It takes more than a single router or access point to operate an enterprise network. In this video, you’ll learn about switches, routers, patch panels, PoE, and more.
If you walk in a data center for any organization, you’ll find many, many different types of systems that are used for network communication. Sometimes these are single use devices like this switch or it may be a device that combines functionality. For example, the SOHO routers that we’d normally use in our home are both switches, routers, and wireless access points all in one device. For the purposes of your exam studies, you should understand what these devices are and in what circumstances you should use these devices on your network.
A router is a device that forwards traffic between different IP subnets. The router uses the IP address that’s within the packet to determine what the next hop might be on its way to the final destination. Because this routing takes place at layer 3 of the OSI model, we often refer to these as layer 3 devices. And if we have a router that can be configured inside of a switch, you’ll see those devices referred to as layer 3 switches. Although routers can certainly connect IP subnets that are using the same topology, it’s also common to use routers to connect different types of networks together. For example, the interfaces on a router might connect LAN, WAN, copper, and fiber connections all in one single device.
Another common infrastructure device is a switch. If you’re using a copper cable to plug in a laptop or desktop computer, then you’re commonly plugging directly into a switch. A router commonly forwards traffic based on the destination IP address that’s within a packet. A switch determines where traffic should be forwarded based on the destination MAC address inside of that time frame. This is also a device that’s able to forward traffic at very high rates of speed because a lot of those forwarding decisions are based in the hardware of the device itself.
Many switches have an Application Specific Integrated Circuit or an ASIC which allows for very fast throughput. If you have a switch that’s in the core of an enterprise network, there could be tens or even hundreds of interfaces on that switch. And many switches will also add additional power to the switch connection using POE or Power Over Ethernet. And as we mentioned earlier, if you happen to have a switch that has the ability to turn on additional routing functionality, we often refer to that as a layer 3 switch or a multilayer switch.
If you were to purchase a switch for your home from a local or online retailer, that switch probably doesn’t have a lot of functionality. It is simply connecting all of these devices together. If you’ve simply powered the switch up and there’s no configuration options on the switch at all, then you’re probably using an unmanaged switch. Unlike switches that you might find in an enterprise, an unmanaged switch gives you very few configuration options. For example, you can’t configure any VLANs on an unmanaged switch. All of the devices that you’re connecting to an unmanaged switch would all effectively be on the same VLAN. There’s also very little integration with other protocols or other devices.
In an earlier video, we described the Simple Network Management Protocol or SNMP. Network administrators often use SNMP to query these devices on their network to check for performance or any types of errors. An unmanaged switch commonly has no SNMP capabilities, so although you could connect it to your network there would be no way to pull it or query that device for performance information. But if all you need is a simple connectivity device that you can use to connect all of your systems together, you can probably get an unmanaged switch at a relatively low cost.
If you’re purchasing a switch for an office or a larger organization, you’re probably going to get a switch that is a managed switch. This is one that provides additional capabilities, especially for someone who needs to constantly monitor and confirm that this device is working as expected. For example, a managed switch may allow you to configure different interfaces to be on completely different IP subnets or what we call VLANs or Virtual LANs. These switches might also have configuration options to prioritize traffic. So you may be able to set Voiceover IP traffic to have a higher priority than file transfer traffic.
It’s very common for organizations to have multiple switches that they would connect to their network. And one way that you could prevent loops between all of those switches is by enabling Spanning Tree Protocol or STP. To have STP as a configuration option on your switch, you would probably need to have a managed switch. Some managed switches will allow you to perform port mirroring where you can take traffic from one port that’s on the switch and copy all of that traffic to a different port on the switch, ideally to plug in a protocol analyzer to be able to view all of those packets traversing the network. This is commonly used for troubleshooting or packet analysis and not something you would usually find on an unmanaged switch. And as we’ve mentioned, a managed switch can also include a number of different capabilities such as enabling Simple Network Management Protocol or SNMP.
If you’re in the office or you’re walking through another place of business, look at the ceiling and see if you see a device like this. This is an access point. It provides wireless connectivity for the local network. This is not a router that you might find in a SOHO device that your small office or home office. This is a device that only provides a link between the wireless network and the wired network. You’ll sometimes hear these devices referred to as a bridge because they are simply bridging or extending that wired connection into a wireless connection.
This is not a device that is routing between subnets, and it’s not performing any type of network address translation. It’s simply bridging people on the wireless network to the folks that are on the wired network. An access point makes forwarding decisions based on the destination MAC address, which is identical to the way that a switch forwards information. The access point examines the destination MAC address and determines if that MAC address is on the wireless network or if it should send that information to the wired network.
