To begin building Site1's fabric, you will need to create a set of YAML files that define the fabric, global settings, underlay, and other parameters. These files will be used by Ansible to create and manage the fabric in ND.
Create the fabric.nac.yml file in the host_vars/site1-fabric directory. This file will contain the fabric name and type.
Note that the actual filename does not matter, rather the keys and values within the file need to follow the VXLAN as Code Data Model structure.
touch ~/workspace/ndlab/nac/host_vars/site1-fabric/fabric.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/site1-fabric/fabric.nac.yml
Copy and paste the following content into the fabric.nac.yml file that is now open in your VSCode editor.
---
vxlan:
fabric:
name: site1-fabric
type: VXLAN_EVPN
Next, you will create the global.nac.yml file in the host_vars/site1-fabric directory. This file will contain global settings for the fabric, such as BGP ASN, route reflectors, DNS servers, NTP servers, and bootstrap settings.
touch ~/workspace/ndlab/nac/host_vars/site1-fabric/global.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/site1-fabric/global.nac.yml
---
vxlan:
global:
ibgp:
bgp_asn: "65001"
route_reflectors: 2
anycast_gateway_mac: 1234.5678.9000
dns_servers:
- ip_address: 10.0.249.16
vrf: management
ntp_servers:
- ip_address: 10.81.254.131
vrf: management
bootstrap:
enable_bootstrap: true
enable_local_dhcp_server: true
dhcp_version: DHCPv4
dhcp_v4:
scope_start_address: 10.15.30.200
scope_end_address: 10.15.30.201
switch_mgmt_default_gw: 10.15.30.1
mgmt_prefix: 24
You will then create the underlay.nac.yml file in the host_vars/site1-fabric directory. This file will contain underlay settings for the fabric, such as routing protocol to use, IP addressing, and multicast settings.
touch ~/workspace/ndlab/nac/host_vars/site1-fabric/underlay.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/site1-fabric/underlay.nac.yml
---
vxlan:
underlay:
general:
routing_protocol: ospf
underlay_routing_loopback_id: 0
underlay_routing_protocol_tag: UNDERLAY
underlay_vtep_loopback_id: 1
replication_mode: multicast
ipv4:
fabric_interface_numbering: p2p
subnet_mask: 31
underlay_routing_loopback_ip_range: 10.11.0.0/22
underlay_vtep_loopback_ip_range: 10.111.100.0/22
underlay_rp_loopback_ip_range: 10.251.251.0/24
underlay_subnet_ip_range: 10.1.0.0/16
ospf:
area_id: 0.0.0.0
multicast:
underlay_rp_loopback_id: 251
rp_mode: asm
The Ansible inventory file defines how Ansible will connect and authenticate with ND in conjunction with the group_vars and host_vars files you created earlier.
touch ~/workspace/ndlab/nac/hosts.site1.yml
cat << EOF > ~/workspace/ndlab/nac/hosts.site1.yml
---
# Inventory Information For Site1 Fabric
nd:
hosts:
site1-fabric:
ansible_host: 10.15.0.98
EOF
Now you need to create the main or top level Ansible playbook that will be used to build the fabric.
This file will be the main entry point for all of the roles and tasks that you will create and invoke
to manage your fabric using ND and Ansible. This playbook will be reused for all fabrics you create in
this lab as the hosts that it targets is the nd group which will be the group all of your fabrics are a part of.
touch ~/workspace/ndlab/nac/vxlan.yml
cat << EOF > ~/workspace/ndlab/nac/vxlan.yml
---
# This is the main entry point playbook for calling the various
# roles in this collection.
- name: Main Playbook
hosts: nd
any_errors_fatal: true
gather_facts: false
roles:
# -----------------------
# DataCenter Roles
# cisco.nac_dc_vxlan.dtc manages direct to controller ND workflows
#
- role: cisco.nac_dc_vxlan.dtc.create
tags: 'role_create'
- role: cisco.nac_dc_vxlan.dtc.deploy
tags: 'role_deploy'
- role: cisco.nac_dc_vxlan.dtc.remove
tags: 'role_remove'
EOF
Make sure you are in your root Ansible directory.
