Once, home networks were primarily the realm of technophiles -- most families either didn't need or couldn't afford more than one computer. But now, in addition to using computers for e-mail, people use them for schoolwork, shopping, instant messaging, downloading music and videos, and playing games. For many families, one computer is no longer enough to go around. In a household with multiple computers, a home network often becomes a necessity rather than a technical toy.

John MacDougall/AFP/Getty Images
A view of the living room in the T-Com house in
Berlin, Germany, which wirelessly links up
computers, televisions, handheld PDAs and other
technologies together for seamless interaction.

A home network is simply a method of allowing computers to communicate with one another. If you have two or more computers in your home, a network can let them share:

• Files and documents
• An Internet connection
• Printers, print servers and scanners
• Stereos, TVs and game systems
• CD burners

The different network types use different hardware, but they all have the same essential components:

• More than one computer
• Hardware (such as a router) and software (either built in to the operating system or as a separate application) to coordinate the exchange of information
• A path for the information to follow from one computer to another

If you're thinking of networking the computers in your home, you have several options to explore. In this article, you'll learn about the different types of home computer networks, how they work and what to keep in mind if you're considering creating one.We'll look at the hardware that creates and protects home networks in the next section.­
­


­

­

Search for Home Networking at Alibaba - the world’s largest online base of suppliers and importers.

Related Products:

• 
  
  Router
• 
  
  DSL
• 
  
  DSL Modem

• 
  
  ­DSL Router
• 
  
  Cable Modem
• 
  
  Cable Modem Phone

­
The two most popular home network types are wireless and Ethernet networks. In both of these types, the router does most of the work by directing the traffic between the connected devices. By connecting a router to your dial-up, DSL or cable modem, you can also allow multiple computers to share one connection to the Internet.

If you're going to connect your network to the Internet, you'll need a firewall. A firewall is simply a hardware device or software program that protects your network from malicious users and offensive Web sites, keeping hackers from accessing or destroying your data. Although they're essential for businesses looking to protect large amounts of information, they're just as necessary for someone setting up a home network, since a firewall will secure transactions that might include Social Security numbers, addresses, phone numbers and credit card numbers. Most routers combine wireless and Ethernet technology and also include a hardware firewall.
Many software firewalls installed onto your computer block all incoming information by default and prompt you for permission to allow the information to pass. In this way, a software firewall can learn which types of information you want to allow into your network. Symantec, McAfee and ZoneAlarm are popular companies that produce software-based firewalls. These companies usually offer some free firewall protection as well as advanced security that you can buy.
­

­ A router connects your computers to one another. If you connect it to your modem, it will also connect your network to the Internet.

Other Network Options If neither wireless nor Ethernet seems right for you, you have other options for connecting your computers. If your computers have USB or FireWire ports, you can use cables, jump drives or file transfer devices to move files from place to place. Other options include power-line and phone-line networks. Both power- and phone-line networks use existing wiring in your home to connect your computers, so you don't need to worry about concealing extra cable. Check out "How Power-line Networks Work" and "How Phone-line Networks Work" for more information.

­
Ethernet and wireless networks each have advantages and disadvantages; depending on your needs, one may serve you better than the other. Wired networks provide users with plenty of security and the ability to move lots of data very quickly. Wired networks are typically faster than wireless networks, and they can be very affordable. However, the cost of Ethernet cable can add up -- the more computers on your network and the farther apart they are, the more expensive your network will be. In addition, unless you're building a new house and installing Ethernet cable in the walls, you'll be able to see the cables running from place to place around your home, and wires can greatly limit your mobility. A laptop owner, for example, won't be able to move around easily if his computer is tethered to the wall.
There are three basic systems people use to set up wired networks. An Ethernet system uses either a twisted copper-pair or coaxial-based transport system. The most commonly used cable for Ethernet is a category 5 unshielded twisted pair (UTP) cable -- it's useful for businesses who want to connect several devices together, such as computers and printers, but it's bulky and expensive, making it less practical for home use. A phone line, on the other hand, simply uses existing phone wiring found in most homes, and can provide fast services such as DSL. Finally, broadband systems provide cable Internet and use the same type of coaxial cable that gives us cable television.
If you plan to connect only two computers, all you'll need is a network interface card (NIC) in each computer and a cable to run between them. If you want to connect several computers or other devices, you'll need an additional piece of equipment: an Ethernet router. You'll also need a cable to connect each computer or device to the router.

Photo courtesy Consumer Guide Products This Belkin router provides wireless and Ethernet connections, while also acting as a firewall.

Once you have all of your equipment, all you need to do is install it and configure your computers so they can talk to one another. Exactly what you need to do depends on the type of network and your existing hardware. For example, if your computers came with network cards already installed, all you'll need to do is buy a router and cables and configure your computers to use them. Regardless of which type you select, the routers, adapters and other hardware you buy should come with complete setup instructions.

The steps you'll need to take to configure your computers will also vary based on your hardware and your operating system. User manuals usually provide the necessary information, and Web sites dedicated to specific operating systems often have helpful tips on getting several different computers to talk to each other.

Nervous about Networking? Most people who have a basic familiarity with computers can set up a network without much help. But the idea of installing cards and making connections makes some people nervous. Many Internet service providers (ISPs) offer home networking packages. For a monthly fee (and sometimes an initial setup cost), the ISP will provide you with the hardware and support you need to build and maintain your network.

Next, we'll examine the advantages and disadvantages of wireless networks.
The easiest, least expensive way to connect the computers in your home is to use a wireless network, which uses radio waves instead of wires. The absence of physical wires makes this kind of network very flexible. For example, you can move a laptop from room to room without fiddling with network cables and without losing your connection. The downside is that wireless connections are generally slower than Ethernet connections and they are less secure unless you take measures to protect your network.


If you want to build a wireless network, you'll need a wireless router. Signals from a wireless router extend about 100 feet (30.5 meters) in all directions, but walls can interrupt the signal. Depending on the size and shape of your home and the range of the router, you may need to purchase a range extender or repeater to get enough coverage.

You'll also need a wireless adapter in each computer you plan to connect to the network. You can add printers and other devices to the network as well. Some new models have built-in wireless communication capabilities, and you can use a wireless Ethernet bridge to add wireless capabilities to devices that don't. Any devices that use the Bluetooth standard can also connect easily to each other within a range of about 10 meters (32 feet), and most computers, printers, cell phones, home entertainment systems and other gadgets come installed with the technology.

If you decide to build a wireless network, you'll need to take steps to protect it -- you don't want your neighbors hitchhiking on your wireless signal. Wireless security options include:

• Wired Equivalency Privacy (WEP)
• WiFi Protected Access (WPA)
• Media Access Control (MAC) address filtering

You can choose which method (or combination of methods) you want to use when you set up your wireless router. The IEEE has approved each of these security standards, but studies have proven that WEP can be broken into very easily. If you use WEP, you may consider adding Temporal Key Integrity Protocol (TKIP) to your operating system. TKIP is a wrapper with backward compatibility, which means you can add it to your existing security option without interfering with its activity. Think of it like wrapping a bandage around a cut finger -- the bandage protects the finger without preventing it from carrying out its normal functions.

