Infrastructure Device Roles

Why device roles matter on the CCST

The Cisco Certified Support Technician (CCST) Networking exam (number 100-150, 50 minutes, a question count Cisco says varies by exam form, no publicly published passing score, US price $125) tests entry-level support skills. Domain 5, Infrastructure, asks you to identify devices and their roles before touching anything. A support technician who mislabels a router as a switch will trace the wrong cable and escalate to the wrong team, so role identification is the first reflex.

Every device sits at a layer of the network model. A switch operates mainly at Layer 2 (Data Link), forwarding Ethernet frames by MAC address inside a single broadcast domain. A router operates at Layer 3 (Network), forwarding packets by IP address between different networks and serving as a subnet's default gateway. Confusing these is the single most common beginner error.

The core infrastructure devices

Combined home/small-office devices

In homes and small offices a single plastic box often combines a modem (or ONT), router, switch, wireless AP, and firewall. The exam still expects you to reason about each function separately. If Wi-Fi fails but a wired PC on the same box works, the switch and router functions are fine while the AP radio function is suspect — even though it is one chassis.

Reasoning from symptoms

Use a quick decision flow:

• Can the host reach other devices on the same subnet? If yes, the local switch path works.
• Can it reach a different subnet or the internet? If no, suspect the router / default gateway or the path through the firewall.
• Is only Wi-Fi affected? Suspect the AP (radio, SSID, controller registration, or authentication), not the wired switch.
• Is the whole site down? Suspect the modem/ONT and the provider circuit at the demarcation point.

Common traps

• Trap: assuming an AP that has power and an Ethernet link is healthy. It may still fail to register to its WLC, broadcast no SSID, or reject client authentication.
• Trap: bypassing a firewall to "restore connectivity." The firewall is part of the approved security design; bypassing it can violate policy and expose protected systems. Escalate instead.
• Trap: calling a modem a router. A modem terminates the ISP circuit; it does not route between your internal subnets the way a dedicated router does. The CCST rewards the technician who names the exact role and stays inside their support scope.

Layers, again, because it pays off

The distinction between Layer 2 and Layer 3 underlies nearly every infrastructure question. A switch builds a MAC address table by learning which device lives on which port; it floods unknown unicast and broadcast frames to every port in the VLAN. A router instead consults a routing table of networks and next hops, decrementing the time-to-live field and rewriting the Layer 2 header at each hop. A firewall layers stateful inspection on top, tracking connection state and permitting return traffic only for sessions the inside started.

When a symptom appears, ask which layer it lives at: a bad cable or dead port is Layer 1-2, a wrong default gateway or subnet mask is Layer 3, and a blocked application is often a firewall policy at Layers 4-7.

Scope and escalation

A support technician's job is to observe accurately, make only approved changes, and escalate clearly. Identifying the device role tells you who owns the fix: a Wi-Fi coverage complaint goes to the wireless team that manages the APs and controller; a site-wide outage with a dead modem light goes to the carrier; a blocked business application that pings fine but will not load goes to the security team that owns firewall policy. Naming the role correctly routes the ticket to the right owner the first time and prevents wasted truck rolls.

The exam frequently frames this as a short scenario with one user-reported symptom, and the right answer is the device role whose failure best explains that exact symptom — not the most powerful device or the one nearest the user. Train yourself to map symptom to layer to device role, then to owner, and the infrastructure questions become routine. A useful habit is to restate the symptom in terms of reach: can the host reach itself, its local neighbors, its gateway, a remote subnet, and the internet, in that order?

Each rung that fails points at a specific role, so the answer almost always falls out of the reachability ladder rather than from guessing at hardware.