Lab 6: Escalation, Documentation, and Handoff

Scenario: Build the Handoff

You have worked through several small-network symptoms: a desk move created wrong patching, an employee Wi-Fi client joined the guest SSID, a DHCP scope gave out the wrong DNS server, and a home router introduced a second private subnet. Some fixes are within normal entry-level support scope, such as replacing a damaged patch cable, helping a user join the correct SSID, recording IP settings, or following an engineer's instructions to identify Cisco device status lights.

Other fixes require escalation because they involve managed switch configuration, router or firewall policy, DHCP scope changes, DNS records, VLAN mapping, or security decisions.

The first escalation decision is authority. If you do not have permission to change a switch port VLAN, firewall rule, DHCP scope, or access point SSID mapping, do not make an unofficial change. The correct next step is to document the evidence and hand it to the authorized team. The second decision is blast radius. If the symptom affects one endpoint, you may continue endpoint and cable checks. If it affects a full switch, SSID, VLAN, or site, involve the right support tier earlier because shared infrastructure changes can affect many users. The third decision is safety.

Security settings such as WPA mode, guest isolation, administrative passwords, and firewall filtering should not be weakened for convenience.

A high-quality ticket reads like a clear lab report. It identifies who is affected and when the issue started. It states the expected design, such as 'employee wired clients should receive 172.16.8.x/24, gateway 172.16.8.1, DNS 172.16.8.10.' It gives observed facts, such as 'three clients on jacks C-21 through C-23 receive 169.254.x.x; link LEDs are on; same laptops work on jack C-10.' It lists tests in order: checked cable, swapped patch cord, verified link, renewed DHCP lease, pinged gateway, tested DNS name, compared with known-good client. It also states what was not changed.

When using basic diagnostic commands, save the important output in the ticket or attach files according to local process. On Windows that may include IP configuration and ping results; on Linux or macOS it may include ip, ifconfig, ping, traceroute, dig, or nslookup output depending on local standards. If an engineer requests a packet capture, use Wireshark to capture the relevant traffic and save it to a file. Name it with the date, device, and symptom, such as 2026-05-06-laptop23-dhcp-renewal.pcapng. Do not capture unrelated sensitive traffic longer than needed.

The handoff should also preserve user communication. Tell users what is known, what is being escalated, and whether there is a workaround. Avoid promising a root cause before the evidence supports it. If the immediate workaround is to use wired Ethernet instead of Wi-Fi, or to move to a known-good jack, document that workaround and whether it was accepted.

The final skill is recognizing when a symptom crosses domains. A DHCP failure may actually be an access switch VLAN problem. A printer failure may actually be guest wireless isolation. A DNS complaint may actually be a wrong DHCP option. A no-Internet report may be a default gateway, firewall, NAT, or ISP issue. Integrated labs are valuable because real support work rarely arrives as a neatly labeled topic area. The technician's value is in moving from broad complaint to specific, documented evidence.

Study Checkpoint

• Topic: Lab 6: Escalation, Documentation, and Handoff.
• Verify the official Cisco concept before memorizing a shortcut.
• Practice the technician action: observe, document, test, fix when supported, or escalate.