1.10 OSI and TCP/IP Reference Models

Why layered models matter

Questions asking which layer a protocol or device operates at appear throughout the CCNA. Layering also lets vendors build interoperable pieces, each layer serves the one above and relies on the one below.

The OSI model (7 layers)

A mnemonic for layers 7 to 1: All People Seem To Need Data Processing.

The TCP/IP model (4 layers)

The TCP/IP model is what the real Internet runs on, it collapses OSI's top three layers into one Application layer and the bottom two into Network Access.

Encapsulation and PDUs

As data moves down the stack on the sender, each layer wraps it in a header (and the Data Link layer adds a trailer/FCS). This is encapsulation, and the unit's name (PDU) changes at each layer:

Data (L7-5) -> Segment (L4) -> Packet (L3) -> Frame (L2) -> Bits (L1).

On the receiver the process reverses, each layer strips its header in de-encapsulation until the application gets the original data. The Layer 3 header adds source/destination IP; the Layer 2 header adds source/destination MAC.

Devices by layer

Worked example

A web request descends the stack: the browser data (L7) is handed to TCP which adds a port header making a segment (L4); IP adds source/dest IP making a packet (L3); Ethernet adds source/dest MAC making a frame (L2); the NIC encodes it as bits on the wire (L1). Each router along the path rewrites the L2 frame but keeps the L3 packet's IPs.

Headers added at each layer

Encapsulation is concrete, each layer prepends specific addressing:

The Layer 2 frame is the only PDU with both a header and a trailer (the FCS, frame check sequence, used for error detection). At each router hop the Layer 2 frame is rebuilt with new MAC addresses while the Layer 3 packet's IPs stay constant, this header rewrite is why "same packet, new frame" is a recurring exam idea.

Mapping protocols to layers (memorize)

• Layer 7 Application: HTTP, HTTPS, FTP, SMTP, DNS, DHCP, SNMP, Telnet, SSH.
• Layer 4 Transport: TCP, UDP.
• Layer 3 Network: IP, ICMP, OSPF, EIGRP (routing protocols ride here logically).
• Layer 2 Data Link: Ethernet, ARP, STP, VLAN tagging.
• Layer 1 Physical: cables, connectors, hubs, repeaters, RF.

Note ARP spans the boundary, it resolves a Layer 3 IP to a Layer 2 MAC, and the exam usually places it at Layer 2.

Why two models exist

The OSI model is a teaching and troubleshooting reference, its seven layers let you isolate a fault ("is this a Layer 1 cabling issue or a Layer 3 routing issue?"). The TCP/IP model is the practical stack the Internet actually implements. Cisco troubleshooting almost always reasons bottom-up: confirm Physical, then Data Link, then Network, then Transport, then Application, the same order this chapter's client-troubleshooting section follows.

Common traps

• A router operates at Layer 3, not Layer 2, even though it has Ethernet ports.
• The segment is the Transport-layer (L4) PDU; the packet is Layer 3, do not mix them.
• DNS is an Application-layer (L7) protocol even though it rides on UDP/TCP at L4.
• Encapsulation goes down (Data to Bits); the receiver de-encapsulates up.
• Only the Layer 2 frame has a trailer (the FCS); other PDUs add only a header.

Layer-by-layer responsibilities

Knowing what each layer is responsible for lets you answer "which layer handles X" questions instantly:

• Physical (1): bit transmission, voltage/light levels, connectors, cabling.
• Data Link (2): framing, MAC addressing, error detection via FCS, media access.
• Network (3): logical IP addressing, path selection, routing between networks.
• Transport (4): segmentation, reliability (TCP), port-based multiplexing.
• Session (5): opening, managing, and closing dialogs between applications.
• Presentation (6): data format translation, encryption, compression.
• Application (7): the interface user applications use to reach the network.

Troubleshooting with the model

The layered model is a diagnostic tool, not just trivia. If a user cannot reach a website, you test bottom-up: is the link up (L1)? Does the switch see the MAC (L2)? Does the host have a valid IP and gateway (L3)? Does a connection establish (L4)? Does the name resolve and the app respond (L7)? Each layer you confirm narrows the fault. This disciplined layer-by-layer isolation is exactly how Cisco frames troubleshooting questions and why the OSI model anchors the entire certification, every later topic, from VLANs to routing to ACLs, maps cleanly onto a specific layer.