You are on page 1of 34


When you connect to the Internet, you might connect

through a regular modem, through a local-area network
connection in your office, through a cable modem or
through a digital subscriber line (DSL) connection. DSL
is a very high-speed connection that uses the same wires as
a regular telephone line.
To understand DSL, following things must be known
about a normal telephone line -- the kind that telephone
professionals call POTS, for Plain Old Telephone Service.
One of the ways that POTS makes the most of the
telephone company's wires and equipment is by limiting
the frequencies that the switches, telephones and other
equipment will carry. Human voices, speaking in normal
conversational tones, can be carried in a frequency range of
0 to 3,400 Hertz. This range of frequencies is tiny. For
example, compare this to the range of most stereo speakers,
which cover from roughly 20 Hertz to 20,000 Hertz. And
the wires themselves have the potential to handle
frequencies up to several million Hertz in most cases. The
use of such a small portion of the wire's total bandwidth is
historical -- remember that the telephone system has been
in place, using a pair of copper wires to each home, for
about a century. By limiting the frequencies carried over
the lines, the telephone system can pack lots of wires into a
very small space without worrying about interference
between lines. Modern equipment that sends digital rather
than analog data can safely use much more of the telephone
line's capacity. DSL does just that. At the customer's
location there is a DSL transceiver, which may also
provide other services. The DSL service provider has a
DSL Access Multiplexer (DSLAM) to receive customer
DSL Transceiver
Most residential customers call their DSL transceiver a
"DSL modem." The engineers at the telephone company or
ISP call it an ATU-R. Regardless of what it's called, it's the
point where data from the user's computer or network is
connected to the DSL line. The transceiver can connect to a
customer's equipment in several ways, though most
residential installation uses USB or 10 base-T Ethernet
connections. While most of the ADSL transceivers sold by
ISPs and telephone companies are simply transceivers, the
devices used by businesses may combine network routers,
network switches or other networking equipment in the
same platform.

The DSLAM at the access provider is the equipment that
really allows DSL to happen. A DSLAM takes connections
from many customers and aggregates them onto a single,
high-capacity connection to the Internet. DSLAMs are
generally flexible and able to support multiple types of
DSL in a single central office, and different varieties of
protocol and modulation in the same type of DSL. In
addition, the DSLAM may provide additional functions
including routing or dynamic IP address assignment for the
The DSLAM provides one of the main differences between
user service through ADSL and through cable modems.
Because cable-modem users generally share a network loop
that runs through a neighborhood, adding users means
lowering performance in many instances. ADSL provides a
dedicated connection from each user back to the DSLAM,
meaning that users won't see a performance decrease as
new users are added -- until the total number of users
begins to saturate the single, high-speed connection to the
Internet. At that point, an upgrade by the service provider
can provide additional performance for all the users
connected to the DSLAM.
The copper wires have lots of room for carrying more than
your phone conversations -- they are capable of handling a
much greater bandwidth, or range of frequencies, than that
demanded for voice. DSL exploits this "extra capacity" to
carry information on the wire without disturbing the line's
ability to carry conversations. The entire plan is based on
matching particular frequencies to specific tasks.

Wireless communications obviously provide potential

security issues, as an intruder does not need physical access
to the traditional wired network in order to gain access to
data communications. However, 802.11 wireless
communications cannot be received --much less decoded--
by simple scanners, short wave receivers etc. This has led
to the common misconception that wireless
communications cannot be eavesdropped at all. However,
eavesdropping is possible using specialist equipment.
To protect against any potential security issues, 802.11
wireless communications have a function called WEP
(Wired Equivalent Privacy), a form of encryption which
provides privacy comparable to that of a traditional wired
network. If the wireless network has information that
should be secure then WEP should be used, ensuring the
data is protected at traditional wired network levels.
Also it should be noted that traditional Virtual Private
Networking (VPN) techniques will work over wireless
networks in the same way as traditional wired networks.

