Network Fundamentals

The Basics

Your network is a system for moving data between devices. Every device — laptop, server, printer, camera — has an IP address (its logical address on the network) and a MAC address (its hardware identifier). When your laptop needs to reach your file server, the network handles figuring out how to get there.

Think of your IP address using the syntax xxx.xxx.xxx.yyy — where xxx.xxx.xxx defines your subnet (what "room" you're in), and yyy is your specific address within that room. Anyone in the same room — anyone on the same subnet — can talk to anyone else in the room directly.

The Subnet: Your Room

Imagine you're standing in a room made up of 1×1 tiles. Each tile fits one device, one IP address. The most common rooms are 255 tiles large (a /24 subnet). Your subnet mask defines the room size — 255.255.255.0 means a 255-tile room; 255.255.254.0 means 511 tiles.

The short notation you'll see: 192.168.1.0/24 means the subnet 192.168.1.x with 255 addresses. Until you've memorized the /23, /24, /28 stuff, use a subnet calculator — even people who've been doing this for years do.

DHCP: The New Guy Gets a Name Tag

DHCP — Dynamic Host Configuration Protocol — is how a device automatically gets an IP address when it joins the network. Think of it as the room manager. When a new device plugs in (Layer 1 physical connection established), the DHCP server sees "Oh, someone new just walked in the room," walks over, and says: "Hey new guy, here's a name tag — your IP is 192.168.1.118."

DHCP assigns more than just your IP: it also tells you the subnet mask, the gateway address (the router — the bouncer at the door who manages traffic to other rooms), and the address of a DNS server.

When your iPhone joins home WiFi, the DHCP server on your router assigns a local IP. When your modem connects to the ISP, their DHCP server assigns your public IP. Two different DHCP servers, two different "rooms."

DNS: The Phone Book

The Domain Name System translates names into numbers — rsystems.nyc into the IP address your browser actually connects to. It's like a phone book, or more specifically, a network of people each holding a phone book.

When you ask your DNS server "Where is rsystems.nyc?" it looks in its own records. If it doesn't know, it asks another DNS server. If that one doesn't know, it works up the hierarchy until it finds the answer and returns it.

Your local DNS server knows your internal resources (server.yourcompany.com = 192.168.1.10). For everything else, it asks upstream.

MAC Addresses and ARP

A MAC address is the hardware identifier burned into every network interface at manufacture. Where IP addresses are logical (assignable, changeable), MAC addresses are physical (98:e0:d9:8f:65:b1 — fixed to that hardware).

ARP (Address Resolution Protocol) is how one device on a network finds the device with a given IP. It works like this: a device needs to reach 192.168.1.50, so it broadcasts to the room: "Hey everyone — who is 192.168.1.50?" The device with that IP responds: "That's me — my MAC is 98:e0:d9:8f:65:b1." Everyone else ignores the question. IP addresses can change; MAC addresses don't — ARP bridges between them.

The Key Devices

The Switch

The switch is the physical connectivity layer — the device all wired devices plug into. Its job is to move data frames between devices on the same network, using MAC addresses to make forwarding decisions.

What you get as you spend more:

• More ports and higher port speeds (1G → 10G → 25G)
• Larger PoE budgets (for APs, cameras, phones)
• Management features: VLANs, link aggregation, QoS
• Redundant power supplies and fans
• Stacking capability

Consumer ($50–$500): No VLANs, limited visibility. Fine for a home or tiny office. Business ($500–$5,000): Fully managed, VLAN support, PoE. Cisco Business, Netgear Insight. Enterprise ($5,000+): Chassis-based, StackWise, redundant power. Cisco Catalyst 9300/9500 is the benchmark.

The Firewall

The firewall sits between your network and the internet, enforcing rules about what traffic is allowed. It provides NAT (how your private internal addresses appear as a single public IP), and in modern implementations, inspects traffic for threats.

What you get as you spend more: higher inspection throughput, more sophisticated threat intelligence, SSL inspection, HA redundancy options.

SMB ($200–$2,000): SonicWall TZ, Fortinet FortiGate 60F. Proper stateful inspection, VPN, basic IPS. Enterprise ($2,000+): SonicWall NSA/NSsp, Palo Alto. Full threat inspection at multi-gigabit speeds.

The Access Point

Access points bridge wired and wireless. They connect to your switch via ethernet and create the WiFi your devices connect to.

What you get as you spend more: better antenna design, more radio chains (2×2 vs 4×4 MIMO), capacity for more concurrent clients, and controller-managed roaming that prevents devices from clinging to distant APs.

VLANs

A VLAN creates a logical network segment on the same physical infrastructure. Common deployments:

• Corporate VLAN: laptops, servers — full internal access
• Guest WiFi VLAN: internet only, isolated from internal resources
• IoT VLAN: cameras, access control, building systems — isolated from everything
• VoIP VLAN: phone traffic with QoS priority

VLANs require managed switches and a firewall handling inter-VLAN routing. Without them, every device on your network can reach every other device — a real security problem in any environment with sensitive data.

Ports

When devices on a network communicate, they use ports — think of them like radio channels on a walkie-talkie. Port 80 is web traffic (HTTP). Port 443 is encrypted web (HTTPS). Port 22 is SSH. Port 548 is AFP file sharing. Ports let a single device run multiple services simultaneously, and let firewalls control which services are accessible from where.

Port forwarding is how you expose an internal service to the outside world: tell the firewall to forward all traffic arriving on port 80 to 192.168.1.214 (your internal web server). Without that rule, external traffic hits the firewall and has no idea who to talk to.

The Progression

Minimum viable network: one managed switch, one firewall, one access point. Proper small business network: managed switch stack, business-grade firewall, controller-managed APs, VLANs. Enterprise network: redundant switch chassis, HA firewall pair, enterprise APs, QoS, full monitoring.

The cost difference is redundancy (no single points of failure), inspection throughput (performance under load), and management granularity (visibility and control over what's actually happening).