Local Area Network Design Documentation
Today, I will provide you insight on how to do the network documentation specific to Local Area networks. When you preparing design documents it is very important you cover every aspect of network and in very professional way of writting, you need to divide your LLD document into below base points-
1 Introduction
2 Network Overview
2.1 Network Diagram
2.1 Network Diagram
2.2 Network Devices
2.3 VLANs and Subnets
3 Network Details
3.1 Port usage per switch
3.2 Network State and Recommendations
4 Recommendations
2.3 VLANs and Subnets
3 Network Details
3.1 Port usage per switch
3.2 Network State and Recommendations
4 Recommendations
Now I will provide you my sample LLD design document from one of my recent site deployments, you can follow the same suit of options for your design document too.
1 Introduction
The purpose of this document is to describe the current LAN network at the Sunninghill location. The description is based on the output of the commands show tech-support and show cdp neighbors on the Cisco devices on site. The document does not include information about the edge routers, firewalls and other edge devices since access to these is not available. Any information about edge devices is gleaned from data that is found within the devices where access was granted.
It is important to note that the documentation of the network is not only based on configuration and information from protocols such as CDP, but also from descriptions of interface links that have been inputted by administrators of the network. This is especially the case for links that are currently down and the devices to which they link cannot be verified. If these descriptions are erroneous, this must be confirmed with a physical inspection.
2 Network Overview
2.1 Network Diagram
The following is a diagram of the network based on the configurations of the devices available. The devices whose CLI was not accessible are marked with orange.
- The core of the network is composed of two core switches which are currently functioning as a single Virtual Switching System (VSS).
- These two core switches are connected to each of the access switches on the left via EtherChannel with port channels composed of two TenGigabitEthernet interfaces each.
- These connections use fibre optic cables.
- The Basement, Ground, 2nd floor and Basement WAN switches are composed of two 48 port switches that are stacked.
- The Core switches in turn are connected to the Basement WAN Switch which is composed of two stacked 48 port switches. This connection is also an EtherChannel connection with a port channel composed of two TenGigabitEthernet interfaces.
- The Basement WAN switches are in turn connected to the edge devices which include a
- Voice Gateway that provides connectivity to the PSTN.
- The voice gateway is connected to the PSTN via two E1 PRI circuits.
- It is not known how the remaining edge devices connect to the Internet.
2.2 Network Devices
2.3 VLANs and Subnets
2.3.1 Core Switch
3 Network Details
The following sections describe several aspects of the network’s configuration.
3.1 Port usage per switch
3.1.1 Core Switch
Comments:-
Four links are down, each one is one member of a port channel group (Te1/5/4, Te1/5/8, Te2/5/6 and Te2/5/11). This results in the availability of half of the total bandwidth and also cancels out any redundancy that the Etherchannel connection provides.
The two links to the Blade servers are on the same physical switch. It is good practice to move one of the links to the other physical switch, say Te1/5/9.
3.2 Network State and Recommendations
Currently, the network links that are down are those shown by dotted lines in the following
diagram:
3.2.2 General recommendations
- VLAN names, descriptions and interface descriptions should be updated, corrected and be more meaningful and informative
- VLAN 1 should not be used in any network device. It should be disabled and all devices should be moved to another VLAN number for security purposes.
- Voice VLANs should only be configured where IP phones are connected. They should not be configured on printer ports, trunks or ports where only computers are connected.
- All ports that are not currently in use should be shutdown.
- VTP should be run on the core switches and have all other switches run as VTP clients to simplify the VLAN configuration and consistency throughout the network
- VLAN 30 which is the management VLAN of the wireless devices should not be configured as the native VLAN but should be configured as an additional tagged VLAN on the trunk.
4 Recommendations
Based on the above LAN documentation, the following or some recommendations that should be applied to the network for smoother functionality, ease of administration and troubleshooting and for security purposes.
- Run VTP on the core switches so that VLANs can be centrally administered
- Rename all VLANs so that they are consistent from switch to switch
- Rename SVIs for consistency from switch to switch
- Encrypt passwords using the service password-encryption command
- Native VLAN does not require SVIs, those should be removed
- Ports that are down should be administratively down
- Employ port security wherever possible
I hope you have liked this information and hopefully it will help your documentation skills.
Lastly i will advise to use Microsoft Visio for all the diagrams and AD-Build documents.
Cheers, Stay_Safe Stay_healthy!!!
