A Simple Tool for Tracking Switch Ports?

jeremy cobert asks: "I work for a large school district in the Computer Networking department. We have several network closets at each school and each switch is set for different equipment on different VLAN's. Sometimes a Tech at a school will call in and need a printer plugged into a switch, and we are currently using maps drawn with PhotoShop to keep track of which ports are set for different equipment. I can look at a map and tell them to use a port that is already setup for printers. I am the only person who knows how to use Photoshop in our department and it is becoming way too time consuming every time someone switches a port. Here is an example of how we currently track our ports. Is there any program that we can use to make changes and diagrams in some similar fashion?"

We're doing this right now

[grub]

We're doing something similar at work so it's still fresh in my mind. First off: lose the Photoshop crud. Assuming your switches are managed or have at least some smarts in them I'd suggest using SNMP, $LANGUAGE and PHP to track your port information. Then any of your admins can access it via a webpage on your intranet. ($LANGUAGE can be anything but we like python and perl)

Consider replacing the hubs in your diagram with switches that have some smarts and SNMP. Not a crap LinkSys thing for $19 at BestBuy or whatever. A real, managed switch with a serial console port would be best IMHO.

Consider an "out of band" private network too. Something you can use to connect to another machine in the closets with a serial link to the switch console ports. That way if a switch/firewall/router stops talking you can remotely get to it via the console. We just received a bunch of old fibercopper media converters for this purpose (some of the runs are long)

You're there to manage the network, not just pretty up diagram in Photoshop, right?

Re:We're doing this right now

[karnal]

This is the best idea yet.

At my $place_of_employment, we use the Fluke Optiview console. What it does is it polls every port and every device on every port. Then you can either dig down a list of hosts, printers, servers, etc - or you can have it print out a network diagram (using MS Visio) or give you a switch port printout, which lists what is on each switch - down to the IP, computer name, MAC address, you name it.

It only works with Layer 2, though - so you need remote endpoints on each of your routabl

Re:We're doing this right now

[grub]

We have the Fluke Optiview stuff too. I don't know if it came cheaper because we bought a Fluke LAN meter (~$12K at the time) as well. Handy piece of software.

Re:We're doing this right now

[Blkdeath]

What I'm failing to understand is why diagram the switches to this fine detail in the first place? At the last network I administered we had our MDF, four IDFs and each lab had x number of drops run. Connect a printer? Find an available port on the wall. Any VLAN segregation was done with colour-coded boots. If the computers in the lab are connected to blue and you connect a printer to red, well, you're going to have a problem printing.

10/100 switches are extremely inexpensive nowadays; even managed switches with VLAN support. Buy some extra switches, run extra drops per VLAN, label the drops at each end and describe textually (in your *DF) which drop connects to which port. De-activate unused ports if you must and activate them on demand.

Re:We're doing this right now

[jpostel]

I agree with your your statement, and in fact, this is the way I do it when given the chance.

To play devil's advocate, against both of us, I've been told on several occasions that the cost of rewiring space that has only one data drop per location was too high, and that I must find a solution with what I have. At that point, it was all about using a centralized SNMP management interface and managing the switch ports to be on certain VLANs and subnets.

Now if the original poster had said that they had no budg

Re:We're doing this right now

[Ropati]

grub has the right idea. SNMP, intelligent switches, perl and webpages, and if possible upgrade to out of band consoles. If you are going to diagram, and want to roll your own, look into SVG.

with SVG your perl scripts can also make basic diagrams. If you don't want to generate with SVG, try using Graphviz.

I've also had success using Visio 2000 and formatted text files to generate diagrams, but its very difficult to automate.

Whatever you are going to do, automate as much as possible. NetAdmins don't do P

Re:We're doing this right now

[grub]

NetAdmins don't do Photoshop.

That should be in your sig. :)

Re:Don't forget

[g-san]

Don't forget ucd-snmp [net-snmp.org].

Re:We're doing this right now

[chudgoo]

The switch pictured is a 3com 3300 which does have 'smarts' as you say. A lot of neat things are possible with SNMP....

Simple solution really

[Daxster]

Masking tape and a sharpie =)

Photoshop is the *wrong* tool

[Quarters]

Photoshop is way to expensive and complicated for what you are doing. Something like Visio would be much better for drawing out simple port graphs.

