π Example Code for Learning & Development
This is a demonstration project showcasing MCP server implementations for network management. Intended for educational purposes, testing, and development environments.
Docker-based MCP server suite for AIOps - enabling AI-driven network operations through Cisco Meraki, Catalyst Center, IOS XE, ISE, ThousandEyes, Splunk & NetBox integration. AI-ready with LibreChat, Cursor, and other MCP clients for intelligent network management, automated troubleshooting, and operational insights.
AI-Powered Network Troubleshooting with LibreChat using Multiple MCP Servers
Watch how natural language queries automatically investigate and resolve network issues using both Catalyst Center MCP Server and IOS XE MCP Server. The AI assistant correlates data from management systems (Catalyst Center) with direct device access (IOS XE SSH) to identify root causes and provide comprehensive solutions.
This AIOps-focused Docker suite contains seven MCP servers enabling AI-driven network operations:
- Meraki MCP Server (8000): Cloud network management through Meraki Dashboard API - π Details
- NetBox MCP Server (8001): DCIM/IPAM infrastructure documentation and management - π Details
- Catalyst Center MCP Server (8002): Enterprise network management and assurance - π Details
- IOS XE MCP Server (8003): Direct SSH-based device management - π Details
- ThousandEyes MCP Server (8004): Network performance monitoring and path visualization - π Details
- ISE MCP Server (8005): Identity and access control operations - π Details
- Splunk MCP Server (8006): Log analysis and operational intelligence - π Details
All servers are containerized with flexible deployment profiles, enabling AIOps workflows through natural language queries, automated troubleshooting, and intelligent network analytics via AI assistants.
Network administrators and DevOps teams face significant challenges in managing modern hybrid network infrastructure across cloud and on-premises environments. This solution addresses these challenges by providing:
- Single Interface: Manage Meraki cloud networks, on-premises NetBox DCIM/IPAM, Catalyst Center infrastructure, and direct IOS-XE devices through one MCP protocol interface
- Streamlined Workflows: Reduce context switching between multiple network management tools and dashboards
- Cross-Platform Visibility: Correlate data across different network management systems for comprehensive operational insights
- Natural Language Queries: Use AI assistants (Cursor, LibreChat) to query network infrastructure using plain English
- Automated Troubleshooting: Enable AI-driven network issue diagnosis by providing unified access to network data
- Intelligent Documentation: Generate automated reports combining real-time network state with infrastructure documentation
- Infrastructure as Code: Programmatic access to network infrastructure for automation workflows
- CI/CD Integration: Embed network management capabilities into deployment pipelines
- Configuration Management: Standardized API access for network device configuration and monitoring
- Role-Based Access: Granular permissions for NOC teams (monitoring + firmware), SysAdmins (read-only), and full API access
- Audit Trail: Comprehensive logging of all network management operations for compliance
- Real-Time Synchronization: Automated synchronization between network devices and documentation systems
| Scenario | Description | Servers Used | Benefits |
|---|---|---|---|
| Network Troubleshooting | NOC engineer investigating connectivity issues (as shown in demo) | Catalyst Center + IOS-XE + ThousandEyes | Cross-platform correlation with performance monitoring |
| Performance Analysis | Network analyst monitoring application performance | ThousandEyes + Catalyst Center | End-to-end performance visibility |
| Infrastructure Documentation | SysAdmin updating network documentation | NetBox + Catalyst Center | Automated documentation synchronization |
| Compliance Reporting | IT Manager generating audit reports | All servers | Consolidated reporting across infrastructure |
