| send_custom_commandA | Execute SSH command on generic network devices (Cisco, Juniper, Arista, Linux, etc.).
⚠️ NOT for Palo Alto firewalls - use paloalto_send_command instead.
Works with standard SSH devices that don't require PTY interactive sessions.
|
| send_custom_command_parallelA | Execute SSH commands on multiple generic network devices in parallel.
⚠️ NOT for Palo Alto firewalls - use paloalto_send_command_parallel instead.
Args:
targets: List of {"ip": "192.168.1.1", "command": "show version"}
timeout: Global timeout in seconds (default: 30s)
Example:
[
{"ip": "192.168.1.1", "command": "show version"},
{"ip": "192.168.1.2", "command": "show ip route"}
]
|
| get_mikrotik_interfacesC | Retrieves the interfaces of a MikroTik router. |
| get_mikrotik_ipaddressesC | Retrieves the configured IP addresses. |
| get_mikrotik_route_prefixC | Query routing for a specific prefix on a MikroTik. |
| get_mikrotik_identityC | Retrieves the name of router. |
| get_mikrotik_healthB | Retrieves system health (temperature, voltage). |
| get_mikrotik_routerboardC | Retrieves the hardware information from the routerboard. |
| get_mikrotik_logsC | Retrieves system logs (default: last 100 logs). |
| get_mikrotik_bgp_connectionsC | Retrieves the BGP connection configuration. |
| get_mikrotik_bgp_sessionsC | Retrieves the state of BGP sessions. |
| mikrotik_ssh_route_checkC | Check route to destination via SSH (NOT available in REST API). |
| mikrotik_ssh_customC | Execute custom MikroTik command via SSH (for LLM flexibility). |
| graylog_search_logsB | Search Graylog logs with query filter (ex: 'bgp', 'firewall'). Default: 1h, 20 results. |
| graylog_get_streamsB | Retrieve list of available Graylog log streams. |
| graylog_system_infoB | Retrieve Graylog system information. |
| aruba_get_ap_databaseC | Get complete list of Access Points from Aruba controller. |
| aruba_get_clientsC | Get list of connected WiFi clients. |
| aruba_get_rogue_apsC | Get list of unauthorized/rogue access points (Security). |
| aruba_get_channelsB | Get active channel information for RF optimization. |
| aruba_get_wlansC | Get WLAN/SSID profile configuration. |
| aruba_get_ap_statsB | Get AP performance metrics and ARM state. |
| aruba_get_licensesB | Get license compliance information. |
| aruba_get_controller_infoA | Get Aruba controller system information and version. |
| aruba_custom_commandA | Execute custom show command on Aruba controller (e.g., 'show ap database'). |
| paloalto_send_commandA | Execute SSH command specifically on Palo Alto firewalls.
🔥 USE THIS for ALL Palo Alto firewall commands (show vpn, show system, show routing, etc.).
This tool uses PTY interactive sessions required by Palo Alto PAN-OS.
Examples:
- "show vpn gateway"
- "show system info"
- "show routing route"
|
| paloalto_send_command_parallelA | Execute SSH commands on multiple Palo Alto firewalls in parallel.
🔥 USE THIS for batch operations on multiple Palo Alto firewalls.
Args:
targets: List of {"ip": "10.240.203.241", "command": "show vpn gateway"}
timeout: Global timeout in seconds (default: 120s)
|
| librenms_list_devicesA | List all devices or filter by criteria (type, os, location, hostname). |
| librenms_get_devices_by_osA | Get all devices running a specific OS (e.g., 'routeros', 'ios', 'linux'). |
| librenms_get_device_infoC | Get detailed device information by hostname. |
| librenms_get_device_healthC | Get device health information including all sensor types. |
| librenms_get_device_sensorsC | Get device sensors with optional filter (temperature, voltage, state, etc.). |
| librenms_get_device_portsC | Get all ports/interfaces information for a device. |
| librenms_get_device_statsC | Get comprehensive device statistics (uptime, ports, availability). |
| librenms_get_locationsA | Get all locations configured in LibreNMS. |
| librenms_get_eventlogC | Get general event logs from LibreNMS. |
| librenms_get_device_eventlogC | Get event logs for a specific device. |
| apic_test_connectionB | Test connection to Cisco APIC controller. |
| apic_get_fabric_healthA | Get ACI fabric overall health status. Returns health summary including critical faults count, controller status,
and details of the 5 most recent critical faults. |
| apic_get_tenantsA | List all tenants configured on the Cisco APIC. Returns list of tenants with name, DN, description, and status.
Tenants are sorted alphabetically by name. |
| apic_get_faultsA | Retrieve active faults from the Cisco APIC system. Returns list of active faults with severity breakdown (critical, major, minor, warning, info).
