Typical network infrastructure includes cables, switches, routers, servers, and client devices. How they fit into a network depends on the network design.
Those interested in winning a Network+ Certification with CompTIA must understand how to design a computer network, which goes beyond the physical infrastructure and layout of a system. The design concerns its topology, policies, installed hardware and software, etc. The following network configuration steps involve securing the system, monitoring its health, troubleshooting, and ensuring network efficiency.
Whether it is a LAN, WAN or virtual LAN (VLANs), modern network infrastructure requires adequate security considerations. Network teams are increasingly implementing new strategies, such as zero-trust security measures, to harden network access. Security protocols can ward off the most resilient threats that threaten to hack into systems. But, before implementing any of these technologies, network professionals must first learn how to design the network itself.
In The Official CompTIA Network+ Self-Paced Study Guide (Exam N10-008), author James Pengelly outlined what candidates can expect in their certification exams. “Lesson 8: Explain network topologies and types” specifically focuses on network topologies and how professionals design resilient networks using tools, standards, and protocols. Review questions at the end of each section prepare candidates for what to expect on their exams.
Here, Pengelly offered advice on what candidates studying for their Network+ certification exams should focus on when it comes to network design considerations.
Editor’s note: The following interview has been edited for length and clarity.
What do you think is the most important thing for network setup candidates to understand?
James Pengelly: When it comes to network topologies, know what each topology does. One of the most common topologies is the star topology, which is when you have a switch and your end systems are all connected to the switch. Another common topology is the mesh topology. This is where you try to connect every system to every other system. When you have lots of nodes and computers, mesh topology becomes inefficient. Most networks you will see and use use a combination of network topologies. They use star networks with mesh features to add redundant paths and ensure a beautiful, fault-tolerant network.
How critical is network design to performance?
Pengelly: It’s very important. Network design will primarily attempt to establish redundancy rather than performance, with performance being primarily determined by the speed of your links. If you have new Cat6 or Cat6a cabling for your access ports, everything will run at 1 Gbps. At the center of the network, you have faster links, so 10 gigabits, or 40 Gbps. This allows everything to quickly move around the middle layer. In terms of current design, distributed architecture ensures that nodes are always connected. There are fault-tolerant paths between each access block and the kernel so your hosts never go offline.
How Spanning Tree Protocol Works (pls) improve the network configuration?
Pengelly: STP is important [because of] redundant links. Redundant links are important because if you have a switch that fails and you have no redundancy, your computers will not be able to access the network. But, when you create this redundancy, you also create a loop in the network. If you are connected to two switches, there are two paths to the core of the network.
STP ensures that only one of these paths is active at a time. It sort of runs automatically on the switch and uses frames called Bridge Protocol Data Units to identify the best path through the network and block any ports that might cause a loop.
What are the benefits of configuring a VLAN on a LAN?
Pengelly: [In a] logical configuration, the nodes must be able to communicate with each other, which also has an impact on performance. You don’t want too many computers in the same segment because that means they’re all creating a lot of broadcast traffic. This will slow down the network a bit.
There are also security reasons — you might want one group of computers to communicate with another group of computers. You may want a group of computers to be filtered from others so that only certain computers can connect to it. These segments can all be created easily using VLANs.
A VLAN is a way to instruct a switch to treat a certain selection of ports as distinct from other ports. You can have VLAN 10 associated with ports 1 through 10 and VLAN 20 associated with ports 11 through 20. Computers connected to VLAN 10 must use a router to access computers in VLAN 20. As part of this routing, you can define a list access control to see if this type of connection should be allowed or not. VLANs provide both a performance and security function.
How can network professionals implement security considerations into their network designs?
Pengelly: When it comes to access ports, one of the issues is that a malicious actor could come in and plug anything into the network. What is implemented nowadays is a feature called network access control or port security. This allows you to configure a port to reject any system it does not recognize. There are different criteria – you can use a simple system called [media access control] MAC filtering or learning, which means the switch port learns which MAC addresses to trust and disables [untrusted] harbors.
If you’re trying to connect interfaces with MAC addresses it doesn’t recognize, you can implement a full 802.1x authentication system. This means that when you attach the node, the switch asks the user to authenticate. They must provide credentials, such as a smart card or user password, and it will not enable the port until those credentials are submitted.
According to the candidates, what is usually the most difficult part of the network configuration?
Pengelly: STP questions are often considered difficult. [Test-takers should] also pay particular attention to questions about VLAN bindings. With switch configuration, one of the key things to remember is the difference between access ports and trunk ports. An access port is one that you connect to an ordinary computer. You define this in the switch configuration as an access port to avoid some of the issues that can arise with spanning tree. Trunk ports are connections between switches. These are configured to ensure that you identify them as a special configuration.