Common Network Infrastructure Devices:

• Router- A Layer 3 device that can make forwarding decisions based on logical addresses (e.g. IP addresses)
• Firewall Router - A router configured to perform firewall functions in addition to router functions
• DMZ - a portion of network that should be accessible by external devices (e.g. devices on the Internet)

1. IPv4
2. IPv6

• WAN connection - a network connection that interconnects geographically separate networks
• VPN - allows a secure connection to be setup over an untrusted network
• Wireless Access Point
• Ethernet Switch - a L2 device that makes forwarding decisions based on physical addresses (i.e. MAC addresses)
• NIC (Network Interface Card)
• MAC - a 48 bit addressees

	Ports	MAC
	1	aaaa:ffff:cccc:1111:dddd:bbbb
	2	bbbb:
	3	cccc:

• Collision domains - every port of a switch is in its own collisions domain
• Broadcast domains
• IPS - Intrusion Prevention System - sensor that sits in-line with network traffic, can recognize the signature of well-known attacks, and can stop those attacks
• IDS - Intrusion Detection System - a sensor that receives a copy of network traffic, can recognize the signature of well-known attacks, and can stop those attacks
• Firewall - a device that uses a set of rules to determine what traffic to permit or deny between different portions (i.e. zones) of a network
• Multilayer Switch - an Ethernet switch that can make forwarding decisions based on Layer 3 (and higher) information, like a router, and can also make decisions based on Layer 2 information, like a Layer2 Ethernet swich
• Cache Engine - locally stores content retrieved from a remoter network (i.e. Internet) and sends that content to local devices requesting that content, thus saving bandwidth
• NAS - A network appliance that makes storage resources available to network clients

Firewalls

A network device that can help prevent malicious traffic from spreading into a secured area of a network, through the use of rule sets

Types of firewalls:

• Packet Filter - can permit or deny traffic based on information such as source and/or destination IP addresses and port numbers
• Stateful Firewall - in addition to permitting or denying traffic based on IP address and/or port number information, can inspect sessions and recognize return traffic for a session that was initiated from a trusted network
• Application Layer Firewall - in addition to inspecting sessions and permitting or denying traffic based on IP addresses and/or port number information, understands the nature of an application (e.g. its use of different protocols)
• Hardware Firewall

Wireless Access Points (APs)

• Wireless Ad-ho network - Allows wireless devices to communicate with on another without using a network infrastructure

1. Wireless AP
2. Autonomous APs - individually managed

• Lightweight APs - managed by a wireless LAN (WLAN)controller
• WLAN Controller
• LWAPP (lightweight Access Point Protocol) - used by wireless LAN controller to communicate with the lightweight APs it manages. Many LWAPP deployments are being replaced with the newer Control and Provisioning of Wireless Access Points (CAPWAP) protocol, which performs a similar function