Under the topology section you can define the interfaces that will be configured on the switches in your fabric. You will create a new file named interfaces_access.nac.yml.
This file will contain the access interfaces to use per switch on the fabric. It defines which VLAN to use as well as other parameters such as MTU, speed, and description.
touch ~/workspace/ndfclab/nac/host_vars/fabric-stage/interfaces_access.nac.yml
code-server -r ~/workspace/ndfclab/nac/host_vars/fabric-stage/interfaces_access.nac.yml
---
vxlan:
topology:
switches:
- name: staging-leaf1
interfaces:
- name: Ethernet1/1
mode: access
description: VLAN 2301 Access Interface
enabled: true
mtu: jumbo
speed: auto
enable_bpdu_guard: false
access_vlan: 2301
spanning_tree_portfast: true
- name: staging-leaf2
interfaces:
- name: Ethernet1/1
mode: access
description: VLAN 2302 Access Interface
enabled: true
mtu: jumbo
speed: auto
enable_bpdu_guard: false
access_vlan: 2302
spanning_tree_portfast: true
In addition to the access interfaces, you will also create a new file named interfaces_vpc.nac.yml.
This file will contain the vPC interfaces to use per switch on the fabric. It defines which VLANs to allow on the trunk, as well as other parameters such as
VPC ID, port-channel mode, and port-channel member interfaces.
touch ~/workspace/ndfclab/nac/host_vars/fabric-stage/interfaces_vpc.nac.yml
code-server -r ~/workspace/ndfclab/nac/host_vars/fabric-stage/interfaces_vpc.nac.yml
---
vxlan:
topology:
switches:
- name: staging-leaf1
interfaces:
- name: port-channel10
mode: trunk
enabled: true
pc_mode: active
vpc_id: 10
members:
- eth1/5
mtu: jumbo
speed: auto
trunk_allowed_vlans:
- from: 2301
to: 2302
spanning_tree_portfast: true
- name: port-channel20
mode: trunk
enabled: true
pc_mode: active
vpc_id: 20
members:
- eth1/6
mtu: jumbo
speed: auto
spanning_tree_portfast: true
- name: staging-leaf2
interfaces:
- name: port-channel10
mode: trunk
enabled: true
pc_mode: active
vpc_id: 10
members:
- eth1/5
mtu: jumbo
speed: auto
trunk_allowed_vlans:
- from: 2301
to: 2302
spanning_tree_portfast: true
- name: port-channel20
mode: trunk
enabled: true
pc_mode: active
vpc_id: 20
members:
- eth1/6
mtu: jumbo
speed: auto
spanning_tree_portfast: true
Make sure you are in your root Ansible directory
cd ~/workspace/ndfclab/nac
From the root Ansible project directory execute the following command:
ansible-playbook -i hosts.stage.yml vxlan.yml --tags cr_manage_interfaces
Upon a successful run of the playbook your output should look as follows:
PLAY RECAP ************************************************************************************************************************************************************ fabric-stage : ok=192 changed=29 unreachable=0 failed=0 skipped=424 rescued=0 ignored=0 PLAYBOOK RECAP ******************************************************************************************************************************************************** Playbook run took 0 days, 0 hours, 1 minutes, 3 seconds TASKS RECAP *********************************************************************************************************************************************************** Wednesday 07 May 2025 16:40:27 +0000 (0:00:00.240) 0:01:03.696 ********* =============================================================================== cisco.nac_dc_vxlan.create : Manage Interface vPC --------------------------------------------------------------------------------------------------------------- 3.52s cisco.nac_dc_vxlan.create : Manage Interface Access ------------------------------------------------------------------------------------------------------------ 2.87s cisco.nac_dc_vxlan.connectivity_check : Get Cisco NDFC Version ------------------------------------------------------------------------------------------------- 1.79s cisco.nac_dc_vxlan.common : Get POAP Data From POAP Enabled Devices -------------------------------------------------------------------------------------------- 0.84s cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host -------------------------------------------------------------------------------------------------- 0.83s cisco.nac_dc_vxlan.common : Build Fabric Creation Parameters From Template ------------------------------------------------------------------------------------- 0.77s cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config --------------------------------------------------- 0.73s cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to NDFC 10.15.0.26 on Port 443 -------------------------------------------------------------------- 0.73s cisco.nac_dc_vxlan.common : Build Networks Attach List From Template ------------------------------------------------------------------------------------------- 0.70s cisco.nac_dc_vxlan.common : Build Interface -------------------------------------------------------------------------------------------------------------------- 0.68s cisco.nac_dc_vxlan.common : Build VPC interface ---------------------------------------------------------------------------------------------------------------- 0.68s cisco.nac_dc_vxlan.common : Build Interface -------------------------------------------------------------------------------------------------------------------- 0.68s cisco.nac_dc_vxlan.common : Build Policy List From Template ---------------------------------------------------------------------------------------------------- 0.67s cisco.nac_dc_vxlan.common : Build sub_interface ---------------------------------------------------------------------------------------------------------------- 0.67s cisco.nac_dc_vxlan.common : Build Interface -------------------------------------------------------------------------------------------------------------------- 0.66s cisco.nac_dc_vxlan.common : Build Interface -------------------------------------------------------------------------------------------------------------------- 0.66s cisco.nac_dc_vxlan.common : Build Loopback Interfaces List From Template --------------------------------------------------------------------------------------- 0.65s cisco.nac_dc_vxlan.common : Build Links for vPC Peering -------------------------------------------------------------------------------------------------------- 0.64s cisco.nac_dc_vxlan.common : Build Interface -------------------------------------------------------------------------------------------------------------------- 0.64s cisco.nac_dc_vxlan.common : Build VRFs Attach List From Template for loopback ---------------------------------------------------------------------------------- 0.64s ROLES RECAP *********************************************************************************************************************************************************** Wednesday 07 May 2025 16:40:27 +0000 (0:00:00.242) 0:01:03.696 ********* =============================================================================== common ----------------------------------------------------------------- 42.08s create ------------------------------------------------------------------ 9.58s validate ---------------------------------------------------------------- 5.91s connectivity_check ------------------------------------------------------ 4.03s common_global ----------------------------------------------------------- 0.06s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ total ------------------------------------------------------------------ 61.65s
Return to your NDFC browser where you should be sitting on the Switches tab.
When reviewing the Interfaces tab, it is expected to see interfaces in various status since a deployment has not taken place yet.
Again, you will deploy to your switches in the deploy role. Following the remaining steps to verify the interface configuration is pre-staged in NDFC.
enterMake sure Interfaces vPC10 and vPC20 are created between staging-leaf1 and staging-leaf2 and they are NA under Sync Status. These will change to In-Sync after the deployment role is completed later in the lab.
EnterVerify that the policy for interface Ethernet1/1 on leaf1 and leaf2 is set to int_access_host
On the keyword press Ctrl + K + W. This should close all open tabs to clear your workspace for the next section.
Continue to the next section to build out the overlay by defining the VRFs and networks on the staging fabric.