Command Your ACI Fabric with Conversation: AI + MCP in Action

The Dawn of Conversational Network Management

Chat with Your Network: Making ACI Management Simple with APIC-MCP-Server – Hey Network Pros, Let’s Talk Conversational Network Management!

Managing today’s data centers, especially with powerful architecture like Cisco Application Centric Infrastructure (ACI), is a big job. ACI helps a lot by letting you tell the network what you want it to do, instead of how to do every little thing. But even with ACI, things can get pretty complex, often needing experts to dig into tricky settings or use complicated tools.

One, super important piece of this puzzle is something called the Model Context Protocol (MCP). Think of MCP as a universal adapter, like a “USB-C port for AI apps.” It’s an open standard that helps AI models connect with all sorts of external information and tools. You see, powerful AI models (Large Language Models or LLMs) are great at understanding language, but they can’t directly “see” or “touch” the outside world. MCP fixes this by giving AI apps a standard way to feed LLMs important context—like documents, database info, or data from other tools—so the AI can actually do useful things with real-world systems.

ACI already changed network management by letting you declare your network’s desired state. Now, adding AI and LLMs through MCP takes this to the next level: instead of setting up detailed policies, you can simply tell your network what you need in plain English. This isn’t just about automating tasks; it’s a huge shift in how we interact with our networks. When engineers can just ask, “What’s my ACI environment doing?” or “Set up a new bridge domain with these details,” it makes ACI’s powerful features much easier to use. This means you’ll get things done faster and more people can manage ACI, not just a few specialists.

ACI is amazing, but it can be tough to learn because of its unique way of organizing things, its policy-driven design, and its own special semantics. This often leads to companies relying heavily on a small group of ACI gurus. But with AI and MCP, your AI assistant becomes like a virtual, always-on consultant. It helps bridge that knowledge gap by making complex ACI information and operations accessible through simple, natural language questions. The result? Less frustration, faster training for new ACI admins, and a more robust network that doesn’t depend so much on just a few experts.

Diving into the Model Context Protocol (MCP): The AI’s Universal Translator

What is MCP? The Open Standard for AI-Tool Integration.

The Model Context Protocol (MCP) is an open standard designed to be a universal way for AI models and smart AI applications (called “agentic applications”) to connect with various external data sources and tools. Its main goal is to let AI applications provide context, like documents, database records, API data, or web search results, to Large Language Models (LLMs), which can’t directly access these external systems on their own.

We often call MCP the “USB-C port for AI applications” because it creates a common connection point. This means any AI assistant powered by an LLM can easily work with different data sources, APIs, and tools without needing custom code for each one. This standardization is key to making AI systems work well together and grow easily in the future.

How MCP Works: The Client-Host-Server Team.

MCP uses a clear client-host-server setup. This design helps keep things organized and provides specific points where security checks can be put in place.

• Host: This is your AI app or tool, like a chatbot or an AI-powered coding environment (think VSCode with Copilot). It’s what you directly interact with. The Host figures out what you’re asking for, decides which server features are needed.
• Client: This is an in-between part, created by the Host. It keeps a dedicated, ongoing connection with a specific server. The Client handles setting up the connection, exchanging information about what it can do, sending messages back and forth, and making sure different servers stay separate and secure.
• Server: MCP servers provide the actual specialized information and abilities to the AI app. They make “resources” (data), “tools” (actions), and “prompts” (templates) available in a standard way. Servers work independently but follow strict security rules. They can run locally on your computer or remotely in the cloud.

Here’s how a typical interaction flows: You ask your Host a question. The Host figures out what you need. The MCP Client then creates a structured request (like a detailed instruction) and sends it to the right MCP Server. The Server then does the actual work (like looking something up in your ACI fabric or making an API call) and sends the results back to the Client. Finally, the Client passes this information to the Host, which uses it to give you a clear, easy-to-understand answer.

This clear MCP setup, with its Host-Client-Server roles and built-in security, is super important because more and more AI systems are becoming “Agentic AI.” These are AI systems designed to work on their own to manage complex tasks. While that’s amazing, it also brings new security challenges, like the “Lethal Trifecta”: AI getting access to private data, being exposed to bad content, or trying to send data outside your network. MCP’s design helps stop these risks by putting security rules right into how it works. It makes sure that even if an AI tries to do something it shouldn’t, the MCP server can block it. This focus on secure boundaries is vital for trusting AI in sensitive business areas like ACI, turning AI from a cool idea into a reliable tool you can use every day.

Why MCP? Making AI Smarter and Easier to Connect.

