cisco.dnac.sda_fabric_virtual_networks_workflow_manager module – Configure fabric VLANs, Virtual Networks, and Anycast Gateways in Cisco Catalyst Center.

Note

This module is part of the cisco.dnac collection (version 6.22.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cisco.dnac. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cisco.dnac.sda_fabric_virtual_networks_workflow_manager.

New in cisco.dnac 6.18.0

Synopsis 

Create, update, or delete layer2 Fabric VLAN(s) for SDA operations in Cisco Catalyst Center.
Create, update, or delete layer3 Virtual Network(s) for SDA operations in Cisco Catalyst Center.
Create, update, or delete Anycast Gateway(s) for SDA operations in Cisco Catalyst Center.

Requirements 

The below requirements are needed on the host that executes this module.

dnacentersdk >= 2.9.2
python >= 3.9

Parameters 

Parameter	Comments
config list / elements=dictionary / required	A list containing detailed configurations for creating, updating, or deleting fabric sites/zones in a Software-Defined Access (SDA) environment. It also includes specifications for updating the authentication profile template for these sites. Each element in the list represents a specific operation to be performed on the SDA infrastructure, such as the addition, modification, or removal of fabric sites/zones, and modifications to authentication profiles.
anycast_gateways list / elements=dictionary	A list of anycast gateways in the SDA fabric, each with details about its associated virtual network, IP pool, VLAN configuration, and other advanced network settings.
auto_generate_vlan_name boolean	Specifies whether the VLAN name should be auto-generated. If ‘is_critical_pool’ is set to true, then this field must also be set to true. If ‘auto_generate_vlan_name’ is set to true, then ‘vlan_name’ and ‘vlan_id’ will be autogenerated by Catalyst Center, even if ‘vlan_name’ or ‘vlan_id’ is provided in the playbook. Choices: `false` `true`
fabric_enabled_wireless boolean	Specifies whether the anycast gateway is enabled for wireless in the fabric. By default, this field is set to false. This field is not applicable to INFRA_VN. Choices: `false` ← (default) `true`
fabric_site_locations dictionary / required	A list of fabric site locations where this Layer3 virtual network will be assigned, including details about the site hierarchy and fabric type. If this parameter is provided, ensure that both site_name and fabric_type are specified for each entry. This is required to extend the virtual networks across the specified fabric sites.
fabric_type string	Specifies the type of site to be managed within the SDA environment. The acceptable values are ‘fabric_site’ and ‘fabric_zone’. The default value is ‘fabric_site’, indicating the configuration of a broader network area, whereas ‘fabric_zone’ typically refers to a more specific segment within the site. Default: `"fabric_site"`
site_name_hierarchy string	The hierarchical name of the site where the anycast gateway is deployed.
group_policy_enforcement_enabled boolean	Indicates whether group policy enforcement is enabled in the fabric. By default, it is set to false. Choices: `false` ← (default) `true`
intra_subnet_routing_enabled boolean	Specifies whether routing is enabled within the subnet. By default, this field is set to false. This field is not applicable to INFRA_VN. Updating this field is not allowed. Choices: `false` ← (default) `true`
ip_directed_broadcast boolean	Indicates whether IP directed broadcasts are allowed. By default, it is set to false. This field is not applicable to INFRA_VN. Choices: `false` ← (default) `true`
ip_pool_name string / required	Name of the IP pool associated with the anycast gateway. The IP pool must already exist in the Cisco Catalyst Center, if it does not exist, it can be created or reserved using the ‘network_settings_workflow_manager’ module. Updating this field is not allowed.
is_critical_pool boolean	Specifies whether this pool is marked as critical for the network. If set to true, ‘auto_generate_vlan_name’ must also be true. By default, this field is set to false. This field is not applicable to INFRA_VN. Updating this field is not allowed. Choices: `false` ← (default) `true`
layer2_flooding_enabled boolean	Indicates whether Layer 2 flooding is enabled in the network. By default, it is set to false. It is not applicable to INFRA_VN. Choices: `false` ← (default) `true`
multiple_ip_to_mac_addresses boolean	Indicates whether multiple IPs can be associated with a single MAC address. By default, it is set to false. This field is not applicable to INFRA_VN. Choices: `false` ← (default) `true`
