CompTIA Network+ Rapid Review: Network Concepts

  • 12/15/2012

Objective 1.2: Classify how applications, devices, and protocols relate to the OSI model layers

One of the primary functions of the OSI model is to organize and separate the various elements of the networking process. When defining the function of a network element, such as a protocol, device, or application, it is common to begin by specifying the OSI model layer at which the element operates. This helps to categorize the function of the element and provides a basic idea of its purpose.

For example, a data-link layer device is generally understood to be involved in local network communications, while the network and transport layers are devoted to end-to-end communications that can span multiple networks. The Network+ exam requires you to understand the functions of many different applications, devices, and protocols, and classifying those elements using the OSI model is the first step to achieving that understanding.

Exam need to know

  • Classify how MAC addresses relate to the OSI model layers.

    For example: At which layer of the OSI model are network nodes identified using MAC addresses?

  • Classify how IP addresses relate to the OSI model layers.

    For example: At which layer of the OSI model are network nodes identified using IP addresses?

  • Classify how EUI-64 relates to the OSI model layers.

    For example: In what layer of the OSI reference model do you find an EUI-64?

  • Classify how frames relate to the OSI model layers.

    For example: Which layer of the OSI model uses the term “frame” to refer to the protocol data unit generated by a networking protocol?

  • Classify how packets relate to the OSI model layers.

    For example: At which layer of the OSI reference model are data structures called packets?

  • Classify how switches relate to the OSI model layers.

    For example: At which layer of the OSI model do switches perform their basic functions?

  • Classify how routers relate to the OSI model layers.

    For example: At which layer of the OSI model do routers perform their basic functions?

  • Classify how multilayer switches relate to the OSI model layers.

    For example: At which layers of the OSI model do multilayer switches perform their functions?

  • Classify how hubs relate to the OSI model layers.

    For example: At which layer of the OSI model do hubs perform their basic functions?

  • Classify how encryption devices relate to the OSI model layers.

    For example: Which layer of the OSI model is responsible for encrypting data?

  • Classify how cables relate to the OSI model layers.

    For example: Which layer of the OSI model defines the properties of network cables?

  • Classify how NICs relate to the OSI model layers.

    For example: At which layer of the OSI model do NICs operate?

  • Classify how bridges relate to the OSI model layers.

    For example: At which layer of the OSI model do bridges perform their basic functions?

MAC addresses

A media access control (MAC) address, also known as a hardware address, is a six-byte hexadecimal value that local area networking (LAN) protocols at the data-link layer use to identify systems on a shared network medium. Manufacturers of network interface adapters permanently assign a unique MAC address to each adapter, so that there can be no address duplication on any network.

True or false: Ethernet devices use MAC addresses to identify the source and the destination of each frame they transmit over the network.

Answer: True. The Ethernet frame format contains a six-byte Source Address field and a six-byte Destination Address field, which together function like the addresses on a postal envelope.

True or false: Internet transmissions use a MAC address to identify the final recipient of a message.

Answer: False. Internet transmissions use an Internet Protocol (IP) address to identify the final recipient of a message, not a MAC address. This is because MAC addresses are local. A packet might pass through multiple LANs on the way to a destination on the Internet, and have different destination MAC addresses as it does so.

IP addresses

The Internet Protocol (IP) is the primary end-to-end protocol in the TCP/IP networking stack. Operating at the network layer of the OSI model (and the internet layer of the TCP/IP model), IP has its own addressing system, which it uses to identify systems on the network.

As with Ethernet, IP has header fields that contain the IP addresses of the source and destination systems involved in a network transaction. The difference between the two is that IP uses IP addresses instead of MAC addresses, and the Destination IP Address field identifies the final recipient of the transmission.

True or false: Ethernet systems on a TCP/IP network have a protocol that converts network layer IP addresses to data-link layer MAC addresses.

Answer: True. Address Resolution Protocol (ARP) converts IP addresses into MAC addresses by broadcasting request packets containing the IP address on the local network and waiting for the holder of that IP address to respond with a reply containing the equivalent MAC address.

True or false: Packets on a TCP/IP network can have two destination addresses pointing to different systems.

