TerraformPilot

DevOps

Terraform for Cisco NX-OS Data Center Switches

Automate Cisco Nexus NX-OS data-center switches with Terraform: VXLAN EVPN, vPC, leaf-spine fabrics, and ACI-adjacent automation.

LLuca Berton1 min read

Cisco NX-OS runs the Nexus 9000 / 7000 family in data centers — leaf-spine fabrics, VXLAN EVPN, vPC. The CiscoDevNet/nxos Terraform provider speaks NX-API REST to the box; pair it with NDFC for fabric-wide intent.

Provider

# 
terraform {
  required_providers {
    nxos = {
      source  = "CiscoDevNet/nxos"
      version = "~> 0.5"
    }
  }
}
 
provider "nxos" {
  username = var.username
  password = var.password
  url      = "https://${var.leaf_ip}"
}

VLAN and VXLAN VNI Mapping

# 
resource "nxos_vlan" "tenant" {
  vlan_id = 100
  name    = "tenant-blue"
}
 
resource "nxos_vni" "tenant" {
  vni = 10100
}
 
resource "nxos_vlan_vni_map" "tenant" {
  vlan_id = nxos_vlan.tenant.vlan_id
  vni     = nxos_vni.tenant.vni
}

BGP EVPN

# 
resource "nxos_bgp" "fabric" {
  asn = "65001"
}
 
resource "nxos_bgp_address_family_neighbor" "spine_evpn" {
  asn      = nxos_bgp.fabric.asn
  vrf      = "default"
  neighbor = "10.0.0.0/24"
  address_family = "l2vpn-evpn"
  send_community_extended = "enabled"
}

vPC Domain

# 
resource "nxos_vpc_domain" "leaf_pair" {
  domain = 10
}

Best Practices

#
  • Don't mix NDFC-managed fabric with raw Terraform — pick one source of truth per fabric.
  • EVPN configs are fragile: roll out per-leaf, not all at once.
  • CI plan/apply with maintenance windows — NX-OS apply errors mid-config can leave a switch half-configured.
  • Backup running-config out-of-band before each Terraform apply.
#
#Terraform#Cisco NX-OS#Nexus#VXLAN#EVPN

Share this article

Related articles