How to Use AI to Generate Network Configurations

$ claude "Create VLAN 10 for guest WiFi on Cisco IOS"

[+] Generating config for Cisco IOS...
[+] vlan 10
[+]   name GUEST_WIFI
[+] interface GigabitEthernet0/1
[+]   switchport mode access
[+]   switchport access vlan 10
[+]   spanning-tree portfast
[+] Done. Config ready to paste. ✓

To generate accurate network configurations with AI, include the device vendor, model, specific port assignments, IP addresses, and the exact behavior you want in a single structured prompt. Specific input produces CLI-ready output; vague prompts produce generic templates you still have to rewrite. Always review AI output line by line for syntax that matches your exact platform version, and test in a lab — GNS3, EVE-NG, or Packet Tracer — before touching production. This guide shows the difference between prompts that work and prompts that waste time.

---

What Makes a Good AI Prompt for Network Config Generation?

AI generates configs based on what you tell it. Vague input → vague output. Specific input → config you can actually use.

Bad prompt:

Make a VLAN config

Good prompt:

Generate a Cisco IOS configuration for a Catalyst 2960 switch. Create VLAN 10 named CORP and VLAN 20 named GUEST. Assign Gi0/1 through Gi0/8 to VLAN 10 as access ports. Assign Gi0/9 through Gi0/16 to VLAN 20 as access ports. Configure Gi0/24 as a trunk port allowing VLANs 10 and 20.

The more context you give — device vendor, model, what ports, what behavior — the more accurate the output.

---

Example 1: VLAN and Trunk Configuration (Cisco IOS)

Prompt:

Generate Cisco IOS config for a 2960 switch. VLANs: 10 (CORP), 20 (GUEST), 99 (MGMT). Gi0/1-8 access VLAN 10, Gi0/9-16 access VLAN 20. Gi0/24 trunk, allow 10, 20, 99. Management IP 192.168.99.10/24 on VLAN 99.

AI output (cleaned up):

vlan 10
 name CORP
vlan 20
 name GUEST
vlan 99
 name MGMT

interface range GigabitEthernet0/1 - 8
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast

interface range GigabitEthernet0/9 - 16
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast

interface GigabitEthernet0/24
 switchport mode trunk
 switchport trunk allowed vlan 10,20,99

interface Vlan99
 ip address 192.168.99.10 255.255.255.0
 no shutdown

ip default-gateway 192.168.99.1

That’s a complete, deployable config generated in about 10 seconds.

---

Example 2: OSPF Neighbor Configuration

Prompt:

Cisco IOS router. Configure OSPF area 0. Interfaces: Gi0/0 = 10.0.0.1/30 (connected to ISP router), Gi0/1 = 192.168.1.1/24 (LAN). Advertise LAN network only. Set Gi0/0 as passive if possible but still form neighbor.

AI output:

router ospf 1
 router-id 10.0.0.1
 passive-interface GigabitEthernet0/1
 network 10.0.0.0 0.0.0.3 area 0
 network 192.168.1.0 0.0.0.255 area 0

interface GigabitEthernet0/0
 ip address 10.0.0.1 255.255.255.252
 ip ospf 1 area 0

interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip ospf 1 area 0

Note: AI correctly flagged in its response that making Gi0/0 fully passive would prevent neighbor formation — it applied passive only to the LAN side. That’s the kind of nuance good prompting surfaces.

---

Example 3: ACL for Guest Network Isolation

Prompt:

Cisco IOS extended ACL. Guest VLAN 192.168.20.0/24 should access the internet but NOT reach the corporate LAN 192.168.10.0/24 or management network 192.168.99.0/24. Apply inbound on VLAN 20 SVI.

AI output:

ip access-list extended GUEST_RESTRICT
 deny   ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
 deny   ip 192.168.20.0 0.0.0.255 192.168.99.0 0.0.0.255
 permit ip 192.168.20.0 0.0.0.255 any

interface Vlan20
 ip access-group GUEST_RESTRICT in

Clean. No fuss.

