CIDR notation. auto/24 can be used, causing the configuration layer to automatically use and address range from globals.ipv4-network.


Example:

"auto/24"

Type: string

This option defines the static IPv4 gateway of the logical interface.


Example:

"192.168.1.1"

Type: boolean Default: true

include the devices hostname inside DHCP requests


Example:

true

Type: array of string

Define which DNS servers shall be used. This can either be a list of static IPv4 addresse or dhcp (use the server provided by the DHCP lease)

Each item of this array must be:

Type: string
Examples:

"8.8.8.8"
"4.4.4.4"

Type: object

This section describes the DHCP server configuration

Type: integer

The last octet of the first IPv4 address in this DHCP pool.


Example:

10

Type: integer

The number of IPv4 addresses inside the DHCP pool.


Example:

100

Type: string Default: "6h"

How long the lease is valid before a RENEW must be issued.

Type: string

Start a L2 DHCP relay in this logical interface and use this IPv4 addr as the upstream server.

Type: string

This option selects what info shall be contained within a relayed frames circuit ID. The string passed in has placeholders that are placed inside a bracket pair "{}". Any text not contained within brackets will be included as freetext. Valid placeholders are "Name, Model, Location, Interface, VLAN-Id, SSID, Crypto, AP-MAC, AP-MAC-Hex, Client-MAC, Client-MAC-Hex"

Type: string

This option selects what info shall be contained within a relayed frames remote ID. The string passed in has placeholders that are placed inside a bracket pair "{}". Any text not contained within brackets will be included as freetext. Valid placeholders are "VLAN-Id, SSID, AP-MAC, AP-MAC-Hex, Client-MAC, Client-MAC-Hex"

Type: array

Each item of this array must be:

Type: object

This section describes the static DHCP leases of this logical interface.

Type: string

The MAC address of the host that this lease shall be used for.


Example:

"00:11:22:33:44:55"

Type: integer

The offset of the IP that shall be used in relation to the first IP in the available range.


Example:

10

Type: string Default: "6h"

How long the lease is valid before a RENEW muss ne issued.

Type: boolean Default: true

Shall the hosts hostname be made available locally via DNS.

Type: object

This section describes the IPv6 properties of a logical interface.

Type: enum (of string)

This option defines the method by which the IPv6 subnet of the interface is acquired. In static addressing mode, the specified subnet and gateway, if any, are configured on the interface in a fixed manner. Also - if a prefix size hint is specified - a prefix of the given size is allocated from each upstream received prefix delegation pool and assigned to the interface. In dynamic addressing mode, a DHCPv6 client will be launched to obtain IPv6 prefixes for the interface itself and for downstream delegation. Note that dynamic addressing usually only ever makes sense on upstream interfaces.

Must be one of:

  • "dynamic"
  • "static"

Type: string

This option defines a static IPv6 prefix in CIDR notation to set on the logical interface. A special notation "auto/64" can be used, causing the configuration agent to automatically allocate a suitable prefix from the IPv6 address pool specified in globals.ipv6-network. This property only applies to static addressing mode. Note that this is usually not needed due to DHCPv6-PD assisted prefix assignment.


Example:

"auto/64"

Type: string

This option defines the static IPv6 gateway of the logical interface. It only applies to static addressing mode. Note that this is usually not needed due to DHCPv6-PD assisted prefix assignment.


Example:

"2001:db8:123:456::1"

Type: integer

For dynamic addressing interfaces, this property specifies the prefix size to request from an upstream DHCPv6 server through prefix delegation. For static addressing interfaces, it specifies the size of the sub-prefix to allocate from the upstream-received delegation prefixes for assignment to the logical interface.

Value must be greater or equal to 0 and lesser or equal to 64

Type: object

This section describes the DHCPv6 server configuration

Type: enum (of string)

Specifies the DHCPv6 server operation mode. When set to "stateless", the system will announce router advertisements only, without offering stateful DHCPv6 service. When set to "stateful", emitted router advertisements will instruct clients to obtain a DHCPv6 lease. When set to "hybrid", clients can freely chose whether to self-assign a random address through SLAAC, whether to request an address via DHCPv6, or both. For maximum compatibility with different clients, it is recommended to use the hybrid mode. The special mode "relay" will instruct the unit to act as DHCPv6 relay between this interface and any of the IPv6 interfaces in "upstream" mode.

