create_iot_network
create_iot_network
Section titled “create_iot_network”Provision an isolated IoT network end-to-end: VLAN + SSID + drop rule.
Side effects:
- Step 1: creates a VLAN-tagged network at the given
subnet(or10.0.<vlan_id>.0/24by default). - Step 2: creates a WPA2 WiFi SSID bound to the new network. Access points start broadcasting within seconds.
- Step 3 (when
isolate=True): creates a LAN_IN drop rule blocking the IoT subnet from reachingmain_lan_subnet. - Mutates controller state. Use dry_run=True to preview the change without applying.
- Rollback: if any sub-step fails, all prior sub-steps are reverted
(firewall_rule → wlan → network) and the response includes
rolled_backandpartialkeys.
Example
Section titled “Example”create_iot_network(name="iot", vlan_id=50, passphrase="hunter2hunter2", main_lan_subnet="192.168.1.0/24")Parameters
Section titled “Parameters”| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
name | string | yes | — | Used for both the network name and the SSID (e.g. "iot"). |
vlan_id | integer | yes | — | 802.1Q VLAN ID, 2-4094. Also drives the default subnet. |
passphrase | string | yes | — | WPA2 PSK for the IoT SSID (8-63 chars). |
main_lan_subnet | string | no | ”192.168.1.0/24” | CIDR of the main/trusted LAN. The isolation rule blocks IoT → this subnet. Defaults to "192.168.1.0/24". |
subnet | string | no | "" | Override the IoT subnet. Empty uses IOT_SUBNET_TEMPLATE (default 10.0.{vlan_id}.0/24). |
isolate | boolean | no | true | True (default) creates the LAN_IN drop rule. False lets IoT devices reach the main LAN (rare). |
hide_ssid | boolean | no | false | True suppresses SSID broadcast. |
controller | string | no | ”default” | Name of the UniFi controller to target. Defaults to "default". |
dry_run | boolean | no | false | Preview the change without applying it. Returns the predicted change set. |