jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add network asset inventory and management tool recommendations

Browse Source 
- Created 11-NETWORK-ASSET-INVENTORY.md with full device inventory
- Documented 30+ devices from DHCP/ARP tables
- Categorized devices: Infrastructure, Secure, IoT, Kids
- Added MAC vendor reference table
- Recommended NetBox as primary IPAM/DCIM tool
- Listed alternative tools: phpIPAM, Snipe-IT, GLPI, etc.
- Added action items for unknown device identification

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
jazzymc
2026-01-18 22:31:44 +02:00
parent 72d4f52637
commit 0f3fda945f
1 changed files with 240 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

240
docs/11-NETWORK-ASSET-INVENTORY.md Normal file
View File

@@ -0,0 +1,240 @@
# Network Asset Inventory
**Document Created:** 2026-01-18
**Last Updated:** 2026-01-18
**Data Source:** MikroTik DHCP + ARP tables
---
## Network Infrastructure
| Device | IP | MAC | Vendor | Connection | VLAN (Proposed) |
|--------|-----|-----|--------|------------|-----------------|
| MikroTik hAP ax³ | 192.168.31.1 | 78:9A:18:2C:A5:48 | MikroTik | - | Management |
| MikroTik CSS326-24G-2S+ | 192.168.31.9 | F4:1E:57:C9:BD:09 | MikroTik | eth4 → Switch | Management |
| MikroTik cAP ac | 192.168.31.6 | 18:FD:74:54:3D:BC | MikroTik | eth2 → AP | Management |
---
## Servers & Core Infrastructure
| Device | IP | MAC | Vendor | Hostname | Connection | VLAN |
|--------|-----|-----|--------|----------|------------|------|
| Unraid Server | 192.168.31.2 | A8:B8:E0:02:B6:15 | ASIX (NIC) | - | Switch Port ? | 10 (Secure) |
| Pi-hole (Docker) | 192.168.31.4 | 02:42:C0:A8:1F:04 | Docker | - | br0 MACVLAN | 10 (Secure) |
| Unbound (Docker) | 192.168.31.5 | 02:42:C0:A8:1F:05 | Docker | - | br0 MACVLAN | 10 (Secure) |
| Home Assistant | 192.168.31.102 | AC:87:A3:77:8F:BD | Espressif | homeassistant | WiFi | 20 (IoT) |
| Unraid KVM | 192.168.31.20 | 48:DA:35:6F:BE:50 | Unknown | - | Switch Port ? | 10 (Secure) |
---
## Kaloyan's Devices (Admin - Full Access)
| Device | IP | MAC | Vendor | Hostname | Connection | VLAN |
|--------|-----|-----|--------|----------|------------|------|
| Nobara PC (LAN) | 192.168.31.95 | 08:92:04:C6:07:C5 | Intel | xtrm-pc | Switch via Dell KVM | 10 (Secure) |
| Nobara PC (WiFi) | 192.168.31.142 | 22:4C:7F:1D:85:8E | Random (Private) | xtrm-pc | WiFi XTRM | 10 (Secure) |
| Game Machine | 192.168.31.97 | 1C:83:41:32:F3:AF | Intel | xtrm-pc | Switch Port ? | 10 (Secure) |
| MacBook (WiFi) | 192.168.31.99 | 82:EC:EF:B5:F2:AF | Random (Private) | Mac | WiFi XTRM | 10 (Secure) |
| S25 Ultra | 192.168.31.98 | AA:ED:8B:2A:40:F1 | Random (Private) | S25-Ultra | WiFi XTRM | 10 (Secure) |
---
## IoT Devices
| Device | IP | MAC | Vendor | Hostname | Connection | VLAN |
|--------|-----|-----|--------|----------|------------|------|
| Chromecast | 192.168.31.134 | D0:E7:82:F7:65:DD | Google | Chromecast | WiFi XTRM2 | 20 (IoT) |
| Roborock S7 Vacuum | 192.168.31.104 | B0:4A:39:3F:9A:14 | Roborock | roborock-vacuum-a62 | WiFi XTRM2 | 20 (IoT) |
| Bosch Smart Oven | 192.168.31.105 | 94:27:70:1E:0C:EE | Bosch | bosch-oven-384... | WiFi XTRM2 | 20 (IoT) |
| Reolink Doorbell | 192.168.31.68 | 48:9E:9D:0E:16:F7 | Reolink | Reolink | WiFi XTRM2 | 20 (IoT) |
| HP LaserJet Printer | 192.168.31.19 | 64:4E:D7:D8:43:3E | HP | NPID8433E | WiFi/LAN? | 20 (IoT) |
