create_guest_network
create_guest_network
Section titled “create_guest_network”Provision an isolated guest network end-to-end: VLAN + guest SSID + drop rule.
Side effects:
- Step 1: creates a VLAN-tagged network with
purpose="guest"at the givensubnet(or10.0.<vlan_id>.0/24by default). - Step 2: creates a guest WPA2 WiFi SSID (client isolation enabled) bound to the new network. Access points start broadcasting within seconds.
- Step 3: creates a LAN_IN drop rule blocking the guest subnet from
reaching
main_lan_subnet. - Mutates controller state. Use dry_run=True to preview the change without applying.
- Rollback: if any sub-step fails, all prior sub-steps are reverted
(firewall_rule → wlan → network) and the response includes
rolled_backandpartialkeys.
Example
Section titled “Example”create_guest_network(name="guest", ssid="guest-wifi", passphrase="hunter2hunter2", vlan_id=60, main_lan_subnet="192.168.1.0/24")Parameters
Section titled “Parameters”| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
name | string | yes | — | Display name for the network record (e.g. "guest"). |
ssid | string | yes | — | SSID to broadcast (e.g. "guest-wifi"). |
passphrase | string | yes | — | WPA2 PSK (8-63 chars). |
vlan_id | integer | yes | — | 802.1Q VLAN ID, 2-4094. |
main_lan_subnet | string | no | ”192.168.1.0/24” | CIDR of the main LAN. The drop rule blocks guest → this subnet. |
subnet | string | no | "" | Override the guest subnet. Empty uses IOT_SUBNET_TEMPLATE (default 10.0.{vlan_id}.0/24). |
schedule | string | no | "" | Optional schedule descriptor (controller field schedule). Empty = always on. |
hide_ssid | boolean | no | false | True suppresses SSID broadcast (rare for guest). |
controller | string | no | ”default” | Name of the UniFi controller to target. Defaults to "default". |
dry_run | boolean | no | false | Preview the change without applying it. Returns the predicted change set. |