---

- hosts: localhost
  vars:
    network_id: "L_828099381482771185" # Branch-1234
  gather_facts: false
  tasks:
    # - name: Get all networks _appliance _vlans
    #   cisco.meraki.networks_appliance_vlans_info:
    #     networkId: "{{network_id}}"
    #   register: result

    - name: Enable Vlans on the MX
      cisco.meraki.networks_appliance_vlans_settings:
        state: present
        networkId: "{{network_id}}"
        vlansEnabled: true

    - name: Update appliance Vlans
      cisco.meraki.networks_appliance_vlans:
        state: present
        applianceIp: 192.168.1.2
        cidr: 192.168.1.0/24
        id: '1234'
        name: My VLAN
        networkId: "{{network_id}}"
        subnet: 192.168.1.0/24

    - name: Update appliance SSID
      cisco.meraki.networks_appliance_ssids:
       state: present
       authMode: 8021x-radius
       defaultVlanId: 10
       enabled: true
       name: My SSID
       networkId: "{{network_id}}"
       number: 1234
       radiusServers:
       - host: 1.2.3.4
         port: 1000
         secret: secret
       visible: true
       wpaEncryptionMode: WPA2 only

    - name: Update appliance traffic shaping
      cisco.meraki.networks_appliance_traffic_shaping:
        state: present
        globalBandwidthLimits:
          limitDown: 5120
          limitUp: 2048
        networkId: "{{network_id}}"

    - name: Update appliance ports
      cisco.meraki.networks_appliance_ports:
        allowedVlans: "all"
        enabled: true
        networkId: "{{network_id}}"
        portId: "4"
        type: "trunk"
        vlan: 10
        state: present

    - name: Create FW outbound L3 rules
      cisco.meraki.networks_appliance_firewall_l3_firewall_rules:
        networkId: "{{network_id}}"
        state: present
        rules:
          - comment: Block internetbadguys.com
            destCidr: internetbadguys.com
            destPort: any
            policy: deny
            protocol: any
            srcCidr: any
            syslogEnabled: false

    - name: Create FW inbound L3 rules
      cisco.meraki.networks_appliance_firewall_inbound_firewall_rules:
        networkId: "{{network_id}}"
        rules:
        - comment: Allow HTTP traffic to VLAN 1234 with HTTP servers.
          destCidr: VLAN(1234).*
          destPort: '80'
          policy: allow
          protocol: tcp
          srcCidr: Any
          srcPort: Any
          syslogEnabled: false

    - name: Create FW L7 rules
      cisco.meraki.networks_appliance_firewall_l7_firewall_rules:
        networkId: "{{network_id}}"
        rules:
        - policy: deny
          type: applicationCategory
          value: 
            name: Sports
            id: meraki:layer7/category/5

    - name: Get all networks _appliance _firewall l3firewallrules
      cisco.meraki.networks_appliance_firewall_l3_firewall_rules_info:
        networkId: "{{network_id}}"
      register: result

    - name: Show result
      ansible.builtin.debug:
        msg: "{{ result }}"