"The shift for developers is more radical than we think."

-Jeetu Patel, President and CPO, Cisco

AI is running full throttle, leaving a wake of radical changes for software developers. We're entering a time where AI can write code, call tools, and execute complex workflows-all from a single prompt. This shift has massive implications. Read Jeetu's blog to learn more.

Radical shifts are on the horizon for more than just developers.

What about AI's impact on network engineers?|?YouTube

In my previous blog, I described MCP-Model Context Protocol-and how agentic AI could finally speak our language, understand our networks, and take meaningful action. Now I want to show you what happens when that conversation goes one step further: when the agent doesn't just understand what's broken butfixes it without being told how.

From detection to action: a self-healing network

A self-healing network isn't a hypothetical "what-if." This is agentic AI handling one of the most frustrating issues in network operations: configuration drift.

Let's break down the process of making self-healing happen.

In this setup, I deployedtwo MCP servers-one integrates with my instance of Splunk Enterprise, and the other integrates with my Meraki dashboard. What makes this special isn't just the tool integration-it's that the agent can make autonomous decisions across both tools based on a simple prompt.

Server 1: Splunk MCP

On the Splunk MCP server, we start with a natural language prompt like this:

• "What are my Splunk Indexes?"
• "Search the meraki_index for any device connectivity issues or status changes in the last 4 hours."
• "Show me all network configuration changes and group them by the person who made them."
• "Analyze network traffic patterns and identify any anomalies that could indicate security threats."

The agent processes the request-under the hood- like this:

The Splunk MCP server uses the Splunk SDK to query real log data. Its job is to detect if something in the environment-like a configuration change-has occurred from what we expect, compare it to our source of truth, and remedy it.

Let's try self-healing with an agent we'll call "Network Pharaoh."

Here's a good prompt to start:

Prompt> I need to see what's happening with my Meraki network. Can you show me the latest Splunk alerts, specifically in themeraki_index?I need you to look in thespathwhere the source isMeraki Networkonly within the past 3 weeks.

You'll notice that I didn't need to be specific about how to search. I just needed to tell the agent what I was after.

Impressive, right? Here's what Network Pharaoh did:

1. Initial search attempt-Tried searching meraki_index with source= "Meraki Network" but got a syntax error.
2. Query format fix-Adjusted Splunk search syntax to proper format.
3. Broad reconnaissance-Searched the entire Meraki Index to understand the data structure and available sources.
4. Data analysis-Found two main sources: "Home Network" (port events) and "Meraki Network" (config changes).
5. Targeted extraction-Focused specifically on "Meraki Network" source as requested.
6. Alert parsing-Extracted key fields: alert types, levels, devices, and change details from JSON payload.

This was all on its own, including the self-correction and retries to get the result I requested.

Server 2: Meraki MCP

The second MCP server is where the "self-healing comes into play."

After the Meraki MCP server receives the detected change (for example,device IPaddress change), it uses the Meraki dashboard API to reverse that change. No manual instructions, no pre-programmed response chain. The agent understood that the change represented drift and took action to restore alignment.

Key takeaways

• I didn't have to write a hardcoded if-then flow between the two. I just defined the tools and gave the agent context. The agent chose the appropriate tool, selected the correct function, and acted entirely autonomously.
• I defined the tools decorators to make available in my Meraki MCP-nothing earth-shattering-simple functions that execute one thing and one thing only-get a list of my devices, update my devices, and so on- all of which network engineers have likely used and coded.

This is what happens when you let intent drive the action and let the agent do the orchestration. It's simple, scalable, and powerful.

Now, let's look at how the agent self-heals our network with Meraki MCP [that includes actual output].

First, we'll get a diff of what was changed.  

Prompt> This Kareem Iskander dude shouldn't have made any changes to the network. Unacceptable! Can you show me side-by-side what was changed?

Once again, impressive! Notice that the information is being pulled from Splunk through the Splunk MCP server. Also, notice how our agent gave us suggestions on how to revert the changes. Once again, impressive! Notice that the information is being pulled from Splunk using the Splunk MCP server.

Also, I'd like to point out how our agent gave us suggestions on how to revert the changes automatically using the available API endpoints in the Meraki MCP! I didn't have to specify which Meraki organization or network the devices belong to, nor did I have to specify the device type. Network Pharaoh knew the hierarchy of the Meraki dashboard and traversed it!

Now, it's time to heal the network!

Prompt> NetP Let's revert the configuration to its original state for all the changes you have detected!

Why this matters

This isn't just a fun side project. It addresses a real pain point for all network engineers:configuration drift!

Whether it's accidental changes, unauthorized edits, or misalignment with the source of truth, config drift leads to downtime, compliance issues, and endless manual cleanup. Agentic AI offers a better model:detect, understand, and fix automatically.

I just took two steps and let the agent run with it:

• Define the tool interfaces (Splunk SDK + Meraki API)
• Register those tools with MCP

This is the power of buildingagentic systemson top of the workflows we already know.

What skills do you actually need?

Let's keep it real. Here are the skills required:

• Coding with Python
• Understanding SDKs and how to use them
• Network automation and programmability with APIs
• MCP framework to structure tool access and execution
• Networking skills

Where this is all going

Let's zoom out for a second to better understand the big picture.

What I've built here-a self-healing network using two MCP agents-isn't a prototype. It's a practical preview of Cisco's broader vision.

In the AI Canvas announcement, Cisco laid the foundation for the agentic era: modular agents that work with our tools, understand our intent, and take autonomous action.  This demo fits right in.  One agent detects drift through Splunk, another acts through Meraki-all with just a prompt and a few registered tool functions.

Now imagine layering in Cisco's Deep Network Model-a comprehensive, machine-readable understanding of your entire network, trained on years of CCIE-level Cisco expertise and telemetry, and a set of pre-built agents ready out of the box.

Instead of simply reversing a misconfigured VLAN, the agent understands:

• Which applications depend on that VLAN across hybrid environments
• Whether the change introduced a segmentation violation or performance regression
• How to resolve the issue without disrupting critical business traffic
• How to update the source of truth to reflect any legitimate intent behind the change

This is where the theory becomes a reality:

• AI Canvasgives us the environment and agents.
• The Cisco Deep Network Modelgives agents the situational intelligence to act with context.
• MCPgives us the extendibility to BYOA (bring/build your own agent, which is a future feature).

And that's what network engineers need-not another platform, but an assistant that gets it; one that can reason like us, operate faster than us, and make decisions we trust.

It's time to sit in the driver's seat

This isn't a one-off. It's a multiplier. Together, AI Canvas, Cisco Deep Network Model, and MCP putnetwork engineersin the driver's seat of this new agentic AI era. As Jeetu also said, "The future is coming faster than you think."

Stay ahead of the curve and be part of the extraordinary.

For a fully working code of this demo, check out my GitHub repository.

Unlock the future of technology with artificial intelligence training in Cisco U.

Explore AI learning and start building your skills today.

Read more from the AI Break series:

A New Frontier for Network Engineers: Agentic AI That Understands Your Network

Adaptability: The Must-Have Skill for Network Engineers in the AI Era

Sign up for Cisco U. | Join the? Cisco Learning Network?today for free.| Join the? Cisco Learning Network?today for free.

Learn with Cisco

X?|?Threads | Facebook?|?LinkedIn?|?Instagram|?Threads | Facebook?|?LinkedIn?|?Instagram?|?YouTube

Use? #CiscoU and #CiscoCert?to join the conversation.