| Device Configuration | Network engineer deploying configurations | Catalyst Center + IOS-XE | Standardized configuration management |
For comprehensive use case scenarios and implementation details, see:
- π Detailed Use Case Analysis - Complete business case, technical scenarios, and success metrics
- βοΈ Meraki Server Guide - Cloud network management and Meraki Dashboard API integration
- π NetBox Server Guide - DCIM/IPAM documentation and infrastructure management
- π’ Catalyst Center Server Guide - Enterprise network management and assurance operations
- π§ IOS XE Server Guide - Direct SSH-based device management capabilities
- π ThousandEyes Server Guide - Network performance monitoring and path visualization
- π ISE Server Guide - Identity and access control operations
- π Splunk Server Guide - Log analysis and operational intelligence monitoring
- π€ Contributing Guidelines - How to extend use cases and add new functionality
The suite provides direct access to seven containerized MCP servers, perfect for development, testing, and AI-powered network operations:
βββββββββββββββββββ ββββββββββββββββββββββββββββββββββββ
β β β Docker Host β
β MCP Client β β β
β β β βββββββββββββββββββββββββββββββ β
β β’ Cursor IDE ββββββΌββΆβ Meraki MCP :8000 β β
β β’ LibreChat β β βββββββββββββββββββββββββββββββ€ β
β β’ Claude DesktopββββββΌββΆβ NetBox MCP :8001 β β
β β’ Other MCP β β βββββββββββββββββββββββββββββββ€ β
β Clients ββββββΌββΆβ Catalyst Center :8002 β β
β β β βββββββββββββββββββββββββββββββ€ β
β ββββββΌββΆβ IOS XE MCP :8003 β β
β β β βββββββββββββββββββββββββββββββ€ β
β ββββββΌββΆβ ThousandEyes MCP :8004 β β
β β β βββββββββββββββββββββββββββββββ€ β
β ββββββΌββΆβ ISE MCP :8005 β β
β β β βββββββββββββββββββββββββββββββ€ β
β ββββββΌββΆβ Splunk MCP :8006 β β
β β β βββββββββββββββββββββββββββββββ β
βββββββββββββββββββ ββββββββββββββββββββββββββββββββββββ
Direct HTTP Connections
β
Simple setup - no authentication required
β
Individual server access and configuration
β
Flexible port-based deployment
β
Perfect for development and testing
- π³ Containerized Services: Each MCP server runs in an isolated Docker container
- π Standard MCP Protocol: Compatible with any MCP client (Cursor, Claude Desktop, LibreChat)
- π Port-Based Access: Each server on dedicated port (8000-8006)
- π Independent Scaling: Start/stop servers individually as needed
- π‘οΈ Network Isolation: Internal Docker network for inter-container communication
- π Comprehensive Logging: JSON-formatted logs with rotation for all services
- MCP Protocol Implementation: Standards-based Model Context Protocol for AI integration
- Docker Containerization: Well-structured containers with security considerations and resource limits
- Network Isolation: Secure communication via Docker networks (mcp-network)
- FastMCP Framework: Modern Python-based MCP server implementation
- Docker Engine 20.10+
- Docker Compose 2.0+
- API Access: Valid credentials for the network platforms you want to integrate (see individual server guides for specific requirements)
# 1. Clone repository
git clone https://github.com/pamosima/network-mcp-docker-suite.git
cd network-mcp-docker-suite
# 2. Configure environment variables (single .env file for all servers)
cp .env.example .env # Copy the environment template
nano .env # Edit and configure:
# - Set ENABLE_*_MCP=false for servers you don't want to use
# - Add API keys and credentials for enabled servers
# See .env.example for detailed configuration instructions
# 3. Deploy servers
./deploy.sh start all # All servers
# OR
./deploy.sh start cisco # Just Cisco platforms
# OR
./deploy.sh start meraki # Just Meraki
# 4. Verify deployment
curl http://localhost:8000/mcp # Test Meraki server
curl http://localhost:8002/mcp # Test Catalyst Center serverπ‘ Quick Tip: All servers now use a single centralized
.envfile for configuration. UseENABLE_*_MCP=falseto disable servers you don't need, and only add credentials for enabled servers.
π LibreChat Integration: To use with LibreChat on an external network, see the External Network Integration section below.
