As an online IT instructor for continuing adult education courses, I am often asked for advice from students who hold various first-level IT jobs such as help desk or PC technicians. My classes center upon network fundamentals, switch/router management and IT security, so students often ask me what skills they need to master in order to get to the next level. I have summarized some basic skills below that should be a part of anyone’s knowledge base who wants to pursue opportunities in the networking field.

Basic Switch Management

Many aspiring entrants into the networking field often want to learn about routers, but a mastery of switch management is far more beneficial for entry-level network professionals. The fact is that the majority of network technicians work with switches to a much greater degree than routers. For one thing, an organization has a lot more switches. For instance, a school system that I manage has over 400 switches that reside within its infrastructure and only 25 routers. For many medium and large enterprises, router configuration and management is reserved to a small dedicated team of router technicians. No organization is going to trust their router topology to an entry-level technician just because they obtained a CCNA certification. Be familiar with basic switch commands for the most popular switch manufacturers such as Cisco, HP/Aruba and Brocade. You should be familiar with importance of core switches and layer 3 switches as well.


A large facet of switch management today is the configuration and deployment of VLANs. A VLAN is a virtual local area network comprised of a group of devices on one or more LANs. The devices within a designated VLAN are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical rather than physical connections, they are far more flexible than traditional network segments created by physical router interfaces. A VLAN is first created on a switch and allocated a name and IP address, and multiple VLANs can be created on a single switch. Ports are then assigned to the desired VLAN.

One of the primary purposes of VLANs is to isolate and prioritize traffic within the network. For instance, if a company utilizes a Voice-over-IP (VoIP) phone system, it would create a VLAN to isolate and prioritize that traffic from the rest of the network traffic in order to ensure that phone conversations are properly streamed and uninterrupted. Another purpose of deploying VLANs is for security. Because VLANs can traverse multiple physical sites, a VLAN called HR could be created and assigned to any ports located on switches at any site within the enterprise that service devices used by HR personnel. This would ensure that only those selected devices could access HR resources. (To learn more about VoIP, see VoIP - Backdoor to Your Network?)

Collision Domains and Broadcast Domains

Ethernet is a contention-based network, which basically means that devices must compete for network access because only one device can access the network at once within a collision domain. A collision domain is a network area where frames originate and collide. A hub is a classic example of one single collision domain. A switch, on the other hand, has a collision domain for every port. This is one of the key reasons why hubs were abandoned years ago in favor of switches, because of the increased performance level. The more switches you have in your network, the more ports, and thus the more collision domains. A broadcast domain is the area of a network in which a broadcast can freely penetrate. A collection of interconnected switches forms a single broadcast domain. The only things that can stop broadcasts are routers and VLANs. A small network may only be comprised of one broadcast domain. Larger domains usually create a separate broadcast domain for each physical site and VLAN.

Basic IP Configuration Knowledge

Whether it is the internet or simple SOHO network, the TCP/IP is the protocol suite that keeps everything connected and communicating. It is imperative to have a foundation of IP addressing. The critical devices within a network infrastructure such as servers, routers, security appliances and switches require static IP addresses. You need to know what I call “The Big 3,” which are IP address, subnet mask and default gateway. The default gateway is the IP address of the default router that will service IP requests that reside outside of the broadcast domain. You can determine the big 3 of any Windows device by typing the command IPCONFIG from a command prompt. In most cases, user devices will be configured to receive the IP assignments from a DHCP server, which stands for Dynamic Host Control Protocol. Configuring a DHCP server to deploy IP addresses is a scalable method to deliver IP addresses to what could be thousands of devices. Besides the big 3, every device needs the IP address of at least one DNS server or Domain Name Server. The purpose of DNS is to resolve the IP addresses of host names.

Testing for Connectivity Issues

Let’s pretend that Betty calls the help desk and complains that she cannot access the internal company portal site. How do you go about solving this? There are a hundred reasons why Betty’s computer might not access the site. Her NIC may have failed, she may not have an IP address, the web server may be down, a switch located in the route between the two could be down. There may also be a problem with Betty’s web browser or the web files on the server may have been deleted. You need to eliminate as many culprits as quickly as possible in order to zone in on the problem.

This is the power of the PING command. Just as a submarine sends a sonar blip outward to identify objects near it, the PING command confirms connectivity between two devices. All of these problems fall into two categories: connectivity issues and software issues. Connectivity issues are far easier to troubleshoot and solve, so you want to confirm or eliminate connectivity at the beginning. If you can successfully ping the web server from Betty’s device, it will confirm that all aspects of the route are operational, and then the focus needs to be on Betty’s browser or the server software. If the PING is unsuccessful, then the technician needs to ping other targets along the way. The technician could first try and ping the IP address of Betty’s computer, which would confirm that the NIC is operational. Next the local switch and router would be pinged, and on the process would go until the problem is identified. The PING command is network technician’s best friend.

Firewall and NAT

If a local network has internet access, then it has some type of router or firewall providing NAT and basic firewall security. Most organizations utilize a multifunctional firewall appliance that is referred to as a UTM device or unified threat management. These devices can serve as a router to route packets between the private LAN and the public internet. It also serves as a perimeter firewall to block unauthorized traffic from entering or leaving the network. Network address translation or NAT translates non-routable, private, internal addresses into routable, public addresses. NAT has an added benefit of adding a degree of privacy and security to a network because it hides internal IP addresses from outside networks, as every packet that leaves the network is assigned the same public IP address. This address is usually the external IP of the firewall appliance. (To learn more about networking, see The 4 Most Confusing Concepts in Networking Explained.)

Final Note

The two most popular network certifications to obtain are CompTIA Net+ and Cisco CCNA Routing and Switching. My advice is to skip the Net+ certification and focus on the CCNA exclusively, as it covers many of the basic networking concepts as Net+ but teaches valuable skills in the art of managing Cisco switches and routers.