pool_type string	The pool type of the anycast gateway. This field is required and applicable only to INFRA_VN. One of the following values must be selected (EXTENDED_NODE, FABRIC_AP). Updating this field is not allowed.
security_group_name string	The name of the security group associated with the anycast gateway. It is not applicable to INFRA_VN.
supplicant_based_extended_node_onboarding boolean	Specifies whether supplicant-based onboarding for extended nodes is enabled. By default, this field is set to false. This field is applicable only to INFRA_VN requests and must not be null when ‘pool_type’ is EXTENDED_NODE. Choices: `false` ← (default) `true`
tcp_mss_adjustment integer	The value used to adjust the TCP Maximum Segment Size (MSS). The value should be in the range (500, 1441).
traffic_type string	The type of traffic handled by the VLAN (e.g., DATA, VOICE). By defaut, it is set to “DATA”. Updating the “traffic_type” in the anycast gateway is not allowed if “is_critical_pool” is set to true.
vlan_id integer	ID of the VLAN for the anycast gateway. The allowed VLAN range is 2-4093, except for reserved VLANs 1002-1005, 2046, and 4094. If deploying an anycast gateway on a fabric zone, this ‘vlan_id’ must match the ‘vlan_id’ of the corresponding anycast gateway on the fabric site. This field is optional if the parameter ‘auto_generate_vlan_name’ is set to true. Updating this field is not allowed.
vlan_name string	Name of the VLAN for the anycast gateway. This field is optional if the parameter auto_generate_vlan_name is set to True. Updating this field is not allowed.
vn_name string / required	The name of the Layer3 virtual network. It must consist only of letters, numbers, and underscores, with a length between 1 and 16 characters. This field cannot be updated after creation.
fabric_vlan list / elements=dictionary	A list of VLAN configurations for fabric sites in SDA environment. Each VLAN entry includes information about its name, ID, traffic type, and wireless capabilities.
associated_layer3_virtual_network string	Name of the layer3 virtual network associated with the layer2 fabric VLAN. This field is provided to support requests related to virtual network anchoring. The layer3 virtual network must have already been added to the fabric before association. This field must either be present in all payload elements or none. And updation of this field is not allowed.
fabric_enabled_wireless boolean	Indicates whether the fabric VLAN is enabled for wireless in the fabric environment. By default, it is set to False. Choices: `false` `true`
fabric_site_locations list / elements=dictionary	A list of fabric site locations where this VLAN is deployed, including site hierarchy and fabric type details.
fabric_type string / required	Specifies the type of site to be managed within the SDA environment. The acceptable values are ‘fabric_site’ and ‘fabric_zone’. The default value is ‘fabric_site’, indicating the configuration of a broader network area, whereas ‘fabric_zone’ typically refers to a more specific segment within the site.
site_name_hierarchy string / required	This name uniquely identifies the site for operations such as creating/updating/deleting any fabric VLAN. This parameter is required, and updates to this field is not allowed.
traffic_type string / required	The type of traffic handled by the VLAN (e.g., DATA, VOICE). By default, it is set to “DATA”.
vlan_id integer / required	ID for the layer2 VLAN network. Allowed VLAN range is 2-4093 except for reserved VLANs 1002-1005, and 2046. If deploying on a fabric zone, this vlan_id must match the vlan_id of the corresponding layer2 virtual network on the fabric site. And updation of this field is not allowed.
vlan_name string / required	Name of the VLAN of the layer2 virtual network. Must contain only alphanumeric characters, underscores, and hyphens. Updating this field is not allowed.
virtual_networks list / elements=dictionary	A list of virtual networks (VNs) configured within the SDA fabric. Each virtual network includes details such as its name, associated fabric sites, and optionally, an anchored site.
anchored_site_name string	Specifies the name of the fabric site where the virtual network is anchored. When this parameter is provided, ensure that the ‘fabric_site_locations’ contains the same ‘site_name’, and that only one fabric site location is specified. If all parameters are provided, the Layer3 virtual network is created and extended across multiple fabric sites. However, the operation will fail due to conflicting ‘anchored_site_name’ settings, and the module will return a failure response. For a Virtual Network anchored at a site, at least one Control Plane (CP) and External Border must be present.
