Fabric Site

Location in GUI: Provision » SD-Access » Fabric Sites

Diagram

Classes

fabric (catalyst_center)

Name	Type	Constraint	Mandatory	Default Value
fabric_sites	List	`[fabric_sites]`	No

fabric_sites (catalyst_center.fabric)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
authentication_template	Class	`[authentication_template]`	No
pub_sub_enabled	Boolean	`true`, `false`	No	`false`
l3_virtual_networks	List	String	No
l2_virtual_networks	List	`[l2_virtual_networks]`	No
anycast_gateways	List	`[anycast_gateways]`	No
wireless_ssids	List	`[wireless_ssids]`	No
fabric_zones	List	`[fabric_zones]`	No
multicast	Class	`[multicast]`	No

authentication_template (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes	`No Authentication`
dot1x_to_mab_fallback_timeout	Integer	min: `3`, max: `120`	No
wake_on_lan	Boolean	`true`, `false`	No
number_of_hosts	Choice	`Unlimited`, `Single`	No
bpdu_guard	Boolean	`true`, `false`	No
authentication_order	Choice	`mac`, `dot1x`	No
pre_auth_acl	Class	`[pre_auth_acl]`	No

l2_virtual_networks (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory
name	String		Yes
vlan_name	String		No
vlan_id	Integer	min: `2`, max: `4093`	No
traffic_type	Choice	`DATA`, `VOICE`	No
fabric_enabled_wireless	Boolean	`true`, `false`	No
associated_l3_virtual_network	String		No

anycast_gateways (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
ip_pool_name	String		Yes
pool_type	Any	Choice[`EXTENDED_NODE`, `FABRIC_AP`] or Null	No
auto_generate_vlan_name	Boolean	`true`, `false`	No	`false`
vlan_name	String		No
vlan_id	Integer	min: `2`, max: `4093`	No
security_group_name	String		No
ip_directed_broadcast	Boolean	`true`, `false`	No	`false`
intra_subnet_routing_enabled	Boolean	`true`, `false`	No	`false`
multiple_ip_to_mac_addresses	Boolean	`true`, `false`	No	`false`
supplicant_based_extended_node_onboarding	Boolean	`true`, `false`	No
layer2_flooding	Boolean	`true`, `false`	No	`false`
traffic_type	Choice	`DATA`, `VOICE`	No	`DATA`
critical_pool	Boolean	`true`, `false`	No	`false`
wireless_pool	Boolean	`true`, `false`	No	`false`
l3_virtual_network	String		No

wireless_ssids (catalyst_center.fabric.fabric_sites)

Name	Type	Mandatory
name	String	Yes
vlan_name	String	Yes
security_group_name	String	No

fabric_zones (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory
name	String		Yes
authentication_template	Class	`[authentication_template]`	No
l3_virtual_networks	List	String	No

multicast (catalyst_center.fabric.fabric_sites)

Name	Type	Constraint	Mandatory	Default Value
virtual_networks	List	`[virtual_networks]`	No

pre_auth_acl (catalyst_center.fabric.fabric_sites.authentication_template)

Name	Type	Constraint	Mandatory
enabled	Boolean	`true`, `false`	No
implicit_action	Choice	`DENY`, `PERMIT`	No
description	String		No
access_contracts	List	`[access_contracts]`	No

virtual_networks (catalyst_center.fabric.fabric_sites.multicast)

Name	Type	Constraint	Mandatory
name	String		Yes
ip_pool_name	String		Yes
ipv4_ssm_ranges	List	String	No
ipv6_ssm_ranges	List	String	No
multicast_rps	List	`[multicast_rps]`	No

access_contracts (catalyst_center.fabric.fabric_sites.authentication_template.pre_auth_acl)

Name	Type	Constraint	Mandatory
action	Choice	`PERMIT`, `DENY`	Yes
port	Choice	`domain`, `bootpc`, `bootps`	Yes
protocol	Choice	`TCP`, `UDP`, `TCP_UDP`	Yes

multicast_rps (catalyst_center.fabric.fabric_sites.multicast.virtual_networks)

Name	Type	Constraint	Mandatory
name	String		Yes
rp_location	Choice	`FABRIC`, `EXTERNAL`	Yes
ipv4_address	IP		No
ipv6_address	IP		No
is_default_v4_rp	Boolean	`true`, `false`	No
is_default_v6_rp	Boolean	`true`, `false`	No
fabric_rps	List	String	No
ipv4_asm_ranges	List	String	No
ipv6_asm_ranges	List	String	No

Examples

Example-1: Basic Fabric Site with No Authentication

This example demonstrates how to configure a basic SD-Access fabric site in Catalyst Center with no authentication requirements. Fabric sites enable Software-Defined Access functionality within designated network areas, providing centralized policy enforcement and micro-segmentation capabilities.

The fabric site configuration includes:

Site hierarchy specification (Global/Canada) for geographic and organizational structure
Authentication template assignment (No Authentication) for simplified initial deployment
Foundation for SD-Access fabric enablement without immediate authentication requirements
Base configuration suitable for proof-of-concept or laboratory environments

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Canada
        authentication_template:
          name: No Authentication
        pub_sub_enabled: true

Example-2: Campus Fabric Site with Closed Authentication

This example demonstrates how to configure a campus fabric site with closed authentication mode for high-security environments where all network access requires explicit authentication and authorization.

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Canada
        authentication_template:
          name: Closed Authentication
        pub_sub_enabled: true

Example-3: Multi-Site Fabric Deployment

This example shows how to configure multiple fabric sites across different geographic locations, each with appropriate authentication templates based on local security requirements and organizational policies.

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/North_America/New_York_Office
        authentication_template:
          name: Closed Authentication
        pub_sub_enabled: true


      - name: Global/Asia_Pacific/Tokyo_Branch
        authentication_template:
          name: Open Authentication
        pub_sub_enabled: true

      - name: Global/Europe/London_Office
        authentication_template:
          name: Low Impact
        pub_sub_enabled: true


      - name: Global/Americas/Mexico_City_Branch
        authentication_template:
          name: No Authentication
        pub_sub_enabled: true

Example-4: Fabric Site custom authentication template

This example demonstrates how to configure a fabric site with custom options for authentication templates

---
catalyst_center:
  fabric:
    fabric_sites:
      - name: Global/Corporate/London_Office
        authentication_template:
          name: Closed Authentication
          dot1x_to_mab_fallback_timeout: 30
          wake_on_lan: false
          number_of_hosts: Unlimited
          authentication_order: dot1x
          bpdu_guard: false
        pub_sub_enabled: true


     - name: Global/Corporate/Tokyo_Branch
        authentication_template:
        authentication_template:
          name: Low Impact
          dot1x_to_mab_fallback_timeout: 30
          wake_on_lan: false
          number_of_hosts: Unlimited
          authentication_order: mac
          bpdu_guard: false
          pre_auth_acl:
            enabled: true
            implicit_action: PERMIT
            access_contracts:
              - action: PERMIT
                port: domain
                protocol: UDP
              - action: PERMIT
                port: bootpc
                protocol: UDP
              - action: PERMIT
                port: bootps
                protocol: UDP
        pub_sub_enabled: true