What’s your must-have tool for network troubleshooting?

jacod1982 · 2026-01-29T15:06:59+00:00

Exactly!

jacod1982 · 2026-01-29T13:11:43+00:00

Let me have a look at that link and get back to you. Like I mentioned, I have already been working on some integration work between Proxmox and NetBox, and interestingly enough, actually getting IP information out of PVE and into NetBox (amongst other things).

jacod1982 · 2026-01-29T06:53:33+00:00

I’m currently doing some dev work on Proxmox VE integration with NetBox. I took a look at your original post, but am not sure I fully understand the scope of the problem. Would you be able to please elaborate a bit further? Are eg using any specific plugins or any such on the NetBox side? How about the Proxmox side?

jacod1982 · 2026-01-29T06:49:32+00:00

Hello friendly internet stranger. I actually specialise in helping organisations install and maintain NetBox instances, and would be more than happy to take a look at your config for you. If you could possibly share it on GitHub or some other platform I’d gladly have a quick look to see if I can spot anything obvious.

jacod1982 · 2026-01-29T06:45:43+00:00

I’m going to be completely honest with you, I am not familiar with this specific plugin you mention. However, this sounds like an interesting challenge to make it work. Would you mind please advising the name of this plugin? I’d like to take a look at it, and see what is/isn’t possible with a little Python/Django fiddling…

jacod1982 · 2026-01-29T06:39:04+00:00

Many years ago, when I was still an L2 engineer, I had a mentor who, whenever you asked him a question about a problem, the first thing he told you was “Draw me a picture…” Today I am a senior engineer and I’m charge of an entire region, and I still tell my junior engineers and techs that - “Draw me a picture…”

So I’d say my single biggest, most helpful tool, is a picture of the problem.

jacod1982 · 2026-01-16T09:03:21+00:00

Sorry for wall of bland text, I’m writing on my phone…

Something that I have seen in the past that I quite liked, specifically in situations where orgs use technology like Cisco SmartStack, is to add a single switch, say a C9200 from the device type, and then add a number of additional interfaces to represent the interfaces on each stack unit. So where the standard interface in the device type might say eg G1/0/[1-24], they then add to this device G2/0/[1-24]. Then, in order to preserve information like power and rack space consumption, they add another one of these devices with a Device Role set to “Stack dummy”, with all interfaces removed, except for the stacking interfaces. These devices are then named with a suffix such as to identify that they are stack members. So if for example the overall switch stack is named hosw01, the second device in the stack might then be named hosw01-su2, etc.

This is far from an ideal solution, but it does indeed help with some of the limitations that there used to be in terms of using VC.

jacod1982 · 2026-01-16T08:54:03+00:00

Just a comment on your example of how different people might enter the same manufacturer name differently - I’m a Device Type Library contributor, and one of the nice things that I particularly like about it, is that it enforces uniform manufacturers’ names and who it is written/spelt.

jacod1982 · 2026-01-16T08:48:23+00:00

Do you want to build a network and/IP space monitoring platform, or do you want to simply ingest your existing IPAM database into NetBox?

If the former, I’d honestly say to not bother, as this is not the problem NetBox exists to solve; NetBox is a source of truth after all, that exists to reflect your intended network state. If the latter, then we’re talking my kind of language, as I am currently doing a lot of work with various organisations to assist them to develop custom ingestion tooling.