Faults are sorted by severity and creation time (most recent first).
Limited to 50 most recent/critical faults. |
| apic_get_nodes_inventoryA | Retrieve ACI fabric nodes inventory. Returns complete inventory of fabric nodes including controllers, leafs, and spines.
Includes node ID, name, serial number, model, role, version, IP address, and fabric status. |
| apic_get_epgsA | Retrieve Endpoint Groups (EPGs) from APIC.
Args:
tenant: Optional tenant name filter. If not specified, returns EPGs from all tenants.
Returns EPGs with tenant, application, name, description, and policy details.
|
| apic_get_vrfsA | Retrieve VRFs (Virtual Routing and Forwarding instances) from APIC.
Args:
tenant: Optional tenant name filter. If not specified, returns VRFs from all tenants.
Returns VRFs with tenant, name, description, and policy control settings.
|
| apic_get_contractsA | Retrieve security contracts from APIC.
Args:
tenant: Optional tenant name filter. If not specified, returns contracts from all tenants.
Returns contracts with tenant, name, description, scope, priority, and DSCP settings.
|
| apic_get_eventsA | Retrieve recent events from APIC event log.
Args:
time_range: Time range in hours (default: 24h)
Returns recent events with severity breakdown, sorted by creation time.
Limited to 100 most recent events.
|
| apic_get_cpu_utilizationA | Retrieve CPU utilization for all fabric nodes. Returns CPU usage statistics per node including average, max, and min utilization.
Shows user, kernel, idle, and wait times for each node. |
| apic_get_audit_logsA | Retrieve audit logs of configuration changes.
Args:
hours: Number of hours back to retrieve logs (default: 24h)
Returns audit logs with user activity breakdown and configuration changes.
Limited to 50 most recent changes.
|
| apic_get_fabric_topologyA | Retrieve ACI fabric topology with nodes and links. Returns complete fabric topology including all nodes (controllers, leafs, spines)
and fabric links between them. Useful for understanding physical connectivity. |
| apic_get_epg_endpointsA | Retrieve endpoints from a specific EPG.
Args:
tenant: Tenant name
application: Application profile name
epg: Endpoint Group name
Returns all endpoints in the EPG with MAC, IP, encapsulation, and location details.
|
| apic_track_endpointA | Track a specific endpoint by MAC or IP address.
Args:
mac_or_ip: MAC address (format: XX:XX:XX:XX:XX:XX or XX-XX-XX-XX-XX-XX) or IP address
Returns endpoint location including tenant, application, EPG, encapsulation, and other details.
Useful for troubleshooting connectivity issues.
|
| apic_search_by_ipA | Search APIC objects by IP address.
Args:
ip_address: IP address to search
Returns matching endpoints and subnets that contain or use this IP address.
Comprehensive search across the fabric.
|
| apic_get_health_scoresA | Retrieve health scores of APIC objects.
Returns health scores of monitored objects with severity classification.
Objects are classified as healthy (>=90), minor (75-89), major (50-74), or critical (<50).
|
| apic_get_physical_interfacesA | Retrieve physical interfaces from a specific node or all nodes.
Args:
node_id: Optional node ID filter. If not specified, returns interfaces from all nodes (limited to 100).
Returns list of physical interfaces with admin state, operational state, speed, usage, and MTU.
|
| apic_get_interface_statisticsB | Retrieve interface statistics for specific node and/or interface.
Args:
node_id: Optional node ID filter
interface: Optional specific interface name
Returns interface statistics including operational state, speed, and usage.
Useful for monitoring interface health and performance.
|
| apic_get_lldp_neighborsA | Retrieve LLDP neighbors discovered on fabric nodes.
Args:
node_id: Optional node ID filter. If not specified, returns neighbors from all nodes (limited to 50).
Returns LLDP neighbor information including remote system name, port description,
chassis ID, and management IP. Useful for understanding physical topology.
|
| apic_get_gipo_pool_configA | Retrieve GIPo (Group IP Outer) multicast pool configuration. Returns GIPo pool configuration for bridge domains and VRFs.
GIPo addresses are used for BUM (Broadcast, Unknown unicast, Multicast) traffic in the fabric. |
| apic_get_bridge_domains_multicastA | Retrieve multicast information for all bridge domains.
Returns comprehensive multicast configuration including:
- GIPo multicast addresses (bcastP) for BUM traffic
- IGMP snooping configuration
- Multicast flooding settings
- IPv6 multicast support
- Discovered IGMP groups
- Static multicast groups
|
| apic_get_bridge_domain_multicast_by_tenantA | Retrieve multicast information for bridge domains of a specific tenant.
