• Nexus Dashboard
  • USER: admin
  • PASS: cisco.123
  • ND
  • Switch Login
  • USER: admin
  • PASS: cisco.123
  • staging-spine1: 10.15.6.11
  • staging-leaf1: 10.15.6.12
  • staging-leaf2: 10.15.6.13
  • staging-leaf3: 10.15.6.14
  • staging-ext-rtr: 10.15.6.15
  • prod-spine1: 10.15.6.18
  • prod-leaf1: 10.15.6.19
  • prod-leaf2: 10.15.6.20
  • prod-leaf3: 10.15.6.21
  • prod-ext-rtr: 10.15.6.22
  • GitLab
  • USER: pod06
  • PASS: c1sco.123
  • Gitlab
  • Test VM Login
  • USER: cisco
  • PASS: cisco.123
  • staging-server1: 10.15.6.16
  • staging-server2: 10.15.6.17
  • prod-server1: 10.15.6.23
  • prod-server2: 10.15.6.24
  • Code-Server
  • Code-Server
  • Serials
  • Get Serial Numbers
Overlay
VXLAN as Code

Step 1 - Create

Now that the underlay has been configured, you can now move on to the overlay configuration. In this section, you will create the necessary files to configure the VRFs and Networks for your staging fabric. You will start by creating the vrfs.nac.yml file. This file will contain the VRF configuration for your staging fabric, which defines the VRF names, VRF IDs, VLAN IDs, and VRF attach groups. 


touch ~/workspace/ndfclab/nac/host_vars/fabric-stage/vrfs.nac.yml
code-server -r ~/workspace/ndfclab/nac/host_vars/fabric-stage/vrfs.nac.yml




      
---

vxlan:
  overlay:
    vrfs:
      - name: NaC-VRF01
        vrf_id: 150001
        vlan_id: 2001
        vrf_attach_group: all
    vrf_attach_groups:
      - name: all
        switches:
          - hostname: staging-leaf1
          - hostname: staging-leaf2

Step 2 - Create

Next, you will create the networks.nac.yml file. This file will contain the Network configuration for your staging fabric, which defines the network names, VRF names (newly created above), network IDs, VLAN IDs, VLAN names, gateway IP addresses, and network attach groups. 


touch ~/workspace/ndfclab/nac/host_vars/fabric-stage/networks.nac.yml
code-server -r ~/workspace/ndfclab/nac/host_vars/fabric-stage/networks.nac.yml



      
---

vxlan:
  overlay:
    networks:
      - name: NaC-Net01
        vrf_name: NaC-VRF01
        net_id: 130001
        vlan_id: 2301
        vlan_name: NaC-Net01_vlan2301
        gw_ip_address: 192.168.1.1/24
        network_attach_group: all
      - name: NaC-Net02
        vrf_name: NaC-VRF01
        net_id: 130002
        vlan_id: 2302
        vlan_name: NaC-Net02_vlan2302
        gw_ip_address: 192.168.2.1/24
        network_attach_group: all
    network_attach_groups:
      - name: all
        switches:
          - hostname: staging-leaf1
            ports:
              - port-channel10
          - hostname: staging-leaf2
            ports:
              - port-channel10





Step 3 - Execute Ansible Playbook

Make sure you are in your root Ansible directory 


cd ~/workspace/ndfclab/nac

From the root Ansible project directory execute the following command: 


ansible-playbook -i hosts.stage.yml vxlan.yml --tags cr_manage_vrfs_networks

Upon a successful run of the playbook your output should look as follows: 

  PLAY RECAP ***********************************************************************************************************************************************************
  fabric-stage                      : ok=198  changed=29   unreachable=0    failed=0    skipped=414  rescued=0    ignored=0   


  PLAYBOOK RECAP *******************************************************************************************************************************************************
  Playbook run took 0 days, 0 hours, 1 minutes, 4 seconds


