Before diving into cables and switches, let’s understand the problem Ethernet was designed to solve — and why it became the dominant way to connect devices.
Why it matters
Imagine you have 50 computers in an office. Without a standard way for them to share the same wire and talk to each other, every pair of computers would need its own dedicated cable. 50 computers × 49 others = 1,225 cables. Ethernet solved this by defining a shared medium with rules for taking turns — one cable, unlimited devices.
📡
What “Ethernet” actually means
A family of standards (IEEE 802.3) defining how devices transmit data on a local network using electrical signals or light.
The name comes from “ether” — early designers imagined signals propagating through a medium like light through air. Today it covers speeds from 10 Mbps to 400 Gbps using copper wire, fiber optic cable, or wireless radio.
🏠
LAN vs WAN
A LAN (Local Area Network) covers one building or campus. A WAN connects geographically separate networks.
Your home network is a LAN. The internet is a collection of interconnected WANs. Ethernet is the dominant technology for LANs. When your laptop talks to your router, that’s Ethernet. When your router talks to your ISP, that’s a WAN technology like DSL, cable, or fiber.
🔢
Layer 1 & Layer 2
Ethernet spans two OSI layers: Physical (signals on the wire) and Data Link (MAC addresses, frames).
Layer 1 defines voltages, cable types, and signal timing. Layer 2 defines the Ethernet frame format and MAC addressing — how devices find each other on the same network. You need both layers working for Ethernet to function.
⚡
Speed milestones
10 Mbps (1980s) → 100 Mbps → 1 Gbps → 10 Gbps → 400 Gbps (today in data centers).
Each speed increase required new cable categories and signaling methods, but kept the same MAC address and frame format. This backward-compatibility is why Ethernet has dominated for 40+ years — you can upgrade speed without replacing every piece of software.
Key exam insight: When the exam says “network components 1.1.b”, it wants you to know why we have different types of switches, not just that they exist. That’s what the next sections explain.
1.1.b · Network Components
L2 and L3 Switches
A switch is the central brain of a LAN — but there are two fundamentally different kinds. Understanding why each exists unlocks most of how modern networks are designed.
Why two types exist
A basic (Layer 2) switch can only deliver frames within one network — it uses MAC addresses but has no idea about IP addresses. The moment you need traffic to flow between two different IP subnets — say, the Finance department and the Engineering department — a Layer 2 switch is helpless. That’s the problem a Layer 3 switch solves: it routes between VLANs internally, at wire speed, without an external router.
Live Switch Simulation — MAC Learning
PC-A AA:AA:AA:AA
PC-B BB:BB:BB:BB
PC-C CC:CC:CC:CC
PC-D DD:DD:DD:DD
SWITCH
PKT
MAC Address
Port
Status
Table is empty — send a frame to populate it
Click a button below to simulate frame delivery…
📚
MAC address table
The switch builds this table by watching the source MAC on every incoming frame. It remembers: “MAC X came in on port 3.”
This learning is called “transparent bridging.” It happens automatically with no configuration. The table has a timeout (usually 300s) — if a device goes silent, its entry is flushed so the switch doesn’t direct traffic to a port that may no longer have that device.
🌊
Flooding unknown MACs
If the destination MAC isn’t in the table, the switch copies the frame to every port except the incoming one — this is a “flood.”
Flooding looks wasteful but it’s the correct behavior. The real device will receive the frame and respond — and when it does, the switch learns its MAC address. Flooding also happens for broadcast frames (FF:FF:FF:FF:FF:FF), which is why ARP requests reach every device on the LAN.
🚧
Collision domains
Each switch port is its own collision domain — devices connected to a switch don’t compete with each other for the wire.
This was the key upgrade from hubs. With a hub, all devices shared one collision domain — only one could talk at a time (CSMA/CD). A switch eliminates this. With a modern full-duplex switch port, a device can send and receive simultaneously at full speed. CSMA/CD is essentially retired on switched networks.
🏷
VLANs
Layer 2 switches support VLANs — virtual networks that partition a single physical switch into isolated segments.
VLAN 10 (Finance) and VLAN 20 (Engineering) can coexist on the same switch. Devices in different VLANs can’t communicate at Layer 2 — they’re on separate broadcast domains. To route between VLANs, you need either a Layer 3 switch or a router (router-on-a-stick).
