A Simple Tool for Tracking Switch Ports?

jeremy cobert asks: "I work for a large school district in the Computer Networking department. We have several network closets at each school and each switch is set for different equipment on different VLAN's. Sometimes a Tech at a school will call in and need a printer plugged into a switch, and we are currently using maps drawn with PhotoShop to keep track of which ports are set for different equipment. I can look at a map and tell them to use a port that is already setup for printers. I am the only person who knows how to use Photoshop in our department and it is becoming way too time consuming every time someone switches a port. Here is an example of how we currently track our ports. Is there any program that we can use to make changes and diagrams in some similar fashion?"

We're doing this right now

[grub]

We're doing something similar at work so it's still fresh in my mind. First off: lose the Photoshop crud. Assuming your switches are managed or have at least some smarts in them I'd suggest using SNMP, $LANGUAGE and PHP to track your port information. Then any of your admins can access it via a webpage on your intranet. ($LANGUAGE can be anything but we like python and perl)

Consider replacing the hubs in your diagram with switches that have some smarts and SNMP. Not a crap LinkSys thing for $19 at BestBuy or whatever. A real, managed switch with a serial console port would be best IMHO.

Consider an "out of band" private network too. Something you can use to connect to another machine in the closets with a serial link to the switch console ports. That way if a switch/firewall/router stops talking you can remotely get to it via the console. We just received a bunch of old fibercopper media converters for this purpose (some of the runs are long)

You're there to manage the network, not just pretty up diagram in Photoshop, right?

Re:We're doing this right now

[karnal]

This is the best idea yet.

At my $place_of_employment, we use the Fluke Optiview console. What it does is it polls every port and every device on every port. Then you can either dig down a list of hosts, printers, servers, etc - or you can have it print out a network diagram (using MS Visio) or give you a switch port printout, which lists what is on each switch - down to the IP, computer name, MAC address, you name it.

It only works with Layer 2, though - so you need remote endpoints on each of your routable ... endpoints.

Don't ask me how much we paid - I'm sure it was expensive. However, it definitely took us less time than rolling our own. But, if your switch is managed, for documentation's sake - you can probably use the switch to find all this information out yourself!

Re:We're doing this right now

[grub]

We have the Fluke Optiview stuff too. I don't know if it came cheaper because we bought a Fluke LAN meter (~$12K at the time) as well. Handy piece of software.

Re:We're doing this right now

[Blkdeath]

What I'm failing to understand is why diagram the switches to this fine detail in the first place? At the last network I administered we had our MDF, four IDFs and each lab had x number of drops run. Connect a printer? Find an available port on the wall. Any VLAN segregation was done with colour-coded boots. If the computers in the lab are connected to blue and you connect a printer to red, well, you're going to have a problem printing.

10/100 switches are extremely inexpensive nowadays; even managed switches with VLAN support. Buy some extra switches, run extra drops per VLAN, label the drops at each end and describe textually (in your *DF) which drop connects to which port. De-activate unused ports if you must and activate them on demand.

Re:We're doing this right now

[Ropati]

grub has the right idea. SNMP, intelligent switches, perl and webpages, and if possible upgrade to out of band consoles. If you are going to diagram, and want to roll your own, look into SVG.

with SVG your perl scripts can also make basic diagrams. If you don't want to generate with SVG, try using Graphviz.

I've also had success using Visio 2000 and formatted text files to generate diagrams, but its very difficult to automate.

Whatever you are going to do, automate as much as possible. NetAdmins don't do Photoshop.

Re:We're doing this right now

[grub]

NetAdmins don't do Photoshop.

That should be in your sig. :)

Re:We're doing this right now

[chudgoo]

The switch pictured is a 3com 3300 which does have 'smarts' as you say. A lot of neat things are possible with SNMP....

Re:We're doing this right now

[jpostel]

I agree with your your statement, and in fact, this is the way I do it when given the chance.

To play devil's advocate, against both of us, I've been told on several occasions that the cost of rewiring space that has only one data drop per location was too high, and that I must find a solution with what I have. At that point, it was all about using a centralized SNMP management interface and managing the switch ports to be on certain VLANs and subnets.

