LAN Connection Devices 219
the geographical area past what a single LAN can support, as shown in Figure 4-32.
The devices that are used to connect network segments together include bridges, switches,
routers, and gateways. Switches and bridges operate at the data link layer of the OSI
model. The function of the bridge is to make intelligent decisions about whether or not
to pass signals on to the next segment of a network. Bridges can also be used to connect
dissimilar protocols and media as with wireless bridges interconnecting Ethernet LANs
in a metropolitan area.
Figure 4-32 Bridges Segmenting a Network
When a bridge receives a frame on the network, the destination MAC address is
looked up in the bridge table to determine whether to filter, flood, or copy the frame
onto another segment. This decision process occurs as follows:
■ If the destination device is on the same segment as the frame, the bridge blocks
the frame from going on to other segments, as shown in Figure 4-33. This pro-
cess is known as filtering.
■ If the destination device is on a different segment, the bridge forwards the frame
to the appropriate segment, as shown in Figure 4-34.
chpt_04.fm Page 219 Tuesday, May 27, 2003 9:01 AM
220 Chapter 4: Cable Testing and Cabling LANs and WANs
Figure 4-33 Bridges Segmenting a Network: Filtering
Figure 4-34 Bridges Segmenting a Network: Forwarding
B XX Hh O
U
A Rk
F
L
Ct
Q V Bh
Xc
FO
L

B
Ct XX
Hh
OU
B
A
XX Rk
Hh
FQ
L
V
Ct Bh
Xc
In this example, a data packet originates from Computer V and its destination is Computer Xc.
The packet reaches its final destination and is not broadcast to other segments of the network.
B XX Hh O
U
A Rk
F
L
Ct
Q V Bh
Xc
FO
L
B
Ct XX
Hh
OU
B

A
XX Rk
Hh
FQ
L
V
Ct Bh
Xc
In this example, a data packet originates from Computer V and its destination is Computer Hh.
The bridge checks its table to determine whether or not to allow the signal to continue to other
segments of the network.
chpt_04.fm Page 220 Tuesday, May 27, 2003 9:01 AM
LAN Connection Devices 221
■ If the destination address is unknown to the bridge, the bridge forwards the
frame to all segments except the one on which it was received. This process is
known as flooding.
If placed strategically, a bridge greatly improves network performance.
Switches
A switch is sometimes described as a multiport bridge. While a typical bridge might
have just two ports (linking two network segments), the switch can have multiple ports
depending on how many network segments are to be linked. Like bridges, switches learn
certain information about the data packets that they receive from various computers
on the network. They use this information to build forwarding tables to determine the
destination of data being sent by one computer to another computer on the network as
demonstrated in Figure 4-35.
Figure 4-35 Switching Table
Although some similarities exist between the two, a switch is a more sophisticated
device than a bridge. A bridge determines whether the frame is forwarded to the other
network segment based on the destination MAC address. A switch has many ports
with many network segments connected to them. A switch chooses the port to which

the destination device or workstation is connected. Ethernet switches are becoming
popular connectivity solutions because, like bridges, they improve network performance
(speed and bandwidth).
Switching is a technology that alleviates congestion in Ethernet LANs by reducing traf-
fic and increasing bandwidth. Switches often replace shared hubs because they work
with existing cable infrastructures, which improves performance with a minimum of
intrusion into an existing network.
chpt_04.fm Page 221 Tuesday, May 27, 2003 9:01 AM
222 Chapter 4: Cable Testing and Cabling LANs and WANs
Today, in data communications, all switching equipment performs two basic operations:
■ Switching data frames—The process by which a frame is received on an input
medium and then transmitted to an output medium.
■ Maintenance of switching operations—Switches build and maintain switching
tables and search for loops.
Switches operate at much higher speeds than bridges and can support other functional-
ity, such as virtual LANs.
An Ethernet switch has many benefits, such as allowing many users to communicate in
parallel through the use of virtual circuits and dedicated network segments in a virtually
collision-free environment, as shown in Figure 4-36. This arrangement maximizes the
bandwidth available on the shared medium. Another benefit is that moving to a switched
LAN environment is very cost effective because existing hardware and cabling can be
reused.
Figure 4-36 Microsegmentation of the Network via Switches
Wireless Networking Media
A wireless network is an alternative method for connecting a LAN. You don’t need
to run any cables, and you can easily move computers. Wireless networks use radio
frequency (RF), laser, infrared (IR), or satellite/microwaves to carry signals from one
Lab Activity LAN Switches Purchase
In this lab, you are introduced to the variety and prices of network compo-
nents out in the market. This lab looks specifically at Ethernet switches and