Layer 3 switch = Layer 2 switch + routing engine. It can forward frames between ports on the same VLAN (like a regular switch) AND route IP packets between different VLANs — all in dedicated silicon at wire speed. A separate router is not needed for inter-VLAN traffic.
🔀
Inter-VLAN routing
A Layer 3 switch assigns each VLAN an IP address (the SVI — Switched Virtual Interface) and routes between them internally.
Without a Layer 3 switch, inter-VLAN routing requires traffic to leave the switch, go to a router, and come back — called “router on a stick.” This creates a bottleneck. A Layer 3 switch routes internally at full hardware speed, which is why it’s preferred in larger campus networks.
📋
Routing table in hardware
Layer 3 switches use a specialized ASIC called a TCAM to look up IP routes in a single clock cycle — dramatically faster than software routing.
Traditional routers use software to look up routes (slower but more flexible). Layer 3 switches use TCAM (Ternary Content-Addressable Memory) which can match destination IPs in one operation. This is why 10 Gbps inter-VLAN routing is possible on a switch but would overwhelm a software router.
🎯
When to use each
Use L2 switches at the access layer. Use L3 switches at the distribution/core layer where VLANs need to communicate.
The classic 3-tier campus model: Access layer = L2 switches connecting end devices. Distribution layer = L3 switches routing between VLANs. Core layer = high-speed L3 switches. SOHO environments often use a single device that handles both — a router with a built-in switch.
💰
Cost trade-off
Layer 3 switches cost more because of the routing ASIC. For small networks with one VLAN, a Layer 2 switch is sufficient.
The exam wants you to know: if you have multiple VLANs and want them to communicate at high speed without an external router, the answer is a Layer 3 switch. If you only need intra-VLAN switching and don’t care about routing, an L2 switch is the cost-effective choice.
Feature
L2 Switch
L3 Switch
MAC forwarding
Yes
Yes
IP routing
No
Yes (hardware)
VLAN support
Yes
Yes + SVIs
Inter-VLAN routing
Needs ext. router
Built-in
Typical use
Access layer
Distribution / core
Relative cost
Lower
Higher
1.2 · Network Topology Architectures
Network Topology Architectures
Topology is the map of how devices connect. The shape of your network determines its resilience, cost, and scalability — so choosing the right one for the right context matters enormously.
Why topology matters
Imagine a star topology where all traffic goes through one central switch. That switch becomes a single point of failure — if it dies, everyone loses connectivity. Or imagine a mesh topology where every device connects to every other device — that’s expensive but incredibly resilient. Every topology is a different answer to the same question: how do we balance cost, performance, and reliability?
✅
Used everywhere today
Every modern Ethernet LAN uses star topology — your home network, office network, and data center all use switches as the central point.
⚠️
Single point of failure
If the central switch fails, all connectivity is lost. Enterprise networks mitigate this with redundant switches and spanning tree protocol.
📜
Historical (10BASE-2/5)
Early Ethernet used coaxial cable as a shared bus. All devices tapped into the same wire — only one could transmit at a time.
🚨
Fatal flaw
One break in the cable disconnects the entire network. This is why bus topology is obsolete — you’d never design this today.
🔄
Token-passing access
Token Ring networks used a circulating “token” — only the device holding the token could transmit, eliminating collisions.
📜
Obsolete but exam-relevant
Token Ring (IEEE 802.5) was IBM’s LAN standard before Ethernet won the market. You may see it on the CCNA exam as a contrast to Ethernet.
🛡
Maximum resilience
Full mesh means every device connects to every other device. Any single (or even multiple) link failures don’t interrupt connectivity — traffic reroutes.
📐
Expensive to scale
n(n−1)/2 links for n devices. 10 routers = 45 links. Used in WAN cores and data centers where redundancy justifies cost. Partial mesh is a common compromise.
🏢
Real-world networks
Enterprise networks use hybrid topologies: a meshed core for resilience, and star branches at the access layer for simplicity and cost-efficiency.
⚖️
Best of both worlds
The core handles redundancy where it matters. The access layer keeps things simple for end devices. This is the 3-tier model: Access → Distribution → Core.
