Network Fundamentals DOMAIN 1 · 20%
Topology · Cabling · Switching · Virtualization

Network Device Roles

Know what each device does, which OSI layer it operates at, and when to use it. Exam topic 1.1.

Routers
Layer 3 — IP packet forwarding between networks

Routers connect different IP networks together. Forwarding decisions are based on the destination IP address and the routing table. Each interface sits on a different subnet.

OSI LayerLayer 3 (Network)
PDUPacket
Decision basisDestination IP → routing table
BreaksBroadcast domains ✓ and Collision domains ✓
Default gatewayHosts send off-subnet traffic to their router's IP
Inter-VLANRouter-on-a-stick or Layer 3 switch SVI
Layer 2 vs Layer 3 Switches
LAN switching with optional routing capability
L2 SwitchForwards frames by MAC address (CAM table)
L2 breaksCollision domains ✓ — broadcast domains ✗
L3 SwitchCan route between VLANs using SVIs or routed ports
SVISwitched Virtual Interface — virtual L3 interface per VLAN
ip routingMust enable on L3 switch to route between VLANs
Use caseL3 switch = faster inter-VLAN than router-on-a-stick
Exam tip: Hub = L1 (repeats all). Switch = L2 (forwards by MAC). Router = L3 (routes by IP).
Next-Gen Firewalls & IPS
Security inspection at multiple OSI layers

Traditional firewalls filter by IP/port. NGFWs add deep packet inspection, application awareness, user identity, and integrated IPS.

Stateful FWTracks connection state — allows return traffic
NGFWApp-aware, user-aware, SSL inspection
IDSIntrusion Detection — monitors and alerts, passive
IPSIntrusion Prevention — inline, actively blocks traffic
Cisco ASATraditional stateful firewall platform
Cisco FTDFirepower Threat Defense — NGFW + IPS combined
PoE — Power over Ethernet
Deliver electrical power via Ethernet cable

PoE eliminates separate power adapters for IP phones, APs, and IP cameras by delivering power through Cat5e/Cat6 cables.

IEEE 802.3afPoE — up to 15.4W per port
IEEE 802.3atPoE+ — up to 30W per port
IEEE 802.3btPoE++ — up to 60W or 100W per port
PSEPower Sourcing Equipment — the switch
PDPowered Device — phone, AP, camera
show power inlineCheck PoE budget and per-port draw

Network Topology Architectures

Exam topic 1.2 — know the purpose and characteristics of each design.

Campus LAN

Two-Tier (Collapsed Core)

Core and Distribution layers are merged into one. Access switches connect directly to this layer. Used in smaller campus networks where cost matters more than scalability.

[Distribution / Core]
↑↑↑↑↑↑
[Access Switches]
↑↑↑↑↑↑
[End Devices]
ProsSimple, lower cost
ConsLess scalable, single congestion point
Enterprise

Three-Tier (Hierarchical)

Dedicated Core, Distribution, and Access layers. Core = high-speed backbone with no policy. Distribution = ACLs, routing, QoS. Access = end-user ports.

[Core — Fast backbone]
↑↑↑↑
[Distribution — Policy]
↑↑↑↑
[Access — Users]
Core ruleNo ACLs/QoS — just fast forwarding
Dist roleSTP boundary, inter-VLAN routing, ACLs
Data Centre

Spine-Leaf

Every Leaf connects to every Spine. No Leaf-to-Leaf or Spine-to-Spine links. Predictable latency — always exactly 2 hops. Scales horizontally by adding Leaf switches.

[Spine 1]———[Spine 2]
↑↑ ↑↑ ↑↑ ↑↑
[Leaf][Leaf][Leaf][Leaf]
↑ ↑ ↑ ↑ ↑ ↑ ↑ ↑
[Servers / VMs]
Max hopsAlways 2 (leaf → spine → leaf)
ScaleAdd leaf switches to increase port count
Wide Area

WAN Topologies

Connect geographically separate sites. Design choices balance redundancy, bandwidth, and cost.

Point-to-pointDirect dedicated link between two sites
Hub-and-spokeCentral hub, branches connect only to hub
Full meshEvery site connects to every other — most resilient
Partial meshSome redundant links — balance of cost and resilience
MPLSProvider-managed WAN with label-switched paths
SD-WANSoftware-defined overlay on any WAN transport
Home / Branch

SOHO

Small Office/Home Office — one all-in-one device (router + switch + WAP + firewall) connects users to the internet via broadband.