Control which MCP servers run using environment variables in your .env file:
# Enable/Disable individual servers (edit .env)
ENABLE_MERAKI_MCP=true # Set to false to disable
ENABLE_NETBOX_MCP=true # Set to false to disable
ENABLE_CATC_MCP=true # Set to false to disable
ENABLE_IOS_XE_MCP=false # Disabled - won't start
ENABLE_THOUSANDEYES_MCP=true
ENABLE_ISE_MCP=true
ENABLE_SPLUNK_MCP=false # Disabled - won't startBest Practices:
- Set
ENABLE_*_MCP=falsefor servers you don't use - Only configure credentials for enabled servers
- Use deployment profiles (below) to start specific groups
- Reduces resource usage and attack surface
| Profile | Description | Servers Deployed | Use Case |
|---|---|---|---|
all |
Deploy all servers | All 7 servers (8000-8006) | Complete infrastructure visibility |
cisco |
Cisco-focused platforms | Meraki + Catalyst Center + ThousandEyes + ISE + IOS XE | Cisco-centric environments |
monitoring |
Network monitoring | Meraki + Catalyst Center + ThousandEyes + Splunk | Operations teams |
security |
Security-focused | Catalyst Center + ISE | Security operations |
management |
Traditional management | Meraki + Catalyst Center | Network management |
docs |
Documentation-focused | NetBox + Catalyst Center | Infrastructure documentation |
# Flexible deployment using profiles
./deploy.sh start all # Complete suite
./deploy.sh start cisco # Cisco platforms only
./deploy.sh start monitoring # Monitoring focus
./deploy.sh start security # Security focus
# Individual servers
./deploy.sh start meraki # Cloud management
./deploy.sh start catc # Enterprise management
./deploy.sh start ios-xe # Direct device access
# Management operations
./deploy.sh status all # Check status
./deploy.sh logs cisco # View logs
./deploy.sh stop all # Stop servicesTo integrate with LibreChat or other services on an external Docker network:
# 1. Create the external network
docker network create mcp-server
# 2. Copy and use the override configuration
cp docker-compose.override.yml.example docker-compose.override.yml
# 3. Deploy (automatically uses override file)
./deploy.sh start allThe docker-compose.override.yml configures all MCP servers to join the external mcp-server network, allowing seamless communication with LibreChat and other services on the same network.
Here's a real-world example of how to interact with the MCP servers using natural language:
User Prompt:
Check why wlsn-access-1.dna.its-best.ch is unreachable from Cisco Catalyst Center.
AI Assistant Response: The AI assistant automatically uses both MCP servers working together:
- Catalyst Center MCP Server - Checks device status and issues
- IOS XE MCP Server - Direct SSH access to verify physical layer
- Multi-Server Correlation - AI correlates data to identify root cause
Resolution Identified:
- β Device is UP and operational (verified via SSH)
- β Physical connectivity confirmed via CDP
- β Root Cause: IP address mismatch in Catalyst Center inventory
- π§ Solution: Update device IP and re-sync
| Scenario | Example Prompt | Servers Used |
|---|---|---|
| Device Configuration | "Configure VLAN 100 on all access switches in Building A" | Catalyst Center + IOS XE |
| Performance Analysis | "Show me network latency for our main website over the last 6 hours" | ThousandEyes |
| Security Compliance | "Show me all non-compliant devices and their authorization profiles" | ISE + Catalyst Center |
| Infrastructure Audit | "Generate a report of devices that don't match between NetBox and reality" | NetBox + Catalyst Center |
| Capacity Planning | "Show me bandwidth utilization trends across all sites" | Meraki + Catalyst Center |
| Server | Port | Endpoint | Purpose |
|---|---|---|---|
| Meraki | 8000 | http://localhost:8000/mcp |
Cloud network management |
| NetBox | 8001 | http://localhost:8001/mcp |
DCIM/IPAM documentation |
| Catalyst Center | 8002 | http://localhost:8002/mcp |
Enterprise management |
| IOS XE | 8003 | http://localhost:8003/mcp |
Direct device access |
| ThousandEyes | 8004 | http://localhost:8004/mcp |
Performance monitoring |
| ISE | 8005 | http://localhost:8005/mcp |
Identity & access control |
| Splunk | 8006 | http://localhost:8006/mcp |
Log analysis |
Create or update ~/.cursor/mcp.json:
{
"mcpServers": {
"Meraki-MCP-Server": {
"transport": "http",
"url": "http://localhost:8000/mcp",
"timeout": 60000
},
"NetBox-MCP-Server": {
"transport": "http",
"url": "http://localhost:8001/mcp",
"timeout": 60000
},
"Catalyst-Center-MCP-Server": {
"transport": "http",
"url": "http://localhost:8002/mcp",
"timeout": 60000
},
"IOS-XE-MCP-Server": {
"transport": "http",
"url": "http://localhost:8003/mcp",
"timeout": 60000
},
"ThousandEyes-MCP-Server": {
"transport": "http",
"url": "http://localhost:8004/mcp",