Advantages of DSL:
• Internet connection can be left open and still the phone
line can be used for voice calls.
• The speed is much higher than a regular modem (1.5
Mbps vs. 56 Kbps)
• DSL doesn't necessarily require new wiring; it can use
the existing phone line.
• The company that offers DSL will usually provide the
modem as part of the installation.

Disadvantages of DSL:
• A DSL connection works better when the user is
closer to the provider's central office.
• The connection is faster for receiving data than it is for
sending data over the Internet.

• Digital - means a line able to carry data traffic in its

original form, as opposed to analogue (see below)
• Subscriber Line - the line connecting the individual
subscriber (eg a household) to the local exchange
• Analogue - the phone lines we have used for voice
phone calls until today have been analogue lines and
we have used MoDems (Modulator-Demodulator) to
convert the digital output of the computer to analogue
form for transmission and back into digital form at the
other end for use by the computer. The performance of
conventional modems and analogue lines has
restricted bandwidth - the speeds at which computers
can be connected across the phone network and the
capacity of the networks to handle traffic.
The use of digital lines makes transmission of computer
information faster and more reliable. It also allows much
faster connect and disconnect, eliminating the slow process
required for modems to establish a connection and start
handling traffic. Over time its expected that all future
telephony will be digital
The cables connecting most households to the phone
network are mainly simple twisted pair copper wires, which
have only been able to carry analogue traffic. Modem
speeds have gradually increased through the use of various
compression and other techniques,but at today's fastest (56
kilobits per second (kbps) they are approaching the
theoretical limit for this technology.
DSL technology enables much higher speeds across the
twisted pair lines from the exchange to the home. Speeds
up to 2 Megabits per second are readily achievable - 30 or
more times faster than today's fastest modems. This means
that consumers and teleworkers can use applications that
need these higher speeds even if their town or village
doesn't have new, high performance cable networks. DSL
has its own kind of "modems". Also, the technology allows
the network to manage traffic rather than allocating
complete end-to-end circuits, so that from the user
perspective it can appear that the data connection is
"always on". xDSL deployment to homes will make it
easier for Internet connections can be sold on a fixed rate
"per month" basis rather than per minute, encouraging
wider and more intensive use of Internet, e-commerce,
teleworking etc. The various flavors of xDSL are:
• Asymmetric DSL (ADSL) - It is called "asymmetric"
because the download speed is greater than the upload
speed. ADSL works this way because most Internet
users look at, or download, much more information
than they send, or upload.
• High bit-rate DSL (HDSL) - Providing transfer rates
comparable to a T1 line (about 1.5 Mbps), HDSL
receives and sends data at the same speed, but it
requires two lines that are separate from your normal
phone line.
• ISDN DSL (ISDL) - Geared primarily toward existing
users of Integrated Services Digital Network (ISDN),
ISDL is slower than most other forms of DSL,
operating at fixed rate of 144 Kbps in both directions.
The advantage for ISDN customers is that they can
use their existing equipment, but the actual speed gain
is typically only 16 Kbps (ISDN runs at 128 Kbps).
• Multirate Symmetric DSL (MSDSL) - This is
Symmetric DSL that is capable of more than one
transfer rate. The transfer rate is set by the service
provider, typically based on the service (price) level.
• Rate Adaptive DSL (RADSL) - This is a popular
variation of ADSL that allows the modem to adjust the
speed of the connection depending on the length and
quality of the line.
• Symmetric DSL (SDSL or SHDSL) - Like HDSL,
this version receives and sends data at the same speed.
While SDSL also requires a separate line from your
phone, it uses only a single line instead of the two
used by HDSL.
• Very high bit-rate DSL (VDSL) - An extremely fast
connection, VDSL is asymmetric, but only works over
a short distance using standard copper phone wiring.
• Voice-over DSL (VoDSL) - A type of IP telephony,
VoDSL allows multiple phone lines to be combined
into a single phone line that also includes data-
transmission capabilities.
The chart below provides a comparison of the various DSL
Maximum Maximum
DSL Send Receive Maximum Lines Phone
Type Speed Speed Distance Required Support
18,000 ft
ADSL 1 Mbps 8 Mbps 1 Yes
(5,500 m)
1.54 1.54 12,000 ft
Mbps Mbps (3,650 m)
35,000 ft
IDSL 144 Kbps 144 Kbps (10,700 1 No
29,000 ft
MSDSL 2 Mbps 2 Mbps 1 No
(8,800 m)
18,000 ft
RADSL 7 Mbps 1 Mbps 1 Yes
(5,500 m)
22,000 ft
SDSL 2.3 Mbps 2.3 Mbps 1 No
(6,700 m)
4,000 ft
VDSL 52 Mbps 16 Mbps 1 Yes
(1,200 m)