In the next section, we'll learn about some innovative home network technologies on the rise.
New developments in home networks affect more than just home offices and entertainment systems. Some of the most exciting advances are in healthcare and housing.

In healthcare, Wireless Sensor Networks (WSNs) let doctors monitor patients wirelessly. Patients wear wireless sensors that transmit data through specialized channels. These signals contain information about vital signs, body functions, patient behavior and their environments. In the case of an unusual data transmission -- like a sudden spike in blood pressure or a report that an active patient has become suddenly still -- an emergency channel picks up the signal and sends medical services to the patient's home.

The housing industry is another important field for home network technology development. Bill Gates owns one of the few smart houses in existence, but someday, we might all live in one. A smart house is a fully networked structure with functions that can be controlled from a central computer, making it an ideal technology for homeowners who travel frequently or for homeowners who simply want it all.



Builders are beginning to offer home network options for their customers that range from the primitive -- installing Ethernet cables in the walls -- to the cutting-edge -- managing the ambient temperature from a laptop hundreds of miles from home. In one trial experiment called Laundry Time, Microsoft, Hewlett Packard, Panasonic, Proctor & Gamble and Whirlpool demonstrated the power of interfacing home appliances. The experiment networked a washing machine and clothes dryer with a TV, PC and cell phone. This unheard-of combination of networked devices let homeowners know when their laundry loads were finished washing or drying by sending alerts to their TV screens, instant messaging systems or cell phones. Research and development also continues for systems that perform a wide variety of functions -- data and voice recognition might change the way we enter, exit and secure our homes, while service appliances could prepare our food, control indoor temperatures and keep our homes clean.

Photo courtesy Getty Images In the future, our washing machines will call us on our cell phones when a load is done.

This technology is promising, but it's not quite ready for the consumer market yet. The average consumer can't afford a WSN or a smart house, and if he could, there's a good chance he or she wouldn't be able to operate these sophisticated systems. Another issue is security -- until developers find a way to secure these networks, consumers risk sharing medical information and leaving their homes open to attack.

If you have multiple computers in your home, networking them is a great idea! There are several big advantages to setting up an in-home network:

• If one of the computers has a printer attached, then the other computer can print to it over the network.
• If one of the computers has certain files on it, someone on the other computer can access those files over the network rather than having to copy them onto a floppy disk.
• If you like playing multi-user computer games that have network capabilities built in, then two people can play these games together over the network.
• If you connect to the Internet with one of the computers, the other computer can use that same connection over the network. So one computer can connect to the Internet with a modem and the other computer will route its Internet traffic through that single connection.

Networking PCs has gotten easier and a lot less expensive, but it is still a little bit of a challenge. How Home Networking Works discusses the whole thing in detail, but here's a quick answer.

One way to do it is to buy and install network cards in both machines. You can go to an electronics store and get an inexpensive network card for $20 to $30 these days. You have to open the computer to plug the card in, and then install the driver software. You also have to purchase two network cables ($10 to $20 each) and a small hub ($30 to $40) to physically connect the two machines together. Once you get it all together, the two machines should be able to talk to each other.
This approach has two advantages:

• The network will be very fast -- up to 100 Mbps, and at least 10 Mbps.
• It only costs about $100.

It has two disadvantages:

• You have to open the case and install a card, which intimidates some people.
• You have to run thick network cables around the house. If the computers are in the same room that's okay, but if they are on different floors it can be messy.

You can solve that second disadvantage by purchasing radio modems instead. They cost more but are very easy to connect to one another.

Another path you can follow is something like the Intel AnyPoint Network. Instead of using special network cables, you use your home's telephone wiring to connect computers together (this causes no interference when using the phone for normal calls -- your phone and the network share the same wire). In addition, you can buy a version of the Intel system that uses a USB port, so installation is extremely easy. You can also purchase cards, which are faster.
The big advantage of the Intel system is the use of phone wiring. Simply plug all the computers in your house into phone jacks and they can talk to each other. You also don't need to buy a hub. The disadvantages include:

• Higher prices (for the USB version)
• Slower speeds (for the USB version)

However, installation takes just a few minutes. Besides phone-line networking, you can also use power-line networking and wireless networking to connect your computers. Read How Home Networking Works to learn about the different approaches.
Once you install the physical network, the Windows operating system makes connecting your computers simple. You can use the Network Neighborhood feature to share files and printers. The Intel system comes with software to share an Internet connection, or you can use the version built into Windows 98 and later.

The Internet is one of the 20th century's greatest communications developments. It allows people around the world to send e-mail to one another in a matter of seconds, and it lets you read, among other things, the articles on HowStuffWorks.com. We're all used to seeing the various parts of the Internet that come into our homes and offices -- the Web pages, e-mail messages and downloaded files that make the Internet a dynamic and valuable medium. But none of these parts would ever make it to your computer without a piece of the Internet that you've probably never seen. In fact, most people have never stood "face to machine" with the technology most responsible for allowing the Internet to exist at all: the router.

Photo courtesy Newstream.com Fujitsu GeoStream R980 industrial strength router

Routers are specialized computers that send your messages and those of every other Internet user speeding to their destinations along thousands of pathways. In this article, we'll look at how these behind-the-scenes machines make the Internet work.



­
When you send e-mail to a friend on the other side of the country, how does the message know to end up on your friend's computer, rather than on one of the millions of other computers in the world? Much of the work to get a message from one computer to another is done by routers, because they're the crucial devices that let messages flow between networks, rather than within networks.

Let's look at what a very simple router might do. Imagine a small company that makes animated 3-D graphics for local television stations. There are 10 employees of the company, each with a computer. Four of the employees are animators, while the rest are in sales, accounting and management. The animators will need to send lots of very large files back and forth to one another as they work on projects. To do this, they'll use a network.
When one animator sends a file to another, the very large file will use up most of the network's capacity, making the network run very slowly for other users. One of the reasons that a single intensive user can affect the entire network stems from the way that Ethernet works. Each information packet sent from a computer is seen by all the other computers on the local network. Each computer then examines the packet and decides whether it was meant for its address. This keeps the basic plan of the network simple, but has performance consequences as the size of the network or level of network activity increases. To keep the animators' work from interfering with that of the folks in the front office, the company sets up two separate networks, one for the animators and one for the rest of the company. A router links the two networks and connects both networks to the Internet.


The router is the only device that sees every message sent by any computer on either of the company's networks. When the animator in our example sends a huge file to another animator, the router looks at the recipient's address and keeps the traffic on the animator's network. When an animator, on the other hand, sends a message to the bookkeeper asking about an expense-account check, then the router sees the recipient's address and forwards the message between the two networks.
One of the tools a router uses to decide where a packet should go is a configuration table. A configuration table is a collection of information, including:

• Information on which connections lead to particular groups of addresses
• Priorities for connections to be used
• Rules for handling both routine and special cases of traffic

A configuration table can be as simple as a half-dozen lines in the smallest routers, but can grow to massive size and complexity in the very large routers that handle the bulk of Internet messages. A router, then, has two separate but related jobs:

• The router ensures that information doesn't go where it's not needed. This is crucial for keeping large volumes of data from clogging the connections of "innocent bystanders."
• The router makes sure that information does make it to the intended destination.

