CHAPTER 4: Switching 156
is the process of sending data from segment to segment based on the MAC
address, what happens when data has to be sent to a remote network? The
data is sent to the default gateway (commonly a router), which sends the data
to its destination. The time spent sending the data from the switch to the
router and then the time spent by the router taking the packet off the wire to
read it is now eliminated or shortened drastically by implementing a multi-
layer switch. This is because a Layer 3 switch is built into a Layer 2 switch
so data does not have to be sent to a router; that is, the router is built into
the circuitry of the switch so the data is routed as quickly as the switch can
send it to itself – much quicker than one device trying to send data to another
device. Now consider the speed at which a high-speed switch works. Con-
sider the amount of packets that could be sent across that cable. Now you
can start to see the benefits of a multilayer switch; having the two devices
sandwiched together increases the efficiency of the transmission, thus speed-
ing it up drastically as the volume of data increases.
CONTENT SWITCHES
Because of the success of Layer 3 switching and the performance gains it can
provide, it was no surprise that switching would climb higher along the OSI’s
layered model. Content switches use Layers 4 to 7 of the OSI model, and
rather than looking at the individual packets being transmitted, they can use
sessions to transmit data between machines. Content switches will also take
advantage of caching and load balancing so that the amount of data trans-
mitted across networks and requests processed by a server are reduced.
Content switches that use Layer 4 work at the transport layer of the OSI
model and have the ability to look at information in the packets it receives
to not only identify the MAC address and IP address of the destination com-
puter, but also the application protocols being used to send it. The switch
can determine if Hypertext Transfer Protocol (HTTP), File Transfer Protocol
(FTP), or other protocols in the Transmission Control Protocol/Internet Pro-
tocol (TCP/IP) suite are being used to send the packet and can also identify

the application that uses the data. Because the packet contains information
about the application, priorities can be set on packets, as well as rules about
how they are to be forwarded.
Layer 5 switching works at the session layer of the OSI model, and uses
information in the packet provided by this layer for routing. The session layer
provides information such as uniform resource locators (URLs) that allow
the switch to route the packet more effectively to a destination computer.
A URL is a method of addressing that is commonly used on the Internet.
Advanced Features of a Switch 157
Layer 6 switching works at the presentation layer of the OSI model, while
Layer 7 switching works at the application layer of the OSI model. Switches
that use these upper layers have the ability to look at the content of the data
being transmitted. An example of this would be an .XML file that was being
sent across the network. The Layer 7 switch could look at the tags within
the file to determine where the file should be sent. Because it works at the
highest level, it has the ability to use information from all levels of the OSI
model for use in forwarding the data to its proper destination.
ADVANCED FEATURES OF A SWITCH
Although we’ve discussed a number of different types of switches and seen
how they work differently and provide diverse features, there are also switches
available in the marketplace that offers enhanced features. These elements
bring improved security, services, and capabilities that were unseen in basic
switches that were available in previous years. Some of the advanced features
we’ll discuss in the sections that follow include:
Power over Ethernet (PoE)
Spanning Tree Protocol
Virtual LANs
Trunking
Port Mirroring
Port Authentication

Power over Ethernet
Power over Ethernet (PoE) is a technology in which electrical power can
be transferred over standard twisted-pair cables. Although data have always
been transferred along the wires used on an Ethernet network, PoE allows
electricity to also be transferred along the same cabling. This means that
no modification needs to be made to the existing cabling of a network to
implement PoE.
Exam Warning
Switches operate at many layers of the OSI model. They work at the data link layer
(Layer 2), and sometimes at the network layer (Layer 3) of the OSI model. Layer 3
switches have an integrated router function that allows them to make decisions as to
where the data should be sent.
CHAPTER 4: Switching 158
PoE is used to provide power to devices that are connected to a network
and allows them to acquire power without the need of having to use existing
outlets or pay for new power sources to be installed. Some devices that com-
monly use PoE are network cameras, IP telephones, wireless access points,
remote switches, or other network devices.
A benefit to PoE is that so long as the switch is connected to a power
source, any of the devices using PoE through that switch will continue to
receive power. In other words, if the switch is connected to a uninterruptible
power supply (UPS), any of the devices using PoE on that switch will con-
tinue running even if there is a power failure.
Spanning Tree
The Spanning Tree Protocol (STP) was developed by Digital Equipment
Corporation (DEC) to prevent broadcast storms that result from looping.
A broadcast is a message that is sent across a LAN at the data link layer
(that is Layer 2 of the OSI model), and it can be forwarded by switches to
other segments of the network. When a switch has more than one way to
communicate with a node, it can cause broadcasts to go out across more