ADSL - Asymmetric Digital Subscriber Line

Asymmetric means that a higher speed is available from the

exchange to the user (downstream) and a slower speed
from the user to the exchange (upstream) . For example the
user can download web pages or videos at high speed, but
can only send at a significantly lower speed. Capability
varies with distance - up to 9 Mbps downstream can be
supported up to one mile from an exchange and 2 Mbps up
to three miles. 64 kbps is the usual upstream speed. ADSL
can operate in parallel with conventional analogue voice
telephony over the same line. It is ideal for web

SHDSL - High speed Digital Subscriber Line

This has been in use for some years in some countries to

provide broad band facilities to business premises (leased
line) i.e. data is transmitted over single copper pair.,
providing 2 .3 Mbps as upstream and downstream speed
across up to 7.1 km of distance. It does not support voice.

VDSL - Very high speed Digital Subscriber Line

VDSL is a new technology not expected to be in use in

public networks for some years. Its expected to provide
speeds as high as 52 Mbps downstream and between 1.5
and 2.3 Mbps upstream, but over shorter distances than
ADSL - 1.3 km at 13 Mbps and 0.3 km at 52 Mps. Note
that by deploying higher performance lines from exchanges
to street cabinets, these speeds could be delivered to more
Circuit Switching WANs

Integrated Services Digital Network (ISDN) is digital

service that is designed to run over existing telephone
networks. ISDN can support both data and voice—a
telecommuter’s dream. But ISDN applications require

Typical ISDN applications and implementations include

high-speed image applications
high-speed file transfer, videoconferencing, and multiple
links into homes of telecommuters. ISDN is actually a set
of communication protocols proposed by telephone
companies that allows them to carry a group of digital
services that simultaneously convey data, text, voice,
music, graphics, and video to end users; it was designed to
achieve this over the telephone systems already in place.
ISDN is referenced by the OSI model’s Physical, Data
Link, and Network layers. The ISDN standards define the
hardware and call-setup schemes for end-to-end digital
connectivity. PPP is typically used with ISDN to provide
data encapsulation, link integrity, and authentication.

These are the benefits of ISDN:

 It can carry voice, video, and data
 Call setup is faster than with a modem.
 Data rates are faster than on a modem connection
 Full-time connectivity across the ISDN is
spoofed by the Cisco IOS routers using dial-on-
demand routing (DDR).
 Small office and home office sites can be
economically supported with ISDN Basic Rate
Interface (BRI) services.
 ISDN can be used as a backup service for a
leased-line connection between the remote and
central offices.

Basic Rate Interface (BRI)

ISDN BRI service, also known as 2B+1D, provides two B
channels and one D channel. The BRI B-channel service
operates at 64Kbps and carries data, whereas the BRI D-
channel service operates at 16Kbps and usually carries
control and signaling information. The total bandwidth for
ISDN BRI is then 144k (64 + 64 + 16 = 144).