Now if the original poster had said that they had no budget to wire up additional ports or buy managed switches, and they just wanted a better way to do what they already do, I would webify it. Make the port colors dynamic, enable authentication for access to the pages, and then just make sure enable logging of changes so you can track if a port was mistakenly changed.

I'm guessing that this will have to been done by someone other than the original poster since they are currently using Photoshop for it. I'm not really sure how to get this done with no budget other than to dig in and learn to do it.

Simple solution really

[Daxster]

Masking tape and a sharpie =)

Photoshop is the *wrong* tool

[Quarters]

Photoshop is way to expensive and complicated for what you are doing. Something like Visio would be much better for drawing out simple port graphs.

For that matter graph paper, a ruler, and a pen would work equally well.

Re:Photoshop is the *wrong* tool

[QuantumRiff]

Visio actually used to have a network mapping tool that would go out and scan your network for SNMP devices. It would then draw you a pretty diagram. I think it was after visio 2000 that they pulled this feature out, and made it an additional "add on" to purchase.

Re:Photoshop is the *wrong* tool

[alienw]

I second that. Visio works very well for network stuff. There are even libraries of network equipment pictures/diagrams that you can put in. Photoshop is a horrible tool for this.

Re:Photoshop is the *wrong* tool

[photon317]

Or if you want something free, you could try "dia" or "kivio".

Re:Photoshop is the *wrong* tool

MSPAINT.EXE

Job's a good 'un.

Re:Photoshop is the *wrong* tool

Or if you're going to insist on using an Adobe product, at least use Illustrator. Vector is way better than raster for something like this.

Re:Photoshop is the *wrong* tool

[Pii]

This is part of the "Visio Enterprise Edition."

hrm?

[sparkie]

Microsoft Visio? ... yea I said it MICROSOFT.

Re:hrm?

[smbarbour]

I agree. Visio is an excellent program for that type of thing. I've used a version before Microsoft bought them as well as Visio 2000. Both are excellent (I think the codebase was largely unchanged).
 
I've also used CADKey 97 to create that type of thing as well.

Re:hrm?

[cloudmaster]

If only there was a free alternative one could use on most any platform that matters. Why, those diagrams could be easily produced and updated without a great expenditure of time or effort.

Re:hrm?

[sparkie]

Sure, those dia grams (sorry I didn't think italics was enough to accentuate the fact that it's named dia.) could be easily produced, after of course installing linux with X, and gnome onto your pc, and or another PC... For those not using linux already. One could assume the questioner wasn't using linux because he was using photoshop which would lead one to believe he is running a microsoft based operating system.

But hey, this is slashdot linux == good, microsoft == evil right?

right?

Re:hrm?

[cloudmaster]

At the bottom of the downloads page, there's a "binaries" section, with a link to RPMs, Debian packages, Irix binaries, and a site with Windows Binaries. That's why I said that it runs on all platforms that matter. Never mind that it's entirely within the realm of the possible to get a rootless X server running on Win32 through Cygwin, or that I've run Photoshop under Wine for several years while many others use it on a Mac (I've also run Dia on OS X, yay Fink).

But hey, this is slashdot. Reading the post or looking at the links == bad, not realizing that lots of GTK programs work just fine on Windows (including Dia, Abiword, the Gimp, and Glade), many with nice little clicky installers == good.

And yes, Linux is good and Microsoft is evil. In general. :)

Spreadsheet?

[mivok]

Uhh.. why do you need diagrams? Just use a spreadsheet with the switch ID, port number and vlan. Much easier for others to use, and as far as I can see, you don't lose any ease of use/finding out which ports do what. Colour code the cells based on vlan number if the colours are important.

Re:Spreadsheet?

[austad]

I second the spreadsheet suggestion. I've never seen anyone use Photoshop, or even visio, for tracking what ports are set up for.

If your switches are manageable, you should be able to find, or write something that will pull all of the port settings for you.

Re:Spreadsheet?

