Network design considerations for Network+ exam prep

The typical network infrastructure includes cables, switches, routers, servers and client devices. How they become incorporated into a network depends on the network design.

Individuals interested in earning a Network+ certification with CompTIA need to understand how to design a computer network, which goes beyond the physical infrastructure and layout of a system. The design relates to its topology, policies, installed hardware and software, and more. The next steps of network configuration involve securing the system, monitoring its status, troubleshooting and ensuring network efficiency.

Whether it encompasses a LAN, WAN or virtual LAN (VLAN), modern network infrastructure requires adequate security considerations. Network teams are increasingly implementing new strategies, like zero-trust security measures, to tighten network access. Security protocols can ward off the more resilient threats that threaten to hijack systems. But, before implementing any of those technologies, network professionals must first learn to design the network itself.

In The Official CompTIA Network+ Self-Paced Study Guide (Exam N10-008), author James Pengelly outlined what test-takers can expect on their certification exams. "Lesson 8: Explaining Network Topologies and Types" specifically focuses on network topologies and how professionals design resilient networks using tools, standards and protocols. Review questions at the end of each section prepare test-takers on what to expect on their exams.

Here, Pengelly offered advice on what candidates studying for their Network+ certification exams should focus on regarding network design considerations.

Click here to learn more about
the book.

Editor's note: The following interview was edited for length and clarity.

What do you think the most important thing is for test-takers to understand about network configuration?

James Pengelly: In relation to network topologies, know about what each topology does. One of the most common topologies is the star topology, which is when you have a switch and then your end systems are all connected to the switch. Another common topology is mesh topology. That's where you try and connect every system to every other system. When you have a lot of nodes and computers, mesh topology becomes inefficient. Most networks you'll see and practice with use a combination of network topologies. They use star networks with mesh features to add redundant paths and ensure a nice fault-tolerant network.

How crucial is network design to performance?

Pengelly: It's very important. The network design will essentially attempt to establish redundancy rather than performance, with performance being mostly driven by the speed of your links. If you have nice new Cat6 or Cat6a cabling for your access ports, everything will be running at 1 Gbps. Within the center of the network, you have faster links so 10 gigabits, or 40 Gbps. That keeps everything moving around the core layer quickly. In terms of current design, the distributed architecture helps to make sure nodes are always connected. There are fault-tolerant paths between each access block and the core so your hosts never go offline.

How does Spanning Tree Protocol (STP) improve network configuration?

Pengelly: STP is important [because of] redundant links. Redundant links are important because, if you have a switch that fails and you don't have any redundancy, your computers won't be able to access the network. But, when you create that redundancy, you also create a loop in the network. If you're connected to two switches, there are two pathways into the core of the network.

STP makes sure that only one of those paths is active at any one time. It sort of automatically runs on the switch and uses frames called Bridge Protocol Data Units to identify the best path through the network and block any ports that might create a loop.

What are the advantages of configuring a VLAN over a LAN?

Pengelly: [In a] logical configuration, nodes need to be able to communicate with one another, which also impacts performance. You don't want too many computers within the same segment because that means they're all creating a lot of broadcast traffic. That will slow the network down a little bit.

There are also security reasons -- you might want one group of computers to talk to another group of computers. You might want one group of computers filtered from others so that only certain computers can connect to them. These segments can all be created easily using VLANs.

A VLAN is a way of instructing a switch to treat a certain selection of ports as separate from other ports. You might have VLAN 10 associated with ports 1 to 10 and VLAN 20 associated with ports 11 to 20. Computers attached to VLAN 10 have to use a router to access computers in VLAN 20. As part of that routing, you can define an access control list to see whether that sort of connection should be allowed or not. VLANs offer both a performance and security function.

How can network professionals implement security considerations in their network designs?

Pengelly: When talking about access ports, one issue is that a threat actor could come along and plug anything into the network. What's implemented these days is a feature called network access control, or port security. That allows you to configure a port to reject any system it doesn't recognize. There are various criteria -- you can use a simple system called [media access control] filtering, or MAC learning, which means the switch port learns which MAC addresses to trust and it disables [untrusted] ports.

If you try to connect any interfaces with MAC addresses it doesn't recognize, you could implement a full 802.1x authentication system. That means that, when you attach the node, the switch asks the user to authenticate themselves. They have to supply credentials, like a smart card or a user password, and it won't enable the port until those credentials have been submitted.

What do test-takers typically think is the hardest part of network configuration?

Pengelly: STP questions are often seen as difficult. [Test-takers should] also pay close attention to questions about VLAN trunks. With switch configuration, one of the key things to remember is the difference between access ports and trunk ports. An access port is one that you connect to an ordinary computer. You define that in the switch configuration as an access port to prevent some of the problems that can occur with the spanning tree. Trunk ports are connections between switches. Those are configured to make sure that you identify those as a special configuration.

James Pengelly

About the author
James Pengelly has spent his entire career writing, editing, developing and designing labs for IT courseware. Since 1999, he’s focused on CompTIA certification study materials. He currently holds the title of senior manager of product development at CompTIA Learning, with lead author responsibility for A+, Network+, Security+ and CySA+.