MakerFLOSS_Mikrotik/roles/makerfloss.mikrotik_switch/defaults/main.yml

46 lines
1.6 KiB
YAML
Raw Normal View History

---
# ----- Identity / management -----
switch_identity_name: "{{ inventory_hostname }}"
switch_mgmt_vlan_id: 99
switch_mgmt_address: "192.168.88.1/24" # PLACEHOLDER — override in host_vars
switch_mgmt_gateway: "192.168.88.254" # PLACEHOLDER — override in host_vars
switch_dns_servers: "192.168.88.254"
switch_ntp_enabled: true # set false for an isolated mgmt plane
switch_ntp_servers: "192.168.88.254"
# Services to disable for hardening (winbox kept on by default for recovery)
switch_disabled_services:
- telnet
- ftp
- www
- www-ssl
- api
- api-ssl
switch_ssh_port: 22
switch_web_enabled: false # enable the WWW (HTTP) admin UI
# Optional DHCP server on the management VLAN (convenience; login still required).
switch_mgmt_dhcp_enabled: false
switch_mgmt_dhcp_pool: "" # e.g. "192.168.88.10-192.168.88.254"
switch_mgmt_dhcp_network: "" # e.g. "192.168.88.0/24"
# ----- Users -----
switch_admin_user: "sjat"
switch_admin_group: "full"
switch_admin_ssh_pubkey_file: "~/.ssh/id_ed25519.pub"
switch_disable_default_admin: true
# ----- VLAN / bridge / ports (PLACEHOLDER example) -----
# Real topology is defined in host_vars/<switch>.yml.
switch_bridge_name: "bridge"
switch_vlans:
- {id: 99, name: "mgmt"}
- {id: 10, name: "members"}
switch_bridge_ports:
# ether1..ether8 = 2.5GbE access ports; sfp-sfpplus1/2 = 10G uplinks
- {interface: "ether1", pvid: 10, mode: access}
- {interface: "sfp-sfpplus1", pvid: 1, mode: trunk, tagged_vlans: [99, 10]}
# ----- Firmware -----
switch_firmware_target: "" # set in host_vars when opting into upgrades