Under the topology section you can define the interfaces that will be configured on the switches in your fabric. You will create a new file named interfaces_access.nac.yml.
This file will contain the access interfaces to use per switch. It defines which VLAN to use as well as other parameters such as MTU, speed, and description.
touch ~/workspace/ndlab/nac/host_vars/site1-fabric/interfaces_access.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/site1-fabric/interfaces_access.nac.yml
---
vxlan:
topology:
switches:
- name: site1-l1
interfaces:
- name: Ethernet1/4
description: To Server1 E1
mode: access
enabled: true
mtu: jumbo
speed: auto
access_vlan: 2401
spanning_tree_portfast: true
- name: site1-l2
interfaces:
- name: Ethernet1/4
description: To Server3 E1
mode: access
enabled: true
mtu: jumbo
speed: auto
access_vlan: 2401
spanning_tree_portfast: true
In addition to the access interfaces, you will also create a new file named interfaces_vpc.nac.yml.
This file will contain the vPC interfaces to use per switch. It defines parameters such as vPC ID, port-channel mode, and port-channel member interfaces.
As you can see, you can easily split your interface definitions across multiple files to keep things organized.
touch ~/workspace/ndlab/nac/host_vars/site1-fabric/interfaces_vpc.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/site1-fabric/interfaces_vpc.nac.yml
---
vxlan:
topology:
switches:
- name: site1-l1
interfaces:
- name: port-channel5
description: To Server2 bond
mode: trunk
enabled: true
pc_mode: active
vpc_id: 5
members:
- eth1/5
mtu: jumbo
speed: auto
spanning_tree_portfast: true
- name: site1-l2
interfaces:
- name: port-channel5
description: To Server2 bond
mode: trunk
enabled: true
pc_mode: active
vpc_id: 5
members:
- eth1/5
mtu: jumbo
speed: auto
spanning_tree_portfast: true
This file will contain the routed interfaces to use, in this case on the pre-provisioned border leaf switch. It defines parameters such as sub-interface dot1q ID, VRF, and IP address.
touch ~/workspace/ndlab/nac/host_vars/site1-fabric/interfaces_routed.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/site1-fabric/interfaces_routed.nac.yml
---
vxlan:
topology:
switches:
- name: site1-bl1
interfaces:
- name: Ethernet1/5
mode: routed
description: To ExtRtr Eth1/1
enabled: true
- name: Ethernet1/5.2
mode: routed_sub
description: To ExtRtr Eth1/1.2
enabled: true
dot1q_id: 2
vrf: NaC-VRF01
ipv4_address: 10.31.0.1/30
Make sure you are in your root Ansible directory.
cd ~/workspace/ndlab/nac
From the root Ansible project directory execute the following command:
ansible-playbook -i hosts.site1.yml vxlan.yml --tags cr_manage_interfaces
Upon a successful run of the playbook your output should look as follows:
<... SNIP ...> PLAY RECAP ************************************************************************************************************************************************************ site1-fabric : ok=230 changed=33 unreachable=0 failed=0 skipped=747 rescued=0 ignored=0 PLAYBOOK RECAP ******************************************************************************************************************************************************** Playbook run took 0 days, 0 hours, 1 minutes, 39 seconds TASKS RECAP *********************************************************************************************************************************************************** Tuesday 27 January 2026 03:32:08 +0000 (0:00:00.575) 0:01:39.812 ******* =============================================================================== cisco.nac_dc_vxlan.create : Manage Interface All in Nexus Dashboard -------------------------------------------------------------------------------------------- 6.29s cisco.nac_dc_vxlan.common : Get POAP Data From POAP Enabled Devices -------------------------------------------------------------------------------------------- 2.19s cisco.nac_dc_vxlan.common : Display Flag Values ---------------------------------------------------------------------------------------------------------------- 2.16s cisco.nac_dc_vxlan.connectivity_check : Get Cisco Nexus Dashboard Fabric Controller Version -------------------------------------------------------------------- 1.82s cisco.nac_dc_vxlan.common : Get Multisite Fabric Associations in Nexus Dashboard ------------------------------------------------------------------------------- 1.34s cisco.nac_dc_vxlan.common : Build Fabric Creation Parameters From Template ------------------------------------------------------------------------------------- 0.96s cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host -------------------------------------------------------------------------------------------------- 0.93s cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config --------------------------------------------------- 0.89s cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config --------------------------------------------------- 0.88s cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to Nexus Dashboard -------------------------------------------------------------------------------- 0.83s cisco.nac_dc_vxlan.common : Build Fabric Switch Inventory List From Template ----------------------------------------------------------------------------------- 0.78s cisco.nac_dc_vxlan.common : Build Interface Po ----------------------------------------------------------------------------------------------------------------- 0.76s cisco.nac_dc_vxlan.common : Build Loopback Interfaces List From Template --------------------------------------------------------------------------------------- 0.75s cisco.nac_dc_vxlan.common : Build Interface -------------------------------------------------------------------------------------------------------------------- 0.75s cisco.nac_dc_vxlan.common : Build vPC interface ---------------------------------------------------------------------------------------------------------------- 0.74s cisco.nac_dc_vxlan.common : Build Networks Attach List From Template ------------------------------------------------------------------------------------------- 0.73s cisco.nac_dc_vxlan.common : Build Interface -------------------------------------------------------------------------------------------------------------------- 0.73s cisco.nac_dc_vxlan.common : Build sub_interface ---------------------------------------------------------------------------------------------------------------- 0.73s cisco.nac_dc_vxlan.common : Build Fabric Links ----------------------------------------------------------------------------------------------------------------- 0.73s cisco.nac_dc_vxlan.common : Build Policy List From Template ---------------------------------------------------------------------------------------------------- 0.72s ROLES RECAP *********************************************************************************************************************************************************** Tuesday 27 January 2026 03:32:08 +0000 (0:00:00.580) 0:01:39.816 ******* =============================================================================== common ----------------------------------------------------------------- 72.09s create ----------------------------------------------------------------- 11.11s validate ---------------------------------------------------------------- 6.64s connectivity_check ------------------------------------------------------ 4.08s common_global ----------------------------------------------------------- 0.05s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ total ------------------------------------------------------------------ 93.97s
Return to your ND browser where you should be sitting on the Switches tab.
When reviewing the Interfaces tab, it is expected to see interfaces in various status since a deployment has not taken place yet. Again, you will deploy to your switches in the deploy role. Follow the remaining steps to verify the interface configuration is pre-staged in ND.
enterMake sure interface vPC5 is created between site1-l1 and site1-l2. This will change to In-Sync after the deployment role is completed later in the lab.
EnterVerify that the policy for interface Ethernet1/4 on site1-l1 and site1-l2 is set to access
EnterVerify that the policy for interface Ethernet1/5 on site1-bl1 is routed
Navigate back to your VSCode application.
Continue to the next section to build out the overlay by defining VRFs and networks.