LLMs are like super-smart prediction machines for words. They’re not built to directly call APIs or change things in the real world. MCP servers act as clever translators. When an LLM needs to take an action or get information from outside its own knowledge, it creates an MCP request. The MCP server then takes that request and turns it into the right API calls or actions for external systems. After getting the results, the server formats them nicely and sends them back to the LLM. This lets the LLM go beyond just predicting words and actually interact with the world.

Before MCP, connecting an LLM to an external system was a custom job every single time. It was like building a new adapter for every device. MCP solves this “N x M problem” (where N AI apps need to connect to M different tools) by providing one standard way for all compliant AI clients and servers to talk to each other.

A cool feature of MCP is that it lets AI agents discover what a server can do on the fly. This means AI can intelligently find and use the right functions without needing to know everything beforehand. MCP has three main building blocks for how AI apps interact with external systems:

• Tools: These are how LLMs do things. They let the AI run external functions, like getting live data or making changes to a database. Because tools can affect the real world, they make AI apps much more powerful and useful than just giving information.
• Resources: These provide passive data to the LLM. Think of them as read-only files or reports that give the AI context without making it do anything. For example, you could feed it network logs or configuration files to help it understand your environment better.
• Prompts: These are like pre-made templates that guide the AI’s conversation or behavior. They can help keep interactions consistent or even define the AI’s personality or tone.

General LLMs are smart, but they don’t know the specifics of your network. MCP helps fill this gap by letting you feed them structured information (like network standards, device health, or specific ACI policies) as “resources” or through “tools.” This turns a regular LLM into a truly “network-aware” AI assistant. This is super important for ACI, where everything is defined by specific objects like Application Network Profiles (ANPs) or Endpoint Groups (EPGs). Without MCP, an LLM might suggest things that don’t make sense for your ACI setup. But with MCP, the AI’s answers become “smarter, more relevant, and more useful for your environment,” making AI a truly intelligent partner for network engineers.

Component	What it Does	Key Responsibilities
Host	Your AI app or interface	Understand your requests, manages connections, enforces security
Client	The go-between for Host and Server	Sets up connections, sends messages, keeps servers separate
Server	Provides specific info and actions	Offers tools/data, performs tasks, follows security rules

Keeping It Secure: Best Practices for MCP in ACI Environments

Securing Your MCP Setup: A Multi-Layered Approach.

Security isn’t an afterthought with MCP; it’s built right into its design. The MCP structure naturally creates security boundaries, allowing strong security rules to be enforced directly where the protocol works.

• Authentication: It’s vital to have strong ways to verify both human users and AI agents. This means using modern methods like OAuth and JWTs (JSON Web Tokens) that expire and get refreshed regularly. Crucially, login details and tokens must be stored securely using encrypted databases and handled carefully to prevent theft. You should also be able to revoke tokens if needed.
• Authorization (RBAC): Strict Role-Based Access Control (RBAC) is a must for all tool operations. This ensures that every part of the system, including the AI agent and the MCP server, only has the minimum permissions it needs. MCP servers can even stop certain actions or data from being returned, even if the AI model asks for them, adding a critical layer of control.
• Rate Limiting: Setting limits on how many requests can come from a single user or AI agent helps protect against denial-of-service (DoS) attacks and prevents your resources from being overwhelmed. You can also allow for short bursts of legitimate traffic.
• Input Validation: This is super important for preventing bad or malicious inputs and ensuring everything stays compliant. You should use tools to check that inputs match what’s expected, clean up any potentially harmful text, and set limits on how big inputs can be. Any suspicious commands should be blocked.
• Error Handling: How you handle errors is key to security. Never show internal error details to clients, as this can leak sensitive system info. Instead, give generic error messages. All security-related errors should be logged in detail for review. Make sure to handle timeouts and clean up resources properly after errors.

Handling Sensitive Data and Login Credentials.

Your APIC credentials (like your API Key or username/password) are highly sensitive because they give programs direct access to your ACI fabric. These should never be hardcoded into your scripts or configuration files. Instead, they should be stored securely using environment variables, dedicated secrets managers, or other secure systems. The Host part of the MCP system plays a vital role in managing user permissions and enforcing overall security policies, acting as the final gatekeeper for what the AI agent can do.

Why Logging and Monitoring AI Operations is Crucial.

MCP naturally supports a standard way for servers to send structured log messages back to clients, giving you a basic level of visibility. It’s essential to log every time a tool is used, including who started it, what action was taken, and the result. Continuously watching these logs and usage patterns for anything unusual is critical for spotting potential misuse, unauthorized access, or security incidents in real-time.

While MCP gives you structured logs, it doesn’t automatically monitor every prompt, which can create gaps in security investigations. This is where advanced solutions come in. For example, Cisco AI Defense, it validate that your models are acting how you want them to, and then it enforces your safety and security guardrails at run time. This is a “trust but verify” approach for AI in production. It enhances AI security by providing strong, real-time monitoring and threat detection that goes beyond basic logging. It provides an essential layer of protection for critical infrastructure.

