Networking Tutorials

Network Devices

A tour of common devices in IT networks: what they do, why they matter, and typical features.

Switch Firewall Router NAS Gateway Proxy Server ESXi Server

Switch

A switch is a network device that connects multiple computers, servers, or other devices in a LAN. Unlike a hub, it forwards traffic intelligently based on MAC addresses, reducing unnecessary broadcasts.

Key Functions

  • MAC Learning: keeps track of which MAC address is connected to which port.
  • Forwarding & Filtering: sends frames only to the correct destination port.
  • Full Duplex: allows simultaneous sending and receiving without collisions.
  • Unmanaged vs. Managed: plug-and-play devices vs. switches with VLANs, QoS, SNMP, etc.

VLAN (Virtual LAN)

VLANs allow a physical network to be divided into logical sub-networks. Devices in the same VLAN can communicate directly, while traffic between VLANs requires a router or a Layer-3 switch. VLANs improve security, efficiency, and flexibility in network design. 

# Example VLAN setup
VLAN 10: Employees
VLAN 20: Guests
VLAN 30: Servers
# A firewall could say for example now: VLAN 10 (Employees) can access the Server in VLAN 30,
# while Guests in VLAN 20 cant. Even if they are in the same subnet.

#NOTE: VLANS are NOT directly related to IP-Addresses!

Advanced Features

  • STP (Spanning Tree Protocol): prevents loops in redundant network topologies.
  • Link Aggregation: combines multiple links for higher bandwidth and redundancy.
  • Port Security: restricts which MAC addresses can connect to a port.
  • QoS (Quality of Service): prioritizes critical traffic, e.g. voice or video.

Firewall

A firewall enforces security policies by allowing or blocking traffic based on rules. It can filter by IP, ports, protocols, state, and application context. Modern NGFWs add features like IPS/IDS, URL filtering, and TLS inspection.

Key Concepts

  • North-South vs. East-West traffic: perimeter vs. internal segmentation.
  • Stateless vs. stateful: stateful keeps connection tables for smarter filtering.
  • Zones and policies: group interfaces into zones and write rules between zones.
  • NAT: hide internal addresses or publish services.

Common Rule Types

  • Allow internal web clients to Internet (80/443).
  • Deny inbound by default; explicitly allow needed services.
  • Restrict admin access (e.g., SSH) to trusted IPs only.

Example (pseudo rules)

# default deny inbound
deny any any -> WAN

# allow LAN to web
allow LAN any -> any tcp 80,443 stateful

# SSH to mgmt from admin net only
allow ADMIN_NET any -> FW-MGMT tcp 22

Router

A router forwards packets between different IP networks. It makes decisions using routing tables that are built statically or dynamically with protocols like OSPF, BGP, or RIP.

Key Functions

  • Routing: choose best next hop to reach a destination network.
  • Inter-VLAN routing: connect VLANs through subinterfaces or SVI.
  • NAT/PAT: translate private to public IPs.
  • ACLs: basic packet filtering on router interfaces.

Example (static routes)

# default route to ISP
ip route 0.0.0.0/0 via 203.0.113.1

# reach branch network via WAN
ip route 10.20.0.0/16 via 198.51.100.2

NAS (Network Attached Storage)

A NAS is a file server accessible over the network, often providing SMB/CIFS and NFS. It centralizes storage, backups, and sharing with user and group permissions.

Capabilities

  • Shares and protocols: SMB for Windows, NFS for Linux, AFP legacy.
  • RAID levels: 1/5/6/10 for redundancy and performance.
  • Snapshots and replication: quick rollbacks and offsite copies.
  • Directory integration: LDAP/AD for centralized auth.

Example (exports)

# NFS export example (server side)
/srv/projects 10.0.0.0/24(rw,no_root_squash)

# SMB share example (smb.conf)
[projects]
   path = /srv/projects
   read only = no
   valid users = @devs

Gateway

A gateway is the exit point from a local network to other networks. In small networks it is usually the router, combining routing, NAT, DHCP, and sometimes firewalling.

Typical Roles

  • Default route target for hosts.
  • NAT to reach the Internet.
  • DHCP server to hand out IP settings.
  • DNS forwarder or resolver.

Example (host settings)

# Linux example via nmcli
nmcli con mod "Wired connection 1" ipv4.gateway 192.168.1.1
nmcli con up "Wired connection 1"

Proxy Server

A proxy sits between clients and servers. It can cache content, filter requests, enforce access policies, and provide anonymity or break out inspection for HTTP/HTTPS (with TLS interception where allowed).

Types

  • Forward proxy: clients go through it to reach the Internet.
  • Reverse proxy: front-end for servers; offloads TLS, caching, auth.
  • Transparent proxy: intercept traffic without client config.

Example (reverse proxy routes)

# pseudo config
server {
  listen 443 ssl;
  server_name app.example.com;

  location / {
    proxy_pass http://10.0.0.50:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $remote_addr;
}

ESXi Server

VMware ESXi is a bare-metal hypervisor used to run virtual machines with strong performance and management via vCenter. It supports vSwitches, VLANs, storage over iSCSI/NFS/FC, and features like vMotion and HA.

Networking

  • Standard and Distributed vSwitches for host or cluster-wide networking.
  • Port groups mapped to VLAN IDs for traffic separation.
  • Uplinks (NIC teaming) for redundancy and bandwidth.

Storage

  • Datastores over iSCSI, NFS, or Fibre Channel.
  • VMFS for block storage, NFS for file-based storage.
  • Snapshots for short-term testing and rollback.

Example (vSwitch and Port Group)

# esxcli style pseudo steps
# create vSwitch and bind uplink
esxcli network vswitch standard add -v vSwitch1
esxcli network vswitch standard uplink add -v vSwitch1 -u vmnic1

# add port group with VLAN 20
esxcli network vswitch standard portgroup add -p "Prod-20" -v vSwitch1
esxcli network vswitch standard portgroup set -p "Prod-20" -v 20