This chapter covers networking hardware specifically routers, switches, and access points (APs) as tested in CompTIA A+ 220-1101 Objective 2.3. These devices form the backbone of modern networks, and understanding their differences, functions, and appropriate use cases is critical. Approximately 15-20% of the Networking domain questions involve identifying, comparing, or troubleshooting these devices. Mastering this chapter will help you confidently answer questions about network infrastructure, performance, and connectivity.
Jump to a section
Imagine a large postal sorting office. Letters (data packets) arrive from many different sources and need to be delivered to specific addresses. A switch is like a sorting clerk who knows exactly which bin each mailbox is connected to. When a letter comes in, the clerk looks at the recipient's address (MAC address) and immediately drops it into the correct bin for that mailbox. The clerk doesn't read the street name or city—only the local mailbox number. This is fast because the clerk has a small, local directory. A router is like the inter-city postal truck driver. The driver looks at the city and state (IP address) to decide which highway to take. The driver doesn't care about the specific mailbox; they only need to get the mail to the correct city. Once the mail arrives at the destination city's sorting office, a switch (clerk) handles the final delivery to the correct mailbox. An access point (AP) is like a wireless mail slot—it allows letters to be sent and received without a physical mailbox. The AP converts the mail into radio waves (Wi-Fi) and broadcasts it, so any device with a wireless receiver can pick it up. The AP is connected to the switch via a cable, so mail can travel from the wireless world to the wired world. In this analogy, the switch works at Layer 2 (local delivery), the router works at Layer 3 (inter-city routing), and the AP bridges wireless and wired networks. A network without a router is like a sorting office that can only deliver mail within the same building—no connection to other cities. A network without a switch is like having a single mail slot for the whole building—everyone shares it and it's slow. A network without an AP is like having no wireless mail slots—everyone must plug in physically.
What Are Routers, Switches, and Access Points?
Routers, switches, and access points are the three primary hardware devices used to build local area networks (LANs) and connect them to wide area networks (WANs). Each operates at a different layer of the OSI model and has distinct functions. The CompTIA A+ 220-1101 exam expects you to know the characteristics, use cases, and limitations of each.
Switch: Operates at Layer 2 (Data Link layer). Forwards frames based on MAC addresses. Used to connect devices within the same network (LAN). Switches create a separate collision domain per port and are generally plug-and-play.
Router: Operates at Layer 3 (Network layer). Forwards packets based on IP addresses. Used to connect different networks (e.g., LAN to WAN, or different VLANs). Routers use routing tables to determine the best path.
Access Point (AP): Operates at Layer 2 but bridges wireless to wired. Extends a wired network by providing wireless connectivity. APs are not routers; they do not perform NAT or routing. They are often confused with wireless routers, which combine a router, switch, and AP in one device.
How Switches Work Internally
A switch learns MAC addresses by examining the source MAC address of every incoming frame and storing it in a MAC address table (also called a content-addressable memory or CAM table). The table maps MAC addresses to specific ports. When a frame arrives with a destination MAC address, the switch looks up the table:
If the destination MAC is found and is on a different port, the switch forwards the frame only to that port (unicast).
If the destination MAC is not found, the switch floods the frame out all ports except the incoming port (unknown unicast flood).
If the destination MAC is the broadcast address (FF:FF:FF:FF:FF:FF), the switch floods the frame out all ports except the incoming port.
If the destination MAC is a multicast address, the switch may flood or forward based on IGMP snooping.
Key parameters: - MAC address table size: Typically 8,000 to 128,000 entries for enterprise switches. - Aging time: Default is 300 seconds (5 minutes) for dynamic entries; can be configured. - Store-and-forward: The switch receives the entire frame, checks the CRC, and then forwards. This is the default for most modern switches. - Cut-through: The switch starts forwarding as soon as it reads the destination MAC address (after 6 bytes). Reduces latency but may forward errors. - Fragment-free: A compromise; reads the first 64 bytes to detect collisions.
Switches also support VLANs (802.1Q) to segment traffic logically. Each VLAN is a separate broadcast domain. Trunk ports carry multiple VLANs using tagging.
How Routers Work Internally
Routers use IP addresses to make forwarding decisions. They maintain a routing table that contains routes to networks. Routes can be: - Directly connected: Networks physically attached to the router's interfaces. - Static: Manually configured by an administrator. - Dynamic: Learned through routing protocols like RIP, OSPF, or EIGRP.
When a packet arrives, the router examines the destination IP address, performs a longest prefix match against the routing table, and forwards the packet out the appropriate interface. If no match is found, the router drops the packet and may send an ICMP Destination Unreachable message.