Primary Rate Interface (PRI)

In North America and Japan, the ISDN PRI service (also
known as 23B+D1) delivers 23 64Kbps B channels and one
64Kbps D channel, for a total bit rate of up to 1.544Mbps.
In Europe, Australia, and other parts of the world, ISDN
provides 30 64Kbps B channels and one 64Kbps D
channel, for a total bit rate of up to 2.048Mbps.
Packet Switched WANs

The Packet Switched WAN appeared in the 1960's, and

defined the basis for all communication networks today.
The principle in Packet Switched Data Network (PSDN) is
that the data between the nodes is transferred in small
packets. This principle enables the PSDN to allow one node
to be connected to more than one other node through one
physical connection. That way, a fully connected network,
between several nodes, can be obtained by connecting each
node to one physical link, as shown in the figure below.
Another advantage for Packet Switching was the efficient
use of resources by sharing the Network bandwidth among
the users (instead of dividing).

The first communication Packet Switched Networks were

based on the X.25 packet switching protocol. X.25
networks became the de facto standard for non permanent
data communication and was adopted by most PTT's.X.25
networks enabled cheaper communication, since their tariff
was based on the communication time and the amount of
data transferred. X.25 networks used the PTT's
transmission networks more efficiently since the bandwidth
was released at the end of the connection, or when no data
was transmitted. Another advantage of X.25 was that it
allowed easy implementation of international connections
enabling organizations to be connected to data centers and
services throughout the world. By the 1980's, X.25
networks were the main international channel for
commercial data communication.
As the popularity of the Internet grew, businesses turned to
it as a means of extending their own networks. First came
intranets, which are password-protected sites designed for
use only by company employees. Now, many companies
are creating their own VPNs (Virtual Private Networks)
to accommodate the needs of remote employees and distant
offices. Basically, a VPN is a private network that uses a
public network (usually the Internet) to connect remote
sites or users together. Instead of using a dedicated, real-
world connection such as leased line, a VPN uses "virtual"
connections routed through the Internet from the company's
private network to the remote site or employee.
There are basically two types of VPNs :
• Remote-Access: Also called a Virtual Private Dial-
up Network (VPDN), this is a User-to-LAN
connection used by a company that has employees
who need to connect to the private network from
various remote locations. Typically, a corporation that
wishes to set up a large Remote-Access VPN will
outsource to an Enterprise Service Provider (ESP).
The ESP sets up a Network Access Server (NAS) and
provides the remote users with desktop client software
for their computers. The telecommuters can then dial a
1-800 number to reach the NAS and use their VPN
client software to access the corporate network. A
good example of a company that needs a Remote-
Access VPN would be a large firm with hundreds of
sales people in the field. Remote-Access VPNs permit
secure, encrypted connections between a company's
private network and remote users through a third-party
service provider.
• Site-to-Site: Through the use of dedicated equipment
and large-scale encryption, a company can connect
multiple fixed sites over a public network such as the
Internet. Site-to-Site VPNs can be either:
o Intranet-based: If a company has one or
more remote locations that they wish to join
in a single private network, they can create
an intranet VPN to connect LAN to LAN.
o Extranet-based: When a company has a
close relationship with another company (for
example, a partner, supplier or customer),
they can build an extranet VPN that
connects LAN to LAN, and that allows all
of the various companies to work in a shared
VPN security
Each remote member of your network can communicate in
a secure and reliable manner using the Internet as the
medium to connect to the private LAN. A VPN can grow to
accommodate more users and different locations much
easier than a leased line. In fact, scalability is a major
advantage that VPNs have over typical leased lines. Unlike
leased lines where the cost increases in proportion to the
distances involved, the geographic locations of each office
matter little in the creation of a VPN.
• Firewalls - A firewall provides a strong barrier
between your private network and the Internet.
Firewalls can be set to restrict the number of open
ports, what type of packets are passed through and
which protocols are allowed through. Some VPN
products, can be upgraded to include firewall
capabilities by running the appropriate IOS on them.
A good firewall should be available in place before
implementing a VPN, but a firewall can also be used
to terminate the VPN sessions.
• Encryption - This is the process of taking all the data
that one computer is sending to another and encoding
it into a form that only the other computer will be able
to decode. Most computer encryption systems belong
in one of two categories:
o Symmetric-key encryption