NICs.
chpt_04.fm Page 222 Tuesday, May 27, 2003 9:01 AM
LAN Connection Devices 223
computer to another without a permanent cable connection. Wireless signals are elec-
tromagnetic waves that travel through the air. No physical medium is necessary for
wireless signals, making them a very versatile way to build a network.
A common application of wireless data communication is for mobile use. Some examples
of mobile use include commuters, airplanes, satellites, remote space probes, space
shuttles, and space stations.
At the core of wireless communication are devices called transmitters and receivers.
The source interacts with the transmitter that converts data to electromagnetic (EM)
waves that are then received by the receiver. The receiver then converts these electro-
magnetic waves back into data for the destination. For two-way communication, each
device requires a transmitter and a receiver. Many networking device manufacturers
build the transmitter and receiver into a single unit called a transceiver or wireless net-
work card. All devices in wireless LANs (WLANs) must have the appropriate wireless
network card installed.
The two most common wireless technologies used for networking are infrared (IR)
and radio frequency (RF). IR technology has its weaknesses. Workstations and digital
devices must be in the line of sight of the transmitter to operate. An IR-based network
suits environments where all the digital devices that require network connectivity are
in one room. IR networking technology can be installed quickly, but the data signals
can be weakened or obstructed by people walking across the room or by moisture in
the air. However, new IR technologies that can work out of sight are being developed.
RF technology allows devices to be in different rooms or even buildings. The limited
range of the radio signals still restricts the use of this kind of network. RF technology can
be on single or multiple frequencies. A single radio frequency is subject to outside inter-
ference and geographic obstructions. Furthermore, a single frequency is easily monitored
by others, which makes the transmissions of data insecure. Spread spectrum avoids the
problem of insecure data transmission by using multiple frequencies to increase the

immunity to noise and to make it difficult for outsiders to intercept data transmissions.
Security in the Wireless Environment
The exponential growth of networking, including wireless technologies, has led to
increased security risks. Increasing the security means increasing the time spent manag-
ing the system.
The first level of security in a wireless LAN consists of protecting the radio frequency
waveform itself. Wireless access points radiate radio waves over a large area that
is not contained in a physical building, which makes the radio waves accessible to
eavesdroppers and thus increases vulnerability. The radio waves of wireless bridges are
chpt_04.fm Page 223 Tuesday, May 27, 2003 9:01 AM
224 Chapter 4: Cable Testing and Cabling LANs and WANs
concentrated in a beam. An eavesdropper must get into the beam path to intercept the
communication. Therefore, wireless access points usually require better security than
wireless bridges.
If you think someone might eavesdrop on your LAN radio links, encryption is the key.
The following sections discuss two wireless security approaches: wired equivalent
privacy (WEP) and IEEE 802.1X or Extensible Authentication Protocol (EAP).
WEP
WEP is the first step in addressing customer security concerns. WEP is a security mech-
anism, defined within the 802.11 standard, that is designed to protect the over-the-air
transmission between wireless LAN access points and NICs. The IEEE 802.11b requires
40-bit encryption keys. However, many vendors, such as Cisco, support the optional
128-bit standard.
The main goals of WEP are
■ Deny access to the network by unauthorized users who do not possess the appro-
priate WEP key
■ Prevent the decoding of captured WLAN traffic that is WEP-encrypted without
the possession of the WEP key
WEP uses the RC4 stream cipher that was invented by Ron Rivest of RSA Data Secu-
rity, Inc., (RSADSI) for encryption. The RC4 encryption algorithm is a symmetric-stream

cipher that supports a variable-length key. A symmetric cipher uses the same key for
both encryption and decryption. The key is the one piece of information that must be
shared by both the encrypting and decrypting endpoints.
Recently, encryption analysts have reported weaknesses in the authentication and WEP
encryption schemes in the IEEE 802.11 WLAN standard. Improvements on WEP have
been developed to address the weaknesses found by encryption analysts. However, it is
not recommended to use WEP as a sole security mechanism for a WLAN. WEP should
be supplemented with additional higher-level security mechanisms such as Virtual Private
Networks (VPNs) or firewalls.
802.1X/EAP
IEEE 802.1X/Extensible Authentication Protocol (EAP) is an alternative WLAN security
approach to WEP, as specified by IEEE 802.11. IEEE 802.1X/EAP focuses on developing
a framework for providing centralized authentication and dynamic key distribution.
IEEE 802.1X is a standard for port-based network access control. EAP allows wireless
client adapters that can support different authentication types to communicate with dif-
ferent back-end servers, such as Remote Authentication Dial-In User Service (RADIUS).
chpt_04.fm Page 224 Tuesday, May 27, 2003 9:01 AM
LAN Connection Devices 225
Cisco Systems has developed a derivation of EAP based on mutual authentication, called
Lightweight EAP (LEAP). Mutual authentication means that both the user and the access
point to which the user is attempting to connect must be authenticated before access
onto the corporate network is allowed. Mutual authentication protects enterprises from
unauthorized access points serving as a potential entrance into the network.
The Cisco LEAP authentication provides the following benefits:
■ Centralized authentication and key distribution
■ Large-scale enterprise WLAN deployment because of its broad operating system
support and dynamic key derivation
Host LAN Connectivity: NICs and Interfaces
In terms of appearance, a NIC, shown in Figure 4-37 and 4-38, is a printed circuit
board that fits into the expansion slot of a bus on a computer’s motherboard or

