cisco.dnac.sda_fabric_virtual_networks_workflow_manager module – Configure fabric VLANs, Virtual Networks, and Anycast Gateways in Cisco Catalyst Center.

Note

This module is part of the cisco.dnac collection (version 6.27.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cisco.dnac. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cisco.dnac.sda_fabric_virtual_networks_workflow_manager.

New in cisco.dnac 6.18.0

Synopsis

  • Create, update, or delete layer2 Fabric VLAN(s) for SDA operations in Cisco Catalyst Center.

  • Create, update, or delete layer3 Virtual Network(s) for SDA operations in Cisco Catalyst Center.

  • Create, update, or delete Anycast Gateway(s) for SDA operations in Cisco Catalyst Center.

Requirements

The below requirements are needed on the host that executes this module.

  • dnacentersdk >= 2.9.2

  • python >= 3.9

Parameters

Parameter

Comments

config

list / elements=dictionary / required

A list containing detailed configurations for creating, updating, or deleting fabric sites/zones in a Software-Defined Access (SDA) environment. It also includes specifications for updating the authentication profile template for these sites. Each element in the list represents a specific operation to be performed on the SDA infrastructure, such as the addition, modification, or removal of fabric sites/zones, and modifications to authentication profiles.

anycast_gateways

list / elements=dictionary

A list of anycast gateways in the SDA fabric, each with details about its associated virtual network, IP pool, VLAN configuration, and other advanced network settings.

auto_generate_vlan_name

boolean

Specifies whether the VLAN name should be auto-generated. If ‘is_critical_pool’ is set to true, then this field must also be set to true. If ‘auto_generate_vlan_name’ is set to true, then ‘vlan_name’ and ‘vlan_id’ will be autogenerated by Catalyst Center, even if ‘vlan_name’ or ‘vlan_id’ is provided in the playbook.

Choices:

  • false

  • true

fabric_enabled_wireless

boolean

Specifies whether the anycast gateway is enabled for wireless in the fabric. By default, this field is set to false. This field is not applicable to INFRA_VN.

Choices:

  • false ← (default)

  • true

fabric_site_locations

dictionary / required

A list of fabric site locations where this Layer3 virtual network will be assigned, including details about the site hierarchy and fabric type. If this parameter is provided, ensure that both site_name and fabric_type are specified for each entry. This is required to extend the virtual networks across the specified fabric sites.

fabric_type

string

Specifies the type of site to be managed within the SDA environment. The acceptable values are ‘fabric_site’ and ‘fabric_zone’. The default value is ‘fabric_site’, indicating the configuration of a broader network area, whereas ‘fabric_zone’ typically refers to a more specific segment within the site.

Default: "fabric_site"

site_name_hierarchy

string

The hierarchical name of the site where the anycast gateway is deployed.

group_policy_enforcement_enabled

boolean

Indicates whether group policy enforcement is enabled in the fabric. By default, it is set to false.

Choices:

  • false ← (default)

  • true

intra_subnet_routing_enabled

boolean

Specifies whether routing is enabled within the subnet. By default, this field is set to false. This field is not applicable to INFRA_VN. Updating this field is not allowed.

Choices:

  • false ← (default)

  • true

ip_directed_broadcast

boolean

Indicates whether IP directed broadcasts are allowed. By default, it is set to false. This field is not applicable to INFRA_VN.

Choices:

  • false ← (default)

  • true

ip_pool_name

string / required

Name of the IP pool associated with the anycast gateway. The IP pool must already exist in the Cisco Catalyst Center, if it does not exist, it can be created or reserved using the ‘network_settings_workflow_manager’ module. Updating this field is not allowed.

is_critical_pool

boolean

Specifies whether this pool is marked as critical for the network. If set to true, ‘auto_generate_vlan_name’ must also be true. By default, this field is set to false. This field is not applicable to INFRA_VN. Updating this field is not allowed.

