The following configuration creates 2 networks: NetworkDMZ and Network1:
NetworkDMZ is created as a L2 Only network (no unicast routing). It is assigned a VXLAN L2VNID of 33100, and a VLAN ID of 3100. It is associated with a network_attach_group called ‘dmz’, which will deploy this network on the dc1-leaf1 and dc1-leaf2 switches, and allows the network on the Ethernet1/23 and Ethernet1/24 ports of both switches.
Network1 is created as a routed network (unicast routing enabled). It is associated with the VrfRed VRF. It is assigned a VXLAN L2VNID of 30100, and a VLAN ID of 100. The network is assigned a GW IP address of 192.168.10.1/24 with a route tag of 12345. It is associated with a ‘network_attach_group’ called ‘esxi’, which will deploy this network on the dc1-leaf1 and dc1-leaf2 switches, and allows the network on the Port-channel10, Port-channel20, Port-channel30 and Port-channel40 of both switches.
The network_attach_group object helps create a mapping of switches and switchports to be associated with one or more networks.
overlay_networks.nac.yaml
vxlan:
overlay:
networks:
# simple example
- name: NetworkDMZ
is_l2_only: true
net_id: 33100
vlan_id: 3100
network_attach_group: dmz
# full example
- name: Network1
is_l2_only: false
vrf_name: VrfRed
net_id: 30100
vlan_id: 100
vlan_name: Network1
gw_ip_address: 192.168.10.1/24
arp_suppress: false
dhcp_loopback_id: 100
dhcp_servers:
- ip_address: 10.125.10.100
vrf: VrfRed
- ip_address: 10.125.10.101
vrf: VrfRed
gw_ipv6_address: 203e:10:15:10::1/128
int_desc: Network1
l3gw_on_border: true
mtu_l3intf: 9216
multicast_group_address: 239.1.1.1
netflow_enable: false
route_target_both: true
route_tag: 12345
secondary_ip_addresses:
- ip_address: 192.168.11.1/24
route_tag: 54321
trm_enable: true
vlan_netflow_monitor: test
network_attach_group: esxi
network_attach_groups:
- name: esxi
switches:
- hostname: dc1-leaf1
ports:
- Port-channel10
- Port-channel20
- Port-channel30
- Port-channel40
- hostname: dc1-leaf2
ports:
- Port-channel10
- Port-channel20
- Port-channel30
- Port-channel40
- name: dmz
switches:
- hostname: dc1-leaf1
ports:
- Ethernet1/23
- Ethernet1/24
- hostname: dc1-leaf2
ports:
- Ethernet1/23
- Ethernet1/24
The Network configuration section of the Data Model defines how to create/modify networks, and their associated parameters.
From the network section, you can perform some of, but not limited to, the following operations:
Creating a new network
Modifying settings of an existing network such as name, associated VRF, VXLAN L2VNID, VLAN ID
Associating a network with specific switches and switchports in the fabric
The following configuration creates 2 networks: NetworkDMZ and Network1:
NetworkDMZ is created as a L2 Only network (no unicast routing). It is assigned a VXLAN L2VNID of 33100, and a VLAN ID of 3100. It is associated with a network_attach_group called ‘dmz’, which will deploy this network on the dc1-leaf1 and dc1-leaf2 switches, and allows the network on the Ethernet1/23 and Ethernet1/24 ports of both switches.
Network1 is created as a routed network (unicast routing enabled). It is associated with the VrfRed VRF. It is assigned a VXLAN L2VNID of 30100, and a VLAN ID of 100. The network is assigned a GW IP address of 192.168.10.1/24 with a route tag of 12345. It is associated with a ‘network_attach_group’ called ‘esxi’, which will deploy this network on the dc1-leaf1 and dc1-leaf2 switches, and allows the network on the Port-channel10, Port-channel20, Port-channel30 and Port-channel40 of both switches.
The network_attach_group object helps create a mapping of switches and switchports to be associated with one or more networks.
overlay_networks.nac.yaml
vxlan:
overlay:
networks:
# simple example
- name: NetworkDMZ
is_l2_only: true
net_id: 33100
vlan_id: 3100
network_attach_group: dmz
# full example
- name: Network1
is_l2_only: false
vrf_name: VrfRed
net_id: 30100
vlan_id: 100
vlan_name: Network1
gw_ip_address: 192.168.10.1/24
arp_suppress: false
dhcp_loopback_id: 100
dhcp_servers:
- ip_address: 10.125.10.100
vrf: VrfRed
- ip_address: 10.125.10.101
vrf: VrfRed
gw_ipv6_address: 203e:10:15:10::1/128
int_desc: Network1
l3gw_on_border: true
mtu_l3intf: 9216
multicast_group_address: 239.1.1.1
netflow_enable: false
route_target_both: true
route_tag: 12345
secondary_ip_addresses:
- ip_address: 192.168.11.1/24
route_tag: 54321
trm_enable: true
vlan_netflow_monitor: test
network_attach_group: esxi
network_attach_groups:
- name: esxi
switches:
- hostname: dc1-leaf1
ports:
- Port-channel10
- Port-channel20
- Port-channel30
- Port-channel40
- hostname: dc1-leaf2
ports:
- Port-channel10
- Port-channel20
- Port-channel30
- Port-channel40
- name: dmz
switches:
- hostname: dc1-leaf1
ports:
- Ethernet1/23
- Ethernet1/24
- hostname: dc1-leaf2
ports:
- Ethernet1/23
- Ethernet1/24
The Network configuration section of the Data Model defines how to create/modify networks, and their associated parameters.
From the network section, you can perform some of, but not limited to, the following operations:
Creating a new network
Modifying settings of an existing network such as name, associated VRF, VXLAN L2VNID, VLAN ID
Associating a network with specific switches and switchports in the fabric
The following configuration creates 2 networks: NetworkDMZ and Network1:
NetworkDMZ is created as a L2 Only network (no unicast routing). It is assigned a VXLAN L2VNID of 33100, and a VLAN ID of 3100. It is associated with a network_attach_group called ‘dmz’, which will deploy this network on the dc1-leaf1 and dc1-leaf2 switches, and allows the network on the Ethernet1/23 and Ethernet1/24 ports of both switches.
Network1 is created as a routed network (unicast routing enabled). It is associated with the VrfRed VRF. It is assigned a VXLAN L2VNID of 30100, and a VLAN ID of 100. The network is assigned a GW IP address of 192.168.10.1/24 with a route tag of 12345. It is associated with a ‘network_attach_group’ called ‘esxi’, which will deploy this network on the dc1-leaf1 and dc1-leaf2 switches, and allows the network on the Port-channel10, Port-channel20, Port-channel30 and Port-channel40 of both switches.
The network_attach_group object helps create a mapping of switches and switchports to be associated with one or more networks.