peripheral device. It is also called a network adapter. On laptop/notebook computers,
NICs are usually the size of a credit card. Its function is to connect the host device to
the network medium.
Figure 4-37 Network Interface Card (Circuit Board)
NICs operate at both Layer 1 and Layer 2 of the OSI model. NICs are considered Layer 2
devices because each individual NIC throughout the world carries a unique code, called
a Media Access Control (MAC) address. This address controls data communication for
the host on the network. Layer 2 devices, such as a bridge or switch, use each individual
NIC’s MAC address. This MAC address controls data communication for the host on
the network. You learn more about the MAC address in later chapters. As its name
implies, the NIC controls the host’s access to the medium. For this reason, a NIC also
works at Layer 1 because it looks only at bits and not at any address information or
higher-level protocols. NICs typically have the transceiver built-in.
chpt_04.fm Page 225 Tuesday, May 27, 2003 9:01 AM
226 Chapter 4: Cable Testing and Cabling LANs and WANs
Figure 4-38 Network Interface Card (Media Connection)
In some cases, the type of connector on the NIC does not match the type of media that
needs to be connected to it. A good example is a Cisco 2500 router. On the router, the
Ethernet interface is an AUI connector and that connector needs to connect to a UTP
CAT 5 Ethernet cable. To do this, a transceiver (transmitter/receiver) is used. The
Ethernet transceiver provides the transmit/receive function (because none is built into
the Ethernet interface) and at the same time converts one type of signal or connector to
another (for example, to connect a 15-pin AUI interface to an RJ-45 jack).
In diagrams, NICs have no standardized symbol. It is implied that, when networking
devices are attached to network media, a NIC or NIC-like is device present. Wherever
a dot is seen on a topology map, it represents either a NIC or an interface (port), which
acts like a NIC.
Workstation and Server Relationships
By using LAN and WAN technologies, many computers are interconnected to provide
services to their users. To accomplish this, networked computers take on different roles

or functions in relation to each other. Some types of applications require computers
to function as equal partners. Other types of applications distribute their work so that
one computer functions to serve a number of others in an unequal relationship. In
either case, two computers typically communicate with each other by using request/
response protocols. One computer issues a request for a service, and a second computer
receives and responds to that request. The requestor takes on the role of a client, and
the responder takes on the role of a server.
chpt_04.fm Page 226 Tuesday, May 27, 2003 9:01 AM
Workstation and Server Relationships 227
Peer-to-Peer Networks
In a peer-to-peer network, the networked computers act as equal partners, or peers, to
each other. Peer-to-peer networks are also referred to as workgroups. As peers, each
computer can take on the client function or the server function. At one time, for example,
computer A might make a request for a file from computer B, which responds by serv-
ing the file to computer A. Computer A functions as client, while B functions as the
server. At a later time, computers A and B can reverse roles. B, as client, makes a print
request of A, which has a shared printer attached, and A, as server, responds to the
request from B. A and B stand in a reciprocal or peer relationship to each other.
In a peer-to-peer network, individual users control their own resources. They can
decide to share certain files with other users, as shown in Figure 4-39 and Figure 4-40.
They might also require passwords before they allow others to access their resources.
Because individual users make these decisions, no central point of control or adminis-
tration exists in the network. In addition, individual users must back up their own
systems to be able to recover from data loss in case of failures. When a computer acts
as a server, the user of that machine might experience reduced performance as the
machine serves the requests made by other systems.
Figure 4-39 Sharing Files
chpt_04.fm Page 227 Tuesday, May 27, 2003 9:01 AM
228 Chapter 4: Cable Testing and Cabling LANs and WANs
Figure 4-40 Shared File

Peer-to-peer networks are relatively easy to install and operate. No additional equip-
ment is necessary beyond a suitable operating system installed on each computer. Most
modern desktop operating systems provide support for peer-to-peer networking.
Because users control their own resources, no dedicated administrators are needed.
A peer-to-peer network works well with a small number of computers, perhaps ten
or fewer. As networks grow, peer-to-peer relationships become increasingly difficult to
coordinate and manage. Because they do not scale well, their efficiency decreases rapidly
as the number of computers on the network increases. Also, individual users control
access to the resources on their computers, which means security might be difficult to
maintain. The client/server model of network can be used to overcome the limitations
of the peer-to-peer network.
Client/Server Networks
In a client-server arrangement, network services are located on a dedicated computer
called a server, which responds to the requests of clients, as shown in Figure 4-41. The
server is a central computer that is continuously available to respond to a client’s requests
for file, print, application, and other services. Most network operating systems (NOSs)
adopt the form of client-server relationships. Typically, desktop computers function as
clients and one or more computers with additional processing power, memory, and
specialized software function as servers.
Lab Activity Building a Peer-to-Peer Network
In this lab, you create a simple peer-to-peer network between two PCs. You
identify and locate the proper cable, configure workstation IP addresses and
test connectivity using the ping command. You also share a folder on one PC
and access it with the other.
chpt_04.fm Page 228 Tuesday, May 27, 2003 9:01 AM