Choices:

  • false ← (default)

  • true

layer2_flooding_enabled

boolean

Indicates whether Layer 2 flooding is enabled in the network. By default, it is set to false. It is not applicable to INFRA_VN.

Choices:

  • false ← (default)

  • true

multiple_ip_to_mac_addresses

boolean

Indicates whether multiple IPs can be associated with a single MAC address. By default, it is set to false. This field is not applicable to INFRA_VN.

Choices:

  • false ← (default)

  • true

pool_type

string

The pool type of the anycast gateway. This field is required and applicable only to INFRA_VN. One of the following values must be selected (EXTENDED_NODE, FABRIC_AP). Updating this field is not allowed.

security_group_name

string

The name of the security group associated with the anycast gateway. It is not applicable to INFRA_VN.

supplicant_based_extended_node_onboarding

boolean

Specifies whether supplicant-based onboarding for extended nodes is enabled. By default, this field is set to false. This field is applicable only to INFRA_VN requests and must not be null when ‘pool_type’ is EXTENDED_NODE.

Choices:

  • false ← (default)

  • true

tcp_mss_adjustment

integer

The value used to adjust the TCP Maximum Segment Size (MSS). The value should be in the range (500, 1441).

traffic_type

string

The type of traffic handled by the VLAN (e.g., DATA, VOICE). By defaut, it is set to “DATA”. Updating the “traffic_type” in the anycast gateway is not allowed if “is_critical_pool” is set to true.

vlan_id

integer

ID of the VLAN for the anycast gateway. The allowed VLAN range is 2-4093, except for reserved VLANs 1002-1005, 2046, and 4094. If deploying an anycast gateway on a fabric zone, this ‘vlan_id’ must match the ‘vlan_id’ of the corresponding anycast gateway on the fabric site. This field is optional if the parameter ‘auto_generate_vlan_name’ is set to true. Updating this field is not allowed.

vlan_name

string

Name of the VLAN for the anycast gateway. This field is optional if the parameter auto_generate_vlan_name is set to True. Updating this field is not allowed.

vn_name

string / required

The name of the Layer3 virtual network. It must consist only of letters, numbers, and underscores, with a length between 1 and 16 characters. This field cannot be updated after creation.

fabric_vlan

list / elements=dictionary

A list of VLAN configurations for fabric sites in SDA environment. Each VLAN entry includes information about its name, ID, traffic type, and wireless capabilities.

associated_layer3_virtual_network

string

Name of the layer3 virtual network associated with the layer2 fabric VLAN. This field is provided to support requests related to virtual network anchoring. The layer3 virtual network must have already been added to the fabric before association. This field must either be present in all payload elements or none. And updation of this field is not allowed.

fabric_enabled_wireless

boolean

Indicates whether the fabric VLAN is enabled for wireless in the fabric environment. By default, it is set to False.

Choices:

  • false

  • true

fabric_site_locations

list / elements=dictionary

A list of fabric site locations where this VLAN is deployed, including site hierarchy and fabric type details.

fabric_type

string / required

Specifies the type of site to be managed within the SDA environment. The acceptable values are ‘fabric_site’ and ‘fabric_zone’. The default value is ‘fabric_site’, indicating the configuration of a broader network area, whereas ‘fabric_zone’ typically refers to a more specific segment within the site.

site_name_hierarchy

string / required

This name uniquely identifies the site for operations such as creating/updating/deleting any fabric VLAN. This parameter is required, and updates to this field is not allowed.

traffic_type

string / required

The type of traffic handled by the VLAN (e.g., DATA, VOICE). By default, it is set to “DATA”.

vlan_id

integer / required

ID for the layer2 VLAN network. Allowed VLAN range is 2-4093 except for reserved VLANs 1002-1005, and 2046. If deploying on a fabric zone, this vlan_id must match the vlan_id of the corresponding layer2 virtual network on the fabric site. And updation of this field is not allowed.

vlan_name

string / required

Name of the VLAN of the layer2 virtual network. Must contain only alphanumeric characters, underscores, and hyphens. Updating this field is not allowed.

