Fabric Site
Location in GUI: Provision » SD-Access » Fabric Sites
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”fabric (catalyst_center)
Section titled “fabric (catalyst_center)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| fabric_sites | List | [fabric_sites] | No |
fabric_sites (catalyst_center.fabric)
Section titled “fabric_sites (catalyst_center.fabric)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| authentication_template | Class | [authentication_template] | No | |
| pub_sub_enabled | Boolean | true, false | No | false |
| l3_virtual_networks | List | String | No | |
| l2_virtual_networks | List | [l2_virtual_networks] | No | |
| anycast_gateways | List | [anycast_gateways] | No | |
| wireless_ssids | List | [wireless_ssids] | No | |
| fabric_zones | List | [fabric_zones] | No |
authentication_template (catalyst_center.fabric.fabric_sites)
Section titled “authentication_template (catalyst_center.fabric.fabric_sites)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | No Authentication | |
| dot1x_to_mab_fallback_timeout | Integer | min: 3, max: 120 | No | |
| wake_on_lan | Boolean | true, false | No | |
| number_of_hosts | Choice | Unlimited, Single | No | |
| bpdu_guard | Boolean | true, false | No | |
| authentication_order | Choice | mac, dot1x | No | |
| pre_auth_acl | Class | [pre_auth_acl] | No |
l2_virtual_networks (catalyst_center.fabric.fabric_sites)
Section titled “l2_virtual_networks (catalyst_center.fabric.fabric_sites)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| vlan_name | String | No | ||
| vlan_id | Integer | min: 2, max: 4093 | No | |
| traffic_type | Choice | DATA, VOICE | No | |
| fabric_enabled_wireless | Boolean | true, false | No | |
| associated_l3_virtual_network | String | No |
anycast_gateways (catalyst_center.fabric.fabric_sites)
Section titled “anycast_gateways (catalyst_center.fabric.fabric_sites)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip_pool_name | String | Yes | ||
| pool_type | Any | Choice[EXTENDED_NODE, FABRIC_AP] or Null | No | |
| auto_generate_vlan_name | Boolean | true, false | No | false |
| vlan_name | String | No | ||
| vlan_id | Integer | min: 2, max: 4093 | No | |
| security_group_name | String | No | ||
| ip_directed_broadcast | Boolean | true, false | No | false |
| intra_subnet_routing_enabled | Boolean | true, false | No | false |
| multiple_ip_to_mac_addresses | Boolean | true, false | No | false |
| supplicant_based_extended_node_onboarding | Boolean | true, false | No | |
| layer2_flooding | Boolean | true, false | No | false |
| traffic_type | Choice | DATA, VOICE | No | DATA |
| critical_pool | Boolean | true, false | No | false |
| wireless_pool | Boolean | true, false | No | false |
| l3_virtual_network | String | No |
wireless_ssids (catalyst_center.fabric.fabric_sites)
Section titled “wireless_ssids (catalyst_center.fabric.fabric_sites)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| vlan_name | String | Yes | ||
| security_group_name | String | No |
fabric_zones (catalyst_center.fabric.fabric_sites)
Section titled “fabric_zones (catalyst_center.fabric.fabric_sites)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| authentication_template | Class | [authentication_template] | No | |
| l3_virtual_networks | List | String | No |
pre_auth_acl (catalyst_center.fabric.fabric_sites.authentication_template)
Section titled “pre_auth_acl (catalyst_center.fabric.fabric_sites.authentication_template)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enabled | Boolean | true, false | No | |
| implicit_action | Choice | DENY, PERMIT | No | |
| description | String | No | ||
| access_contracts | List | [access_contracts] | No |
access_contracts (catalyst_center.fabric.fabric_sites.authentication_template.pre_auth_acl)
Section titled “access_contracts (catalyst_center.fabric.fabric_sites.authentication_template.pre_auth_acl)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| action | Choice | PERMIT, DENY | Yes | |
| port | Choice | domain, bootpc, bootps | Yes | |
| protocol | Choice | TCP, UDP, TCP_UDP | Yes |
Examples
Section titled “Examples”Example-1: Basic Fabric Site with No Authentication
This example demonstrates how to configure a basic SD-Access fabric site in Catalyst Center with no authentication requirements. Fabric sites enable Software-Defined Access functionality within designated network areas, providing centralized policy enforcement and micro-segmentation capabilities.
The fabric site configuration includes:
- Site hierarchy specification (Global/Canada) for geographic and organizational structure
- Authentication template assignment (No Authentication) for simplified initial deployment
- Foundation for SD-Access fabric enablement without immediate authentication requirements
- Base configuration suitable for proof-of-concept or laboratory environments
---catalyst_center: fabric: fabric_sites: - name: Global/Canada authentication_template: name: No Authentication pub_sub_enabled: trueExample-2: Campus Fabric Site with Closed Authentication
This example demonstrates how to configure a campus fabric site with closed authentication mode for high-security environments where all network access requires explicit authentication and authorization.
---catalyst_center: fabric: fabric_sites: - name: Global/Canada authentication_template: name: Closed Authentication pub_sub_enabled: trueExample-3: Multi-Site Fabric Deployment
This example shows how to configure multiple fabric sites across different geographic locations, each with appropriate authentication templates based on local security requirements and organizational policies.
---catalyst_center: fabric: fabric_sites: - name: Global/North_America/New_York_Office authentication_template: name: Closed Authentication pub_sub_enabled: true
- name: Global/Asia_Pacific/Tokyo_Branch authentication_template: name: Open Authentication pub_sub_enabled: true
- name: Global/Europe/London_Office authentication_template: name: Low Impact pub_sub_enabled: true
- name: Global/Americas/Mexico_City_Branch authentication_template: name: No Authentication pub_sub_enabled: trueExample-4: Fabric Site custom authentication template
This example demonstrates how to configure a fabric site with custom options for authentication templates
---catalyst_center: fabric: fabric_sites: - name: Global/Corporate/London_Office authentication_template: name: Closed Authentication dot1x_to_mab_fallback_timeout: 30 wake_on_lan: false number_of_hosts: Unlimited authentication_order: dot1x bpdu_guard: false pub_sub_enabled: true
- name: Global/Corporate/Tokyo_Branch authentication_template: authentication_template: name: Low Impact dot1x_to_mab_fallback_timeout: 30 wake_on_lan: false number_of_hosts: Unlimited authentication_order: mac bpdu_guard: false pre_auth_acl: enabled: true implicit_action: PERMIT access_contracts: - action: PERMIT port: domain protocol: UDP - action: PERMIT port: bootpc protocol: UDP - action: PERMIT port: bootps protocol: UDP pub_sub_enabled: true