KADERA
Dashboard Districts Assessments Reports Vendors Renewals E-rate
Break glass
JR
Switching & LAN
How the district's switching fleet is managed, secured at the port layer, and physically organized across closets and inter-building uplinks.
Capture progress
6 of 9 fields captured
Maturity preview · Developing

Switch fleet & management

All switches and routers in production, grouped by vendor and model. Switch vs router is determined by the model number — capture both classes here. Inventory IS the documentation: the row list itself answers what the old Yes/Partial/No question was probing.

Total: 42 devices

Whether switches across the fleet are running current firmware releases. Vendors publish patches and bug fixes regularly; switches running releases two or more cycles behind may be missing security fixes that apply to your environment. Distinct from EOL/EOS (vendor support window) — see ARC F9 for that.

How often switch running-configs are archived off-box, and when the last successful backup ran. Without config backups, a failed switch means rebuilding VLAN, port, and trunk config by hand from memory and a diagram. Modern monitoring services (Auvik, SolarWinds NCM, etc.) often capture daily / on change — that's the “Daily / on change” option. “Never” is a hard finding.

Current · 3 mo ago

Port security posture

Whether rogue DHCP servers are blocked at the switch port. A student plugging in a home router that hands out DHCP can knock a whole VLAN off its real gateway in minutes. “Unknown” is itself useful signal — it usually means no one has audited the config.

Whether user-edge ports drop on BPDU receipt to prevent spanning-tree loops. The #1 cause of “the whole network is slow” tickets in K-12: a switch or hub plugged in by a teacher, looping the broadcast domain. BPDU guard turns this from a building-wide outage into a single dead port. Distinct from storm control (F6), which rate-limits flooding but doesn't prevent the loop itself.

Which port-layer security features are active across the access edge. The list isn't a checklist — IPSG and DHCP option 82 are heavier to operate than 802.1X — but the absence of any active feature is itself a finding. Hard finding when nothing is selected.

Cabling & physical plant

Whether the wiring closets — IDFs (intermediate distribution frames) in each building and the central MDF — have documented contents: rack diagrams, equipment, power, environmental conditions. The diagram in someone's head doesn't survive vacation.

Whether patch panel labels accurately identify what each port serves. Labels exist but drift over time as devices move; the question is whether they're actively maintained or have rotted to the point where troubleshooting requires tone-and-trace.

For multi-building campuses, whether the uplinks between buildings can survive a single fiber-cut event. Copper-only between buildings is unusual and worth surfacing on its own.

Notes