• Code-Server
  • Code-Server
  • Nexus Dashboard
  • USER: admin
  • PASS: cisco.123
  • ND
  • Switch Login
  • USER: admin
  • PASS: cisco.123
  • site1-s1: 10.15.9.11
  • site1-l1: 10.15.9.12
  • site1-l2: 10.15.9.13
  • site1-bl1: 10.15.9.14
  • site1-bgw1: 10.15.9.15
  • site1-extrtr1: 10.15.9.16
  • site1-isn1: 10.15.9.17
  • site2-bgw-s1: 10.15.9.21
  • site2-l1: 10.15.9.22
  • site2-isn1: 10.15.9.23
  • GitLab
  • USER: pod09
  • PASS: c1sco.123
  • Gitlab
  • Test VM Login
  • USER: cisco
  • PASS: cisco.123
  • Serials
  • Get Serial Numbers
Fabric
Site2

Step 1 - Create Ansible Host Vars Directory for Site2 Fabric

Return to your Visual Studio Code Terminal window. Create the host_vars directory for your Site2 fabric. 


mkdir -p host_vars/site2-fabric

Step 2 - Create Site2 Fabric YAML File

For your site2-fabric fabric, create a file named fabric.nac.yml in the host_vars/site2-fabric directory. Since this VXLAN fabric is a small representation in this lab, all of your data model definitions for the fabric can be contained in a single file. Similar data is used for the fabric, global and underlay sections of the model for this new fabric as was used for the Site1 fabric, but with different values. Switches are included in the topology section of the model, along with interface definitions. The two types of switches in this fabric are a border gateway spine and a leaf switch. 


touch ~/workspace/ndlab/nac/host_vars/site2-fabric/fabric.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/site2-fabric/fabric.nac.yml




---

vxlan:
  fabric:
    name: site2-fabric
    type: VXLAN_EVPN
  global:
    ibgp:
      bgp_asn: "65002"
      route_reflectors: 2
      anycast_gateway_mac: 1234.5678.9000
      dns_servers:
        - ip_address: 10.0.249.16
          vrf: management
      ntp_servers:
        - ip_address: 10.81.254.131
          vrf: management
  underlay:
    general:
      routing_protocol: ospf
      underlay_routing_loopback_id: 0
      underlay_routing_protocol_tag: UNDERLAY
      underlay_vtep_loopback_id: 1
      replication_mode: multicast
    ipv4:
      fabric_interface_numbering: p2p
      subnet_mask: 31
      underlay_routing_loopback_ip_range: 10.22.0.0/22
      underlay_vtep_loopback_ip_range: 10.222.100.0/22
      underlay_rp_loopback_ip_range: 10.252.252.0/24
      underlay_subnet_ip_range: 10.2.0.0/16
    ospf:
      area_id: 0.0.0.0
    multicast:
      underlay_rp_loopback_id: 252
      rp_mode: asm
  topology:
    switches:
      - name: site2-bgw-s1
        serial_number: 9H9PGIK2W96
        role: border_gateway_spine
        management:
          management_ipv4_address: 10.15.9.21
          default_gateway_v4: 10.15.9.1
      - name: site2-l1
        serial_number: 9T1I7LT1KA7
        role: leaf
        management:
          management_ipv4_address: 10.15.9.22
          default_gateway_v4: 10.15.9.1
        interfaces:
          - name: Ethernet1/4
            description: To Server4 E1
            mode: access
            enabled: true
            mtu: jumbo
            speed: auto
            spanning_tree_portfast: true
          - name: Ethernet1/5
            description: To Server5 E1
            mode: access
            enabled: true
            mtu: jumbo
            speed: auto
            spanning_tree_portfast: true



Step 3 - Create Ansible Inventory File for ND Site2 Fabric

The Site2 inventory will leverage the same ND group and ND instance as the Site1 and External fabrics, but specify the Site2 fabric as a logical host. 


touch ~/workspace/ndlab/nac/hosts.site2.yml
cat << EOF > ~/workspace/ndlab/nac/hosts.site2.yml
---
# Inventory Information For Site2 Fabric
nd:
  hosts:
    site2-fabric:
      ansible_host: 10.15.0.35
EOF

Step 4 - Execute Ansible Playbook

Make sure you are in your root Ansible directory. 


cd ~/workspace/ndlab/nac

From the root Ansible project directory execute the following command: 


ansible-playbook -i hosts.site2.yml vxlan.yml

Upon a successful run of the playbook your output should look as follows: 