One of the challenges with connecting many, many people in a work environment to the network is that there are a lot of cables that have to be managed. In this diagram, we have a number of people that are sitting at their desk on the floor of the building. And you can see there are a lot of cables. We have a cable from every desk that is going back to a central wiring closet on that floor. In that wiring closet is a patch panel. We first would connect all of those devices to this patch panel and that run is a permanent run. Once somebody is connected from their desk to the patch panel, we don’t tend to move that cable going forward.
On the other side of that patch panel can be connectors like RJ45 connectors. And we would then extend those RJ45 connectors to interfaces that may be on a switch inside of that wiring closet. This allows us to connect folks that are on their desk all the way back to the main infrastructure of a particular network. There may be times when somebody is moving between desks or perhaps they have a new person that’s hired who’s sitting in a new desk. In those scenarios, you may have to move someone from a connection on one switch to a connection on another switch.
If this was one single cable, then you would have to start moving cables inside of your wiring closet to try to properly place where they should be connected. But with the patch panel in place, you simply disconnect from one switch and you connect that particular port on the patch panel to a different switch. This is a much shorter cable. It’s a cable that’s already labeled, so you know exactly which desk it’s going to. And it’s a change that you can make relatively quickly.
Here is the RJ45 side of a patch panel that’s in someone’s wiring closet. If you look closely behind the patch panel, you can see all of the cable runs that are coming from the desks. And then you can see the RJ45 connectors on the front that are ultimately connecting to a switch. This means that nothing is going to change with the wiring between a user’s workstation and the closet, because all of that is punched down and permanently connected to the back of this patch panel. When you need to make a change, you simply move the cable that’s on the front of the patch panel, which certainly limits the scope of any problems that might occur during one of these changes. If you have a patch panel like this, which uses RJ45 connectors, you don’t even need any special cabling to make that change. You simply unplug the cable, move it to where it needs to be, and plug it in to the new interface.
Here’s the connection between a patch panel and a switch. This is the patch panel on the top. There are cables you can’t see that go back to the desk. And then there are smaller cables on the front that connect from the patch panel and extend that connection into an interface on the switch.
A traditional firewall is able to allow or disallow traffic through your network based on IP addresses and port numbers. Since those TCP and UDP ports operate at layer 4 of the OSI model, it’s common to refer to firewalls like this as an OSI Layer 4 device. These days it’s increasingly common to see firewalls that understand application layer traffic. And in those cases, the firewall would be a layer 7 device.
Some firewalls can also act as an endpoint for an encrypted tunnel, which means that you can connect two sites together across a public network like the internet, but all of the traffic between those sites is encrypted. Some firewalls can also act as a proxy. So if someone is browsing a site on the internet, the firewall will stop that communication. It will perform the browsing for the user, receive the response from that device over the internet, examine and make sure that nothing inside of that traffic may be dangerous or malicious, and then send the results of that query back to the user.
And in many cases, and this is probably the case for the small SOHO type routers you use at home, this firewall can also act as a router. This device is making forwarding decisions based on the destination IP address. Therefore, it’s acting as an OSI layer 3 device. In many environments, the firewall is the device that is connected directly to the internet, and so using that also as a router allows you additional functionality for forwarding traffic.
If you’re using a desktop computer or a laptop computer, you may be accustomed to connecting to a power source to be able to use those devices. But some devices allow you to power that system through the ethernet cable that’s already connecting to the device. We refer to that type of power as Power Over Ethernet or POE. This allows you to run a single wire to the device that will not only be able to transfer data but also used as the power source for that device.
You often see POE used with access points, cameras, and anything else where power may be difficult to run to that device. Often this power is coming directly from the switch. And in those cases, we refer to that as an endspan. If your switch doesn’t support POE, then you’ll need something in the middle of that connection that will add power to the ethernet cable. We refer to these as POE injectors, and this is often referenced as a midspan.
This is a POE injector on my network that powers a camera. You can see the connection from the camera is plugging into the POE or the data connection. And then I have another cable that’s connecting back to a switch that doesn’t support POE. Once my switch and camera are connected and I power up the injector, the camera now has the power it needs to be able to operate.
Most switches will identify what interfaces can support something like POE. On this switch, for example, you can see that it’s a common eight port ethernet switch. And you can see that anywhere. It has the blue color across the top, it will support POE. So ports 1 through 8 will support POE. Port 9 looks like it’s commonly used as an uplink port. And since it does not have that blue line, this interface does not support POE.
Different devices need different types of power, and there are different standards for POE depending on what type of switch you might be using. The traditional or original style of POE is specifically called the IEEE 802.3af from 2003. This is the original POE specification that has now been rolled into the standard 802.3 ethernet standard. This provides 15.4 watts of DC power with 350 milliamps as the max current. We improved POE through the years, and in 2009 we introduced IEEE 82.380at. This has also been wrapped into the 802.3 standard, and it provides additional power, 25.5 watts of DC power, with a maximum milliamp current of 600 milliamps.
