Every network — from a one-room home office to a multi-floor enterprise — is built from a small set of physical building blocks. Objective 2.5 asks you to identify these devices, explain what layer of the network they operate at, and articulate why you would choose one variant over another (a managed switch instead of an unmanaged one, a router instead of a switch, a cable modem instead of DSL). The exam will show you a scenario or a photo of a port panel and expect you to name the correct device and justify the choice.
This objective sits at the intersection of two ideas you'll see repeated throughout networking: connectivity (getting a signal from one point to another, physically or wirelessly) and intelligence (deciding where that signal should go). Some devices in this list do almost nothing but connect — a patch panel is just an organized set of physical connections. Others, like a router or a managed switch, make active decisions about traffic. Keeping that distinction in mind will help you reason through almost any question this objective throws at you.
A Note on the OSI Model
You don't need to memorize the seven-layer OSI model in depth for this objective, but knowing roughly where a device "lives" helps you compare devices correctly. A switch operates primarily at Layer 2 (Data Link), forwarding traffic based on MAC addresses. A router operates at Layer 3 (Network), forwarding traffic based on IP addresses. A hub (legacy, rarely tested directly but useful for contrast) operates at Layer 1 (Physical) and has no intelligence at all — it just repeats electrical signals to every port.
A router is a Layer 3 device that connects two or more separate networks and forwards data packets between them based on IP address information. In the most common home/SOHO scenario, a router connects your internal local area network (LAN) to an external network — typically the internet, via your ISP. The router examines the destination IP address of each packet and decides the best path to send it along.
At its core, a router performs three jobs. First, it routes — it maintains a routing table of known networks and forwards packets toward their destination network, hopping from router to router until the packet arrives. Second, in a SOHO (small office/home office) context, it almost always performs Network Address Translation (NAT), which allows many internal devices, each with a private IP address, to share a single public IP address when communicating with the internet. Third, it typically runs DHCP (Dynamic Host Configuration Protocol), automatically assigning IP addresses to devices on the internal network.
Exam Angle
The exam frequently tests the distinction between a router and a switch by asking what each device uses to make forwarding decisions. Router = IP address (Layer 3). Switch = MAC address (Layer 2). If a question describes a device connecting "two different networks" or "the LAN to the internet," the answer is a router. If it describes connecting "multiple devices within the same network," the answer is a switch.
| Characteristic | SOHO Router | Enterprise Router |
|---|---|---|
| Typical role | All-in-one device: router + switch + AP + firewall | Dedicated routing function only |
| Throughput | Sufficient for a handful of users | High-throughput, hardware-accelerated forwarding |
| Configuration | Simple web GUI, mostly defaults | CLI-driven, complex routing protocols (OSPF, BGP) |
| Redundancy | Single point of failure | Often deployed in redundant pairs |
| Example | Typical home Wi-Fi router/gateway | Cisco ISR/ASR series router in a data center |
A consumer "Wi-Fi router" purchased for a home is technically several devices in one box: a router, an unmanaged switch (the LAN ports on the back), a wireless access point, and usually a basic firewall. Understanding that these are logically distinct functions — even when physically combined — is essential, because the exam may ask you about each function separately.
A switch is a Layer 2 device that connects multiple devices within the same local network and forwards traffic intelligently based on the destination's MAC address. Unlike a legacy hub — which simply repeats every incoming signal out every other port — a switch builds and maintains a MAC address table, learning which device is connected to which port, and forwards each frame only to the port where the destination device actually lives.
This intelligent forwarding has a major practical benefit: it eliminates unnecessary network traffic and collisions. Each port on a switch is effectively its own collision domain, which is why switches replaced hubs almost entirely once they became affordable.
A managed switch provides an interface — typically a web GUI, CLI, or both — that allows an administrator to configure, monitor, and control the switch's behavior. Managed switches are the standard choice in business and enterprise environments where network segmentation, monitoring, and security are priorities.
