Cisco MCP Server
Executes Cisco CLI commands on network devices over SSH, providing both exec and config command tools for operational and configuration tasks.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Cisco MCP Servershow version on 10.10.10.1"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Cisco MCP Server
Production-grade Model Context Protocol (MCP) server for executing Cisco CLI commands on network devices over SSH.
Architecture
MCP Client (LLM)
↓
Tool Selection
┌─────────────────────┐
│ execute_exec_command │ ← show, ping, clear, traceroute, dir
│ execute_config_command│ ← interface, hostname, router, acl
└─────────────────────┘
↓
Validation Layer (validator)
↓
Connector Layer (cisco.py)
↓
SSH Transport (Scrapli + Paramiko)
↓
Cisco DeviceRelated MCP server: Network MCP Server
Features
Two MCP Tools: LLM decides whether to call the exec or config tool
execute_exec_command— operational/exec mode commands (show, ping, clear, traceroute, etc.)execute_config_command— configuration mode commands (interface, hostname, router, etc.)
Configuration Mode Management: Automatically handles
enable → configure terminal → commands → endPagination Handling: Automatically disables pagination (
terminal length 0) for exec commandsDangerous Command Blocking: Rejects
reload,write erase,debug, etc.Managed Command Rejection: Rejects
conf t,enable,end,exit(server manages these)Structured Audit Logging: JSON-line audit trail for every execution
Legacy SSH Support: Paramiko transport for devices with older SSH (e.g.,
diffie-hellman-group1-sha1)Vendor Extensible: Abstract base connector supports future vendors (Juniper, Arista, etc.)
Project Structure
mcp_server/
├── server.py # MCP server entry point (two tools registered)
├── config.py # Configuration management (env vars)
├── models.py # Pydantic request/response models
├── tools/
│ └── execute_commands.py # ExecCommandTool + ConfigCommandTool
├── connectors/
│ ├── base.py # Abstract base connector
│ └── cisco.py # Cisco IOS/IOS-XE connector (Scrapli + Paramiko)
├── validation/
│ ├── classifier.py # Command classifier (kept for reference/utility)
│ └── validator.py # Input validator (dangerous cmds, device check)
├── inventory/
│ └── devices.yaml # Device inventory
├── audit/
│ └── audit_logger.py # Structured audit logger
├── utils/
│ ├── logger.py # Logging configuration
│ └── exceptions.py # Custom exceptions
└── tests/
├── test_classifier.py
├── test_validator.py
├── test_models.py
└── test_execute_commands.pySetup
Prerequisites
Python 3.11+
Access to Cisco devices via SSH
Installation
# Clone and enter project directory
cd Cicsco_MCP_New
# Create virtual environment
python -m venv .venv
.venv\Scripts\activate # Windows
# source .venv/bin/activate # Linux/Mac
# Install dependencies
pip install -r requirements.txtConfiguration
Copy the environment template:
copy .env.example .envEdit
.envwith your credentials:
CISCO_USERNAME=admin
CISCO_PASSWORD=your_password
CISCO_ENABLE_PASSWORD=your_enable_password
SSH_TIMEOUT=30
SSH_PORT=22
LOG_LEVEL=INFOEdit
mcp_server/inventory/devices.yamlto add your devices:
devices:
"10.10.10.1":
hostname: "R1"
platform: "cisco_iosxe"
description: "Core Router"Note: If
devices.yamlis empty or missing, the server allows connections to any device.
Running the Server
Standalone (stdio transport)
python -m mcp_server.serverTesting with MCP Inspector
npx @modelcontextprotocol/inspector python -m mcp_server.serverOpens a browser UI where you can select either tool and test with real devices.
VS Code / Claude Desktop Integration
Add to your MCP client configuration:
{
"mcpServers": {
"cisco": {
"command": "python",
"args": ["-m", "mcp_server.server"],
"cwd": "C:/path/to/Cicsco_MCP_New"
}
}
}Usage
Tool 1: execute_exec_command
For operational/exec mode commands — the LLM calls this for show, ping, clear, traceroute, etc.
Request:
{
"device": "10.10.10.1",
"commands": [
"show version",
"show ip interface brief"
]
}Response:
{
"success": true,
"mode": "exec",
"device": "10.10.10.1",
"execution_time": 2.31,
"results": [
{
"command": "show version",
"output": "Cisco IOS XE Software, Version 17.03.04a..."
},
{
"command": "show ip interface brief",
"output": "Interface IP-Address OK? Method Status..."
}
]
}Tool 2: execute_config_command
For configuration mode commands — the LLM calls this for interface, routing, ACL changes, etc.
The server automatically handles enable → configure terminal → commands → end.
Request:
{
"device": "10.10.10.1",
"commands": [
"interface Loopback100",
"ip address 10.100.0.1 255.255.255.0",
"no shutdown"
]
}Response:
{
"success": true,
"mode": "config",
"device": "10.10.10.1",
"execution_time": 1.92,
"results": [
{
"command": "interface Loopback100",
"status": "success"
},
{
"command": "ip address 10.100.0.1 255.255.255.0",
"status": "success"
},
{
"command": "no shutdown",
"status": "success"
}
]
}Error Responses
Authentication failure:
{
"success": false,
"device": "10.10.10.1",
"error": "Authentication failed for device 10.10.10.1."
}Blocked dangerous command:
{
"success": false,
"device": "10.10.10.1",
"error": "Blocked dangerous command: 'reload'"
}Managed command rejected:
{
"success": false,
"device": "10.10.10.1",
"error": "Command 'configure terminal' is managed automatically by the server. Do not include it in the command list."
}Running Tests
pytest mcp_server/tests/ -vSecurity
All inputs are validated before any device connection
Dangerous commands are blocked at the validation layer
No shell commands are executed on the MCP server host
Credentials are loaded from environment variables (never hardcoded)
SSH connections use secure authentication
Audit logs record every execution for compliance
Extending for Other Vendors
To add support for a new vendor (e.g., Juniper):
Create
mcp_server/connectors/juniper.pyImplement the
BaseConnectorinterfaceUpdate device inventory with platform type
The tool, validation, and audit layers remain unchanged.
License
Internal use only.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Ved-Tripathi07/CiscoMCPServer'
If you have feedback or need assistance with the MCP directory API, please join our Discord server