• Nexus Dashboard
  • USER: admin
  • PASS: cisco.123
  • ND
  • Switch Login
  • USER: admin
  • PASS: cisco.123
  • staging-spine1: 10.15.6.11
  • staging-leaf1: 10.15.6.12
  • staging-leaf2: 10.15.6.13
  • staging-leaf3: 10.15.6.14
  • staging-ext-rtr: 10.15.6.15
  • prod-spine1: 10.15.6.18
  • prod-leaf1: 10.15.6.19
  • prod-leaf2: 10.15.6.20
  • prod-leaf3: 10.15.6.21
  • prod-ext-rtr: 10.15.6.22
  • GitLab
  • USER: pod06
  • PASS: c1sco.123
  • Gitlab
  • Test VM Login
  • USER: cisco
  • PASS: cisco.123
  • staging-server1: 10.15.6.16
  • staging-server2: 10.15.6.17
  • prod-server1: 10.15.6.23
  • prod-server2: 10.15.6.24
  • Code-Server
  • Code-Server
  • Serials
  • Get Serial Numbers
POAP
VXLAN as Code
  • Introduction
  • Dev Setup
  • NDFC
  • REST API
  • Python
  • Ansible
  • VXLAN as Code
  • NetDevOps
  • Bonus: Terraform
  • Bonus: Postman
  • Reference: More Ansible

Step 1 - Create



Now you are going to start populating the data model to add a staging-leaf3 device using POAP.

Create and open ~/workspace/ndfclab/nac/host_vars/fabric-stage/poap.nac.yml and add staging-leaf3 to the data model. 




touch ~/workspace/ndfclab/nac/host_vars/fabric-stage/poap.nac.yml
code-server -r ~/workspace/ndfclab/nac/host_vars/fabric-stage/poap.nac.yml




---

vxlan:
  topology:
    switches:
      - name: staging-leaf3
        serial_number: JSON_DECODE_ERROR
        role: border
        management:
          management_ipv4_address: 10.15.6.14
          default_gateway_v4: 10.15.6.1
        poap:
          bootstrap: true

Step 2 - Execute Ansible Playbook

Make sure you are in your root Ansible directory 


cd ~/workspace/ndfclab/nac

From the root Ansible project directory execute the following command: 


ansible-playbook -i hosts.stage.yml vxlan.yml --tags cr_manage_switches

This step will take around 10-12 mins to complete

This part of the data model for POAP is doing the following:

  • The POAP process starts by assigning a temporary IP address to the switch via the DHCP protocol. Additional DHCP scope options are also provided to facilitate the configuration script download.
  • The switch, acting as a DHCP client, will use this information to contact the TFTP server (NDFC) to obtain the configuration script file.
  • The logic of the configuration script will download the software image, switch configuration and any other additional requirements from the network
  • Finally the switch will be added to the NDFC fabric, rebooted with the correct image and border leaf role configuration will be applied

Step 3 - Return to NDFC and Verify Switch Discovery with POAP

In NDFC, check the POAP process and switch inventory:

  1. Click Switches in the top navigation bar
  2. Take note that staging-leaf3 has appeared in the list of switches
  3. Take note that staging-leaf3 is being discovered



    This is another good time for a cup of coffee or tea while the switch is added using POAP!

    Don't Move On Until The Playbook Completes!

    You might be tempted to move to the next section but it's important that you wait until the playbook adding the switch with POAP completes.


Step 4 - Return to Ansible Execution

Upon a successful run of the playbook your output should look as follows: 

  PLAY RECAP ***************************************************************************************************************************************************************
  fabric-stage                      : ok=196  changed=28   unreachable=0    failed=0    skipped=408  rescued=0    ignored=0   


  PLAYBOOK RECAP ***********************************************************************************************************************************************************
  Playbook run took 0 days, 0 hours, 11 minutes, 48 seconds


  TASKS RECAP **************************************************************************************************************************************************************
  Tuesday 07 May 2025  18:14:42 +0000 (0:00:00.267)       0:11:48.300 *********** 
  =============================================================================== 
  cisco.nac_dc_vxlan.create : Add NDFC Fabric Devices fabric-stage ------------------------------------------------------------------------------------------------ 646.31s
  cisco.nac_dc_vxlan.create : Build Switch Hostname Policy Payload from Data Model Update --------------------------------------------------------------------------- 2.75s
  cisco.nac_dc_vxlan.connectivity_check : Get Cisco NDFC Version ---------------------------------------------------------------------------------------------------- 1.80s
  cisco.nac_dc_vxlan.common : Get POAP Data From POAP Enabled Devices ----------------------------------------------------------------------------------------------- 1.34s
  cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host ----------------------------------------------------------------------------------------------------- 0.86s
  cisco.nac_dc_vxlan.common : Build Fabric Creation Parameters From Template ---------------------------------------------------------------------------------------- 0.83s
  cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config ------------------------------------------------------ 0.76s
  cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to NDFC 10.15.0.26 on Port 443 ----------------------------------------------------------------------- 0.74s
  cisco.nac_dc_vxlan.common : Build Interface ----------------------------------------------------------------------------------------------------------------------- 0.71s
  cisco.nac_dc_vxlan.common : Build Policy List From Template ------------------------------------------------------------------------------------------------------- 0.71s
  cisco.nac_dc_vxlan.common : Build VPC interface ------------------------------------------------------------------------------------------------------------------- 0.68s
  cisco.nac_dc_vxlan.common : Build Networks Attach List From Template ---------------------------------------------------------------------------------------------- 0.68s
  cisco.nac_dc_vxlan.common : Build Links for vPC Peering ----------------------------------------------------------------------------------------------------------- 0.67s
  cisco.nac_dc_vxlan.common : Build Loopback Interfaces List From Template ------------------------------------------------------------------------------------------ 0.67s
  cisco.nac_dc_vxlan.common : Build Interface ----------------------------------------------------------------------------------------------------------------------- 0.67s
  cisco.nac_dc_vxlan.common : Build Interface Po -------------------------------------------------------------------------------------------------------------------- 0.66s
  cisco.nac_dc_vxlan.common : Build VRFs Attach List From Template -------------------------------------------------------------------------------------------------- 0.66s
  cisco.nac_dc_vxlan.common : Build VRFs Attach List From Template for loopback ------------------------------------------------------------------------------------- 0.66s
  cisco.nac_dc_vxlan.common : Build Interface ----------------------------------------------------------------------------------------------------------------------- 0.66s
  cisco.nac_dc_vxlan.common : Build sub_interface ------------------------------------------------------------------------------------------------------------------- 0.64s

  ROLES RECAP **************************************************************************************************************************************************************
  Tuesday 07 May 2025  18:14:42 +0000 (0:00:00.270)       0:11:48.303 *********** 
  =============================================================================== 
  create ---------------------------------------------------------------- 651.86s
  common ----------------------------------------------------------------- 44.34s
  validate ---------------------------------------------------------------- 6.08s
  connectivity_check ------------------------------------------------------ 3.91s
  common_global ----------------------------------------------------------- 0.05s
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
  total ----------------------------------------------------------------- 706.24s

Step 5 - Return to NDFC and Verify Switch is Discovered from POAP

  1. Verify staging-leaf3 is discovered and the Config Status should be in NA




Step 6 - Return to VSCode & Close All Open Tabs

On the keyword press Ctrl + K + W. This should close all open tabs to clear your workspace for the next section.



Once complete, move on to the next section to use your new border leaf that you just POAP'd into the fabric to extend the fabric to an external fabric using VRF-Lite.