Maybe I'm stupid. Why do you use some ports for some things and not others? Aren't all the switch ports on the same network?

Re:Spreadsheet?

[klui]

Why use a spreadsheet? Isn't text good enough anymore?

Re:Spreadsheet?

[Blakey+Rat]

It's a lot easier to sort a spreadsheet. "I need a printer port on the third floor closet in building D" Sort-> By Building, then By Floor -> Poof, there's your answer.

Re:Spreadsheet?

[T-Ranger]

Not if you want to sort by anything except the first field. Yes, grep, cut, col, sort can do it, but who doesnt have a spreadsheet?

Re:Spreadsheet?

[walt-sjc]

Then you have to deal with the "master" spreadsheet.

We use a wiki. Switch ports are in a table on the wiki. Click on the machine name in the port assignment and it goes to the wiki page for the machine. Back and forth links. And the IP address table, firewall translations, etc. All on the wiki. Apache config notes? On the wiki. Docs for new users? Policies? On the wiki. Why have 15 different documents?

Re:Spreadsheet?

[T-Ranger]

Sure, a wiki would be even better. But a spreadsheet is better then a text file.

Re:Spreadsheet?

Use a database. Spreadsheets aren't as flexible.

Re:Spreadsheet?

[klui]

Well, normally, I'd just use a search function. I hardly sort spreadsheets. Although sometimes we get massive ones and I use Excel's auto filter function. But still, searching is faster than even auto filter.

I don't have a spreadsheet installed on my home computer, just a spreadsheet reader. At work it's different.

Re:Spreadsheet?

[schon]

Aren't all the switch ports on the same network?

No. That's what VLAN does - a separate, virtual network using the same infrastructure.

One of the most basic (although not the coolest) functions of VLAN is to create two (or more) networks on the same switch - you can group ports on your switch so that the devices can't see or talk to each other (so if you want separate networks, there's no need to buy a separate switch for each one.)

Re:Spreadsheet?

[mysidia]

Why not use a SQL database?

select P.* from ports P, switches S where P.switch=S.switch and S.floor=3 and S.building='D' and P.portfor='printer' and P.used is NULL;

Then you have a possibility of eventually putting together a script or two to help automatically keep details up to date.

Re:Spreadsheet?

[Urgoll]

One of the most basic (although not the coolest) functions of VLAN is to create two (or more) networks on the same switch.

(Taking the bait...)

So, what's the coolest function of VLAN, other than creating two broadcast domains on the same switch?

Re:Spreadsheet?

[Darkinspiration]

The name of course..... and the fact that it runs at layer 2 and the fact that it can have it's separate MAC

Re:Spreadsheet?

[mjpaci]

That's fine and dandy -- thank you. However, my question is this, if you have isolated the two networks from each other, how would you route traffic between them? Would you need to dedicate a port on each VLAN to a port on a router?

Also, why would you want your printers on a separate VLAN? (Serious question) I understand why you would want servers on different networks than the client devices.

I'm sorry for being incoherent. I'm a little slow today.

Re:Spreadsheet?

[msoftsucks]

Heavy-duty printing (such as graphics etc.) is network intense. This traffic can have serious effects on normal workstations. In addition, if you are using something like a JetDirect to connect the printer to the network, these devices are continually doing broadcasts to all devices on their segment. This is one way the old JetAdmin software was able to find all HP printers connected on the network. If you have a lot of printers, this broadcast traffic can be significant. To see how much broadcast traffic there is, use a sniffer like Ethereal. Isolating printers on their own VLAN is a good way to keep the effects of the printer traffic from affecting users.

Re:Spreadsheet?

[mechsoph]

Or you just give all admins write access to the spreadsheet file. Hell, you should even be able to do that on NT with all their ACL's that don't ever seem to help. This does assume the presence of NFS or SMB or SSH.

Re:Spreadsheet?

>So, what's the coolest function of VLAN, other than creating two broadcast domains on the same switch?

Stopping infections from spreading throughout the network by being able to properly firewall each and every single machine on the network from talking to anything but the server it is intended to talk to (and through that perhaps a limited subset of the internet)?

