Chapter 1
The Role and Function of Network Components
This chapter ensures that you are ready for questions related to these topics in the Network Fundamentals section of the CCNA 200-301 exam blueprint from Cisco Systems. Remember that this is just a portion of the Network Fundamentals section. The other chapters in Part I, “Network Fundamentals,” also provide information pertinent to the Network Fundamentals section.
This chapter covers the following essential terms and components:
▸ Next-generation firewalls and IPSs
▸ Access points (APs)
▸ Wireless LAN controllers (WLCs)
▸ L2 and L3 switches
▸ Cisco DNA Center
▸ Endpoints
▸ Servers
Topic: Explain the role and function of network components
CramSaver
If you can correctly answer these CramSaver questions, save time by skimming the ExamAlerts in this section and then completing the CramQuiz at the end of this section and the Review Questions at the end of the chapter. If you are in doubt at all, read everything in this chapter!
1. What networking term can be used for devices such as PCs, laptops, and mobile phones used by end users?
_________
2. Name a network device that features many ports for high-speed connectivity of endpoints and also offers high-speed routing capabilities.
_________
3. Name a network device that connects users to a network using multiple radio frequency bands.
_________
Networks today are growing in complexity. New devices are appearing and playing critical roles in the network infrastructure and functionality. Although there are many specialized devices, the CCNA 200-301 exam blueprint calls out specific devices that you need to understand. This topic examines four of them:
▸ L2 and L3 switches: Remember that L2 and L3 stand for Layer 2 and Layer 3 of the OSI model. An L2 switch is typically a low-cost switch whose job is to switch frames as quickly as possible from one port to another in order to direct traffic from device to device. The most common of these switches, the Layer 2 transparent Ethernet switch, quietly learns MAC address–to–port mappings by “learning” the MAC addresses of endpoints from the many frames that inevitably arrive on the various switch ports.
A Layer 3 switch takes things up a notch (layer). These popular devices not only switch frames but also route (Layer 3) packets between different subnets. Remember that, in the Cisco world, a subnet is defined as a VLAN in the infrastructure.
Layer 3 switches offer some of the most blazing speeds when it comes to moving packets from one subnet to another. In addition, Layer 3 switches eliminate the need for the old-fashioned router on a stick configuration for the purpose of routing between VLANs. A router on a stick configuration features a Layer 2 switch that trunks to an external router that provides the required routing functions.
▸ Access points: It seems like you cannot go anywhere today without being in a wireless cell for Internet access. Some cities around the world (including my own) provide complimentary Internet access using Wi-Fi throughout the entire city downtown area. One of the key devices that make this a reality is the access point.
Access points are often dual band, supporting two of the most popular unlicensed frequency bands, as defined in various iterations of the 802.11 wireless standards. Most Wi-Fi implementations use one or both of the two unlicensed spectrum bands. The role of an AP is simple: Connect users to the network as quickly and efficiently as possible with some level of security. This might be no security at all in the case of an open guest network, or it might mean the highest levels of security available in the wireless segment for a protected business network. For corporate environments, Cisco manufactures “lightweight” access points that rely on a wireless LAN controller for their configuration and management.
ExamAlert
Wireless networks often use an older method of allowing multiple devices to access the infrastructure “at the same time.” They use carrier-sense multiple access with collision avoidance (CSMA/CA). CSMA/CA uses carrier sensing, but nodes attempt to avoid collisions by transmitting only when the channel is sensed to be idle. Nodes also transmit in order and in predetermined time slots. This “ordered” transmission does not guarantee that there will not be collisions, but it significantly reduces the probability that they will occur. Contrast this to what happened in older hub-based local-area networks (LANs) with Ethernet cables, where no effort was made to avoid collisions: There was only a mechanism to detect them and recover from them when they occurred. Ethernet uses carrier-sense multiple access with collision detection (CSMA/CD). This is a media access control method that uses a carrier-sensing scheme in which a transmitting data station listens for other signals while transmitting a frame. If it detects that two devices are sending at the same time, the device stops transmitting that frame, transmits a jam signal, and then waits for a random time interval before trying to re-send the frame.
▸ Endpoints: Why do we work so hard building great networks? Well, one main reason is that we are doing it for the many different endpoints of our environment. An endpoint is a computing device that communicates back and forth with our network to reach resources such as data storage or other endpoints. Examples of endpoints include desktop PCs and Macs, laptops, smartphones, tablets, and workstations. Thanks to the Internet of Things (IoT), this list just keeps getting longer and longer.