Must be one of:

  • "hybrid"
  • "stateless"
  • "stateful"
  • "relay"

Type: array of string

Overrides the DNS server to announce in DHCPv6 and RA messages. By default, the device will announce its own local interface address as DNS server, essentially acting as proxy for downstream clients. By specifying a non-empty list of IPv6 addresses here, this default behaviour can be overridden.

Each item of this array must be:

Type: string

Type: string Default: "::/0"

Selects a specific downstream prefix or a number of downstream prefix ranges to announce in DHCPv6 and RA messages. By default, all prefixes configured on a given downstream interface are advertised. By specifying an IPv6 prefix in CIDR notation here, only prefixes covered by this CIDR are selected.

Type: object

This Object defines the properties of a broad-band uplink.

Type: const

This uplink uses WWAN/LTE

Specific value: "wwan"

Type: enum (of string)

The local protocol that the modem supports.

Must be one of:

  • "qmi"
  • "mbim"
  • "wwan"

Type: string

Commonly known as APN. The name of a gateway between a mobile network and the internet.

Type: enum (of string) Default: "none"

The authentication mode that shall be used.

Must be one of:

  • "none"
  • "pap"
  • "chap"
  • "pap-chap"

Type: string

The PIN that shall be used to unlock the SIM card.

Type: string

This option is only required if an authentication-type is defined.

Type: string

This option is only required if an authentication-type is defined.

Type: enum (of string) Default: "dual-stack"

Define what kind of IP stack shall be used.

Must be one of:

  • "ipv4"
  • "ipv6"
  • "dual-stack"
Type: object

This Object defines the properties of a PPPoE uplink.

Type: const

This uplink uses PPPoE

Specific value: "pppoe"

Type: string

The username used to authenticate.

Type: string

The password used to authenticate.

Type: object

This section can be used to setup a captive portal on the AP.

Type: string Default: "uCentral - Captive Portal"

This name will be presented to connecting users in on the splash page.

Type: string Default: "ucentral.splash"

The fqdn used for the captive portal IP.

Type: integer Default: 32

The maximum number of clients that shall be accept.

Type: integer Default: 0

The maximum upload rate for a specific client.

Type: integer Default: 0

The maximum download rate for a specific client.

Type: integer Default: 0

The maximum upload quota for a specific client.

Type: integer Default: 0

The maximum download quota for a specific client.

Type: array

Each item of this array must be:

Type: object

A device has certain properties that describe its identity and location. These properties are described inside this object.

Type: enum (of string) Default: "user-defined"

An SSID can have a special purpose such as the hidden on-boarding BSS. All purposes other than "user-defined" are static pre-defined configurations.

Must be one of:

  • "user-defined"
  • "onboarding-ap"
  • "onboarding-sta"

Type: string

The broadcasted SSID of the wireless network and for for managed mode the SSID of the network you’re connecting to

Must be at least 1 characters long

Must be at most 32 characters long

Type: array of enum (of string)

The band that the SSID should be broadcasted on. The configuration layer will use the first matching band.

Each item of this array must be:

Type: enum (of string)

Must be one of:

  • "2G"
  • "5G"
  • "5G-lower"
  • "5G-upper"
  • "6G"

Type: enum (of string) Default: "ap"

Selects the operation mode of the wireless network interface controller.

Must be one of:

  • "ap"
  • "sta"
  • "mesh"
  • "wds-ap"
  • "wds-sta"
  • "wds-repeater"

Type: string

Override the BSSID of the network, only applicable in adhoc or sta mode.

Type: boolean

Disables the broadcasting of beacon frames if set to 1 and,in doing so, hides the ESSID.

Type: boolean

Isolates wireless clients from each other on this BSS.