o Public-key encryption

In symmetric-key encryption, each computer has a secret

key (code) that it can use to encrypt a packet of information
before it is sent over the network to another computer.
Symmetric-key requires that you know which computers
will be talking to each other so you can install the key on
each one. Symmetric-key encryption is essentially the same
as a secret code that each of the two computers must know
in order to decode the information. The code provides the
key to decoding the message. Think of it like this: You
create a coded message to send to a friend in which each
letter is substituted with the letter that is two down from it
in the alphabet. So "A" becomes "C," and "B" becomes
"D". You have already told a trusted friend that the code is
"Shift by 2". Your friend gets the message and decodes it.
Anyone else who sees the message will see only nonsense.
Public-key encryption uses a combination of a private key
and a public key. The private key is known only to your
computer, while the public key is given by your computer
to any computer that wants to communicate securely with
it. To decode an encrypted message, a computer must use
the public key, provided by the originating computer, and
its own private key. A very popular public-key encryption
utility is called Pretty Good Privacy (PGP), which allows
you to encrypt almost anything.
The Host-to-Host Layer Protocols

The main purpose of the Host-to-Host layer is to shield the

upper-layer applications from the
complexities of the network.

The following are the two main protocols at this layer:

o Transmission Control Protocol (TCP)

o User Datagram Protocol (UDP)

Transmission Control Protocol (TCP)

TCP takes large blocks of information from an application

and breaks them into segments. It
numbers and sequences each segment so that the
destination’s TCP can put the segments back
into the order that the application intended. After these
segments are sent, TCP (on the transmitting host) waits for
an acknowledgment of the receiving end’s TCP virtual
circuit session, retransmitting those that aren’t
Before a transmitting host starts to send segments down the
model, the sender’s TCP contacts
the destination’s TCP to establish a connection. What is
created is known as a virtual circuit.
This type of communication is called connection-oriented.
During this initial handshake, the
two TCP layers also agree on the amount of information
that’s going to be sent before the recipient’s TCP sends
back an acknowledgment. With everything agreed upon in
advance, the path is paved for reliable communication to
take place.
TCP is a full-duplex, connection-oriented, reliable, and
accurate protocol, but establishing
all these terms and conditions, in addition to error
checking, is no small task. TCP is very complicated and,
not surprisingly, costly in terms of network overhead. And
since today’s networks are much more reliable than those
of yore, this added reliability is often unnecessary.

User Datagram Protocol (UDP)

If UDP is compared with TCP, then it will be observed

that UDP is basically the scaled-down economy model
that’s sometimes referred to as a thin protocol. A thin
protocol doesn’t take up much bandwidth on a network.
UDP doesn’t offer all the bells and whistles of TCP, but it
does do a fabulous job of transporting information that
doesn’t require reliable delivery—and it does so using far
fewer network resources.
There are some situations where it would definitely be wise
for developers to opt for UDP
rather than TCP.

SNMP monitors the network, sending intermittent

messages and a fairly steady flow of status
updates and alerts, especially when it is running on a large
network. The cost in overhead to
establish, maintain, and close a TCP connection for each
one of those little messages would
reduce what would be an otherwise healthy, efficient
network to a dammed-up bog in no time.