An unmanaged switch is a plug-and-play device with no configuration interface at all. It performs basic Layer 2 switching — learning MAC addresses and forwarding frames — automatically, with zero administrative overhead. There is no way to create VLANs, set port priorities, or monitor traffic; you plug a cable in and it simply works.
| Factor | Managed Switch | Unmanaged Switch |
|---|---|---|
| Configuration | Full GUI/CLI access; VLANs, QoS, STP, port security, SNMP | None — no configuration interface exists |
| Cost | Significantly more expensive per port | Inexpensive |
| Use case | Business networks, segmentation, monitoring, security needs | Home networks, small networks, simply adding extra ports |
| Security | Port security, 802.1X, ACLs possible | No security features |
| Troubleshooting | Detailed logs, SNMP alerts, traffic statistics | None — only link lights as a diagnostic |
| Redundancy/loop protection | STP prevents broadcast storms from looped cables | None — a looped cable can take down the network |
Common Pitfall
Plugging both ends of a single cable into two ports on an unmanaged switch (or between two unmanaged switches) creates a physical loop with no protection mechanism, resulting in a broadcast storm that can saturate and crash the entire local network. A managed switch running STP would detect and block the redundant path automatically.
A wireless access point (AP) extends a wired network by broadcasting a Wi-Fi signal, allowing wireless clients (laptops, phones, tablets, IoT devices) to join the network without a physical cable. An AP is typically connected to a switch via Ethernet and bridges traffic between the wired and wireless segments.
| Type | Description | Best fit |
|---|---|---|
| Standalone AP | Configured individually through its own web interface; operates independently | Home or single-AP small office |
| Controller-based AP | Centrally managed by a wireless LAN controller (WLC), often cloud-based; settings, firmware, and roaming policy pushed from one console | Enterprise deployments with many APs (campuses, multi-floor offices) |
In a controller-based deployment, dozens or hundreds of "thin" APs can be managed from a single pane of glass, including seamless roaming — a client moving from one room to another hands off between APs without dropping its connection, using the same SSID and credentials throughout the building.
Router vs. Access Point — The Distinction That Trips People Up
A home "wireless router" performs the AP function internally, which is why people often use the terms interchangeably. But on the exam, a router and an access point are distinct device categories: a router connects networks and routes by IP; an access point simply bridges wireless clients onto an existing wired network. A dedicated AP, by itself, does not perform routing, DHCP, or NAT.
A patch panel is a passive hardware unit, typically mounted in a server rack or wall-mounted enclosure, containing a row of female ports on the front and permanently-terminated wiring on the back. Structured cabling runs from wall jacks throughout a building back to the patch panel in the network/server closet. Short "patch cables" then connect the patch panel ports to switch ports, allowing any wall jack to be logically connected to any switch port simply by moving a patch cable.
Patch Panels Are Purely Physical
A patch panel has no electronics, no intelligence, and no power requirement. It does not switch, route, or amplify anything — it is purely an organized termination point for structured cabling. Don't confuse it with a switch; the patch panel is between the wall jacks and the switch, not a replacement for one.
A typical small-business wiring closet layout: wall jack → structured cable (in-wall) → patch panel port → short patch cable → switch port → uplink to router/firewall. The patch panel sits at the boundary between "building infrastructure" cabling and "active equipment" cabling.
A firewall is a security device (hardware, software, or both) that monitors and controls incoming and outgoing network traffic based on a defined set of security rules. Its core job is to act as a barrier between a trusted internal network and an untrusted external network (typically the internet), permitting or denying traffic according to rules.
| Type | Description | Typical placement |
|---|---|---|
| Hardware (network-based) firewall | Dedicated appliance sitting at the network perimeter, inspecting all traffic passing between the LAN and WAN | Edge of the network, between router/modem and internal switches |
| Software (host-based) firewall | Runs on an individual endpoint (e.g., Windows Defender Firewall), filtering traffic to and from that specific device only | Installed on each computer/server |
Most consumer routers include a basic built-in firewall, typically just NAT plus a simple stateful packet filter. Dedicated business/enterprise firewall appliances offer much more: deep packet inspection, intrusion prevention/detection (IPS/IDS), VPN termination, content filtering, and application-aware rules — often marketed as a Unified Threat Management (UTM) or Next-Generation Firewall (NGFW) device.