Type: boolean

Unscheduled Automatic Power Save Delivery.

Type: integer

Set the RTS/CTS threshold of the BSS.

Value must be greater or equal to 1 and lesser or equal to 65535

Type: boolean

This option will make the unit braodcast the time inside its beacons.

Type: boolean

Convert multicast traffic to unicast on this BSS.

Type: array of string

The services that shall be offered on this logical interface. These are just strings such as "wifi-steering"

Each item of this array must be:

Type: string
Example:

"wifi-steering"

Type: integer

Set the maximum number of clients that may connect to this VAP.

Type: boolean Default: true

Proxy ARP is the technique in which the host router, answers ARP requests intended for another machine.

Type: boolean Default: false

Type: string

Type: object

A device has certain properties that describe its identity and location. These properties are described inside this object.

Type: enum (of string)

The wireless encryption protocol that shall be used for this BSS

Must be one of:

  • "none"
  • "psk"
  • "psk2"
  • "psk-mixed"
  • "wpa"
  • "wpa2"
  • "wpa-mixed"
  • "sae"
  • "sae-mixed"
  • "wpa3"
  • "wpa3-192"
  • "wpa3-mixed"

Example:

"psk2"

Type: string

The Pre Shared Key (PSK) that is used for encryption on the BSS when using any of the WPA-PSK modes.

Must be at least 8 characters long

Must be at most 63 characters long

Type: enum (of string) Default: "disabled"

Enable 802.11w Management Frame Protection (MFP) for this BSS.

Must be one of:

  • "disabled"
  • "optional"
  • "required"

Type: array

Each item of this array must be:

Type: object

A SSID can have multiple PSK/VID mappings. Each one of them can be bound to a specific MAC or be a wildcard.

Type: string

Type: string

The Pre Shared Key (PSK) that is used for encryption on the BSS when using any of the WPA-PSK modes.

Must be at least 8 characters long

Must be at most 63 characters long

Type: integer

Value must be lesser or equal to 4096


Examples:

3
100
200
4094

Type: object

Enable 802.11k Radio Resource Management (RRM) for this BSS.

Type: boolean Default: false

Enable neighbor report via radio measurements (802.11k).

Type: string

The content of a LCI measurement subelement

Type: string

The content of a location civic measurement subelement

Type: boolean Default: false

Publish fine timing measurement (FTM) responder functionality on this BSS.

Type: boolean Default: false

Stationary AP config indicates that the AP doesn't move.

Type: object

The UE rate-limiting configuration of this BSS.

Type: integer Default: 0

The ingress rate to which hosts will be shaped. Values are in Mbps

Type: integer Default: 0

The egress rate to which hosts will be shaped. Values are in Mbps

Type: object

Enable 802.11r Fast Roaming for this BSS.

Type: enum (of string) Default: "ds"

Shall the pre authenticated message exchange happen over the air or distribution system.

Must be one of:

  • "air"
  • "ds"

Type: boolean Default: false

Whether to generate FT response locally for PSK networks. This avoids use of PMK-R1 push/pull from other APs with FT-PSK networks.

Type: string

Mobility Domain identifier (dot11FTMobilityDomainID, MDID).

Must be at least 4 characters long

Must be at most 4 characters long


Example:

"abcd"

Type: string

The pairwise master key R0. This is unique to the mobility domain and is required for fast roaming over the air. If the field is left empty a deterministic key is generated.

Type: string

The pairwise master key R1. This is unique to the mobility domain and is required for fast roaming over the air. If the field is left empty a deterministic key is generated.

Type: object

When using EAP encryption we need to provide the required information allowing us to connect to the AAA servers.

Type: string

NAS-Identifier string for RADIUS messages. When used, this should be unique to the NAS within the scope of the RADIUS server.

Type: boolean Default: false

This will enable support for Chargeable-User-Identity (RFC 4372).

Type: object

Describe the properties of the local Radius server inside hostapd.

Type: string Default: "uCentral"

EAP methods that provide mechanism for authenticated server identity delivery use this value.

Type: array

Specifies a collection of local EAP user/psk/vid triplets.