than one path. This can create a loop in the way this data travels across the
network. When data loops endlessly around the network in this way, it eats
up the available bandwidth and can affect network performance. Not only
can computers on the network experience slow response times, but they also
can have problems just logging into the network.
To illustrate the problems with looping and how STP fixes this, let’s
look at Figure 4.1. As shown in this figure, the network on the left has two
switches connected together. Although this prevents data from being passed
to multiple switches, it also creates a single point of failure on the network.
If one switch fails to work, then data cannot be transferred across the net-
work. The network on the right provides multiple paths that data can be
DAMAGE AND DEFENSE
Switching on Networks
In terms of devices that provide network connectivity,
switches have become the future of networking. Today’s
computer networks have to support the combination
of voice, video, and data, so many network adminis-
trators are beginning to favor intelligent switches over
common shared hubs. Network switches enable you to
have bandwidth on demand and ensure that you can
use your network to the fullest capacity. If you have a
switch that is capable of 100 Mbps, you are guaran-
teed that amount of bandwidth due to the way a switch
can intelligently look at the packets. A shared hub, on
the other hand, can sometimes supply only 40 percent
of the potential bandwidth on the network.
Advanced Features of a Switch 159
transmitted across, but it creates the problem of looping. If you imagine data
going across two switches, you can follow in this figure how the data could
be passed from one switch to another endlessly.

The STP uses an algorithm that identifies that a switch has multiple
ways of communicating with a single node. In identifying this, it then deter-
mines the best way of communicating with that node and blocks out the
other paths. If the primary path to a node becomes unavailable, it will then
use redundant links to that node. This means that in the event of failure, the
network can still continue to function without worry that loops will result
and flood the network.
VLAN
A VLAN is a virtual LAN that allows messages to be broadcast to all of
the network devices that are in the same broadcast domain. A broadcast
domain is a logical division of computers that can communicate with one
another using broadcast messages. VLANs are used to allow computers and
other network devices to appear as if they are on the same network segment,
regardless of where they are physically located.
Ports on switches supporting this technology can be configured to be part
of the same VLAN. For example, some of the ports in one switch could be set
to be part of VLAN A and ports on another switch could also be set to part of
VLAN A. From the perspective of the devices on this VLAN, they are all part
of the same broadcast domain and can communicate with one another using
broadcast messages, which would not be received by any computers or devices
that are not part of this VLAN.
Trunking
In using VLANs, there may be situations where you have different computers
that are on the same VLANs but in different locations that are connected by
a single network link. This might be computers on different floors or build-
ings where a single cable is used to connect the different network segments.
FIGURE 4.1
Spanning Tree Allows
for Redundant Paths to
Nodes.

CHAPTER 4: Switching 160
To prevent the data from different VLANs from being sent across the single
cable and being received by the wrong VLANs, a process called trunking
is used.
Trunking is a term that refers to a single network link that allows mul-
tiple VLANs to communicate with one another. Two switches can send and
receive the network traffic from two or more VLANs using a Trunking Pro-
tocol. When a packet of data is sent between the two switches, a tag is added
to the frame header, indicating that it belongs to a particular VLAN.
To illustrate this, let’s say that a computer on one floor of a building is
part of VLAN A. The user wants to send data to another computer that’s on
another floor and is part of the same VLAN. The data is sent to the switch,
but because there are multiple VLANs on these floors, the switch adds infor-
mation to the header of the packet saying that this data is for a computer on
VLAN A. When it reaches the switch on another floor, this second switch
looks at the header and realizes that it should be sent to VLAN A. Even
though multiple VLANs may use the network link between these floors of
the building, the data are sent to the proper VLAN using this method.
Port Mirroring
Port mirroring is a process in which all of the data sent or received on
one port or VLAN is copied to another port, and it is also known as a
switched port analyzer (SPAN) or roving analysis port (RAP). In looking at
these terms, you can see that port mirroring is used for analyzing network
traffic. The data copied to a port on a switch can be copied to a different
port on the switch, which is then sent to a computer or network appliance
that monitors the traffic. An example of one such device that would use port
mirroring would be an intrusion detection system (IDS), which monitors
network traffic for activity that’s indicative of unauthorized access. Network
administrators using the data that’s been forwarded by port mirroring can
then identify issues with switch performance and can be notified of prob-

