Under the topology section you can define the interfaces that will be configured on the switches in your fabric. You will create a new file named interfaces_access.nac.yml.
This file will contain the access interfaces to use per switch on the fabric. It defines which VLAN to use as well as other parameters such as MTU, speed, and description.
touch ~/workspace/ndlab/nac/host_vars/fabric-stage/interfaces_access.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/fabric-stage/interfaces_access.nac.yml
---
vxlan:
topology:
switches:
- name: staging-leaf1
interfaces:
- name: Ethernet1/1
mode: access
description: VLAN 2301 Access Interface
enabled: true
mtu: jumbo
speed: auto
enable_bpdu_guard: false
access_vlan: 2301
spanning_tree_portfast: true
- name: staging-leaf2
interfaces:
- name: Ethernet1/1
mode: access
description: VLAN 2302 Access Interface
enabled: true
mtu: jumbo
speed: auto
enable_bpdu_guard: false
access_vlan: 2302
spanning_tree_portfast: true
In addition to the access interfaces, you will also create a new file named interfaces_vpc.nac.yml.
This file will contain the vPC interfaces to use per switch on the fabric. It defines which VLANs to allow on the trunk, as well as other parameters such as
VPC ID, port-channel mode, and port-channel member interfaces.
touch ~/workspace/ndlab/nac/host_vars/fabric-stage/interfaces_vpc.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/fabric-stage/interfaces_vpc.nac.yml
---
vxlan:
topology:
switches:
- name: staging-leaf1
interfaces:
- name: port-channel10
mode: trunk
enabled: true
pc_mode: active
vpc_id: 10
members:
- eth1/5
mtu: jumbo
speed: auto
trunk_allowed_vlans:
- from: 2301
to: 2302
spanning_tree_portfast: true
- name: port-channel20
mode: trunk
enabled: true
pc_mode: active
vpc_id: 20
members:
- eth1/6
mtu: jumbo
speed: auto
spanning_tree_portfast: true
- name: staging-leaf2
interfaces:
- name: port-channel10
mode: trunk
enabled: true
pc_mode: active
vpc_id: 10
members:
- eth1/5
mtu: jumbo
speed: auto
trunk_allowed_vlans:
- from: 2301
to: 2302
spanning_tree_portfast: true
- name: port-channel20
mode: trunk
enabled: true
pc_mode: active
vpc_id: 20
members:
- eth1/6
mtu: jumbo
speed: auto
spanning_tree_portfast: true
Make sure you are in your root Ansible directory
cd ~/workspace/ndlab/nac
From the root Ansible project directory execute the following command:
ansible-playbook -i hosts.stage.yml vxlan.yml --tags cr_manage_interfaces
Upon a successful run of the playbook your output should look as follows:
<... SNIP ...> PLAY RECAP ******************************************************************************************************************************************************************* fabric-stage : ok=234 changed=33 unreachable=0 failed=0 skipped=798 rescued=0 ignored=0 PLAYBOOK RECAP *************************************************************************************************************************************************************** Playbook run took 0 days, 0 hours, 1 minutes, 26 seconds TASKS RECAP ****************************************************************************************************************************************************************** Wednesday 01 October 2025 16:13:53 +0000 (0:00:00.399) 0:01:26.629 ***** =============================================================================== cisco.nac_dc_vxlan.create : Manage Interface vPC in Nexus Dashboard --------------------------------------------------------------------------------------------------- 5.39s cisco.nac_dc_vxlan.create : Manage Interface Access in Nexus Dashboard ------------------------------------------------------------------------------------------------ 3.21s cisco.nac_dc_vxlan.common : Get POAP Data From POAP Enabled Devices --------------------------------------------------------------------------------------------------- 1.95s cisco.nac_dc_vxlan.connectivity_check : Get Cisco Nexus Dashboard Fabric Controller Version --------------------------------------------------------------------------- 1.51s cisco.nac_dc_vxlan.common : Build Fabric Creation Parameters From Template -------------------------------------------------------------------------------------------- 0.82s cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to Nexus Dashboard --------------------------------------------------------------------------------------- 0.76s cisco.nac_dc_vxlan.common : Build Fabric Switch Inventory List From Template ------------------------------------------------------------------------------------------ 0.72s cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config ---------------------------------------------------------- 0.71s cisco.nac_dc_vxlan.common : Build vPC interface ----------------------------------------------------------------------------------------------------------------------- 0.70s cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host --------------------------------------------------------------------------------------------------------- 0.70s cisco.nac_dc_vxlan.common : Build Policy List From Template ----------------------------------------------------------------------------------------------------------- 0.68s cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config ---------------------------------------------------------- 0.68s cisco.nac_dc_vxlan.common : Build Interface --------------------------------------------------------------------------------------------------------------------------- 0.67s cisco.nac_dc_vxlan.common : Build Interface --------------------------------------------------------------------------------------------------------------------------- 0.67s cisco.nac_dc_vxlan.common : Build Loopback Interfaces List From Template ---------------------------------------------------------------------------------------------- 0.67s cisco.nac_dc_vxlan.common : Build sub_interface ----------------------------------------------------------------------------------------------------------------------- 0.65s cisco.nac_dc_vxlan.common : Build Interface --------------------------------------------------------------------------------------------------------------------------- 0.65s cisco.nac_dc_vxlan.common : Build Fabric Links ------------------------------------------------------------------------------------------------------------------------ 0.64s cisco.nac_dc_vxlan.common : Build Interface Po ------------------------------------------------------------------------------------------------------------------------ 0.64s cisco.nac_dc_vxlan.common : Build Networks Attach List From Template -------------------------------------------------------------------------------------------------- 0.63s ROLES RECAP ****************************************************************************************************************************************************************** Wednesday 01 October 2025 16:13:53 +0000 (0:00:00.401) 0:01:26.630 ***** =============================================================================== common ----------------------------------------------------------------- 60.99s create ----------------------------------------------------------------- 12.87s validate ---------------------------------------------------------------- 5.70s connectivity_check ------------------------------------------------------ 3.82s common_global ----------------------------------------------------------- 0.05s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ total ------------------------------------------------------------------ 83.43s
Return to your ND browser where you should be sitting on the Switches tab.
When reviewing the Interfaces tab, it is expected to see interfaces in various status since a deployment has not taken place yet.
Again, you will deploy to your switches in the deploy role. Following the remaining steps to verify the interface configuration is pre-staged in ND.
enterMake sure Interfaces vPC10 and vPC20 are created between staging-leaf1 and staging-leaf2 and they are NA under Sync Status. These will change to In-Sync after the deployment role is completed later in the lab.
EnterVerify that the policy for interface Ethernet1/1 on leaf1 and leaf2 is set to int_access_host
On the keyword press Ctrl + K + W. This should close all open tabs to clear your workspace for the next section.
Continue to the next section to build out the overlay by defining the VRFs and networks on the staging fabric.