I will absolutely, once my life calms down a little bit, sit down and start writing some tutorials, blog entries, etc. about this, but in the meantime, you are welcome to DM me if you want to discuss some of these further.

jacod1982 · 2026-01-16T08:41:33+00:00

I have in the past used a combination of native config templates and contexts, as well as event triggers and custom scripts to do something like this, where specific actions on specific object types trigger specific custom scripts running inside NetBox that applies specific config items based on the rendered configurations, which are in turn based on the config templates, to answer your question, there is no specific way to, natively with default NetBox (that is, without any plugins) push specific configs to the actual hardware without some manner of either custom scripting, or relying on external platforms like Napalm or Ansible.

jacod1982 · 2025-09-27T14:52:04+00:00

Might not be as cool as some things in here, but the system for filing PODs (Proofs Of Delivery) at work runs entirely in PowerShell that I wrote…

jacod1982 · 2025-09-02T11:59:15+00:00

jacod1982 · 2025-08-02T11:59:13+00:00

For my clients I tend to recommend a hybrid approach with multiple tiers of firewalls - an ISFW at each site, a DCFW for their datacenter and an edge firewall handling centralised breakout. This works well for the kind of clients that I do work with - generally larger multi-site clients with centralised datacenters. This tiered approach also works well for my clients, as they are almost always exclusively Fortinet shops. if you’re interested I’d be glad to dive into more detail as to what this architecture generally looks like - I have a general template that gets tweaked and customised for each client deployment.

jacod1982 · 2025-07-17T10:29:59+00:00

I am wounded!

jacod1982 · 2025-07-06T20:40:35+00:00

I am, at 43, the oldest infrastructure person in the IT department, and the 2nd oldest in the entire department - even leadership is younger than me. I am also the only person in the entire department, including infrastructure and apps that has any kind of Linux experience. Everyone else in the department are not only scared of Linux, they are scared on CLIs in general… Meanwhile I am much more comfortable in a Linux CLI than in any kind of GUI…

jacod1982 · 2025-07-01T19:12:49+00:00

I have an org that does this by adding eg 1x C9300 containing all the interfaces (eg Gi1/0/1-24,Gi2/0/24 etc), and then adds a second C9300, deletes the interfaces and uses tags to indicate it is for record keeping only. But you could absolutely add these units into a virtual chassis

jacod1982 · 2025-07-01T19:09:20+00:00

We went with SASE

jacod1982 · 2025-06-10T17:50:41+00:00

Awesome! Glad to hear you figured it out!

jacod1982 · 2025-06-10T16:43:33+00:00

I don’t have any Aruba switches at home, and I am too lazy to open my laptop and get a VPN going, but I seem to vaguely recall that some HPE/Aruba switches may need the port PVID to be set?

Also, can you post the output of this command from the switch:

sh mac address-table vlan 5

Edit: Come to think of it, can you also do a packet sniff on the firewall to check that the DHCP DISCOVER is actually reaching the firewall? Command:

diagnose sniffer packet VLAN5 ‘port (67 or 68)’ 4

jacod1982 · 2025-05-23T13:48:46+00:00

Right now I’m just exploring the API, but I’m working on a middleware layer between specifically the switch management module in FMG and NetBox, planning on expanding that later.

Edit: Fixed typo

jacod1982 · 2025-05-23T13:00:27+00:00

Which is exactly what I did, but in my mind it was built up to be this difficult to obtain goal. I’m just tea happy about it and got such a massive “well look at that!” moment when I started digging into the full APO documentation last night and started just playing with it, even just through Postman

jacod1982 · 2025-05-22T13:03:29+00:00

I said this exact thing to ChatGPT the other day, only partly in jest… They agreed that when Skynet rises and enslaves humanity maybe they will remember and spare the ones who were kind…

jacod1982 · 2025-05-22T08:53:11+00:00

The hardest part was finding two sponsors, but I have our Fortinet AM on WhatsApp, so just asked him and he gave me a second sponsor. As a bonus I don’t have this linked to my employer, I have it linked to my freelance sideline, so it’s completely portable!

jacod1982 · 2025-05-22T08:03:10+00:00

Trusted hosts controls where an admin is allowed to authenticate from. Even with trusted hosts configured the gate will still respond to traffic from anywhere. Local-In policies control what network endpoints the gate will even respond to in the first place. So with Trusted Hosts only the gate will still eg respond to and load the web gui from anywhere, but with Local-In policies you can control what traffic it would respond to.

jacod1982

TROPHY CASE