1.1 Network Components

Why this matters for the exam

Network Fundamentals is 20% of the CCNA 200-301 v1.1 exam and component identification anchors many other questions. On a ~100-question, 120-minute exam scored on roughly an 825/1000 scale, you cannot afford to confuse a switch with a router. Know each device's OSI layer, its forwarding key (MAC vs IP), and where it sits in the topology.

Routers (Layer 3)

A router is a Layer 3 (Network layer) device that forwards packets between different IP networks. It chooses an exit interface and next hop by performing a longest-prefix match against its routing table. Routers terminate broadcast domains: a broadcast frame is never forwarded out a routed interface, so every router interface defines a separate broadcast domain. Routers connect dissimilar media (Ethernet to serial/WAN) and provide services such as NAT, DHCP relay, and access control lists (ACLs).

Switches (Layer 2 and Layer 3)

A Layer 2 switch forwards frames based on the 48-bit destination MAC address, building its MAC table by reading the source MAC of every inbound frame. Each switch port is its own collision domain; by default all ports share one broadcast domain unless VLANs divide them. A Layer 3 (multilayer) switch adds IP routing in hardware (ASICs) and uses switched virtual interfaces (SVIs) to route between VLANs at wire speed, replacing slower router-on-a-stick designs in the campus.

Firewalls and IPS

A firewall enforces a security policy between trust zones (inside, outside, DMZ). A stateful firewall tracks each connection in a state table, automatically permitting return traffic for sessions it initiated; a stateless filter evaluates each packet in isolation. A next-generation firewall (NGFW) such as Cisco Secure Firewall adds application awareness, URL filtering, and integrated intrusion prevention.

An intrusion prevention system (IPS) sits inline and can drop malicious packets in real time, whereas an intrusion detection system (IDS) receives a copy of traffic (via SPAN/tap) and only alerts. The exam loves this distinction: inline-and-blocking = IPS; out-of-band-and-alerting = IDS.

Wireless components

An access point (AP) bridges 802.11 wireless clients onto the wired LAN, converting between RF frames and Ethernet frames. Autonomous APs are configured individually; lightweight APs are managed centrally by a wireless LAN controller (WLC) using CAPWAP tunnels, which simplifies channel, power, and security at scale.

Endpoints, servers, PoE, and controllers

Endpoints are clients (PCs, phones, IoT). Servers provide DNS, DHCP, web, and file services and are commonly virtualized. Power over Ethernet (PoE) lets switches power APs and IP phones over the same copper that carries data. Cisco Catalyst Center (the controller formerly named DNA Center) centralizes policy, automation, and assurance across the campus fabric.

Quick-reference: device vs layer vs forwarding key

How the pieces interact (worked scenario)

Trace a PC browsing a web server in another building. The PC's frame reaches its access switch, which forwards by MAC. To leave its own subnet, the frame goes to the default gateway, an SVI on a Layer 3 switch or a router, which strips the Layer 2 frame, reads the destination IP, and routes the packet toward the data-center block. Along the way the firewall/NGFW inspects the session against policy, and an inline IPS scans for known exploits. The reply traverses the same chain in reverse.

Notice that the router rewrites the Layer 2 header at each hop but preserves the Layer 3 source/destination IPs end to end, this is the single most important behavior to internalize for the whole exam.

Collision vs broadcast domains by device

The number of domains each device creates is a recurring question:

• A hub has one collision domain and one broadcast domain across all ports.
• A switch gives one collision domain per port but one broadcast domain per VLAN.
• A router creates a separate broadcast domain on every interface, this is the defining difference between a router and a switch.

So a topology with a router connecting two switches has at least two broadcast domains, while the same two switches cabled directly together (no router, one VLAN) form a single broadcast domain.

Endpoint and server placement

In the campus, endpoints attach at the access layer and servers live in a dedicated data-center block, often virtualized, attached to high-speed access switches near the core. Placing servers close to the core minimizes the hop count for the heavy traffic they generate. APs also attach at the access layer and draw PoE from the switch, so the switch must support the right PoE class for the AP model.

Common traps

• A hub is Layer 1 only and floods everything (one collision domain); it is legacy but still tested as a contrast to switches.
• Saying a switch "breaks up broadcast domains" is wrong unless VLANs or a router are involved, a plain switch in one VLAN is a single broadcast domain.
• IDS cannot stop an attack by itself, only an IPS (inline) or firewall can drop the packet.
• A stateless filter cannot automatically permit return traffic, that requires a stateful firewall tracking the connection.