Key components: - Routing table: Contains network address, subnet mask, next hop, metric, and interface. - Default gateway: A route with 0.0.0.0/0 that matches all destinations not in the table. - NAT (Network Address Translation): Routers often perform NAT to allow multiple private IP addresses to share a single public IP. Common types: static NAT, dynamic NAT, PAT (Port Address Translation). - DHCP server: Many home/small office routers include a DHCP server that assigns IP addresses to devices. - Firewall: Most routers include basic packet filtering (ACLs).
How Access Points Work
An access point bridges a wired Ethernet network to wireless clients. It operates in half-duplex mode (wireless is inherently half-duplex). The AP announces its presence by sending beacon frames every 100 ms (default). Clients associate by sending an authentication request and then an association request. The AP can use various security methods: - Open: No authentication, no encryption. - WEP: Old, insecure, uses RC4. - WPA/WPA2-Personal: Pre-shared key (PSK). - WPA2-Enterprise: Uses RADIUS server for authentication. - WPA3: Latest standard, uses SAE (Simultaneous Authentication of Equals).
APs operate on 2.4 GHz and/or 5 GHz bands. Channels overlap, so careful channel planning is needed. The AP can be configured in different modes: - Standalone: Independent AP, managed individually. - Controller-based: Managed by a wireless LAN controller (WLC) for centralized configuration. - Mesh: APs connect wirelessly to each other to extend coverage.
Comparison of Key Features
| Feature | Switch | Router | Access Point | |---------|--------|--------|--------------| | OSI Layer | 2 | 3 | 2 (bridging) | | Forwarding Decision | MAC address | IP address | MAC address | | Broadcast Domain | Single per VLAN | Stops broadcasts | Single per SSID | | Collision Domain | Per port | Per interface | Half-duplex shared | | Connects | Devices within LAN | Different networks | Wireless to wired | | Common Ports | RJ45, SFP | RJ45, SFP, WAN | RJ45 (uplink) | | Management | CLI, web, SNMP | CLI, web, SNMP | Web, CLI, controller |
Interaction Between Devices
In a typical network, the path from a client to the internet goes through an AP (if wireless), then a switch, then a router. For example: 1. A laptop connects to an AP via Wi-Fi. 2. The AP forwards frames to the switch via Ethernet. 3. The switch forwards frames to the router based on MAC address. 4. The router performs NAT and forwards packets to the ISP.
The switch does not need to know about IP addresses; it only cares about MAC addresses. The router does not care about MAC addresses beyond the next hop; it only cares about IP addresses. The AP bridges Layer 2 between wireless and wired.
Configuration Examples
Switch (Cisco-like CLI):
Switch> enable
Switch# configure terminal
Switch(config)# hostname S1
S1(config)# interface gigabitethernet 0/1
S1(config-if)# description Connection to Router
S1(config-if)# no shutdown
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10Router (Cisco-like CLI):
Router> enable
Router# configure terminal
Router(config)# hostname R1
R1(config)# interface gigabitethernet 0/0
R1(config-if)# ip address 192.168.1.1 255.255.255.0
R1(config-if)# no shutdown
R1(config)# ip route 0.0.0.0 0.0.0.0 203.0.113.1Access Point (standalone via web): - Set SSID: "Courseiva-5G" - Security: WPA2-PSK - Passphrase: "StrongPassword!" - Channel: Auto (or manually set to avoid interference) - IP address: 192.168.1.100 (static or DHCP)
Troubleshooting Commands
ping: Tests Layer 3 connectivity.
tracert/traceroute: Shows the path packets take.
ipconfig/ifconfig: Shows IP configuration.
arp -a: Shows ARP cache (IP to MAC mappings).
show mac-address-table (switch): Displays MAC table.
show ip route (router): Displays routing table.
show interfaces: Displays interface statistics, errors.
iwconfig (Linux): Shows wireless settings.
Important Exam Numbers
Default MAC table aging time: 300 seconds.
Default beacon interval: 100 ms.
Maximum Ethernet frame size: 1518 bytes (without VLAN tag), 1522 bytes (with 802.1Q tag).
Maximum MTU for Ethernet: 1500 bytes.
Number of non-overlapping channels in 2.4 GHz: 3 (channels 1, 6, 11).
Number of non-overlapping channels in 5 GHz: 23 (varies by region).
1000BASE-T: 1000 Mbps over Cat5e/Cat6, max distance 100 meters.
10GBASE-T: 10 Gbps over Cat6a/Cat7, max distance 100 meters.
