Comprehensive guide for documenting network infrastructure in MSP environments.

Why Document Networks?

Proper network documentation:

  • Reduces troubleshooting time
  • Enables faster onboarding of new staff
  • Supports disaster recovery efforts
  • Improves change management
  • Facilitates capacity planning
  • Ensures business continuity

Essential Network Documentation

1. Network Topology Diagrams

Physical Topology

  • Shows physical connections between devices
  • Include rack layouts and data center locations
  • Document cable runs and patch panel connections
  • Note fiber vs copper connections
  • Include power distribution (PDUs, UPS)

Logical Topology

  • Layer 3 routing diagram
  • VLAN layout
  • IP addressing scheme
  • Routing protocols and relationships
  • WAN connectivity

Tools for Diagrams

  • Draw.io (diagrams.net) - Free, web-based
  • Visio - Industry standard
  • Lucidchart - Cloud-based collaboration
  • Network Notepad - Simple, lightweight
  • Netbox - Source of truth with API

2. IP Address Management (IPAM)

Document all IP allocations:

Lang: text 
Network: 10.10.0.0/16
Purpose: Corporate Network

Subnets:
- 10.10.0.0/24   - Management VLAN
- 10.10.10.0/24  - Servers VLAN
- 10.10.20.0/24  - Workstations VLAN
- 10.10.30.0/24  - Wireless VLAN
- 10.10.40.0/24  - Guest VLAN
- 10.10.50.0/24  - VoIP VLAN
- 10.10.100.0/22 - DHCP Pool (Workstations)

Reserved Addresses:
- 10.10.0.1      - Core Switch (VLAN 1)
- 10.10.0.2      - Firewall Internal
- 10.10.0.5      - Primary Domain Controller
- 10.10.0.6      - Secondary Domain Controller
- 10.10.0.10     - Primary DNS
- 10.10.0.11     - Secondary DNS

IPAM Best Practices

  • Reserve first 10 IPs in each subnet for infrastructure
  • Use consistent IP schemes across sites
  • Document DHCP scopes and exclusions
  • Track static IP assignments
  • Note DNS A/AAAA records for static IPs
  • Update documentation with every IP change

3. Device Inventory

Minimum Information per Device:

  • Hostname
  • Management IP address
  • Device type (switch, router, firewall, AP)
  • Make and model
  • Serial number
  • Firmware/OS version
  • Location (building, floor, rack, RU)
  • Purchase date and warranty expiration
  • Support contract details
  • Configuration backup location
  • Default credentials location (secure vault)

Example Device Record:

Lang: yaml 
Hostname: CORE-SW-01
Management IP: 10.10.0.1
Type: Core Switch
Make/Model: Cisco Catalyst 3850-48P
Serial: FCW1234A5B6
IOS Version: 16.12.4
Location: HQ-DataCenter-Rack-A12-RU24
Install Date: 2022-03-15
Warranty: 2027-03-14
Support: SmartNet 24x7x4
Config Backup: /backups/network/CORE-SW-01/
Credentials: LastPass - Network Devices
Notes: Core switch with redundant power, stacked configuration

4. VLAN Documentation

VLAN Template:

Lang: text 
VLAN ID: 10
Name: Servers
IP Range: 10.10.10.0/24
Gateway: 10.10.10.1
DHCP: Disabled
Purpose: Production servers
Ports: Trunk on all uplinks, access on server ports
ACLs: Permit from management, deny from guest
QoS: Priority 4
STP: Root on CORE-SW-01
Notes: Tagged on all trunk ports

VLAN Table Example:

VLANNameSubnetGatewayDHCPPurpose
1Management10.10.0.0/2410.10.0.1NoNetwork mgmt
10Servers10.10.10.0/2410.10.10.1NoServers
20Workstations10.10.20.0/2410.10.20.1YesUser devices
30Wireless10.10.30.0/2410.10.30.1YesWiFi clients
40Guest10.10.40.0/2410.10.40.1YesGuest WiFi
50VoIP10.10.50.0/2410.10.50.1YesIP phones