For that matter graph paper, a ruler, and a pen would work equally well.

Re:Photoshop is the *wrong* tool

[QuantumRiff]

Visio actually used to have a network mapping tool that would go out and scan your network for SNMP devices. It would then draw you a pretty diagram. I think it was after visio 2000 that they pulled this feature out, and made it an additional "add on" to purchase.

Re:Photoshop is the *wrong* tool

[Pii]

This is part of the "Visio Enterprise Edition."

Re:Photoshop is the *wrong* tool

[alienw]

I second that. Visio works very well for network stuff. There are even libraries of network equipment pictures/diagrams that you can put in. Photoshop is a horrible tool for this.

Re:Photoshop is the *wrong* tool

[photon317]

Or if you want something free, you could try "dia" or "kivio".

hrm?

[sparkie]

Microsoft Visio? ... yea I said it MICROSOFT.

Re:hrm?

[smbarbour]

I agree. Visio is an excellent program for that type of thing. I've used a version before Microsoft bought them as well as Visio 2000. Both are excellent (I think the codebase was largely unchanged).
 
I've also used CADKey 97 to create that type of thing as well.

Re:hrm?

[cloudmaster]

If only there was a free alternative [gnome.org] one could use on most any platform that matters. Why, those diagrams could be easily produced and updated without a great expenditure of time or effort.

Re:hrm?

[sparkie]

Sure, those dia grams (sorry I didn't think italics was enough to accentuate the fact that it's named dia.) could be easily produced, after of course installing linux with X, and gnome onto your pc, and or another PC... For those not using linux already. One could assume the questioner wasn't using linux because he was using photoshop which would lead one to believe he is running a microsoft based operating system.

But hey, this is slashdot linux == good, microsoft == evil right?

right?

Re:hrm?

[cloudmaster]

At the bottom of the downloads page, there's a "binaries" section, with a link to RPMs, Debian packages, Irix binaries, and a site with Windows Binaries. That's why I said that it runs on all platforms that matter. Never mind that it's entirely within the realm of the possible to get a rootless X server running on Win32 through Cygwin, or that I've run Photoshop under Wine for several years while many others use it on a Mac (I've also run Dia on OS X, yay Fink).

But hey, this is slashdot. Reading the post

Spreadsheet?

[mivok]

Uhh.. why do you need diagrams? Just use a spreadsheet with the switch ID, port number and vlan. Much easier for others to use, and as far as I can see, you don't lose any ease of use/finding out which ports do what. Colour code the cells based on vlan number if the colours are important.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Spreadsheet?

[schon]

Aren't all the switch ports on the same network?

No. That's what VLAN does - a separate, virtual network using the same infrastructure.

One of the most basic (although not the coolest) functions of VLAN is to create two (or more) networks on the same switch - you can group ports on your switch so that the devices can't see or talk to each other (so if you want separate networks, there's no need to buy a separate switch for each one.)

Re:Spreadsheet?

[Urgoll]

One of the most basic (although not the coolest) functions of VLAN is to create two (or more) networks on the same switch.

(Taking the bait...)

So, what's the coolest function of VLAN, other than creating two broadcast domains on the same switch?

Re:Spreadsheet?

[Darkinspiration]

The name of course..... and the fact that it runs at layer 2 and the fact that it can have it's separate MAC

Re:Spreadsheet?

[mjpaci]

That's fine and dandy -- thank you. However, my question is this, if you have isolated the two networks from each other, how would you route traffic between them? Would you need to dedicate a port on each VLAN to a port on a router?

Also, why would you want your printers on a separate VLAN? (Serious question) I understand why you would want servers on different networks than the client devices.

I'm sorry for being incoherent. I'm a little slow today.

Re:Spreadsheet?

[msoftsucks]

Heavy-duty printing (such as graphics etc.) is network intense. This traffic can have serious effects on normal workstations. In addition, if you are using something like a JetDirect to connect the printer to the network, these devices are continually doing broadcasts to all devices on their segment. This is one way the old JetAdmin software was able to find all HP printers connected on the network. If you have a lot of printers, this broadcast traffic can be significant. To see how much broadcast traffic t

Re:Spreadsheet?

