What can you do with this server?

This server provides comprehensive VMware NSX network management and troubleshooting capabilities through MCP tools. Segment Management * List, get, create, update, and delete network segments (overlay or VLAN-backed) * List segment ports and find which segment a VM is attached to Tier-0 Gateway Operations * List and get details for Tier-0 gateways (HA mode, transit subnets) * Get BGP neighbors and configure/add BGP neighbors on a Tier-0 gateway * Retrieve Tier-0 route tables Tier-1 Gateway Operations * List, get, create, update, and delete Tier-1 gateways * Retrieve Tier-1 route tables NAT Rules * List, create (SNAT, DNAT, REFLEXIVE), and delete NAT rules on Tier-1 gateways Static Routes * List, create (destination CIDR + next-hop), and delete static routes on Tier-1 gateways IP Pool Management (IPAM) * List IP pools, get allocation usage (total/allocated/free), and create new IP pools with static subnet ranges Infrastructure & Health Monitoring * List transport zones, transport nodes, and edge clusters * Get transport node status, edge cluster status, and NSX Manager cluster status * List active NSX alarms (severity, feature, description) Troubleshooting * Get logical port status (admin state, link state, attachment info) * Find which segment a VM is attached to via VIF attachment lookup

Which integrations are available for this server?

Provides networking management for VMware NSX, including tools for managing segments, Tier-0 and Tier-1 gateways, NAT rules, static routes, and IP address pools (IPAM).

de en es ja ko ru zh

vmware-nsx

by zw008

Overview Schema Related Servers Score Discussions

Python

Remote

VMware NSX

Author: Wei Zhou, VMware by Broadcom — wei-wz.zhou@broadcom.com This is a community-driven project by a VMware engineer, not an official VMware product. For official VMware developer tools see developer.broadcom.com.

English | 中文

VMware NSX networking management: segments, gateways, NAT, routing, IPAM — 31 MCP tools, domain-focused.

NSX Policy API skill for NSX-T 3.0+ and NSX 4.x.

License: MIT

Companion Skills

Skill	Scope	Tools	Install
vmware-aiops ⭐ entry point	VM lifecycle, deployment, guest ops, clusters	31	`uv tool install vmware-aiops`
vmware-monitor	Read-only monitoring, alarms, events, VM info	8	`uv tool install vmware-monitor`
vmware-storage	Datastores, iSCSI, vSAN	11	`uv tool install vmware-storage`
vmware-vks	Tanzu Namespaces, TKC cluster lifecycle	20	`uv tool install vmware-vks`
vmware-nsx-security	DFW microsegmentation, security groups, Traceflow	20	`uv tool install vmware-nsx-security`
vmware-aria	Aria Ops metrics, alerts, capacity planning	18	`uv tool install vmware-aria`

Quick Install

# Via PyPI
uv tool install vmware-nsx-mgmt

# Or pip
pip install vmware-nsx-mgmt

Configuration

mkdir -p ~/.vmware-nsx
cp config.example.yaml ~/.vmware-nsx/config.yaml
# Edit with your NSX Manager credentials

echo "VMWARE_NSX_PROD_PASSWORD=your_password" > ~/.vmware-nsx/.env
chmod 600 ~/.vmware-nsx/.env

# Verify
vmware-nsx doctor

What This Skill Does

Category	Tools	Count
Segments	list, get, create, update, delete, ports	6
Tier-0 Gateways	list, get, BGP neighbors, route table	4
Tier-1 Gateways	list, get, create, update, delete, route table	6
NAT	list, get, create, update, delete	5
Static Routes	list, create, delete	3
IP Pools	list, allocations, create, add subnet	4
Health & Troubleshooting	alarms, transport nodes, edge clusters, manager status, port status, VM-to-segment	6

Common Workflows

Create an App Network (Segment + T1 Gateway + NAT)

Create gateway: vmware-nsx gateway create-t1 app-t1 --edge-cluster edge-cluster-01 --tier0 tier0-gw
Create segment: vmware-nsx segment create app-web-seg --gateway app-t1 --subnet 10.10.1.1/24 --transport-zone tz-overlay
Add SNAT: vmware-nsx nat create app-t1 --action SNAT --source 10.10.1.0/24 --translated 172.16.0.10
Verify: vmware-nsx segment list and vmware-nsx nat list app-t1

Use --dry-run to preview any write command first.

Check Network Health

Manager status: vmware-nsx health manager-status
Transport nodes: vmware-nsx health transport-nodes
Edge clusters: vmware-nsx health edge-clusters
Alarms: vmware-nsx health alarms

Troubleshoot VM Connectivity

Find VM's segment: vmware-nsx troubleshoot vm-segment my-vm-01
Check port status: vmware-nsx troubleshoot port-status <port-id>
Check routes: vmware-nsx gateway routes-t1 app-t1
Check BGP: vmware-nsx gateway bgp-neighbors tier0-gw

MCP Tools (31)

