2.5 CompTIA A+ · Core 1 (220-1201) · Domain 2 — Networking

Compare and Contrast Common
Networking Hardware Devices

Objective 2.5 Domain weight: 20% 10 device categories

OVERVIEWIntroduction

Every network — from a one-room home office to a multi-floor enterprise — is built from a small set of physical building blocks. Objective 2.5 asks you to identify these devices, explain what layer of the network they operate at, and articulate why you would choose one variant over another (a managed switch instead of an unmanaged one, a router instead of a switch, a cable modem instead of DSL). The exam will show you a scenario or a photo of a port panel and expect you to name the correct device and justify the choice.

This objective sits at the intersection of two ideas you'll see repeated throughout networking: connectivity (getting a signal from one point to another, physically or wirelessly) and intelligence (deciding where that signal should go). Some devices in this list do almost nothing but connect — a patch panel is just an organized set of physical connections. Others, like a router or a managed switch, make active decisions about traffic. Keeping that distinction in mind will help you reason through almost any question this objective throws at you.

A Note on the OSI Model

You don't need to memorize the seven-layer OSI model in depth for this objective, but knowing roughly where a device "lives" helps you compare devices correctly. A switch operates primarily at Layer 2 (Data Link), forwarding traffic based on MAC addresses. A router operates at Layer 3 (Network), forwarding traffic based on IP addresses. A hub (legacy, rarely tested directly but useful for contrast) operates at Layer 1 (Physical) and has no intelligence at all — it just repeats electrical signals to every port.

DEVICE 01Routers

A router is a Layer 3 device that connects two or more separate networks and forwards data packets between them based on IP address information. In the most common home/SOHO scenario, a router connects your internal local area network (LAN) to an external network — typically the internet, via your ISP. The router examines the destination IP address of each packet and decides the best path to send it along.

What a Router Actually Does

At its core, a router performs three jobs. First, it routes — it maintains a routing table of known networks and forwards packets toward their destination network, hopping from router to router until the packet arrives. Second, in a SOHO (small office/home office) context, it almost always performs Network Address Translation (NAT), which allows many internal devices, each with a private IP address, to share a single public IP address when communicating with the internet. Third, it typically runs DHCP (Dynamic Host Configuration Protocol), automatically assigning IP addresses to devices on the internal network.

Exam Angle

The exam frequently tests the distinction between a router and a switch by asking what each device uses to make forwarding decisions. Router = IP address (Layer 3). Switch = MAC address (Layer 2). If a question describes a device connecting "two different networks" or "the LAN to the internet," the answer is a router. If it describes connecting "multiple devices within the same network," the answer is a switch.

SOHO Router vs. Enterprise Router

CharacteristicSOHO RouterEnterprise Router
Typical roleAll-in-one device: router + switch + AP + firewallDedicated routing function only
ThroughputSufficient for a handful of usersHigh-throughput, hardware-accelerated forwarding
ConfigurationSimple web GUI, mostly defaultsCLI-driven, complex routing protocols (OSPF, BGP)
RedundancySingle point of failureOften deployed in redundant pairs
ExampleTypical home Wi-Fi router/gatewayCisco ISR/ASR series router in a data center

A consumer "Wi-Fi router" purchased for a home is technically several devices in one box: a router, an unmanaged switch (the LAN ports on the back), a wireless access point, and usually a basic firewall. Understanding that these are logically distinct functions — even when physically combined — is essential, because the exam may ask you about each function separately.

DEVICE 02Switches

A switch is a Layer 2 device that connects multiple devices within the same local network and forwards traffic intelligently based on the destination's MAC address. Unlike a legacy hub — which simply repeats every incoming signal out every other port — a switch builds and maintains a MAC address table, learning which device is connected to which port, and forwards each frame only to the port where the destination device actually lives.

This intelligent forwarding has a major practical benefit: it eliminates unnecessary network traffic and collisions. Each port on a switch is effectively its own collision domain, which is why switches replaced hubs almost entirely once they became affordable.

