From 0f3fda945f6629c1c06862f02ec9a08c0bab3280 Mon Sep 17 00:00:00 2001 From: jazzymc Date: Sun, 18 Jan 2026 22:31:44 +0200 Subject: [PATCH] Add network asset inventory and management tool recommendations - Created 11-NETWORK-ASSET-INVENTORY.md with full device inventory - Documented 30+ devices from DHCP/ARP tables - Categorized devices: Infrastructure, Secure, IoT, Kids - Added MAC vendor reference table - Recommended NetBox as primary IPAM/DCIM tool - Listed alternative tools: phpIPAM, Snipe-IT, GLPI, etc. - Added action items for unknown device identification Co-Authored-By: Claude Opus 4.5 --- docs/11-NETWORK-ASSET-INVENTORY.md | 240 +++++++++++++++++++++++++++++ 1 file changed, 240 insertions(+) create mode 100644 docs/11-NETWORK-ASSET-INVENTORY.md diff --git a/docs/11-NETWORK-ASSET-INVENTORY.md b/docs/11-NETWORK-ASSET-INVENTORY.md new file mode 100644 index 0000000..752e4f6 --- /dev/null +++ b/docs/11-NETWORK-ASSET-INVENTORY.md @@ -0,0 +1,240 @@ +# Network Asset Inventory + +**Document Created:** 2026-01-18 +**Last Updated:** 2026-01-18 +**Data Source:** MikroTik DHCP + ARP tables + +--- + +## Network Infrastructure + +| Device | IP | MAC | Vendor | Connection | VLAN (Proposed) | +|--------|-----|-----|--------|------------|-----------------| +| MikroTik hAP ax³ | 192.168.31.1 | 78:9A:18:2C:A5:48 | MikroTik | - | Management | +| MikroTik CSS326-24G-2S+ | 192.168.31.9 | F4:1E:57:C9:BD:09 | MikroTik | eth4 → Switch | Management | +| MikroTik cAP ac | 192.168.31.6 | 18:FD:74:54:3D:BC | MikroTik | eth2 → AP | Management | + +--- + +## Servers & Core Infrastructure + +| Device | IP | MAC | Vendor | Hostname | Connection | VLAN | +|--------|-----|-----|--------|----------|------------|------| +| Unraid Server | 192.168.31.2 | A8:B8:E0:02:B6:15 | ASIX (NIC) | - | Switch Port ? | 10 (Secure) | +| Pi-hole (Docker) | 192.168.31.4 | 02:42:C0:A8:1F:04 | Docker | - | br0 MACVLAN | 10 (Secure) | +| Unbound (Docker) | 192.168.31.5 | 02:42:C0:A8:1F:05 | Docker | - | br0 MACVLAN | 10 (Secure) | +| Home Assistant | 192.168.31.102 | AC:87:A3:77:8F:BD | Espressif | homeassistant | WiFi | 20 (IoT) | +| Unraid KVM | 192.168.31.20 | 48:DA:35:6F:BE:50 | Unknown | - | Switch Port ? | 10 (Secure) | + +--- + +## Kaloyan's Devices (Admin - Full Access) + +| Device | IP | MAC | Vendor | Hostname | Connection | VLAN | +|--------|-----|-----|--------|----------|------------|------| +| Nobara PC (LAN) | 192.168.31.95 | 08:92:04:C6:07:C5 | Intel | xtrm-pc | Switch via Dell KVM | 10 (Secure) | +| Nobara PC (WiFi) | 192.168.31.142 | 22:4C:7F:1D:85:8E | Random (Private) | xtrm-pc | WiFi XTRM | 10 (Secure) | +| Game Machine | 192.168.31.97 | 1C:83:41:32:F3:AF | Intel | xtrm-pc | Switch Port ? | 10 (Secure) | +| MacBook (WiFi) | 192.168.31.99 | 82:EC:EF:B5:F2:AF | Random (Private) | Mac | WiFi XTRM | 10 (Secure) | +| S25 Ultra | 192.168.31.98 | AA:ED:8B:2A:40:F1 | Random (Private) | S25-Ultra | WiFi XTRM | 10 (Secure) | + +--- + +## IoT Devices + +| Device | IP | MAC | Vendor | Hostname | Connection | VLAN | +|--------|-----|-----|--------|----------|------------|------| +| Chromecast | 192.168.31.134 | D0:E7:82:F7:65:DD | Google | Chromecast | WiFi XTRM2 | 20 (IoT) | +| Roborock S7 Vacuum | 192.168.31.104 | B0:4A:39:3F:9A:14 | Roborock | roborock-vacuum-a62 | WiFi XTRM2 | 20 (IoT) | +| Bosch Smart Oven | 192.168.31.105 | 94:27:70:1E:0C:EE | Bosch | bosch-oven-384... | WiFi XTRM2 | 20 (IoT) | +| Reolink Doorbell | 192.168.31.68 | 48:9E:9D:0E:16:F7 | Reolink | Reolink | WiFi XTRM2 | 20 (IoT) | +| HP