Common Exam Traps
Trap: Confusing a switch with a hub. Hubs repeat all data to all ports; switches forward only to the correct port. The exam often tests this distinction.
Trap: Thinking a router is needed to connect devices within the same network. Actually, a switch is sufficient. Routers are for connecting different networks.
Trap: Assuming all APs are routers. A standalone AP cannot assign IP addresses or perform NAT; it just bridges.
Trap: Forgetting that switches can also operate at Layer 3 (multilayer switches), but the exam expects you to know they are primarily Layer 2.
Trap: Misunderstanding collision domains. Hubs: one collision domain per hub. Switches: one collision domain per port. Routers: each interface is a separate collision domain but also a separate broadcast domain.
Summary of OSI Layers
Hub: Layer 1 (physical layer) – repeats electrical signals.
Switch: Layer 2 (data link) – forwards frames using MAC addresses.
Router: Layer 3 (network) – forwards packets using IP addresses.
Access Point: Layer 2 (bridging) – converts between wired and wireless.
This core explanation covers the essential knowledge for the 220-1101 exam. Focus on the differences in function, the layers they operate at, and how they are used in a network topology.
Device Receives a Frame
A switch receives an Ethernet frame on one of its ports. The frame includes source and destination MAC addresses, EtherType, payload, and FCS. The switch checks the FCS for errors. If the frame is malformed, it is dropped. This is the first step in the switching process. The switch does not care about IP addresses at this point; it only examines the MAC addresses.
MAC Address Learning
The switch reads the source MAC address of the incoming frame and records it in its MAC address table, associating it with the port on which the frame arrived. If the entry already exists, the switch updates the timestamp (aging timer resets). This process allows the switch to build a map of which devices are connected to which ports. The table has a finite size; if full, the switch may drop new entries or overwrite old ones.
Forwarding Decision
The switch looks up the destination MAC address in its MAC address table. If found, the switch forwards the frame only to the port associated with that MAC address (unicast forwarding). If not found, the switch floods the frame out all ports except the incoming port (unknown unicast flood). If the destination is broadcast (FF:FF:FF:FF:FF:FF), the frame is flooded to all ports except the incoming port.
Frame Transmission
The switch transmits the frame out the appropriate port(s). The frame is placed on the wire, and the destination device receives it. If the destination device is on the same port as the source (unlikely), the switch may drop the frame (or not forward it). The switch does not modify the frame content; it only forwards it. In cut-through mode, the switch starts transmitting before the entire frame is received.
Router Receives a Packet
A router receives a packet on an interface. The packet contains source and destination IP addresses, protocol, TTL, and other fields. The router checks the destination IP address and looks up the routing table. If the packet's TTL is 0 or less, the router drops it and sends an ICMP Time Exceeded message. The router also checks for any ACLs (access control lists) that may permit or deny the packet.
Routing Table Lookup
The router performs a longest prefix match on the destination IP address against its routing table. The routing table contains entries with network address, subnet mask, next-hop IP, and outgoing interface. If a matching entry is found, the router determines the next-hop IP address. If no match is found, the router uses the default route (0.0.0.0/0) if configured; otherwise, it drops the packet and sends an ICMP Destination Unreachable.
Packet Forwarding and Encapsulation
The router decrements the TTL by 1, recalculates the header checksum, and encapsulates the packet in a new frame for the outgoing interface. The router looks up the next-hop IP address in its ARP cache to find the corresponding MAC address. If not in cache, it sends an ARP request. The frame is then transmitted out the appropriate interface. The router may also perform NAT if configured, modifying the source IP and port.
Enterprise Deployment Scenarios
Scenario 1: Small Office with 50 Users A small business has 50 employees, each with a desktop computer and VoIP phone. The network uses a single Layer 2 switch (48 ports) connected to a router. The switch handles all internal traffic: file sharing, printing, VoIP. The router connects to the internet via a cable modem. The router also provides DHCP and NAT. An access point is connected to the switch to provide Wi-Fi for guests and mobile devices. The main challenge is VLAN segmentation: the VoIP phones should be on a separate VLAN to prioritize traffic. The switch supports 802.1Q VLANs, so the IT admin configures VLAN 10 for data, VLAN 20 for voice, and VLAN 30 for guest Wi-Fi. The router handles inter-VLAN routing. Common misconfiguration: forgetting to configure the trunk port between switch and router with the allowed VLANs, causing some VLANs to have no connectivity.
