Help to get a network map

Hi Masters

I'm assigned to draw a factory network map.
There is a core , distribution and access layers , the old administrator did not left any map or something to help.
Seen the approach of deadline I'm searching for a tool that can give the existing map or to let me do a network discovery by the end to have the MAP requested.

My unique tools are the Cisco commands like : sh cd neighbors / detail or sh int br

Thanks for understanding

Find more posts tagged with

Comments

sratakhin

That's all you need. I was looking for software that will draw the network topology, but the resulting maps were barely useful. Also, if you have devices that don't support CDP/LLDP, just use sh mac command. If there are multiple MAC addresses, there is a switch or hub attached. Check its MAC address and find out what brand it is.

Hondabuff

Try Angry IP scanner.

THE.ALFISTI

Thanks for your reply.
All the PARC is composed by cisco switches some 3750 and 2960 onces. But i'm astonsihed a switch is having 3 ip addresses.
I'm using Putty as tool to get the run config on the switches.

the command to know the stack switches please

sratakhin

Probably management IP addresses used on different VLANs.

THE.ALFISTI

Hi Sratakhin
i did not get you , if Vlans , yeah there are many ones.
Ok what is the best command to troubleshoot a switch i'm nearby dead with this mission

i used IP angry , i'm not so happy ; the best is scanning a scope of dhcp from Ad server.
by searching i've find solarwind ?
Have some one used it before ?

help is much appreciate

sratakhin

The best commands are CDP (for Cisco and some HPs) and LLDP (for other vendors). Then log in to the switches it found and repeat the process until you have the complete map.
Solarwinds is great for monitoring, but check out their pricing. They have a tool for mapping networks, but it produced a really weird map when I used it.

THE.ALFISTI

Please am i wrong by doing this ?
1- i log on into a switch
2- get the running config
3- launch command sh cdp neighbors
4- then sh intervlan command to see the vlans and their IP scope
are my steps correct or not ?
ok please is there a way that can help me to be more quick ?

azaghul

I had to do the same recently in 3 data centres: 6509 core switches, 3750 distribution/access switches, 29x0 management switches, 3xxx blade switches, nexus 5548 switches & extenders, F5 load balancers, ASA, Juniper.

Those steps are about the same as I followed;

show run
show cdp neighbours
show cdp neighbours detail
show vlan brief
show inventory

Angry IP and the like will work in some cases, but then it comes down to company security polices for network detection software.

show cdp neighbours (detail) will only get you so far (if it is enabled), as I unfortunately found out only an eyeball is fully effective (easier if all cables are labeled), just very tedious

show inventory works well for stacked switches, shows how many and what IOS

once complete, don't forget to add an interface description for all links.

THE.ALFISTI

Hi Azaghul

thks for the commands , i've 9 site to documents , it's not easy to do that.
also i found errors on switch names
in my office , SNMP is not enabled so i can not use tools like solarwind

is there any other tool that can help ?

azaghul

No tools I can think of that don't use SNMP.

Before getting too deep into the mapping, it pays in the long run to have a set of standards for all devices:

snmp
ntp
syslog
hostname
banners
interface descriptions
local passwords

These settings you can drop into each config as you go. Yep, its a chore, but in the long run it will make life much easier to monitor the network.

It also helps starting at the branch offices, smaller sites to get your processes down pat.

sratakhin

Local passwords... to much hassle to change them when needed. If you want to go as far as putting the interfaces' descriptions, set up a simple RADIUS server for authentication. Windows Server with IAS is pretty easy.

azaghul

sratakhin wrote: »

Local passwords... to much hassle to change them when needed. If you want to go as far as putting the interfaces' descriptions, set up a simple RADIUS server for authentication. Windows Server with IAS is pretty easy.

True, but you still need a fallback solution if all else fails. And if he has to login to every device, might as well get as much bang for buck in the way of standard config. Just my 2c...