• Nexus Dashboard
  • USER: admin
  • PASS: cisco.123
  • ND
  • Switch Login
  • USER: admin
  • PASS: cisco.123
  • staging-spine1: 10.15.6.11
  • staging-leaf1: 10.15.6.12
  • staging-leaf2: 10.15.6.13
  • staging-leaf3: 10.15.6.14
  • staging-ext-rtr: 10.15.6.15
  • prod-spine1: 10.15.6.18
  • prod-leaf1: 10.15.6.19
  • prod-leaf2: 10.15.6.20
  • prod-leaf3: 10.15.6.21
  • prod-ext-rtr: 10.15.6.22
  • GitLab
  • USER: pod06
  • PASS: c1sco.123
  • Gitlab
  • Test VM Login
  • USER: cisco
  • PASS: cisco.123
  • staging-server1: 10.15.6.16
  • staging-server2: 10.15.6.17
  • prod-server1: 10.15.6.23
  • prod-server2: 10.15.6.24
  • Code-Server
  • Code-Server
  • Serials
  • Get Serial Numbers
Remove
VXLAN as Code

Before we move on to the next section, we will remove network NaC-Net02 from fabric-stage and then add it back.


Step 1 - Remove a Network from the fabric-stage

The remove role in this collection removes state from the NDFC controller managed fabrics and the devices managed by those fabrics.

When the collection discovers managed state in NDFC that is not defined in the data model it gets removed by this role. For this reason this role requires the following variables to be set to true under the group_vars directory. This avoids accidental removal of configuration from NDFC that might impact the network. 


(ndfclab) ~/workspace/ndfclab/nac $: cat group_vars/ndfc/ndfc.yml 
---
# Parameters for the tasks in the 'Remove' role
interface_delete_mode: false
inventory_delete_mode: false
link_vpc_delete_mode: false
network_delete_mode: false
policy_delete_mode: false
vpc_delete_mode: false
vrf_delete_mode: false

(ndfclab) ~/workspace/ndfclab/nac $:

We are now going to use this capability to remove a network from fabric-stage. This is done by removing the network from the networks.nac.yml file and re-running the playbook.

Comment out one of the networks in the networks.nac.yml file. And then run the playbook with the --tags rr_manage_networks tag. Initially this will not result in the removal of the network because the network_delete_mode flag is set to false. 


touch ~/workspace/ndfclab/nac/host_vars/fabric-stage/networks.nac.yml
cat << EOF > ~/workspace/ndfclab/nac/host_vars/fabric-stage/networks.nac.yml
---
vxlan:
  overlay:
    networks:
      - name: NaC-Net01
        vrf_name: NaC-VRF01
        net_id: 130001
        vlan_id: 2301
        vlan_name: NaC-Net01_vlan2301
        gw_ip_address: 192.168.1.1/24
        network_attach_group: all
      # ------------------------------------------------------------
      # This network will be removed from the fabric
      # ------------------------------------------------------------
      # - name: NaC-Net02
      #   vrf_name: NaC-VRF01
      #   net_id: 130002
      #   vlan_id: 2302
      #   vlan_name: NaC-Net02_vlan2302
      #   gw_ip_address: 192.168.2.1/24
      #   network_attach_group: all
    network_attach_groups:
      - name: all
        switches:
          - hostname: staging-leaf1
            ports:
              - port-channel10
          - hostname: staging-leaf2
            ports:
              - port-channel10
EOF

Step 2 - Execute Ansible Playbook

Make sure you are in your root Ansible directory 


cd ~/workspace/ndfclab/nac

From the root Ansible project directory execute the following command: 


ansible-playbook -i hosts.stage.yml vxlan.yml --tags rr_manage_networks

Once the playbook completes, verify that network NaC-Net02 is NOT removed from fabric-stage.

Scroll up in the terminal window to see the output of the playbook and make note of the following task that was skipped becaue the network_delete_mode flag was set to false. 


