About
Read-only Model Context Protocol server for NetBox that enables LLMs to interact with NetBox data. The server is intentionally simple — easy to get started with, hard to misuse (read-only by default), and easy to fork and adapt.
Tools
| Tool | Description |
|---|---|
| get_objects | Retrieves NetBox core objects based on their type and filters |
| get_object_by_id | Gets detailed information about a specific NetBox object by its ID |
| get_changelogs | Retrieves change history records (audit trail) based on filters |
Note: Core NetBox object types are always available. Plugin object types can be auto-discovered when
ENABLE_PLUGIN_DISCOVERYis enabled.
Features
- Read-only access to NetBox data for safe LLM interaction
- Field filtering to optimize token usage (up to 90% reduction)
- Plugin discovery for auto-detecting NetBox plugin object types
- Multiple transport options (stdio for desktop clients, HTTP for web clients)
- Docker support with pre-built multi-arch images and cosign verification
Usage Examples
> Get all devices in the 'Equinix DC14' site
> Tell me about my IPAM utilization
> What Cisco devices are in my network?
> Who made changes to the NYC site in the last week?
> Show me all configuration changes to the core router in the last month
Field Filtering
Both netbox_get_objects() and netbox_get_object_by_id() support an optional fields parameter:
# Without fields: ~5000 tokens for 50 devices
devices = netbox_get_objects('devices', {'site': 'datacenter-1'})
# With fields: ~500 tokens (90% reduction)
devices = netbox_get_objects(
'devices',
{'site': 'datacenter-1'},
fields=['id', 'name', 'status', 'site']
)
Common field patterns:
- Devices:
['id', 'name', 'status', 'device_type', 'site', 'primary_ip4'] - IP Addresses:
['id', 'address', 'status', 'dns_name', 'description'] - Interfaces:
['id', 'name', 'type', 'enabled', 'device'] - Sites:
['id', 'name', 'status', 'region', 'description']
Plugin Discovery
Enable automatic discovery of NetBox plugin object types:
ENABLE_PLUGIN_DISCOVERY=true uv run netbox-mcp-server
Discovered plugin types use the app_label.model naming convention (e.g., netbox_dns.zone, netbox_inventory.asset) and work with all existing tools.
Docker Usage
Pre-built multi-arch images are available on Docker Hub:
docker pull netboxlabs/netbox-mcp-server:latest
# Run with HTTP transport
docker run --rm \
-e NETBOX_URL=https://netbox.example.com/ \
-e NETBOX_TOKEN=<your-api-token> \
-e TRANSPORT=http \
-e HOST=0.0.0.0 \
-e PORT=8000 \
-p 8000:8000 \
netboxlabs/netbox-mcp-server:latest
Images are signed with cosign and include SLSA build provenance for verification.
This server runs through your single 1Server connection. No extra config required.