▸ Servers: Technically, servers in a network are also considered endpoints, but Cisco places them in a category by themselves. Perhaps this is because endpoints can be thought of as devices that are using the network to enjoy resources, while servers are serving up resources on the network. Servers can provide file and print resources, websites, compute horsepower for applications, security software, and much more.
Just as there are many different purposes for a server in a network, there are many different operating systems to choose from. Servers can run Windows, UNIX, Linux, and even macOS for various purposes. Did you know that the dominant web server in the world is Apache running on Linux?
CramQuiz
1. What technology is used with half-duplex Ethernet networks?
A. CSMA/CA
B. CSMA/CD
C. CSMA/CC
D. CSMA/CQ
2. What network infrastructure component is now frequently a replacement for router on a stick?
A. Access point
B. Endpoint
C. L2 switch
D. L3 switch
CramQuiz Answers
1. B is correct. Half-duplex Ethernet LANs use carrier-sense multiple access with collision detection in order to guard against collisions.
2. D is correct. An L3 switch can both switch frames and route packets, replacing the functionality of a router on a stick configuration.
Topic: Next-generation firewalls and IPS
CramSaver
1. What modern security device can perform deep packet inspection and match packets against known security attacks?
_________
2. What NGFW feature used to be implemented in a separate appliance?
_________
3. Why might AI be used in a NGFW?
_________
Firewalls have been around for a long time and come in many different shapes and sizes. In fact, firewalls might be physical appliances “racked and stacked” in your data center right along with routers and switches, or they might be software implementations tucked right inside your operating system. The built-in Windows Firewall is a great example of this latter type.
No matter its form, the firewall’s job is always the same: Protect one portion of a network or computer system from another portion. The classic example is the network firewall. This device connects to “inside” protected networks and protects them from “outside” networks (such as the Internet). A shining example of a network firewall appliance from Cisco Systems was the Adaptive Security Appliance (ASA). There was even a virtual version (ASAv) that you could connect to a virtualized (VMware) network. Amazingly, these ASA and ASAv devices are already considered legacy Cisco devices.
Cisco is very excited about its latest next-generation firewalls. These devices go far beyond the simple inspection of the source/destination IP addresses and ports used in packets. NGFW devices can perform deep packet inspection for a detailed analysis of application layer information.
In fact, NGFWs can now perform the functions of intrusion prevention systems (IPSs). In the past, IPS technology was implemented (most often) through distinct appliances. Such devices used a variety of methods (such as signatures) to recognize attacks and drop packets that were part of attacks. Because most modern malware uses strong encryption, NGFWs also use heuristics to detect malware traffic.
Today NGFWs often call upon external signature databases of new and emerging attacks, so they are constantly getting smarter and more skilled at learning what traffic to deny. Due to the speed with which malware spreads today and the increasing severity of the damage it can cause, the speed with which vendors update their signature databases is no longer considered sufficient to protect networks from the latest threats. Interestingly, artificial intelligence (AI) in the form of machine learning (ML) is often put to use in detecting and thwarting new attacks that have never been seen before (zero-day attacks)—without the need for downloading signatures.
To function as a NGFW, a Cisco appliance requires a special term-based software license and Internet connectivity to download the signatures that Cisco updates daily and so the device can validate its license. Without valid special NGFW licenses, the devices revert to classic firewall functionality. Keeping track of licenses in a large network is a full-time job in itself.
ExamAlert
The Cisco Firepower NGFW devices were originally produced by a company called Sourcefire. Cisco bought that company in 2013 for $2.7 billion. Think there is a lot of money in cyber security?
CramQuiz
1. What are the latest NGFW devices from Cisco called?
A. Sourcefire
B. Firepower
C. TrendMicro
D. Prime
2. A network firewall often connects the protected inside network to the outside network. What does the outside network typically consist of?
A. A server cluster
B. Another subnet of the protected network
C. A partner network
D. The Internet
CramQuiz Answers
1. B is correct. Firepower is the name for a large number of security devices from Cisco Systems.
2. D is correct. A classic network firewall implementation connects the protected corporate inside network to the outside public Internet.
Topic: Controllers (Cisco DNA Center and WLC)
CramSaver
1. What modern Cisco controller can be set up to provision, configure, and monitor all your network devices in minutes and can even use AI and ML?
_________
2. What type of appliance is designed to configure and manage Cisco wireless networks?
_________
Cisco DNA Center
For many years, Cisco was not very well respected when it came to management software for the networks it was building and maintaining. In the early 2000s, I was teaching a product Cisco offered called CiscoWorks. As you might guess, a frequent joke surrounding this product was the fact that it did not work all that well.