fabric_site_locations list / elements=dictionary	A list of fabric site locations where this this Layer3 virtual network is to be assigned to, including site hierarchy and fabric type details. If this parameter is given make sure to provide the site_name and fabric_type as well as the required parameter to extend the virtual networks across given fabric sites.
fabric_type string	Specifies the type of site to be managed within the SDA environment. The acceptable values are ‘fabric_site’ and ‘fabric_zone’. The default value is ‘fabric_site’, indicating the configuration of a broader network area, whereas ‘fabric_zone’ typically refers to a more specific segment within the site. Default: `"fabric_site"`
site_name_hierarchy string	This name uniquely identifies the site for operations such as creating/updating/deleting any layer3 virtual network.
vn_name string / required	The virtual network must be added to the site before creating an anycast gateway with it. Updating this field is not allowed. It consist of only letters, numbers, and underscores, and must be between 1-16 characters in length.
config_verify boolean	Set to True to verify the Cisco Catalyst Center config after applying the playbook config. Choices: `false` ← (default) `true`
dnac_api_task_timeout integer	Defines the timeout in seconds for API calls to retrieve task details. If the task details are not received within this period, the process will end, and a timeout notification will be logged. Default: `1200`
dnac_debug boolean	Indicates whether debugging is enabled in the Cisco Catalyst Center SDK. Choices: `false` ← (default) `true`
dnac_host string / required	The hostname of the Cisco Catalyst Center.
dnac_log boolean	Flag to enable/disable playbook execution logging. When true and dnac_log_file_path is provided, - Create the log file at the execution location with the specified name. When true and dnac_log_file_path is not provided, - Create the log file at the execution location with the name ‘dnac.log’. When false, - Logging is disabled. If the log file doesn’t exist, - It is created in append or write mode based on the “dnac_log_append” flag. If the log file exists, - It is overwritten or appended based on the “dnac_log_append” flag. Choices: `false` ← (default) `true`
dnac_log_append boolean	Determines the mode of the file. Set to True for ‘append’ mode. Set to False for ‘write’ mode. Choices: `false` `true` ← (default)
dnac_log_file_path string	Governs logging. Logs are recorded if dnac_log is True. If path is not specified, - When ‘dnac_log_append’ is True, ‘dnac.log’ is generated in the current Ansible directory; logs are appended. - When ‘dnac_log_append’ is False, ‘dnac.log’ is generated; logs are overwritten. If path is specified, - When ‘dnac_log_append’ is True, the file opens in append mode. - When ‘dnac_log_append’ is False, the file opens in write (w) mode. - In shared file scenarios, without append mode, content is overwritten after each module execution. - For a shared log file, set append to False for the 1st module (to overwrite); for subsequent modules, set append to True. Default: `"dnac.log"`
dnac_log_level string	Sets the threshold for log level. Messages with a level equal to or higher than this will be logged. Levels are listed in order of severity [CRITICAL, ERROR, WARNING, INFO, DEBUG]. CRITICAL indicates serious errors halting the program. Displays only CRITICAL messages. ERROR indicates problems preventing a function. Displays ERROR and CRITICAL messages. WARNING indicates potential future issues. Displays WARNING, ERROR, CRITICAL messages. INFO tracks normal operation. Displays INFO, WARNING, ERROR, CRITICAL messages. DEBUG provides detailed diagnostic info. Displays all log messages. Default: `"WARNING"`
dnac_password string	The password for authentication at the Cisco Catalyst Center.
dnac_port string	Specifies the port number associated with the Cisco Catalyst Center. Default: `"443"`
dnac_task_poll_interval integer	Specifies the interval in seconds between successive calls to the API to retrieve task details. Default: `2`
dnac_username aliases: user string	The username for authentication at the Cisco Catalyst Center. Default: `"admin"`
dnac_verify boolean	Flag to enable or disable SSL certificate verification. Choices: `false` `true` ← (default)
dnac_version string	Specifies the version of the Cisco Catalyst Center that the SDK should use. Default: `"2.2.3.3"`
state string	The state of Cisco Catalyst Center after module completion. Choices: `"merged"` ← (default) `"deleted"`
validate_response_schema boolean	Flag for Cisco Catalyst Center SDK to enable the validation of request bodies against a JSON schema. Choices: `false` `true` ← (default)