In performing these two jobs, a router is extremely useful in dealing with two separate computer networks. It joins the two networks, passing information from one to the other and, in some cases, performing translations of various protocols between the two networks. It also protects the networks from one another, preventing the traffic on one from unnecessarily spilling over to the other. As the number of networks attached to one another grows, the configuration table for handling traffic among them grows, and the processing power of the router is increased. Regardless of how many networks are attached, though, the basic operation and function of the router remains the same. Since the Internet is one huge network made up of tens of thousands of smaller networks, its use of routers is an absolute necessity.


When you make a telephone call to someone on the other side of the country, the telephone system establishes a stable circuit between your telephone and the telephone you're calling. The circuit might involve a half dozen or more steps through copper cables, switches, fiber optics, microwaves and satellites, but those steps are established and remain constant for the duration of the call. This circuit approach means that the quality of the line between you and the person you're calling is consistent throughout the call, but a problem with any portion of the circuit -- maybe a tree falls across one of the lines used, or there's a power problem with a switch -- brings your call to an early and abrupt end. When you send an e-mail message with an attachment to the other side of the country, a very different process is used.

Internet data, whether in the form of a Web page, a downloaded file or an e-mail message, travels over a system known as a packet-switching network. In this system, the data in a message or file is broken up into packages about 1,500 bytes long. Each of these packages gets a wrapper that includes information on the sender's address, the receiver's address, the package's place in the entire message, and how the receiving computer can be sure that the package arrived intact. Each data package, called a packet, is then sent off to its destination via the best available route -- a route that might be taken by all the other packets in the message or by none of the other packets in the message. This might seem very complicated compared to the circuit approach used by the telephone system, but in a network designed for data there are two huge advantages to the packet-switching plan.

• The network can balance the load across various pieces of equipment on a millisecond-by-millisecond basis.
• If there is a problem with one piece of equipment in the network while a message is being transferred, packets can be routed around the problem, ensuring the delivery of the entire message.

The routers that make up the main part of the Internet can reconfigure the paths that packets take because they look at the information surrounding the data packet, and they tell each other about line conditions, such as delays in receiving and sending data and traffic on various pieces of the network. Not all routers do so many jobs, however. Routers come in different sizes. For example:

• If you have enabled Internet connection sharing between two Windows 98-based computers, you're using one of the computers (the computer with the Internet connection) as a simple router. In this instance, the router does so little -- simply looking at data to see whether it's intended for one computer or the other -- that it can operate in the background of the system without significantly affecting the other programs you might be running.
• Slightly larger routers, the sort used to connect a small office network to the Internet, will do a bit more. These routers frequently enforce rules concerning security for the office network (trying to secure the network from certain attacks). They handle enough traffic that they're generally stand-alone devices rather than software running on a server.
• The largest routers, those used to handle data at the major traffic points on the Internet, handle millions of data packets every second and work to configure the network most efficiently. These routers are large stand-alone systems that have far more in common with supercomputers than with your office server.

Let's take a look at a medium-sized router -- the router we use in the HowStuffWorks office. In our case, the router only has two networks to worry about: The office network, with about 50 computers and devices, and the Internet. The office network connects to the router through an Ethernet connection, specifically a 100 base-T connection (100 base-T means that the connection is 100 megabits per second, and uses a twisted-pair cable like an 8-wire version of the cable that connects your telephone to the wall jack). There are two connections between the router and our ISP (Internet service provider). One is a T-1 connection that supports 1.5 megabits per second. The other is an ISDN line that supports 128 kilobits per second. The configuration table in the router tells it that all out-bound packets are to use the T-1 line, unless it's unavailable for some reason (perhaps a backhoe digs up the cable). If it can't be used, then outbound traffic goes on the ISDN line. This way, the ISDN line is held as "insurance" against a problem with the faster T-1 connection, and no action by a staff member is required to make the switch in case of trouble. The router's configuration table knows what to do. In addition to routing packets from one point to another, the HowStuffWorks router has rules limiting how computers from outside the network can connect to computers inside the network, how the HowStuffWorks network appears to the outside world, and other security functions. While most companies also have a special piece of hardware or software called a firewall to enforce security, the rules in a router's configuration table are important to keeping a company's (or family's) network secure.
One of the crucial tasks for any router is knowing when a packet of information stays on its local network. For this, it uses a mechanism called a subnet mask. The subnet mask looks like an IP address and usually reads "255.255.255.0." This tells the router that all messages with the sender and receiver having an address sharing the first three groups of numbers are on the same network, and shouldn't be sent out to another network. Here's an example: The computer at address 15.57.31.40 sends a request to the computer at 15.57.31.52. The router, which sees all the packets, matches the first three groups in the address of both sender and receiver (15.57.31), and keeps the packet on the local network. (You'll learn more about how the addresses work in the next section.)
Between the time these words left the Howstuffworks.com server and the time they showed up on your monitor, they passed through several routers (it's impossible to know ahead of time exactly how many "several" might be) that helped them along the way. It's very similar to the process that gets a postal letter from your mailbox to the mailbox of a friend, with routers taking the place of the mail sorters and handlers along the way.


Routers are one of several types of devices that make up the "plumbing" of a computer network. Hubs, switches and routers all take signals from computers or networks and pass them along to other computers and networks, but a router is the only one of these devices that examines each bundle of data as it passes and makes a decision about exactly where it should go. To make these decisions, routers must first know about two kinds of information: addresses and network structure. When a friend mails a birthday card to be delivered to you at your house, he probably uses an address that looks something like this:

Joe Smith
123 Maple Street
Smalltown, FL 45678

The address has several pieces, each of which helps the people in the postal service move the letter along to your house. The ZIP code can speed the process up; but even without the ZIP code, the card will get to your house as long as your friend includes your state, city and street address. You can think of this address as a logical address because it describes a way someone can get a message to you. This logical address is connected to a physical address that you generally only see when you're buying or selling a piece of property. The survey plot of the land and house, with latitude, longitude or section bearings, gives the legal description, or address, of the property.