"timeout": 60000
},
"ISE-MCP-Server": {
"transport": "http",
"url": "http://localhost:8005/mcp",
"timeout": 60000
},
"Splunk-MCP-Server": {
"transport": "http",
"url": "http://localhost:8006/mcp",
"timeout": 60000
}
}
}Add to your librechat.yaml:
mcpServers:
Meraki-MCP-Server:
type: streamable-http
url: http://meraki-mcp-server:8000/mcp
timeout: 60000
Netbox-MCP-Server:
type: streamable-http
url: http://netbox-mcp-server:8001/mcp
timeout: 60000
CatC-MCP-Server:
type: streamable-http
url: http://catc-mcp-server:8002/mcp
timeout: 60000
IOS-XE-MCP-Server:
type: streamable-http
url: http://ios-xe-mcp-server:8003/mcp
timeout: 60000
ThousandEyes-MCP-Server:
type: streamable-http
url: http://thousandeyes-mcp-server:8004/mcp
timeout: 60000
ISE-MCP-Server:
type: streamable-http
url: http://ise-mcp-server:8005/mcp
timeout: 60000
Splunk-MCP-Server:
type: streamable-http
url: http://splunk-mcp-server:8006/mcp
timeout: 60000# Deploy services
./deploy.sh start all # All servers
./deploy.sh start cisco # Cisco platforms
./deploy.sh start monitoring # Monitoring focused
# Check status
./deploy.sh status all # All services
docker-compose ps # Docker status
# View logs
./deploy.sh logs all # All services
./deploy.sh logs meraki # Specific server
# Stop services
./deploy.sh stop all # All services
docker-compose down # Docker stop
# Update and rebuild
git pull # Get updates
docker-compose up -d --build # Rebuild and restart# Test all servers are responding
curl http://localhost:8000/mcp # Meraki
curl http://localhost:8001/mcp # NetBox
curl http://localhost:8002/mcp # Catalyst Center
curl http://localhost:8003/mcp # IOS XE
curl http://localhost:8004/mcp # ThousandEyes
curl http://localhost:8005/mcp # ISE
curl http://localhost:8006/mcp # Splunk- β Runs as non-root user
- β
Security options enabled (
no-new-privileges) - β Resource limits configured
- β Network isolation via Docker networks
- π API keys loaded from environment variables only
- π Network isolation via Docker networks
- π Role-based access control (where supported)
For production deployments, consider:
- Secrets Management: Use Docker secrets or external secret managers
- Network Security: Implement proper firewall rules and network segmentation
- Monitoring: Set up comprehensive logging and monitoring
- Updates: Regular security updates and vulnerability scanning
Servers not responding:
# Check if containers are running
./deploy.sh status all
# Check logs for errors
./deploy.sh logs all
# Restart problematic services
./deploy.sh restart <profile>MCP clients can't connect:
# Verify endpoints are accessible
curl http://localhost:8000/mcp
# Check network connectivity
docker network ls
docker network inspect <network_name>
# Restart MCP client (Cursor, LibreChat, etc.)Configuration issues:
- Check the centralized
.envfile for correct credentials - Verify API keys and passwords are properly set (not example placeholders)
- Check individual server READMEs for detailed troubleshooting
- Verify API credentials have appropriate permissions
- Check network connectivity to target systems
# Check all services
./deploy.sh status all
# Monitor resource usage
docker stats
# View recent logs
./deploy.sh logs all | tail -100# Pull latest changes
git pull
# Rebuild and restart
docker-compose up -d --build
# Clean up old images
docker system prune -fContributions are welcome! Please read our Contributing Guidelines for details on our code of conduct and the process for submitting pull requests.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Test with
docker-compose up -d --build - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the Cisco Sample Code License, Version 1.1 - see the LICENSE file for details.
Special thanks to:
-
kiskander for the original Meraki MCP Server implementation that inspired the Meraki component of this comprehensive multi-server suite.
-
tspuhler for the IOS XE MCP Server implementation, providing direct SSH-based device management capabilities for Cisco IOS XE devices.
-
Aditya Chellam and Kiran Kabdal for the ThousandEyes MCP Community server implementation. The ThousandEyes MCP Server in this suite is based on their comprehensive ThousandEyes v7 API integration.
-
automateyournetwork (John Capobianco) and RobertBergman for the ISE MCP Server implementation. The ISE MCP Server in this suite is based on their comprehensive ISE ERS API integration for network access control and security operations.
This project is part of the Cisco DevNet community and is provided as example code for demonstration and learning purposes. It is not officially supported by Cisco Systems and is not intended for production use without proper testing and customization for your specific environment.