Another circumstance calling for UDP over TCP is when

reliability is already handled at the
Process/Application layer. NFS handles its own reliability
issues, making the use of TCP both
impractical and redundant. But ultimately, it’s up to the
application developer who decides
whether to use UDP or TCP, not the user who wants to
transfer data faster.
UDP does not sequence the segments and does not care in
which order the segments arrive
at the destination. But after that, UDP sends the segments
off and forgets about them. It
doesn’t follow through, check up on them, or even allow
for an acknowledgment of safe
arrival—complete abandonment. Because of this, it’s
referred to as an unreliable protocol.
This does not mean that UDP is ineffective, only that it
doesn’t handle issues of reliability.
Further, UDP doesn’t create a virtual circuit, nor does it
contact the destination before delivering information to it.
Because of this, it’s also considered a connectionless
protocol. Since UDP assumes that the application will use
its own reliability method, it doesn’t use any. This gives an
application developer a choice when running the IP stack:
they can choose TCP for reliability or UDP for faster

The Internet Layer Protocols

In the DoD model, there are two main reasons for the
Internet layer’s existence: routing, and
providing a single network interface to the upper layers.
None of the other upper- or lower-layer protocols have any
functions relating to routing—
that complex and important task belongs entirely to the
Internet layer. The Internet layer’s second duty is to
provide a single network interface to the upper-layer
protocols. Without this layer, application programmers
would need to write “hooks” into every one of their
applications for each different Network Access protocol.
This would not only be a pain in the neck, but it would lead
to different versions of each application—one for Ethernet,
another one for Token Ring, and so on. To prevent this, IP
provides one single network interface for the upper-layer
protocols. That accomplished, it’s then the job of IP and the
various Network Access protocols to get along and work
together. All network roads don’t lead to Rome—they lead
to IP. And all the other protocols at this layer, as well as all
those in the upper layers, use it. Never forget that. Let me
say it again: all paths through the DoD model go through
The following are the protocols at the Internet layer:
o Internet Protocol (IP)
o Internet Control Message Protocol (ICMP)
o Address Resolution Protocol (ARP)
o Reverse Address Resolution Protocol (RARP)

Internet Protocol (IP)

IP essentially is the Internet layer. The other protocols

found here merely exist to support it. IP
holds the big picture and could be said to “see all,” in that
it’s aware of all the interconnected
networks. It has this ability because all the machines on the
network have a software, or logical, address called an IP
IP looks at each packet’s address. Then, using a routing
table, it decides where a packet is to
be sent next, choosing the best path. The protocols of the
Network Access layer at the bottom
of the DoD model don’t possess IP’s enlightened scope of
the entire network; they deal only with physical links (local
IP receives segments from the Host-to-Host layer and
fragments them into datagrams (packets)
if necessary. IP then reassembles datagrams back into
segments on the receiving side. Each
datagram is assigned the IP address of the sender and of the
recipient. Each router (Layer 3
device) that receives a datagram makes routing decisions
based on the packet’s destination IP

An IP address is a numeric identifier that is assigned to

each machine on an IP network, and it designates the
specific location of a device on that network. An IP address
is a software address, not a hardware address—the latter is
hardcoded on a network interface card (NIC) and is used
for finding hosts on a local network. IP addressing was
designed to allow a host on one network to communicate
with a host on a different network, regardless of the type of
LANs the hosts are articipating in.

IP Terminology

The following are several important terms vital to your

understanding of the Internet Protocol (IP):

A bit is one digit; either a 1 or a 0.

A byte is 7 or 8 bits, depending on whether parity is used.
For the rest of this section,
always assume a byte is 8 bits.

An octet, made up of 8 bits, is just an ordinary 8-bit binary
number. In this chapter, the
Terms byte and octet are completely interchangeable.

Network address
The network address is the designation used in routing to
send packets to a
remote network—for example,,, and

Broadcast address
This type of address is used by applications and hosts to
send information
to all nodes on a network. Examples include, which is all networks, all nodes;, which is all subnets and hosts on network; and, which broadcasts to all
subnets and hosts on network

The Hierarchical IP Addressing Scheme

An IP address consists of 32 bits of information. These bits

are divided into four sections,
referred to as octets or bytes, and each contains 1 byte (8
bits). IP address can be depicted by using one of three

• Dotted-decimal, as in
• Binary, as in
• Hexadecimal (hex for short), as in AC.10.1E.38
All these examples represent the same IP address. Hex isn’t
used as often as dotted-decimal or binary when IP
addressing is being discussed, But sometimes an IP address
is stored in hex in some programs. The Windows Registry
is a good example of a program that stores a machine’s IP
address in hex.