Answer: True. The IP header at the network layer has a Destination IP Address field that always specifies the ultimate destination of the packet. At the same time, the Ethernet header at the data-link layer will have a changing Destination Address field that points to the next intermediary system on the local network, until it finally reaches the ultimate destination network, at which point both addresses will point to the same ultimate destination.


The extended unique identifier-64 (EUI-64) is a 64-bit value that some TCP/IP systems use to form the second half of a 128-bit IPv6 address. The IPv6 address is a network layer structure, but the EUI-64 value for a system is derived from its data-link layer MAC address.

True or false: No two computers can legitimately have the same EUI-64 value in their IPv6 addresses.

Answer: True. The EUI-64 value that makes up the second half of some IPv6 addresses is taken from the system’s MAC address, which, by definition, is unique. Therefore, no two EUI-64 values on different systems can be identical, unless an individual is making a deliberate attempt to spoof the IPv6 address.

True or false: All IPv6 addresses include the system’s EUI-64 value.

Answer: False. Some IPv6 implementations avoid using the EUI-64 value, for fear that it might be possible to track the physical location of a computer based on its IPv6 address.


The data structures created by the protocols at the various layers of the OSI reference model have different names. At the data-link layer, the structure that a protocol creates when it encapsulates a network layer message is called a frame. The term frame is not used at any other layer.

Unlike the protocols at the upper layers, a data-link layer frame consists of both a header and a footer, which the protocol adds to the data it receives from the network layer. The resulting frame is the final element added to the data packet, which is then ready for transmission over the network.

True or false: A data-link layer frame includes an error detection mechanism.

Answer: True. The frame check sequence (FCS) field in the data-link layer footer contains a checksum calculated by the source computer. Once the frame reaches its destination, the receiving computer performs the same calculation and compares the results to the FCS value. If the two fail to match, then the frame has been corrupted or modified in transit.

True or false: All data-link layer frames include source and destination MAC addresses.

Answer: False. Ethernet frames always include source and destination MAC addresses, but there are data-link layer protocols other than Ethernet that do not. The Point-to-Point Protocol (PPP) is designed for use on wide area network (WAN) connections between systems. Because there are only two systems involved in a WAN connection, there is no need to include addresses in every frame.


Although it is often mistakenly used to refer to the entire data structure transmitted over the network, the term packet actually refers to the unit of data carried inside a data-link layer frame. A packet is therefore a network layer structure.

On a packet-switching internetwork, such as the Internet, packets might travel through dozens of networks, with the router for each network stripping off the previous frame and applying its own frame to the data. The packet inside these many different frames remains intact, however.

True or false: Every TCP/IP packet contains a frame.

Answer: False. The packet is the network-layer data carried within the data-link layer frame. Therefore, every frame contains a packet.

True or false: Every TCP/IP packet must contain a transport layer datagram or segment.

Answer: False. Packets carrying transport layer data must contain a UDP datagram or a TCP segment, but there are also packets that carry Internet Control Message Protocol (ICMP) data directly within the IP datagram, which do not use UDP or TCP.


A switch is a data-link layer device that connects computers and other systems together into a LAN. Basic switches consist of a box or a rack-mounted module with one or more rows of female cable connectors. Plugging devices into the connectors enables them to communicate with each other by transmitting packets.

Unlike hubs, switches have intelligence that enables them to determine the address of the device connected to each port. When a unicast packet arrives through any of the switch’s ports, the switch reads its destination addresses and forwards the packet out through the port providing access to the destination system.

True or false: Switches have almost completely replaced hubs on today’s local area networks.

Answer: True. Switches conserve network bandwidth by delivering packets only to their intended recipients. On a hub-based network, every computer must receive and process every packet received by the hub.

True or false: All switched networks use a bus topology.

Answer: False. A switch functions as the cabling nexus for a LAN. Each computer has its own cable connecting it to the switch. Switched networks can therefore be said to use a star topology.


A router is a network layer component that connects two networks together, selectively forwarding only the traffic that is destined for the other network. Because most large networks today are switched internally, the primary function of routers is to connect LANs to WAN connections.

Routers also have tables containing information about other networks, which enable them to direct incoming packets to their ultimate destinations.

True or false: Splitting a network with a router reduces the amount of broadcast traffic on the network.

Answer: True. Unlike switches, hubs, and bridges, routers do not forward broadcast traffic.

True or false: A router must have at least two network interfaces.