virtual_networks

list / elements=dictionary

A list of virtual networks (VNs) configured within the SDA fabric. Each virtual network includes details such as its name, associated fabric sites, and optionally, an anchored site.

anchored_site_name

string

Specifies the name of the fabric site where the virtual network is anchored. When this parameter is provided, ensure that the ‘fabric_site_locations’ contains the same ‘site_name’, and that only one fabric site location is specified. If all parameters are provided, the Layer3 virtual network is created and extended across multiple fabric sites. However, the operation will fail due to conflicting ‘anchored_site_name’ settings, and the module will return a failure response. For a Virtual Network anchored at a site, at least one Control Plane (CP) and External Border must be present.

fabric_site_locations

list / elements=dictionary

A list of fabric site locations where this this Layer3 virtual network is to be assigned to, including site hierarchy and fabric type details. If this parameter is given make sure to provide the site_name and fabric_type as well as the required parameter to extend the virtual networks across given fabric sites.

fabric_type

string

Specifies the type of site to be managed within the SDA environment. The acceptable values are ‘fabric_site’ and ‘fabric_zone’. The default value is ‘fabric_site’, indicating the configuration of a broader network area, whereas ‘fabric_zone’ typically refers to a more specific segment within the site.

Default: "fabric_site"

site_name_hierarchy

string

This name uniquely identifies the site for operations such as creating/updating/deleting any layer3 virtual network.

vn_name

string / required

The virtual network must be added to the site before creating an anycast gateway with it. Updating this field is not allowed. It consist of only letters, numbers, and underscores, and must be between 1-16 characters in length.

config_verify

boolean

Set to True to verify the Cisco Catalyst Center config after applying the playbook config.

Choices:

  • false ← (default)

  • true

dnac_api_task_timeout

integer

Defines the timeout in seconds for API calls to retrieve task details. If the task details are not received within this period, the process will end, and a timeout notification will be logged.

Default: 1200

dnac_debug

boolean

Indicates whether debugging is enabled in the Cisco Catalyst Center SDK.

Choices:

  • false ← (default)

  • true

dnac_host

string / required

The hostname of the Cisco Catalyst Center.

dnac_log

boolean

Flag to enable/disable playbook execution logging.

When true and dnac_log_file_path is provided, - Create the log file at the execution location with the specified name.

When true and dnac_log_file_path is not provided, - Create the log file at the execution location with the name ‘dnac.log’.

When false, - Logging is disabled.

If the log file doesn’t exist, - It is created in append or write mode based on the “dnac_log_append” flag.

If the log file exists, - It is overwritten or appended based on the “dnac_log_append” flag.

Choices:

  • false ← (default)

  • true

dnac_log_append

boolean

Determines the mode of the file. Set to True for ‘append’ mode. Set to False for ‘write’ mode.

Choices:

  • false

  • true ← (default)

dnac_log_file_path

string

Governs logging. Logs are recorded if dnac_log is True.

If path is not specified, - When ‘dnac_log_append’ is True, ‘dnac.log’ is generated in the current Ansible directory; logs are appended. - When ‘dnac_log_append’ is False, ‘dnac.log’ is generated; logs are overwritten.

If path is specified, - When ‘dnac_log_append’ is True, the file opens in append mode. - When ‘dnac_log_append’ is False, the file opens in write (w) mode. - In shared file scenarios, without append mode, content is overwritten after each module execution. - For a shared log file, set append to False for the 1st module (to overwrite); for subsequent modules, set append to True.

Default: "dnac.log"

dnac_log_level

string

Sets the threshold for log level. Messages with a level equal to or higher than this will be logged. Levels are listed in order of severity [CRITICAL, ERROR, WARNING, INFO, DEBUG].

CRITICAL indicates serious errors halting the program. Displays only CRITICAL messages.

ERROR indicates problems preventing a function. Displays ERROR and CRITICAL messages.

WARNING indicates potential future issues. Displays WARNING, ERROR, CRITICAL messages.