Managed Switches

A managed switch provides an interface — typically a web GUI, CLI, or both — that allows an administrator to configure, monitor, and control the switch's behavior. Managed switches are the standard choice in business and enterprise environments where network segmentation, monitoring, and security are priorities.

VLAN support Managed switches can create Virtual LANs, logically segmenting one physical switch into multiple isolated broadcast domains — for example, separating "Sales" traffic from "Guest Wi-Fi" traffic on the same physical hardware.
Port mirroring (SPAN) Copies traffic from one or more ports to a monitoring port, allowing a packet analyzer or IDS to inspect traffic without disrupting normal flow.
Link aggregation (LACP) Combines multiple physical ports into a single logical link for increased bandwidth and redundancy between switches or to a server.
Quality of Service (QoS) Prioritizes certain types of traffic (e.g., VoIP, video conferencing) over less time-sensitive traffic (e.g., file downloads).
Spanning Tree Protocol (STP) Prevents network loops when multiple redundant paths exist between switches, which would otherwise cause broadcast storms.
Remote management Administrators can configure and monitor the switch over the network (SSH, HTTPS, SNMP) rather than needing physical access.

Unmanaged Switches

An unmanaged switch is a plug-and-play device with no configuration interface at all. It performs basic Layer 2 switching — learning MAC addresses and forwarding frames — automatically, with zero administrative overhead. There is no way to create VLANs, set port priorities, or monitor traffic; you plug a cable in and it simply works.

FactorManaged SwitchUnmanaged Switch
ConfigurationFull GUI/CLI access; VLANs, QoS, STP, port security, SNMPNone — no configuration interface exists
CostSignificantly more expensive per portInexpensive
Use caseBusiness networks, segmentation, monitoring, security needsHome networks, small networks, simply adding extra ports
SecurityPort security, 802.1X, ACLs possibleNo security features
TroubleshootingDetailed logs, SNMP alerts, traffic statisticsNone — only link lights as a diagnostic
Redundancy/loop protectionSTP prevents broadcast storms from looped cablesNone — a looped cable can take down the network

Common Pitfall

Plugging both ends of a single cable into two ports on an unmanaged switch (or between two unmanaged switches) creates a physical loop with no protection mechanism, resulting in a broadcast storm that can saturate and crash the entire local network. A managed switch running STP would detect and block the redundant path automatically.

DEVICE 03Access Points

A wireless access point (AP) extends a wired network by broadcasting a Wi-Fi signal, allowing wireless clients (laptops, phones, tablets, IoT devices) to join the network without a physical cable. An AP is typically connected to a switch via Ethernet and bridges traffic between the wired and wireless segments.

Standalone vs. Controller-Based (Managed) APs

TypeDescriptionBest fit
Standalone APConfigured individually through its own web interface; operates independentlyHome or single-AP small office
Controller-based APCentrally managed by a wireless LAN controller (WLC), often cloud-based; settings, firmware, and roaming policy pushed from one consoleEnterprise deployments with many APs (campuses, multi-floor offices)

In a controller-based deployment, dozens or hundreds of "thin" APs can be managed from a single pane of glass, including seamless roaming — a client moving from one room to another hands off between APs without dropping its connection, using the same SSID and credentials throughout the building.

Key AP Concepts for the Exam

Router vs. Access Point — The Distinction That Trips People Up

A home "wireless router" performs the AP function internally, which is why people often use the terms interchangeably. But on the exam, a router and an access point are distinct device categories: a router connects networks and routes by IP; an access point simply bridges wireless clients onto an existing wired network. A dedicated AP, by itself, does not perform routing, DHCP, or NAT.

DEVICE 04Patch Panel

A patch panel is a passive hardware unit, typically mounted in a server rack or wall-mounted enclosure, containing a row of female ports on the front and permanently-terminated wiring on the back. Structured cabling runs from wall jacks throughout a building back to the patch panel in the network/server closet. Short "patch cables" then connect the patch panel ports to switch ports, allowing any wall jack to be logically connected to any switch port simply by moving a patch cable.

Patch Panels Are Purely Physical

A patch panel has no electronics, no intelligence, and no power requirement. It does not switch, route, or amplify anything — it is purely an organized termination point for structured cabling. Don't confuse it with a switch; the patch panel is between the wall jacks and the switch, not a replacement for one.

