Key Facts About Local Area Networks

Key Facts About Local Area Networks


A Local Area Network is a network infrastructure that spans a small geographical area. LANs have specific characteristics:

  • LANs interconnect end devices in a limited area such as a home, school, office building, or campus.
  • A LAN is usually administered by a single organization or individual. Administrative control is enforced at the network level and governs the security and access control policies.
  • LANs provide high-speed bandwidth to internal end devices and intermediary devices, as shown in the figure.
The diagram is an illustration of a LAN. At the centre of the diagram is a switch. There are four Ethernet connections on the switch. At the top left is a connection to a PC. Below that is a connection to the computer at the desk of a worker.
Below that is another connection to the computer at the desk of a worker. At the bottom left is a connection to an IP phone. To the right of the switch is a connection to a server. The text under the figure reads: a network serving a home, small building, or a small campus is considered a LAN.
The figure shows a WAN which interconnects two LANs. A WAN is a network infrastructure that spans a wide geographical area. WANs are typically managed by service providers (SPs) or Internet Service Providers (ISPs).
WANs have specific characteristics:
  • WANs interconnect LANs over wide geographical areas such as between cities, states, provinces, countries, or continents.
  • WANs are usually administered by multiple service providers.
  • WANs typically provide slower speed links between LANs.
The figure shows two branch LANs connected via a WAN link. Both LANs are highlighted in a light yellow box and consist of a central switch connected to three PCs, an IP phone, a server, and a router. The two routers are connected via a red WAN link. On the left is the branch 1 LAN and on the right is branch 2 LAN.

Zone-Based Policy Firewall

Zone-based policy firewalls (ZPFs) use the concept of zones to provide additional flexibility. A zone is a group of one or more interfaces that have similar functions or features. Zones help you specify where a Cisco IOS firewall rule or policy should be applied.
In the figure, security policies for LAN 1 and LAN 2 are similar and can be grouped into a zone for firewall configurations. By default, the traffic between interfaces in the same zone is not subject to any policy and passes freely. However, all zone-to-zone traffic is blocked. In order to permit traffic between zones, a policy allowing or inspecting traffic must be configured.
The only exception to this default deny any policy is the router self zone. The self zone is the router itself and includes all the router interface IP addresses. Policy configurations that include the self zone would apply to traffic destined to and sourced from the router. By default, there is no policy for this type of traffic. Traffic that should be considered when designing a policy for the self zone includes management plane and control plane traffic, such as SSH, SNMP, and routing protocols.

Common Security Architectures

Firewall design is primarily about device interfaces permitting or denying traffic based on the source, the destination, and the type of traffic. Some designs are as simple as designating an outside network and inside network, which are determined by two interfaces on a firewall.
Here are three common firewall designs.
Private and Public
Demilitarized Zone
Zone-Based Policy Firewalls
As shown in the figure, the public network (or outside network) is untrusted, and the private network (or inside network) is trusted.
Typically, a firewall with two interfaces is configured as follows:

  • Traffic originating from the private network is permitted and inspected as it travels toward the public network. Inspected traffic returning from the public network and associated with traffic that originated from the private network is permitted.
  • Traffic originating from the public network and travelling to the private network is generally blocked.
The private and public figure shows a cloud within a circle labelled public (untrusted). The cloud connects to a firewall via s 0 / 0 / 0. The g 0 / 0 firewall port connects to a circled labelled VLAN 1 private (trusted) that has a server and two pc’s on it. There is an arrow going from the private circle to the public circle with h t t p, SMTP, and d n s on it. There is another arrow going from the public circle to the private circle with the words no access.
Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your trainingYou can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

NHS Header

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.


Fact Check Policy

CRMNUGGETS is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.


Fact Check Policy

Related posts:


Adeniyi Salau

Adeniyi Salau is a highly dedicated and committed Blogger of repute. He likes sharing his IT knowledge with others. My desire is to impact as many lives as possible with my IT skills. You can download my mobile APP. Download the ICTLOAD APP on Google Playstore. Thanks.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button