| Tuya Device 1 | 192.168.31.109 | D0:C9:07:92:1A:8E | Tuya | - | WiFi XTRM2 | 20 (IoT) |
| Tuya Device 2 | 192.168.31.110 | D0:C9:07:8C:C9:46 | Tuya | - | WiFi XTRM2 | 20 (IoT) |
| Tuya Device 3 | 192.168.31.113 | 38:1F:8D:04:6F:E4 | Tuya | - | WiFi XTRM2 | 20 (IoT) |
| ESP/Tuya lwip0 #1 | 192.168.31.100 | 38:A5:C9:44:7B:80 | Espressif | lwip0 | WiFi XTRM2 | 20 (IoT) |
| ESP/Tuya lwip0 #2 | 192.168.31.101 | 38:A5:C9:44:7B:F1 | Espressif | lwip0 | WiFi XTRM2 | 20 (IoT) |
| Unknown IoT | 192.168.31.106 | 18:DE:50:5B:C8:A6 | Espressif | wlan0 | WiFi XTRM2 | 20 (IoT) |
| Unknown IoT | 192.168.31.149 | D4:AD:FC:BE:13:B0 | Unknown | - | WiFi XTRM2 | 20 (IoT) |
| Unknown (EMLAB) | 192.168.31.139 | 50:2C:C6:7A:55:39 | Unknown | EMLAB | WiFi | 20 (IoT) |
---
## Kids & Family Devices
| Device | IP | MAC | Vendor | Hostname | Owner | Connection | VLAN |
|--------|-----|-----|--------|----------|-------|------------|------|
| Nora MacBook Air | 192.168.31.79 | 82:6D:FB:D9:E0:47 | Apple (Private) | MacBookAir | Nora | WiFi XTRM | 30 (Kids) |
| Kimi Notebook | 192.168.31.108 | 90:91:64:70:0D:86 | Unknown | Kimi-Notebook | Kimi | WiFi | 30 (Kids) |
| Kimi iPhone | 192.168.31.121 | 2A:2B:BA:86:D4:AF | Apple (Private) | iPhone | Kimi | WiFi XTRM | 30 (Kids) |
| Dancho iPhone | 192.168.31.114 | F2:B8:14:61:C8:27 | Apple (Private) | iPhone | Dancho | WiFi XTRM | 30 (Kids) |
| Compusbg iPad | 192.168.31.107 | A4:D1:D2:7B:52:BE | Apple | Compusbg-iPad | ? | WiFi | 30 (Kids) |
---
## Unknown/Unidentified Devices
| IP | MAC | Vendor Prefix | Last Seen | Status | Notes |
|-----|-----|---------------|-----------|--------|-------|
| 192.168.31.22 | 1C:2A:A3:1E:78:67 | Unknown | ARP stale | Identify | |
| 192.168.31.118 | DC:03:98:6B:5A:3A | Unknown | ARP failed | Offline? | |
| 192.168.31.131 | AC:B5:7D:4D:DD:79 | Unknown | ARP stale | Identify | |
| 192.168.31.138 | C6:2A:59:AD:17:90 | Private MAC | Permanent | Static ARP? | |
| 192.168.31.40 | B0:37:95:79:AF:9B | Unknown | ARP failed | Offline? | |
| 192.168.31.122 | 72:F5:14:2D:F0:18 | Private MAC | 16 weeks ago | Very old | |
---
## MAC Vendor Reference
| Prefix | Vendor |
|--------|--------|
| 78:9A:18 | MikroTik |
| F4:1E:57 | MikroTik |
| 18:FD:74 | MikroTik |
| D0:C9:07 | Tuya Smart |
| 38:1F:8D | Tuya Smart |
| 38:A5:C9 | Espressif (ESP8266/ESP32) |
| AC:87:A3 | Espressif |
| 18:DE:50 | Espressif |
| D0:E7:82 | Google |
| B0:4A:39 | Roborock |
| 94:27:70 | Bosch |
| 48:9E:9D | Reolink |
| 64:4E:D7 | HP |
| 08:92:04 | Intel |
| 1C:83:41 | Intel |
| A8:B8:E0 | ASIX Electronics |
| 02:42:xx | Docker (Local) |
| x2:xx:xx | Randomized/Private MAC |
---
## Connection Summary
### Wired Connections (CSS326 Switch)
| Port | Device | MAC | Status |
|------|--------|-----|--------|
| ? | Uplink to hAP ax³ | - | Connected |
| ? | Unraid Server | A8:B8:E0:02:B6:15 | Connected |
| ? | Nobara PC (Dell KVM) | 08:92:04:C6:07:C5 | Connected |
| ? | Game Machine | 1C:83:41:32:F3:AF | Connected |
| ? | Unraid KVM | 48:DA:35:6F:BE:50 | Connected |
### WiFi Connections (hAP ax³ + cAP ac)
| SSID | Band | Devices Connected |
|------|------|-------------------|
| XTRM | 5GHz | MacBook, Nobara PC WiFi, Phones |
| XTRM | 2.4GHz | Some devices |
| XTRM2 | 2.4GHz | All IoT devices, legacy |
---
## Proposed VLAN Assignment Summary
| VLAN | Subnet | Device Count | Access Level |
