Posts on Network Haven

Cisco ignore startup configuration

Sat, 16 May 2026 12:00:00 +0200

The startup configuration can be bypassed by booting into ROMMON or during normal operation. In either case, a reboot is required.

This is particularly useful, for example, if you need to perform a password recovery because you have forgotten your password, or for troubleshooting purposes.

Configuration in IOS

Switch# configure terminal
! to activate
Switch(config)# system ignore startup-config

! to deactivate
Switch(config)# no system ignore startup-config

Configuration in ROMMON

In the background, the IOS command simply sets the ROMMON variable SWITCH_IGNORE_STARTUP_CONFIG to 1 or 0 which we can also do manually.

Fixing SCEP Certificate Enrollment over HTTPS on eLux Thin Clients

Wed, 13 May 2026 12:00:00 +0200

Currently we trying out eLux as an replacement of older thin clients with ThinOS or IgelOS. We tried to configure 802.1x authentication and the therefore needed certificate enrollment with our current SCEP/NDES server. We came across the issue that the scep client that eLux uses – sscep – an open source “Simple SCEP client for Unix” doesn’t support certificates requests over HTTPS.

When investigating the problem we found this GitHub issue which explains our problem. Our NDES server was only reachable over HTTPS – both on the administration page and most importantly also on the request web page (certsrv/mscep) where the client requests their certificates.

How to manually import WSUS updates in an air-gapped environment

Tue, 21 Apr 2026 23:10:03 +0200

Since 2023 you could not import updates manually to WSUS. Microsoft offers you a script to download the updates from the update catalog when you provide the UpdateID to the script. The script defaults to localhost if you dont provide the WSUS server. For example:

.\ImportUpdateToWSUS.ps1 -UpdateId 12345678-90ab-cdef-1234-567890abcdef

But this script has a big issue for air-gapped enviroments – it still relies on the microsoft update catalog to download and import it to the WSUS server. But in the background the script just uses the ImportUpdateFromCatalogSite() powershell function. If you look at the parameters, you can parse the UpdateID but also “an array of the local paths where any files required by the update can be found.”

Issue detecting domain network on domain controller when using NIC teaming

Fri, 10 Apr 2026 23:10:03 +0200

We had an issue where our domain controller lost its domain network profile after a reboot. When it came back up it was set to public instead of domain.

The problem occurred only when Windows NIC teaming (switch-independent) was used in combination with two network adapters in the team. As soon as one network adapter was disabled from the team (while the other remained active), the network profile (domain) was recognized correctly.

SNMP monitoring with Grafana, Prometheus and snmp_exporter

Sun, 22 Feb 2026 23:10:03 +0200

SNMP monitoring with grafana and prometheus can be done with the official snmp_exporter from prometheus.
Since I didn’t found any direct forward documentation, blog or any source of documentation in an ELI5 style how this will work, this is my try to document my findings and understanding on how this stuff works. To be honest I still don’t understand all stuff inside the generator configuration file but here is what I found out.

Proxmox automatic snapshots with cv4pve-autosnap

Wed, 11 Feb 2026 23:10:03 +0200

With cv4pve-autosnap, snapshots of VMs and CTs in Proxmox can be automated. Since restoring my VMs from backups can take several hours depending on their size, I wanted a solution for a potentially faster restore in case I broke something while playing around.

The application can be run remotely or locally on the Proxmox host. A user or, since PVE 6.2, an API token can be used to run the snapshots.

Hardening your Tailscale VPN for your homelab

Sun, 01 Feb 2026 23:10:03 +0200

Tailscale makes it easy to connect devices securely, but its default settings are designed for convenience rather than strict security. Without a few adjustments, every device in your Tailnet can talk to every other one which in my case I don’t wanted. So I looked into how to raise my security in using Tailscale for accessing my homelab and now share my findings and results.

General Security Advice

Because Tailscale relies on an external identity provider—such as Apple, Microsoft, or Google—it’s essential to secure that account properly.

Proxmox 2U Node Server Build

Sun, 18 Jan 2026 23:10:03 +0200

My requirements for a new server were quite simple. The computing power should be roughly equivalent to my current server (Minisforum HM90), but with faster hard drive storage. Since only two 2.5“ hard drives can be installed in the HM90 and ZFS eats up SSD space relatively quickly, I needed another solution with 3.5” hard drives. I recently purchased a server rack and still have space available, I put together a 2U Proxmox build.

MikroTik SFTP backup script

Sun, 04 Jan 2026 23:10:03 +0200

Automated backups for MikroTik devices can be accomplished by running a scheduled script. The following script can be run in the scheduler in order to automate the backups to an SFTP share. It was tested on a MiroTik hEX RB750Gr3 with RouterOS 7.20.1. Just make sure to adjust the first five variables to your needs. This script is based on another script I found on the forum – here. I adjusted the date settings in the filename since these weren’t working for me.

Configure OPNsense Bridge on a Sophos SG125 V2

Mon, 22 Dec 2025 23:10:03 +0200

I recently purchased two Sophos SG 125 V2s with OPNsense. These have several physical (Layer 3) interfaces, which I would like to combine into a bridge. This allows multiple interfaces to be treated like a switch (Layer 2) and assigned to the same network without having to configure each interface individually.

Sophos has a DMZ, a LAN, an HA, a WAN, and several normal Ethernet ports. I would like to set up the Ethernet ports together as a bridge.