The 32-bit IP address is a structured or hierarchical address,

as opposed to a flat or nonhierarchical address. Although
either type of addressing scheme can be used, it is
advisable to use hierarchical addressing. The advantage of
using a hierarchical address is that it can handle a large
number of addresses, namely 4.3 billion (a 32-bit address
space with two possible values for each position—either 0
or 1—gives 232, or 4,294,967,296).

The disadvantage of the flat addressing scheme and the

reason it’s not used for IP addressing relates to routing. If
every address were unique, all routers on the Internet would
need to store the address of every machine on the Internet.
This would make efficient routing impossible, even if only
a fraction of the possible addresses were used.This problem
can be solved by using a two- or three-level hierarchical
addressing scheme that is structured by network and host,
or network, subnet, and host.
This two- or three-level scheme is comparable to a
telephone number. In a phone number,
the first section, the area code, designates a very large area.
The second section, the prefix,
narrows the scope to a local calling area. The final segment,
the customer number, zooms in on the specific connection.
IP addresses use the same type of layered structure. Rather
than all 32 bits being treated as a unique identifier, as
would be the case in flat addressing, a part of the address is
designated as the network address, and the other part is
designated as either the subnet and host, or just the host
Network Addressing

The network address(also called network number )

uniquely identifies each network. Every machine on the
same network shares that network address as part of its IP
address. In the IP address, for example,
172.16 is the network address.

The node address is assigned to, and uniquely identifies,

each machine on a network. This
part of the address must be unique because it identifies a
particular machine—an individual—as opposed to a
network, which is a group. This number can also be
referred to as a host address . In the sample IP address, 30.56 is the node address.

The designers of the Internet decided to create classes of

networks based on network size. For the small number of
networks that possess a very large number of nodes, they
created the Class A network. At the other extreme is the
Class C network, which is reserved for the numerous
networks with a small number of nodes. The class
distinction for networks between very large and very small
is predictably called the Class B network.
How an IP address should be subdivided into a network and
node address is determined by
the class designation of the network.