Certainly much has changed, and today Cisco offers a very well received controller for just about everything in your network. It is Cisco DNA Center (where DNA stands for Digital Network Architecture).
The goals of DNA Center are lofty ones. The product seeks to:
▸ Simplify network management
▸ Deploy networks in minutes
▸ Lower costs
▸ Incorporate cloud services and third-party integrations
Cisco DNA Center uses what the industry likes to term a “single pane of glass” for all of this. It offers a single web-based graphical user interface (GUI) with plenty of tabs and command options to permit you to interact with a network in many different ways, all within the Cisco DNA Center software. Be sure to check out the “Additional Resources” section of this chapter for a link to an informative video on Cisco DNA Center to gain even more knowledge about it.
Wireless LAN Controllers (WLCs)
Large environments that are more complex than home networks might need many access points to fulfill the needs of the organization. A wireless LAN controller (WLC) is ideal in such a situation, to manage the many APs (access points) that exist. These devices often act as the brains of the operation and control aspects such as security and frequency usage as well as transmission power. As you might guess, Cisco is in the business of wireless controllers as well.
When the APs in a wireless network do not require a WLC in order to work their magic, they are referred to as autonomous access points. If they do require a WLC in order to be configured and managed, they are referred to as lightweight access points. You should also note that many of the Cisco APs can actually function in either mode, and this is completely configurable.
ExamAlert
Wireless LAN controllers from Cisco are capable of many advanced features, including the following:
▸ Configuration of wireless policy, management, or security settings at any time through centralized provisioning and management
▸ Faster response to business needs through central management of wireless networks
▸ Standardized access point configuration for software versioning
▸ Wireless intrusion prevention system (wIPS) capabilities
▸ Network-wide quality of service (QoS) for voice and video across wired and wireless networks
▸ Network-wide centralized security policies across wired and wireless networks
▸ Mobility, security, and management for IPv6 and dual-stack clients
▸ Tight integration with Cisco DNA Center
CramQuiz
1. In the name Cisco DNA Center, what does DNA stand for?
A. Digital Network Architecture
B. Distributed Network Analysis
C. Durable New Applications
D. Dynamic Network Aptitude
2. What is the term for an access point that relies on a WLC for its configuration and management?
A. Lightweight
B. Autonomous
C. Distributed
D. Mesh
CramQuiz Answers
1. A is correct. DNA stands for Digital Network Architecture.
2. A is correct. A lightweight access point is an AP that requires a WLC for its configuration and operation.
Review Questions
1. What security device tends to be implemented in many different forms, including hardware and software?
A. WLC
B. Firewall
C. Access point
D. Router
2. What device is designed as a high-speed, low-cost method of connecting endpoints to a network?
A. WLC
B. NGFW
C. L2 switch
D. L3 switch
3. Why are access points often referred to as dual band?
A. Because they can also service LAN clients
B. Because they support multiple frequency bands
C. Because they offer multiple security settings
D. Because they are capable of operating in lightweight or autonomous modes
4. What is the typical method of communication used in wireless networks?
A. CSMA/CW
B. CSMA/CQ
C. CSMA/CD
D. CSMA/CA
5. Deep packet inspection often refers to which layer of the OSI model?
A. Layer 3
B. Layer 4
C. Layer 5
D. Layer 7
6. In addition to replacing your legacy firewall, a Cisco Firepower device can also replace what other physical appliance?
A. Web server
B. L2 switch
C. IPS
D. Content caching system
Answers to Review Questions
1. B is correct. Firewalls protect some part of a system or network from another part of the system or network. They come in many different varieties. Some firewalls are hardware based, whereas others are software based.
2. C is correct. An L2 switch connects endpoints to a network in a cost-effective yet very efficient manner.
3. B is correct. Most APs support multiple frequency bands. They are therefore often referred to as dual-band devices.
4. D is correct. Wireless networks often use CSMA/CA, which means nodes send traffic only when the network is sensed to be idle.
5. D is correct. Deep packet inspection refers to the NGFW being able to inspect deep inside a packet, all the way to the application payload (Layer 7 information).
6. C is correct. NGFWs often feature replacement technology for legacy IPS appliances.
Additional Resources
The Evolution of Cisco’s Firepower
https://www.ajsnetworking.com/the-evolution-of-ciscos-firepower
Overview of Cisco DNA Center