Each item of this array must be:

Describes a local EAP user/psk/vid triplet.

Same definition as interface.ssid.radius.local-user

Type: object

Describe the properties of a Radius server.

Type: string

The URI of our Radius server.


Example:

"192.168.1.10"

Type: integer

The network port of our Radius server.

Value must be greater or equal to 1024 and lesser or equal to 65535


Example:

1812

Type: string

The shared Radius authentication secret.


Example:

"secret"

Type: array of object

The additional Access-Request attributes that gets sent to the server.

Each item of this array must be:

Type: object
Examples:

{
    "id": 27,
    "value": 900
}
{
    "id": 32,
    "value": "My NAS ID"
}
{
    "id": 56,
    "value": 1004
}
{
    "id": 126,
    "value": "Example Operator"
}

Type: integer

The ID of the RADIUS attribute

Value must be greater or equal to 1 and lesser or equal to 255

Type: integer

The numeric RADIUS attribute value

Value must be greater or equal to 0 and lesser or equal to 4294967295

Type: string

The RADIUS attribute value string


Example:

"126:s:Operator"

Describe the properties of a Radius server.

Same definition as authentication
Type: object

Type: integer Default: 60

The interim accounting update interval. This value is defined in seconds.

Value must be greater or equal to 60 and lesser or equal to 600

Type: object

When running a local EAP server or using STA/MESH to connect to another BSS a set of certificates is required.

Type: boolean Default: false

The device will use its local certificate bundle for the TLS setup and ignores all other certificate options in this section.

Type: string

The local servers CA bundle.

Type: string

The local servers certificate.

Type: string

The local servers private key/

Type: string

The password required to read the private key.

Type: object

Enable Hotspot 2.0 support.

Type: array of string

This parameter can be used to configure one or more Venue Name Duples for Venue Name ANQP information.

Each item of this array must be:

Type: string

Type: integer

The available values are defined in 802.11u.

Value must be lesser or equal to 32

Type: integer

The available values are defined in IEEE Std 802.11u-2011, 7.3.1.34

Value must be lesser or equal to 32

Type: array of string

This parameter can be used to configure one or more Venue URL Duples to provide additional information corresponding to Venue Name information.

Each item of this array must be:

Type: string

Type: object

This parameter indicates what type of network authentication is used in the network.

Type: enum (of string)

Specifies the specific network authentication type in use.

Must be one of:

  • "terms-and-conditions"
  • "online-enrollment"
  • "http-redirection"
  • "dns-redirection"

Type: string

Specifies the redirect URL applicable to the indicated authentication type.


Examples:

"https://operator.example.org/wireless-access/terms-and-conditions.html"
"http://www.example.com/redirect/me/here/"

Type: array of string

The IEEE 802.11u Domain Name.

Each item of this array must be:

Type: string

Type: array of string

NAI Realm information

Each item of this array must be:

Type: string

Type: boolean

OSU Server-Only Authenticated L2 Encryption Network;

Type: integer

ANQP Domain ID, An identifier for a set of APs in an ESS that share the same common ANQP information.

Value must be greater or equal to 0 and lesser or equal to 65535

Type: array of string

The ANQP 3GPP Cellular Network information.

Each item of this array must be:

Type: string

Type: array of string

This parameter can be used to configure one or more Operator Friendly Name Duples.

Each item of this array must be:

Type: string

Type: integer Default: 0

Indicate the type of network. This is part of the interworking IE.

Value must be lesser or equal to 15

Type: boolean Default: true

Whether the network provides connectivity to the Internet

Type: boolean Default: false

Additional Step Required for Access.

Type: boolean Default: false

Emergency services reachable.

Type: boolean Default: false

Unauthenticated emergency service accessible.

Type: string

Homogeneous ESS identifier

Type: array of string

Roaming Consortium OIs can be configured here. Each OI is between 3 and 15 octets and is configured as a hexstring.

Each item of this array must be:

Type: string

Type: boolean Default: false

Disable Downstream Group-Addressed Forwarding. This can be used to configure a network where no group-addressed frames are allowed.

