Network Hardware & Devices
Key Takeaways
- Switches operate at Layer 2 and forward frames by MAC address using a CAM table; routers operate at Layer 3 and forward packets by IP using a routing table.
- Managed switches add VLANs, port mirroring, QoS, and SNMP; unmanaged switches are plug-and-play with no configuration.
- A SOHO router combines a router, switch, wireless access point, DHCP server, and NAT firewall in one box.
- PoE delivers data and power over one Ethernet cable: 802.3af 15.4W, 802.3at (PoE+) 30W, 802.3bt Type 3 60W, and Type 4 ~100W.
- Patch panels terminate permanent cable runs in a wiring closet; firewalls filter traffic, with stateful inspection tracking connection state.
Core Networking Devices
Router (Layer 3)
- Forwards packets between different networks based on IP addresses.
- Consults a routing table to pick the best next hop.
- Performs NAT so private hosts reach the internet through one public IP.
- Connects your LAN to the WAN (internet).
Switch (Layer 2)
- Forwards frames within a network based on MAC addresses.
- Builds a MAC address table (CAM table) mapping MAC -> port; an unknown destination is flooded out all ports until learned.
- Gives each port its own collision domain (full-duplex), unlike a shared-bandwidth hub.
| Capability | Managed | Unmanaged |
|---|---|---|
| Configuration | Web GUI / CLI / SNMP | None |
| VLANs | Yes | No |
| Port mirroring | Yes | No |
| QoS | Yes | No |
| Monitoring/logging | Yes | No |
| Typical use | Enterprise | Home / small office |
Hub (legacy, Layer 1)
- Repeats every incoming bit out all ports - no intelligence.
- Creates one large collision domain, so throughput collapses under load.
- Replaced by switches; appears on the exam for historical contrast only.
Wireless Access Point (WAP)
- Bridges Wi-Fi clients onto the wired LAN at Layer 2.
- Enterprise APs support multiple SSIDs, VLAN tagging, and WPA3-Enterprise, and are often controller-managed.
SOHO Router
A SOHO (Small Office/Home Office) router collapses several roles into one appliance.
| Built-in role | What it does |
|---|---|
| Router | Routes between LAN and WAN |
| 4-port switch | Wired ports for local devices |
| Wireless AP | Provides Wi-Fi |
| DHCP server | Leases addresses to clients |
| NAT firewall | Hides the LAN and filters inbound traffic |
Security-relevant settings
| Setting | Why it matters |
|---|---|
| Change default admin password | Default creds are public knowledge |
| Set a strong WPA3/WPA2 key | Blocks unauthorized Wi-Fi access |
| Update firmware | Patches known router exploits |
| Disable UPnP | UPnP can auto-open ports without approval |
| Configure port forwarding deliberately | Only expose the exact internal service/port needed |
Power over Ethernet (PoE)
PoE carries DC power and data on one cable so a device needs no separate power brick.
| Standard | IEEE | Max power per port |
|---|---|---|
| PoE | 802.3af | 15.4 W |
| PoE+ | 802.3at | 30 W |
| PoE++ Type 3 | 802.3bt | 60 W |
| PoE++ Type 4 | 802.3bt | ~100 W |
Typical PoE loads: wireless access points, IP cameras, VoIP phones, and IoT sensors.
Exam tip: to power a device when the switch is not PoE-capable, insert a PoE injector (a midspan that adds power to the line). Verify the device's wattage need against the standard the switch supports.
Other Infrastructure
Patch panel
A passive termination point in the wiring closet. Permanent cable runs land on the back; short patch cables jump panel ports to switch ports. It centralizes labeling and makes moves/adds/changes clean.
Firewall
Filters traffic against rules; it can be a hardware appliance or host-based software.
- Stateful packet inspection tracks each connection's state and permits return traffic for sessions the inside initiated.
- Stateless filtering judges each packet independently against the rule set.
- Next-gen firewalls add IDS/IPS (intrusion detection/prevention).
Modems and ONT
- Cable modem - DOCSIS over coax.
- DSL modem - ADSL/VDSL over phone lines.
- Fiber ONT (Optical Network Terminal) - converts fiber light to Ethernet.
NAS (Network-Attached Storage)
A dedicated file server reachable by authorized users, typically with RAID for redundancy, sharing data over SMB, NFS, or AFP.
Switch vs. Router: the Distinction the Exam Loves
The single most tested networking-hardware concept on Core 1 is the difference between a switch and a router, because both "connect computers" yet operate at different layers. A switch moves frames inside one network using MAC addresses; it has no concept of the internet and cannot decide a path between subnets. A router moves packets between networks using IP addresses and is the device that knows how to reach the internet. A useful mental model: the switch is the hallway connecting offices on one floor, and the router is the elevator connecting different floors.
When a question describes a device that "assigns IP addresses, performs NAT, and connects the LAN to the ISP," that is the router (or the routing function of a SOHO box), never the switch.
Collision and Broadcast Domains
Understanding domains explains why hubs died out. A hub puts every port in one shared collision domain, so two devices transmitting at once collide and both must back off, wasting airtime as more devices join. A switch gives each port its own collision domain, eliminating collisions on full-duplex links. However, a plain switch still forwards broadcasts (like ARP and DHCP Discover) to every port, so all its ports share one broadcast domain. Routers and VLANs are what break a network into multiple broadcast domains, which is why segmenting a busy network with VLANs reduces broadcast noise and improves performance.
A Hardware Selection Scenario
A growing office of 40 people has one unmanaged switch and complains about a department being able to see another's shared drives and about broadcast traffic slowing everyone down. The right upgrade is a managed switch that supports VLANs, letting the tech place each department in its own broadcast domain for both performance and security, with a router or Layer 3 switch handling the controlled traffic between them. For new wireless cameras, the tech specifies a PoE+ switch so each camera draws power and data from one cable, avoiding 40 separate power adapters and outlets.
Recognizing that an unmanaged switch simply cannot provide VLANs is the key exam insight here.
At which OSI layer does a network switch primarily operate?
An IP camera needs 28W delivered over its Ethernet cable. Which PoE standard is the minimum that meets this need?
What is the main purpose of a patch panel?
A SOHO owner wants to stop apps from automatically opening firewall ports without approval. Which setting should be disabled?