Experts warn about the “Lethal Trifecta” (AI accessing private data, being exposed to bad content, or trying to steal data) and note that MCP, by making it easier to add capabilities, increases this risk if not secured properly. This means traditional network security isn’t enough for AI-driven operations. You need to focus on securing the AI interaction layer itself. This includes not just network setup but also detailed permissions (RBAC), strict input checks (to prevent malicious prompts), and continuous monitoring of the AI agent’s behavior and output. For ACI, where AI can directly control the fabric, a wrong setting or bad prompt could cause huge problems. The fact that MCP doesn’t have built-in comprehensive prompt monitoring highlights the need for specialized AI security tools. This means network security pros need to adapt their strategies to handle the new risks that come with AI agents.

APIC-MCP-Server: A Python Code That Lets You Talk to Your ACI Fabric

https://github.com/beletea/apic-mcp-server – MCP Server code – clone and play – read the README file carefully before you start playing with it. It is a very comprehensive and useful tool for interacting with ACI fabrics using MCP.

What is APIC-MCP-Server and How Does it Help?

APIC-MCP-Server is a Python-based MCP (Model-Context-Protocol) server I developed to enable interactive communication with Cisco ACI fabrics through the APIC. Designed for scalability and intelligence, it allows AI agents to use targeted “tools” to perform specific operations across the network. Built with Python and the FastMCP framework, this server offers a dynamic and extensible interface that can discover and execute a wide range of ACI functions. Its key strength lies in its ability to adapt to the needs of both administrators and developers, whether it’s querying the fabric, generating reports, or automating tasks, making it a powerful platform for intelligent network interaction.

A Closer Look at APIC-MCP-Server’s Tools.

The APIC-MCP-Server uses a set of powerful tools, including:

• authenticate_apic(): This tool logs into your APIC controller using credentials from a special .env file.
• get_apic_status(): Checks if your connection to the APIC is currently active.
• logout_apic(): Logs out and cleans up the connection to the APIC.
• fetch_apic_class(class_name): This tool asks the APIC’s REST API for information about a specific type of object (like fvTenant for tenants). The AI automatically figures out which ACI “class” matches your question.

This “search then execute” method, made easy by tools like fetch_apic_class, is a very effective way for AI to interact with all the different things your ACI can do. It hides the complicated details of the underlying ACI API, letting the AI focus on understanding what you want and then finding the best way to do it.

LLMs have a limited memory for information. For a complex system like Cisco ACI, which has tons of API options, trying to load all those details into an LLM’s memory is impractical and expensive. The APIC-MCP-Server solves this by summarizing the huge ACI API into simple, dynamic tools. This keeps the LLM’s memory clear, only needing to understand these tools. This is key for making AI work at a large scale with ACI, letting AI interact with a growing number of ACI features without constant re-training or using too many resources. It’s a game-changer for using AI in real-world network operations.

ACI’s main idea is intent-based networking: you tell it what you want, and it figures out how to make it happen. The APIC-MCP-Server extends this idea to AI. Instead of the AI needing to know exact function names or parameters for ACI, you can just state your intent (e.g., “show me all tenants,” “make a new bridge domain”). The server then smartly translates your natural language intent into the right ACI action. This is a big deal: the AI doesn’t just follow commands; it understands your goal and finds the best way to achieve it in ACI. This makes the AI assistant much more intuitive and adaptable for network engineers, fitting perfectly with ACI’s core principles.

Tool	What it Does	Why it’s Useful
authenticate_apic()	Logs into the APIC controller.	Keeps your connection to ACI secure and active.
get_apic_status()	Checks if your APIC connection is working.	Gives you real-time updates on your connection.
logout_apic()	Logs out and ends your APIC session.	Makes sure your connection is securely closed.
fetch_apic_class(class_name)	Asks the APIC for info about a specific type of object.	Lets you get ACI data dynamically just by asking.

Let’s Chat with Your ACI Fabric: A Step-by-Step Guide

Getting Ready: What You’ll Need.

Before you start chatting with your ACI fabric using the APIC-MCP-Server, here are a few things you’ll need:

• Python 3.12+: Make sure you have Python version 3.12 or newer installed on your system for better tested performance.
• APIC Access: You’ll need direct network access to your Cisco APIC controller.
• Network Connection: Confirm that your computer can connect to the APIC’s management interface.
• AI Client: You’ll need an AI client or development environment that supports MCP, such as VS Code (with Copilot Chat) or Claude Desktop.
• APIC Login: Your APIC username and password, which you’ll store securely in a .env file.

Setting Up Your APIC-MCP-Server.

