Network Hardware Devices: Explained

Previous Chapter

Chapter 1.2

1.1 Explain the Role and Function of Network Components

It is the first topic in CCNA exam course content. In this blog we will be covering the network component's role and function and will understand them based on real scenarios and device configurations. This will help you to better understand the network devices and how they work in production environment. 

1.1a Routers

Routers are the core component of the networking devices which you see in the organization's data centers or branch offices or small home office network. These routers operate on network layer which is Layer 3 of the OSI model. If you see the primary role of a router is to connect two or more different networks which facilitate the exchange of data packets between the networks. These routers can take decisions based on the destination IP addresses present in the received packets to determine the most appropriate outgoing interface based on existing routing table for forwarding those packets to the next router in the network. These routing table are formed with the help of static routes or routing protocols like OSPF, EIGRP or BGP etc.

Scenario: In a corporate network or a small home office network, typically a router is configured and connected to internal network called the local area network (LAN) and the internet which is considered as WAN or Public network. When an internal device which is a part of LAN initiates a date packets, this router first receives these data packets and looks up the destination IP address present inside the data packets. Based on the routing table (As depicted in the below diagram, here routing table is built from configured default route) it then forwards them to the appropriate interface to send on the internet. The return data packets are received by the router and forwarded to the same devices which generated that data packets. 

Here is the Cisco router configuration:

!

interface GigabitEthernet0/0

 ip address 192.168.1.1 255.255.255.0

!

interface GigabitEthernet0/1

 ip address 10.0.0.1 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 10.0.0.254

!

In this example, the router has two interfaces. GigabitEthernet0/0 is connected to the LAN with the IP address 192.168.1.1, and GigabitEthernet0/1 is connected to another network called Internet with the IP address 10.0.0.1. The "ip route" command sets the default gateway for the router, specifying that any traffic with unknown destinations should be forwarded to the IP address 10.0.0.254.

1.1.b Layer 2 and Layer 3 switches

The switches which are operated at Layer 2 and Layer 3 of the OSI model have different functionalities. Here are some of the Cisco switches model. 

Layer 2 switches operate at the data link layer (Layer 2) and primarily focus on forwarding Ethernet frames based on MAC addresses. They build and maintain MAC address tables to learn which devices are connected to which switch ports. Layer 2 switches are responsible for local network segmentation, improving network performance, and reducing collision domains.

Scenario: In an office network, a Layer 2 switch connects multiple computers and devices within a LAN. When a device sends data to another device within the same LAN, the Layer 2 switch examines the MAC addresses in the Ethernet frames and forwards them to the correct destination port. Devices in same VLANs can communicate with each other while devices in different VLANs require their respective VLANs gateways IP addresses configured either on Layer 3 switch or a router. 

Here is the configuration of a Layer 2 switch.

!

interface FastEthernet0/1

 switchport mode access

 switchport access vlan 10

!

interface FastEthernet0/2

 switchport mode access

 switchport access vlan 20

!

vlan 10

 name Sales

!

vlan 20

 name Marketing

!

In this example, the switch has two ports configured as access ports. Port FastEthernet0/1 is assigned to VLAN 10 (Sales), and port FastEthernet0/2 is assigned to VLAN 20 (Marketing). The "vlan" command is used to create the VLANs and assign names to them.

Layer 3 switches, also known as multilayer switches, combine the features of Layer 2 switches with routing capabilities found in routers. They can perform routing functions at wire speed and facilitate inter-VLAN communication by routing traffic between different VLANs.

Scenario: Sometimes in a network, it is required to have multiple VLANs for various reasons. In that case a Layer 3 switch can be configured as a default gateway for these VLANs. These VLANs can then route traffic between each other on the switch. It examines the IP addresses in packets and forwards them based on the routing table entries.

Here is the configuration of a Layer 2 switch.

!

interface GigabitEthernet0/1

 switchport mode trunk

!

interface Vlan10

 ip address 192.168.10.1 255.255.255.0

!

interface Vlan20

 ip address 192.168.20.1 255.255.255.0

!

ip routing

!

In this example, the switch has a trunk port (GigabitEthernet0/1) to carry VLAN traffic. Two VLAN interfaces (Vlan10 and Vlan20) are configured with IP addresses. The "ip routing" command enables routing functionality on the Layer 3 switch. These IP addresses are the gateways on the devices in their respective VLANs,

1.1.c Next-generation firewalls and IPS

Next-generation firewalls (NGFWs) and Intrusion Prevention Systems (IPS) are security hardware devices or software designed to protect vulnerable networks from malicious activities, unauthorized access, and threats. The picture below is the Cisco Firepower 1000 series appliances, this is considered as NGFW.

NGFWs combine traditional firewall features (such as stateful packet inspection) with advanced capabilities such as application-layer filtering, user identity awareness, and threat intelligence. They inspect network traffic at multiple layers, including application, transport, and network layers, to enforce security policies and prevent unauthorized access. Below are couple of scenarios where IPS or NGFW is used.

Scenario 1: In an enterprise network, an NGFW is deployed at the network perimeter to inspect incoming and outgoing traffic. It can block malicious websites, detect and prevent intrusions, and provide granular control over network applications and user access.

IPS systems monitor network traffic for suspicious patterns or known attack signatures. They analyze packets in real-time to identify and block malicious activities.