LaserJet Printer | 192.168.31.19 | 64:4E:D7:D8:43:3E | HP | NPID8433E | WiFi/LAN? | 20 (IoT) | +| Tuya Device 1 | 192.168.31.109 | D0:C9:07:92:1A:8E | Tuya | - | WiFi XTRM2 | 20 (IoT) | +| Tuya Device 2 | 192.168.31.110 | D0:C9:07:8C:C9:46 | Tuya | - | WiFi XTRM2 | 20 (IoT) | +| Tuya Device 3 | 192.168.31.113 | 38:1F:8D:04:6F:E4 | Tuya | - | WiFi XTRM2 | 20 (IoT) | +| ESP/Tuya lwip0 #1 | 192.168.31.100 | 38:A5:C9:44:7B:80 | Espressif | lwip0 | WiFi XTRM2 | 20 (IoT) | +| ESP/Tuya lwip0 #2 | 192.168.31.101 | 38:A5:C9:44:7B:F1 | Espressif | lwip0 | WiFi XTRM2 | 20 (IoT) | +| Unknown IoT | 192.168.31.106 | 18:DE:50:5B:C8:A6 | Espressif | wlan0 | WiFi XTRM2 | 20 (IoT) | +| Unknown IoT | 192.168.31.149 | D4:AD:FC:BE:13:B0 | Unknown | - | WiFi XTRM2 | 20 (IoT) | +| Unknown (EMLAB) | 192.168.31.139 | 50:2C:C6:7A:55:39 | Unknown | EMLAB | WiFi | 20 (IoT) | + +--- + +## Kids & Family Devices + +| Device | IP | MAC | Vendor | Hostname | Owner | Connection | VLAN | +|--------|-----|-----|--------|----------|-------|------------|------| +| Nora MacBook Air | 192.168.31.79 | 82:6D:FB:D9:E0:47 | Apple (Private) | MacBookAir | Nora | WiFi XTRM | 30 (Kids) | +| Kimi Notebook | 192.168.31.108 | 90:91:64:70:0D:86 | Unknown | Kimi-Notebook | Kimi | WiFi | 30 (Kids) | +| Kimi iPhone | 192.168.31.121 | 2A:2B:BA:86:D4:AF | Apple (Private) | iPhone | Kimi | WiFi XTRM | 30 (Kids) | +| Dancho iPhone | 192.168.31.114 | F2:B8:14:61:C8:27 | Apple (Private) | iPhone | Dancho | WiFi XTRM | 30 (Kids) | +| Compusbg iPad | 192.168.31.107 | A4:D1:D2:7B:52:BE | Apple | Compusbg-iPad | ? | WiFi | 30 (Kids) | + +--- + +## Unknown/Unidentified Devices + +| IP | MAC | Vendor Prefix | Last Seen | Status | Notes | +|-----|-----|---------------|-----------|--------|-------| +| 192.168.31.22 | 1C:2A:A3:1E:78:67 | Unknown | ARP stale | Identify | | +| 192.168.31.118 | DC:03:98:6B:5A:3A | Unknown | ARP failed | Offline? | | +| 192.168.31.131 | AC:B5:7D:4D:DD:79 | Unknown | ARP stale | Identify | | +| 192.168.31.138 | C6:2A:59:AD:17:90 | Private MAC | Permanent | Static ARP? | | +| 192.168.31.40 | B0:37:95:79:AF:9B | Unknown | ARP failed | Offline? | | +| 192.168.31.122 | 72:F5:14:2D:F0:18 | Private MAC | 16 weeks ago | Very old | | + +--- + +## MAC Vendor Reference + +| Prefix | Vendor | +|--------|--------| +| 78:9A:18 | MikroTik | +| F4:1E:57 | MikroTik | +| 18:FD:74 | MikroTik | +| D0:C9:07 | Tuya Smart | +| 38:1F:8D | Tuya Smart | +| 38:A5:C9 | Espressif (ESP8266/ESP32) | +| AC:87:A3 | Espressif | +| 18:DE:50 | Espressif | +| D0:E7:82 | Google | +| B0:4A:39 | Roborock | +| 94:27:70 | Bosch | +| 48:9E:9D | Reolink | +| 64:4E:D7 | HP | +| 08:92:04 | Intel | +| 1C:83:41 | Intel | +| A8:B8:E0 | ASIX Electronics | +| 02:42:xx | Docker (Local) | +| x2:xx:xx | Randomized/Private MAC | + +--- + +## Connection Summary + +### Wired Connections (CSS326 Switch) +| Port | Device | MAC | Status | +|------|--------|-----|--------| +| ? | Uplink to hAP ax³ | - | Connected | +| ? | Unraid Server | A8:B8:E0:02:B6:15 | Connected | +| ? | Nobara PC (Dell KVM) | 08:92:04:C6:07:C5 | Connected | +| ? | Game Machine | 1C:83:41:32:F3:AF | Connected | +| ? | Unraid KVM | 48:DA:35:6F:BE:50 | Connected | + +### WiFi Connections (hAP ax³ + cAP ac) +| SSID | Band | Devices Connected | +|------|------|-------------------| +| XTRM | 5GHz | MacBook, Nobara PC WiFi, Phones | +| XTRM | 2.4GHz | Some devices | +| XTRM2 | 2.4GHz | All IoT devices, legacy | + +--- + +## Proposed VLAN Assignment Summary + +| VLAN | Subnet | Device Count | Access Level | +|------|--------|--------------|--------------| +| 1 (Mgmt) | 192.168.31.0/24 | 3 | Network devices only | +| 10 (Secure) | 192.168.10.0/24 | ~8 | Full access (admin devices) | +| 20 (IoT) | 192.168.20.0/24 | ~15 | Internet + HA only | +| 30 (Kids) | 192.168.30.0/24 | ~5 | Internet only | +| 40 (Guest) | 192.168.40.0/24 | 0 | Internet only, isolated | + +--- + +## Action Items + +- [ ] Identify unknown devices (192.168.31.22, .118, .131, .138, .40) +- [ ] Map CSS326 switch ports to devices +- [ ] Verify all Tuya devices are correctly identified +- [ ] Confirm printer should be IoT or needs Secure access +- [ ] Decide if Compusbg-iPad is Kids or Guest +- [ ] Check if any IoT devices need wired connection + +--- + +## Self-Hosted Network Asset Management Tools + +### Recommended: NetBox (Best Overall) + +| Feature | Details | +|---------|---------| +| **Description** | Industry-standard IPAM & DCIM tool | +| **Docker** | `netboxcommunity/netbox` | +| **Features** | IP address management, device inventory, rack diagrams, circuit tracking, VLAN management, API | +| **Best For** | Comprehensive network documentation | +| **URL** | https://netbox.dev | + +```yaml +# Docker Compose snippet +services: + netbox: + image: netboxcommunity/netbox:latest + ports: + - "8080:8080" + depends_on: + - postgres + - redis +``` + +### Alternative Options + +| Tool | Best For | Docker Image | Notes | +|------|----------|--------------|-------| +| **Snipe-IT** | Physical asset tracking | `snipe/snipe-it` | Great for hardware inventory, barcodes | +| **GLPI** | IT asset management + helpdesk | `diouxx/glpi` | Full ITSM solution | +| **Ralph** | Data center asset management | `allegro/ralph` | Good for servers/racks | +| **Racktables** | Rack/network documentation | `racktables/racktables` | Lightweight, classic | +| **phpIPAM** | IP address management only | `phpipam/phpipam-www` | Simple IPAM, easy setup | +| **Nautobot** | NetBox fork with extras | `networktocode/nautobot` | More plugins, enterprise features | + +### Quick Comparison + +| Tool | IPAM | Device Inventory | VLAN Mgmt | API | Complexity | +|------|------|------------------|-----------|-----|------------| +| **NetBox** | ✅ | ✅ | ✅ | ✅ | Medium | +| **phpIPAM** | ✅ | Basic | ✅ | ✅ | Low | +| **Snipe-IT** | ❌ | ✅ | ❌ | ✅ | Low | +| **GLPI** | Plugin | ✅ | Plugin | ✅ | Medium | +| **NetAlertX** | ❌ | ✅ (auto) | ❌ | ✅ | Low | + +### Recommendation for Your Setup + +**NetBox** is the best choice because: +1. Manages VLANs, IP ranges, and prefixes +2. Documents all network devices with relationships +3. Tracks cables and connections +4. Has powerful API for automation +5. Integrates with Ansible for network automation +6. Can import from MikroTik via API scripts + +**Quick Start:** +```bash +# Clone NetBox Docker +git clone https://github.com/netbox-community/netbox-docker.git +cd netbox-docker +docker compose up -d +``` + +### Integration with Existing Stack + +``` +┌─────────────────────────────────────────────────────────┐ +│ Your Network │ +├─────────────────────────────────────────────────────────┤ +│ │ +│ NetAlertX ──────► Auto-discovery, alerts │ +│ │ │ +│ ▼ │ +│ NetBox ─────────► IPAM, documentation, VLANs │ +│ │ │ +│ ▼ │ +│ Home Assistant ─► IoT device control │ +│ │ │ +│ ▼ │ +│ Uptime Kuma ───► Service monitoring │ +│ │ +└─────────────────────────────────────────────────────────┘ +``` + +You already have **NetAlertX** for discovery - pair it with **NetBox** for proper documentation and VLAN planning.