Scenario 2: Large Enterprise with 500 Users A company with multiple departments (HR, Finance, Engineering) uses a collapsed core architecture. Two distribution switches connect to a core router. Access switches connect users. Each department is on a separate VLAN. The core router performs inter-VLAN routing and connects to the WAN via a firewall. Wireless is provided by controller-based APs. The wireless LAN controller (WLC) manages APs centrally, pushing configurations and handling roaming. The APs are connected to access switches via PoE. Performance consideration: the core router must handle high throughput; if undersized, it becomes a bottleneck. A common issue is STP (Spanning Tree Protocol) misconfiguration causing loops; proper use of RSTP or MSTP is essential.
Scenario 3: Data Center with iSCSI Storage A data center uses 10GbE switches for iSCSI storage traffic. The switches must support jumbo frames (MTU 9000) to improve performance. Routers are used to connect the storage network to the production network, but iSCSI traffic is typically isolated on its own VLAN or even separate physical switches. The APs are used only for out-of-band management. The main challenge is latency: iSCSI requires low latency, so cut-through switching is preferred. Misconfiguration: enabling flow control on switches can cause performance degradation. The exam does not go deep into iSCSI, but understanding that switches can be used for storage networks is relevant.
What Goes Wrong
Broadcast storms: A loop in the network causes switches to flood broadcast frames repeatedly, consuming bandwidth. STP prevents this.
Duplex mismatch: One device is set to full duplex, the other to half duplex, causing collisions and errors.
VLAN mismatch: Two ends of a trunk have different native VLANs, causing traffic to be misdirected.
DHCP exhaustion: The router's DHCP pool runs out of addresses because of too many devices or stale leases.
Interference: In wireless, neighboring APs on the same channel cause co-channel interference; overlapping channels cause adjacent-channel interference.
From a network engineer's perspective, the most critical skill is understanding when to use a switch vs. a router. A common mistake is using a router where a switch would suffice, adding unnecessary complexity and cost.
What the 220-1101 Exam Tests
Objective 2.3: "Given a scenario, install and configure a basic wired/wireless SOHO network." This includes selecting the appropriate hardware: router, switch, access point. The exam focuses on:
Identifying the correct device for a given scenario (e.g., which device connects two different networks? Router. Which device connects devices within the same network? Switch).
Understanding the features of each device (e.g., a router typically includes NAT, DHCP, firewall; a switch does not).
Knowing the difference between a hub and a switch (hub repeats all traffic; switch forwards selectively).
Recognizing that an access point is not a router (APs do not perform routing or NAT).
Knowing common connector types: RJ45 for Ethernet, SFP for fiber.
Understanding PoE (Power over Ethernet) – switches can provide power to APs and cameras.
Most Common Wrong Answers
"A router is needed to connect computers within the same network." Wrong – a switch is sufficient. Routers are for different networks.
"An access point can assign IP addresses." Wrong – APs do not have DHCP servers; routers do.
"A switch operates at Layer 3." Wrong – switches are Layer 2 (multilayer switches exist but are not the focus).
"All wireless routers are just access points." Wrong – wireless routers combine router, switch, and AP functions.
"A hub and a switch are the same." Wrong – hubs are Layer 1; switches are Layer 2.
Specific Numbers and Terms
100 meters: Maximum distance for Ethernet over twisted pair.
1000BASE-T: Gigabit Ethernet over copper.
10GBASE-T: 10 Gigabit Ethernet over copper.
PoE standards: 802.3af (15.4W), 802.3at (30W), 802.3bt (60W, 100W).
MAC address: 48-bit, usually written in hex (e.g., 00:1A:2B:3C:4D:5E).
IP address: IPv4 32-bit, IPv6 128-bit.
Default gateway: The router's IP address on the local subnet.
Edge Cases and Exceptions
Multilayer switches: These can perform routing (Layer 3) but the exam expects you to know that switches are primarily Layer 2.
Wireless mesh: APs can communicate wirelessly to each other, but each AP still connects to a wired network eventually.
PoE passthrough: Some switches can provide PoE to devices that then pass power to another device (rare on exam).
VLANs: Switches can segment broadcast domains; routers connect VLANs.
How to Eliminate Wrong Answers
If the question asks about connecting two different networks (e.g., LAN to WAN), the answer must involve a router.
If the question asks about connecting multiple devices within the same network, the answer is a switch.
If the question mentions wireless connectivity without routing, the answer is an access point.
If the question mentions a device that assigns IP addresses, it is a router (or a separate DHCP server).
If the question mentions a device that forwards based on MAC addresses, it is a switch.
If the question mentions a device that operates at Layer 1, it is a hub or repeater.
Use the OSI model as your guide: Layer 1 = hub/repeater, Layer 2 = switch/bridge, Layer 3 = router. The exam loves this distinction.
