• Code-Server
  • Code-Server
  • Nexus Dashboard
  • USER: admin
  • PASS: cisco.123
  • ND
  • Switch Login
  • USER: admin
  • PASS: cisco.123
  • GitLab
  • USER: pod01
  • PASS: c1sco.123
  • Gitlab
Task04
Configure Policy with NaC

Configure Policies

We are now going to run the NaC policy workflow using the policy.nac.yaml file defined in the previous section.

Step 1 - Re-examine the top level vxlan.yaml playbook

No new Ansible role is required for the bonus policy section. The same NaC playbook can deploy overlay intent and policy intent because both are part of the vxlan data model. 


---
- name: Build VXLAN EVPN fabric with NaC
  hosts: all
  any_errors_fatal: true
  gather_facts: false
  roles:
    # Prepare service model for all subsequent roles
    # Note - The validate role is run automatically as a prerequisite to the create, deploy, and remove roles.
    #
    # - role: cisco.nac_dc_vxlan.validate
    # -----------------------
    # DataCenter Roles
    #   Role: cisco.nac_dc_vxlan.dtc manages direct to controller ND workflows
    #
    - role: cisco.nac_dc_vxlan.dtc.create
      tags:
        - role_create
    - role: cisco.nac_dc_vxlan.dtc.deploy
      tags:
        - role_deploy
    - role: cisco.nac_dc_vxlan.dtc.remove
      tags:
        - role_remove

Step 2 - Make sure you are in the root directory of the project folder 


cd ~/workspace/CiscoLive/DEVWKS-3928
source .env

Step 3 - Run the NaC playbook to configure policy intent

Use the cr_manage_policy tag to run the policy create workflow, then deploy the resulting fabric state to the staging switches. 


ansible-playbook -i hosts.stage.yaml vxlan.yaml --tags cr_manage_policy,role_deploy



PLAY RECAP *************************************************************************************************************************************************************************
fabric-stage               : ok=43   changed=4    unreachable=0    failed=0    skipped=17   rescued=0    ignored=0   


PLAYBOOK RECAP *********************************************************************************************************************************************************************
Playbook run took 0 days, 0 hours, 0 minutes, 36 seconds


TASKS RECAP ************************************************************************************************************************************************************************
Wednesday 27 May 2026  20:59:40 +0000 (0:00:00.070)       0:00:36.136 ********* 
=============================================================================== 
cisco.nac_dc_vxlan.deploy : Execute Deploy of Resources -------------------------------------------------------------------------------------------------------------------- 20.00s
cisco.nac_dc_vxlan.common : Build Resources --------------------------------------------------------------------------------------------------------------------------------- 2.84s
cisco.nac_dc_vxlan.create : Execute Create Resources ------------------------------------------------------------------------------------------------------------------------ 2.55s
cisco.nac_dc_vxlan.connectivity_check : Get Cisco Nexus Dashboard Fabric Controller Version --------------------------------------------------------------------------------- 1.38s
cisco.nac_dc_vxlan.deploy : Execute Deploy of Resources --------------------------------------------------------------------------------------------------------------------- 1.05s
cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to Nexus Dashboard --------------------------------------------------------------------------------------------- 0.69s
cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host --------------------------------------------------------------------------------------------------------------- 0.59s
cisco.nac_dc_vxlan.validate : Copy Extended Service Model Data to Host ------------------------------------------------------------------------------------------------------ 0.53s
cisco.nac_dc_vxlan.validate : Move Golden Service Model Data Previous ------------------------------------------------------------------------------------------------------- 0.42s
cisco.nac_dc_vxlan.connectivity_check : Verify Connection to Nexus Dashboard ------------------------------------------------------------------------------------------------ 0.42s
cisco.nac_dc_vxlan.validate : Stat Factory Defaults ------------------------------------------------------------------------------------------------------------------------- 0.40s
cisco.nac_dc_vxlan.connectivity_check : Get Cisco Nexus Dashboard Version --------------------------------------------------------------------------------------------------- 0.37s
cisco.nac_dc_vxlan.validate : Stat the Golden Service Model Data ------------------------------------------------------------------------------------------------------------ 0.34s
cisco.nac_dc_vxlan.validate : Stat the Extended Service Model Data ---------------------------------------------------------------------------------------------------------- 0.33s
cisco.nac_dc_vxlan.validate : Move Extended Service Model Data Previous ----------------------------------------------------------------------------------------------------- 0.32s
cisco.nac_dc_vxlan.validate : Display Workflow Type - Direct to Controller (DTC) -------------------------------------------------------------------------------------------- 0.18s
cisco.nac_dc_vxlan.connectivity_check : Set Cisco Nexus Dashboard Version Var ----------------------------------------------------------------------------------------------- 0.17s
cisco.nac_dc_vxlan.validate : Validate NDFC Service Model Data -------------------------------------------------------------------------------------------------------------- 0.17s
cisco.nac_dc_vxlan.validate : Prepare Service Model ------------------------------------------------------------------------------------------------------------------------- 0.17s
cisco.nac_dc_vxlan.validate : Display Inventory Directory ------------------------------------------------------------------------------------------------------------------- 0.16s

ROLES RECAP ************************************************************************************************************************************************************************
Wednesday 27 May 2026  20:59:40 +0000 (0:00:00.072)       0:00:36.136 ********* 
=============================================================================== 
deploy ----------------------------------------------------------------- 21.20s
validate ---------------------------------------------------------------- 5.31s
common ------------------------------------------------------------------ 3.39s
connectivity_check ------------------------------------------------------ 3.19s
create ------------------------------------------------------------------ 2.73s
common_global ----------------------------------------------------------- 0.04s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
total ------------------------------------------------------------------ 35.86s

The exact task names and changed counts may differ by collection version and current fabric state. The important result is that validation succeeds and the play recap has zero failures.