[Pii]

That's a terrible idea.

For starters, you want the printer to be as close to the users as possible. If your printers are in a different VLAN from the users, and the local switch isn't Layer-3 aware, you'll have to send all of the traffic from the local switch up to the distribution layer of the network (perhaps even higher, to where there is a Layer-3 device (a router)), so that it can be directed to the correct VLAN, and then sent back down the same trunk link back to the local switch.

You are saturatin

Re:Spreadsheet?

[Pii]

You can either use a physical port for a seperate router, or you can employ Layer-3 switching, which has the routing functionality built into the switch.

If your router supports trunking on its ethernet ports, you can do what's called "routing on a stick," creating logical channels off the physical router port, so the router can have a presence in each VLAN, though it only occupies on physical switch port.

You definately need a Layer-3 device to support inter-Vlan traffic. That's the point of VLANs.

Re:Spreadsheet?

[klui]

Why use a spreadsheet? Isn't text good enough anymore?

Re:Spreadsheet?

[Blakey Rat]

It's a lot easier to sort a spreadsheet. "I need a printer port on the third floor closet in building D" Sort-> By Building, then By Floor -> Poof, there's your answer.

Re:Spreadsheet?

[klui]

Well, normally, I'd just use a search function. I hardly sort spreadsheets. Although sometimes we get massive ones and I use Excel's auto filter function. But still, searching is faster than even auto filter.

I don't have a spreadsheet installed on my home computer, just a spreadsheet reader. At work it's different.

Re:Spreadsheet?

[T-Ranger]

Not if you want to sort by anything except the first field. Yes, grep, cut, col, sort can do it, but who doesnt have a spreadsheet?

Re:Spreadsheet?

[walt-sjc]

Then you have to deal with the "master" spreadsheet.

We use a wiki. Switch ports are in a table on the wiki. Click on the machine name in the port assignment and it goes to the wiki page for the machine. Back and forth links. And the IP address table, firewall translations, etc. All on the wiki. Apache config notes? On the wiki. Docs for new users? Policies? On the wiki. Why have 15 different documents?

Re:Spreadsheet?

[T-Ranger]

Sure, a wiki would be even better. But a spreadsheet is better then a text file.

Re:Spreadsheet?

[mechsoph]

Or you just give all admins write access to the spreadsheet file. Hell, you should even be able to do that on NT with all their ACL's that don't ever seem to help. This does assume the presence of NFS or SMB or SSH.

Re:Spreadsheet?

[walt-sjc]

A spreadsheet doesn't give you the ability to link information across all docuents instantly. A wiki also available wherever you are, without needing VPN access or any special software. It does require your server to be up, but that's generally not an issue. IMHO, plain text is the worst, spreadsheet next worse. Visio is over rated (bloated, slow, and unstable.) It's also a tremendous amount of work to keep up if you try to keep ALL your info in it, and the benefit is questionable. It's fine for general dia

Pardon my ignorance..

[LoRdTAW]

But isnt there an SNMP program for 3com switches that does this automatically? I am not a net admin but I worked as a tech in school before and I do remember when we got our massive campus network upgrade to new cisco equipment. The head IT guy was all giddy about how he can see every port and device on the entire campus network from some cisco management program he used.

Re:Pardon my ignorance..

[sharkey]

3Com Network Supervisor, IIRC. Free to download for up to 1000 devices or so.

Visio and Racktools

[Meest]

If you want a visual i might reccomend using M$ Viso and Racktools my Middle Atlantic.... usualy has nice diagrams of what model switches look like, etc. I've looked at a few and the pics looked decent.

Be warry though as I mostly use it to design racks for Pro-Audio Instalations. so it might not work that well. but for my needs its awsome.

Visio

[iamweezman]

At the shop that I work at we have over a thousand circuits that we have to keep track of. Visio not only allows us to keep track of all the equipment, circuit flow, extra data, etc via making simple circuit layout records, but it is also easy enough that only minimal training is needed for new users. As an added bonus images can be stored and used over and over again so no "drawing" is required.