Works well for fixing all the customer's virus infected PCs at my store, I must say.

Re:Spreadsheet?

[walt-sjc]

A spreadsheet doesn't give you the ability to link information across all docuents instantly. A wiki also available wherever you are, without needing VPN access or any special software. It does require your server to be up, but that's generally not an issue. IMHO, plain text is the worst, spreadsheet next worse. Visio is over rated (bloated, slow, and unstable.) It's also a tremendous amount of work to keep up if you try to keep ALL your info in it, and the benefit is questionable. It's fine for general diagraming though.

When I'm out at the colo, I don't have Office or Open office installed on my servers. I do generally have at least one machine that has a web browser however. When I make changes, I can update the wiki "right now" and not wait until I get back to the office (or deal with VPN / manually sshing a file around.)

I actually keep a local copy of the wiki on my laptop (doesn't EVERYONE run a webserver / database on their laptops?) and a cron syncs the db (one direction - laptop is for read-only offline reference use.) I suppose I could extend the wiki software and do two way sync with conflict resolution, but I have no need at this point.

Re:Spreadsheet?

[Pii]

You can either use a physical port for a seperate router, or you can employ Layer-3 switching, which has the routing functionality built into the switch.

If your router supports trunking on its ethernet ports, you can do what's called "routing on a stick," creating logical channels off the physical router port, so the router can have a presence in each VLAN, though it only occupies on physical switch port.

You definately need a Layer-3 device to support inter-Vlan traffic. That's the point of VLANs.

Re:Spreadsheet?

[Pii]

That's a terrible idea.

For starters, you want the printer to be as close to the users as possible. If your printers are in a different VLAN from the users, and the local switch isn't Layer-3 aware, you'll have to send all of the traffic from the local switch up to the distribution layer of the network (perhaps even higher, to where there is a Layer-3 device (a router)), so that it can be directed to the correct VLAN, and then sent back down the same trunk link back to the local switch.

You are saturating the bandwidth of the shared uplink from the access layer switch to the distribution layer switch, as all of that traffic hits that connection twice.

This may be unavoidable, as most enterprises utilize print servers, and this traffic hairpinning is going to occur regardless. For small enterprises, however, people should be using direct IP printing, and the printer should be a member of the same VLANs as the users that utilize them.

This is simply good practice. (Though bandwidth is so cheap, it will often mask any downside to poor design, so the point may very well be moot.)

Pardon my ignorance..

[LoRdTAW]

But isnt there an SNMP program for 3com switches that does this automatically? I am not a net admin but I worked as a tech in school before and I do remember when we got our massive campus network upgrade to new cisco equipment. The head IT guy was all giddy about how he can see every port and device on the entire campus network from some cisco management program he used.

Re:Pardon my ignorance..

[sharkey]

3Com Network Supervisor, IIRC. Free to download for up to 1000 devices or so.

Visio and Racktools

[Meest]

If you want a visual i might reccomend using M$ Viso and Racktools my Middle Atlantic.... usualy has nice diagrams of what model switches look like, etc. I've looked at a few and the pics looked decent.

Be warry though as I mostly use it to design racks for Pro-Audio Instalations. so it might not work that well. but for my needs its awsome.

Visio

[iamweezman]

At the shop that I work at we have over a thousand circuits that we have to keep track of. Visio not only allows us to keep track of all the equipment, circuit flow, extra data, etc via making simple circuit layout records, but it is also easy enough that only minimal training is needed for new users. As an added bonus images can be stored and used over and over again so no "drawing" is required.

Re:Visio

[sharkey]

If you download the reader, anyone with IE installed can view your diagrams in Visio format as well.

emacs

[tengu1sd]

Keep an ascii text file available on a central location.

This can be as complicated or simple as you like. Diagram with ascii art or just a list of components. I prefer this to Visio. I keep mine on an internal web server with network config backups. Internal read only to the right people and I keep documentation updated.