Type: integer

IP Address Type Availability.

Value must be lesser or equal to 255

Type: array of string

This can be used to advertise what type of IP traffic can be sent through the hotspot.

Each item of this array must be:

Type: string

Type: array of object

The operator icons.

Each item of this array must be:

Type: object
Example:

{
    "width": 32,
    "height": 32,
    "type": "image/png",
    "language": "eng",
    "icon": "R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0frl3/zy7////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAkAABAALAAAAAAQABAAAAVVICSOZGlCQAosJ6mu7fiyZeKqNKToQGDsM8hBADgUXoGAiqhSvp5QAnQKGIgUhwFUYLCVDFCrKUE1lBavAViFIDlTImbKC5Gm2hB0SlBCBMQiB0UjIQA7"
}

Type: integer

The width of the operator icon in pixel


Example:

64

Type: integer

The height of the operator icon in pixel


Example:

64

Type: string

The mimetype of the operator icon


Example:

"image/png"

Type: string

The base64 encoded image

Type: string

ISO 639-2 language code of the icon

Must match regular expression: ^[a-z][a-z][a-z]$
Examples:

"eng"
"fre"
"ger"
"ita"

Type: object

A description of the wan metric offered by this device.

Type: enum (of string)

The state of the devices uplink

Must be one of:

  • "up"
  • "down"
  • "testing"

Type: object

The thresholds that need to be meet for a clien association to be allowed.

Type: integer

Probe requests will be ignored if the rssi is below this threshold.

Type: integer

Association requests will be denied if the rssi is below this threshold.

Type: array of string

This array allows passing raw hostapd.conf lines.

Each item of this array must be:

Type: string
Examples:

"ap_table_expiration_time=3600"
"device_type=6-0050F204-1"
"ieee80211h=1"
"rssi_ignore_probe_request=-75"
"time_zone=EST5"
"uuid=12345678-9abc-def0-1234-56789abcdef0"
"venue_url=1:http://www.example.com/info-eng"
"wpa_deny_ptk0_rekey=0"

Type: object

This Object defines the properties of a mesh interface overlay.

Type: const

This field must be set to mesh.

Specific value: "mesh"
Type: object

This Object defines the properties of a vxlan tunnel.

Type: const

This field must be set to vxlan.

Specific value: "vxlan"

Type: string

This is the IP address of the remote host, that the VXLAN tunnel shall be established with.

Type: integer

The network port that shall be used to establish the VXLAN tunnel.

Value must be greater or equal to 1 and lesser or equal to 65535


Example:

4789
Type: object

This Object defines the properties of a l2tp tunnel.

Type: const

This field must be set to vxlan.

Specific value: "l2tp"

Type: string

This is the IP address of the remote host, that the L2TP tunnel shall be established with.

Type: string

The username used to authenticate.

Type: string

The password used to authenticate.

Type: object

This Object defines the properties of a GRE tunnel.

Type: const

This field must be set to gre.

Specific value: "gre"

Type: string

This is the IP address of the remote host, that the GRE tunnel shall be established with.

Type: object

This section describes all of the services that may be present on the AP. Each service is then referenced via its name inside an interface, ssid, ...

Type: object

Type: string Default: "uCentral Access Point"

The LLDP description field. If set to "auto" it will be derived from unit.name.

Type: string Default: "uCentral Network"

The LLDP location field. If set to "auto" it will be derived from unit.location.

Type: object

This section can be used to setup a SSH server on the AP.

Type: integer Default: 22

This option defines which port the SSH server shall be available on.

Value must be lesser or equal to 65535

Type: array of string

This allows the upload of public ssh keys. Keys need to be seperated by a newline.

