[c-nsp] Network Topology Mapping

Mike Louis MLouis at nwnit.com
Mon Oct 29 13:49:03 EDT 2007

This is a SLOW and TEDIOUS process but well worth it in the end. Lots of our customers request network assessments and we carry them out the manner explained in this email. I will also use show ip eigrp ne/show ip ospf ne/ or other vendor commands to discover devices off various ports. I also review configurations for port descriptions and try to verify those with the real world setup. Usually provides a good starting point for the assessment. The best thing about all this is that you end up finding tons of stuff that is either configured incorrectly or is not doing anything at all. This gives you a chance to get a feel for how the network was intended to be used, how it was managed in the past (clean configurations are a good sign of a well managed network is their are accurately configured). I often find that certain networks have a sort of "personality" about the way that they have been configured. That gives me a good idea of how close i need to look based on the amount of time i have to complete the discovery process. But the bottom line is that you have to get as much information as you can from the devices themselves through cdp/lldp/neighbor/arp/cam tables and then start drawing. Asking for help from anyone on the staff responsible for certain setups (firewalls for example) is also a great help. There is really no way to avoid lots of tough work on a network discovery but it does certainly pay huge dividends in the end. I routinely find issues in customer networks that they didn't even realize that they had and had chocked them up to "Ghosts in the Machine". After identifying them with a proper discovery and mapping it out in Visio, i can easily explain my solution to them and get things corrected.

Just my two cents. I agree with the manual method for sure


From: cisco-nsp-bounces at puck.nether.net [cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin Shore [justin at justinshore.com]
Sent: Monday, October 29, 2007 12:32 PM
To: Roger Oliver
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Network Topology Mapping

Roger Oliver wrote:
> Maybe not the best way but it has worked for me in the past.
> Enable CDP on all your network devices (Just for a little whlie).
> Now logon to each record the "CDP neighbor detail" output
> Pick a router/switch say "core-1"
> How many CDP neighbors?
> Which ports are they connected to?
> Draw these connections on paper this is just a rough draft so a big box with lines and labels is fine.
> Once you've done that pick one of these neighbors and see what they see and so on.
> There are I am sure tones of better ways to do this. But when I go somewhere to consult and they don't have clear documentation this is how I get started.

This is exactly how I do it too.  I also verify everything visually.  On
my grand flowchart I also label interfaces and then go back to Visio and
start drawing it.  It's a slow tedious process but that's the only true
way to determine the complete network topology.  I've often non-CDP
enabled devices on the network that complicate a CDP discovery.
Detailing exactly what connects to where visually is the only safe bet.

I've also used LAN Surveyor for a quick sanity check for before and
after maintenance windows to make sure that we didn't accidentally lose
a large portion of a network in the process.

I'd recommend a manual check over an automated check any day of the week.


cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure.  If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited.  If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately.

More information about the cisco-nsp mailing list