1.2.e · SOHO Networks
Small Office / Home Office (SOHO)
SOHO networks are the simplest practical Ethernet LANs — and they’re everywhere. Understanding them is the foundation for understanding why enterprise networks are designed differently.
Why SOHO is its own category
A home or small office has fundamentally different constraints than a corporate campus: one internet connection, a handful of devices, no IT staff, and limited budget. The solution is a single multipurpose device — often called a “home router” — that handles routing, switching, Wi-Fi, DHCP, NAT, and firewall all in one box. Enterprise networks separate these functions for scale and control. SOHO collapses them for simplicity.
Typical SOHO Network Diagram
📦
The all-in-one device
A SOHO router typically combines: cable/DSL modem, NAT router, 4-port switch, Wi-Fi access point, DHCP server, and basic firewall.
In enterprise networks, each of these would be a separate device or separate software instance. SOHO collapses them because the traffic volumes don’t justify the complexity. The tradeoff: if the device fails, you lose all LAN and internet connectivity simultaneously.
🔒
NAT as default security
By default, NAT prevents unsolicited inbound connections — no external device can initiate a connection to your laptop without port forwarding.
This is why your home devices are relatively safe even without a complex firewall policy. The NAT table only allows return traffic for connections your devices initiated. Want to host a server? You need to configure port forwarding to “punch a hole” through NAT.
📡
Wired vs wireless
SOHO networks typically use Cat5e/Cat6 copper for wired connections and 802.11 Wi-Fi for wireless — both terminate at the same central device.
Wired is always preferred for latency-sensitive devices (gaming PCs, NAS, video editing). Wi-Fi suffers from interference, variable throughput, and higher latency. Many SOHO networks use a mix: wired for stationary devices, wireless for mobile ones.
🌐
DHCP automatic addressing
The SOHO router acts as a DHCP server, automatically assigning IP addresses to devices that join the network.
The router assigns addresses from a pool (e.g. 192.168.1.100–200), tracks leases, and provides gateway and DNS settings. End users never need to manually configure IP addresses. Enterprise networks often use dedicated DHCP servers or DHCP relay for more control.
Feature
SOHO Network
Enterprise Network
Devices
2–20
Hundreds to tens of thousands
Switch type
Built-in (4–8 port)
Dedicated L2/L3 switches
Routing
Combined with switch & Wi-Fi
Dedicated routers or L3 switches
Redundancy
None (single device)
Redundant paths, STP, HSRP
IT management
Self-managed / none
Dedicated network engineering team
Security
NAT + basic firewall
Next-gen firewall, IDS/IPS, 802.1X
1.3.a · Physical Interface Types
Cabling: Fiber and Copper
The physical medium is the foundation of every network. The cable you choose determines maximum speed, maximum distance, and whether electrical interference is a problem. Each type solves a different problem.
Why different cable types exist
Imagine running a 1 Gbps copper cable 800 meters between two buildings. The signal degrades over distance and picks up electrical noise from nearby power lines. The cable that works beautifully for 100m in an office completely fails here. Fiber solves this: light doesn’t degrade like electrical signals, and glass doesn’t conduct interference. But fiber is expensive to terminate. So copper remains the default for in-building runs, and fiber takes over for long distances and high speeds.
Single-Mode Fiber (SMF)
Core size8–10 µm
Max distanceUp to 100+ km
Light sourceLaser
Color jacketYellow
CostHigher
Use caseWAN, campus backbone
Multimode Fiber (MMF)
Core size50 or 62.5 µm
Max distanceUp to 550m (OM3+)
Light sourceLED or VCSEL
Color jacketOrange / Aqua
CostModerate
Use caseData center, building backbone
Copper (UTP)
TypeTwisted pair (RJ-45)
Max distance100m per segment
Signal typeElectrical
Common gradesCat5e, Cat6, Cat6a
CostLowest
Use caseDesktop to switch (access layer)
Cable distance & speed selector
50m
🔴
Why SMF uses a laser
The tiny 8µm core only allows a single mode of light to propagate — this eliminates “modal dispersion” that limits multimode distance.