Why Patch Panels Are Used

A typical small-business wiring closet layout: wall jack → structured cable (in-wall) → patch panel port → short patch cable → switch port → uplink to router/firewall. The patch panel sits at the boundary between "building infrastructure" cabling and "active equipment" cabling.

DEVICE 05Firewall

A firewall is a security device (hardware, software, or both) that monitors and controls incoming and outgoing network traffic based on a defined set of security rules. Its core job is to act as a barrier between a trusted internal network and an untrusted external network (typically the internet), permitting or denying traffic according to rules.

Hardware vs. Software Firewalls

TypeDescriptionTypical placement
Hardware (network-based) firewallDedicated appliance sitting at the network perimeter, inspecting all traffic passing between the LAN and WANEdge of the network, between router/modem and internal switches
Software (host-based) firewallRuns on an individual endpoint (e.g., Windows Defender Firewall), filtering traffic to and from that specific device onlyInstalled on each computer/server

Most consumer routers include a basic built-in firewall, typically just NAT plus a simple stateful packet filter. Dedicated business/enterprise firewall appliances offer much more: deep packet inspection, intrusion prevention/detection (IPS/IDS), VPN termination, content filtering, and application-aware rules — often marketed as a Unified Threat Management (UTM) or Next-Generation Firewall (NGFW) device.

Exam Angle

For Core 1, you mainly need to recognize the firewall as a perimeter security device that filters traffic by rule (allow/deny based on IP, port, protocol). Deeper firewall configuration (ACLs, port forwarding rules, zones) is expanded on in other objectives — here, focus on what the device is and where it sits in the network topology: between the internal trusted network and the external untrusted network.

DEVICE 06Power over Ethernet (PoE)

Power over Ethernet (PoE) is a technology that delivers electrical power to a network device over the same Ethernet cable that carries data, eliminating the need for a separate power cable and electrical outlet at the device's location. It's commonly used for devices mounted in places where running power wiring is impractical — ceiling-mounted access points, security cameras, VoIP phones, and door access controllers.

PoE Injectors

A PoE injector is a small standalone device that "injects" power onto an Ethernet cable between a non-PoE switch and a PoE-capable end device. It sits inline: switch → (standard Ethernet, no power) → injector → (Ethernet + power) → device. Injectors are the practical solution when you have an existing non-PoE switch and only need to power one or two devices, without replacing the entire switch.

PoE Switch

A PoE switch has PoE capability built directly into some or all of its ports, supplying power to connected devices automatically without any additional hardware. This is the preferred solution when deploying many PoE devices (e.g., an office full of VoIP phones, or a building full of wireless APs and cameras) since it avoids needing a separate injector for every single device.

Injector vs. Switch — Choosing Between Them

Use a PoE injector when you have only a handful of PoE devices and an existing non-PoE switch you don't want to replace. Use a PoE switch when deploying PoE at scale — it's cleaner, more reliable, and avoids a tangle of individual injectors, but requires replacing or supplementing existing switching infrastructure.

PoE Standards

PoE is standardized under IEEE 802.3, with successive versions increasing the maximum power delivered per port. Knowing the relative order (more than the exact wattage) is the most exam-useful takeaway.

PoE Standards — Relative Power Budget Per Port

802.3af (PoE)~15.4W at source / ~13W at device
802.3at (PoE+)~30W at source / ~25.5W at device
802.3bt Type 3 (PoE++/4PPoE)~60W at source / ~51W at device
802.3bt Type 4 (PoE++/4PPoE)~100W at source / ~71W at device
StandardCommon nameTypical use case
802.3afPoEVoIP phones, basic wireless APs, low-power cameras
802.3atPoE+PTZ (pan-tilt-zoom) cameras, higher-power wireless APs (Wi-Fi 5/6)
802.3btPoE++ / 4PPoEVideo conferencing systems, high-power APs (Wi-Fi 6E), laptops, small displays

Exam Angle

The exact wattage figures are far less important than understanding the relationship: af → at → bt represents increasing power delivery, used for increasingly power-hungry devices. If a question describes a device that "needs more power than the current PoE switch can provide," the answer is to upgrade to a higher PoE standard (af → at → bt), not to add a separate power supply (which would defeat the purpose of PoE).