Every piece of equipment that connects to a network, whether an office network or the Internet, has a physical address. This is an address that's unique to the piece of equipment that's actually attached to the network cable. For example, if your desktop computer has a network interface card (NIC) in it, the NIC has a physical address permanently stored in a special memory location. This physical address, which is also called the MAC address (for Media Access Control) has two parts, each 3 bytes long. The first 3 bytes identify the company that made the NIC. The second 3 bytes are the serial number of the NIC itself. The interesting thing is that your computer can have several logical addresses at the same time. Of course, you're used to having several "logical addresses" bring messages to one physical address. Your mailing address, telephone number (or numbers) and home e-mail address all work to bring messages to you when you're in your house. They are simply used for different types of messages -- different networks, so to speak.
Logical addresses for computer networks work in exactly the same way. You may be using the addressing schemes, or protocols, from several different types of networks simultaneously. If you're connected to the Internet (and if you're reading this, you probably are), then you have an address that's part of the TCP/IP network protocol. If you also have a small network set up to exchange files between several family computers, then you may also be using the Microsoft NetBEUI protocol. If you connect to your company's network from home, then your computer may have an address that follows Novell's IPX/SPX protocol. All of these can coexist on your computer. Since the driver software that allows your computer to communicate with each network uses resources like memory and CPU time, you don't want to load protocols you won't need, but there's no problem with having all the protocols your work requires running at the same time.
On the next page, you’ll learn how to find your computer’s MAC address.

The chances are very good that you'll never see the MAC address for any of your equipment because the software that helps your computer communicate with a network takes care of matching the MAC address to a logical address. The logical address is what the network uses to pass information along to your computer. If you'd like to see the MAC address and logical address used by the Internet Protocol (IP) for your Windows computer, you can run a small program that Microsoft provides. Go to the "Start" menu, click on "Run," and in the window that appears, type WINIPCFG (IPCONFIG/ALL for Windows 2000/XP). When the gray window appears, click on "More Info" and you'll get this sort of information:
Windows 98 IP Configuration:
Host Name: NAMEHOWSTUFFWORKS
DNS Servers: 208.153.64.20
&nbsp208.153.0.5
Node Type: Broadcast
NetBIOS Scope ID:
IP Routing Enabled: Yes
WINS Proxy Enabled: No
NetBIOS Resolution Uses DNS: No

Ethernet adapter:
Description: PPP Adapter
Physical Address: 44-45-53-54-12-34
DHCP Enabled: Yes
IP Address: 227.78.86.288
Subnet Mask: 255.255.255.0
Default Gateway: 227.78.86.288
DHCP Server: 255.255.255.255
Primary WINS Server:
Secondary WINS Server: Lease Obtained: 01 01 80 12:00:00 AM
Lease Expires: 01 01 80 12:00:00 AM

There's a lot of information here that will vary depending on exactly how your connection to the Internet is established, but the physical address is the MAC address of the adapter queried by the program. The IP address is the logical address assigned to your connection by your ISP or network administrator. You'll see the addresses of other servers, including the DNS servers that keep track of all the names of Internet sites (so you can type "www.howstuffworks.com" rather than "216.27.61.189") and the gateway server that you connect to in order to reach the Internet. When you've finished looking at the information, click OK. (Note: For security reasons, some of the information about this connection to the Internet has been changed. You should be very careful about giving your computer's information to other people -- with your address and the right tools, an unscrupulous person could, in some circumstances, gain access to your personal information and control your system through a "Trojan Horse" program.  


The first and most basic job of the router is to know where to send information addressed to your computer. Just as the mail handler on the other side of the country knows enough to keep a birthday card coming toward you without knowing where your house is, most of the routers that forward an e-mail message to you don't know your computer's MAC address, but they know enough to keep the message flowing. Routers are programmed to understand the most common network protocols. That means they know the format of the addresses, how many bytes are in the basic package of data sent out over the network, and how to make sure all the packages reach their destination and get reassembled. For the routers that are part of the Internet's main "backbone," this means looking at, and moving on, millions of information packages every second. And simply moving the package along to its destination isn't all that a router will do. It's just as important, in today's computerized world, that they keep the message flowing by the best possible route.
In a modern network, every e-mail message is broken up into small pieces. The pieces are sent individually and reassembled when they're received at their final destination. Because the individual pieces of information are called packets and each packet can be sent along a different path, like a train going through a set of switches, this kind of network is called a packet-switched network. It means that you don't have to build a dedicated network between you and your friend on the other side of the country. Your e-mail flows over any one of thousands of different routes to get from one computer to the other.
Depending on the time of day and day of the week, some parts of the huge public packet-switched network may be busier than others. When this happens, the routers that make up this system will communicate with one another so that traffic not bound for the crowded area can be sent by less congested network routes. This lets the network function at full capacity without excessively burdening already-busy areas. You can see, though, how Denial of Service attacks (described in the next section), in which people send millions and millions of messages to a particular server, will affect that server and the routers forwarding message to it. As the messages pile up and pieces of the network become congested, more and more routers send out the message that they're busy, and the entire network with all its users can be affected.


If you're using a Microsoft Windows-based system, you can see just how many routers are involved in your Internet traffic by using a program you have on your computer. The program is called Traceroute, and that describes what it does -- it traces the route that a packet of information takes to get from your computer to another computer connected to the Internet. To run this program, click on the "MS-DOS Prompt" icon on the "Start" menu. Then, at the "C:\WINDOWS>" prompt, type "tracert www.howstuffworks.com". When I did this from my office in Florida, the results looked like this:
The first number shows how many routers are between your computer and the router shown. In this instance, there were a total of 14 routers involved in the process (number 15 is the Howstuffworks.com Web server). The next three numbers show how long it takes a packet of information to move from your computer to the router shown and back again. Next, in this example, starting with step six, comes the "name" of the router or server. This is something that helps people looking at the list but is of no importance to the routers and computers as they move traffic along the Internet. Finally, you see the Internet Protocol (IP) address of each computer or router. The final picture of this trace route shows that there were 14 routers between the Web server and me and that it took, on average, a little more than 2.5 seconds for information to get from my computer to the server and back again.
You can use Traceroute to see how many routers are between you and any other computer you can name or know the IP address for. It can be interesting to see how many steps are required to get to computers outside your nation. Since I live in the United States, I decided to see how many routers were between my computer and the Web server for the British Broadcasting Corporation. At the C:\WINDOWS> prompt, I typed tracert www.bbc.com. The result was this:

You can see that it took only one more step to reach a Web server on the other side of the Atlantic Ocean than it did to reach a server two states away!
On the next page, we'll go into detail about Denial of Service attacks.


In the first quarter of 2000, there were several attacks on very popular Web sites. Most of these were "Denial of Service" attacks -- attacks that served to prevent regular readers and customers of the sites from getting a response to their requests. How did someone manage to do this? They did it by flooding the servers, and their attached routers, with requests for information at a rate far too great for the system to handle. Most routers have rules in the configuration table that won't allow millions of requests from the same sending address. If too many requests from one address are received in a short period of time, the router simply discards them without forwarding. The people responsible for the attacks knew this, so they illicitly planted programs on many different computers. These programs, when triggered, began sending thousands of requests a minute to one or more Web sites. The programs "spoofed" the IP address of the sender, placing a different false IP address on each packet so that the routers' security rules wouldn't be triggered.
When the packet floods were triggered, millions of requests for information began to hit the targeted Web sites. While the servers were being heavily taxed by the requests, the real impact was to the routers just "upstream" from the servers. Suddenly these routers, which were robust but of a size appropriate for normal traffic, were getting the levels of requests normally associated with Internet backbone routers. They couldn't handle the massive number of packets, and began discarding packets and sending status messages to other routers stating that the connection was full. As these messages cascaded through the routers leading to attacked servers, all paths to the servers were clogged, legitimate traffic couldn't get through the logjam, and the attackers' goals were accomplished.
Web content providers and router companies have placed new rules designed to prevent such an attack in the configuration tables, and the companies and universities whose computers were used to launch the attacks have worked to prevent their systems being used maliciously. Whether their defenses, or the new attacks designed by criminals, will prevail remains to be seen.