Category	Tools	Type
Segments	`list_segments`, `get_segment`, `create_segment`, `update_segment`, `delete_segment`, `list_segment_ports`	Read/Write
Tier-0 GW	`list_tier0_gateways`, `get_tier0_gateway`, `get_tier0_bgp_neighbors`, `get_tier0_route_table`	Read
Tier-1 GW	`list_tier1_gateways`, `get_tier1_gateway`, `create_tier1_gateway`, `update_tier1_gateway`, `delete_tier1_gateway`, `get_tier1_route_table`	Read/Write
NAT	`list_nat_rules`, `get_nat_rule`, `create_nat_rule`, `update_nat_rule`, `delete_nat_rule`	Read/Write
Static Routes	`list_static_routes`, `create_static_route`, `delete_static_route`	Read/Write
IP Pools	`list_ip_pools`, `get_ip_pool_allocations`, `create_ip_pool`, `create_ip_pool_subnet`	Read/Write
Health	`get_nsx_alarms`, `get_transport_node_status`, `get_edge_cluster_status`, `get_manager_cluster_status`	Read
Troubleshoot	`get_logical_port_status`, `find_vm_segment`	Read

CLI

# Segments
vmware-nsx segment list
vmware-nsx segment get app-web-seg
vmware-nsx segment create app-web-seg --gateway app-t1 --subnet 10.10.1.1/24 --transport-zone tz-overlay
vmware-nsx segment delete app-web-seg

# Gateways
vmware-nsx gateway list-t0
vmware-nsx gateway list-t1
vmware-nsx gateway create-t1 app-t1 --edge-cluster edge-cluster-01 --tier0 tier0-gw
vmware-nsx gateway bgp-neighbors tier0-gw
vmware-nsx gateway routes-t1 app-t1

# NAT
vmware-nsx nat list app-t1
vmware-nsx nat create app-t1 --action SNAT --source 10.10.1.0/24 --translated 172.16.0.10
vmware-nsx nat delete app-t1 rule-01

# Static Routes
vmware-nsx route list app-t1
vmware-nsx route create app-t1 --network 192.168.100.0/24 --next-hop 10.10.1.254

# IP Pools
vmware-nsx ippool list
vmware-nsx ippool create tep-pool
vmware-nsx ippool add-subnet tep-pool --start 192.168.100.10 --end 192.168.100.50 --cidr 192.168.100.0/24

# Health & Troubleshooting
vmware-nsx health alarms
vmware-nsx health transport-nodes
vmware-nsx health manager-status
vmware-nsx troubleshoot vm-segment my-vm-01

# Diagnostics
vmware-nsx doctor

MCP Server

After uv tool install vmware-nsx-mgmt, start the MCP server with one command (v1.5.15+):

# Recommended — single command, no network re-resolve
vmware-nsx mcp

# Or via Docker
docker compose up -d

Agent Configuration

Add to your AI agent's MCP config:

{
  "mcpServers": {
    "vmware-nsx": {
      "command": "vmware-nsx",
      "args": ["mcp"],
      "env": {
        "VMWARE_NSX_CONFIG": "~/.vmware-nsx/config.yaml"
      }
    }
  }
}

# Run without installing (requires PyPI access each launch)
uvx --from vmware-nsx-mgmt vmware-nsx mcp

# Legacy entry point (still works, kept for backward compatibility)
vmware-nsx-mcp

Behind a corporate TLS proxy? uvx may fail with invalid peer certificate: UnknownIssuer. Use the recommended vmware-nsx mcp form above (no network needed), or set UV_NATIVE_TLS=true.

More agent config templates (Claude Code, Cursor, Goose, Continue, etc.) in examples/mcp-configs/.

Version Compatibility

NSX Version	Support	Notes
NSX 4.x	Full	Latest Policy API, all features
NSX-T 3.2	Full	All features work
NSX-T 3.1	Full	Minor route table format differences
NSX-T 3.0	Compatible	IP pool subnet API introduced here
NSX-T 2.5	Limited	Policy API incomplete; some tools may fail
NSX-V (6.x)	Not supported	Different API (SOAP-based)

VCF Compatibility

VCF Version	Bundled NSX	Support
VCF 5.x	NSX 4.x	Full
VCF 4.3-4.5	NSX-T 3.1-3.2	Full

Safety

Feature	Description
Read-heavy	18/31 tools are read-only
Double confirmation	CLI write commands require two prompts
Dry-run mode	All write commands support `--dry-run` preview
Dependency checks	Delete operations validate no connected resources
Input validation	CIDR, IP, VLAN IDs, gateway existence validated
Audit logging	All operations logged to `~/.vmware-nsx/audit.log`
No firewall ops	Cannot create/modify DFW rules or security groups
Credential safety	Passwords only from environment variables
Prompt injection defense	NSX object names sanitized before output

Troubleshooting

Problem	Cause & Fix
"Segment not found"	Policy API uses segment `id`, not `display_name`. Run `segment list` to get the exact ID.
NAT creation fails "gateway not found"	NAT requires a Tier-1 (or Tier-0) gateway. Verify with `gateway list-t1`. Gateway must have an edge cluster.
BGP neighbor stuck in Connect/Active	Peer unreachable, ASN mismatch, TCP 179 blocked, or MD5 password mismatch.
Transport node "degraded"	TEP unreachable (check MTU >= 1600), NTP sync issues, or host switch config mismatch.
"Password not found"	Variable naming: `VMWARE_<TARGET_UPPER>_PASSWORD` (hyphens to underscores). Check `~/.vmware-nsx/.env`.
Connection timeout	Use `vmware-nsx doctor --skip-auth` to bypass auth checks on high-latency networks.

License

MIT

Install Server

license - permissive license

quality

maintenance

How are these scores calculated?

Maintenance

–Maintainers

9hResponse time

1dRelease cycle

39Releases (12mo)

Resources

GitHub Repository

Need Help?

Related Servers

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/zw008/VMware-NSX'

If you have feedback or need assistance with the MCP directory API, please join our Discord server