repos/infra-meraki
5
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity
Files
41daf7025d9299a9fd6dc4c626ff21c80211e97d
infra-meraki/config.yaml
Luke Tainton 41daf7025d
All checks were successful
Deploy / deploy (push) Successful in 33s
Details
Remove enterpriseAdminAccess
2026-02-22 22:06:41 +00:00

195 lines
5.2 KiB
YAML
Raw Blame History

---
- hosts: localhost
gather_facts: false
vars:
debug: false
nid: L_671599294431642401 # TaintonNet
vlans:
- id: 1
name: Default
dhcp: false
- id: 5
name: Native
dhcp: false
- id: 6
name: CiscoEquip
dhcp: true
- id: 10
name: Infra
dhcp: true
- id: 25
name: Trusted Clients
dhcp: true
- id: 35
name: IoT
dhcp: true
- id: 40
name: DMZ
dhcp: true
mx_ports:
# Hive Home
- num: 3
enabled: true
type: access
vlan: 35
# Synology NAS
- num: 4
enabled: true
type: access
vlan: 10
###
- num: 5
enabled: false
- num: 6
enabled: false
- num: 7
enabled: false
- num: 8
enabled: false
- num: 9
enabled: false
- num: 10
enabled: false
# Cisco HWB AP
- num: 11
enabled: false
type: access
vlan: 6
# Trunk
- num: 12
enabled: true
type: trunk
vlan: 5
allowed_vlans: 6,10,25,35,40
tasks:
- name: Get Me
cisco.meraki.administered_identities_me_info:
meraki_suppress_logging: true
register: me
when: debug
- name: Show current Meraki administrator
ansible.builtin.debug:
msg: "{{ me.meraki_response.name }} - {{me.meraki_response.email}}"
when: debug
- name: Get all Organizations
cisco.meraki.organizations_info:
meraki_suppress_logging: true
register: organizations
- name: Show Organizations List
ansible.builtin.debug:
msg: "{{ organizations | json_query('meraki_response[*].name') }}"
when: debug
- name: Enable Vlans on the MX
cisco.meraki.networks_appliance_vlans_settings:
state: present
networkId: "{{ nid }}"
vlansEnabled: true
- name: Show VLANs
ansible.builtin.debug:
msg: "{{ vlans }}"
when: debug
- name: Create VLANs on MX
cisco.meraki.networks_appliance_vlans:
state: present
applianceIp: "192.168.{{ item.id }}.1"
# cidr: "192.168.{{ item.id }}.0/24"
id: "{{ item.id }}"
vlanId: "{{ item.id }}"
name: "{{ item.name }}"
networkId: "{{ nid }}"
subnet: "192.168.{{ item.id }}.0/24"
loop: "{{ vlans }}"
- name: Enable DHCP on Relevant VLANs
cisco.meraki.networks_appliance_vlans:
state: present
networkId: "{{ nid }}"
name: "{{ item.name }}"
id: "{{ item.id }}"
vlanId: "{{ item.id }}"
dhcpHandling: "Run a DHCP server"
dhcpLeaseTime: "1 day"
dnsNameservers: |
9.9.9.9
149.112.112.112
loop: "{{ vlans }}"
when: item.dhcp
- name: Disable DHCP on Relevant VLANs
cisco.meraki.networks_appliance_vlans:
state: present
networkId: "{{ nid }}"
name: "{{ item.name }}"
id: "{{ item.id }}"
vlanId: "{{ item.id }}"
dhcpHandling: "Do not respond to DHCP requests"
loop: "{{ vlans }}"
when: not item.dhcp
- name: Configure MX Trunk Ports
cisco.meraki.networks_appliance_ports:
state: present
networkId: "{{ nid }}"
portId: "{{ item.num }}"
enabled: true
type: trunk
vlan: "{{ item.vlan }}" # Native VLAN
allowedVlans: "{{ item.allowed_vlans }}"
dropUntaggedTraffic: false
loop: "{{ mx_ports }}"
when: item.enabled and item.type == "trunk"
- name: Configure MX Access Ports
cisco.meraki.networks_appliance_ports:
state: present
networkId: "{{ nid }}"
portId: "{{ item.num }}"
enabled: true
accessPolicy: open
type: access
vlan: "{{ item.vlan }}"
loop: "{{ mx_ports }}"
when: item.enabled and item.type == "access"
- name: Disable Inactive MX Ports
cisco.meraki.networks_appliance_ports:
state: present
networkId: "{{ nid }}"
portId: "{{ item.num }}"
enabled: false
loop: "{{ mx_ports }}"
when: not item.enabled
- name: Configure Wireless SSID
cisco.meraki.networks_wireless_ssids:
state: present
networkId: "{{ nid }}"
number: "2"
name: Tainton Test WiFi
enabled: true
authMode: psk
defaultVlanId: 35
dot11w: # PMF
enabled: true
required: false
dot11r: # Fast Roam, not required as we only have 1 AP
enabled: false
# adaptive: true
encryptionMode: wpa
psk: "{{ lookup('ansible.builtin.env', 'WIFI_PSK', default=undef()) }}"
visible: true
wpaEncryptionMode: WPA3 Transition Mode
availableOnAllAps: true
ipAssignmentMode: "Bridge mode"
lanIsolationEnabled: false
mandatoryDhcpEnabled: false
splashPage: "None"
useVlanTagging: true
Reference in New Issue View Git Blame Copy Permalink