Identifying network devices, their functions, and their OSI layer is a foundational Network+ N10-009 topic. Exam questions present network scenarios and ask which device to deploy, which layer a device operates at, or how a specific device handles traffic. You must know hubs, switches, routers, access points, firewalls, load balancers, proxies, and more — their purpose, limitations, and where they fit in a network design.
Practice this topic
Hubs operate at Layer 1 (Physical). They repeat all incoming signals out every port — no intelligence. All devices on a hub share bandwidth and are in the same collision domain. Hubs are obsolete but still appear on the exam as a comparison point. A hub creates one large collision domain.
Switches operate at Layer 2 (Data Link). They build a MAC address table by learning which MAC addresses are reachable via which port, then forward frames only to the correct port. Each switch port is its own collision domain, eliminating collisions. All ports on a switch (by default without VLANs) are in the same broadcast domain. Managed switches add VLAN, QoS, port security, and spanning tree capabilities.
Bridges operate at Layer 2 like switches but with fewer ports — typically used to connect two network segments or filter traffic between them. WAPs (wireless access points) connect wireless clients to the wired network at Layer 2, extending the broadcast domain.
Routers operate at Layer 3 (Network). They forward packets between different networks using IP routing tables and break broadcast domains — broadcasts do not cross router interfaces. Routers connect LANs to WANs and enable internet access. Each router interface is its own broadcast domain.
Multilayer switches (Layer 3 switches) combine switching (Layer 2) and routing (Layer 3) in a single device — commonly used in enterprise distribution layers to route between VLANs without a dedicated router. They perform inter-VLAN routing at wire speed.
Firewalls filter traffic based on rules and operate at Layers 3–4 (stateful packet filtering) or Layer 7 (application-aware firewalls, also called next-generation firewalls or NGFW). NGFWs can inspect HTTPS traffic, identify applications, and block based on content, not just ports.
Load balancers distribute incoming traffic across multiple servers to ensure no single server is overwhelmed, improving performance and availability. They operate at Layer 4 (TCP/UDP) or Layer 7 (application-aware). Common algorithms: round-robin, least-connections, IP hash.
Proxy servers act as intermediaries between clients and the internet. Forward proxies represent clients — they cache content and enforce web filtering for outbound traffic. Reverse proxies represent servers — they load balance, cache, and hide server infrastructure from clients. Both operate at Layer 7.
IDS (Intrusion Detection System) monitors traffic and alerts on suspicious activity. IPS (Intrusion Prevention System) also blocks detected threats. SIEM (Security Information and Event Management) aggregates logs from multiple sources for correlation and alerting. Content filters inspect traffic and block based on URLs, categories, or keywords.
| Device | OSI Layer | Forwarding Basis | Key Function |
|---|---|---|---|
| Hub | Layer 1 | Electrical signal | Repeats all traffic — collision domain |
| Switch | Layer 2 | MAC address | Intelligent forwarding — eliminates collisions |
| Router | Layer 3 | IP address | Routes between networks — breaks broadcasts |
| Multilayer Switch | L2/L3 | MAC and IP | Switches + inter-VLAN routing |
| Wireless AP | Layer 2 | MAC address | Connects wireless clients to LAN |
| Firewall | L3-L7 | IP, port, app | Filters traffic by rules |
| Load Balancer | L4 or L7 | TCP/IP or app | Distributes traffic across servers |
| Proxy | Layer 7 | Application data | Intermediary — caching, filtering |
A switch creates one collision domain
A switch gives each port its own collision domain — only a hub creates a single shared collision domain
Routers stop broadcast traffic on all ports
Routers do not forward broadcasts between interfaces, but each router interface has its own broadcast domain for locally attached devices
IDS and IPS are the same
IDS detects and alerts (passive monitoring); IPS detects and actively blocks malicious traffic inline
These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.
A company wants to allow multiple servers to share incoming web requests so that no single server is overwhelmed. Which device should be deployed?
Explanation: A load balancer distributes incoming requests across multiple servers using algorithms like round-robin or least-connections, ensuring no single server is overwhelmed. A firewall filters traffic by rules. A router connects networks. A proxy acts as an intermediary for client requests.
At which OSI layer does a standard Layer 2 switch make its forwarding decisions?
Explanation: A standard (Layer 2) switch forwards frames based on MAC addresses, which are Data Link layer (Layer 2) addresses. The switch maintains a MAC address table mapping MAC addresses to ports. Layer 3 switches additionally use IP addresses for routing decisions.
An unmanaged switch works out-of-box with no configuration — plug and play, fixed behavior, no VLANs or QoS. A managed switch is configurable via CLI or web GUI: supports VLANs, port security, spanning tree, QoS, SNMP monitoring, and port mirroring. Enterprise and even SOHO networks use managed switches for flexibility and security.
A hub (Layer 1) repeats every incoming signal to all ports — all devices compete for bandwidth (shared collision domain). A switch (Layer 2) learns MAC addresses and forwards frames only to the correct destination port — each port has dedicated bandwidth and its own collision domain. Hubs are obsolete in modern networks.
Try free Network Devices practice questions with explanations, topic links and progress tracking.