The old model of a single computer serving all of an organization's computational needs has in many instances been replaced by one in which a number of separate but interconnected computers provide similar functionality. Such interconnected systems are referred to as computer networks. One benefit of the computer network is it allows resource sharing, such as making a particular piece of equipment including its programs and data available to anyone that is connected to the network, without regard to the physical location of the resource and the user. A network may also provide high reliability, by having alternative sources of supply. For example, files could be replicated on two or more machines, so if one of them is unavailable due to a failure, the other copies could be used. When the computers of a network are typically located in a single room, building or campus, the network is referred to as a local area network (LAN). With advances in network technology, LANs can span multiple geographies, thereby earning the name Virtual LAN or VLAN for short. The terms LAN and VLAN are practically interchangeable. End user computers are connected to LANs via passive devices commonly referred to as Telecommunication Outlets (TOs). TOs are typically pre-wired to network equipment, the latter being stored in network closets or data centers for security purposes. With the end user connection to the TO, the physical connection to a network is now established, and through VLAN technology (software), the end user computer can be placed in different LANs without physically rewiring the network. This is in contrast with a wide area network (WAN) that is also referred to as a long haul network spanning multiple cities, countries, or continents.
To reduce their design complexity, most networks are organized as a series of layers or levels, each one built upon its predecessor. The purpose of each layer is to offer certain services to the higher layers, shielding those layers from the details of how the offered services are actually implemented. Layer N on one machine carries a conversation with layer N on another machine across a network. Rules and conventions used in this conversation may be known as the layer N protocol. Peer processes, in the same layer but in different machines, communicate with each other through the lower layers of the network, using their common layer protocol.
A popular network model is the Transmission Control Protocol/Internet Protocol (TCP/IP) reference model. This model defines four layers, beginning at the lowest layer, the physical layer, followed by data link layer, the network layer and the transport layer. The physical layer is concerned with transmitting raw bits over a communication channel. While the physical layer merely accepts and transmits a stream of bits without regard to meaning or structure (electrical signals), the data link layer is to create and recognize frame or packet boundaries (like Ethernet, Token Ring, and Asynchronous Transfer Mode or ATM). A computer uses a network interface controller or card (NIC) to connect to a network.
A medium access control (MAC) sublayer has been defined, as a sublayer of the data link layer. The MAC sublayer defines how two nodes may communicate with each other over a broadcast channel of the network. When node A wishes to send a packet to node B in the same LAN, a frame is generated by the network interface of node A that includes in addition to the payload data (received from the higher layers in node A) a destination MAC address, and a source MAC address. This ensures that the nodes A and B can send and receive frames from and to each other.
To send a packet from one network to a different network, each end node may require a MAC address (such as an Ethernet Address) and a network layer address (such as the Internet Protocol Address or IP Address) that identifies the end node in the network it is connected. Thus, a piece of equipment that is connected to a network and that is to also be accessible from a different network, will be assigned not only a MAC address to identify itself within its local network, but also a network layer address such as an Internet protocol address (IP) address that allows inter-network communications.
Network security deals with how to prevent unauthorized computer access to a network. Typically, once a device has been attached to a network (either by a wired or wireless link), it is treated as an authenticated member of the network and may be authorized to access most, if not all, resources that are in that network. Security protocols have been devised to ensure that only authorized devices can connect to a network. For example, the IEEE 802.1x security protocol is used to identify and authenticate a device (and its user) to connect to a network. See Institute of Electrical and Electronics Engineers, IEEE Standard 802.1x, Jun. 14, 2001 (http://standards.ieee.org). Typically, the 802.1x network software may be running in a switch that is at the edge of the network, and also requires that the appropriate software components be present in every member device that is to be connected to the network.
Although the IEEE 802.1× protocol allows wireless members, such as notebook/laptop computers, to easily roam, from being connected to one wireless network to being connected to another, all the while permitting the user to access the different networks without additional login or authentication procedures, the protocol is not supported by many older network equipment and member devices connected to a network (also referred to as legacy networks).