Each item of this array must be:

Type: string
Examples:

"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC0ghdSd2D2y08TFowZLMZn3x1/Djw3BkNsIeHt/Z+RaXwvfV1NQAnNdaOngMT/3uf5jZtYxhpl+dbZtRhoUPRvKflKBeFHYBqjZVzD3r4ns2Ofm2UpHlbdOpMuy9oeTSCeF0IKZZ6szpkvSirQogeP2fe9KRkzQpiza6YxxaJlWw== user@example"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4FDjyCsg+1Mh2C5G7ibR3z0Kw1dU57kfXebLRwS6CL bob@work"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP/JpJ/KHtKKImzISBDwLO0/EwytIr4pGZQXcP6GCSHchLMyfjf147KNlF9gC+3FibzqKH02EiQspVhRgfuK6y0= alice@home"

Type: boolean Default: true

This option defines if password authentication shall be enabled. If set to false, only ssh key based authentication is possible.

Type: object

This section can be used to setup the upstream NTP servers.

Type: array of string

This is an array of URL/IP of the upstream NTP servers that the unit shall use to acquire its current time.

Each item of this array must be:

Type: string

Example:

"0.openwrt.pool.ntp.org"

Type: boolean

Start a NTP server that provides the time to local clients.


Example:

true

Type: object

This section can be used to configure the MDNS server.

Type: boolean Default: false

Enable this option if you would like to enable the MDNS server on the unit.

Type: object

This section can be used to setup a persistent connection to a rTTY server.

Type: string

The server that the device shall connect to.


Example:

"192.168.1.10"

Type: integer Default: 5912

This option defines the port that device shall connect to.

Value must be lesser or equal to 65535

Type: string

The security token that shall be used to authenticate with the server.

Must be at least 32 characters long

Must be at most 32 characters long


Example:

"01234567890123456789012345678901"

Type: object

This section can be used to configure remote syslog support.

Type: string

IP address of a syslog server to which the log messages should be sent in addition to the local destination.


Example:

"192.168.1.10"

Type: integer

Port number of the remote syslog server specified with log_ip.

Value must be greater or equal to 100 and lesser or equal to 65535


Example:

2000

Type: enum (of string) Default: "udp"

Sets the protocol to use for the connection, either tcp or udp.

Must be one of:

  • "tcp"
  • "udp"

Type: integer Default: 1000

Size of the file based log buffer in KiB. This value is used as the fallback value for logbuffersize if the latter is not specified.

Value must be greater or equal to 32

Type: object

Enable the webserver with the on-boarding webui

Type: integer Default: 80

The port that the HTTP server should run on.

Value must be greater or equal to 1 and lesser or equal to 65535

Type: object

This section allows enabling the IGMP/Multicast proxy

Type: boolean Default: false

This option defines if the IGMP/Multicast proxy shall be enabled on the device.

Type: object

This section allows enabling wired ieee802.1X

Type: string

The local servers CA bundle.

Type: boolean Default: false

The device will use its local certificate bundle for the Radius server and ignore all other certificate options in this section.

Type: string

The local servers certificate.

Type: string

The local servers private key/

Type: array

Specifies a collection of local EAP user/psk/vid triplets.

Each item of this array must be:

Type: object

Describes a local EAP user/psk/vid triplet.

Type: string

Type: string

Must be at least 1 characters long

Type: string

Must be at least 8 characters long

Must be at most 63 characters long

Type: integer

Value must be lesser or equal to 4096


Examples:

3
100
200
4094

Type: object

This section can be used to setup a radius security proxy instance (radsecproxy).

Type: array of object

The various realms that we can proxy to.

Each item of this array must be:

Type: object

Type: string Default: "*"

The realm that that this server shall be used for.

Type: boolean Default: false

Auto discover radsec server address via realm DNS NAPTR record.

Type: string

The remote proxy server that the device shall connect to.


Example:

"192.168.1.10"

Type: integer Default: 2083

The remote proxy port that the device shall connect to.

Value must be lesser or equal to 65535

Type: string

The radius secret that will be used for the connection.

Type: boolean Default: false

The device will use its local certificate bundle for the TLS setup and ignores all other certificate options in this section.

Type: string

The local servers CA bundle.

Type: string

The local servers certificate.

Type: string

The local servers private key/

Type: string

The password required to read the private key.

Type: object

This section can be used to configure the online check service.