DeviceIntegrated home router / CPE
WANCable, DSL, fibre ONT, LTE/5G
NATSingle public IP shared via PAT/overload
DHCPRouter acts as DHCP server for LAN
Modern

On-Premises vs Cloud

On-prem: company owns all hardware in its own DC. Cloud: resources hosted by a provider (AWS, Azure, GCP).

IaaSVMs, storage, networking on demand
PaaSRuntime, DB, middleware as a service
SaaSComplete app — Office 365, Salesforce
Hybrid cloudOn-prem + cloud resources integrated
Cisco MerakiCloud-managed switches, APs, firewalls

Physical Interfaces & Cabling

Exam topics 1.3 and 1.4 — cabling types, distances, speeds, and interface errors.

Copper Ethernet — UTP Categories
Category
Speed
Bandwidth
Max Distance
Cat 5
100 Mbps
100 MHz
100m — legacy
Cat 5e
1 Gbps
100 MHz
100m — most common
Cat 6
1/10G*
250 MHz
100m (1G) / 55m (10G)
Cat 6a
10 Gbps
500 MHz
100m — augmented
Cat 8
25–40 Gbps
2000 MHz
30m — data centre
Exam tip: 100m is the standard max for copper Ethernet. Cat 5e minimum for GigE. Cat 6a required for 10GbE at full 100m.
Fiber Optic
Multimode (MMF)
Core50 or 62.5µm
LightLED / VCSEL
JacketOrange or Aqua
DistanceUp to ~550m (OM4)
UseWithin buildings / DCs
Single-Mode (SMF)
Core8–10µm (very thin)
LightLaser
JacketYellow
DistanceUp to 100km+
UseWAN / campus backbone
Memory trick: Single-mode = one path of light = thin core = very long distance. Multimode = multiple paths = thicker core = shorter distance.
Copper Cable Types
Straight-throughUnlike devices: PC→Switch, Router→Switch
CrossoverLike devices: Switch→Switch, PC→PC
RolloverConsole cable — laptop serial to device console
Auto-MDIXModern switches auto-detect cable type
Auto-MDIX means crossover cables are rarely needed today — but you still need to know the theory for the CCNA exam.
Interface Errors & Troubleshooting
Error
Cause
Fix
CRC errors
Bad cable, EMI, duplex mismatch
Replace cable / fix duplex
Late collisions
After 512 bits — almost always duplex mismatch
Fix duplex mismatch
Giants
Frames over 1518 bytes
Check MTU settings
Runts
Frames under 64 bytes — collision fragment
Fix duplex / cable
Output drops
TX queue full — congestion
Apply QoS / upgrade link
Duplex mismatch: CRC errors + late collisions + rising input errors = one side full-duplex, other half-duplex. Fix: set both sides to full-duplex manually.
# Check errors SW1# show interfaces GigabitEthernet0/1 # Fix duplex SW1(config-if)# duplex full SW1(config-if)# speed 1000

Switching Concepts

Exam topic 1.13 — MAC learning, aging, frame switching modes, and flooding.

MAC Learning & Aging
How a switch builds its CAM table

When a frame arrives, the switch reads the source MAC and records it with the ingress port. This is MAC learning — it builds the Content Addressable Memory (CAM) table.

Learn: Frame arrives on Fa0/1 with src MAC AA:BB → switch adds AA:BB → Fa0/1 to CAM.
Forward: Dst MAC in CAM → send frame only to that port.
Flood: Dst MAC not in CAM → send to all ports except source.
Age: Entries not refreshed for 300 seconds are removed.
Default aging300 seconds (5 minutes)
CAM overflowTable full → all frames flooded (MAC flood attack)
show mac address-table show mac address-table dynamic clear mac address-table dynamic
Frame Switching Modes
Store-and-Forward

Receives entire frame, checks FCS, then forwards. Filters corrupt frames. Adds latency. Default on modern Cisco switches.

Cut-Through

Reads only the first 6 bytes (dst MAC) then forwards immediately. Very low latency but forwards corrupt frames — no FCS check.

Fragment-Free

Reads first 64 bytes then forwards. Filters runts (collision fragments). Compromise between the other two modes.

Frame Flooding
Unicast floodUnknown dst MAC — not in CAM table
BroadcastAlways flooded — dst FF:FF:FF:FF:FF:FF
MulticastFlooded unless IGMP snooping is enabled
MAC flood attackFill CAM table → all traffic flooded → attacker sniffs
MitigationPort Security — limit MACs per port
Switch vs Hub vs Router Summary
DeviceOSI LayerBroadcast DomainCollision DomainForwarding
HubL11 shared1 sharedRepeats all bits
SwitchL21 per switch1 per port ✓MAC address
RouterL31 per interface ✓1 per interface ✓IP address

Virtualization Fundamentals

Exam topic 1.12 — server virtualization, containers, and VRFs.