cd ~/workspace/ndlab/nac
From the root Ansible project directory execute the following command:
ansible-playbook -i hosts.site1.yml vxlan.yml
Upon a successful run of the playbook your output should look as follows:
<... SNIP ...> PLAY RECAP ********************************************************************************************************************************************************************** site1-fabric : ok=240 changed=32 unreachable=0 failed=0 skipped=1337 rescued=0 ignored=0 PLAYBOOK RECAP ****************************************************************************************************************************************************************** Playbook run took 0 days, 0 hours, 2 minutes, 22 seconds TASKS RECAP ********************************************************************************************************************************************************************* Tuesday 27 January 2026 02:19:01 +0000 (0:00:00.066) 0:02:22.842 ******* =============================================================================== cisco.nac_dc_vxlan.create : Manage Fabric in Nexus Dashboard ------------------------------------------------------------------------------------------------------------ 23.34s cisco.nac_dc_vxlan.common : Display Flag Values -------------------------------------------------------------------------------------------------------------------------- 2.14s cisco.nac_dc_vxlan.common : Get POAP Data From POAP Enabled Devices ------------------------------------------------------------------------------------------------------ 1.92s cisco.nac_dc_vxlan.connectivity_check : Get Cisco Nexus Dashboard Fabric Controller Version ------------------------------------------------------------------------------ 1.74s cisco.nac_dc_vxlan.common : Get Multisite Fabric Associations in Nexus Dashboard ----------------------------------------------------------------------------------------- 1.38s cisco.nac_dc_vxlan.remove : Get List of iBGP VXLAN Fabric Switches from Nexus Dashboard ---------------------------------------------------------------------------------- 1.21s cisco.nac_dc_vxlan.common : Build Fabric Creation Parameters From Template ----------------------------------------------------------------------------------------------- 1.02s cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host ------------------------------------------------------------------------------------------------------------ 0.95s cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config ------------------------------------------------------------- 0.87s cisco.nac_dc_vxlan.common : Build Fabric Switch Inventory List From Template --------------------------------------------------------------------------------------------- 0.78s cisco.nac_dc_vxlan.common : Build Interface ------------------------------------------------------------------------------------------------------------------------------ 0.75s cisco.nac_dc_vxlan.common : Build VRFs Attach List From Template --------------------------------------------------------------------------------------------------------- 0.75s cisco.nac_dc_vxlan.common : Build Interface Po --------------------------------------------------------------------------------------------------------------------------- 0.75s cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to Nexus Dashboard ------------------------------------------------------------------------------------------ 0.74s cisco.nac_dc_vxlan.common : Build Networks Attach List From Template ----------------------------------------------------------------------------------------------------- 0.74s cisco.nac_dc_vxlan.common : Build Interface ------------------------------------------------------------------------------------------------------------------------------ 0.74s cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config ------------------------------------------------------------- 0.73s cisco.nac_dc_vxlan.common : Build Policy List From Template -------------------------------------------------------------------------------------------------------------- 0.73s cisco.nac_dc_vxlan.common : Build Interface ------------------------------------------------------------------------------------------------------------------------------ 0.72s cisco.nac_dc_vxlan.common : Build underlay IP address allocation From Template ------------------------------------------------------------------------------------------- 0.72s ROLES RECAP ********************************************************************************************************************************************************************* Tuesday 27 January 2026 02:19:01 +0000 (0:00:00.070) 0:02:22.843 ******* =============================================================================== common ----------------------------------------------------------------- 71.89s create ----------------------------------------------------------------- 38.15s remove ----------------------------------------------------------------- 15.90s validate ---------------------------------------------------------------- 5.34s connectivity_check ------------------------------------------------------ 3.98s deploy ------------------------------------------------------------------ 1.59s common_global ----------------------------------------------------------- 0.06s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ total ----------------------------------------------------------------- 136.91s
Return to ND in your browser where you should still be sitting at the Fabrics dashboard. After the playbook has run, verify your Site1 fabric has been created by Ansible.
You should see the fabric site1-fabric in the list of fabrics.
This fabric was created by the Ansible playbook you just ran using your variables and defaults of ND and is empty at this point.
If your site1-fabric is not showing, please try clicking the Refresh button in the top-right of the Fabrics pane.
Each time you run the Ansible playbook in this vxlan-as-code section of the lab you will notice
a set of dependency roles and tasks within these roles get run before the
cisco.nac_dc_vxlan.dtc.create role is executed.
The dependency roles are the:
cisco.nac_dc_vxlan.dtc.connectivity_check role,
cisco.nac_dc_vxlan.validate role, and the
cisco.nac_dc_vxlan.common role.
The diagram below illustrates the dependencies of the cisco.nac_dc_vxlan.dtc.create role and the various tasks that run in each role.
The cisco.nac_dc_vxlan.dtc.create role is dependent on the:
cisco.nac_dc_vxlan.dtc.connectivity_check rolecisco.nac_dc_vxlan.validate rolecisco.nac_dc_vxlan.common rolecisco.nac_dc_vxlan.dtc.create role is the role that creates the fabric in ND.
As you can see from the ROLES RECAP, the dependency roles take around 75 seconds to run before the cisco.nac_dc_vxlan.dtc.create role is executed.
With devops toolchains, it comes naturally that you deal with a number of files. In an effort to keep your workspace in VSCode tidy and focused on your current tasks, you can use a shortcut to close files at the end of each section.
Navigate back to your VSCode application.
Please continue to the next section to start managing inventory in your Site1 fabric.