Type: array of string

Hosts that shall be pinged to find out if we are online.

Each item of this array must be:

Type: string
Example:

"192.168.1.10"

Type: array of string

URLs to which a http/s connection shall be established to find out if we are online. The service will try to download http://$string/online.txt and expects the content of that file to be "Ok". HTTP 30x is support allowing https redirects.

Each item of this array must be:

Type: string
Example:

"www.example.org"

Type: number Default: 60

The interval in seconds in between each online-check.

Type: number Default: 1

How often does the online check need to fail until the system assumes that it has lost online connectivity.

Type: array of enum (of string)

The action that the device shall execute when it has detected that it is not online.

Each item of this array must be:

Type: enum (of string)

Must be one of:

  • "wifi"
  • "leds"

Type: object

This section can be used to configure an OpenFlow controller target.

Type: string

The IP address of the OpenFlow controller target.

Type: string

Set a human-readable description for the bridge.

Type: enum (of string) Default: "ssl"

The mode to use for the OpenFlow controller target.

Must be one of:

  • "pssl"
  • "ptcp"
  • "ssl"
  • "tcp"

Type: integer Default: 6653

The port to use for the OpenFlow controller target.

Value must be lesser or equal to 65535

Type: string

The CA certificate.

Type: string

The SSL certificate.

Type: string

The SSL private key.

Type: object

This section can be used to define eBPF and cBPF blobs that shall be loaded for virtual data-planes and SDN.

Type: array of object

A list of programs that can be loaded as ingress filters on interfaces.

Each item of this array must be:

Type: object

Type: string

The name of the ingress filter.

Type: string

The base64 encoded xBPF.

Type: object

This section describes the band steering behaviour of the unit.

Type: enum (of string)

Wifi sterring can happen either locally or via the backend gateway.

Must be one of:

  • "local"
  • "cloud"

Example:

"local"

Type: boolean Default: false

Allow rejecting assoc requests for steering purposes.

Type: integer Default: 0

Minimum required signal level (dBm) for connected clients. If the client will be kicked if the SNR drops below this value.

Type: integer Default: 0

Minimum required signal level (dBm) to allow connections. If the SNR is below this value, probe requests will not be replied to.

Type: integer Default: 0

Minimum required signal level (dBm) before an attempt is made to roam the client to a better AP.

Type: integer Default: 0

Minimum channel load (%) before kicking clients

Type: boolean Default: false

Allow multiple instances of the steering daemon to coordinate the best channel usage amongst eachother.

Type: object

This section describes the QoS behaviour of the unit.

Type: array of string

The physical network devices that shall be considered the primary uplink interface. All classification and shaping will happen on this device.

Each item of this array must be:

Type: string Default: "WAN"

Type: integer Default: 0

Defines the upload bandwidth of this device. If it is not known or the device is attached to a shared medium, this value needs to be 0.

Type: integer Default: 0

Defines the download bandwidth of this device. If it is not known or the device is attached to a shared medium, this value needs to be 0.

Type: object

The QoS feature can automatically detect and classify bulk flows. This is based on average packet size and PPS.

Type: enum (of string) Default: "CS0"

The differentiated services code point that shall be assigned to packets that belong to a bulk flow.

Must be one of:

  • "CS0"
  • "CS1"
  • "CS2"
  • "CS3"
  • "CS4"
  • "CS5"
  • "CS6"
  • "CS7"
  • "AF11"
  • "AF12"
  • "AF13"
  • "AF21"
  • "AF22"
  • "AF23"
  • "AF31"
  • "AF32"
  • "AF33"
  • "AF41"
  • "AF42"
  • "AF43"
  • "DF"
  • "EF"
  • "VA"
  • "LE"

Type: number Default: 0

The required PPS rate that will cause a flow to be classified as bulk.

Type: array of object

A list of classifiers. Each classifier will map certain traffic to specific ToS/DSCP values based upon the defined constraints.

Each item of this array must be:

Type: object

The differentiated services code point that shall be assigned to packet that match the rules of this entry.