Scenario 2: In a data center environment, an IPS is deployed to monitor traffic between servers. It can detect and prevent attacks like DDoS, SQL injection, and buffer overflow by inspecting the content of network packets.

Here's a simplified example of configuring access control policies on a Cisco NGFW (ASA):

!

access-list WEB_TRAFFIC permit tcp any any eq 80

access-list WEB_TRAFFIC permit tcp any any eq 443

access-list BLOCK_TRAFFIC deny ip any any

!

class-map WEB_CLASS

 match access-list WEB_TRAFFIC

!

policy-map BLOCK_WEB_POLICY

 class WEB_CLASS

   inspect http

   inspect https

!

service-policy BLOCK_WEB_POLICY interface outside

access-group BLOCK_TRAFFIC in interface outside

!

In this example, an access control list (ACL) is created to permit web traffic (TCP ports 80 and 443). Another ACL denies all IP traffic. A class map is defined to match the web traffic ACL, and a policy map is created to inspect HTTP and HTTPS traffic. The policy is then applied to the outside interface, and the access-group command applies the blocking ACL to the outside interface.

1.1.d Access points

Access points (APs) are the hardware devices which are used to send Wi-Fi singles for providing the wireless connectivity to the wireless devices in a specified area.  They act as a bridge between wireless devices and the wired network infrastructure. The picture below is the Cisco Wireless Aironet 3600 series access points. 

Scenario: In a Wi-Fi network, access points are strategically placed throughout an office building to ensure reliable wireless coverage. All the wireless supported devices such as laptop, phones etc. tries to connect to wireless network, they first get them self attached with the nearest available access point. The access point handles the transmission of data packets between wireless devices and the network.

Here's a simplified example of configuring a Cisco Aironet access point:

!

interface Dot11Radio0

 ssid ExampleNetwork

!

interface GigabitEthernet0

 switchport mode trunk

!

interface BVI1

 ip address 192.168.1.1 255.255.255.0

!

In this example, the access point has a wireless interface (Dot11Radio0) configured with the SSID "ExampleNetwork." The GigabitEthernet0 interface is configured as a trunk port to carry multiple VLANs. The BVI1 interface is configured with an IP address for management purposes.

1.1.e Controllers (Cisco DNA Center and WLC)

Controllers are network management devices that provide centralized management and control for various network components, such as access points and switches.

Cisco DNA Center is a software-based network controller that enables centralized management, automation, and assurance for enterprise networks. It provides a single dashboard for managing network devices, implementing policies, and monitoring network health. The picture below is the dashboard of DNAC.

Scenario: The network devices such as router, switches, firewalls, access points etc. are being manages and monitored by DNA Center. It is preferably used in a large enterprise environment where it is difficult to manage them manually. With the help of DNA, network engineers can perform various functions such as upgrading of IOS on devices from a centralized location and can also troubleshoot network issues without logging into each device. As Cisco DNA Center is a software-based controller, there is no specific configuration example. However, typical tasks performed through Cisco DNA Center include:

Adding network devices (routers, switches, access points) to the inventory.

Creating network profiles for devices and applying standardized configurations.

Defining policies for network access, security, and quality of service.

Monitoring network health, performance, and security.

Automating network operations and deploying software updates.

Cisco Wireless LAN Controller (WLC) is a specialized controller designed for managing wireless networks. It centralizes the configuration, security, and management of access points. The picture below is the Cisco Wireless LAN Controller 5500 series. 

Scenario: In a wireless network deployment, a Cisco WLC is used to manage multiple access points. It handles tasks such as AP discovery, client authentication, and radio resource management to ensure efficient and secure wireless connectivity.

1.1.f Endpoints

Endpoints are the device connected to the user ports of the network switches. These devices are the one who send and receives the data for the end users such devices include laptops, desktops, cameras, phones etc. 

Scenario: In a typical office network, endpoints can include employee workstations, laptops, and mobile devices. Applications run on these devices to perform tasks like sending emails, sharing files, browsing internet etc. 

1.1.g Servers

Servers are the high-end computers that provide resources such as CPU, RAM, Hard disk for storage etc. for executing various services on a network. They are designed to handle specific tasks and deliver resources efficiently.

Scenario: In an enterprise network, servers play a crucial role in providing various services. These services include storage, compute, web hosting, email service, database etc. 

1.1.h PoE

Power over Ethernet (PoE) is a technology which provides power and data to the end network devices over the same ethernet cable. With PoE, power sourcing equipment (such as PoE switches) can deliver electrical power to PoE-enabled devices without the need for separate power cables. The picture below is the Cisco Catalyst c2960x 48 port PoE switch, a normal twisted pair ethernet cable is required to connect from switch ports to the end devices such as access point (access point does not require any other external power) to withdraw power.

Scenario: In a network deployment, PoE is commonly used to power devices such as IP phones, wireless access points, and security cameras. This eliminates the need for additional power outlets near these devices and simplifies cabling.

Here's an example configuration for a Cisco PoE switch:

!

interface GigabitEthernet0/1

 power inline auto

!

interface GigabitEthernet0/2

 power inline static

 power inline consumption 15000

!

In this example, GigabitEthernet0/1 is configured to automatically detect and provide power to a connected PoE device. GigabitEthernet0/2 is configured to deliver a static amount of power (15,000 milliwatts) to the connected device.

Chapter 1.2

Previous Chapter