Modal dispersion: in MMF, light bouncing at different angles arrives at the end at slightly different times — this spreads out the pulses and corrupts the signal over long distances. SMF’s tiny core forces all light into one straight path. The tradeoff: laser light sources cost significantly more than LEDs used in MMF.
🔵
Why copper has a 100m limit
Electrical signals attenuate (weaken) over distance, and UTP picks up more crosstalk and noise the longer the run.
The 100m limit for UTP Ethernet (per segment) is defined in the 802.3 standard. Beyond 100m, signal-to-noise ratio drops below the threshold for reliable communication. Solutions: add a switch to reset the signal, use fiber instead, or use active cabling like SFP+ Direct Attach Copper (DAC) for short runs in data centers.
🟡
Cat5e vs Cat6 vs Cat6a
Higher categories reduce crosstalk and support higher frequencies — Cat6a is required for 10 Gbps over 100m.
Cat5e: up to 1 Gbps at 100m (100 MHz). Cat6: up to 10 Gbps at 55m (250 MHz). Cat6a: 10 Gbps at 100m (500 MHz). The “a” in Cat6a stands for “augmented” — thicker shielding between pairs prevents alien crosstalk at higher frequencies. For new installations, Cat6a is the recommended minimum.
⚡
PoE — power over Ethernet
Copper cables can carry both data AND electrical power. This powers IP phones, cameras, and access points without a separate power cable.
PoE (802.3af): up to 15.4W. PoE+ (802.3at): up to 30W. PoE++ (802.3bt): up to 100W. The power comes from the switch (PSE — Power Sourcing Equipment) and flows to the device (PD — Powered Device). Fiber cannot carry power — PoE is a copper-only advantage that makes copper preferable at the access layer even when fiber speeds are available.
1.3.b · Connection Types
Shared Media vs Point-to-Point
This distinction explains why modern Ethernet doesn’t need collision detection anymore — and why that matters for performance.
The problem with shared media
In the early days of Ethernet, all devices on a LAN shared one coaxial cable. If two devices tried to transmit simultaneously, their electrical signals collided and corrupted each other — like two people talking at the same time. CSMA/CD was the fix: listen before transmitting, detect collisions, and back off randomly. Modern point-to-point Ethernet (device → switch port) eliminated this problem entirely — each device gets its own dedicated wire, so there’s nothing to collide with.
Shared Media vs Point-to-Point — Interactive
📶
CSMA/CD (shared media)
Carrier Sense Multiple Access / Collision Detection: listen before transmitting, detect collisions, back off randomly, retry.
The algorithm: (1) Sense if the medium is idle. (2) If idle, transmit. (3) While transmitting, monitor for collision. (4) If collision detected, send jam signal, stop, wait a random backoff time (binary exponential backoff), then retry. On a busy network, repeated collisions waste enormous bandwidth. This is why hubs are obsolete.
🔗
Full duplex (point-to-point)
Each device has a dedicated wire to the switch — separate TX and RX pairs. Devices can transmit and receive simultaneously at full rated speed.
A 1 Gbps full-duplex link can send 1 Gbps AND receive 1 Gbps simultaneously — effective throughput of 2 Gbps. Half-duplex on a shared medium: the 1 Gbps must be shared, and collisions reduce effective throughput further. Modern Ethernet is exclusively point-to-point and full-duplex. CSMA/CD is essentially unused in practice.
🌐
Half vs full duplex on Wi-Fi
Interestingly, Wi-Fi (802.11) is still a shared medium — all devices on the same channel share bandwidth. CSMA/CA (collision avoidance) is used instead of CD.
Wi-Fi can’t detect collisions the way wired Ethernet can (the antenna can’t TX and RX simultaneously on the same frequency). So 802.11 uses CSMA/CA: devices send a small RTS (Request to Send) first, wait for a CTS (Clear to Send), then transmit. This is why Wi-Fi efficiency drops significantly with many connected devices.
🔢
Collision domains explained
A collision domain is any network segment where two devices transmitting simultaneously would cause a collision.
Hub: one giant collision domain for all ports. Switch: each port is its own collision domain — collisions on port 1 are invisible to port 2. Router: also breaks collision domains (and breaks broadcast domains too). The exam often asks: “What device breaks up collision domains?” Answer: switch (and router).