Exam Angle
For Core 1, you mainly need to recognize the firewall as a perimeter security device that filters traffic by rule (allow/deny based on IP, port, protocol). Deeper firewall configuration (ACLs, port forwarding rules, zones) is expanded on in other objectives — here, focus on what the device is and where it sits in the network topology: between the internal trusted network and the external untrusted network.
Power over Ethernet (PoE) is a technology that delivers electrical power to a network device over the same Ethernet cable that carries data, eliminating the need for a separate power cable and electrical outlet at the device's location. It's commonly used for devices mounted in places where running power wiring is impractical — ceiling-mounted access points, security cameras, VoIP phones, and door access controllers.
A PoE injector is a small standalone device that "injects" power onto an Ethernet cable between a non-PoE switch and a PoE-capable end device. It sits inline: switch → (standard Ethernet, no power) → injector → (Ethernet + power) → device. Injectors are the practical solution when you have an existing non-PoE switch and only need to power one or two devices, without replacing the entire switch.
A PoE switch has PoE capability built directly into some or all of its ports, supplying power to connected devices automatically without any additional hardware. This is the preferred solution when deploying many PoE devices (e.g., an office full of VoIP phones, or a building full of wireless APs and cameras) since it avoids needing a separate injector for every single device.
Injector vs. Switch — Choosing Between Them
Use a PoE injector when you have only a handful of PoE devices and an existing non-PoE switch you don't want to replace. Use a PoE switch when deploying PoE at scale — it's cleaner, more reliable, and avoids a tangle of individual injectors, but requires replacing or supplementing existing switching infrastructure.
PoE is standardized under IEEE 802.3, with successive versions increasing the maximum power delivered per port. Knowing the relative order (more than the exact wattage) is the most exam-useful takeaway.
| Standard | Common name | Typical use case |
|---|---|---|
| 802.3af | PoE | VoIP phones, basic wireless APs, low-power cameras |
| 802.3at | PoE+ | PTZ (pan-tilt-zoom) cameras, higher-power wireless APs (Wi-Fi 5/6) |
| 802.3bt | PoE++ / 4PPoE | Video conferencing systems, high-power APs (Wi-Fi 6E), laptops, small displays |
Exam Angle
The exact wattage figures are far less important than understanding the relationship: af → at → bt represents increasing power delivery, used for increasingly power-hungry devices. If a question describes a device that "needs more power than the current PoE switch can provide," the answer is to upgrade to a higher PoE standard (af → at → bt), not to add a separate power supply (which would defeat the purpose of PoE).
A cable modem is a device that provides internet access over the same coaxial cable infrastructure used for cable television. It converts (modulates/demodulates — hence "modem") between the digital data used by your home network and the signal format used on the cable provider's hybrid fiber-coax (HFC) network.
The cable modem itself only translates the cable signal to Ethernet — it does not perform routing, NAT, or DHCP on its own (unless combined with a router in a single unit). A standalone cable modem is connected to a separate router to provide those functions.
