--- - hosts: localhost gather_facts: false vars: debug: false oid: 537586 nid: L_671599294431642401 # TaintonNet vlans: - id: 1 name: Default dhcp: false - id: 5 name: Native dhcp: false - id: 6 name: CiscoEquip dhcp: true - id: 10 name: Infra dhcp: true - id: 25 name: Trusted Clients dhcp: true - id: 35 name: IoT dhcp: true - id: 40 name: DMZ dhcp: true mx_ports: # Hive Home - num: 3 enabled: true type: access vlan: 35 # Synology NAS - num: 4 enabled: true type: access vlan: 10 ### - num: 5 enabled: false - num: 6 enabled: false - num: 7 enabled: false - num: 8 enabled: false - num: 9 enabled: false - num: 10 enabled: false # Cisco HWB AP - num: 11 enabled: false type: access vlan: 6 # Trunk - num: 12 enabled: true type: trunk vlan: 5 allowed_vlans: 6,10,25,35,40 tasks: - name: Get Me cisco.meraki.administered_identities_me_info: meraki_suppress_logging: true register: me when: debug - name: Show current Meraki administrator ansible.builtin.debug: msg: "{{ me.meraki_response.name }} - {{me.meraki_response.email}}" when: debug - name: Get all Organizations cisco.meraki.organizations_info: meraki_suppress_logging: true register: organizations - name: Show Organizations List ansible.builtin.debug: msg: "{{ organizations | json_query('meraki_response[*].name') }}" when: debug - name: Get all devices cisco.meraki.devices_info: meraki_suppress_logging: true perPage: 100 networkIds: - "{{ nid }}" organizationId: "{{ oid }}" register: devices - name: Show Devices ansible.builtin.debug: msg: "{{ devices }}" when: debug - name: Update All Device Info cisco.meraki.devices: state: present address: "17 Oakmeadow Drive, St. Mellons, Cardiff, CF3 0EN" lat: "51.52239653227128" lng: "-3.1019189985160116" moveMapMarker: true serial: "{{ item.serial }}" loop: "{{ devices | json_query('meraki_response') }}" - name: Enable Vlans on the MX cisco.meraki.networks_appliance_vlans_settings: state: present networkId: "{{ nid }}" vlansEnabled: true - name: Show VLANs ansible.builtin.debug: msg: "{{ vlans }}" when: debug - name: Create VLANs on MX cisco.meraki.networks_appliance_vlans: state: present applianceIp: "192.168.{{ item.id }}.1" # cidr: "192.168.{{ item.id }}.0/24" id: "{{ item.id }}" vlanId: "{{ item.id }}" name: "{{ item.name }}" networkId: "{{ nid }}" subnet: "192.168.{{ item.id }}.0/24" loop: "{{ vlans }}" - name: Enable DHCP on Relevant VLANs cisco.meraki.networks_appliance_vlans: state: present networkId: "{{ nid }}" name: "{{ item.name }}" id: "{{ item.id }}" vlanId: "{{ item.id }}" dhcpHandling: "Run a DHCP server" dhcpLeaseTime: "1 day" dnsNameservers: | 9.9.9.9 149.112.112.112 loop: "{{ vlans }}" when: item.dhcp - name: Disable DHCP on Relevant VLANs cisco.meraki.networks_appliance_vlans: state: present networkId: "{{ nid }}" name: "{{ item.name }}" id: "{{ item.id }}" vlanId: "{{ item.id }}" dhcpHandling: "Do not respond to DHCP requests" loop: "{{ vlans }}" when: not item.dhcp - name: Configure MX Trunk Ports cisco.meraki.networks_appliance_ports: state: present networkId: "{{ nid }}" portId: "{{ item.num }}" enabled: true type: trunk vlan: "{{ item.vlan }}" # Native VLAN allowedVlans: "{{ item.allowed_vlans }}" dropUntaggedTraffic: false loop: "{{ mx_ports }}" when: item.enabled and item.type == "trunk" - name: Configure MX Access Ports cisco.meraki.networks_appliance_ports: state: present networkId: "{{ nid }}" portId: "{{ item.num }}" enabled: true accessPolicy: open type: access vlan: "{{ item.vlan }}" loop: "{{ mx_ports }}" when: item.enabled and item.type == "access" - name: Disable Inactive MX Ports cisco.meraki.networks_appliance_ports: state: present networkId: "{{ nid }}" portId: "{{ item.num }}" enabled: false loop: "{{ mx_ports }}" when: not item.enabled - name: Configure Wireless SSID cisco.meraki.networks_wireless_ssids: state: present networkId: "{{ nid }}" number: "0" name: Tainton WiFi enabled: true authMode: psk defaultVlanId: 35 dot11w: # PMF enabled: true required: false dot11r: # Fast Roam, not required as we only have 1 AP enabled: false # adaptive: true encryptionMode: wpa psk: "{{ lookup('ansible.builtin.env', 'WIFI_PSK', default=undef()) }}" visible: true wpaEncryptionMode: WPA3 Transition Mode availableOnAllAps: true ipAssignmentMode: "Bridge mode" lanIsolationEnabled: false mandatoryDhcpEnabled: false splashPage: "None" useVlanTagging: true - name: Configure Port Forwarding cisco.meraki.networks_appliance_firewall_port_forwarding_rules: state: present networkId: "{{ nid }}" rules: - name: NAS HTTP uplink: internet1 protocol: tcp publicPort: 80 lanIp: 192.168.10.2 localPort: 80 allowedIps: - any - name: NAS HTTPS uplink: internet1 protocol: tcp publicPort: 443 lanIp: 192.168.10.2 localPort: 443 allowedIps: - any - name: NAS SSH uplink: internet1 protocol: tcp publicPort: 3102 lanIp: 192.168.10.2 localPort: 3102 allowedIps: - 5.135.141.48 - name: Xbox TCP uplink: internet1 protocol: tcp publicPort: 3074 lanIp: 192.168.40.2 localPort: 3074 allowedIps: - any - name: Xbox UDP uplink: internet1 protocol: udp publicPort: 3074 lanIp: 192.168.40.2 localPort: 3074 allowedIps: - any