In order to handle all the users of even a large private network, millions and millions of traffic packets must be sent at the same time. Some of the largest routers are made by Cisco Systems, Inc., a company that specializes in networking hardware. Cisco's Gigabit Switch Router 12000 series of routers is the sort of equipment that is used on the backbone of the Internet. These routers use the same sort of design as some of the most powerful supercomputers in the world, a design that ties many different processors together with a series of extremely fast switches. The 12000 series uses 200-MHz MIPS R5000 processors, the same type of processor used in the workstations that generate much of the computer animation and special effects used in movies. The largest model in the 12000 series, the 12016, uses a series of switches that can handle up to 320 billion bits of information per second and, when fully loaded with boards, move as many as 60 million packets of data every second. Beyond the computing power of the processors, these routers can handle so much information because they are very highly specialized. Relieved of the burden of displaying 3-D graphics and waiting for mouse input, modern processors and software can cope with amazing amounts of information. Even with the computing power available in a very large router, how does it know which of the many possibilities for outbound connection a particular packet should take? The answer lies back in the configuration table. The router will scan the destination address and match that IP address against rules in the configuration table. The rules will say that packets in a particular group of addresses (a group that may be large or small, depending on precisely where the router is) should go in a specific direction. Next the router will check the performance of the primary connection in that direction against another set of rules. If the performance of the connection is good enough, the packet is sent, and the next packet handled. If the connection is not performing up to expected parameters, then an alternate is chosen and checked. Finally, a connection will be found with the best performance at a given moment, and the packet will be sent on its way. All of this happens in a tiny fraction of a second, and this activity goes on millions of times a second, around the world, 24 hours every day.
Knowing where and how to send a message is the most important job of a router. Some simple routers do this and nothing more. Other routers add additional functions to the jobs they perform. Rules about where messages from inside a company may be sent and from which companies messages are accepted can be applied to some routers. Others may have rules that help minimize the damage from "denial of service" attacks. The one constant is that modern networks, including the Internet, could not exist without the router.

Thanks to Cisco for their support in creating this article!

If you have read other HowStuffWorks articles on networking or the Internet, then you know that a typical network consists of:

• nodes (computers)
• a connecting medium (wired or wireless)
• specialized network equipment like routers or hubs.

In the case of the Internet, all of these pieces work together to allow your computer to send information to another computer that could be on the other side of the world! Switches are another fundamental part of many networks because they speed things up. Switches allow different nodes (a network connection point, typically a computer) of a network to communicate directly with one another in a smooth and efficient manner.

Image courtesy Cisco Systems, Inc. Illustration of a Cisco Catalyst switch. See more pictures of LAN switches.

There are many different types of switches and networks. Switches that provide a separate connection for each node in a company's internal network are called LAN switches. Essentially, a LAN switch creates a series of instant networks that contain only the two devices communicating with each other at that particular moment. In this article, we will focus on Ethernet networks that use LAN switches. You will learn what a LAN switch is and how transparent bridging works, as well as about VLANs, trunking and spanning trees.

Search for LAN Switches at Alibaba - the world’s largest online base of suppliers and importers.

Related Products:

• 
  
  LAN Adapter
• 
  
  LAN Antenna
• 
  
  LAN Cable

• 
  
  LAN Card
• 
  
  LAN Connector
• 
  
  LAN Protocols

­

Here are some of the fundamental parts of a network:

• Network - A network is a group of computers connected together in a way that allows information to be exchanged between the computers.
• Node - A node is anything that is connected to the network. While a node is typically a computer, it can also be something like a printer or CD-ROM tower.
• Segment - A segment is any portion of a network that is separated, by a switch, bridge or router, from other parts of the network.
• Backbone - The backbone is the main cabling of a network that all of the segments connect to. Typically, the backbone is capable of carrying more information than the individual segments. For example, each segment may have a transfer rate of 10 Mbps (megabits per second), while the backbone may operate at 100 Mbps.
• Topology - Topology is the way that each node is physically connected to the network (more on this in the next section).
• Local Area Network (LAN) - A LAN is a network of computers that are in the same general physical location, usually within a building or a campus. If the computers are far apart (such as across town or in different cities), then a Wide Area Network (WAN) is typically used.
• Network Interface Card (NIC) - Every computer (and most other devices) is connected to a network through an NIC. In most desktop computers, this is an Ethernet card (normally 10 or 100 Mbps) that is plugged into a slot on the computer's motherboard.
• Media Access Control (MAC) address - This is the physical address of any device -- such as the NIC in a computer -- on the network. The MAC address, which is made up of two equal parts, is 6 bytes long. The first 3 bytes identify the company that made the NIC. The second 3 bytes are the serial number of the NIC itself.
• Unicast - A unicast is a transmission from one node addressed specifically to another node.
• Multicast - In a multicast, a node sends a packet addressed to a special group address. Devices that are interested in this group register to receive packets addressed to the group. An example might be a Cisco router sending out an update to all of the other Cisco routers.
• Broadcast - In a broadcast, a node sends out a packet that is intended for transmission to all other nodes on the network.

On the next page, we'll discuss some of the most common network topologies.


Some of the most common topologies in use today include:

• Bus - Each node is daisy-chained (connected one right after the other) along the same backbone, similar to Christmas lights. Information sent from a node travels along the backbone until it reaches its destination node. Each end of a bus network must be terminated with a resistor to keep the signal that is sent by a node across the network from bouncing back when it reaches the end of the cable.

Bus network topology

• Ring - Like a bus network, rings have the nodes daisy-chained. The difference is that the end of the network comes back around to the first node, creating a complete circuit. In a ring network, each node takes a turn sending and receiving information through the use of a token. The token, along with any data, is sent from the first node to the second node, which extracts the data addressed to it and adds any data it wishes to send. Then, the second node passes the token and data to the third node, and so on until it comes back around to the first node again. Only the node with the token is allowed to send data. All other nodes must wait for the token to come to them.

Ring network topology

• Star - In a star network, each node is connected to a central device called a hub. The hub takes a signal that comes from any node and passes it along to all the other nodes in the network. A hub does not perform any type of filtering or routing of the data. It is simply a junction that joins all the different nodes together.