Args:
tenant: Tenant name to filter bridge domains
Returns multicast configuration for the tenant's bridge domains including GIPo addresses.
|
| apic_get_capacity_metricsA | Retrieve fabric capacity metrics.
Returns capacity information for each node including:
- Current usage
- Maximum capacity
- Utilization percentage
- Context information
Useful for capacity planning and resource monitoring.
|
| apic_get_resource_utilizationA | Analyze CPU and memory resource utilization across the fabric.
Returns:
- CPU utilization per node
- Memory utilization per node
- Average CPU and memory usage
- Nodes with high utilization (>80% CPU, >85% memory)
Essential for performance monitoring and capacity planning.
|
| apic_get_traffic_analysisB | Analyze network traffic for a tenant or EPG.
Args:
tenant: Optional tenant name to filter traffic
epg: Optional EPG name to filter traffic (requires tenant)
Returns traffic statistics including:
- Bytes average, max, and min
- Traffic data over 5-minute intervals
- Total bytes transferred
Useful for traffic monitoring and troubleshooting.
|
| apic_get_top_talkersA | Identify top network conversations (top talkers).
Returns the top 20 traffic generators including:
- Tenant and EPG information
- Bytes and packets transferred
- Utilization percentage
- Traffic ranking
Useful for identifying bandwidth consumers and traffic patterns.
|
| apic_analyze_pathA | Analyze network paths between two EPGs.
Args:
src_epg: Source EPG DN or name
dst_epg: Destination EPG DN or name
Returns:
- Contracts found between EPGs
- Consumer/provider relationships
- Connectivity status
Useful for troubleshooting connectivity issues and validating security policies.
|
| apic_analyze_connectivityA | Perform comprehensive connectivity and health analysis of the APIC infrastructure.
Returns complete analysis including:
- APIC controller connectivity and version
- Fabric health (nodes online, critical faults)
- Capacity metrics and high-utilization nodes
- Multicast configuration summary
This is a composite function that provides an overall health check of the entire fabric.
|
| ndfc_loginA | Authenticate to NDFC and obtain JWT token.
Token is valid for 3600 seconds (1 hour).
Returns:
Dict with success status and authentication information
|
| ndfc_logoutA | Logout from NDFC and clear JWT token.
Returns:
Dict with success status
|
| ndfc_get_sitesB | Get list of NDFC sites/fabrics.
Returns:
Dict with sites information
|
| ndfc_get_fabricsC | Get list of fabric configurations.
Returns:
Dict with fabrics information including fabric names, types, and status
|
| ndfc_get_switchesA | Get list of switches in a specific fabric.
Args:
fabric_name: Name of the fabric
Returns:
Dict with switches information including serial numbers, IP addresses, and status
|
| ndfc_get_networksB | Get list of networks in a specific fabric.
Args:
fabric_name: Name of the fabric
Returns:
Dict with networks information including network names, VLANs, and configuration
|
| ndfc_get_vrfsA | Get list of VRFs (Virtual Routing and Forwarding instances) in a specific fabric.
Args:
fabric_name: Name of the fabric
Returns:
Dict with VRFs information including VRF names and configuration
|
| ndfc_get_fabric_summaryA | Get summary of all fabric associations (MSD fabric-member relationships).
Returns:
Dict with fabric summary and associations
|
| ndfc_get_deployment_historyB | Get configuration deployment history for a specific fabric.
Args:
fabric_name: Name of the fabric
Returns:
Dict with deployment history records including timestamps and status
|
| ndfc_get_network_statusA | Get deployment status for a specific network in a fabric.
Args:
fabric_name: Name of the fabric
network_name: Name of the network
Returns:
Dict with network status details including deployment state and errors
|
| ndfc_get_network_previewB | Get configuration preview for a specific network deployment.
Args:
fabric_name: Name of the fabric
network_name: Name of the network
Returns:
Dict with configuration preview for each switch showing what will be deployed
|
| ndfc_get_interface_detailsA | Get detailed interface information for a specific switch by serial number.
Args:
serial_number: Serial number of the switch (e.g., "FDO23460MQC")
Returns:
Dict with list of all interfaces and their details (status, VLAN, compliance, etc.)
|
| ndfc_get_all_switchesB | Get list of all switches across all fabrics.
Returns:
Dict with list of switches including serial numbers, fabric, IP addresses, etc.
|
| ndfc_get_event_recordsA | Get event records from Nexus Dashboard event monitoring.
This endpoint provides critical events, alarms, and system notifications.
Args:
limit: Maximum number of events to return (default: 50, max recommended: 1000)
severity: Optional filter by severity (critical, error, warning, info)
Returns:
Dict with event records including metadata and items with severity, description, timestamps, etc.
Results are automatically limited client-side if API returns more than requested.
|
| panorama_system_infoA | Get Panorama system information.
