6.3 AI and Machine Learning in Network Operations
Key Takeaways
- Predictive AI uses historical data to forecast failures and capacity limits before they cause outages.
- Generative AI creates configurations, documentation, and troubleshooting guidance from natural-language prompts.
- Machine learning builds a baseline of normal behavior and flags anomalies that signature-based systems miss.
- Cisco AI Network Analytics inside Catalyst Center applies ML for baselining, correlation, and proactive alerts.
- AI/ML shifts operations from reactive break-fix to proactive prevention — this topic is conceptual, not configuration.
A New v1.1 Topic
Artificial Intelligence (AI) and Machine Learning (ML) in network operations were added to the CCNA in the v1.1 blueprint of August 2024, alongside generative AI and cloud network management. The questions are purely conceptual — you will never configure an AI model. You must distinguish three terms and recognize their networking use cases.
The Three Terms You Must Separate
| Term | What it does | Networking example |
|---|---|---|
| Predictive AI | Analyzes historical data to forecast a future outcome | "This interface's CRC errors trend predicts a link failure within 7 days" |
| Generative AI | Creates new content (text, code, configs) from a prompt | "Generate an OSPF config for Area 0 on Gi0/0 and Gi0/1" |
| Machine learning | Learns patterns from data to make decisions | Builds a traffic baseline and flags anomalies |
Note that ML is the engine underneath both predictive and generative AI, but the exam treats the three labels as distinct answer choices.
Predictive AI in Operations
Predictive AI turns months of telemetry into a forecast so engineers act before an outage.
| Use case | How predictive AI helps |
|---|---|
| Capacity planning | Forecasts when a link or device will saturate based on growth |
| Failure prediction | Flags hardware likely to fail from rising error counters |
| Performance forecasting | Predicts latency/jitter during expected peak periods |
| Maintenance scheduling | Recommends the lowest-impact maintenance window |
Worked Example
A core switch's Gi1/0/24 shows CRC errors climbing from 5/day to 400/day over 30 days. Predictive AI: (1) detects the upward trend, (2) matches it against historical cable-failure signatures, (3) alerts "Gi1/0/24 likely to fail within 7 days," and (4) recommends replacing the cable during the next maintenance window. The outage is prevented, not just diagnosed afterward.
Generative AI in Operations
Generative AI produces new artifacts from natural-language input, cutting the manual effort of writing configs and docs.
| Use case | Example prompt → output |
|---|---|
| Config generation | "Create an ACL blocking guest VLAN from 10.1.0.0/16" → IOS ACL lines |
| Troubleshooting help | "Why can't VLAN 10 reach VLAN 20?" → analyzes configs, proposes a fix |
| Documentation | Generates topology diagrams and runbooks from live configs |
| Policy translation | "Block social media for guests" → appropriate ACL/URL filter |
| Natural-language queries | "Show all devices over 80% CPU" → queries monitoring tools |
The key exam distinction: generative AI creates something new; predictive AI forecasts a future event. If the stem says "generate," "create," or "write," the answer is generative.
Machine Learning for Security and Assurance
ML shines where static, rule-based (signature) systems fail because it does not need a pre-written signature for every threat.
Baselining and Anomaly Detection
ML learns a baseline of normal behavior — typical traffic volumes, who-talks-to-whom, usual protocols and ports — then alerts on deviations such as:
- A spike in traffic at 3 a.m. when the segment is normally idle.
- A workstation suddenly talking to a server it never contacted before.
- An unexpected protocol or port appearing on a segment.
- A login from an unusual geographic location.
| ML approach | What it detects |
|---|---|
| Supervised learning | Known attack patterns (trained on labeled data) |
| Unsupervised learning | Unknown attacks via deviation from baseline |
| Reinforcement learning | Optimal response actions learned by trial and error |
Cisco AI Network Analytics
Cisco bakes AI/ML into Catalyst Center (formerly DNA Center) under the Assurance umbrella:
- AI-driven insights — proactive issue identification.
- Baseline comparison — ML learns each network's normal and alerts on drift.
- Root-cause analysis — correlates many symptoms into one underlying cause.
- Suggested remediation — proposes or auto-applies fixes.
Worked Example: AI-Driven Troubleshooting
- Detect: ML baseline says Wi-Fi onboarding takes ~2 s; it is now averaging 8 s.
- Correlate: AI links the slowdown to a recent RADIUS server change.
- Root cause: the RADIUS server is timing out 802.1X authentication.
- Recommend: "Revert the RADIUS change or raise the auth timeout."
Common Trap
Distractors claim AI "encrypts all traffic automatically," "generates stronger passwords," or "replaces all firewalls." None describe how ML aids security — the correct mechanism is baseline-and-detect-anomalies.
On the Exam: Memorize predictive (forecast from history), generative (create from a prompt), and ML (baseline + anomaly detection), and know Cisco embeds them in Catalyst Center. You will not configure anything here.
From Reactive to Proactive Operations
The deeper theme behind this entire section is a shift in operating posture. Traditional network operations are reactive: an alarm fires, a ticket opens, an engineer logs in, runs show commands, forms a hypothesis, and fixes whatever broke — all after users are already affected. AI and ML invert that sequence. Predictive AI surfaces the problem days before users feel it, generative AI drafts the remediation in seconds instead of an engineer hand-writing it, and ML-driven baselining catches the subtle anomalies a human staring at dashboards would never spot.
The net effect is fewer outages, shorter mean-time-to-resolution, and engineers freed from repetitive triage to do design work.
Where AI Helps and Where It Does Not
A balanced view is worth carrying into the exam. AI/ML genuinely excels at pattern recognition across huge telemetry sets, at correlating dozens of weak signals into one root cause, and at generating boilerplate configuration that a human then reviews. It does not, however, replace networking fundamentals — a generated OSPF config is only as correct as the intent behind the prompt, and a human still owns the decision to apply it. ML anomaly detection can also raise false positives if its baseline was learned during an abnormal period, which is why these tools augment rather than replace engineers.
For the CCNA you should be able to read a scenario and classify it: "the system warned a power supply would fail next week" is predictive; "the system wrote the ACL from my plain-English request" is generative; "the system flagged a host suddenly scanning the subnet at midnight" is machine learning anomaly detection. Mapping the verb in the stem — forecast, create, or detect-anomaly — to the right category is the single most reliable way to answer these questions correctly under time pressure.
Which type of AI analyzes historical network data to forecast future problems before they occur?
How does machine learning improve network security?