• Nexus Dashboard
  • USER: admin
  • PASS: cisco.123
  • ND
  • Switch Login
  • USER: admin
  • PASS: cisco.123
  • staging-spine1: 10.15.7.11
  • staging-leaf1: 10.15.7.12
  • staging-leaf2: 10.15.7.13
  • staging-leaf3: 10.15.7.14
  • staging-ext-rtr: 10.15.7.15
  • prod-spine1: 10.15.7.18
  • prod-leaf1: 10.15.7.19
  • prod-leaf2: 10.15.7.20
  • prod-leaf3: 10.15.7.21
  • prod-ext-rtr: 10.15.7.22
  • GitLab
  • USER: pod07
  • PASS: c1sco.123
  • Gitlab
  • Test VM Login
  • USER: cisco
  • PASS: cisco.123
  • staging-server1: 10.15.7.16
  • staging-server2: 10.15.7.17
  • prod-server1: 10.15.7.23
  • prod-server2: 10.15.7.24
  • Code-Server
  • Code-Server
  • Serials
  • Get Serial Numbers
Overlay
VXLAN as Code

Step 1 - Create

Now that the underlay has been configured, you can now move on to the overlay configuration. In this section, you will create the necessary files to configure the VRFs and Networks for your staging fabric. You will start by creating the vrfs.nac.yml file. This file will contain the VRF configuration for your staging fabric, which defines the VRF names, VRF IDs, VLAN IDs, and VRF attach groups. 


touch ~/workspace/ndlab/nac/host_vars/fabric-stage/vrfs.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/fabric-stage/vrfs.nac.yml




      
---

vxlan:
  overlay:
    vrfs:
      - name: NaC-VRF01
        vrf_id: 150001
        vlan_id: 2001
        vrf_attach_group: all
    vrf_attach_groups:
      - name: all
        switches:
          - hostname: staging-leaf1
          - hostname: staging-leaf2

Step 2 - Create

Next, you will create the networks.nac.yml file. This file will contain the Network configuration for your staging fabric, which defines the network names, VRF names (newly created above), network IDs, VLAN IDs, VLAN names, gateway IP addresses, and network attach groups. 


touch ~/workspace/ndlab/nac/host_vars/fabric-stage/networks.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/fabric-stage/networks.nac.yml



      
---

vxlan:
  overlay:
    networks:
      - name: NaC-Net01
        vrf_name: NaC-VRF01
        net_id: 130001
        vlan_id: 2301
        vlan_name: NaC-Net01_vlan2301
        gw_ip_address: 192.168.1.1/24
        network_attach_group: all
      - name: NaC-Net02
        vrf_name: NaC-VRF01
        net_id: 130002
        vlan_id: 2302
        vlan_name: NaC-Net02_vlan2302
        gw_ip_address: 192.168.2.1/24
        network_attach_group: all
    network_attach_groups:
      - name: all
        switches:
          - hostname: staging-leaf1
            ports:
              - port-channel10
          - hostname: staging-leaf2
            ports:
              - port-channel10





Step 3 - Execute Ansible Playbook

Make sure you are in your root Ansible directory 


cd ~/workspace/ndlab/nac

From the root Ansible project directory execute the following command: 


ansible-playbook -i hosts.stage.yml vxlan.yml --tags cr_manage_vrfs_networks

Upon a successful run of the playbook your output should look as follows: 

  <... SNIP ...>

  PLAY RECAP *******************************************************************************************************************************************************************
  fabric-stage               : ok=241  changed=33   unreachable=0    failed=0    skipped=776  rescued=0    ignored=0


  PLAYBOOK RECAP ***************************************************************************************************************************************************************
  Playbook run took 0 days, 0 hours, 1 minutes, 22 seconds