Summary of the three classes of networks

To ensure efficient routing, Internet designers defined a

mandate for the leading-bits section of the address for each
different network class. For example, since a router knows
that a Class A network address always starts with a 0, the
router might be able to speed a packet on its way after
reading only the first bit of its address. This is where the
address schemes define the difference between a Class A,
Class B, and Class C address.
Routers and Layer 3 Switching: While most switches
operate at the Data layer (Layer 2) of the OSI Reference
Model, some incorporate features of a router, and operate at
the Network layer (Layer 3) as well. In fact, a Layer 3
switch is incredibly similar to a router.
When a router receives a packet, it looks at the Layer 3
(Network Layer) source and destination addresses to
determine the path the packet should take. A standard
switch relies on the MAC addresses to determine the source
and destination of a packet, which is Layer 2 (Data)
The fundamental difference between a router and a Layer 3
switch is that Layer 3 switches have optimized hardware to
pass data as fast as Layer 2 switches, yet they make
decisions on how to transmit traffic at Layer 3, just like a
router. Within the LAN environment, a Layer 3 switch is
usually faster than a router because it is built on switching
hardware. In fact, many of Cisco's Layer 3 switches are
actually routers that operate faster because they are built on
"switching" hardware with customized chips inside the box.
The pattern matching and caching on Layer 3 switches is
similar to the pattern matching and caching on a router.
Both use a routing protocol and routing table to determine
the best path. However, a Layer 3 switch has the ability to
reprogram the hardware dynamically with the current Layer
3 routing information. This is what allows much faster
packet processing.
On current Layer 3 switches, like the Cisco Catalyst 6000,
the information received from the routing protocols is used
to update the hardware caching tables. The 6000 is a great
way to connect to the Internet because it has WAN cards;
but, based on traffic flow and budget, simple routers of
varying sizes are usually fine for Internet connections.
VLANs: As networks have grown in size and complexity,
many companies have turned to Virtual Local Area
Networks (VLANs) to provide some way of structuring this
growth logically. Basically, a VLAN is a collection of
nodes that are grouped together in a single broadcast
domain that is based on something other than physical
location. You learned about broadcasts earlier, and how a
router does not pass along broadcasts. A broadcast domain
is a network (or portion of a network) that will receive a
broadcast packet from any node located within that
network. In a typical network, everything on the same side
of the router is all part of the same broadcast domain. A
switch that you have implemented VLANs on has multiple
broadcast domains, similar to a router. But you still need a
router to route from one VLAN to another; the switch can't
do this by itself.
Here are some common reasons why a company might
have VLANs:
• Security - Separating systems with sensitive data from
the rest of the network decreases the chance that
someone will gain access to information they are not
authorized to see.
• Projects/Special applications - Managing a project or
working with a specialized application can be
simplified by the use of a VLAN that brings all of the
required nodes together.
• Performance/Bandwidth - Careful monitoring of
network use allows the network administrator to create
VLANs that reduce the number of router hops and
increase the apparent bandwidth for network users.
• Broadcasts/Traffic flow - Since a principle element
of a VLAN is the fact that it does not pass broadcast
traffic to nodes that are not part of the VLAN, it
automatically reduces broadcasts. Access lists provide
the network administrator with a way to control who
sees what network traffic. An access list is a table the
network administrator creates that lists what addresses
have access to that network.
• Departments/Specific job types - Companies may
want VLANs set up for departments that are heavy
network users (such as Multimedia or Engineering), or
a VLAN across departments that is dedicated to
specific types of employees (such as managers or sales
You can create a VLAN using most switches simply by
logging into the switch via Telnet and entering the
parameters for the VLAN (name, domain and port
assignments). After you have created the VLAN, any
network segments connected to the assigned ports will
become part of that VLAN.
While you can have more than one VLAN on a switch, they
cannot communicate directly with one another on that
switch. If they could, it would defeat the purpose of having
a VLAN, which is to isolate a part of the network.
Communication between VLANs requires the use of a
VLAN is basically a LAN within a LAN and it is used to
avoid any physical connectivity. There are three types of

Port based VLAN

Application based VLAN
Protocol based VLAN
VLANs can span across multiple switches and you can
have more than one VLAN on each switch. For multiple
VLANs on multiple switches to be able to communicate via
a single link between the switches, you must use a process
called trunking ; trunking is the technology that allows
information from multiple VLANs to be carried over just
one link between switches.
The VLAN Trunking Protocol (VTP) is the protocol that
switches use to communicate among themselves about
VLAN configuration.
In the image above, each switch has two VLANs. On the
first switch, VLAN A and VLAN B are sent through a
single port (trunked) to the router and through another port
to the second switch. VLAN C and VLAN D are trunked
from the second switch to the first switch, and through the
first switch to the router. This trunk can carry traffic from
all four VLANs. The trunk link from the first switch to the
router can also carry all four VLANs. In fact, this one
connection to the router allows the router to appear on all
four VLANs, as if it had four, different, physical ports
connected to the switch.
The VLANs can communicate with each other via the
trunking connection between the two switches using the
router. For example, data from a computer on VLAN A that
needs to get to a computer on VLAN B (or VLAN C or
VLAN D) must travel from the switch to the router and
back again to the switch. Because of the transparent
bridging algorithm and trunking, both PCs and the router
think that they are on the same physical segment!