blob: a4f64e8ba3d6cd92bcdab33234253ce273ed5592 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
---
- hosts: localhost
vars:
network_id: "L_828099381482771185" # Branch-1234
gather_facts: false
tasks:
# - name: Get all networks _appliance _vlans
# cisco.meraki.networks_appliance_vlans_info:
# networkId: "{{network_id}}"
# register: result
- name: Enable Vlans on the MX
cisco.meraki.networks_appliance_vlans_settings:
state: present
networkId: "{{network_id}}"
vlansEnabled: true
- name: Update appliance Vlans
cisco.meraki.networks_appliance_vlans:
state: present
applianceIp: 192.168.1.2
cidr: 192.168.1.0/24
id: '1234'
name: My VLAN
networkId: "{{network_id}}"
subnet: 192.168.1.0/24
- name: Update appliance SSID
cisco.meraki.networks_appliance_ssids:
state: present
authMode: 8021x-radius
defaultVlanId: 10
enabled: true
name: My SSID
networkId: "{{network_id}}"
number: 1234
radiusServers:
- host: 1.2.3.4
port: 1000
secret: secret
visible: true
wpaEncryptionMode: WPA2 only
- name: Update appliance traffic shaping
cisco.meraki.networks_appliance_traffic_shaping:
state: present
globalBandwidthLimits:
limitDown: 5120
limitUp: 2048
networkId: "{{network_id}}"
- name: Update appliance ports
cisco.meraki.networks_appliance_ports:
allowedVlans: "all"
enabled: true
networkId: "{{network_id}}"
portId: "4"
type: "trunk"
vlan: 10
state: present
- name: Create FW outbound L3 rules
cisco.meraki.networks_appliance_firewall_l3_firewall_rules:
networkId: "{{network_id}}"
state: present
rules:
- comment: Block internetbadguys.com
destCidr: internetbadguys.com
destPort: any
policy: deny
protocol: any
srcCidr: any
syslogEnabled: false
- name: Create FW inbound L3 rules
cisco.meraki.networks_appliance_firewall_inbound_firewall_rules:
networkId: "{{network_id}}"
rules:
- comment: Allow HTTP traffic to VLAN 1234 with HTTP servers.
destCidr: VLAN(1234).*
destPort: '80'
policy: allow
protocol: tcp
srcCidr: Any
srcPort: Any
syslogEnabled: false
- name: Create FW L7 rules
cisco.meraki.networks_appliance_firewall_l7_firewall_rules:
networkId: "{{network_id}}"
rules:
- policy: deny
type: applicationCategory
value:
name: Sports
id: meraki:layer7/category/5
- name: Get all networks _appliance _firewall l3firewallrules
cisco.meraki.networks_appliance_firewall_l3_firewall_rules_info:
networkId: "{{network_id}}"
register: result
- name: Show result
ansible.builtin.debug:
msg: "{{ result }}"
|
