Step 1 - Understanding Overlay Management in ND & NaC

When you moved your child fabrics to the MSD fabric group in ND, you moved the overlay management responsibilities to the Multi-Site (MSD) level. In ND, specific overlay configurations for VRFs are no longer allowed to be configured at the individual fabric level once in a Multi-Site fabric group. The initial adding of VRFs is now done at the Multi-Site level in ND. However, specific VRF and Network configuration is split between the Multi-Site fabric and then, subsequently by revisiting the VRF and Network in the individual child fabric(s).

In NaC, the data model for Multi-Site overlay configuration assumes full view and management of the overlay VRF by managing it at the Multi-Site level and transparently down to the child fabrics as needed, depending on the configuration parameters. This means, that you do not have to retain and correlate VRF configuration at both the Multi-Site and individual fabric levels.

With the management now at the Multi-Site level, you need to ensure that any existing overlay configurations for VRFs and Networks in the individual fabrics are removed or commented out when it comes to subsequent Ansible playbook runs.

Step 2 - Comment Out Overlay VRFs in Site1 Fabric

Comment out any existing content in the vrfs.nac.yml file for your Site1 fabric.

sed -i 's/^/# /' ~/workspace/ndlab/nac/host_vars/site1-fabric/vrfs.nac.yml

Step 3 - Comment Out Overlay Networks in Site1 Fabric

Comment out any existing content in the networks.nac.yml file for your Site1 fabric.

sed -i 's/^/# /' ~/workspace/ndlab/nac/host_vars/site1-fabric/networks.nac.yml

Step 4 - Create Multi-Site Overlay VRF File

Create a multisite overlay VRF file named vrfs.nac.yml. This file will contain the VRF configuration for your Multi-Site fabric. What is important in this situation is to ensure you move over any VRFs from your existing child fabrics that continue to need to be part of the Multi-Site overlay. In this case, you have a single VRF named NaC-VRF01 that needs to be added to the file but now will be updated and associated to both Site1 and Site2 fabrics, thus extending the VRF across the Multi-Site fabric.

Make note of two data model sections in this file:

• The multisite key is used now preceding the overlay key to denote that this overlay configuration is for a Multi-Site fabric.
• The data model for VRFs now includes a child_fabrics parameter to associate the VRF to multiple child fabrics in the Multi-Site fabric group.

touch ~/workspace/ndlab/nac/host_vars/msd-fabric-group/vrfs.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/msd-fabric-group/vrfs.nac.yml

Step 5 - Create Multi-Site Overlay Network File

Create a multisite overlay Network file named networks.nac.yml. This file will contain the Network configuration for your Multi-Site fabric. What is important in this situation is to ensure you move over any Networks from your existing child fabrics that continue to need to be part of the Multi-Site overlay. In this case, you have two Networks named NaC-Net01 and NaC-Net02 that need to be added to the file.

Additionally, you will extend NaC-Net01 from Site1 to Site2 by associating both child fabrics and updating the network attachment groups to include switches from both sites.

Again, make note of two data model sections in this file:

• The multisite key is used now preceding the overlay key to denote that this overlay configuration is for a Multi-Site fabric.
• The data model for Networks now includes a child_fabrics parameter to associate the Network to multiple child fabrics in the Multi-Site fabric group.

touch ~/workspace/ndlab/nac/host_vars/msd-fabric-group/networks.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/msd-fabric-group/networks.nac.yml

Step 6 - Execute Ansible Playbook

Make sure you are in your root Ansible directory.

cd ~/workspace/ndlab/nac

From the root Ansible project directory execute the following command:

ansible-playbook -i hosts.msd.yml vxlan.yml

Upon a successful run of the playbook your output should look as follows:

  <... SNIP ...>

  PLAY RECAP **************************************************************************************************************************************************************************
  msd-fabric-group           : ok=112  changed=19   unreachable=0    failed=0    skipped=1460 rescued=0    ignored=0


  PLAYBOOK RECAP **********************************************************************************************************************************************************************
  Playbook run took 0 days, 0 hours, 3 minutes, 23 seconds