And one of the more modern pop standards is the POE++ or the IEEE 802.3bt. When we’re providing 51 watts with 600 mil amps of max current, we refer to this as a type 3. Type 4 POE++ is 71.3 watts with 960 milliamps as the max current. This was a standard designed to work with 10 gigabit per second ethernet and provide power for those 10 gig devices.
Before there were switches, we commonly use hubs to be able to connect all of the devices on our network. Sometimes you’ll hear a hub referred to as a multi-port repeater. That’s because hubs are not very intelligent devices. Any data that’s going into one interface on this hub will automatically be copied and sent to all of the other interfaces on this hub. As you can imagine, this is not the most efficient way to communicate.
And on top of that, we’re not able to run any full duplex communication to a hub. So all of the devices plugged into this hub will operate at half duplex. Since everything is being re-transmitted to every other interface on this device, as you put more of a load and add more devices to the network, the performance of this device tends to get slower and slower. That’s one of the reasons we decided to change from a hub based network to something more intelligent like a switch based network.
These devices are a bit outdated for our modern networks. And if you do find a hub, you’ll find that they are only available in 10 megabit and 100 megabit speeds. These are not devices that you would find new. These are probably only available on a secondary or used market.
If you’re using the same cable for your cable television as your internet connection, then you probably have a cable modem in your home. This allows you to communicate over what we call broadband communication because there are multiple frequencies of traffic being used over a single wire. This means that we can have video signals for our television. We can connect our phone lines into this cable modem. And of course, it can be used for internet data.
There’s a standard for sending data over these cable networks, and that standard is called DOCSIS. That stands for Data Over Cable Service Interface Specification. Many cable modems can support higher speeds up to one gigabits per second and the total speeds available to you will be dependent on your service provider. There are usually multiple services available on these networks. And when you connect the cable, you can either connect to the data that’s on the internet side. This particular cable modem also has analog telephone connections for any voice communication.
If you’re not using your cable company for internet connectivity, you may be using the traditional telephone company to provide that connection. And usually that’s done through a DSL modem. Often this is technically an ADSL modem, which stands for Asymmetric Digital Subscriber Line, and it uses the same telephone lines that we’ve always used for our analog telephone.
The reason that DSL is asymmetric is because the speeds for downloading is usually much faster than the speeds for uploading. There’s also often a distance limitation with DSL before the signal gets so weak that you’re not able to receive any of the data. That’s usually around 10,000 feet from the Central Office or the CO. It’s common to see speeds with DSL that range from 52 megabit down and 16 megabit up, but you can find larger and faster DSL implementations depending on the capabilities from your provider. If you are closer to the CO, you also tend to get much faster throughput than if you’re farther away.
And if you’re not connecting to the internet using copper cable or telephone lines, then you may be connecting with fiber. To connect to the fiber network, you need an ONT, or an Optical Network Terminal, which is a device that’s usually connected outside of your home or your premise. This is connecting an ISP fiber network and converting it into signals like copper ethernet that can be used inside of your home. This ONT is usually connected to the outside of your building and it usually delineates the ISPs network from your own internal network.
We refer to this delineation as a demarcation point or a demarc. Sometimes this demarc is located in your data center itself. Or if you’re at home, it’s located on the outside of your home. It’s important that a demarc exists so you know what the responsibilities are for each different party. You know that any of the wiring on the inside of your house is your responsibility up to the point of that demarc, and then anything outside of that demarc is the responsibility of the service provider.
This is a closer look of this ONT. This is the fiber connection coming in from the street. You can see the fiber label is placed there. You can see this device has outputs for data, which is an ethernet connection. You can plug in analog telephone to this device as well. And there’s an F connector here for the cable connection that you plug in to your television.
If you are connecting to a copper ethernet connection, you’re using a Network Interface Card to provide that connectivity or a NIC. All of the devices we’ve discussed so far that are connecting to a wired ethernet connection have a network interface card inside of them. This is a network interface card you would plug into a server and this card has four separate ethernet connectors on the back. But if you have a laptop or desktop computer with an ethernet interface, that also is a network interface card.
There are also network interface cards for other types of topologies. If you’re plugging into a wide area network serial connection or you have a wireless interface, those also have network interface cards. These are sometimes built into the motherboard or it may be a separate adapter that you can plug into an expansion slot and increase the capabilities of your device. So whether you need copper connectivity, fiber connectivity, or anything in between, you will need a network interface card on your device to make that connection to the rest of the network.