This chapter covers a NEW objective in the CCNA v2 exam (200-301 v2.0, 2026 blueprint): AI and Network Operations, specifically the role of agentic AI in automating network management. Cisco added this topic because networks are becoming too complex for manual operations, and AI-driven agents can autonomously detect, diagnose, and resolve issues. For the exam, you need to understand what agentic AI is, how it differs from traditional automation, and how it fits into the Cisco AI Ops vision. This is a foundational concept that will appear in scenario-based questions.
Jump to a section
Imagine you manage a fleet of 10,000 delivery trucks for a global logistics company. Each truck has dozens of sensors (engine temperature, tire pressure, fuel level, GPS location, cargo weight). Traditionally, you have a team of human dispatchers who monitor dashboards and react when a truck breaks down. They call the driver, diagnose the problem, and dispatch a repair truck. This is like traditional network operations—reactive, slow, and error-prone. Now, imagine you deploy an 'autonomous fleet manager'—an AI agent that continuously monitors every sensor from every truck. The agent knows normal operating ranges (e.g., tire pressure 30-35 PSI, engine temp 190-210°F). When a truck's tire pressure drops to 28 PSI, the agent doesn't wait for a breakdown. It analyzes the trend (pressure dropping 1 PSI per hour), predicts a flat tire in 2 hours, and automatically reroutes the truck to the nearest service station. It also checks if that service station has the right tire in stock and schedules the repair—all without human intervention. If the agent detects an anomaly it can't explain (e.g., sudden engine temp spike to 250°F), it escalates to a human dispatcher with a detailed diagnosis report. This mirrors agentic AI in networking: a software agent that monitors network telemetry, learns normal baselines, predicts failures, and takes automated actions (like rerouting traffic or adjusting QoS) to prevent outages. The key is that the agent operates autonomously within defined guardrails, just like the fleet manager has rules (e.g., 'never reroute a truck carrying hazardous materials without human approval').
What is Agentic AI?
Agentic AI refers to artificial intelligence systems that can perceive their environment, reason about it, and take actions to achieve specific goals without continuous human guidance. In network operations, an agentic AI is a software entity that monitors network telemetry (e.g., SNMP, NetFlow, syslog, streaming telemetry), learns normal behavior patterns, and autonomously executes remediation actions when it detects anomalies or predicts failures. This goes beyond traditional automation, which follows rigid scripts; agentic AI adapts to changing conditions.
Why Cisco Added This to CCNA v2
Cisco's 2026 CCNA blueprint introduces a fifth domain: 'AI and Network Operations and Management' (10% of exam). This reflects industry trends where AI is becoming integral to network management. Cisco itself offers AI-powered tools like Cisco AI Ops (formerly Crosswork Network Insights) and Cisco Catalyst Center with AI analytics. The exam expects you to understand the concepts, not configure specific tools. Key exam objectives: 5.1 Explain the role of agentic AI in network operations.
How Agentic AI Works in Networking
Agentic AI for networking typically follows a four-stage cycle:
Observe: The AI agent collects data from network devices via streaming telemetry, SNMP polling, NetFlow/IPFIX, syslog, and APIs. For example, it might collect interface utilization, CPU/memory stats, routing table changes, and error counters every 30 seconds.
Analyze: The agent uses machine learning models to analyze the data. It builds a baseline of normal behavior (e.g., 'Interface Gig0/1 usually runs at 40-60% utilization during business hours'). It detects anomalies—like a sudden jump to 95% utilization—and correlates events across multiple sources.
Decide: Based on its analysis, the agent decides on an action. For example, if it detects a DDoS attack (high traffic to a single destination), it might decide to apply a QoS policy to rate-limit that traffic or trigger a blackhole route. The decision is guided by policies set by the network engineer (e.g., 'Never shut down an interface without human approval').
Act: The agent executes the action via network device APIs (e.g., NETCONF, RESTCONF, or CLI via SSH). It might modify ACLs, adjust routing metrics, or trigger a failover. After acting, it continues monitoring to verify the action resolved the issue.
Key Components and Terminology
AI Agent: The software entity that runs the observe-analyze-decide-act loop.
Telemetry: Continuous streaming of operational data from devices (e.g., model-driven telemetry using gRPC or gNMI).
