Networking Models 89
Figure 2-32 Optical Platform—The Cisco ONS 15454 DWDM Optical Network System
Security Devices
Because of increased Internet and extranet connections, as well as more telecommuters
and mobile users accessing enterprise networks from remote sites, the importance of
network security increases. Firewalls, AAA servers, and VPN concentrators are com-
ponents or devices related to network security.
Firewalls
The term firewall refers to either a firewall program running on a router or server or a
special standalone hardware component of a network. A firewall protects a private
network’s resources from users in other networks.
Working closely with a router program, a firewall examines each network packet to
determine whether to forward it to its destination. Using a firewall is like using a traffic
officer to ensure that only valid traffic can enter or leave certain networks. Figure 2-33
shows a Cisco PIX Firewall 535 series, which is a dedicated network device.
1102.book Page 89 Tuesday, May 20, 2003 2:53 PM
90 Chapter 2: Networking Fundamentals
Figure 2-33 Cisco PIX Firewall
AAA Servers
An AAA server is a server program that handles user requests for access to computer
and network resources. An AAA server provides authentication, authorization, and
accounting services for an enterprise. The AAA server ensures that only authentic users
can get into the network (authentication), that the users are allowed access only to the
resources they need (authorization), and that records are kept of everything they do
after they are allowed entry (accounting).
An AAA server is like the credit card system. To put charges on a credit card, the mer-
chant must verify that the credit card actually belongs to the person using it (authenti-
cation). The merchant must also check that the credit card has enough credit left for
the requested charge amount (authorization), and then the merchant must record the
charge to the user’s account (accounting). Figure 2-34 shows an example of where an
AAA server is used.

Figure 2-34 AAA Server
Massachusetts
California
New
Hampshire
Vermont
Corporate
Headquarters
AAA Server
No Access
to HQ
Allow
Access
to HQ
Allow
Access
to HQ
• Permit Access from MA
• Permit Packets from NH
• Permit Packets from VT
• Deny All Other Packets
1102.book Page 90 Tuesday, May 20, 2003 2:53 PM
Networking Models 91
VPN Concentrators
A VPN concentrator offers powerful remote access and site-to-site VPN capability, an
easy-to-use management interface, and a VPN client. The Cisco VPN 3000 Concentra-
tor Series is a family of purpose-built, remote-access VPN platforms and client soft-
ware that incorporates high availability, high performance, and scalability with the
most advanced encryption and authentication techniques available today. Figure 2-35
shows a VPN 3000 Concentrator.

Figure 2-35 Cisco VPN 3000 Concentrator
Wireless Devices
A wireless LAN (WLAN) provides all the features and benefits of traditional LAN
technologies, such as Ethernet, without the limitations of wire or cables. Some com-
mon wireless networking devices include wireless NICs, wireless access points, and
wireless bridges. The following sections briefly describe these wireless networking
devices.
Wireless NICs
Each wireless client requires a wireless NIC or client adapter. These are available as
PCMCIA and PCI cards to provide wireless connectivity for both laptop and desktop
workstations. Laptops or notebook PCs, with wireless NICs, can move freely through-
out a campus environment while maintaining connectivity to the network. Wireless
PCI and ISA adapters (for desktop workstations) allow end stations to be added to the
LAN quickly, easily, and inexpensively without the need for additional cabling. All
adapters feature antennas—the PCMCIA card with a built-in antenna and the PCI
card with an external antenna. The antennas provide the range required for data trans-
mission and reception. Figure 2-36 shows wireless adapters.
1102.book Page 91 Tuesday, May 20, 2003 2:53 PM
92 Chapter 2: Networking Fundamentals
Figure 2-36 Wireless Adapters
Wireless Access Points
The access point (AP) or base station (see Figure 2-37) is a wireless LAN transceiver
that can act as a hub—the center point of a standalone wireless network—or as a
bridge—the connection point between wireless and wired networks. Multiple APs can
provide roaming functionality, allowing wireless users freedom to roam throughout a
facility while maintaining uninterrupted connectivity to the network.
Figure 2-37 Wireless Access Point
1102.book Page 92 Tuesday, May 20, 2003 2:53 PM
Network Topologies 93
Wireless Bridges

A wireless bridge, shown in Figure 2-38, provides high-speed (11 Mbps), long-range
(up to 25 miles), line-of-sight wireless connectivity between Ethernet networks. Any
Cisco AP can be used as a repeater (extension point) for the wireless network.
Figure 2-38 Wireless Bridge
Network Topologies
A network topology defines how computers, printers, network devices, and other
devices are connected. In other words, a network topology describes the layout of the
wire and devices as well as the paths used by data transmissions. The topology greatly
influences how the network works.
Networks can have both a physical and a logical topology. Physical topology refers to
the physical layout of the devices and media. Physical topologies that are commonly
used are
■ Bus
■ Ring
■ Star
■ Extended star
Lab Activity OSI Model Encapsulation and Devices
In this lab, you describe layers and characteristics of the OSI model. You also
identify the encapsulation units and devices that operate at each layer.
1102.book Page 93 Tuesday, May 20, 2003 2:53 PM
94 Chapter 2: Networking Fundamentals
■ Hierarchical
■ Mesh
Figure 2-39 illustrates the different physical topologies.
Figure 2-39 Physical Topologies
Logical topology defines how the medium is accessed by the hosts for sending data.
The following sections describe different types of physical and logical topologies.
Figure 2-40 shows many different topologies connected by networking devices. It
shows a network of moderate complexity that is typical of a school or small business.
Figure 2-40 Networking Topologies

