Step-by-step guide to documenting your network

Network documentation isn't sexy, but it's a vital component of keeping your network safe and secure

Every network should have a customized manual of sorts with maps showing the network layout and written documentation on all the basic aspects of the network.

Although you or some other IT superhero might have a mental map of the network stored in your brain, having up-to-date written documentation is still vital. What happens if that IT superhero leaves all of a sudden? If you have adequate documentation, the learning curve for a new IT staff member will be much easier. The same applies to any IT contractors who might be called in to help with the network in the future.  

Network documentation can aid in other situations as well. A properly documented network should be able to help with disaster recovery. Any other IT professional should be able to come in and install and configure the same basic network from scratch using the documentation, for instance if the hardware becomes damaged or broken. The documentation can also help with security because during the auditing and documenting process, some security risks may become apparent.

Map out the network topology in a diagram

One of the most basic documents you should create is a diagram depicting the network topology. This is a simple graphic showing the interconnection of the main network infrastructure components, like modems, routers, firewalls, switches, servers, and wireless access points. This diagram should give an IT professional a quick visual picture of the network along with the basic details, such as the component name, IP address, and MAC address. And if you’d like to add more details, consider depicting static clients like printers/copiers and wired PCs.

There are many software programs to help build diagrams; the most popular being Microsoft Visio. But there are also free options as well, including Network Notepad, CADE, Dia, and Diagram Designer.

Document TCP/IP configuration

You should gather all the basic WAN and LAN configuration details. Perhaps begin with the Internet connection details:

  • ISP
  • ISP Support Phone
  • ISP Support Email
  • Bandwidth Up
  • Bandwidth Down
  • Modem Model
  • Modem Asset ID
  • Modem Firmware
  • Network
  • Gateway IP
  • Useable IPs
  • Broadcast IP
  • Subnet Mask
  • DNS1
  • DNS2
  • SMTP
  • POP3

Next work on gathering all the basic LAN details:

  • Router Name
  • Router Asset ID
  • Router Model
  • Router Firmware
  • Router Config Backup
  • Router IP
  • Subnet Mask
  • DNS1
  • DNS2
  • WINS

Next you should list all the subnets with associated details like their VLAN and QoS IDs and provide a summary of their designated use, like VoIP traffic or guest access.

You may want to list designated IP ranges within each of the subnets and provide a summary of their intended use. Plus consider listing DHCP pools and statically assigned IPs separately.

Document the details of infrastructure components

For all the main network components (such as the modem, router, firewalls, switches, controllers, wireless access points, servers, and UPSs) you should list the basic details such as:

  • Name
  • Asset ID
  • Primary functions
  • Physical location
  • Model
  • Serial number
  • Software version
  • Back configuration
  • IP address
  • MAC address
  • Login credentials
  • License details
  • Date of purchase
  • Place of purchase
  • Warranty info
  • Notes

When you’re connecting to these components to check the details it would be a great time to save a backup of the configuration if you haven’t already, and then specify the location of the backup file in the documentation.

Once you’ve listed the basic details, consider going further and listing the main settings/configuration for each component. For instance, for the wireless access points list the SSIDs, channels, and security settings.

Additionally, consider generating other specific lists like the configuration of the main network servers and services (DHCP, RADIUS, WINS, NAS, etc) and list any other mission-critical components in the network.

Evaluate network security

It’s also a good idea to evaluate and summarize the security status of all network aspects, which can be useful when accessing, troubleshooting, upgrading, and securing the network. Here’s a list of areas to get you started:

  • Firewall
  • LAN
  • WLAN
  • VPN
  • File servers/shares
  • Admin Passwords
  • User Passwords
  • Antivirus
  • Web Filtering
  • Antispam
  • Data encryption
  • Data backup

In addition to the traditional IT security aspects, think of the physical security of the network and devices as well. For instance, ensure the wiring closet and any components throughout the building (like wireless access points and even Ethernet ports) are secured from the public and even non-IT staff.

Label the wiring closet

Though it might seem really simple, you may want to physically label each component in the wiring closet with a name and details, like the IP address. And then record the order of which components are placed in the racks. This can make a non-IT person more comfortable if they ever have to be walked through, performing some sort of task over the phone. They can see the name of each piece of hardware and you can reference the written order of components as well.  

You may want to record the rack details as well, like the type, size, and note any cooling system and power.

Document client machines and devices

Once you’ve compiled the basic details for the network components, work on all the corporate-owned clients. In addition to PCs, laptops, and mobile devices, consider any other clients like network-based door locks, thermostats, cameras, and DVRs.

Here’s the type of information you may want to collect for each network client:

  • Name
  • Asset ID
  • Use/user
  • Physical location
  • Model
  • Serial number
  • Software version
  • Static IP address
  • MAC address
  • Login credentials
  • License details
  • Date of purchase
  • Place of purchase
  • Warranty info
  • Notes

To help discover the clients and devices on the network, consider using a port scanner. Once you gather the basics, perhaps go further. For instance, for end-user computers and devices, use auditing software to compile installed software titles, versions, licenses, missing patches, antivirus status, and backup status.

Label wiring outlets, runs, and ports

If you haven’t already, create and follow an identification scheme for your Ethernet, fiber and other wiring. This can help tremendously during future network troubleshooting, maintenance, and upgrades.

Assign and physically label every Ethernet wall-port and every other cable run to network components. Then identify to which port on the patch panel or switch each wall-port or component connects to. You could physically attach a label to each of the cables connecting to the switch and/or type up a written list of the port numbers and to which outlet or network component is connected.

Another great detail to document is the method or route in which the cables are run from the wiring closet to the wall-port or component. This can also be a huge help in the future when pulling or moving existing cables or when running new ones. Plus make note of the cabling specs and wiring type.

For new networks you install, consider also using a color coding scheme as well to help distinguish between certain types of cable runs. Maybe choose one color for wall-ports, another color for any switches throughout the building, and another for those connecting wireless access points.

Create a floor plan map

Though a network topology diagram is great, it doesn’t help visualize the physical locations of components. Thus consider creating a floor plan map showing where the infrastructure components are, including the wiring closet and others (like wireless access points) throughout the building. Also identify where Ethernet wall-ports are located.

Create or update policies and procedures

The documentation process is a great time to create or update your IT policies and procedures that apply to both IT staff and network users. Here are some policies and procedures to consider:

  • Updating network documentation for IT staff
  • Security and backup for IT staff
  • Security and backup for users
  • Internet usage, filtering, and monitoring
  • Guest network usage

Eric Geier is a freelance tech writer—keep up with his writings on Facebook or Twitter.  He’s also the founder of NoWiresSecurity, a cloud-based Wi-Fi security service, and On Spot Techs, a tech support company.

Copyright © 2014 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022