Switches operate at Layer 2 and forward frames using MAC addresses; they connect devices within the same network.
Routers operate at Layer 3 and forward packets using IP addresses; they connect different networks.
Access points bridge wireless and wired networks; they do not perform routing or NAT.
A hub is Layer 1 and repeats all traffic; a switch is Layer 2 and forwards selectively.
Default MAC table aging time on switches is 300 seconds.
Maximum Ethernet cable distance is 100 meters for twisted pair.
In 2.4 GHz Wi-Fi, only channels 1, 6, and 11 are non-overlapping in North America.
PoE standards: 802.3af (15.4W), 802.3at (30W), 802.3bt (60W/100W).
Wireless routers combine a router, switch, and AP in one device.
Managed switches allow configuration of VLANs, trunking, and STP.
These come up on the exam all the time. Here's how to tell them apart.
Switch
Operates at Layer 2 (Data Link layer).
Forwards frames based on MAC addresses.
Creates separate collision domains per port.
Does not stop broadcasts (broadcasts flood within VLAN).
Typically does not perform NAT or DHCP.
Router
Operates at Layer 3 (Network layer).
Forwards packets based on IP addresses.
Each interface is a separate collision and broadcast domain.
Stops broadcasts (does not forward broadcasts between interfaces).
Often performs NAT, DHCP, and firewall functions.
Mistake
A switch can route between different networks.
Correct
A standard Layer 2 switch cannot route; it forwards frames based on MAC addresses only. Routing requires a router or a multilayer switch with routing capabilities. The exam expects you to know that switches are Layer 2 devices.
Mistake
An access point is the same as a wireless router.
Correct
A wireless router combines a router, switch, and access point in one device. A standalone access point only bridges wireless to wired and does not perform NAT, DHCP, or routing. The exam distinguishes between these.
Mistake
All switches are plug-and-play and require no configuration.
Correct
While basic switches work out of the box, managed switches require configuration for VLANs, trunking, STP, etc. The exam may ask about managed vs. unmanaged switches.
Mistake
A hub and a switch work the same way.
Correct
A hub repeats all data to all ports (Layer 1), while a switch forwards data only to the intended port (Layer 2). Hubs create a single collision domain; switches create a separate collision domain per port. The exam often tests this difference.
Mistake
Routers only connect to the internet.
Correct
Routers connect any two different networks, not just the internet. They can connect a LAN to a WAN, or two VLANs within the same organization. The exam expects you to know that routers are used for inter-network communication.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
A switch operates at Layer 2 and forwards frames based on MAC addresses, connecting devices within the same network. A router operates at Layer 3 and forwards packets based on IP addresses, connecting different networks. For example, a switch connects your computers and printer in your home, while the router connects your home network to the internet. On the exam, remember: switches for local traffic, routers for inter-network traffic.
No, a standalone access point does not assign IP addresses. It only bridges wireless clients to the wired network. IP address assignment is typically done by a DHCP server, which is often built into a router. If you connect an AP to a network without a DHCP server, wireless clients will not get an IP address and will not be able to communicate beyond the local link.
The maximum distance for twisted-pair Ethernet (e.g., Cat5e, Cat6) is 100 meters (328 feet) per segment. This includes the cable from the switch to the device or from the switch to a patch panel. Beyond 100 meters, signal degradation occurs, so you need a repeater or switch to extend the distance. The exam often tests this value.
No, you can connect two computers directly with an Ethernet cable (crossover cable) or through a switch. A router is only needed if you want to connect to another network (e.g., the internet) or if you need to assign IP addresses via DHCP. For a simple peer-to-peer network, a switch is sufficient.
An unmanaged switch is plug-and-play with no configuration options. It cannot be monitored or configured. A managed switch allows you to configure VLANs, trunking, port security, SNMP, and other features. Managed switches are used in enterprise networks for better control and security. The exam may ask about when to use each type.
PoE (Power over Ethernet) allows electrical power to be delivered over Ethernet cables to devices like access points, IP cameras, and VoIP phones. This eliminates the need for separate power supplies. Standards: 802.3af (up to 15.4W), 802.3at (up to 30W), 802.3bt (up to 60W or 100W). Switches that support PoE are called PoE switches.
A standard Layer 2 switch cannot route. However, a multilayer switch (Layer 3 switch) can perform routing functions at high speed. The exam typically refers to switches as Layer 2 devices, but you should be aware that multilayer switches exist. For the exam, assume switches are Layer 2 unless specified otherwise.
You've just covered Networking Hardware: Routers, Switches, APs — now see how well it sticks with free 220-1101 practice questions. Full explanations included, no account needed.
Done with this chapter?