lems on the network.
Port Authentication
Port authentication is a process in which access to a port is given to a device
by having that device authenticate itself with a server. Port authentication
is part of the IEEE 802.1x standard, which outlines how access to a network
can be restricted on a port-by-port basis. Access control is based upon devices
authenticating themselves before being allowed to transmit packets across
the network. Once the device has authenticated itself, communication over
the port is allowed, so that it can then transfer data across the switch and
over the network.
Summary of Exam Objectives 161
Port authentication requires several components for access to be given or
denied. These are as follows:
 Supplicant This is the client that requests access to the network.
This may be a computer, software, or network device that requires
access to the network.
 Authenticator This is the port that is configured to restrict access
and requires authentication before allowing access.
 Authentication server This is a server that verifies the credentials of
the supplicant and determines if access should be granted or denied.
The way port authentication works is the supplicant (such as a network
workstation) attempts to access a port on a switch. The port acts as the
authenticator and won’t allow access until the supplicant has been authen-
ticated. The supplicant gives a username/password, digital certificate, or
other credentials to the authenticator, which passes this information to an
authentication server. The authentication server may be a RADIUS data-
base or another authentication database that compares the credentials to
its own records to determine whether access should be granted. The result
of this comparison is sent back to the authenticator. If the credentials have
been verified and found to be valid, then the supplicant is allowed to access

resources and transmit data across the switch.
SUMMARY OF EXAM OBJECTIVES
Switches can provide an array of features that can enhance the security and
functionality of a network. At its most basic level, a switch is a network
device that allows multiple devices to communicate with one another on a
network. These devices can be workstations, servers, laptops, printers, or
any number of other devices that require the ability to send and receive data
with one another.
Switches can work at different levels of the OSI model. Depending on the
layer used by the switch, it replaces many of the devices previously used on
older networks, inclusive to repeaters and bridges that we discussed in the
last chapter. Switches can provide the function of connecting together the
multiple networks, segmenting networks, or provide routing features that
will get data to its proper destination using the fastest possible route.
Test Day Tip
Remember for the Network+ exam that each component’s functionality is listed on the
testable objectives at the beginning of this chapter.
CHAPTER 4: Switching 162
Switches can also include a number of advanced features. PoE can provide
power to devices connected to the network, whereas VLANs can be used to
connect different computers into VLANs and join them together in the same
broadcast domain. If the VLANs are connected using a single network link,
Trunking Protocols may be used to provide connectivity. Security features
like port authentication can be used to require a client to authenticate to a
server before gaining access to a port. Some switches will also provide the fea-
ture of port mirroring, so that data sent to one port can be sent to hardware or
software that monitor network traffic. As you can see by this, switches have
evolved over the years. Although they still have the primary purpose of direct-
ing network traffic, they are a critical component of any larger network.
EXAM OBJECTIVES FAST TRACK

Understanding Switches
Switches provide services that are similar to those found in Ether-
net hubs. A switch takes data from a cable connected to its port,
but unlike a hub that forwards the data through all of its other
ports, a switch will forward the packet only to the computer that
the data is intended for.
Broadcast messages are the messages that are sent out to all of the 
nodes in a broadcast domain. A broadcast domain is a logical divi-
sion of computers that can communicate with one another using
broadcast messages.
The OSI model is a reference model that is used to map different 
functions of network communication. Types of switches are often
identified by how they relate to specific layers of this model.
Basic Switches
Basic switches look at the MAC address of a packet to determine 
where it is destined. The MAC address is unique to the NIC and
makes it identifiable on the network.
Layer 2 switches work at the data link layer (Layer 2) and look at 
the MAC address of the packet to determine where it is to be sent.
Switches are also sometimes referred to as multiport bridges, because