INFO tracks normal operation. Displays INFO, WARNING, ERROR, CRITICAL messages.

DEBUG provides detailed diagnostic info. Displays all log messages.

Default: "WARNING"

dnac_password

string

The password for authentication at the Cisco Catalyst Center.

dnac_port

string

Specifies the port number associated with the Cisco Catalyst Center.

Default: "443"

dnac_task_poll_interval

integer

Specifies the interval in seconds between successive calls to the API to retrieve task details.

Default: 2

dnac_username

aliases: user

string

The username for authentication at the Cisco Catalyst Center.

Default: "admin"

dnac_verify

boolean

Flag to enable or disable SSL certificate verification.

Choices:

  • false

  • true ← (default)

dnac_version

string

Specifies the version of the Cisco Catalyst Center that the SDK should use.

Default: "2.2.3.3"

sda_fabric_vlan_limit

integer

Set the limit for creating/updating fabric VLAN(s) via the SDA API, consistent with the GUI constraints. By default it is set to 50 as in the GUI we can only create 50 fabric VLAN(s) at a time.

Default: 50

state

string

The state of Cisco Catalyst Center after module completion.

Choices:

  • "merged" ← (default)

  • "deleted"

validate_response_schema

boolean

Flag for Cisco Catalyst Center SDK to enable the validation of request bodies against a JSON schema.

Choices:

  • false

  • true ← (default)

Notes

Note

  • To ensure the module operates correctly for scaled sets, which involve creating, updating, or deleting Layer2 fabric VLANs and Layer3 virtual networks, as well as configuring anycast gateways, valid input in the playbook is required. If any failures are encountered, the module will halt execution without proceeding to further operations.

  • To delete the Fabric VLAN on the fabric site, if any fabric zones exist within that site, the Fabric VLAN must be deleted from the fabric zones first. Only after all Fabric VLANs are deleted from the fabric zones will the parent fabric site with VLAN be available for deletion.

  • For Layer 3 virtual networks, all Anycast Gateways associated with the given virtual network must be deleted first before the deletion operation for the virtual network is enabled.

  • All newly created Layer3 Virtual Networks must either be assigned to one or more Fabric Sites, or they all must not be assigned to any Fabric Sites.

  • To create or update a fabric VLAN according to the module design, the vlan_id parameter must be provided as a required input. Although in the GUI it’s an optional parameter but to uniquely identify the VLAN, vlan is required along with the fabric site location.

  • SDK Method used are ccc_virtual_network.sda.get_site ccc_virtual_network.sda.get_fabric_sites ccc_virtual_network.sda.get_fabric_zones ccc_virtual_network.sda.get_layer2_virtual_networks ccc_virtual_network.sda.add_layer2_virtual_networks ccc_virtual_network.sda.update_layer2_virtual_networks ccc_virtual_network.sda.delete_layer2_virtual_network_by_id ccc_virtual_network.sda.get_layer3_virtual_networks ccc_virtual_network.sda.add_layer3_virtual_networks ccc_virtual_network.sda.update_layer3_virtual_networks ccc_virtual_network.sda.delete_layer3_virtual_network_by_id ccc_virtual_network.sda.get_reserve_ip_subpool ccc_virtual_network.sda.get_anycast_gateways ccc_virtual_network.sda.add_anycast_gateways ccc_virtual_network.sda.update_anycast_gateways ccc_virtual_network.sda.delete_anycast_gateway_by_id

  • Does not support check_mode

  • The plugin runs on the control node and does not use any ansible connection plugins instead embedded connection manager from Cisco Catalyst Center SDK

  • The parameters starting with dnac_ are used by the Cisco Catalyst Center Python SDK to establish the connection