Same definition as dscp

Type: array of object

Each entry defines a layer3 protocol and a port(range) that will be used to match packets.

Each item of this array must be:

Type: object

Type: enum (of string) Default: "any"

The port match can apply for TCP, UDP or any IP protocol.

Must be one of:

  • "any"
  • "tcp"
  • "udp"

Type: integer

The port of this match rule.

Type: integer

The last port of this match rule if it is a port range.

Type: boolean Default: true

Ignore the ToS/DSCP of packets and reclassify them.

Type: array of object

Each entry defines a wildcard FQDN. The IP that this resolves to will be used to match packets.

Each item of this array must be:

Type: object

Type: string

Type: boolean Default: true

Match for all suffixes of the FQDN.

Type: boolean Default: true

Ignore the ToS/DSCP of packets and reclassify them.

Type: object

This section describes the FaceBook Wifi behaviour of the unit.

Type: string

The Vendors ID.

Type: string

The Gateways ID.

Type: string

The Device specific secret

Type: object

This section describes the vlan behaviour of a logical network interface.

Type: number Default: 4

Voice traffic does not get aggregated. As voice and video are both considered priotity voice is considered to have a heavier weight when calculation priority average.

Type: number Default: 100

The amount of packets that need to be received for a specific type of traffic before new averageg is calculated.

Type: number Default: 50

This option is a percentual value. If more the X% of the traffic is bulk, we assign the bulk weight.

Type: number Default: 30

This option is a percentual value. If more the X% of the traffic is priority, we assign the priority weight. Priority classification will take precedence over bulk.

Type: number Default: 256

The default ATF weight that UEs get assigned.

Type: number Default: 394

The default ATF weight that UEs get assigned when priority traffic above the configured percentage is detected.

Type: number Default: 128

The default ATF weight that UEs get assigned when bulk traffic above the configured percentage is detected.

Type: object

There are several types of mertics that shall be reported in certain intervals. This section provides a granual configuration.

Type: object

Statistics are traffic counters, neighbor tables, ...

Type: integer

The reporting interval defined in seconds.

Type: array of enum (of string)

A list of names of subsystems that shall be reported periodically.

Each item of this array must be:

Type: enum (of string)

Must be one of:

  • "ssids"
  • "lldp"
  • "clients"

Type: object

Health check gets executed periodically and will report a health value between 0-100 indicating how healthy the device thinks it is

Type: integer

The reporting interval defined in seconds.

Value must be greater or equal to 60

Type: object

Define which types of ieee802.11 management frames shall be sent up to the controller.

Type: array of enum (of string)

A list of the management frames types that shall be sent to the backend.

Each item of this array must be:

Type: enum (of string)

Must be one of:

  • "probe"
  • "auth"
  • "assoc"
  • "disassoc"
  • "deauth"
  • "local-deauth"
  • "inactive-deauth"
  • "key-mismatch"
  • "beacon-report"
  • "radar-detected"

Type: object

DHCP snooping allows us to intercept DHCP packages on interface that are bridged, where DHCP is not offered as a service by the AP.

Type: array of enum (of string)

A list of the message types that shall be sent to the backend.

Each item of this array must be:

Type: enum (of string)

Must be one of:

  • "ack"
  • "discover"
  • "offer"
  • "request"
  • "solicit"
  • "reply"
  • "renew"

Type: array of array

This object allows passing raw uci commands, that get applied after all the other configuration was ben generated.

Each item of this array must be:

Type: array of string

Must contain a minimum of 2 items

Each item of this array must be:

Type: string

Examples:

[
    "set",
    "system.@system[0].timezone",
    "GMT0"
]
[
    "delete",
    "firewall.@zone[0]"
]
[
    "delete",
    "dhcp.wan"
]
[
    "add",
    "dhcp",
    "dhcp"
]
[
    "add-list",
    "system.ntp.server",
    "0.pool.example.org"
]
[
    "del-list",
    "system.ntp.server",
    "1.openwrt.pool.ntp.org"
]

Type: object

Additional Properties of any type are allowed.

Type: object