Mondoo
Docs
Network Devices

Assess Cisco Catalyst Center with cnspec

Query and assess Cisco Catalyst Center (formerly DNA Center) with cnspec

Rely on cnspec to discover and assess network devices managed by Cisco Catalyst Center (formerly known as Cisco DNA Center).

Prerequisites

To connect to Cisco Catalyst Center with cnspec, you must have:

  • cnspec installed on your workstation
  • Network access to the Catalyst Center management interface
  • Valid credentials (username and password) for API authentication
  • A user account with appropriate permissions to access the Catalyst Center APIs

Give cnspec access to your Catalyst Center

To scan a Catalyst Center instance, cnspec connects through the Catalyst Center REST API. Ensure that your user account has API access.

Test your connection

Before running a full scan, verify that cnspec can connect by opening a cnspec shell:

cnspec shell ciscocatalyst catalyst.example.com --user admin --ask-pass

If cnspec connects successfully and shows a prompt, you're ready to scan.

Connection options

OptionDescription
--userUsername for API authentication
--password, -pPassword for API authentication
--ask-passPrompt for the password

Scan Cisco Catalyst Center

To scan a Catalyst Center instance, use the cnspec scan command:

cnspec scan ciscocatalyst catalyst.example.com --user admin --ask-pass

Provide the password when prompted.

You can also create your own policies to meet your specific requirements.

Example queries

You can interactively explore and test checks using the cnspec shell. To open a shell connected to your Catalyst Center:

cnspec shell ciscocatalyst catalyst.example.com --user admin --ask-pass

List managed network devices

cnspec> ciscocatalyst.devices
ciscocatalyst.devices: [
  0: ciscocatalyst.device hostname="switch1.example.com"
  1: ciscocatalyst.device hostname="router1.example.com"
  ...
]

Retrieve device details

cnspec> ciscocatalyst.devices { hostname managementIpAddress platformId softwareVersion }
ciscocatalyst.devices: [
  0: {
    hostname: "switch1.example.com"
    managementIpAddress: "192.168.1.10"
    platformId: "C9300-48P"
    softwareVersion: "17.3.4"
  }
  ...
]

Learn more

Cisco IOS/NX-OS

Secure and enforce policy for Cisco IOS XR/XE and NX-OS network devices

Fortinet FortiOS

Secure and enforce policy for Fortinet FortiGate firewalls running FortiOS

On this page

PrerequisitesGive cnspec access to your Catalyst CenterTest your connectionConnection optionsScan Cisco Catalyst CenterExample queriesList managed network devicesRetrieve device detailsLearn more