There is no doubt that networks are becoming more complex. As more devices and IoT systems are attached to a network, the more difficult it becomes to understand exactly how a network is set-up and how devices are attached to each other.
Networks are also becoming more distributed too, a single network can span across continents and even countries. In addition, devices on the same network are very often segmented across multiple VLANs to allow segregation of data flow or for security purposes.
The best starting point to understand how to secure and manage a network, is by using automated network mapping tools to understand all the devices on a network and how they are interconnected.
Most network mapping software allows for manual creation of the network’s topology and connections between devices. Yet only a select few of these softwares automatically create and keep a network topology map updated with real-time data.
Manual vs Automated Network Mapping Tools
Network mapping is the first step in managing and securing a network.
There are many free network mapping tools available for MSPs, integrators and IT professionals. Most of these network mapping tools are not automated.
Here is a quick overview of some of the free and paid manual and automated network mapping tools available today.
- Domotz: Affordable remote network monitoring software which includes automated network topology mapping features. All features cost only $19/month for monitoring and automatically mapping unlimited endpoints on a network. (Free 21 day trial – with no credit card).
- Solarwinds: Network mapping software which starts from $1495.
- Spiceworks: Network monitoring tool, which includes free network mapping software for the manual creation of network maps.
- PRTG: Free network monitoring tool (up to 100 sensors) which allows the creation of manual network maps. Or there is an automatic generation of the map through the usage of a paid plugin (UVExplorer Pro)
How automated network mapping tools and software work
To automatically create a network map, devices are usually primarily identified by MAC address and different methodologies are used to locate where devices are and how they are connected to each other.
IEEE standard protocols, such as Link Layer Discovery Protocol (LLDP) or proprietary ones, such as Cisco Discovery Protocol (CPD) are often enrolled to collect information about how devices are connected to networking equipment that supports those protocols. Unfortunately, many devices don’t currently support either of these protocols.
Another methodology is based on the information which can be retrieved through SNMP on networking devices compliant to RFC-4188. This provides the information required to understand which MAC addresses are “reachable” through a specific network port of managed switches.
Regardless, of the methodology adopted to collect raw data out of the networking devices, the information is sent back to the network mapping software. The tool is designed so that it can elaborate this data, create inferred relationships (such as devices routed through WiFi Access Point), and present the devices and how they are connected to each other in the form of a topology map.
What is a network topology map?
“A network map displays in a visual format, all the devices on a network, how they are interconnected as well as the transport layer.” (Techopedia)
Here is an example of a network topology map using the Domotz remote network monitoring software.
- The Watchguard M270 firewall is connected to the main gateway.
- The Domotz Agent is directly connected to the firewall
- Then comes the Cisco SG350 Switch (SW1) which provides the main connectivity to the rest of the network, including:
- A Brocade/Ruckus PoE switch (which powers and connects VoiP systems)
- A Cisco Meraki WiFi Access Point (powered through the Cisco Switch, and which connects office WiFi clients such as Laptops, mobiles and touch-panels
- 20 other devices connected to the rest of the 28 ports available on the Cisco Switch
What the network mapping tool does is show you exactly what is on the network and how it is interconnected in real-time. This means that you will know if something goes offline and where the issue has occurred.
For example Brocade/Ruckus ICX switch from the above example going offline is going to impact all the VoiP systems connected to it.
Additionally, if someone decides to move something on the network, you will also see this reflected on the network topology map in real-time.
Information such as the exact port of the switch where the device is connected is very important. For instance you might be required to re-program the VLAN configuration of a switch port in the instance a VoiP system has been physically moved.
Benefits of automated network mapping tools and software
Today’s MSPs and system administrators are responsible for a lot more than just making sure a business’s computers are working. MSPs need a full picture of what is on the network to manage and secure it. Here are some of the benefits of network mapping software.
- A complete network map of everything: Network topology mapping tools like Domotz shows you all endpoints on the network and how they are interconnected.
- Access device details: From the network map you can click directly into a device so you can diagnose problems and issues.
- No configuration: You do not need to add any device details, the network topology map will be created automatically and straight from your Domotz device inventory.
- Get alerted if a device gets moved: Network mapping tools, like Domotz, will keep you updated and alert you if a device gets moved. Let’s say you have a firewall connected to a managed switch that is essential for network security and someone moves it or turns it off. Network mapping software will let you know where the device has been re-connected or if it has been re-connected at all. This is a lot easier than keeping a spreadsheet or a diagram of where things are.
- Network security: Know the best strategy for securing a network because you understand how everything is interconnected.
- Guide to Server Room Temperature Monitoring
- What is SNMP and how does it work?
- 10 IoT devices MSPs are monitoring and managing
- How to choose the right RMM for your MSP?
Illustration by Icons 8 from Icons8