they can perform the same functions as a bridge. They can connect
two LANs together or segment a large LAN into two smaller ones.
Exam Objectives Fast Track 163
Multilayer Switches
A  multilayer switch (also called a Layer 3 switch) works by utiliz-
ing switching tables and switching algorithms to determine how
to send data via MAC addressing from host to host or device to
device.
Layer 3 switches work at the network layer of the OSI model and 

have an integrated router function that allows it to make decisions
as to where the data should be sent.
A Layer 3 switch is built into a Layer 2 switch so data does not have 
to be sent to a router; that is, the router is built into the circuitry of
the switch so the data is routed as quickly as the switch can send
it to itself – much quicker than one device trying to send data to
another device.
Content Switches
Content switches use Layers 4 to 7 of the OSI Model, and rather 
than looking at the individual packets being transmitted, they can
use sessions to transmit data between machines.
Switches that use the upper layers of the OSI model have the ability 
to look at the content of the data being transmitted.
Content switches take advantage of caching and load balancing so 
that the amount of data transmitted across networks and requests
processed by a server are reduced.
Advanced Features of a Switch
A VLAN allows messages to be broadcast to all of the network 
devices that are in the same broadcast domain.
Trunking is used to allow multiple VLANs to communicate with 
one another across a single network link.
PoE is a technology in which electrical power can be transferred 
over standard twisted-pair cables.
Port mirroring is used to allow all of the data sent or received on one

port or VLAN is copied to another port, and is also known as a SPAN
or RAP. The copied data can then be used by hardware or software to
monitor the data, as in situations where IDS are used.
CHAPTER 4: Switching 164
The STP is used to prevent broadcast storms that result from 

looping.
Port authentication is a process in which access to a port is given to 
a client by having it first authenticate to a server.
FREQUENTLY ASKED QUESTIONS
I am creating a small home-based network that will connect several Q:
different computers together. Because switches are commonly used
on our network at the office, should I use one for this network as
well?
A hub would be a better solution, as they are less expensive and A:
the features of a switch aren’t really necessary for this situation.
Although switches are the optimum choice for networks, they
aren’t always the best choice for small networks consisting of sev-
eral computers. In most cases where there are just a few computers
connected together, a switch would be overkill and a more costly
solution.
I am creating a new Ethernet network that will consist of a few Q:
dozen employees and will expand greatly over the next few years.
Which device should I use to connect users together on the net-
work and still have the ability to expand as the network grows?
A switch is similar to a hub in that it will take data from one cable, A:
regenerate the signal, and then resend it. What makes a switch
different is that it will take the data sent to one port on the switch,
and then determine which of the other ports will allow the data
to get to its intended destination. Switches have also incorporated
many of the functions previously provided by other network devices,
and can be connected together when there is a need to expand
the network.
SELF TEST
You have purchased a basic switch for your network that can look 1.
at information within a packet of data and send it to its destination

address. It has no additional features. What kind of switch is this?
A. Layer 2
B. Layer 3
Self Test 165
C. Layer 4
D. Layer 5
A broadcast message is sent by a computer onto the network. 2.
Which of the following will occur when the switch receives the
broadcast message?
A. The message will be sent to all computers on the network.
B. The message will be sent to all computers in the same broadcast
domain.
C. The message will not be sent because switches will only send
messages between two nodes.
D. The message will not be sent because switches are designed to
always ignore broadcast messages.
You are looking into purchasing a new switch for your network. You 3.
want the switch to be able to route packets of data based on the
uniform resource locator included with the packet. Which switch
type should you buy?
A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 5
A switch on your network is designed to look at the MAC address 4.
of incoming data, and then use switching tables and algorithms to
properly route data to its intended destination. What type of switch
is being used?
A. Layer 2
B. Layer 3

C. Layer 4
D. Layer 5
Your company has just purchased a smaller rival business, and 5.
now wants you to connect the two networks together. Your com-
pany’s existing network is twice the size of the new network. To
get these two networks connected together, which of the following
will you do?
A. Install a VLAN to connect the two networks together.
B. Install a switch to connect to the two networks together.