Notes 

Note

To ensure the module operates correctly for scaled sets, which involve creating, updating, or deleting Layer2 fabric VLANs and Layer3 virtual networks, as well as configuring anycast gateways, valid input in the playbook is required. If any failures are encountered, the module will halt execution without proceeding to further operations.
To delete the Fabric VLAN on the fabric site, if any fabric zones exist within that site, the Fabric VLAN must be deleted from the fabric zones first. Only after all Fabric VLANs are deleted from the fabric zones will the parent fabric site with VLAN be available for deletion.
For Layer 3 virtual networks, all Anycast Gateways associated with the given virtual network must be deleted first before the deletion operation for the virtual network is enabled.
All newly created Layer3 Virtual Networks must either be assigned to one or more Fabric Sites, or they all must not be assigned to any Fabric Sites.
SDK Method used are ccc_virtual_network.sda.get_site ccc_virtual_network.sda.get_fabric_sites ccc_virtual_network.sda.get_fabric_zones ccc_virtual_network.sda.get_layer2_virtual_networks ccc_virtual_network.sda.add_layer2_virtual_networks ccc_virtual_network.sda.update_layer2_virtual_networks ccc_virtual_network.sda.delete_layer2_virtual_network_by_id ccc_virtual_network.sda.get_layer3_virtual_networks ccc_virtual_network.sda.add_layer3_virtual_networks ccc_virtual_network.sda.update_layer3_virtual_networks ccc_virtual_network.sda.delete_layer3_virtual_network_by_id ccc_virtual_network.sda.get_reserve_ip_subpool ccc_virtual_network.sda.get_anycast_gateways ccc_virtual_network.sda.add_anycast_gateways ccc_virtual_network.sda.update_anycast_gateways ccc_virtual_network.sda.delete_anycast_gateway_by_id
Does not support check_mode
The plugin runs on the control node and does not use any ansible connection plugins instead embedded connection manager from Cisco Catalyst Center SDK
The parameters starting with dnac_ are used by the Cisco Catalyst Center Python SDK to establish the connection

Examples 

- name: Create Layer2 Fabric VLAN for SDA for sda in Cisco Catalyst Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - fabric_vlan:
        - vlan_name: "vlan_test1"
          fabric_site_locations:
          - site_name_hierarchy: "Global/India"
            fabric_type: "fabric_site"
          - site_name_hierarchy: "Global/India/Chennai"
            fabric_type: "fabric_zone"
          vlan_id: 1333
          traffic_type: "DATA"
          fabric_enabled_wireless: false
        - vlan_name: "vlan_test2"
          fabric_site_locations:
          - site_name_hierarchy: "Global/USA"
            fabric_type: "fabric_site"
          vlan_id: 1334
          traffic_type: "VOICE"
          fabric_enabled_wireless: false