  TASKS RECAP *************************************************************************************************************************************************************************
  Tuesday 27 January 2026  18:54:51 +0000 (0:00:00.065)       0:03:23.396 *******
  ===============================================================================
  cisco.nac_dc_vxlan.deploy : Manage Fabric Deployment for MSD Fabric in Nexus Dashboard -------------------------------------------------------------------------------------- 67.95s
  cisco.nac_dc_vxlan.create : Manage MSD Fabric Networks in Nexus Dashboard --------------------------------------------------------------------------------------------------- 14.30s
  cisco.nac_dc_vxlan.create : Manage MSD Fabric VRFs in Nexus Dashboard -------------------------------------------------------------------------------------------------------- 7.73s
  cisco.nac_dc_vxlan.create : Prepare Multisite Data --------------------------------------------------------------------------------------------------------------------------- 7.12s
  cisco.nac_dc_vxlan.remove : Prepare Multisite Data --------------------------------------------------------------------------------------------------------------------------- 7.05s
  cisco.nac_dc_vxlan.create : Display Flag Values ------------------------------------------------------------------------------------------------------------------------------ 2.18s
  cisco.nac_dc_vxlan.common : Display Flag Values ------------------------------------------------------------------------------------------------------------------------------ 2.14s
  cisco.nac_dc_vxlan.connectivity_check : Get Cisco Nexus Dashboard Fabric Controller Version ---------------------------------------------------------------------------------- 1.74s
  cisco.nac_dc_vxlan.common : Backup Previous Data File If It Exists ----------------------------------------------------------------------------------------------------------- 1.54s
  cisco.nac_dc_vxlan.common : Backup Previous Data File If It Exists ----------------------------------------------------------------------------------------------------------- 1.50s
  cisco.nac_dc_vxlan.common : Prepare Multisite Add and Remove Child Fabric Data ----------------------------------------------------------------------------------------------- 1.41s
  cisco.nac_dc_vxlan.create : Backup Previous Data File If It Exists ----------------------------------------------------------------------------------------------------------- 1.28s
  cisco.nac_dc_vxlan.create : Backup Previous Data File If It Exists ----------------------------------------------------------------------------------------------------------- 1.26s
  cisco.nac_dc_vxlan.create : Manage MSD Fabric VRF Loopback Attachments in Nexus Dashboard ------------------------------------------------------------------------------------ 1.21s
  cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host ---------------------------------------------------------------------------------------------------------------- 0.93s
  cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to Nexus Dashboard ---------------------------------------------------------------------------------------------- 0.78s
  cisco.nac_dc_vxlan.create : Build VRFs Attach List From Template ------------------------------------------------------------------------------------------------------------- 0.74s
  cisco.nac_dc_vxlan.create : Build Networks Attach List From Template --------------------------------------------------------------------------------------------------------- 0.72s
  cisco.nac_dc_vxlan.common : Build Fabric Creation Parameters From Template --------------------------------------------------------------------------------------------------- 0.70s
  cisco.nac_dc_vxlan.common : Build BGW Anycast VIP IP address allocation From Template ---------------------------------------------------------------------------------------- 0.69s

  ROLES RECAP *************************************************************************************************************************************************************************
  Tuesday 27 January 2026  18:54:51 +0000 (0:00:00.070)       0:03:23.400 *******
  ===============================================================================
  deploy ----------------------------------------------------------------- 69.39s
  create ----------------------------------------------------------------- 53.52s
  common ----------------------------------------------------------------- 42.81s
  remove ----------------------------------------------------------------- 21.43s
  validate ---------------------------------------------------------------- 6.43s
  connectivity_check ------------------------------------------------------ 3.91s
  common_global ----------------------------------------------------------- 0.05s
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  total ----------------------------------------------------------------- 197.53s

Step 7 - Return to ND & Verify Multi-Site Overlays

Return to your ND browser where you should be sitting on the Switches tab

1. Click the Segmentation and security tab in the top navigation bar
2. Click the Networks tab in the sub-navigation bar
Verify you still see the Networks NaC-Net01 and NaC-Net02.




3. Click NaC-Net01 to review the Network details
4. Click Network Attachments
5. Confirm NaC-Net01 is deployed and attached as expected to your switches




6. Click VRF
7. Confirm NaC-VRF01 is associated to NaC-Net01




8. Click the close (X) button in the top right corner of the window.
9. Click the VRFs tab in the sub-navigation bar
Verify you see the VRF NaC-VRF01.




10. Click NaC-VRF01 to review the VRF details
11. Click VRF Attachments
12. Confirm NaC-VRF01 is deployed and attached to your switches




13. Click Networks
14. Confirm NaC-Net01 and NaC-Net02 are associated to NaC-VRF01 and deployed to your switches




15. Click the close (X) button in the top right corner of the window.

Step 8 - Log In to Server4

Return to your terminal window and connect to Server4 located in Site2 to verify connectivity over the Multi-Site overlay to Server1 located in Site1.

If prompted to accept the RSA key fingerprint like below, type or copy yes then input the password above.

When prompted, the password is cisco.123 .

ssh -l cisco 10.15.30.104

cisco@10.15.30.104's password:

Step 9 - Server4: Ping Server1 over Multi-Site

Initiate a ping from Server4 to Server1's IP address of 192.168.1.101.

ping -c 5 192.168.1.101

Output:

PING 192.168.1.101 (192.168.1.101): 56 data bytes
64 bytes from 192.168.1.101: seq=0 ttl=253 time=11.631 ms
64 bytes from 192.168.1.101: seq=1 ttl=253 time=10.717 ms
64 bytes from 192.168.1.101: seq=2 ttl=253 time=11.234 ms
64 bytes from 192.168.1.101: seq=3 ttl=253 time=10.291 ms
64 bytes from 192.168.1.101: seq=4 ttl=253 time=11.116 ms

--- 192.168.1.101 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 10.291/10.997/11.631 ms

Step 10 - Server4: Logout

Disconnect from Server4 by typing exit.

exit

Connection to 10.15.30.104 closed.

Step 11 - Return to VSCode & Close All Open Tabs

Navigate back to your VSCode application.

1. Right-Click on any open tab
2. Select "Close All" from the drop-down menu

Continue to the next section to bring together everything you have done locally with ND and NaC into a NetDevOps pipeline.