Baseline: A statistical model of normal network behavior, updated over time.
Anomaly Detection: Identifying patterns that deviate from the baseline (e.g., sudden packet loss spike).
Remediation Action: Automated response, such as reconfiguring an interface, adjusting OSPF cost, or restarting a process.
Guardrails: Policies that constrain the agent's actions (e.g., 'Only make changes between 2 AM and 5 AM' or 'Require human approval for changes affecting more than 10% of users').
Agentic AI vs. Traditional Automation
Traditional automation uses scripts (e.g., Ansible playbooks) that perform predefined tasks when triggered. For example, a script might run 'show interface' every hour and send an email if errors exceed a threshold. This is reactive and static. Agentic AI is proactive and adaptive: it can predict that errors will exceed the threshold in 10 minutes and take preventive action. It can also handle novel situations by reasoning, not just matching patterns.
Cisco's Implementation: Cisco AI Ops
Cisco AI Ops (part of Cisco Catalyst Center) uses agentic AI to provide 'Assurance' features. It collects telemetry from Catalyst switches, ISR routers, and wireless controllers. It builds baselines for each device and network segment. When it detects an anomaly, it generates a 'health score' degradation event and suggests or automatically applies a remediation. For example, if a wireless AP experiences high channel utilization, AI Ops might automatically change the channel or adjust power levels. The agent can also integrate with Cisco Webex to notify the IT team.
Exam Relevance
On the CCNA exam, you will NOT be asked to configure agentic AI. Instead, you need to:
Identify scenarios where agentic AI would be beneficial (e.g., large-scale networks, 24/7 operations, complex multivendor environments).
Understand the difference between agentic AI, traditional automation, and manual operations.
Recognize the benefits: reduced MTTR (mean time to resolution), proactive issue prevention, and operational efficiency.
Know the limitations: requires quality telemetry, can make mistakes, requires guardrails, and needs human oversight.
Verification Commands (for context, not exam)
While you won't configure agentic AI on the exam, you might see outputs from Cisco Catalyst Center or AI Ops. For example:
Device: Switch-1
Health Score: 85/100 (Degraded)
Anomalies: Interface Gig1/0/1 - CRC errors above baseline (expected < 10, actual 45)
Suggested Remediation: Disable interface and enable errdisable recovery
Status: Action RequiredInteraction with Other Protocols
Agentic AI does not replace protocols like SNMP or NetFlow; it consumes their data. It can also interact with control plane protocols indirectly. For example, if the agent detects a routing loop via telemetry, it might adjust OSPF cost on a link to break the loop. The agent uses APIs to make changes, which in turn affect routing protocol behavior.
Observe Network Telemetry
The AI agent collects data from network devices. This includes interface counters (bytes, packets, errors), CPU/memory utilization, routing table entries, and syslog messages. The agent uses streaming telemetry (e.g., gRPC, gNMI) for real-time data, or SNMP polling every 30-60 seconds. The data is normalized and stored in a time-series database. For example, an agent might collect interface utilization every 30 seconds from 1000 switches, generating millions of data points per day.
Build Baseline and Detect Anomalies
The agent uses machine learning to establish a baseline of normal behavior per device, interface, or traffic flow. Baselines are time-aware (e.g., higher utilization during business hours). The agent continuously compares new data to the baseline. When a metric deviates beyond a threshold (e.g., interface utilization > 90% for 5 minutes), an anomaly is flagged. The agent also correlates anomalies across devices (e.g., high utilization on one link and packet drops on another may indicate a congestion issue).
Analyze Root Cause
After detecting an anomaly, the agent performs root cause analysis. It uses a knowledge base of common issues (e.g., 'CRC errors + high utilization = duplex mismatch') and causal inference models. For example, if interface CRC errors increase and the interface is operating at half-duplex while the peer is full-duplex, the agent identifies a duplex mismatch as the likely root cause. The agent may also query neighboring devices via API to confirm.
Decide on Remediation Action
Based on the root cause and predefined policies (guardrails), the agent selects a remediation action. For a duplex mismatch, the agent might decide to set the interface to auto-negotiate on both sides. The decision is conditional: if the change affects a critical link (e.g., core router uplink), the agent may require human approval. The agent logs the decision and the reasoning.