Answer: False. By the traditional definition, a router must be connected to two or more networks, so it must have at least two network interfaces. These interfaces can be standard LAN adapters, or any type of WAN equipment. However, with the advent of virtual LANs, there are now routers available with a single interface. Called stub routers or one-armed routers, these devices connect to a switch and route traffic between VLANs.

Multilayer switches

A multilayer switch is an advanced networking device that, in addition to functioning as a standard data-link layer switch, also supports functions associated with other OSI model layers, most particularly network layer routing.

True or false: In addition to the data-link layer, switches can also operate at the network layer.

Answer: True. Advanced switches have the ability to create virtual LANs (VLANs), which are subnets that exist only in the switch. To enable VLANs to communicate with each other, these switches also support virtual routing, which is a network layer process.


A hub is a cabling nexus for a LAN using a star topology. Unlike a switch, which is often similar in appearance, a hub is a purely physical layer device. The hub amplifies the signals entering through any of its ports and forwards them out through all of the other ports, creating a shared network medium.

True or false: Hubs can read the destination addresses from the frames arriving through its ports.

Answer: False. Hubs lack any ability to interpret incoming signals. They are electrical devices that manipulate signals at the physical level, but they cannot interpret them.

True or false: Replacing a hub with a switch increases the efficiency of a LAN.

Answer: True. While a hub forwards incoming signals out through all of its ports, switches only forward signals out through the destination port. This conserves bandwidth and provides each pair of computers with what amounts to a dedicated link.

Encryption devices

The term encryption device refers to any mechanism that employs an algorithm to cryptographically encode data. Encryption devices can be as large as a server or as small as a USB flash drive. Whatever the form of the device, however, the encryption process is carried out at the presentation layer of the OSI model.

True or false: On TCP/IP systems, encryption algorithms are standalone protocols that run at the presentation layer of the OSI model.

Answer: False. There are no standalone presentation layer protocols in the TCP/IP suite. Presentation layer functions, including encryption, are typically incorporated into application layer protocols.


Cables are the physical layer components that form the network medium on most LANs. Depending on the topology, distance, and environmental requirements for the network, LANs use one of the following three basic cable types: coaxial, twisted pair, or fiber optic.

True or false: Coaxial cables are no longer used to build new Ethernet LANs.

Answer: True. Coaxial Ethernet networks require a bus topology, and for various reasons, including cost and ease of installation, this type of cable is no longer used.


The network interface adapter, also known as a network interface card or NIC, is the hardware implementation of the data-link layer protocol. Virtually all of the NICs sold today are Ethernet, with models available that support various speeds, expansion buses, and cable types.

True or false: Most of the desktop computers manufactured today have an Ethernet network interface adapter integrated into the motherboard.

Answer: True. Ethernet network interface adapters are all but ubiquitous on the motherboards manufactured for desktop computers.

True or false: Every NIC has a unique MAC address permanently assigned by the manufacturer.

Answer: True. It is the network interface adapter that has the MAC address assigned to it by the hardware manufacturer, whether the adapter is a separate card or integrated into the motherboard.


A bridge is a data-link layer device that splits a LAN in half and selectively forwards traffic based on its destination address. When a packet arrives through one of the bridge’s interfaces, the bridge reads the destination hardware address from the Ethernet header. If the packet is destined for a computer on the other side of the bridge, it forwards the packet out through its other interface. If the packet is destined for a computer on the same side of the bridge from which it was received, the bridge simply discards the packet.

True or false: Installing a bridge on a LAN splits the network into two separate broadcast domains.

Answer: False. Bridges forward all broadcasts to the other side of the network. The address-based filtering they perform is limited to unicast transmissions.

Can you answer these questions?

Find the answers to these questions at the end of this chapter.

  1. Only one of the items listed in this objective is associated with an OSI model layer other than the physical, data-link, or network. Which is it?
  2. You can build a simple Ethernet LAN with nothing more than a NIC for each computer, a switch, and some cables. Which of those components are associated exclusively with the physical layer of the OSI model?
  3. A multilayer switch functions primarily at which two layers of the OSI reference model?
  4. Which of the devices listed in this objective can split a network into two broadcast domains?
  5. Which layer of the OSI model uses addresses that can be 32 or 128 bits long?

Related resources

There are currently no related titles.