Server Virtualization & Hypervisors

A hypervisor abstracts physical hardware and lets multiple VMs share one server. Each VM has its own OS, virtual CPU, RAM, and virtual NICs.

Type 1 — Bare Metal

Runs directly on hardware. No host OS. Most efficient. Examples: VMware ESXi, Hyper-V, KVM.

Type 2 — Hosted

Runs on top of a host OS. Less efficient. Examples: VirtualBox, VMware Workstation. Labs and dev use.

vNICVirtual NIC — each VM has its own MAC
vSwitchVirtual switch inside hypervisor connects VMs
vMotionLive VM migration between hosts without downtime
Containers vs VMs
FeatureVMsContainers
OSFull guest OS eachShare host kernel
SizeGBsMBs
StartupMinutesSeconds / ms
IsolationStrong (full OS)Process-level
Use caseFull OS, legacy appsMicroservices, CI/CD
DockerMost popular container runtime
KubernetesOrchestration — manages container clusters
VRF — Virtual Routing and Forwarding

VRF creates multiple completely isolated routing tables on a single router. Traffic in one VRF cannot reach another without explicit inter-VRF routing.

AnalogyLike VLANs — but for routing tables
Use caseMulti-tenant networks, MPLS VPNs, overlapping IPs
VRF-LiteVRF without MPLS — simpler enterprise use
Default VRFGlobal routing table for interfaces not in any VRF
# Create VRF and assign interface R1(config)# ip vrf CUSTOMER-A R1(config-vrf)# rd 100:1 R1(config-if)# ip vrf forwarding CUSTOMER-A R1(config-if)# ip address 10.1.1.1 255.255.255.0 R1# show ip route vrf CUSTOMER-A
NFV — Network Function Virtualization

NFV moves traditional network appliances (firewalls, routers, load balancers) from dedicated hardware onto VMs or containers running on standard servers.

VNFVirtual Network Function — software appliance
ExamplesVirtual router, virtual firewall, virtual IPS
BenefitFaster deployment, elastic scaling, lower cost
SDN + NFV: SDN controls the network programmatically; NFV virtualises the network appliances themselves. Often used together in modern DC and WAN designs.

Verifying IP on Client Operating Systems

Exam topic 1.10 — verify IP address, subnet mask, gateway, and DNS on Windows, macOS, and Linux.

🪟 Windows
# Basic IP info ipconfig IPv4: 192.168.1.50 Mask: 255.255.255.0 GW: 192.168.1.1 # Full detail (DNS, DHCP, MAC) ipconfig /all # DHCP release / renew ipconfig /release ipconfig /renew # Flush DNS cache ipconfig /flushdns # Routing table route print netstat -r # Test connectivity ping 8.8.8.8 tracert 8.8.8.8
🍎 macOS
# Interface info ifconfig en0 inet 192.168.1.50 netmask 0xffffff00 broadcast 192.168.1.255 # Get IP only ipconfig getifaddr en0 # Default gateway netstat -rn | grep default route -n get default # DNS servers scutil --dns cat /etc/resolv.conf # Test connectivity ping -c 4 8.8.8.8 traceroute 8.8.8.8
🐧 Linux
# Modern (iproute2) ip addr show eth0 inet 192.168.1.50/24 # Routing table ip route show default via 192.168.1.1 # DNS cat /etc/resolv.conf nameserver 8.8.8.8 # Legacy commands ifconfig eth0 route -n # Test connectivity ping -c 4 8.8.8.8 traceroute 8.8.8.8
Systematic Connectivity Troubleshooting — Bottom-Up OSI
L1 Physical: Cable plugged in? Link light on? No CRC errors?
L2 Data Link: Right VLAN? Trunk configured? STP blocking?
L3 Network: Correct IP/mask/GW? Can ping gateway? Route in table?
L4 Transport: Firewall/ACL blocking the port?
L7 Application: DNS resolving? Service running? Correct credentials?
Key ping sequence: ping 127.0.0.1 (stack OK) → ping own IP (NIC OK) → ping gateway (L3 path OK) → ping remote IP (routing OK) → ping by hostname (DNS OK)

Packet Tracer Labs

Hands-on fundamentals walkthroughs — open Cisco Packet Tracer alongside these steps.

Question 1 of 12
60s
0 correct

Topic Checklist

Tick each topic as you learn it. Progress saves automatically.

0%
Complete