Query Cisco IOS and NX-OS Devices
Query Cisco IOS XE, IOS XR, and NX-OS network devices with cnquery
Rely on cnquery to query configuration and security information from Cisco network devices running IOS XE, IOS XR, or NX-OS. Discover interfaces, users, routing protocols, AAA configurations, and more across your network infrastructure.
Requirements
To analyze and explore your Cisco devices with cnquery, you must have:
- cnquery installed on your workstation.
- SSH access to the target Cisco device.
- Valid credentials (username/password or SSH key) for authentication.
- A privileged user account (privilege level 15) or the device enable password to enter privileged exec mode.
:::note
Scanning Cisco IOS and NX-OS devices is not currently supported from Windows systems.
:::
Connect to a Cisco device
To connect to a Cisco device using password authentication:
cnquery shell nd-ssh user@192.168.1.1 --ask-passTo connect using an SSH private key:
cnquery shell nd-ssh user@192.168.1.1 --private-key-path ~/.ssh/id_rsaTo specify an enable password for privileged exec mode:
cnquery shell nd-ssh user@192.168.1.1 --ask-pass --enable-password 'your-enable-password'Connection options
| Option | Description |
|---|---|
--password, -p | SSH password for authentication |
--ask-pass | Prompt for the SSH password |
--enable-password | Privileged exec (enable) password |
--private-key-path | Path to SSH private key file |
--private-key-passphrase | Passphrase for the SSH private key |
--system-transport-args | Additional SSH transport arguments |
Example queries for IOS XE
Once connected to an IOS XE device, you can query device configuration and state.
This query retrieves the device hostname and version:
cnquery> cisco.iosxe.hostname
cisco.iosxe.hostname: "router1"
cnquery> cisco.iosxe.version
cisco.iosxe.version: "17.3.4"This query lists all interfaces and their status:
cnquery> cisco.iosxe.interfaces { name ipAddress status }
cisco.iosxe.interfaces: [
0: {
name: "GigabitEthernet0/0"
ipAddress: "192.168.1.1"
status: "up"
}
...
]This query retrieves local user accounts:
cnquery> cisco.iosxe.users { name privilege }
cisco.iosxe.users: [
0: {
name: "admin"
privilege: 15
}
...
]This query checks NTP configuration:
cnquery> cisco.iosxe.ntp
cisco.iosxe.ntp: {
servers: ["10.0.0.1", "10.0.0.2"]
...
}Example queries for NX-OS
Once connected to an NX-OS device, you can query Nexus switch configuration.
This query retrieves the device hostname:
cnquery> cisco.nxos.hostname
cisco.nxos.hostname: "nexus-switch1"This query lists all interfaces:
cnquery> cisco.nxos.interfaces { name ipAddress status }
cisco.nxos.interfaces: [
0: {
name: "Ethernet1/1"
ipAddress: "10.0.0.1"
status: "up"
}
...
]This query retrieves local user accounts and roles:
cnquery> cisco.nxos.users { name }
cnquery> cisco.nxos.roles { name }Example queries for IOS XR
Once connected to an IOS XR device, you can query router configuration.
This query retrieves the device hostname:
cnquery> cisco.iosxr.hostname
cisco.iosxr.hostname: "xr-router1"This query lists all interfaces:
cnquery> cisco.iosxr.interfaces { name ipAddress status }This query checks BGP routing configuration:
cnquery> cisco.iosxr.routerBgp
cisco.iosxr.routerBgp: {
asNumber: "65001"
...
}This query retrieves SNMP configuration:
cnquery> cisco.iosxr.snmpUsers
cnquery> cisco.iosxr.snmpCommunities
cnquery> cisco.iosxr.snmpGroupsExit the cnquery shell
To exit the cnquery shell, either press Ctrl + D or type exit.
Learn more
-
To learn more about how the MQL query language works, read Write Effective MQL.
-
For a list of all the Cisco resources and fields you can query, read the Network Devices Resource Pack Reference.