2.6 Network Devices Flashcards
Bridge
A bridge connects two segments within the same subnet. Bridges learn which side a host resides on by copying the MAC address of the source device and placing it into the
MAC address table. The port number at which the frame entered is also recorded in the table and associated with the source MAC address.
- Bridges can also convert one type of transmission medium into another. A common example of this is a wireless bridge, which converts wired transmissions into wireless transmissions and vice versa.
Hubs
- Send Data to all ports
- Don’t determine the target
- Cause collisions
A hub provides a central connecting point for multiple media segments on the same subnet. When a hub receives a signal, the hub sends out the signal to all the ports on the hub. Hubs operate in half-duplex mode because the path between devices is shared. This means that devices can send only when no other devices are sending data.
- Hubs are a legacy network device and are rarely used because of their lack of features and poor performance.
Switch
A switch is a multiport bridge. It provides the same functionality, but with a higher port density. In addition, switches provide features that cannot be found in bridges. Switches have replaced hubs and bridges in almost all networks. Switches:
- Manipulate Ethernet frames at the Data Link layer of the OSI Model. A switch examines the Data Link header within the frames it receives to determine how each frame should be processed. This information is used by the switch to learn connected device MAC addresses, forward frames, and filter frames.
- Connect multiple segments or devices and forward packets to a specific port.
- Connect a single device to a switch port or multiple devices to a switch port by using a hub.
Switches offer several advantages over a non-switched network. Switches:
- Connect multiple segments for devices and forward packets to a specific port. This is called microsegmentation .
- Produce less latency than other segmentation solutions.
- Can be used to provide collision-free networking. This is available only if one device is connected to each switch port.
- Create separate collision domains.
Provide guaranteed bandwidth between devices if dedicated ports are used. - Enable full-duplex communication.
Can simultaneously switch multiple messages. - Support rate adaptation, which allows devices that run at different speeds to communicate with each other. For example, 10 Mbps, 100 Mbps, and 1000 Mbps devices can communicate with each other when connected to a 1000 Mbps switch.
- Can connect a single device to a switch port, or can connect multiple devices to a switch port by connecting it to another switch.
Different types of switches can be implemented. Switches can be categorized according to the layer of the OSI model in which they function. Two common classifications include:
- A layer 2 switch operates at the Data Link layer of the OSI model to process frames within a single physical network segment. This is the most commonly implemented type of switch.
- A layer 3 switch provides all the functionality of a layer 2 switch but also provides routing functionality at the Network layer of the OSI model. This allows the switch to process frames within a network segment (as a layer 2 switch does) and to route packets between network segments (as a LAN router does). Layer 3 switches are sometimes called multilayer switches because they function at multiple layers of the OSI model.
Routers
A router is a Layer 3 device that sends packets from one network to another network. Routers receive packets, read the packet headers to find addressing information, and send the packets to the correct destination on the network or internet.
Routers forward packets through an internetwork by maintaining routing information in a database called a routing table . The routing table typically contains the address of all known networks and routing information about that network, such as:
- Interface
- Routing path
- Next hop
- Route metric (cost)
- Route timeout
Routers build and maintain routing database by periodically sharing information with other routers. The exact format of these exchanges is based on the routing protocol. The routing protocol determines:
The information contained in the routing table.
How messages are routed from one network to another.
How topology changes (i.e., updates to the routing table) are communicated between routers.
Regardless of the method used, changes in routing information take time to propagate to all routers on the network. The term convergence is used to describe the condition when all routers have the same (or correct) routing information.
Routers provide more functionality than either switches or bridges. For example, routers:
Support multiple routing protocols for better flexibility.
Provide more features than switches or bridges, such as flow control, error detection, and congestion control.
Provide multiple links between devices to support load balancing.
Can connect different network architectures together. For example, a router can be used to connect an older Token Ring network to an Ethernet network.
Because of their enhanced features, however, routers are also more expensive and more difficult to configure.
Wireless access point (AP)
A wireless access point provides access to the network via a wireless connection. Be aware of the following:
- An AP is a layer 2 device; it can read the Data Link layer address in a frame.
- An AP is often configured as a bridge, connecting a wireless segment to a wired segment. Both wireless and wired hosts are on the same subnet.
- Some APs are combination devices that include a wired switch and even a router.
Wireless LAN controller (WLC)
A wireless LAN controller (also called a wireless controller) is used to connect multiple APs through wired links. The APs used with a WLC contain very little embedded intelligence and are sometimes referred to as lightweight access points (LWAPs). A wireless controller:
- Manages all of the APs that are connected to it. Configuration changes are made on the controller, then pushed out to all connected APs.
- Usually provides DHCP services to dynamically assign IP addressing information to wireless clients.
- Connects the wireless network to the internal wired network.
- Routes wireless traffic from the wireless network to the internal wired network (and vice versa).
Wireless controllers create what is known as a hub-and-spoke infrastructure. This infrastructure is more efficient than an AP and allows for much larger wireless networks. However, the controller itself becomes a bottleneck. All wireless data must pass through the controller, even if the data is destined for another wireless host on the same wireless network. The APs are not able to communicate directly with each other; they can communicate only with the wireless controller. If the controller goes down, the entire wireless network will cease to function even if the APs remain functional.