  TASKS RECAP ******************************************************************************************************************************************************************
  Wednesday 01 October 2025  16:21:12 +0000 (0:00:00.349)       0:01:22.924 *****
  ===============================================================================
  cisco.nac_dc_vxlan.create : Manage Fabric Networks in Nexus Dashboard ------------------------------------------------------------------------------------------------- 2.76s
  cisco.nac_dc_vxlan.common : Get POAP Data From POAP Enabled Devices --------------------------------------------------------------------------------------------------- 1.84s
  cisco.nac_dc_vxlan.create : Manage Fabric VRFs in Nexus Dashboard ----------------------------------------------------------------------------------------------------- 1.70s
  cisco.nac_dc_vxlan.connectivity_check : Get Cisco Nexus Dashboard Fabric Controller Version --------------------------------------------------------------------------- 1.58s
  cisco.nac_dc_vxlan.create : Attach Loopbacks to VRFs in Nexus Dashboard ----------------------------------------------------------------------------------------------- 1.23s
  cisco.nac_dc_vxlan.create : Get Multisite Fabric Associations in Nexus Dashboard -------------------------------------------------------------------------------------- 1.05s
  cisco.nac_dc_vxlan.common : Build Fabric Creation Parameters From Template -------------------------------------------------------------------------------------------- 0.87s
  cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to Nexus Dashboard --------------------------------------------------------------------------------------- 0.75s
  cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host --------------------------------------------------------------------------------------------------------- 0.71s
  cisco.nac_dc_vxlan.common : Build Fabric Switch Inventory List From Template ------------------------------------------------------------------------------------------ 0.69s
  cisco.nac_dc_vxlan.common : Build Edge Connections -------------------------------------------------------------------------------------------------------------------- 0.68s
  cisco.nac_dc_vxlan.common : Build Policy List From Template ----------------------------------------------------------------------------------------------------------- 0.67s
  cisco.nac_dc_vxlan.common : Build sub_interface ----------------------------------------------------------------------------------------------------------------------- 0.67s
  cisco.nac_dc_vxlan.common : Build Interface --------------------------------------------------------------------------------------------------------------------------- 0.67s
  cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config ---------------------------------------------------------- 0.66s
  cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config ---------------------------------------------------------- 0.66s
  cisco.nac_dc_vxlan.common : Build vPC interface ----------------------------------------------------------------------------------------------------------------------- 0.65s
  cisco.nac_dc_vxlan.common : Build Links for vPC Peering --------------------------------------------------------------------------------------------------------------- 0.65s
  cisco.nac_dc_vxlan.common : Build Interface --------------------------------------------------------------------------------------------------------------------------- 0.65s
  cisco.nac_dc_vxlan.common : Build vPC Domain ID Resource -------------------------------------------------------------------------------------------------------------- 0.64s

  ROLES RECAP ******************************************************************************************************************************************************************
  Wednesday 01 October 2025  16:21:12 +0000 (0:00:00.354)       0:01:22.928 *****
  ===============================================================================
  common ----------------------------------------------------------------- 59.59s
  create ----------------------------------------------------------------- 10.35s
  validate ---------------------------------------------------------------- 5.86s
  connectivity_check ------------------------------------------------------ 3.88s
  common_global ----------------------------------------------------------- 0.05s
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  total ------------------------------------------------------------------ 79.73s

Step 4 - Return to ND & Verify Network and VRF Information

Return to your ND browser where you should be sitting on the Interfaces tab

  1. Click the Networks tab in the top navigation bar

    2. Verify you see the Networks NaC-Net01 and NaC-Net02 that was created by your Ansible playbook.

  2. Double-click NaC-Net01 to review the Network details



  3. Click Network Attachments
  4. Confirm NaC-Net01 is pending deployment and attachment to your switches



  5. Click VRF
  6. Confirm NaC-VRF01 is associated to NaC-Net01 and pending deployment to your switches
  7. Click the close button



  8. Click the VRFs tab in the top navigation bar

    9. Verify you see the VRF NaC-VRF01 that was created by your Ansible playbook.

    Like previous sections, when reviewing the VRFs tab, it is expected to see VRFs in the Pending status since a deployment has not taken place yet. Again, you will deploy to your switches in the deploy role. Following the remaining steps to verify the interface configuration is pre-staged in ND.

  9. Double-click NaC-VRF01 to review the VRF details



  10. Click VRF Attachments
  11. Confirm NaC-VRF01 is pending deployment and attachment to your switches



  12. Click Networks
  13. Confirm NaC-Net01 and NaC-Net02 is associated to NaC-VRF01 and pending deployment to your switches
  14. Click the close button




Step 5 - Return to VSCode & Close All Open Tabs

On the keyword press Ctrl + K + W. This should close all open tabs to clear your workspace for the next section.



Continue to the next section to populate the deploy role with the necessary tasks to deploy all of your configuration to your staging fabric.