Characteristic
Shared (Hub)
Point-to-Point (Switch)
Collision domain
All ports in one
One per port
Duplex
Half-duplex only
Full-duplex
CSMA/CD needed
Yes
No (effectively)
Bandwidth sharing
All devices share total BW
Each device gets full rated speed
Still in use?
No (obsolete)
Yes (universal)
Chapter 2 · UTP Cabling
UTP Pinouts: Straight-Through & Crossover
A UTP cable has 8 wires arranged in 4 twisted pairs. Which wire connects to which pin — the “pinout” — determines whether the cable works between two specific devices. Getting this wrong means no link, even with a perfectly good cable.
Why pinouts matter
Think of it like this: a PC transmits on pins 1 & 2, and a switch expects to receive on pins 1 & 2. That works — they’re “opposite” devices. But if you connect two PCs together, both transmit on pins 1 & 2 — they’re talking over each other with nobody listening. A crossover cable fixes this by swapping the TX and RX pairs, so each device’s transmit pins connect to the other’s receive pins.
Interactive pinout explorer — click a cable type
Use straight-through when connecting unlike devices: PC → Switch, PC → Hub, Router → Switch. The TX pins of one device connect straight across to the RX pins of the other because they’re designed to be on opposite ends of a link.
When to use crossover
Use crossover when connecting like devices: PC → PC, Switch → Switch, Router → Router. Both devices transmit on the same pins — so you need the cable to swap them. Modern switches support Auto-MDIX which detects this automatically — but you still need to know this for the exam and for older hardware.
Key difference from 10/100 Mbps: Fast Ethernet only uses 2 pairs (TX and RX). Gigabit Ethernet uses all 4 pairs simultaneously in both directions, using DSP to cancel the interference. This is why Cat5e (which improves crosstalk on all 4 pairs) is the minimum standard for Gigabit, and why a crossover cable doesn’t apply the same way — Auto-MDIX handles it.
Device pairing
Cable needed (10/100 Mbps)
Auto-MDIX?
PC → Switch
Straight-through
N/A — different devices
PC → Hub
Straight-through
N/A
Router → Switch
Straight-through
N/A
PC → PC
Crossover
Resolves automatically on modern NICs
Switch → Switch
Crossover
Modern switches auto-detect
Router → Router
Crossover
Modern devices auto-detect
🔌
RJ-45 connector
The 8-position, 8-contact (8P8C) modular connector used on all UTP Ethernet cables. The “registered jack” standard defines pin numbering from left to right when holding the clip away from you.
RJ-45 is the physical connector; the wiring standard (T568A or T568B) determines which wire color goes to which pin. T568B is most common in North America. A straight-through cable uses T568B on both ends. A crossover uses T568A on one end and T568B on the other.
🔄
Auto-MDIX
Modern Ethernet interfaces automatically detect whether they need to cross TX/RX pairs — making crossover cables largely obsolete in practice.
Auto-MDIX (Automatic Medium-Dependent Interface Crossover) is required for Gigabit and above. The interface senses what’s connected and reconfigures internally. But the exam still tests your knowledge of when a crossover cable is technically needed — and older/legacy equipment doesn’t have Auto-MDIX.
📐
Why twisting the pairs matters
Each pair is twisted at a slightly different rate. This differential twisting cancels out electromagnetic interference from adjacent pairs (crosstalk).
The two wires in each pair carry equal and opposite signals. Any EMI noise induces the same voltage on both wires simultaneously — a differential receiver cancels it out (common-mode rejection). The twist rate varies per pair to prevent resonance. Untwisting too much when terminating a cable degrades this cancellation and can cause crosstalk failures, especially at higher speeds.
Chapter 2 · Data-Link Layer
Ethernet Frame & Addressing
Before any data travels on a LAN, it gets wrapped in an Ethernet frame. Understanding the frame format reveals exactly how devices find each other, how errors get caught, and how the network layer protocol is identified — all without involving IP addresses.
Why the frame structure exists
A frame is like a shipping envelope. You need: the destination address (so it gets to the right place), the return address (so the recipient can respond), the contents, and something to verify the package wasn’t damaged in transit. The Ethernet frame provides exactly these: Destination MAC, Source MAC, the data payload, and an FCS checksum — plus a Type field that tells the receiver what kind of data is inside.