Star network topology

• Star bus - Probably the most common network topology in use today, star bus combines elements of the star and bus topologies to create a versatile network environment. Nodes in particular areas are connected to hubs (creating stars), and the hubs are connected together along the network backbone (like a bus network). Quite often, stars are nested within stars, as seen in the example below:

A typical star bus network

In the most basic type of network found today, nodes are simply connected together using hubs. As a network grows, there are some potential problems with this configuration:

• Scalability - In a hub network, limited shared bandwidth makes it difficult to accommodate significant growth without sacrificing performance. Applications today need more bandwidth than ever before. Quite often, the entire network must be redesigned periodically to accommodate growth.
• Latency - This is the amount of time that it takes a packet to get to its destination. Since each node in a hub-based network has to wait for an opportunity to transmit in order to avoid collisions, the latency can increase significantly as you add more nodes. Or, if someone is transmitting a large file across the network, then all of the other nodes have to wait for an opportunity to send their own packets. You have probably seen this before at work -- you try to access a server or the Internet and suddenly everything slows down to a crawl.
• Network failure - In a typical network, one device on a hub can cause problems for other devices attached to the hub due to incorrect speed settings (100 Mbps on a 10-Mbps hub) or excessive broadcasts. Switches can be configured to limit broadcast levels.
• Collisions - Ethernet uses a process called CSMA/CD (Carrier Sense Multiple Access with Collision Detection) to communicate across the network. Under CSMA/CD, a node will not send out a packet unless the network is clear of traffic. If two nodes send out packets at the same time, a collision occurs and the packets are lost. Then both nodes wait a random amount of time and retransmit the packets. Any part of the network where there is a possibility that packets from two or more nodes will interfere with each other is considered to be part of the same collision domain. A network with a large number of nodes on the same segment will often have a lot of collisions and therefore a large collision domain.

While hubs provide an easy way to scale up and shorten the distance that the packets must travel to get from one node to another, they do not break up the actual network into discrete segments. That is where switches come in. In the next section, you'll find out how switches assist in directing network traffic.


Think of a hub as a four-way intersection where everyone has to stop. If more than one car reaches the intersection at the same time, they have to wait for their turn to proceed.

Imagine that each vehicle is a packet of data waiting for an opportunity to continue on its trip.

Now imagine what this would be like with a dozen or even a hundred roads intersecting at a single point. The amount of waiting and the potential for a collision increases significantly. But wouldn't it be amazing if you could take an exit ramp from any one of those roads to the road of your choosing? That is exactly what a switch does for network traffic. A switch is like a cloverleaf intersection -- each car can take an exit ramp to get to its destination without having to stop and wait for other traffic to go by.
A vital difference between a hub and a switch is that all the nodes connected to a hub share the bandwidth among themselves, while a device connected to a switch port has the full bandwidth all to itself. For example, if 10 nodes are communicating using a hub on a 10-Mbps network, then each node may only get a portion of the 10 Mbps if other nodes on the hub want to communicate as well. But with a switch, each node could possibly communicate at the full 10 Mbps. Think about our road analogy. If all of the traffic is coming to a common intersection, then each car it has to share that intersection with every other car. But a cloverleaf allows all of the traffic to continue at full speed from one road to the next.


In a fully switched network, switches replace all the hubs of an Ethernet network with a dedicated segment for every node. These segments connect to a switch, which supports multiple dedicated segments (sometimes in the hundreds). Since the only devices on each segment are the switch and the node, the switch picks up every transmission before it reaches another node. The switch then forwards the frame over the appropriate segment. Since any segment contains only a single node, the frame only reaches the intended recipient. This allows many conversations to occur simultaneously on a switched network.

Image courtesy Cisco Networks An example of a network using a switch

Switching allows a network to maintain full-duplex Ethernet. Before switching, Ethernet was half-duplex, which means that data could be transmitted in only one direction at a time. In a fully switched network, each node communicates only with the switch, not directly with other nodes. Information can travel from node to switch and from switch to node simultaneously.
Fully switched networks employ either twisted-pair or fiber-optic cabling, both of which use separate conductors for sending and receiving data. In this type of environment, Ethernet nodes can forgo the collision detection process and transmit at will, since they are the only potential devices that can access the medium. In other words, traffic flowing in each direction has a lane to itself. This allows nodes to transmit to the switch as the switch transmits to them -- it's a collision-free environment. Transmitting in both directions can effectively double the apparent speed of the network when two nodes are exchanging information. If the speed of the network is 10 Mbps, then each node can transmit simultaneously at 10 Mbps.


Most networks are not fully switched because of the costs incurred in replacing all of the hubs with switches.

A mixed network with two switches and three hubs

Instead, a combination of switches and hubs are used to create an efficient yet cost-effective network. For example, a company may have hubs connecting the computers in each department and then a switch connecting all of the department-level hubs.


You can see that a switch has the potential to radically change the way nodes communicate with each other. But you may be wondering what makes it different from a router. Switches usually work at Layer 2 (Data or Datalink) of the OSI Reference Model, using MAC addresses, while routers work at Layer 3 (Network) with Layer 3 addresses (IP, IPX or Appletalk, depending on which Layer 3 protocols are being used). The algorithm that switches use to decide how to forward packets is different from the algorithms used by routers to forward packets.
One of these differences in the algorithms between switches and routers is how broadcasts are handled. On any network, the concept of a broadcast packet is vital to the operability of a network. Whenever a device needs to send out information but doesn't know who it should send it to, it sends out a broadcast. For example, every time a new computer or other device comes on to the network, it sends out a broadcast packet to announce its presence. The other nodes (such as a domain server) can add the computer to their browser list (kind of like an address directory) and communicate directly with that computer from that point on. Broadcasts are used any time a device needs to make an announcement to the rest of the network or is unsure of who the recipient of the information should be.

The OSI Reference Model consists of seven layers that build from the wire (Physical) to the software (Application).

A hub or a switch will pass along any broadcast packets they receive to all the other segments in the broadcast domain, but a router will not. Think about our four-way intersection again: All of the traffic passed through the intersection no matter where it was going. Now imagine that this intersection is at an international border. To pass through the intersection, you must provide the border guard with the specific address that you are going to. If you don't have a specific destination, then the guard will not let you pass. A router works like this. Without the specific address of another device, it will not let the data packet through. This is a good thing for keeping networks separate from each other, but not so good when you want to talk between different parts of the same network. This is where switches come in.


LAN switches rely on packet-switching. The switch establishes a connection between two segments just long enough to send the current packet. Incoming packets (part of an Ethernet frame) are saved to a temporary memory area (buffer); the MAC address contained in the frame's header is read and then compared to a list of addresses maintained in the switch's lookup table. In an Ethernet-based LAN, an Ethernet frame contains a normal packet as the payload of the frame, with a special header that includes the MAC address information for the source and destination of the packet.
Packet-based switches use one of three methods for routing traffic:

• Cut-through
• Store-and-forward
• Fragment-free

Cut-through switches read the MAC address as soon as a packet is detected by the switch. After storing the 6 bytes that make up the address information, they immediately begin sending the packet to the destination node, even as the rest of the packet is coming into the switch.
A switch using store-and-forward will save the entire packet to the buffer and check it for CRC errors or other problems before sending. If the packet has an error, it is discarded. Otherwise, the switch looks up the MAC address and sends the packet on to the destination node. Many switches combine the two methods, using cut-through until a certain error level is reached and then changing over to store-and-forward. Very few switches are strictly cut-through, since this provides no error correction.
A less common method is fragment-free. It works like cut-through except that it stores the first 64 bytes of the packet before sending it on. The reason for this is that most errors, and all collisions, occur during the initial 64 bytes of a packet.