- name: Update Layer 2 Fabric VLAN for SDA in Cisco Catalyst Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - fabric_vlan:
        - vlan_name: "vlan_test1"
          fabric_site_locations:
          - site_name_hierarchy: "Global/India"
            fabric_type: "fabric_site"
          - site_name_hierarchy: "Global/India/Chennai"
            fabric_type: "fabric_zone"
          vlan_id: 1333
          traffic_type: "VOICE"
          fabric_enabled_wireless: true

- name: Deleting Layer 2 Fabric VLAN from the Cisco Catalyst Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: deleted
    config:
      - fabric_vlan:
        - vlan_name: "vlan_test1"
          fabric_site_locations:
          - site_name_hierarchy: "Global/India/Chennai"
            fabric_type: "fabric_zone"
          vlan_id: 1333

- name: Create layer3 Virtual Network and anchored the site to the VN as well.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - virtual_networks:
        - vn_name: "vn_with_anchor"
          fabric_site_locations:
            - site_name_hierarchy: "Global/India"
              fabric_type: "fabric_site"
          anchored_site_name: "Global/India"

- name: Create layer3 Virtual Network and extend it to multiple fabric sites.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - virtual_networks:
        - vn_name: "vn_test"
          fabric_site_locations:
            - site_name_hierarchy: "Global/India"
              fabric_type: "fabric_site"
            - site_name_hierarchy: "Global/USA"
              fabric_type: "fabric_site"

- name: Update layer3 Virtual Network in the Cisco Catalyst Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - virtual_networks:
        - vn_name: "vn_test"
          fabric_site_locations:
            - site_name_hierarchy: "Global/India"
              fabric_type: "fabric_site"
            - site_name_hierarchy: "Global/USA"
              fabric_type: "fabric_site"
            - site_name_hierarchy: "Global/China"
              fabric_type: "fabric_site"

- name: Deleting layer3 Virtual Network from the Cisco Catalyst Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: deleted
    config:
      - virtual_networks:
          - vn_name: "vlan_test1"

- name: Create the Anycast gateway(s) for SDA in Catalsyt Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - anycast_gateways:
        - vn_name: "VN_Anycast"
          fabric_site_location:
            site_name_hierarchy: "Global/India"
            fabric_type: "fabric_site"
          ip_pool_name: "IP_Pool_1"
          tcp_mss_adjustment: 580
          traffic_type: "DATA"
          is_critical_pool: false
          auto_generate_vlan_name: true

- name: Update the Anycast gateway(s) for SDA in Catalsyt Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: merged
    config:
      - anycast_gateways:
        - vn_name: "VN_India"
          fabric_site_location:
            site_name_hierarchy: "Global/India"
            fabric_type: "fabric_site"
          ip_pool_name: "Reserve_Ip_Abhi_pool"
          tcp_mss_adjustment: 590
          traffic_type: "DATA"
          is_critical_pool: false
          layer2_flooding_enabled: false
          multiple_ip_to_mac_addresses: false

- name: Deleting Anycast Gateway from the Cisco Catalyst Center.
  cisco.dnac.sda_fabric_virtual_networks_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    state: deleted
    config:
      - anycast_gateways:
        - vn_name: "vlan_test1"
          fabric_site_location:
            site_name_hierarchy: "Global/India"
            fabric_type: "fabric_site"
          ip_pool_name: "IP_Pool_1"

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
dnac_response dictionary	A dictionary or list with the response returned by the Cisco Catalyst Center Python SDK Returned: always Sample: `{"response": {"taskId": "string", "url": "string"}, "version": "string"}`

Authors

Abhishek Maheshwari (@abmahesh) Madhan Sankaranarayanan (@madhansansel)

cisco.dnac.sda_fabric_virtual_networks_workflow_manager module – Configure fabric VLANs, Virtual Networks, and Anycast Gateways in Cisco Catalyst Center.

Synopsis

Requirements

Parameters

Notes

Examples

Return Values