DEVICE 07Cable Modem

A cable modem is a device that provides internet access over the same coaxial cable infrastructure used for cable television. It converts (modulates/demodulates — hence "modem") between the digital data used by your home network and the signal format used on the cable provider's hybrid fiber-coax (HFC) network.

The cable modem itself only translates the cable signal to Ethernet — it does not perform routing, NAT, or DHCP on its own (unless combined with a router in a single unit). A standalone cable modem is connected to a separate router to provide those functions.

DEVICE 08Digital Subscriber Line (DSL)

DSL (Digital Subscriber Line) delivers internet access over standard copper telephone lines — the same wiring traditionally used for landline phone service. A DSL modem connects to the phone line and converts the signal for use by your network. Because DSL and traditional voice telephone signals occupy different frequency ranges on the same copper pair, both can technically run simultaneously, though a DSL filter is needed at each telephone jack to prevent the data signal from causing audible interference on voice calls.

FactorDSLCable
MediumExisting copper telephone lineExisting coaxial cable line
Bandwidth sharingDedicated line per subscriber back to the provider's central officeShared among neighborhood subscribers on the same segment
Speed factorSpeed degrades with distance from the provider's central officeSpeed relatively consistent regardless of distance, but affected by neighborhood congestion
SymmetryOften asymmetric (ADSL: faster download than upload)Typically asymmetric as well, though less pronounced on modern DOCSIS

DSL Variants You May See Referenced

ADSL (Asymmetric DSL) — much faster downstream than upstream; the most common residential variant. SDSL (Symmetric DSL) — equal upload/download speed, more common in small business contexts. VDSL (Very-high-bitrate DSL) — higher speeds than ADSL but only over shorter distances from the central office.

DEVICE 09Optical Network Terminal (ONT)

An Optical Network Terminal (ONT) — sometimes called an Optical Network Unit (ONU) — is the device that terminates a fiber-optic internet connection at the customer's premises, converting the optical (light-based) signal carried over fiber into an electrical Ethernet signal that home/business networking equipment can use. It is the fiber equivalent of a cable modem or DSL modem.

Modem, ONT — Same Concept, Different Medium

Conceptually, a cable modem, a DSL modem, and an ONT all do the same job: they sit at the boundary between the ISP's physical medium (coax, copper phone line, or fiber) and your internal Ethernet network, translating the provider's signal into something your router/switch can use. The exam differentiates them by which physical medium each one terminates.

DEVICE 10Network Interface Card (NIC)

A Network Interface Card (NIC) is the hardware component that allows a computer or other device to connect to a network, either through a wired Ethernet port or a wireless radio. Every device that communicates on a network — a desktop, laptop, server, printer, or smart TV — has at least one NIC, whether built into the motherboard, added as an expansion card, or attached externally via USB.

Types of NICs

TypeDescription
Onboard (integrated) NICBuilt directly into the motherboard; standard on virtually all modern desktops and laptops
Expansion card NICA PCIe card added to a desktop/server for additional or faster wired ports, or to add capability not present onboard
USB NICExternal adapter plugged into a USB port; common on thin laptops lacking a built-in Ethernet jack
Wireless NICProvides Wi-Fi connectivity via an internal wireless card or external USB Wi-Fi adapter
Server/multi-port NICHigh-throughput cards with multiple ports, often supporting link aggregation/teaming for redundancy and bandwidth

Physical Media Access Control (MAC) Address

Every NIC is assigned a unique MAC (Media Access Control) address at the time of manufacture, burned into the hardware (sometimes called the physical address or burned-in address (BIA)). This is the Layer 2 identifier that switches use to forward frames to the correct device on a local network — it is distinct from the IP address, which operates at Layer 3 and can change depending on the network the device joins.