DSL (Digital Subscriber Line) delivers internet access over standard copper telephone lines — the same wiring traditionally used for landline phone service. A DSL modem connects to the phone line and converts the signal for use by your network. Because DSL and traditional voice telephone signals occupy different frequency ranges on the same copper pair, both can technically run simultaneously, though a DSL filter is needed at each telephone jack to prevent the data signal from causing audible interference on voice calls.
| Factor | DSL | Cable |
|---|---|---|
| Medium | Existing copper telephone line | Existing coaxial cable line |
| Bandwidth sharing | Dedicated line per subscriber back to the provider's central office | Shared among neighborhood subscribers on the same segment |
| Speed factor | Speed degrades with distance from the provider's central office | Speed relatively consistent regardless of distance, but affected by neighborhood congestion |
| Symmetry | Often asymmetric (ADSL: faster download than upload) | Typically asymmetric as well, though less pronounced on modern DOCSIS |
DSL Variants You May See Referenced
ADSL (Asymmetric DSL) — much faster downstream than upstream; the most common residential variant. SDSL (Symmetric DSL) — equal upload/download speed, more common in small business contexts. VDSL (Very-high-bitrate DSL) — higher speeds than ADSL but only over shorter distances from the central office.
An Optical Network Terminal (ONT) — sometimes called an Optical Network Unit (ONU) — is the device that terminates a fiber-optic internet connection at the customer's premises, converting the optical (light-based) signal carried over fiber into an electrical Ethernet signal that home/business networking equipment can use. It is the fiber equivalent of a cable modem or DSL modem.
Modem, ONT — Same Concept, Different Medium
Conceptually, a cable modem, a DSL modem, and an ONT all do the same job: they sit at the boundary between the ISP's physical medium (coax, copper phone line, or fiber) and your internal Ethernet network, translating the provider's signal into something your router/switch can use. The exam differentiates them by which physical medium each one terminates.
A Network Interface Card (NIC) is the hardware component that allows a computer or other device to connect to a network, either through a wired Ethernet port or a wireless radio. Every device that communicates on a network — a desktop, laptop, server, printer, or smart TV — has at least one NIC, whether built into the motherboard, added as an expansion card, or attached externally via USB.
| Type | Description |
|---|---|
| Onboard (integrated) NIC | Built directly into the motherboard; standard on virtually all modern desktops and laptops |
| Expansion card NIC | A PCIe card added to a desktop/server for additional or faster wired ports, or to add capability not present onboard |
| USB NIC | External adapter plugged into a USB port; common on thin laptops lacking a built-in Ethernet jack |
| Wireless NIC | Provides Wi-Fi connectivity via an internal wireless card or external USB Wi-Fi adapter |
| Server/multi-port NIC | High-throughput cards with multiple ports, often supporting link aggregation/teaming for redundancy and bandwidth |
Every NIC is assigned a unique MAC (Media Access Control) address at the time of manufacture, burned into the hardware (sometimes called the physical address or burned-in address (BIA)). This is the Layer 2 identifier that switches use to forward frames to the correct device on a local network — it is distinct from the IP address, which operates at Layer 3 and can change depending on the network the device joins.
00:1A:2B:3C:4D:5E.
Exam Angle
Expect a question along the lines of: "Which address does a switch use to forward a frame to the correct device?" → MAC address. Also expect MAC addresses to come up in the context of MAC filtering (allowing/denying specific devices on a wireless network or switch port) and DHCP reservations (assigning a consistent IP address to a device based on its unique MAC address).
Final Exam Reminders
Switch vs. router = MAC address (Layer 2) vs. IP address (Layer 3).
Managed vs. unmanaged switch = configuration capability (VLANs, STP, QoS) vs. zero-config plug-and-play.
Patch panel = purely passive cable termination point — never confuse it with a switch.
Firewall = perimeter device that filters traffic by rule, sitting between trusted and untrusted networks.
PoE injector = power for one device added to a non-PoE switch. PoE switch = built-in power across many ports.
PoE standards = af → at → bt is increasing power capacity, in that order.
Cable modem = coax/DOCSIS, shared neighborhood bandwidth. DSL = copper phone line, distance-sensitive. ONT = fiber termination.
NIC = the hardware connecting any device to a network, wired or wireless.
MAC address = 48-bit, burned into the NIC, used for Layer 2 forwarding within a local segment only.