Ethernet frame anatomy — click any field to inspect it
PREAMBLE
8 bytes
DEST MAC
6 bytes
SRC MAC
6 bytes
TYPE
2 bytes
DATA
46–1500 bytes
FCS
4 bytes
Click any field above to see what it contains and why it exists.
MAC address structure — 48 bits / 6 bytes
📢
Unicast vs broadcast addresses
Unicast: one specific device (normal traffic). Broadcast: FF:FF:FF:FF:FF:FF — every device on the LAN receives the frame.
Unicast frames are forwarded only to the port where the destination MAC was learned. Broadcast frames are flooded to all ports (the switch has no choice — it can’t know which device “is” the broadcast). Multicast (01:xx:xx:xx:xx:xx) is a third type — delivered to a group of subscribed devices. Broadcasts create “broadcast storms” if misconfigured, which is why VLANs and routers are used to limit broadcast domains.
🔢
EtherType field
This 2-byte field tells the receiver what protocol is in the data payload — 0x0800 = IPv4, 0x0806 = ARP, 0x86DD = IPv6.
Without EtherType, the receiving NIC would have no idea whether to pass the payload to the IPv4 stack or the IPv6 stack or ARP. It’s like a package label saying “fragile: electronics inside.” The full list is maintained by IEEE. This is why Ethernet can carry many different Layer 3 protocols on the same physical infrastructure.
🔍
FCS error detection
The Frame Check Sequence is a 4-byte CRC (Cyclic Redundancy Check) computed over the entire frame. If it doesn’t match on arrival, the frame is silently discarded.
The sender computes the CRC and appends it. The receiver recalculates the CRC from the received bits. If they differ, a bit was flipped in transit (due to EMI, cable damage, or interference). Ethernet does NOT retransmit — it just drops the frame. Upper layers (TCP) detect the loss via missing ACKs and handle retransmission. FCS only catches errors; it doesn’t correct them.
📏
Frame size limits
Minimum: 64 bytes (with header). Maximum: 1518 bytes (standard) or 9000 bytes (jumbo frames). Frames outside this range are discarded.
The minimum of 64 bytes exists because of CSMA/CD: a frame must be long enough for a collision to be detected before the sender finishes transmitting. Short frames (runts) indicate a collision happened. Jumbo frames (up to 9000 bytes) reduce overhead for large transfers but require all devices in the path to support them — typically only used within data centers.
Chapter 2 · Reference
Key Terms & Standards Reference
The CCNA exam expects you to recognize these terms fluently. Each term represents a specific concept with a precise meaning — understanding the context behind each one is what separates memorization from genuine knowledge.
How to use this section
Don’t just read these definitions — connect each term to a problem it solves. Ask: “Why does this exist? What would break without it?” That’s the framework the exam uses to test you, and it’s what makes the knowledge stick.
Ethernet standards quick reference — Table 2-2
Standard
Speed
Cable
Max distance
Also known as
10BASE-T
10 Mbps
Cat3 UTP
100m
Ethernet
100BASE-TX
100 Mbps
Cat5e UTP
100m
Fast Ethernet
100BASE-FX
100 Mbps
Multimode fiber
400m
Fast Ethernet (fiber)
1000BASE-T
1 Gbps
Cat5e UTP
100m
Gigabit Ethernet
1000BASE-SX
1 Gbps
Multimode fiber
550m
Gigabit Ethernet (MM)
1000BASE-LX
1 Gbps
Single-mode fiber
5 km
Gigabit Ethernet (SM)
10GBASE-T
10 Gbps
Cat6a UTP
100m
10 Gigabit Ethernet
10GBASE-SR
10 Gbps
Multimode fiber OM3
300m
10G (short reach)
10GBASE-LR
10 Gbps
Single-mode fiber
10 km
10G (long reach)
Key Terms — click to expand
Standard naming convention decoder
Practice · Final Assessment
Knowledge Check
10 questions covering 1.1.b, 1.2.e, 1.3.a, and 1.3.b. Each question focuses on the purpose behind the concept, not just memorized facts.