Returns:
Dict with hostname, version, uptime, serial, model, and security versions
(threat, AV, wildfire, URL filtering)
|
| panorama_managed_devicesA | Get inventory of all firewalls managed by Panorama.
Returns:
Dict with total_devices count and devices list containing:
- device name, serial, version, HA state, connection status
- IP address, model, uptime, installed plugins
|
| panorama_device_groupsA | Get list of Device-Groups and their member firewalls.
Returns:
Dict with total_device_groups count and device_groups list
containing name, member devices, and device count
|
| panorama_config_diffA | Get pending configuration changes (candidate vs running config).
Returns:
Dict with has_pending_changes boolean, diff_summary, and diff_content
|
| panorama_security_rules_analysisA | Analyze security rules quality for a Device-Group.
Args:
device_group: Name of the device-group to analyze
Returns:
Dict with rules list and quality_issues analysis:
- rules_without_description count
- rules_with_generic_names count
- too_permissive_rules count (any/any/any)
- details with specific rule names
|
| panorama_audit_logsB | Get configuration audit logs (who changed what, when).
Args:
limit: Maximum number of logs to return (default: 100, max: 1000)
Returns:
Dict with total_logs count and logs list containing:
- time, admin, command, result, path
|
| panorama_unused_objectsB | Find unused address objects in Panorama configuration.
Args:
object_type: Type of object to analyze (default: "address")
Returns:
Dict with total_objects, unused_count, and unused_objects list
|
| panorama_rules_without_profileA | Find security rules without Security Profile Group attached.
Args:
device_group: Name of the device-group to analyze
limit: Maximum number of rules to analyze (default: 100)
Returns:
Dict with total_rules_analyzed, rules_without_profile list, and count
|
| panorama_expiring_certificatesA | Check for certificates expiring within threshold days.
Args:
days_threshold: Days before expiration to alert (default: 30)
Returns:
Dict with total_certificates, expiring_certificates list,
expired_certificates list, and counts
|
| panorama_version_complianceA | Check PAN-OS, Threat, AV, Wildfire version compliance across devices.
Returns:
Dict with panorama versions and devices_versions showing
version and model for each managed firewall
|
| panorama_duplicate_addressesB | Find duplicate address objects (same IP, different names).
Args:
limit: Maximum number of addresses to analyze (default: 100)
Returns:
Dict with total_addresses, duplicates_found count, and
duplicates list with IP and conflicting names
|
| panorama_custom_commandB | Execute custom operational command on Panorama.
Args:
cmd: XML command (e.g., "<show><system><info></info></system></show>")
Returns:
Dict with command execution results in JSON format
|
| panorama_unused_zonesA | Find unused zones in security rules.
Args:
limit: Maximum number of zones to analyze (default: 100)
Returns:
Dict with total_zones and zones list
|
| panorama_never_matched_rulesA | Find security rules that never matched traffic.
Args:
device_group: Name of the device-group to analyze
days: Analysis period in days (default: 30)
limit: Maximum number of rules to analyze (default: 100)
Returns:
Dict with never_matched_rules list and analysis details
|
| panorama_local_overridesA | Find local overrides not managed by Panorama.
Args:
limit: Maximum number of devices to check (default: 100)
Returns:
Dict with devices_with_overrides list
|
| panorama_generate_keyB | Generate and return a Panorama API key.
Returns:
Dict with api_key for manual API operations
|
| skills_listA | List available diagnostic skills/workflows.
Skills are step-by-step procedures that guide Claude through structured
troubleshooting using the MCP tools. Call this first to discover what's
available, then use skills_load() to load a specific skill.
Args:
platform: Filter by platform (mikrotik, aruba, aci, graylog, librenms,
paloalto, panorama, generic). If None, returns all skills.
tag: Filter by topic tag (bgp, routing, multicast, connectivity, wifi…).
If None, no tag filter is applied.
reload: Set True to refresh the index after adding new skill files (default: False).
Returns:
List of skills with name, title, platform, tags, description and required tools.
Never returns skill content — use skills_load() for that.
|
| skills_loadA | Load a diagnostic skill and return its full procedure.
The skill contains step-by-step instructions: which MCP tools to call, in what
order, what results to expect, and how to interpret anomalies. Read and follow
the skill before executing the corresponding workflow.
Matching priority: exact → case-insensitive exact → prefix → substring.
If the name is ambiguous, returns a list of candidates instead of content.
Args:
skill_name: Skill name (e.g., "bgp-diagnostic-mikrotik", "connectivity-check").
Partial and case-insensitive matches are supported.
Use skills_list() first if unsure of the exact name.
name: Alias for skill_name — either parameter is accepted.
Returns:
Full Markdown content of the skill plus metadata (platform, tags, token estimate).
|