  TASKS RECAP **********************************************************************************************************************************************************
  Tuesday 07 May 2025  17:34:30 +0000 (0:00:00.264)       0:01:04.311 *********** 
  =============================================================================== 
  cisco.nac_dc_vxlan.create : Manage NDFC Fabric Networks ------------------------------------------------------------------------------------------------------- 2.68s
  cisco.nac_dc_vxlan.connectivity_check : Get Cisco NDFC Version ------------------------------------------------------------------------------------------------ 1.76s
  cisco.nac_dc_vxlan.create : Manage NDFC Fabric VRFs ----------------------------------------------------------------------------------------------------------- 1.51s
  cisco.nac_dc_vxlan.create : Attach VRF Loopbacks per VRF ------------------------------------------------------------------------------------------------------ 1.29s
  cisco.nac_dc_vxlan.create : Get Multisite Fabric Associations ------------------------------------------------------------------------------------------------- 1.21s
  cisco.nac_dc_vxlan.common : Build Fabric Creation Parameters From Template ------------------------------------------------------------------------------------ 0.85s
  cisco.nac_dc_vxlan.common : Get POAP Data From POAP Enabled Devices ------------------------------------------------------------------------------------------- 0.85s
  cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host ------------------------------------------------------------------------------------------------- 0.82s
  cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to NDFC 10.15.0.26 on Port 443 ------------------------------------------------------------------- 0.72s
  cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config -------------------------------------------------- 0.72s
  cisco.nac_dc_vxlan.common : Build Interface ------------------------------------------------------------------------------------------------------------------- 0.71s
  cisco.nac_dc_vxlan.common : Build Policy List From Template --------------------------------------------------------------------------------------------------- 0.71s
  cisco.nac_dc_vxlan.common : Build Networks Attach List From Template ------------------------------------------------------------------------------------------ 0.70s
  cisco.nac_dc_vxlan.common : Build Interface ------------------------------------------------------------------------------------------------------------------- 0.69s
  cisco.nac_dc_vxlan.common : Build Loopback Interfaces List From Template -------------------------------------------------------------------------------------- 0.68s
  cisco.nac_dc_vxlan.common : Build Fabric Switch Inventory List From Template ---------------------------------------------------------------------------------- 0.68s
  cisco.nac_dc_vxlan.common : Build VRFs Attach List From Template ---------------------------------------------------------------------------------------------- 0.67s
  cisco.nac_dc_vxlan.common : Build VPC interface --------------------------------------------------------------------------------------------------------------- 0.66s
  cisco.nac_dc_vxlan.common : Build Interface ------------------------------------------------------------------------------------------------------------------- 0.66s
  cisco.nac_dc_vxlan.common : Build VRFs Attach List From Template for loopback --------------------------------------------------------------------------------- 0.66s

  ROLES RECAP **********************************************************************************************************************************************************
  Tuesday 07 May 2025  17:34:30 +0000 (0:00:00.266)       0:01:04.312 *********** 
  =============================================================================== 
  common ----------------------------------------------------------------- 42.86s
  create ------------------------------------------------------------------ 9.67s
  validate ---------------------------------------------------------------- 5.85s
  connectivity_check ------------------------------------------------------ 3.87s
  common_global ----------------------------------------------------------- 0.06s
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
  total ------------------------------------------------------------------ 62.31s

Step 4 - Return to NDFC & Verify Network and VRF Information

Return to your NDFC browser where you should be sitting on the Interfaces tab

  1. Click the VRFs tab in the top navigation bar

    2. Verify you see the VRF NaC-VRF01 that was created by your Ansible playbook.

    Like previous sections, when reviewing the VRFs tab, it is expected to see VRFs in the Pending status since a deployment has not taken place yet. Again, you will deploy to your switches in the deploy role. Following the remaining steps to verify the interface configuration is pre-staged in NDFC.

  2. Double-click NaC-VRF01 to review the VRF details



  3. Click VRF Attachments
  4. Confirm NaC-VRF01 is pending deployment and attachment to your switches



  5. Click Networks
  6. Confirm NaC-Net01 and NaC-Net02 is associated to NaC-VRF01 and pending deployment to your switches
  7. Click the close button



  8. Click the Networks tab in the top navigation bar

    9. Verify you see the Networks NaC-Net01 and NaC-Net02 that was created by your Ansible playbook.

    Like previous sections, when reviewing the Networks tab, it is expected to see VRFs in the Pending status since a deployment has not taken place yet. Again, you will deploy to your switches in the deploy role. Following the remaining steps to verify the interface configuration is pre-staged in NDFC.

  9. Double-click NaC-Net01 to review the Network details



  10. Click Network Attachments
  11. Confirm NaC-Net01 is pending deployment and attachment to your switches



  12. Click VRF
  13. Confirm NaC-VRF01 is associated to NaC-Net01 and pending deployment to your switches
  14. Click the close button




Step 5 - Return to VSCode & Close All Open Tabs

On the keyword press Ctrl + K + W. This should close all open tabs to clear your workspace for the next section.



Continue to the next section to populate the deploy role with the necessary tasks to deploy all of your configuration to your staging fabric.