---

How Do You Validate AI-Generated Network Configurations Before Deploying?

Never paste AI output directly into production. That’s the one rule. Here’s the validation workflow:

1. Read it line by line. Does each line make sense? AI occasionally hallucinates a command that doesn’t exist or mismatches a syntax version. If something looks off, ask the AI to explain that specific line.

2. Check the vendor/version. Ask AI: “Is this syntax valid for IOS 15.2?” or specify the version in your prompt upfront. Syntax differences between IOS 12.x and 15.x, or between IOS and IOS-XE, will cause issues.

3. Test in a lab first. GNS3, EVE-NG, or even Packet Tracer. Paste the config into a virtual device and verify it behaves as expected before touching anything real.

4. Use show commands to verify. After applying:

show vlan brief
show interfaces trunk
show ip ospf neighbor
show ip access-lists

---

Which AI Tools Work Best for Network Configuration Generation?

Tool	Strengths
ChatGPT (GPT-4o)	Broad vendor support, good at explaining output
GitHub Copilot	Great for Python/Netmiko automation scripts
Claude	Strong at structured configs, good at catching edge cases
Gemini	Solid for multi-step config walkthroughs

All of them work. The difference is in how you prompt, not which tool you use.

---

What Are the Best AI Prompt Templates for Network Configuration?

Copy these and fill in your details:

VLAN setup:

Generate [vendor] config for [device model]. Create VLANs [list with names]. Assign ports [range] to [VLAN]. Configure [port] as trunk allowing [VLANs]. Management IP [IP/mask] on VLAN [ID].

Routing:

Configure [OSPF/BGP/EIGRP] on [vendor] router. Interfaces: [list with IPs]. Advertise [networks]. [Any specific requirements].

ACL/Firewall rule:

Create an ACL on [vendor] device. Allow [source] to reach [destination] on [ports]. Deny [source] from reaching [destination]. Apply [inbound/outbound] on [interface].

Troubleshooting a config:

Here is my current config: [paste config]. I’m seeing [problem]. What is wrong and how do I fix it?

---

AI won’t replace your knowledge — it will multiply it. The admin who knows what they want but can get it configured in 10 seconds instead of 30 minutes is the one who ships faster and goes home on time.

---

Frequently Asked Questions

Which AI model works best for generating network configurations? Claude Sonnet and GPT-4o both produce high-quality configs. The model matters less than the prompt — a specific, well-structured prompt on any capable model will outperform a vague prompt on the best model. Specify the vendor, device model, exact IOS or firmware version, interface names, and requirements.

How do I write a good prompt for network config generation? Include: vendor and device model, exact interface identifiers (Gi0/1, not “port 1”), IP addresses and subnet masks, VLAN IDs and names, the specific feature to configure (OSPF, ACL, trunk), and any constraints (which traffic to allow or deny, which interfaces face the WAN). The examples in this guide show the difference in output quality.

Can I paste AI-generated configs directly into production? No. Read the output line by line, verify syntax against your platform’s command reference, confirm that interface names match your actual device, and test in a lab first. AI occasionally generates commands that don’t exist on a specific IOS version or confuses IOS and IOS-XE syntax.

Does AI know the difference between Cisco IOS and IOS-XE? Generally yes, but specify which one in your prompt. State “Cisco IOS 15.2” or “Cisco IOS-XE 17.x” explicitly. Syntax differences between the two — especially for QoS, ACLs, and EIGRP — are common enough that the distinction matters for getting usable output.

Can AI generate Junos, pfSense, or MikroTik configs — not just Cisco? Yes. Claude and GPT-4o have solid coverage of Junos, pfSense, FortiGate, and MikroTik RouterOS. Apply the same rule: specify the platform and version in your prompt. “pfSense 2.7 — generate a firewall rule” will get you accurate results; “pfSense firewall rule” is too vague.