First Steps
This section provides an easy to understand, simple example of deploying Unified Branch(es) using Branch-as-Code .
The repository used in this example can be found at: https://github.com/netascode/nac-branch
This example assumes you have installed the following prerequisites.
- Terraform 1.8.0 or later.
- Git
- Your preferred text editor / Integrated Development Environment (IDE) (such as VisualStudio Code)
The configuration templates provided are based on: Unified Branch Solution Brief and Cisco Unified Branch Small Branch CVD
Automation utilizes following resources:
- Terraform Provider
- [Terraform Network as Code Modules] (https://github.com/netascode/terraform-meraki-nac-meraki)
1. Fork the Repository
Section titled “1. Fork the Repository”Fork this repository into your organization’s workspace.
Avoid cloning directly from the upstream if you plan to customize.
# Replace <your-github-org> with your GitHub username or orggit clone https://github.com/<your-github-org>/nac-branch.gitcd nac-branchgit remote add upstream https://github.com/netascode/nac-branch.gitgit fetch upstream2. Export Required Environment Variables
Section titled “2. Export Required Environment Variables”Export all required environment variables before running Terraform:
# Device serial numbersexport Appliance=YOUR_APPLIANCE_SERIALexport AP=YOUR_AP1_SERIALexport AP2=YOUR_AP2_SERIALexport Switch1=YOUR_SWITCH1_SERIALexport Switch2=YOUR_SWITCH2_SERIAL
# Organization identificationexport org_name="Your Meraki Org Name"export domain="YourDomainIdentifier"
# Admin credentialsexport org_admin="admin-username"export org_admin_email="admin@example.com"
# SNMPv3 credentialsexport v3_auth_pass="CHANGE_ME_AUTH"export v3_priv_pass="CHANGE_ME_PRIV"export snmp_username="snmpUser"export snmp_passphrase="CHANGE_ME_SNMP"
# Local device access credentialsexport local_status_page_username="statusUser"export local_status_page_password="CHANGE_ME_STATUS"export local_page_username="localUser"export local_page_password="CHANGE_ME_LOCAL"
# RADIUS secretsexport radius_accounting_server1_secret="CHANGE_ME_RADIUS_ACCT"export radius_server1_secret="CHANGE_ME_RADIUS_AUTH"
# Meraki API key (least privilege recommended)export MERAKI_API_KEY="REPLACE_WITH_API_KEY"💡 Tip: Use a .env file and source it (source ./set_env_vars.sh).
Ensure .env is excluded via .gitignore. You may also integrate a secrets manager.
3. 🧩 Configure Your Branch Variables
Section titled “3. 🧩 Configure Your Branch Variables”Navigate to the data/ folder and update:
pods_variables.nac.yaml– define branch/pod variables (serials, VLANs, etc.)
A sample configuration is provided for reference. To create multiple branches, simply copy the sample configuration as many times as needed and update the variables accordingly.
4. 🧠 Render Templates
Section titled “4. 🧠 Render Templates”Render configuration templates using your defined variables.
⚠️ This step does not push any configuration to Meraki — it only builds the merged YAML that stays in memory.
Note: the
workspaces/directory is not a Terraform deployment workspace for Meraki resources; it is only used locally to render the merged YAML configuration.
cd workspacesterraform initterraform apply✅ Output: merged_configuration.nac.yaml generated in workspaces/.
5. 🔍 [Optional] Validate Configuration (nac-validate)
Section titled “5. 🔍 [Optional] Validate Configuration (nac-validate)”Validate the merged YAML before deployment to catch syntax or semantic issues early. As part of the toolkit, we can use nac-validate CLI tool to perform syntactic and semantic validation of YAML files.
Install (requires Python 3.10+):
pip install nac-validateRun validation:
nac-validate --non-strict ./workspaces/merged_configuration.nac.yamlThe
--non-strictflag is used here since the sample schema omits certain keys. Remove it when validating against a complete schema.
💡 VS Code users: install the YAML Language Support by Red Hat extension for real-time validation.
👉 Learn more about Configuration Validation.
6. 🗺️ Plan Terraform Deployment
Section titled “6. 🗺️ Plan Terraform Deployment”Generate the Terraform plan to preview intended changes:
cd ..terraform initterraform plan⚠️ The included configuration uses local state.
For team usage, configure a remote backend (e.g., Terraform Cloud, GitLab CI) with state locking to prevent concurrency issues.
7. 🚀 Apply Configuration
Section titled “7. 🚀 Apply Configuration”Apply the configuration to push changes to the Meraki Dashboard:
terraform applyNavigate the Dashboard. After successful apply, you should see the Configured Branches now deployed.
8. ✅ [Optional] Post-Deployment Tests (nac-test)
Section titled “8. ✅ [Optional] Post-Deployment Tests (nac-test)”Run post-change tests to confirm that the Meraki Dashboard matches the intended configuration. For this we make use of nac-test CLI tool.
pip install nac-testRun:
nac-test -d workspaces/merged_configuration.nac.yaml -t ./tests/templates -o ./tests/resultsPassing nac-test confirms configuration integrity and reproducibility.
👉 Learn more about Configuration Testing.
9: Cleaning up
Section titled “9: Cleaning up”Run terraform destroy to remove the configuration:
terraform destroyFollowed by yes to approve.
Navigate to Dashboard and make sure that configuration of Unified Branches have been removed.