Re:Visio

[sharkey]

If you download the reader, anyone with IE installed can view your diagrams in Visio format as well.

emacs

[tengu1sd]

Keep an ascii text file available on a central location.

This can be as complicated or simple as you like. Diagram with ascii art or just a list of components. I prefer this to Visio. I keep mine on an internal web server with network config backups. Internal read only to the right people and I keep documentation updated.

My manager loves pretty pictures, I'll update the many colors on slow days when I don't feel like working, but I can lay out an ascii network diagram in minutes. A Visio diagram can

Legend

[khundeck]

I think a simple spreadsheet like program would work well (I heard VisiCalc is pretty sweet.) But, on to the nitty, I think your legend should be listed in ascending-color order. So, the first item in your legend would be Lab 105 V64, then Printer V62, Workstation V60, and Phone(100H) V61. Also, the black items are confusing - consider colour coding them and adding them to the legend.

I really do think it's important to keep this type of documentation. So good on you for the initiative.

Kurt

Photoshop?!

[tedhiltonhead]

Wow, I've never heard of using Photoshop for network documentation. :) Excel would be an excellent tool for this. You could set up a worksheet (tab) for each switch. For a 48-port switch, use a 24x2 grid, so each cell is a physical port. You can even color-code the cells.

A Wiki?

[RevRagnarok]

We keep similar info in a simple HTML table in a Wiki ['trac' to be exact]

photoshop is nice.

[JVert]

Maybe you should try fireworks, the vector drawing in that seems like it should be easier then what you are using. But if you really want it done right get a camera and use windows movie maker where you can narriate the function of each switch.

I do what you do, just not with photoshop

[Anonymous Crowhead]

I like to see how things are connected, what ports are in what blocks, what's wired to to what but my diagrams are simple boxes within boxes connected by lines with a simple ledgend. For what you are doing, you do not need to spend time drawing an exact replica of your 3com 3300 switches with color, the light display, the 3com label, etc. That's just a waste of time. I use open office for my diagrams. If you are using windows, ms paint should suffice.

Visio or Dia

[WoTG]

Others have mentioned proper diagramming software like Visio. For the free software/OSS type person, there is Dia (google it). It works reasonably well on both Linux and Windows. If only I could find a web based wiki-drawing tool...

Try this

[drsmithy]

I stumbled across this [wizardsworks.org] the other day while I was researching MRTG stuff. You may find it helpful.

GOOD FIND!

[jpostel]

This is EXACTLY the type of program I was looking for a few months ago. I wanted to provide an interface to MRTG that showed images of the actual devices with interfaces. I'm going to add this one to my MRTG toolkit.

NetDisco

[stevenbdjr]

You want something like NetDisco [netdisco.org]. It will go out and discover every switch on your network and can figure out how they're interconnected. You can then query ports for VLAN, speed, and duplex settings, among other things. Finally, you can toggle ports on and off. It can even produce graphs of your network layout using GraphViz. You'll need a *nix box, Perl, Apache, and Postgresql, as well as managed switches that support SNMP.

If all of this scares you, then go out and buy Visio, but all you'll get out of that is pretty pictures.

Re:NetDisco

[RabidMonkey]

Hear hear.

there are LOTS of network management tools out there. I realize HP Openview might be outside the budget of a school, but I've used it and it does exactly what you want. It will automatically colour code your ports to show you wants in use and whats not, which ports are having problems, etc.

There are a couple opensource replacements which I'm sure yo ucan find with google pretty easily.

If you've got good hardware (ie: something SNMP manageable) then you're set. If you're using home/small busines

Re:NetDisco

[wokka1]

NetDisco is definitely something to look at if you have manageable switches. We use it at CompUSA to manage over 2000 switches and routers and to keep track of all ip, mac, host, port, etc info.

Re:NetDisco

[Anonymous Crowhead]

Speaking of Mason and mod_perl (requirements for netdisco)...can you run Mason with PerlFreshRestart turned on these days? I'd love to try it on some servers I am running but have been unable to get Mason to work with PerlFreshRestart turned on. It's been about 9 months since my last attempt.

seconded, BUT

[RMH101]

...do NOT set this kind of autodiscovery stuff loose on a network that you don't admin, otherwise someone is going to come and ask you some pretty pointed questions right before they lay into you with a cat5-o-9-tails...

roll your own?