Firewall
A firewall is a software-based or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network:
A network-based firewall is installed on the edge of a private network or network segment. In addition:
Most network-based firewalls are considered hardware firewalls even though they use a combination of hardware and software to protect the network from internet attacks.
Network-based firewalls are more expensive and require more configuration than other types of firewalls, but they are much more robust and secure.
A host-based firewall is installed on a single computer in a network. In addition:
Almost all host-based firewalls are software firewalls.
A host-based firewall can be used to protect a computer when no network-based firewall exists (e.g., when connected to a public network).
Host-based firewalls are less expensive and easier to use than network-based firewalls, but they don’t offer the same level of protection or customization.
A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
Firewalls use filtering rules, sometimes called access control lists (ACLs), to identify allowed and blocked traffic. A rule identifies:
The interface the rule applies to
The direction of traffic (inbound or outbound)
Packet information such as the source or destination IP address or port number
The action to take when the traffic matches the filter criteria
Each ACL has an implicit deny . This is a line at the end of the ACL stating that a packet will be dropped if it doesn’t match any of the defined rules.
Next Generation Firewall (NGFW)
A Next-Generation Firewall (NGFW) combines a traditional firewall with other network device filtering functionalities such as an application firewall. An NGFW:
Is application-aware
Tracks the state of traffic based on layers 2 through 7
Utilizes an intrusion protection system (IPS)
Tracks the identity of the local traffic device and user ( LDAP, RADIUS, Active Directory)
Can be used in bridged and routed modes
Utilizes external intelligence sources
An intrusion prevention system detects intrusion attempts, notifies the administrator, and also tries to block the attempt.
At which layer of the OSI model do network switches operate that do not support routing?
Switches manipulate Ethernet frames at the Data Link layer of the OSI Model. Some switches, such as a Layer 3 switches, also work at the Network layer.
Network hubs operate at the physical layer of the OSI model. Devices such as routers and multi-layer switches operate at layers higher than the Data Link layer in the OSI model.
Which of the following are general advantages of using routers on your network? (Select three.)
Routers provide more functionality than either switches or bridges. For example, routers:
- Support multiple routing protocols for better flexibility.
- Provide more features than switches or bridges, such as flow control, error detection, and congestion control.
- Provide multiple links between devices to support load balancing.
- Can connect different network architectures together. For example, a router could be used to connect an older token ring network to an Ethernet network.
Because of their enhanced features, routers are also more expensive and more difficult to configure that switches or bridges.
You have been put in charge of connecting two company networks that were previously separated.
You need to connect a 100BaseTx Ethernet network with an older token ring network. Most traffic will be localized within each network, with only a little traffic crossing between networks. Both networks are using the TCP/IP protocol suite.
Which connectivity device would be the best choice in this situation?
You should use a router to connect the networks.
Because each network uses a different architecture (and has a different network address and different device addressing scheme), you cannot use a bridge or a switch. A gateway is not needed because both networks are using the same protocol.
You are asked to design a LAN segmentation solution for Company AGH. They have three workgroups separated with VLANs: Accounting, Sales, and Service. Most network traffic is localized within the individual workgroups, but some traffic crosses between each group. Company AGH is especially concerned about the security of information within the Accounting department.
Which segmentation device meets the functionality requirements and provides the simplest, most economical administration?
Select a router to meet the needs specified in this scenario. The need to keep the Accounting workgroup’s traffic secure calls for segmenting them into their own subnet. The router would keep their internal traffic from getting out to the rest of the network.
While a Layer 3, or multilayer, switch can also be used to meet these needs, the switch listed here is not specified as a Layer 3 switch, so it is assumed to be a Layer 2 switch, which would not be able to route traffic from one network to another. You can configure virtual LANs (VLANs) for each workgroup on a switch to segment the network, but a router would be required for data to cross between the workgroups. A switch and router used in combination is another solution, but that would not meet the requirement to be the most economical and simple solution. In addition, routers enforce security better than bridges or hubs.
Which of the following describes the function of a dedicated wireless access point on a network?
On a network, a wireless access point only acts as a bridge between the wireless segment and the wired segment on the same subnet. The function of a bridge is to connect two segments of the same subnet. On an enterprise network, the wired segment and the wireless segment need to be on the same subnet, so the wireless access point acts as a bridge between these two segments.
Which of the following statements are true about bridges?
- Bridges connect two network segments with the same network address.
- Bridges convert one type of transmission medium into another.
A bridge connects two segments within the same subnet. Bridges learn which side a host resides on by copying the MAC address of the source device and placing it into the MAC address table. The port number that the frame entered is also recorded in the table and associated with the source MAC address.
Another function of a bridge is to convert one type of transmission medium into another. A common example of this is a wireless bridge, which converts wired transmissions into wireless transmissions and vice versa.
Routers maintain a database of routes through a network.
Gateways connect two networks that use different protocols.
Which of the following accurately describe how switches and hubs work?
- Switches use the hardware address in the frame to send frames only to the port where the device is attached.
- A hub repeats frames to all ports, regardless of the destination address.
It is important to remember that a hub simply receives signals and regenerates them, sending them to all connected devices.
A switch sends data only to the switch port connected to the device for which the data is addressed.