Execute Action via API
The agent executes the remediation using network device APIs. For Cisco devices, this could be NETCONF/YANG, RESTCONF, or CLI over SSH. The agent sends a configuration change, e.g., setting interface duplex to auto. It then monitors the interface to verify the issue is resolved (e.g., CRC errors drop to baseline). If not resolved, the agent may escalate to a human operator.
Verify and Update Baseline
After the action, the agent continues to monitor the network. If the issue is resolved, the agent updates its baseline to reflect the new normal (e.g., after a QoS policy change, the new utilization pattern becomes the baseline). The agent also logs the event for future reference. If the issue recurs, the agent may adjust its model or escalate.
Scenario 1: Proactive WAN Bandwidth Management
A multinational company with 500 branch offices uses MPLS and internet VPN links. The network team struggles with intermittent congestion on internet links during peak hours. They deploy an agentic AI tool (e.g., Cisco AI Ops) that monitors link utilization and application traffic (via NetFlow). The agent learns that every weekday from 2-4 PM, video conferencing traffic spikes, causing packet loss. The agent automatically applies a QoS policy that prioritizes voice and video traffic over bulk data during those hours. It also adjusts the policy dynamically based on real-time utilization. This reduces congestion without human intervention. The network engineer sets a guardrail: 'Never change QoS on MPLS links, only internet links.'
Scenario 2: Automated Security Response
A university campus network experiences repeated DDoS attacks on its public-facing servers. The agentic AI monitors traffic flows and detects a sudden surge in UDP traffic to port 53 (DNS) from thousands of external IPs. The agent identifies this as a DNS amplification attack. It automatically applies a temporary ACL on the border router to drop traffic from those source IPs and rate-limits DNS responses. The agent also sends an alert to the security team with a summary. After the attack subsides, the agent removes the ACL. The guardrail here is: 'Only block IPs for a maximum of 1 hour without human review.'
Scenario 3: Predictive Hardware Failure
A data center network uses Cisco Nexus switches. The agentic AI monitors switch environmental sensors (temperature, fan speed, power supply voltage). It learns that a specific power supply's voltage is slowly dropping (from 12.0V to 11.8V over a week). The agent predicts a power supply failure within 48 hours. It automatically generates a support ticket with the vendor and schedules a maintenance window. It also pre-stages a replacement power supply. The network engineer gets a notification but does not need to act. This reduces MTTR from hours to minutes.
Performance and Scale Considerations
Agentic AI systems require significant compute resources, especially for large networks. Data collection agents are often deployed on-premises or in the cloud. The AI models must be trained on historical data, which can take weeks. False positives are a risk; guardrails and human oversight are essential. Misconfiguration (e.g., overly aggressive remediation) can cause outages. For example, an agent that automatically shuts down interfaces when CRC errors exceed threshold could take down a critical link unnecessarily.
What the CCNA Exam Tests
Objective 5.1: 'Explain the role of agentic AI in network operations.' The exam will present scenario-based questions asking you to identify when agentic AI is appropriate, distinguish it from traditional automation, and understand its benefits and limitations. You will NOT be asked to configure AI tools or recall specific Cisco product names, but familiarity with Cisco AI Ops and Catalyst Center is helpful.
Common Wrong Answers and Why
'Agentic AI is just another name for automation scripts.' Wrong. Automation scripts are deterministic and rule-based; agentic AI adapts and learns. Candidates choose this because they've heard 'automation' used loosely.
'Agentic AI can completely replace human network engineers.' Wrong. AI augments humans but still requires oversight for complex decisions and safety. Candidates may overestimate AI capabilities.
'Agentic AI requires no data collection.' Wrong. AI relies on telemetry data. Candidates might think AI is magic.
'Agentic AI is only useful for security.' Wrong. It applies to performance, availability, and configuration management too. Candidates may associate AI with security only.
Specific Values and Outputs
While no specific CLI commands are tested, you should recognize typical outputs from AI systems, such as health scores (0-100) and anomaly descriptions. For example: 'Health score dropped from 95 to 70 due to interface errors exceeding baseline.'
