diff --git a/roles/access/handlers/main.yml b/roles/access/handlers/main.yml
index c905952..af48a6f 100644
--- a/roles/access/handlers/main.yml
+++ b/roles/access/handlers/main.yml
@@ -1,6 +1,10 @@
 - name: write config
   ansible.netcommon.cli_command:
     command: "copy running-config startup-config"
-    prompt: "Destination filename startup-config\\? \\[y/n\\]: "
-    answer: "y"
+    prompt:
+      - "Destination filename startup-config\\? \\[y/n\\]: " # d-link
+      - "Do you want to overwrite \\[/data/config.text\\]\\? \\[Y/N\\]:" # fs
+    answer:
+      - "y"
+      - "y"
   when: "'handler' not in ansible_skip_tags"
diff --git a/roles/access/tasks/main.yml b/roles/access/tasks/main.yml
index 565958e..208435b 100644
--- a/roles/access/tasks/main.yml
+++ b/roles/access/tasks/main.yml
@@ -1,7 +1,17 @@
+# This should be provided by the netbox inventory plugin but isn’t yet.
+# https://github.com/netbox-community/ansible_modules/issues/1007
+- name: Fetch configuration from netbox
+  uri:
+    url: '{{ interfaces[0].device.url }}render-config/' # why URL can only be accessed through interface data is a mystery
+    method: POST
+    headers:
+      Authorization: 'Token {{ lookup("env", "NETBOX_API_TOKEN") }}'
+  register: config
+
 - name: Set configuration
   ansible.netcommon.cli_config:
-    config: "{{ lookup('template', 'config.j2') }}"
+    config: '{{ config.json.content }}'
   register: result
   # These lines are not displayed by 'sho ru' and always reported as different, so ignore them.
-  changed_when: result.commands | reject('match', '^(no shutdown|no switchport access vlan|switchport mode hybrid|interface .*)$')
+  changed_when: result.commands | reject('match', '^(no shutdown|no switchport access vlan|switchport mode access|switchport mode hybrid|interface .*)$')
   notify: write config
diff --git a/roles/access/templates/config.j2 b/roles/access/templates/config.j2
deleted file mode 100644
index e828e3a..0000000
--- a/roles/access/templates/config.j2
+++ /dev/null
@@ -1,68 +0,0 @@
-terminal length default 0
-!
-line console
-!
-line telnet
-!
-line ssh
-!
-port-channel load-balance src-dst-ip
-!
-ip ssh server
-ssh user admin authentication-method publickey /c:/ansible.pub
-!
-vlan {{ vlans | map(attribute='vid') | vlan_parser | join(',') }}
-!
-{% for iface in interfaces | selectattr('enabled') | selectattr('lag') %}
-interface {{ iface.name }}
- channel-group 1 mode active
-!
-{% endfor %}
-{% set mgmt = namespace(ip=false, gw=false) %}
-{% for iface in interfaces | rejectattr('lag') %}
-interface {{ iface.name }}
-{% if iface.enabled and iface.mode %}
-{% if iface.type.value != 'lag' %}
- no shutdown
-{% endif %}
-{% if iface.mgmt_only and iface.ip_addresses %}
-{% set mgmt.ip = iface.ip_addresses[0].address %}
-{% if iface.custom_fields.gateway %}
-{% set mgmt.gw = iface.custom_fields.gateway.address %}
-{% endif %}
-{% endif %}
-{% if iface.mode.value == 'access' %}
- switchport mode access
-{% if iface.untagged_vlan and iface.untagged_vlan.vid != 1 %}
- switchport access vlan {{ iface.untagged_vlan.vid }}
-{% else %}
- no switchport access vlan
-{% endif %}
-{% elif iface.mode.value == 'tagged' %}
- switchport mode trunk
- switchport trunk allowed vlan {{ (iface.tagged_vlans or vlans) | map(attribute='vid') | vlan_parser | join(',') }}
-{% endif %}
-{% else %}
- shutdown
-{% endif %}
-!
-{% endfor %}
-{% if mgmt.ip %}
-interface Vlan1
- ip address {{ mgmt.ip | ipaddr('address') }} {{ mgmt.ip | ipaddr('netmask') }}
-{% endif %}
-!
-sntp enable
-{% for address in ntp %}
-sntp server {{ address }}
-{% endfor %}
-!
-ntp access-group default nomodify noquery
-!
-{% if mgmt.gw %}
-ip route 0.0.0.0 0.0.0.0 {{ mgmt.gw | ipaddr('address') }} primary
-{% endif %}
-!
-no ddp
-!
-end