5. Port Documentation

Switchport Configuration Template:

Lang: text 
Switch: CORE-SW-01
Port: Gi1/0/24
Description: Uplink to DIST-SW-01
Type: Trunk
Native VLAN: 1
Allowed VLANs: 1,10,20,30,40,50
Speed/Duplex: Auto/Auto
PoE: N/A
STP Mode: Rapid-PVST+
Port Security: Disabled
Notes: 10G fiber uplink

Port Mapping Spreadsheet Columns:

  • Switch Name
  • Port Number
  • Port Description
  • Connected Device
  • Port Mode (Access/Trunk)
  • VLAN(s)
  • Speed/Duplex
  • PoE Status
  • MAC Address(es)
  • Cable Label
  • Patch Panel Location
  • Status (Active/Inactive)
  • Last Updated

6. Firewall Rules Documentation

Firewall Rule Template:

Lang: text 
Rule #: 101
Name: Allow-HTTPS-Inbound
Source: Any
Destination: Web-Server-DMZ (172.16.10.10)
Service: HTTPS (TCP/443)
Action: Allow
Interface: WAN -> DMZ
NAT: Yes (Public IP: 203.0.113.10)
Logging: Enabled
Schedule: Always
Created: 2024-01-15
Created By: admin@company.com
Business Justification: Public web server access
Review Date: 2025-01-15

Rule Documentation Best Practices:

  • Document every rule
  • Include business justification
  • Set annual review dates
  • Clean up unused rules
  • Group related rules
  • Use descriptive names
  • Enable logging for security rules

7. WAN/Internet Connectivity

Circuit Documentation:

Lang: text 
Provider: AT&T Fiber
Circuit ID: ATTF-123456789
Service Type: Dedicated Fiber
Bandwidth: 1Gbps/1Gbps
Commit: 1Gbps (no oversubscription)
IPv4 Block: 203.0.113.0/29
Primary DNS: 203.0.113.1
Secondary DNS: 203.0.113.2
Install Date: 2023-06-01
Contract End: 2026-05-31
Monthly Cost: $1,500
Support: 24/7 - 1-800-555-1234
Ticket Portal: https://business.att.com
SLA: 99.9% uptime, 4-hour repair
Router: WAN-RTR-01 (Gi0/0/0)
Notes: Primary internet circuit

8. Wi-Fi Documentation

SSID Configuration:

Lang: text 
SSID: Corporate-WiFi
VLAN: 30
Security: WPA3-Enterprise
Authentication: 802.1X RADIUS
RADIUS Server: 10.10.0.50
Broadcast: Yes
Band Steering: Enabled
Client Isolation: Disabled
Data Rates: 12Mbps minimum
Max Clients per AP: 50
Purpose: Employee wireless access

Access Point Inventory:

AP NameLocationModelIP AddressMACChannelPower
AP-FL1-01Floor 1 NWCisco 9120AXI10.10.30.101xx:xx6/52Auto
AP-FL1-02Floor 1 NECisco 9120AXI10.10.30.102xx:xx1/149Auto

9. DNS Records

Internal DNS Zones:

Lang: text 
Zone: company.local
Type: Active Directory Integrated
Primary DC: dc01.company.local (10.10.0.5)

Key Records:
- @ SOA dc01.company.local
- @ NS dc01.company.local
- dc01 A 10.10.0.5
- dc02 A 10.10.0.6
- web01 A 10.10.10.10
- mail01 A 10.10.10.20
- _ldap._tcp SRV dc01.company.local 389
- _kerberos._tcp SRV dc01.company.local 88

External DNS Records:

Lang: text 
Domain: company.com
Registrar: Namecheap
DNS Provider: Cloudflare
Renewal Date: 2026-03-01

Records:
- @ A 203.0.113.10 (Website)
- www CNAME @ (Website)
- mail A 203.0.113.20 (Mail server)
- @ MX 10 mail.company.com
- @ TXT "v=spf1 ip4:203.0.113.20 -all"
- _dmarc TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@company.com"

10. Change Log

Network Change Template:

Lang: text 
Change ID: NET-2024-0042
Date: 2024-10-15
Engineer: John Doe
Affected Devices: CORE-SW-01, DIST-SW-01
Change Type: Configuration
Downtime: None (live change)

Description:
Added VLAN 60 for IoT devices across core and distribution layer

Pre-Change Config Backup:
- /backups/network/CORE-SW-01/2024-10-15-pre-change.cfg
- /backups/network/DIST-SW-01/2024-10-15-pre-change.cfg

Changes Made:
1. Created VLAN 60 on CORE-SW-01
2. Configured SVI interface with IP 10.10.60.1/24
3. Added VLAN 60 to trunk ports
4. Replicated configuration to DIST-SW-01
5. Tested connectivity from IoT subnet

Post-Change Verification:
- VLAN 60 visible on all switches ✓
- Routing table updated with 10.10.60.0/24 ✓
- Trunk ports carrying VLAN 60 ✓
- IoT devices able to obtain DHCP ✓

Rollback Plan:
- Remove VLAN 60 configurations
- Restore from backup if needed

Status: Completed Successfully

Documentation Storage

Free/Open Source:

  • Wiki.js - Modern wiki with markdown support
  • Bookstack - Organized documentation platform
  • DokuWiki - Simple, file-based wiki
  • Netbox - Network source of truth (IPAM, DCIM)

Commercial:

  • IT Glue - MSP-focused documentation
  • Confluence - Enterprise wiki platform
  • Hudu - MSP documentation and password management
  • Device42 - Auto-discovery and documentation

Version Control:

  • Git (GitLab, GitHub, Gitea) - For config files and scripts
  • Track all changes with commit history
  • Use markdown for documentation
  • Store network diagrams as code (draw.io XML)

Documentation Maintenance

Update Triggers

Document changes immediately when:

  • New device added or removed
  • IP address assigned or changed
  • VLAN created, modified, or deleted
  • Firewall rule added or modified
  • Firmware/software updated
  • Physical relocation of equipment
  • Circuit upgrades or changes
  • Security policy changes

Review Schedule

  • Daily: Review change logs
  • Weekly: Verify recent changes documented
  • Monthly: Audit critical device configs
  • Quarterly: Full documentation review
  • Annually: Complete infrastructure audit

Backup Documentation

What to Backup:

  • Device configurations
  • Network diagrams
  • IP allocation spreadsheets
  • Firewall rulesets
  • Change logs
  • Vendor contacts and support info

Backup Locations:

  • Primary: Internal wiki/documentation platform
  • Secondary: Cloud storage (encrypted)
  • Tertiary: Offline copy (disaster recovery)

Quick Start Checklist

For new network deployments:

  • Create network topology diagram (physical)
  • Create network topology diagram (logical)
  • Document IP addressing scheme
  • Create VLAN documentation
  • Document all network devices
  • Create switchport mapping spreadsheet
  • Document firewall rules with justifications
  • Document WAN circuits and providers
  • Create Wi-Fi SSID and AP documentation
  • Document DNS zones and critical records
  • Set up automated config backups
  • Establish change management process
  • Schedule quarterly documentation reviews

Templates and Examples

IP Subnet Spreadsheet Template

NetworkCIDRFirst IPLast IPGatewayDHCP RangeVLANPurpose
10.10.0.0/2410.10.0.110.10.0.25410.10.0.1None1Management
10.10.10.0/2410.10.10.110.10.10.25410.10.10.1None10Servers

Network Change Request Form

Lang: text 
Requester: ________________
Date Requested: ___________
Required By: ______________

Change Summary:
[Brief description of change]

Business Justification:
[Why this change is needed]

Affected Systems:
[List all devices/services impacted]

Risk Assessment:
□ Low Risk (no downtime)
□ Medium Risk (brief outage possible)
□ High Risk (extended downtime expected)

Downtime Window:
[If applicable]

Backout Plan:
[How to reverse this change if issues occur]

Approvals:
Manager: _________________ Date: _______
Network Lead: ____________ Date: _______

Additional Resources