[Ankh]

I once wrote a preprocessor for troff(1) that drew diagrams showing how to wire various types of serial cable.

Today I'd probably consider using GraphViz (open source graph renderer that takes a simple text description and figures out the best layout), perhaps with a simple database backend to let you update the information over the Web and draw a new picture automatically.

I'm assuming you got the images of the hardware from the manufacturer's Web site; you could use the same images in GraphViz, with a littl

Re:roll your own?

[RGRistroph]

Speaking of graphviz, does anyone know of an example of how to use it to draw flowcharts in the traditional style ? I would like to automatically generate some flowcharts, but I need to figure out how to make the edges come out of the compass points of the nodes, and how to make "elbow edges" that come out and bend at 90 degrees.

If anyone has a link to an example or a patch or extension to graphviz for this I would appreciate it.

SVG or graphviz

[Just Some Guy]

Why not describe it in a text file, but formatted as an SVG or a graphviz input file? They're easy enough to read that anyone with Notepad or better can understand and update them, but trivially compile to pretty pictures that you can give to management or hang on the wall.

MS Paint and Word

[duffbeer703]

Us MS Paint and Microsoft Word (or maybe Wordpad if Office is too expensive)

Its a shitty way to do stuff, but still better than using photoshop.

Eh? Copy, paste, print.

[Telastyn]

Why not simply print the VLAN display of your switch?

If you're using Cisco switches, just print the VLAN list [and comment the VLANs accordingly], and then the port list. Tape to racks as needed. It doesn't take a CCNA to match the number on the list to the number under the port.

Other brands should have similar cli admin mechanisms, which should allow for similar use.

Re:Eh? Copy, paste, print.

[MichaelMarch]

He's using 3Com switchs. And with Cisco, using "cisco works" does what he is looking for automatically.

if you're going to do documentation...

[Tesseract]

then I'd suggest starting a wiki. Personally, I like and use Dokuwiki and have set up several processes to pull this sort of information directly into a wiki page (Dokuwiki uses plain .txt files) and it works great.

Web UI

[Anm]

Here's what I'd do, if you could spare a web programmer for a couple days, assuming the data is already in a database somewhere. Even if it isn't, your need for writeability means the UI should be easy.

First, open your PSD in ImageReady (free with Photoshop) to divide the image in slices around the ports. Export the different port colors as rollover states. Also export the HTML as a template for your web programmer.

On the server side, the programmer need to make DB queries to figure out which port gets w

Re:Web UI

[Anm]

Bad use of the term distributed.

The data is centralized but easily accessible from remote locations.

Anm

graphviz

[ameoba]

You could probably do something with some flat text files, some scripts and Graphviz [graphviz.org] that would be at least as good as what you have coming out of Photoshop. ...that assumes you have no need to put boobies on your network diagrams.

Re:graphviz

[Sheridan]

...that assumes you have no need to put boobies on your network diagrams.

That's just crying out to be a .sig quote.

Oh, and you owe me a new keyboard!
--
I know what you're thinking, but I am not a nut-bag. -- Millroy the Magician

Dynamicaly assigned (VMPS, 802.1x)

[dago]

"VMPS (VLAN Management Policy Server) is a way of assigning switch ports to specific VLANs based on MAC address of connecting device."

So basically, once you have a db of all your network devices (hosts), you can configure a server to automatically assign the proper VLAN.
AFAIK, this is cisco proprietary, but an opensource server exists.

Another standard/open alternative would be to use 802.1x.

how about a good old fashioned text file?

[TreeHead]

it's searchable.
it's 100% cross-platform.
it's substantially smaller than an image.
it's editable by anyone.

why not a text file?

heck, even an ASCII art text file:

| IDF4-Switch3 Dell PowerEdge 3024 |
| 1 3 5 7 9 11 13 15 17 19 21 23 g1 |
| 2 4 6 8 10 12 14 16 18 20 22 24 g2 |

Port Assignments:
1 --> VLAN1
2 --> VLAN2
3 --> VLAN1 ...

...etcetera. a simple sed/awk/grep search would tell you what switches were ass