  <... SNIP ...>

  PLAY RECAP **************************************************************************************************************************************************************************
  site2-fabric               : ok=45   changed=4    unreachable=0    failed=0    skipped=20   rescued=0    ignored=0


  PLAYBOOK RECAP ******************************************************************************************
  Playbook run took 0 days, 0 hours, 6 minutes, 8 seconds


  TASKS RECAP *********************************************************************************************
  Wednesday 03 June 2026  00:31:15 +0000 (0:00:00.055)       0:06:08.166 ******** 
  =============================================================================== 
  cisco.nac_dc_vxlan.create : Execute Create Resources ------------------------------------------- 231.03s
  cisco.nac_dc_vxlan.deploy : Execute Deploy of Resources ---------------------------------------- 120.28s
  cisco.nac_dc_vxlan.common : Build Resources ------------------------------------------------------ 3.08s
  cisco.nac_dc_vxlan.connectivity_check : Get Cisco Nexus Dashboard Fabric Controller Version ------ 1.63s
  cisco.nac_dc_vxlan.deploy : Execute Deploy of Resources ------------------------------------------ 1.38s
  cisco.nac_dc_vxlan.remove : Execute Remove Resources --------------------------------------------- 1.36s
  cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host ------------------------------------ 0.78s
  cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to Nexus Dashboard ------------------ 0.76s
  cisco.nac_dc_vxlan.validate : Copy Extended Service Model Data to Host --------------------------- 0.66s
  cisco.nac_dc_vxlan.validate : Stat Factory Defaults ---------------------------------------------- 0.53s
  cisco.nac_dc_vxlan.connectivity_check : Verify Connection to Nexus Dashboard --------------------- 0.51s
  cisco.nac_dc_vxlan.connectivity_check : Get Cisco Nexus Dashboard Version ------------------------ 0.48s
  cisco.nac_dc_vxlan.validate : Stat the Golden Service Model Data --------------------------------- 0.32s
  cisco.nac_dc_vxlan.validate : Stat the Extended Service Model Data ------------------------------- 0.30s
  cisco.nac_dc_vxlan.create : Display Create Resources Summary ------------------------------------- 0.26s
  cisco.nac_dc_vxlan.remove : Display Remove Resources Summary ------------------------------------- 0.25s
  cisco.nac_dc_vxlan.remove : Log Deploy During Remove Info Message -------------------------------- 0.25s
  cisco.nac_dc_vxlan.common : Display Change Flag Values ------------------------------------------- 0.22s
  cisco.nac_dc_vxlan.common : Display Resource Build Summary --------------------------------------- 0.21s
  cisco.nac_dc_vxlan.common : Create Fact To Store Common Role Path -------------------------------- 0.21s

  ROLES RECAP *********************************************************************************************
  Wednesday 03 June 2026  00:31:15 +0000 (0:00:00.055)       0:06:08.165 ******** 
  =============================================================================== 
  create ---------------------------------------------------------------- 231.35s
  deploy ---------------------------------------------------------------- 121.80s
  validate ---------------------------------------------------------------- 5.19s
  common ------------------------------------------------------------------ 3.81s
  connectivity_check ------------------------------------------------------ 3.76s
  remove ------------------------------------------------------------------ 1.91s
  common_global ----------------------------------------------------------- 0.04s
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
  total ----------------------------------------------------------------- 367.86s

Step 5 - Return to ND & Verify Site2 Fabric

  1. Return to ND in your browser where you should still be sitting at the Fabrics dashboard. You should see the fabric site2-fabric in the list of fabrics; click it.

    Note

    If your site2-fabric is not showing, please try clicking the Refresh button in the top-right of the Fabrics pane.



  2. Click the Inventory tab in the top navigation bar
  3. Click the Switches tab in the sub-navigation bar
  4. Verify you see the switches' Configuration sync status as In-Sync. If not, please click the Refresh button near the Actions button



  5. Click the Connectivity tab in the top navigation bar
  6. Click Interfaces in the sub-navigation bar
  7. Search for Interface == Ethernet1/4 and verify site2-l1 Ethernet1/4 is an access port.



  8. Close the site2-fabric view by clicking the close (X) button in the top right corner of the window




Step 6 - Return to VSCode & Close All Open Tabs

Navigate back to your VSCode application.

  1. Right-Click on any open tab
  2. Select "Close All" from the drop-down menu


Please continue to the next section to create your Site1 ISN fabric, onboard an ISN switch, and configure the necessary policies to establish BGP peering between sites.