Under the topology section you can define the interfaces that will be configured on the switches in your fabric. You will create a new file named interfaces_access.nac.yml.
This file will contain the access interfaces to use per switch on the fabric. It defines which VLAN to use as well as other parameters such as MTU, speed, and description.
touch ~/workspace/ndlab/nac/host_vars/fabric-stage/interfaces_access.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/fabric-stage/interfaces_access.nac.yml
---
vxlan:
topology:
switches:
- name: staging-leaf1
interfaces:
- name: Ethernet1/1
mode: access
description: VLAN 2301 Access Interface
enabled: true
mtu: jumbo
speed: auto
enable_bpdu_guard: false
access_vlan: 2301
spanning_tree_portfast: true
- name: staging-leaf2
interfaces:
- name: Ethernet1/1
mode: access
description: VLAN 2302 Access Interface
enabled: true
mtu: jumbo
speed: auto
enable_bpdu_guard: false
access_vlan: 2302
spanning_tree_portfast: true
In addition to the access interfaces, you will also create a new file named interfaces_vpc.nac.yml.
This file will contain the vPC interfaces to use per switch on the fabric. It defines which VLANs to allow on the trunk, as well as other parameters such as
VPC ID, port-channel mode, and port-channel member interfaces.
touch ~/workspace/ndlab/nac/host_vars/fabric-stage/interfaces_vpc.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/fabric-stage/interfaces_vpc.nac.yml
---
vxlan:
topology:
switches:
- name: staging-leaf1
interfaces:
- name: port-channel10
mode: trunk
enabled: true
pc_mode: active
vpc_id: 10
members:
- eth1/5
mtu: jumbo
speed: auto
trunk_allowed_vlans:
- from: 2301
to: 2302
spanning_tree_portfast: true
- name: port-channel20
mode: trunk
enabled: true
pc_mode: active
vpc_id: 20
members:
- eth1/6
mtu: jumbo
speed: auto
spanning_tree_portfast: true
- name: staging-leaf2
interfaces:
- name: port-channel10
mode: trunk
enabled: true
pc_mode: active
vpc_id: 10
members:
- eth1/5
mtu: jumbo
speed: auto
trunk_allowed_vlans:
- from: 2301
to: 2302
spanning_tree_portfast: true
- name: port-channel20
mode: trunk
enabled: true
pc_mode: active
vpc_id: 20
members:
- eth1/6
mtu: jumbo
speed: auto
spanning_tree_portfast: true
Make sure you are in your root Ansible directory
cd ~/workspace/ndlab/nac
From the root Ansible project directory execute the following command:
ansible-playbook -i hosts.stage.yml vxlan.yml --tags cr_manage_interfaces
Upon a successful run of the playbook your output should look as follows:
<... SNIP ...> PLAY RECAP ************************************************************************************************************************************************************************** fabric-stage : ok=222 changed=32 unreachable=0 failed=0 skipped=724 rescued=0 ignored=0 PLAYBOOK RECAP ********************************************************************************************************************************************************************** Playbook run took 0 days, 0 hours, 1 minutes, 30 seconds TASKS RECAP ************************************************************************************************************************************************************************* Wednesday 29 October 2025 11:27:15 +0000 (0:00:00.394) 0:01:30.196 ***** =============================================================================== cisco.nac_dc_vxlan.create : Manage Interface All in Nexus Dashboard ---------------------------------------------------------------------------------------------------------- 6.69s cisco.nac_dc_vxlan.common : Display Flag Values ------------------------------------------------------------------------------------------------------------------------------ 2.15s cisco.nac_dc_vxlan.common : Get POAP Data From POAP Enabled Devices ---------------------------------------------------------------------------------------------------------- 1.82s cisco.nac_dc_vxlan.connectivity_check : Get Cisco Nexus Dashboard Fabric Controller Version ---------------------------------------------------------------------------------- 1.62s cisco.nac_dc_vxlan.common : Build Fabric Creation Parameters From Template --------------------------------------------------------------------------------------------------- 0.84s cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to Nexus Dashboard ---------------------------------------------------------------------------------------------- 0.79s cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host ---------------------------------------------------------------------------------------------------------------- 0.74s cisco.nac_dc_vxlan.common : Build Policy List From Template ------------------------------------------------------------------------------------------------------------------ 0.72s cisco.nac_dc_vxlan.common : Build Fabric Switch Inventory List From Template ------------------------------------------------------------------------------------------------- 0.71s cisco.nac_dc_vxlan.common : Build vPC interface ------------------------------------------------------------------------------------------------------------------------------ 0.70s cisco.nac_dc_vxlan.common : Build Interface Po ------------------------------------------------------------------------------------------------------------------------------- 0.69s cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config ----------------------------------------------------------------- 0.69s cisco.nac_dc_vxlan.common : Build Interface ---------------------------------------------------------------------------------------------------------------------------------- 0.68s cisco.nac_dc_vxlan.common : Build Interface ---------------------------------------------------------------------------------------------------------------------------------- 0.68s cisco.nac_dc_vxlan.common : Build Interface ---------------------------------------------------------------------------------------------------------------------------------- 0.67s cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config ----------------------------------------------------------------- 0.67s cisco.nac_dc_vxlan.common : Build Interface ---------------------------------------------------------------------------------------------------------------------------------- 0.67s cisco.nac_dc_vxlan.common : Build sub_interface ------------------------------------------------------------------------------------------------------------------------------ 0.66s cisco.nac_dc_vxlan.common : Build Interface ---------------------------------------------------------------------------------------------------------------------------------- 0.65s cisco.nac_dc_vxlan.common : Build Loopback Interfaces List From Template ----------------------------------------------------------------------------------------------------- 0.65s ROLES RECAP ************************************************************************************************************************************************************************* Wednesday 29 October 2025 11:27:15 +0000 (0:00:00.397) 0:01:30.198 ***** =============================================================================== common ----------------------------------------------------------------- 67.18s create ------------------------------------------------------------------ 9.79s validate ---------------------------------------------------------------- 6.10s connectivity_check ------------------------------------------------------ 3.93s common_global ----------------------------------------------------------- 0.05s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ total ------------------------------------------------------------------ 87.05s
Return to your ND browser where you should be sitting on the Switches tab.
When reviewing the Interfaces tab, it is expected to see interfaces in various status since a deployment has not taken place yet.
Again, you will deploy to your switches in the deploy role. Following the remaining steps to verify the interface configuration is pre-staged in ND.
enterMake sure Interfaces vPC10 and vPC20 are created between staging-leaf1 and staging-leaf2 and they are NA under Sync Status. These will change to In-Sync after the deployment role is completed later in the lab.
EnterVerify that the policy for interface Ethernet1/1 on leaf1 and leaf2 is set to int_access_host
Navigate back to your VSCode application.
Continue to the next section to build out the overlay by defining the VRFs and networks on the staging fabric.