Format 48 bits, displayed as six pairs of hexadecimal digits separated by colons or hyphens, e.g., 00:1A:2B:3C:4D:5E.
OUI (first 24 bits) The Organizationally Unique Identifier identifies the manufacturer of the NIC (e.g., a specific block assigned to Apple, Intel, Cisco, etc.).
Device identifier (last 24 bits) Unique to that specific NIC, assigned by the manufacturer, making the full 48-bit address globally unique.
Scope A MAC address is only meaningful on the local network segment (it is not routed across the internet) — routers strip and rewrite Layer 2 addressing at each hop, while the IP address remains constant end-to-end.
MAC vs. IP MAC = Layer 2, physical, burned-in, used within a local segment. IP = Layer 3, logical, configurable/leased, used for end-to-end routing across networks.

Exam Angle

Expect a question along the lines of: "Which address does a switch use to forward a frame to the correct device?" → MAC address. Also expect MAC addresses to come up in the context of MAC filtering (allowing/denying specific devices on a wireless network or switch port) and DHCP reservations (assigning a consistent IP address to a device based on its unique MAC address).

Master Reference — All 10 Device Categories

RouterLayer 3; connects networks; routes by IP; usually does NAT + DHCP
Switch (managed)Layer 2; VLANs, QoS, STP, port mirroring, remote management
Switch (unmanaged)Layer 2; plug-and-play; zero config; no loop protection
Access pointBridges wireless clients to the wired network; not a router
Patch panelPassive; organizes structured cabling; no electronics
FirewallFilters traffic by rule at the network perimeter
PoE injectorAdds power to one device's Ethernet run; for small deployments
PoE switchBuilt-in power delivery on multiple ports; for scale
PoE standards802.3af → at → bt = increasing power budget per port
Cable modemCoax (DOCSIS); shared bandwidth in neighborhood segment
DSLCopper phone line; speed drops with distance from CO
ONTTerminates fiber; converts optical signal to Ethernet
NICConnects a device to the network; wired, wireless, onboard, or USB
MAC address48-bit, burned-in, Layer 2; OUI + device ID; local-segment only

REFERENCEComparison Quick Reference

"Which Layer?" Cheat Sheet

  • Layer 1 (Physical) → Patch panel, cabling, hub (legacy)
  • Layer 2 (Data Link) → Switch, NIC/MAC address, AP (bridging)
  • Layer 3 (Network) → Router, firewall (routing/filtering by IP)
  • Modem/ONT → Physical-layer media conversion (coax/copper/fiber ↔ Ethernet)

"Which Medium?" Cheat Sheet

  • Cable modem → Coaxial cable (DOCSIS)
  • DSL modem → Copper telephone line
  • ONT → Fiber optic cable
  • PoE → Power + data over a single Ethernet cable

Managed Switch Features

  • VLANs → Logical network segmentation
  • STP → Loop prevention / broadcast storm protection
  • Port mirroring → Traffic copied for monitoring/analysis
  • LACP → Multiple ports bonded as one logical link
  • QoS → Prioritize latency-sensitive traffic

PoE Standard Progression

  • 802.3af (PoE) → ~15.4W — phones, basic APs
  • 802.3at (PoE+) → ~30W — PTZ cameras, stronger APs
  • 802.3bt (PoE++) → ~60–100W — displays, laptops, Wi-Fi 6E APs
  • Use an injector for one-off devices; a PoE switch at scale

Final Exam Reminders

Switch vs. router = MAC address (Layer 2) vs. IP address (Layer 3).

Managed vs. unmanaged switch = configuration capability (VLANs, STP, QoS) vs. zero-config plug-and-play.

Patch panel = purely passive cable termination point — never confuse it with a switch.

Firewall = perimeter device that filters traffic by rule, sitting between trusted and untrusted networks.

PoE injector = power for one device added to a non-PoE switch. PoE switch = built-in power across many ports.

PoE standards = af → at → bt is increasing power capacity, in that order.

Cable modem = coax/DOCSIS, shared neighborhood bandwidth. DSL = copper phone line, distance-sensitive. ONT = fiber termination.

NIC = the hardware connecting any device to a network, wired or wireless.

MAC address = 48-bit, burned into the NIC, used for Layer 2 forwarding within a local segment only.