My manager loves pretty pictures, I'll update the many colors on slow days when I don't feel like working, but I can lay out an ascii network diagram in minutes. A Visio diagram can take days to complete for a large site. Both live on the same web server, but guess which diagrams I use for troubleshooting and change control.

Legend

[khundeck]

I think a simple spreadsheet like program would work well (I heard VisiCalc is pretty sweet.) But, on to the nitty, I think your legend should be listed in ascending-color order. So, the first item in your legend would be Lab 105 V64, then Printer V62, Workstation V60, and Phone(100H) V61. Also, the black items are confusing - consider colour coding them and adding them to the legend.

I really do think it's important to keep this type of documentation. So good on you for the initiative.

Kurt

Photoshop?!

[tedhiltonhead]

Wow, I've never heard of using Photoshop for network documentation. :) Excel would be an excellent tool for this. You could set up a worksheet (tab) for each switch. For a 48-port switch, use a 24x2 grid, so each cell is a physical port. You can even color-code the cells.

Kivio

[dcapel]

If your running KDE, or can get kdelibs/qtlibs/koffice to compile on whatever your running, kivio (a flowchart/mind mapping program part of Koffice) sounds like what your after.

It would be a simple change to keep track of all the switches and ports.

A Wiki?

[RevRagnarok]

We keep similar info in a simple HTML table in a Wiki ['trac' to be exact]

photoshop is nice.

[JVert]

Maybe you should try fireworks, the vector drawing in that seems like it should be easier then what you are using. But if you really want it done right get a camera and use windows movie maker where you can narriate the function of each switch.

I do what you do, just not with photoshop

[Anonymous+Crowhead]

I like to see how things are connected, what ports are in what blocks, what's wired to to what but my diagrams are simple boxes within boxes connected by lines with a simple ledgend. For what you are doing, you do not need to spend time drawing an exact replica of your 3com 3300 switches with color, the light display, the 3com label, etc. That's just a waste of time. I use open office for my diagrams. If you are using windows, ms paint should suffice.

Visio or Dia

[WoTG]

Others have mentioned proper diagramming software like Visio. For the free software/OSS type person, there is Dia (google it). It works reasonably well on both Linux and Windows. If only I could find a web based wiki-drawing tool...

Try this

[drsmithy]

I stumbled across this the other day while I was researching MRTG stuff. You may find it helpful.

NetDisco

[stevenbdjr]

You want something like NetDisco. It will go out and discover every switch on your network and can figure out how they're interconnected. You can then query ports for VLAN, speed, and duplex settings, among other things. Finally, you can toggle ports on and off. It can even produce graphs of your network layout using GraphViz. You'll need a *nix box, Perl, Apache, and Postgresql, as well as managed switches that support SNMP.

If all of this scares you, then go out and buy Visio, but all you'll get out of that is pretty pictures.

Re:NetDisco

[RabidMonkey]

Hear hear.

there are LOTS of network management tools out there. I realize HP Openview might be outside the budget of a school, but I've used it and it does exactly what you want. It will automatically colour code your ports to show you wants in use and whats not, which ports are having problems, etc.

There are a couple opensource replacements which I'm sure yo ucan find with google pretty easily.

If you've got good hardware (ie: something SNMP manageable) then you're set. If you're using home/small business hardware (ie: linksys, smc, etc) then you might not be able to use the management tools.

If you're stuck, feel free drop me a line. I've done a lot of the network management stuff before, in my past life as a network monkey and can help you out.

good luck!

Re:NetDisco

[wokka1]

NetDisco is definitely something to look at if you have manageable switches. We use it at CompUSA to manage over 2000 switches and routers and to keep track of all ip, mac, host, port, etc info.

Re:NetDisco

[Anonymous+Crowhead]

Speaking of Mason and mod_perl (requirements for netdisco)...can you run Mason with PerlFreshRestart turned on these days? I'd love to try it on some servers I am running but have been unable to get Mason to work with PerlFreshRestart turned on. It's been about 9 months since my last attempt.

Photoshop?

[Pig+Hogger]

Sometimes a Tech at a school will call in and need a printer plugged into a switch, and we are currently using maps drawn with PhotoShop to keep track of which ports are set for different equipment.