TASK [cisco.nac_dc_vxlan.remove : ansible.builtin.debug] **********************************************************************************************************************************************************************************
Friday 23 May 2025  00:34:57 +0000 (0:00:00.053)       0:00:56.557 ************ 
Friday 23 May 2025  00:34:57 +0000 (0:00:00.053)       0:00:56.556 ************ 
ok: [fabric-stage] => {
    "msg": [
        "---------------------------------------------------------------------------------------------------------------",
        "+ SKIPPING Remove Unmanaged Fabric Networks task because network_delete_mode flag is set to False  +",
        "---------------------------------------------------------------------------------------------------------------"
    ]
}

Now set the network_delete_mode flag to true and re-run the playbook. This time network NaC-Net02 should be removed from the NDFC controller. 


touch ~/workspace/ndfclab/nac/group_vars/ndfc/ndfc.yml
cat << EOF > ~/workspace/ndfclab/nac/group_vars/ndfc/ndfc.yml
---
# Parameter to ignore diff-run
force_run_all: true

# Parameters for the tasks in the 'Remove' role
interface_delete_mode: false
inventory_delete_mode: false
link_vpc_delete_mode: false
network_delete_mode: true
policy_delete_mode: false
vpc_delete_mode: false
vrf_delete_mode: false
EOF

Make sure you are in your root Ansible directory 


cd ~/workspace/ndfclab/nac

From the root Ansible project directory execute the following command: 


ansible-playbook -i hosts.stage.yml vxlan.yml --tags rr_manage_networks

Once the playbook completes, verify network NaC-Net02 IS removed from fabric-stage.

During playbook execution you should see the following task is now unblocked and executed. 

TASK [cisco.nac_dc_vxlan.remove : ansible.builtin.debug] ******************************************************************************************************************************************************
Friday 23 May 2025  02:02:47 +0000 (0:00:00.053)       0:00:57.051 ************ 
Friday 23 May 2025  02:02:47 +0000 (0:00:00.052)       0:00:57.050 ************ 
ok: [fabric-stage] => {
    "msg": "Removing Unmanaged Fabric Networks. This could take several minutes..."
}

TASK [cisco.nac_dc_vxlan.remove : Remove Unmanaged Fabric Networks] *******************************************************************************************************************************************
Friday 23 May 2025  02:02:47 +0000 (0:00:00.264)       0:00:57.316 ************ 
Friday 23 May 2025  02:02:47 +0000 (0:00:00.264)       0:00:57.315 ************

Step 3 - Return to NDFC & Verify Network NaC-Net02 has been removed

Return to your NDFC browser

  1. Click the Networks tab
  2. Confirm NaC-Net02 has been removed from the fabric. Only NaC-Net01 should be present.




Uncomment the network in the networks.nac.yml file and then run the playbook to re-add network NaC-Net02 to the fabric. 


touch ~/workspace/ndfclab/nac/host_vars/fabric-stage/networks.nac.yml
cat << EOF > ~/workspace/ndfclab/nac/host_vars/fabric-stage/networks.nac.yml
---
vxlan:
  overlay:
    networks:
      - name: NaC-Net01
        vrf_name: NaC-VRF01
        net_id: 130001
        vlan_id: 2301
        vlan_name: NaC-Net01_vlan2301
        gw_ip_address: 192.168.1.1/24
        network_attach_group: all
      - name: NaC-Net02
        vrf_name: NaC-VRF01
        net_id: 130002
        vlan_id: 2302
        vlan_name: NaC-Net02_vlan2302
        gw_ip_address: 192.168.2.1/24
        network_attach_group: all
    network_attach_groups:
      - name: all
        switches:
          - hostname: staging-leaf1
            ports:
              - port-channel10
          - hostname: staging-leaf2
            ports:
              - port-channel10
EOF

Step 4 - Execute Ansible Playbook

Make sure you are in your root Ansible directory 


cd ~/workspace/ndfclab/nac

From the root Ansible project directory execute the following command: 


ansible-playbook -i hosts.stage.yml vxlan.yml --tags cr_manage_vrfs_networks,role_deploy

Step 5 - Return to NDFC & Verify Network NaC-Net02 has been Re-Added

Return to your NDFC browser

  1. Click the Networks tab
  2. Confirm NaC-Net02 has been re-added from the fabric.




Continue to the next section to extend connectivity between your VXLAN EVPN fabric and an external environment.