|------|--------|--------------|--------------|
| 1 (Mgmt) | 192.168.31.0/24 | 3 | Network devices only |
| 10 (Secure) | 192.168.10.0/24 | ~8 | Full access (admin devices) |
| 20 (IoT) | 192.168.20.0/24 | ~15 | Internet + HA only |
| 30 (Kids) | 192.168.30.0/24 | ~5 | Internet only |
| 40 (Guest) | 192.168.40.0/24 | 0 | Internet only, isolated |
---
## Action Items
- [ ] Identify unknown devices (192.168.31.22, .118, .131, .138, .40)
- [ ] Map CSS326 switch ports to devices
- [ ] Verify all Tuya devices are correctly identified
- [ ] Confirm printer should be IoT or needs Secure access
- [ ] Decide if Compusbg-iPad is Kids or Guest
- [ ] Check if any IoT devices need wired connection
---
## Self-Hosted Network Asset Management Tools
### Recommended: NetBox (Best Overall)
| Feature | Details |
|---------|---------|
| **Description** | Industry-standard IPAM & DCIM tool |
| **Docker** | `netboxcommunity/netbox` |
| **Features** | IP address management, device inventory, rack diagrams, circuit tracking, VLAN management, API |
| **Best For** | Comprehensive network documentation |
| **URL** | https://netbox.dev |
```yaml
# Docker Compose snippet
services:
netbox:
image: netboxcommunity/netbox:latest
ports:
- "8080:8080"
depends_on:
- postgres
- redis
```
### Alternative Options
| Tool | Best For | Docker Image | Notes |
|------|----------|--------------|-------|
| **Snipe-IT** | Physical asset tracking | `snipe/snipe-it` | Great for hardware inventory, barcodes |
| **GLPI** | IT asset management + helpdesk | `diouxx/glpi` | Full ITSM solution |
| **Ralph** | Data center asset management | `allegro/ralph` | Good for servers/racks |
| **Racktables** | Rack/network documentation | `racktables/racktables` | Lightweight, classic |
| **phpIPAM** | IP address management only | `phpipam/phpipam-www` | Simple IPAM, easy setup |
| **Nautobot** | NetBox fork with extras | `networktocode/nautobot` | More plugins, enterprise features |
### Quick Comparison
| Tool | IPAM | Device Inventory | VLAN Mgmt | API | Complexity |
|------|------|------------------|-----------|-----|------------|
| **NetBox** | ✅ | ✅ | ✅ | ✅ | Medium |
| **phpIPAM** | ✅ | Basic | ✅ | ✅ | Low |
| **Snipe-IT** | ❌ | ✅ | ❌ | ✅ | Low |
| **GLPI** | Plugin | ✅ | Plugin | ✅ | Medium |
| **NetAlertX** | ❌ | ✅ (auto) | ❌ | ✅ | Low |
### Recommendation for Your Setup
**NetBox** is the best choice because:
1. Manages VLANs, IP ranges, and prefixes
2. Documents all network devices with relationships
3. Tracks cables and connections
4. Has powerful API for automation
5. Integrates with Ansible for network automation
6. Can import from MikroTik via API scripts
**Quick Start:**
```bash
# Clone NetBox Docker
git clone https://github.com/netbox-community/netbox-docker.git
cd netbox-docker
docker compose up -d
```
### Integration with Existing Stack
```
┌─────────────────────────────────────────────────────────┐
│ Your Network │
├─────────────────────────────────────────────────────────┤
│ │
│ NetAlertX ──────► Auto-discovery, alerts │
│ │ │
│ ▼ │
│ NetBox ─────────► IPAM, documentation, VLANs │
│ │ │
│ ▼ │
│ Home Assistant ─► IoT device control │
│ │ │
│ ▼ │
│ Uptime Kuma ───► Service monitoring │
│ │
└─────────────────────────────────────────────────────────┘
```
You already have **NetAlertX** for discovery - pair it with **NetBox** for proper documentation and VLAN planning.