Bus Topology Ring Topology Star Topology
Extended Star
Topology
Hierarchical
Topology
Mesh
Topology
G
1
Internet
Main
Server
Main
Switch
Workgroup
Switch
Repeater
Bridge
Hub
E0
F0
E1
T0
D E F
2
A
B
C
L
K

N
M
P
O
H
J I
FDDI
Token
Ring
1
1102.book Page 94 Tuesday, May 20, 2003 2:53 PM
Network Topologies 95
The following sections describe the different networking topologies in more detail.
Bus Topology
Commonly called a linear bus, a bus topology connects all the devices using a single
cable (see Figure 2-41). This cable proceeds from one computer to the next like a bus
line going through a city.
Figure 2-41 Bus Topology
With a physical bus topology, the main cable segment must end with a terminator that
absorbs the signal when it reaches the end of the line or wire. If there is no terminator,
the electrical signal representing the data bounces back at the end of the wire, causing
errors in the network.
Star and Extended-Star Topologies
The star topology, shown in Figure 2-42, is the most commonly used physical topology
in Ethernet LANs. When installed, the star topology resembles spokes in a bicycle wheel.
The star topology is made up of a central connection point that is a device such as a
hub, switch, or router, where all the cabling segments meet. Each host in the network
is connected to the central device with its own cable.
Although a physical star topology costs more to implement than the physical bus
topology, the advantages of a star topology make it worth the additional cost. Because

each host is connected to the central device with its own cable, when that cable has a
problem, only that host is affected; the rest of the network remains operational. This
benefit is extremely important and is why virtually every newly designed Ethernet
LAN has a physical star topology.
A central connection point might be desirable for security or restricted access, but this
is also a main disadvantage of a star topology. If the central device fails, the whole net-
work becomes disconnected.
1102.book Page 95 Tuesday, May 20, 2003 2:53 PM
96 Chapter 2: Networking Fundamentals
Figure 2-42 Star Topology
When a star network is expanded to include an additional networking device that is
connected to the main networking device, it is called an extended-star topology, as
shown in Figure 2-43.
Figure 2-43 Extended-Star Topology
1102.book Page 96 Tuesday, May 20, 2003 2:53 PM
Network Topologies 97
Ring Topology
The logical ring topology is another important topology in LAN connectivity. As the
name implies, hosts are connected in the form of a ring or circle. Unlike the physical
bus topology, the ring topology has no beginning or end that needs to be terminated.
Data is transmitted in a way unlike the logical bus topology. A frame travels around
the ring, stopping at each node. If a node wants to transmit data, it is permitted to add
that data as well as the destination address to the frame. The frame then continues
around the ring until it finds the destination node, which takes the data out of the
frame. The advantage of using this type of method is that there are no collisions of
data packets.
Two types of rings exist:
■ Single ring
■ Dual ring
In a single ring, as shown in Figure 2-44, all the devices on the network share a single

cable, and the data travels in one direction only. Each device waits its turn to send data
over the network. Most single-ring topologies are actually wired as a star.
Figure 2-44 Ring Topology
In a dual ring, two rings allow data to be sent in both directions, as shown in Figure 2-45.
This setup creates redundancy (fault tolerance), meaning that if one ring fails, data can
be transmitted on the other ring. Also, if both rings fail, a “wrap” at the fault can heal
the topology back into a ring.
1102.book Page 97 Tuesday, May 20, 2003 2:53 PM
98 Chapter 2: Networking Fundamentals
Figure 2-45 Dual-Ring Topology
Hierarchical Topology
A hierarchical topology is created similar to an extended-star topology. The primary
difference is that it does not use a central node. Instead, it uses a trunk node from
which it branches to other nodes, as shown in Figure 2-46. Two types of tree topolo-
gies exist: the binary tree (each node splits into two links) and the backbone tree
(a backbone trunk has branch nodes with links hanging from it).
Full-Mesh and Partial-Mesh Topologies
The full-mesh topology connects all devices (nodes) to each other for redundancy and
fault tolerance, as shown in Figure 2-47. The wiring in a full-mesh topology has very
distinct advantages and disadvantages. The advantage is that every node is connected
physically to every other node, which creates a redundant connection. If any link fails,
information can flow through many other links to reach its destination. The primary
disadvantage is that for anything more than a small number of nodes, the amount
of media for the links and the number of the connections on the lines becomes over-
whelming. Implementing a full-mesh topology is expensive and difficult. The full-mesh
topology is usually implemented in WANs between routers.
Two Links Connected to the
Same Networking Device
1102.book Page 98 Tuesday, May 20, 2003 2:53 PM