Decision Rule for Scenario Questions
When given a scenario, ask: 'Does the situation require adaptive, proactive decision-making beyond simple scripts?' If yes, agentic AI is appropriate. If the scenario describes a fixed, repeatable task (e.g., backing up configs daily), traditional automation is better. Also, if the scenario emphasizes reducing human intervention and learning from patterns, it's agentic AI.
Calculation Traps
None for this topic. Focus on conceptual understanding.
Agentic AI in networking is a software agent that observes, analyzes, decides, and acts autonomously to manage network operations.
It uses telemetry data (SNMP, NetFlow, syslog, streaming telemetry) to build baselines and detect anomalies.
Unlike traditional automation, agentic AI adapts to changing conditions and can handle novel situations.
Cisco AI Ops is an example of agentic AI used in Catalyst Center for network assurance.
Guardrails are policies that constrain AI actions to prevent unintended consequences.
Benefits include reduced MTTR, proactive issue prevention, and improved operational efficiency.
[CCNA v2 NEW] This objective is new to CCNA v2 (200-301 v2.0, 2026) and reflects the growing importance of AI in network management.
These come up on the exam all the time. Here's how to tell them apart.
Traditional Automation
Follows predefined scripts or playbooks.
Reactive: triggers on thresholds or schedules.
Does not learn from patterns; static logic.
Cannot handle novel situations not in script.
Examples: Ansible, cron jobs, basic event handlers.
Agentic AI
Uses ML models to adapt decisions.
Proactive: predicts issues before they occur.
Learns baselines and updates over time.
Can reason about new anomalies using inference.
Examples: Cisco AI Ops, Cisco Catalyst Center Assurance.
Mistake
Agentic AI is just another term for traditional network automation using scripts.
Correct
Agentic AI uses machine learning to adapt and make decisions autonomously, whereas traditional automation follows fixed scripts without learning.
Candidates confuse 'automation' with 'AI' because both involve reducing manual work.
Mistake
Agentic AI can operate without any human oversight or guardrails.
Correct
Agentic AI requires guardrails (policies) and human oversight for critical decisions to prevent errors and outages.
Media hype often portrays AI as fully autonomous, leading to unrealistic expectations.
Mistake
Agentic AI requires no data; it can magically detect issues.
Correct
Agentic AI relies on continuous telemetry data (streaming, SNMP, etc.) to learn baselines and detect anomalies.
People unfamiliar with AI may think it works without input.
Mistake
Agentic AI is only useful for security threat detection.
Correct
Agentic AI is used for performance optimization, fault prediction, configuration management, and more, not just security.
Security is a common AI use case, but network operations cover many domains.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Agentic AI is a software agent that continuously monitors your network, learns what 'normal' looks like, and automatically fixes problems or even prevents them before they happen. It's like having a smart assistant that watches over your network 24/7 and takes action when needed, but you can set rules to limit what it can do.
Regular AI (like a chatbot) only provides information or recommendations, but agentic AI can take direct action in the network—like changing configurations or rerouting traffic. It has autonomy to execute decisions within defined boundaries.
No, the exam only tests conceptual understanding. You need to know what it is, how it works (observe-analyze-decide-act), its benefits, and when to use it vs. traditional automation. No CLI commands or product-specific details are required.
Guardrails are policies that limit the AI's actions to prevent mistakes. For example, 'only make changes between 2 AM and 5 AM' or 'require approval for any change affecting a core router.' They are critical because AI can make errors, and without guardrails, a misconfiguration could cause a major outage.
No, it augments them. AI handles routine tasks and speeds up troubleshooting, but humans are still needed for complex decision-making, setting guardrails, and handling escalations. The goal is to free engineers from repetitive work so they can focus on strategic improvements.
Cisco AI Ops is a suite of AI-powered analytics and automation tools within Cisco Catalyst Center. It uses agentic AI to provide network assurance, proactive anomaly detection, and automated remediation. For the exam, just know it as an example of agentic AI in networking.
If guardrails are properly configured, the AI will either be blocked from making the wrong action or will escalate to a human. Additionally, the AI logs all actions, so you can audit and roll back changes. Continuous monitoring helps catch errors quickly.
You've just covered Agentic AI in Network Operations — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?