Here’s how to get your APIC-MCP-Server up and running:

Connecting Your AI Client: Bridging the Conversation.

APIC-MCP-Server is designed to work smoothly with popular AI clients and coding environments. These include VSCode (especially with its Copilot Chat feature), Claude Desktop, and … These are the tools that will give you the conversational interface to talk to your ACI fabric.

To connect your AI client, you’ll usually need to edit a specific configuration file for that client (like mcp.json for VScode or claude_desktop_config.json for Claude Desktop). In this file, you’ll tell your client about the apic-mcp-server—how to run it and any special settings it needs. Keep in mind that for some clients, like Claude Desktop, you might need to reinstall them to make sure they properly find and connect to your new MCP server.

Talking to Your Network: Crafting Natural Language Queries.

The real magic happens when you can simply use everyday language to interact with your ACI fabric, instead of complicated command-line codes or direct API calls. Your AI Assistant, powered by advanced LLMs and the APIC-MCP-Server, takes your plain English questions and turns them into precise, actionable commands for ACI.

The AI Assistant uses its Natural Language Understanding skills to figure out what you mean. Then, it uses the APIC-MCP-Server to talk to your ACI fabric, quickly getting answers and making changes, even for complex network situations.

What You Ask (Natural Language Query)	What ACI Does (Intended Action/Info)	Why It’s Great (Expected Benefit)
“Tell me the current nodes in my ACI network with relevant information”	Gathers and summarizes your ACI fabric’s nodes configuration.	Quickly understand your network hardware platforms and software version.
“Create a new bridge domain with name ‘BD_1’, put it in ‘vrf_1’ , and assign it to ‘App_Tenant’.”	Creates and applies the ACI configuration for the new VLAN, Bridge Domain, and Tenant.	Automates setup, reduces errors, speeds up deployments.
“Can you show me all the tenants in my ACI fabric, including their associated vrf, l3outs and bridge domains?”	Asks the ACI APIC for details about tenants and their components.	Get specific ACI info fast, no more clicking through menus.
Check my fabric for PSIRT vulnerability and field notices	Check the hardware and software of the fabric against Cisco’s vulnerability data base and field notices	Easily check compliance and security mandates

How the Data Flows: From Your Words to ACI Actions and Back.

When you chat with your ACI fabric using an AI assistant powered by MCP, here’s the step-by-step journey your request takes:

1. You Ask: You start by typing a question (like “List all tenants”) into your AI-powered app (your Host, e.g., VSCode or Claude Desktop).
2. AI Host Understands: Your Host figures out what you’re asking. It knows it needs outside help, so it decides to use a tool from the MCP. It might even use a special tool to find the exact ACI command needed (like looking up fvTenant for tenants).
3. Client Sends Request: The MCP Client, managed by your Host, builds a structured request (like a clear instruction) and sends it to your APIC-MCP-Server.
4. Server Authenticates & Translates: Your APIC-MCP-Server gets the request. It logs into your ACI fabric using the credentials you set up in your .env file. Then, it translates the MCP request into the exact ACI REST API call that the ACI APIC understands.
5. ACI Fabric Acts: Your APIC-MCP-Server sends this API request to the ACI APIC (the brain of your ACI fabric). The APIC processes it, fetches the requested information (like all your configured tenants), and sends the data back, usually in a JSON format.
6. Server Processes Response: Your APIC-MCP-Server gets the raw data from the APIC. It then cleans up and organizes this data into a format that the LLM can easily understand and use.
7. Results Go Back to Client/Host: The processed information travels back from your APIC-MCP-Server to the MCP Client, which then passes it to your AI Host application.
8. AI Forms Answer: Your Host, often with an integrated LLM, takes this organized data and your original question. The LLM then creates a friendly, natural language answer for you, showing the ACI information or confirming any changes you asked for.

ACI has always been great at automation through its API. But the tricky part has been translating what a human wants into those exact API calls. Your APIC-MCP-Server is the perfect bridge for this “last mile.” It’s like a smart interpreter, instantly turning your natural language requests into the precise ACI API commands needed. This makes network tasks much faster because the system automatically figures out the right API interactions. The big win here is fewer human errors and less manual work, letting engineers focus on what they want to achieve, not how to type out every API command.

Conclusion: The Future of ACI Management is Conversational

The Model Context Protocol (MCP) is reshaping the way network professionals interact with network infrastructures. Instead of relying on complex CLI commands or APIs, MCP enables natural language communication with the network.

Reference

https://community.cisco.com/t5/security-blogs/ai-model-context-protocol-mcp-and-security/ba-p/5274394

https://modelcontextprotocol.io/specification/2025-06-18/architecture

https://blogs.cisco.com/learning/a-new-frontier-for-network-engineers-agentic-ai-that-understands-your-network