LAN switches vary in their physical design. Currently, there are three popular configurations in use:

• Shared memory - This type of switch stores all incoming packets in a common memory buffer shared by all the switch ports (input/output connections), then sends them out via the correct port for the destination node.
• Matrix - This type of switch has an internal grid with the input ports and the output ports crossing each other. When a packet is detected on an input port, the MAC address is compared to the lookup table to find the appropriate output port. The switch then makes a connection on the grid where these two ports intersect.
• Bus architecture - Instead of a grid, an internal transmission path (common bus) is shared by all of the ports using TDMA. A switch based on this configuration has a dedicated memory buffer for each port, as well as an ASIC to control the internal bus access.

Most Ethernet LAN switches use a very cool system called transparent bridging to create their address lookup tables. Transparent bridging is a technology that allows a switch to learn everything it needs to know about the location of nodes on the network without the network administrator having to do anything. Transparent bridging has five parts:

• Learning
• Flooding
• Filtering
• Forwarding
• Aging

Here's how it works:


Click on the menu terms to learn more about how transparent
bridging works.
In the next section, you'll get a step-by-step description of how transparent bridging works.


Here's a step-by-step description of transparent bridging:


Click on the menu terms to learn more about how transparent
bridging works.

• The switch is added to the network, and the various segments are plugged into the switch's ports.
• A computer (Node A) on the first segment (Segment A) sends data to a computer (Node B) on another segment (Segment C).
• The switch gets the first packet of data from Node A. It reads the MAC address and saves it to the lookup table for Segment A. The switch now knows where to find Node A anytime a packet is addressed to it. This process is called learning.
• Since the switch does not know where Node B is, it sends the packet to all of the segments except the one that it arrived on (Segment A). When a switch sends a packet out to all segments to find a specific node, it is called flooding.
• Node B gets the packet and sends a packet back to Node A in acknowledgement.
• The packet from Node B arrives at the switch. Now the switch can add the MAC address of Node B to the lookup table for Segment C. Since the switch already knows the address of Node A, it sends the packet directly to it. Because Node A is on a different segment than Node B, the switch must connect the two segments to send the packet. This is known as forwarding.
• The next packet from Node A to Node B arrives at the switch. The switch now has the address of Node B, too, so it forwards the packet directly to Node B.
• Node C sends information to the switch for Node A. The switch looks at the MAC address for Node C and adds it to the lookup table for Segment A. The switch already has the address for Node A and determines that both nodes are on the same segment, so it does not need to connect Segment A to another segment for the data to travel from Node C to Node A. Therefore, the switch will ignore packets traveling between nodes on the same segment. This is filtering.
• Learning and flooding continue as the switch adds nodes to the lookup tables. Most switches have plenty of memory in a switch for maintaining the lookup tables; but to optimize the use of this memory, they still remove older information so that the switch doesn't waste time searching through stale addresses. To do this, switches use a technique called aging. Basically, when an entry is added to the lookup table for a node, it is given a timestamp. Each time a packet is received from a node, the timestamp is updated. The switch has a user-configurable timer that erases the entry after a certain amount of time with no activity from that node. This frees up valuable memory resources for other entries. As you can see, transparent bridging is a great and essentially maintenance-free way to add and manage all the information a switch needs to do its job!

In our example, two nodes share segment A, while the switch creates independent segments for Node B and Node D. In an ideal LAN-switched network, every node would have its own segment. This would eliminate the possibility of collisions and also the need for filtering.


When we talked about bus and ring networks earlier, one issue was the possibility of a single point of failure. In a star or star-bus network, the point with the most potential for bringing all or part of the network down is the switch or hub. Look at the example below:
In this example, if either switch A or C fails, then the nodes connected to that particular switch are affected, but nodes at the other two switches can still communicate. However, if switch B fails, then the entire network is brought down. What if we add another segment to our network connecting switches A and C?

In this case, even if one of the switches fails, the network will continue. This provides redundancy, effectively eliminating the single point of failure.
But now we have a new problem.


In the last section, you discovered how switches learn where the nodes are located. With all of the switches now connected in a loop, a packet from a node could quite possibly come to a switch from two different segments. For example, imagine that Node B is connected to Switch A, and needs to communicate with Node A on Segment B. Switch A does not know who Node A is, so it floods the packet.

The packet travels via Segment A or Segment C to the other two switches (B and C). Switch B will add Node B to the lookup table it maintains for Segment A, while Switch C will add it to the lookup table for Segment C. If neither switch has learned the address for Node A yet, they will flood Segment B looking for Node A. Each switch will take the packet sent by the other switch and flood it back out again immediately, since they still don't know who Node A is. Switch A will receive the packet from each segment and flood it back out on the other segment. This causes a broadcast storm as the packets are broadcast, received and rebroadcast by each switch, resulting in potentially severe network congestion.
Which brings us to spanning trees...


To prevent broadcast storms and other unwanted side effects of looping, Digital Equipment Corporation created the spanning-tree protocol (STP), which has been standardized as the 802.1d specification by the Institute of Electrical and Electronic Engineers (IEEE). Essentially, a spanning tree uses the spanning-tree algorithm (STA), which senses that the switch has more than one way to communicate with a node, determines which way is best and blocks out the other path(s). The cool thing is that it keeps track of the other path(s), just in case the primary path is unavailable.
Here's how STP works:

• Each switch is assigned a group of IDs, one for the switch itself and one for each port on the switch. The switch's identifier, called the bridge ID (BID), is 8 bytes long and contains a bridge priority (2 bytes) along with one of the switch's MAC addresses (6 bytes). Each port ID is 16 bits long with two parts: a 6-bit priority setting and a 10-bit port number.
• A path cost value is given to each port. The cost is typically based on a guideline established as part of 802.1d. According to the original specification, cost is 1,000 Mbps (1 gigabit per second) divided by the bandwidth of the segment connected to the port. Therefore, a 10 Mbps connection would have a cost of (1,000/10) 100. To compensate for the speed of networks increasing beyond the gigabit range, the standard cost has been slightly modified. The new cost values are:
  
  
  

  Bandwidth	STP Cost Value
  4 Mbps	250
  10 Mbps	100
  16 Mbps	62
  45 Mbps	39
  100 Mbps	19
  155 Mbps	14
  622 Mbps	6
  1 Gbps	4
  10 Gbps	2

  You should also note that the path cost can be an arbitrary value assigned by the network administrator, instead of one of the standard cost values.
  