Photoshop for what is obviously a vector-graphic application? This is clearly an indication of your competence (or rather, lack of). No wonder that the Klutztown computer network administator decided to press criminal charges against their students, if all school IT department employees are just as incompetent as you are, it's no surprise at all!!!

roll your own?

[Ankh]

I once wrote a preprocessor for troff(1) that drew diagrams showing how to wire various types of serial cable.

Today I'd probably consider using GraphViz (open source graph renderer that takes a simple text description and figures out the best layout), perhaps with a simple database backend to let you update the information over the Web and draw a new picture automatically.

I'm assuming you got the images of the hardware from the manufacturer's Web site; you could use the same images in GraphViz, with a little work, but the result would be something that, once set up, could keep the pictures up-to-date automatically, suitable for printing out and sticking on the cabinet doors :-)

The hard part is getting everyone to keep the information up to date. Making sure the end of every cable is clearly labeled (e.g. with a wide cable tie, a luggage tag, or a sharpie pen used to write on the connector or the cable) can help a lot.

Liam

Re:roll your own?

[RGRistroph]

Speaking of graphviz, does anyone know of an example of how to use it to draw flowcharts in the traditional style ? I would like to automatically generate some flowcharts, but I need to figure out how to make the edges come out of the compass points of the nodes, and how to make "elbow edges" that come out and bend at 90 degrees.

If anyone has a link to an example or a patch or extension to graphviz for this I would appreciate it.

SVG or graphviz

[Just+Some+Guy]

Why not describe it in a text file, but formatted as an SVG or a graphviz input file? They're easy enough to read that anyone with Notepad or better can understand and update them, but trivially compile to pretty pictures that you can give to management or hang on the wall.

Standardize on something that works

I agree with others who've recommended modern, manageable switches. Preferably with Layer 3 functionality, you're already using VLAN, so why not standardize?
Standardization is your first move and most enterprise-class switches (if not all) have built-in web interfaces that show you exactly what port is doing what.
The best part is, these switches have the ability to create read-only user acounts to keep the mgmt centralized. At least others will at least be able to browse to the web config page and see wtf is going on.
Dell and Cisco swtiches have this ability. Dump the hubs. If you're dept is short on funding, get the IT mgr to campaign for more cash.
Anyway, this resolves the need for any sort of manually-updated Photoshop (I've NEVER used this app for anything other than photos) files or babysitting a spreadsheet.

MS Paint and Word

[duffbeer703]

Us MS Paint and Microsoft Word (or maybe Wordpad if Office is too expensive)

Its a shitty way to do stuff, but still better than using photoshop.

Eh? Copy, paste, print.

[Telastyn]

Why not simply print the VLAN display of your switch?

If you're using Cisco switches, just print the VLAN list [and comment the VLANs accordingly], and then the port list. Tape to racks as needed. It doesn't take a CCNA to match the number on the list to the number under the port.

Other brands should have similar cli admin mechanisms, which should allow for similar use.

Re:Eh? Copy, paste, print.

[MichaelMarch]

He's using 3Com switchs. And with Cisco, using "cisco works" does what he is looking for automatically.

if you're going to do documentation...

[Tesseract]

then I'd suggest starting a wiki. Personally, I like and use Dokuwiki and have set up several processes to pull this sort of information directly into a wiki page (Dokuwiki uses plain .txt files) and it works great.

Monitoring

Use nagios. It's a good networ mapping tool. http://www.nagios.org/

Spreadsheet software? Make a connection sheet!

Where I work we manage switches for all our clients, some sites have 2, some have 9+.

What we do is make a spreadsheet with the switch host, switch port, vlan, physical location, service thats being used on that port and so on.

You can add as much information as you like, or keep it simple, what makes it searchable is using AutoFilter option in MS Excel (Data->Filter->AutoFilter), this lets you select filter down on any part of the sheet and makes finding information simple.

Cheers.

Web UI

[Anm]

Here's what I'd do, if you could spare a web programmer for a couple days, assuming the data is already in a database somewhere. Even if it isn't, your need for writeability means the UI should be easy.