Examples

- name: Create Layer2 Fabric VLAN for SDA for sda in Cisco Catalyst Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - fabric_vlan:
        - vlan_name: "vlan_test1"
          fabric_site_locations:
          - site_name_hierarchy: "Global/India"
            fabric_type: "fabric_site"
          - site_name_hierarchy: "Global/India/Chennai"
            fabric_type: "fabric_zone"
          vlan_id: 1333
          traffic_type: "DATA"
          fabric_enabled_wireless: false
        - vlan_name: "vlan_test2"
          fabric_site_locations:
          - site_name_hierarchy: "Global/USA"
            fabric_type: "fabric_site"
          vlan_id: 1334
          traffic_type: "VOICE"
          fabric_enabled_wireless: false

- name: Update Layer 2 Fabric VLAN for SDA in Cisco Catalyst Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - fabric_vlan:
        - vlan_name: "vlan_test1"
          fabric_site_locations:
          - site_name_hierarchy: "Global/India"
            fabric_type: "fabric_site"
          - site_name_hierarchy: "Global/India/Chennai"
            fabric_type: "fabric_zone"
          vlan_id: 1333
          traffic_type: "VOICE"
          fabric_enabled_wireless: true

- name: Deleting Layer 2 Fabric VLAN from the Cisco Catalyst Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: deleted
    config:
      - fabric_vlan:
        - vlan_name: "vlan_test1"
          fabric_site_locations:
          - site_name_hierarchy: "Global/India/Chennai"
            fabric_type: "fabric_zone"
          vlan_id: 1333

- name: Create layer3 Virtual Network and anchored the site to the VN as well.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - virtual_networks:
        - vn_name: "vn_with_anchor"
          fabric_site_locations:
            - site_name_hierarchy: "Global/India"
              fabric_type: "fabric_site"
          anchored_site_name: "Global/India"

- name: Create layer3 Virtual Network and extend it to multiple fabric sites.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - virtual_networks:
        - vn_name: "vn_test"
          fabric_site_locations:
            - site_name_hierarchy: "Global/India"
              fabric_type: "fabric_site"
            - site_name_hierarchy: "Global/USA"
              fabric_type: "fabric_site"

- name: Update layer3 Virtual Network in the Cisco Catalyst Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - virtual_networks:
        - vn_name: "vn_test"
          fabric_site_locations:
            - site_name_hierarchy: "Global/India"
              fabric_type: "fabric_site"
            - site_name_hierarchy: "Global/USA"
              fabric_type: "fabric_site"
            - site_name_hierarchy: "Global/China"
              fabric_type: "fabric_site"

- name: Deleting layer3 Virtual Network from the Cisco Catalyst Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: deleted
    config:
      - virtual_networks:
          - vn_name: "vlan_test1"

- name: Create the Anycast gateway(s) for SDA in Catalsyt Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - anycast_gateways:
        - vn_name: "VN_Anycast"
          fabric_site_location:
            site_name_hierarchy: "Global/India"
            fabric_type: "fabric_site"
          ip_pool_name: "IP_Pool_1"
          tcp_mss_adjustment: 580
          traffic_type: "DATA"
          is_critical_pool: false
          auto_generate_vlan_name: true

- name: Update the Anycast gateway(s) for SDA in Catalsyt Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - anycast_gateways:
        - vn_name: "VN_India"
          fabric_site_location:
            site_name_hierarchy: "Global/India"
            fabric_type: "fabric_site"
          ip_pool_name: "Reserve_Ip_Abhi_pool"
          tcp_mss_adjustment: 590
          traffic_type: "DATA"
          is_critical_pool: false
          layer2_flooding_enabled: false
          multiple_ip_to_mac_addresses: false

- name: Deleting Anycast Gateway from the Cisco Catalyst Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: deleted
    config:
      - anycast_gateways:
        - vn_name: "vlan_test1"
          fabric_site_location:
            site_name_hierarchy: "Global/India"
            fabric_type: "fabric_site"
          ip_pool_name: "IP_Pool_1"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

dnac_response

dictionary

A dictionary or list with the response returned by the Cisco Catalyst Center Python SDK

Returned: always

Sample: {"response": {"taskId": "string", "url": "string"}, "version": "string"}

Authors

  • Abhishek Maheshwari (@abmahesh) Madhan Sankaranarayanan (@madhansansel)