• Each switch begins a discovery process to choose which network paths it should use for each segment. This information is shared between all the switches by way of special network frames called bridge protocol data units (BPDU). The parts of a BPDU are:
  
  • Root BID - This is the BID of the current root bridge.
  • Path cost to root bridge - This determines how far away the root bridge is. For example, if the data has to travel over three 100-Mbps segments to reach the root bridge, then the cost is (19 + 19 + 0) 38. The segment attached to the root bridge will normally have a path cost of zero.
  • Sender BID - This is the BID of the switch that sends the BPDU.
  • Port ID - This is the actual port on the switch that the BPDU was sent from.
  All of the switches are constantly sending BPDUs to each other, trying to determine the best path between various segments. When a switch receives a BPDU (from another switch) that is better than the one it is broadcasting for the same segment, it will stop broadcasting its BPDU out that segment. Instead, it will store the other switch's BPDU for reference and for broadcasting out to inferior segments, such as those that are farther away from the root bridge.
  
• A root bridge is chosen based on the results of the BPDU process between the switches. Initially, every switch considers itself the root bridge. When a switch first powers up on the network, it sends out a BPDU with its own BID as the root BID. When the other switches receive the BPDU, they compare the BID to the one they already have stored as the root BID. If the new root BID has a lower value, they replace the saved one. But if the saved root BID is lower, a BPDU is sent to the new switch with this BID as the root BID. When the new switch receives the BPDU, it realizes that it is not the root bridge and replaces the root BID in its table with the one it just received. The result is that the switch that has the lowest BID is elected by the other switches as the root bridge.
• Based on the location of the root bridge, the other switches determine which of their ports has the lowest path cost to the root bridge. These ports are called root ports, and each switch (other than the current root bridge) must have one.
• The switches determine who will have designated ports. A designated port is the connection used to send and receive packets on a specific segment. By having only one designated port per segment, all looping issues are resolved! Designated ports are selected based on the lowest path cost to the root bridge for a segment. Since the root bridge will have a path cost of "0," any ports on it that are connected to segments will become designated ports. For the other switches, the path cost is compared for a given segment. If one port is determined to have a lower path cost, it becomes the designated port for that segment. If two or more ports have the same path cost, then the switch with the lowest BID is chosen.
  
• Once the designated port for a network segment has been chosen, any other ports that connect to that segment become non-designated ports. They block network traffic from taking that path so it can only access that segment through the designated port.

Each switch has a table of BPDUs that it continually updates. The network is now configured as a single spanning tree, with the root bridge as the trunk and all the other switches as branches. Each switch communicates with the root bridge through the root ports, and with each segment through the designated ports, thereby maintaining a loop-free network. In the event that the root bridge begins to fail or have network problems, STP allows the other switches to immediately reconfigure the network with another switch acting as root bridge. This amazing process gives a company the ability to have a complex network that is fault-tolerant and yet fairly easy to maintain.


While most switches operate at the Data layer (Layer 2) of the OSI Reference Model, some incorporate features of a router and operate at the Network layer (Layer 3) as well. In fact, a Layer 3 switch is incredibly similar to a router.

Layer 3 switches actually work at the Network layer.

When a router receives a packet, it looks at the Layer 3 source and destination addresses to determine the path the packet should take. A standard switch relies on the MAC addresses to determine the source and destination of a packet, which is Layer 2 (Data) networking.
The fundamental difference between a router and a Layer 3 switch is that Layer 3 switches have optimized hardware to pass data as fast as Layer 2 switches, yet they make decisions on how to transmit traffic at Layer 3, just like a router. Within the LAN environment, a Layer 3 switch is usually faster than a router because it is built on switching hardware. In fact, many of Cisco's Layer 3 switches are actually routers that operate faster because they are built on "switching" hardware with customized chips inside the box.
The pattern matching and caching on Layer 3 switches is similar to the pattern matching and caching on a router. Both use a routing protocol and routing table to determine the best path. However, a Layer 3 switch has the ability to reprogram the hardware dynamically with the current Layer 3 routing information. This is what allows for faster packet processing.
On current Layer 3 switches, the information received from the routing protocols is used to update the hardware caching tables.


As networks have grown in size and complexity, many companies have turned to virtual local area networks (VLANs) to provide some way of structuring this growth logically. Basically, a VLAN is a collection of nodes that are grouped together in a single broadcast domain that is based on something other than physical location.
You learned about broadcasts earlier, and how a router does not pass along broadcasts. A broadcast domain is a network (or portion of a network) that will receive a broadcast packet from any node located within that network. In a typical network, everything on the same side of the router is all part of the same broadcast domain. A switch that you have implemented VLANs on has multiple broadcast domains, similar to a router. But you still need a router (or Layer 3 routing engine) to route from one VLAN to another -- the switch can't do this by itself.
Here are some common reasons why a company might have VLANs:

• Security - Separating systems that have sensitive data from the rest of the network decreases the chances that people will gain access to information they are not authorized to see.
• Projects/Special applications - Managing a project or working with a specialized application can be simplified by the use of a VLAN that brings all of the required nodes together.
• Performance/Bandwidth - Careful monitoring of network use allows the network administrator to create VLANs that reduce the number of router hops and increase the apparent bandwidth for network users.
• Broadcasts/Traffic flow - Since a principle element of a VLAN is the fact that it does not pass broadcast traffic to nodes that are not part of the VLAN, it automatically reduces broadcasts. Access lists provide the network administrator with a way to control who sees what network traffic. An access list is a table the network administrator creates that lists which addresses have access to that network.
• Departments/Specific job types - Companies may want VLANs set up for departments that are heavy network users (such as multimedia or engineering), or a VLAN across departments that is dedicated to specific types of employees (such as managers or sales people).

You can create a VLAN using most switches simply by logging into the switch via Telnet and entering the parameters for the VLAN (name, domain and port assignments). After you have created the VLAN, any network segments connected to the assigned ports will become part of that VLAN. While you can have more than one VLAN on a switch, they cannot communicate directly with one another on that switch. If they could, it would defeat the purpose of having a VLAN, which is to isolate a part of the network. Communication between VLANs requires the use of a router.
VLANs can span multiple switches, and you can have more than one VLAN on each switch. For multiple VLANs on multiple switches to be able to communicate via a single link between the switches, you must use a process called trunking -- trunking is the technology that allows information from multiple VLANs to be carried over a single link between switches.
On the next page, you'll learn about trunking.


The VLAN trunking protocol (VTP) is the protocol that switches use to communicate among themselves about VLAN configuration.
In the image above, each switch has two VLANs. On the first switch, VLAN A and VLAN B are sent through a single port (trunked) to the router and through another port to the second switch. VLAN C and VLAN D are trunked from the second switch to the first switch, and through the first switch to the router. This trunk can carry traffic from all four VLANs. The trunk link from the first switch to the router can also carry all four VLANs. In fact, this one connection to the router allows the router to appear on all four VLANs, as if it had four different physical ports connected to the switch.
The VLANs can communicate with each other via the trunking connection between the two switches using the router. For example, data from a computer on VLAN A that needs to get to a computer on VLAN B (or VLAN C or VLAN D) must travel from the switch to the router and back again to the switch. Because of the transparent bridging algorithm and trunking, both PCs and the router think that they are on the same physical segment!
As you can see, LAN switches are an amazing technology that can really make a difference in the speed and quality of a network.