First, open your PSD in ImageReady (free with Photoshop) to divide the image in slices around the ports. Export the different port colors as rollover states. Also export the HTML as a template for your web programmer.

On the server side, the programmer need to make DB queries to figure out which port gets which color port image.

Once done, add soem simple javascript to change port colors on the fly.

Lastly, a button need to recompile the current state into web request to update the serverside data.

Now you data is also distributed and with some read vs. write authorization, can help others without a tech support call.

Anm

Re:Web UI

[Anm]

Bad use of the term distributed.

The data is centralized but easily accessible from remote locations.

Anm

graphviz

[ameoba]

You could probably do something with some flat text files, some scripts and Graphviz that would be at least as good as what you have coming out of Photoshop. ...that assumes you have no need to put boobies on your network diagrams.

Re:graphviz

[Sheridan]

...that assumes you have no need to put boobies on your network diagrams.

That's just crying out to be a .sig quote.

Oh, and you owe me a new keyboard!
--
I know what you're thinking, but I am not a nut-bag. -- Millroy the Magician

seconded, BUT

[RMH101]

...do NOT set this kind of autodiscovery stuff loose on a network that you don't admin, otherwise someone is going to come and ask you some pretty pointed questions right before they lay into you with a cat5-o-9-tails...

GOOD FIND!

[jpostel]

This is EXACTLY the type of program I was looking for a few months ago. I wanted to provide an interface to MRTG that showed images of the actual devices with interfaces. I'm going to add this one to my MRTG toolkit.

Dynamicaly assigned (VMPS, 802.1x)

[dago]

"VMPS (VLAN Management Policy Server) is a way of assigning switch ports to specific VLANs based on MAC address of connecting device."

So basically, once you have a db of all your network devices (hosts), you can configure a server to automatically assign the proper VLAN.
AFAIK, this is cisco proprietary, but an opensource server exists.

Another standard/open alternative would be to use 802.1x.

how about a good old fashioned text file?

[TreeHead]

it's searchable.
it's 100% cross-platform.
it's substantially smaller than an image.
it's editable by anyone.

why not a text file?

heck, even an ASCII art text file:

| IDF4-Switch3        Dell PowerEdge 3024 |
| 1  3  5  7  9  11 13 15 17 19 21 23  g1 |
| 2  4  6  8  10 12 14 16 18 20 22 24  g2 |

Port Assignments:
1 --> VLAN1
2 --> VLAN2
3 --> VLAN1 ...

...etcetera.  a simple sed/awk/grep search would tell you what switches were assigned to what VLANS or devices.

Why keep track in the first place

I also work for a school district with about ~1000 workstations. We don't label anything like this. To us, a port, is a port, is a port. You don't buy much by putting things on seperate vlans. If I plug a computer, phone, or printer into a port it works and the job is done nothing with nothing to put into a diagram. Vlans just ensure that printer traffic has to make it full circle, where as without the vlan it may just stay on the same switch, this is more secure and more efficient. I might be able to see a use for phones to be on a seperate vlan, but under those situations I would just put them on a seperate network altogether. So my suggestion would be to review your network, perhaps you don't need vlans and your diagraming time would be better spent labeling where the other end of the cable goes.

Color Blind

What about those that are color blind? Colored cables may not be the best solution.

Why are most folks suggesting yet another program? Someone still has to own the diagram in the new program. Utilize SNMP or the other management protocols to feed a web interface.

Oh, now I get it!

I was a bit bemused by the photoshopness of it all, but then I read several comments that pointed out how overblown these were (as they said, colored boxes shaped like stylized RJ45s, detailed pictures of non-functional (for this purpose) details of the hubs and switches)... and then a little bulb started glowing.

This is what cargo cult network management looks like. (If you don't have a clue, get yourself a copy of Dream Park or something and read instead of making a stupid, slashdotty remark.)

Now I'm having a hard time typing this for wanting to roll around the floor chortling madly.

Re:Don't forget

[g-san]

Don't forget ucd-snmp.