OSI Layer Functions – All 7 Layers Explained with Protocols, Devices, and Examples

1. What Is the OSI Model?

The OSI (Open Systems Interconnection) model is a conceptual framework developed by the International Organization for Standardization (ISO) in 1984 that divides network communication into seven distinct layers. Each layer has a specific function, communicates only with the layers directly above and below it, and hands off a well-defined unit of data (a PDU — Protocol Data Unit) to the next layer.

The OSI model does not describe any specific protocol or implementation — it is an abstract reference framework used for network design, vendor interoperability, certification exams, and most importantly, troubleshooting. When a network problem occurs, the OSI model provides a structured top-down or bottom-up methodology to isolate which layer is failing.

  Layer 7 │ Application   │ Data          │ HTTP, FTP, SMTP, DNS, DHCP
  Layer 6 │ Presentation  │ Data          │ TLS/SSL, JPEG, ASCII, MPEG
  Layer 5 │ Session       │ Data          │ NetBIOS, RPC, PPTP
  Layer 4 │ Transport     │ Segment       │ TCP, UDP
  Layer 3 │ Network       │ Packet        │ IP, ICMP, OSPF, EIGRP
  Layer 2 │ Data Link     │ Frame         │ Ethernet, Wi-Fi (802.11), PPP
  Layer 1 │ Physical      │ Bits          │ Cables, hubs, repeaters, radio

Mnemonic (top to bottom): All People Seem To Need Data Processing
Mnemonic (bottom to top): Please Do Not Throw Sausage Pizza Away

2. Layer 1 — Physical Layer

PDU: Bits | Devices: Hubs, repeaters, cables, NICs (physical signalling)

The Physical Layer is responsible for the actual transmission and reception of raw binary data over a physical medium. It defines everything about how bits are converted into signals and transported across the medium — voltages, timing, connector shapes, cable specifications, and modulation schemes. It has no awareness of what the bits mean — it simply moves them from one end to the other.

Function	Detail
Bit transmission	Converts binary 0s and 1s into electrical voltages (copper), light pulses (fibre), or radio waves (wireless) and back again
Physical media specification	Defines cable types (UTP Cat5e/Cat6, coaxial, fibre optic), connector types (RJ45, LC, SC), and maximum distances
Signal encoding	Encodes bit patterns into waveforms: NRZ (Non-Return to Zero), Manchester encoding (used in 10BASE-T), 4B/5B, 8B/10B
Modulation	Wireless uses QAM (Quadrature Amplitude Modulation), OFDM; DSL uses DMT (Discrete Multi-Tone)
Topology & interface	Defines physical topology (star, bus, ring), pin layouts, voltages, and timing (bit rate / baud rate)
Duplex	Specifies half-duplex (one direction at a time) or full-duplex (simultaneous bidirectional) capability of the physical medium

Key protocols / standards: IEEE 802.3 (Ethernet physical), IEEE 802.11 (Wi-Fi physical), USB, SONET/SDH, DSL, RS-232.

Devices operating at Layer 1: Interfaces, repeaters, cables, connectors, NICs (physical layer portion), media converters, transceivers (SFP modules).

Troubleshooting at Layer 1: Disconnected or damaged cables, incorrect cable type (straight-through vs crossover), speed/duplex mismatch, signal attenuation over long runs, faulty SFP transceiver, interference (EMI on copper, dirty connector on fibre). See also: Cable Testing Tools | End-to-End Troubleshooting

3. Layer 2 — Data Link Layer

PDU: Frame | Devices: Switches, bridges, wireless access points

The Data Link Layer provides node-to-node delivery of data frames across a single physical link. It is responsible for packaging raw bits from Layer 1 into structured frames, addressing them with hardware (MAC) addresses, detecting transmission errors, and controlling which device on a shared medium may transmit at any given time.

Two IEEE 802 Sublayers

Sublayer	Full Name	Responsibility
LLC	Logical Link Control (IEEE 802.2)	Interface between Layer 2 and Layer 3; identifies which Network Layer protocol is carried (IP, IPv6, ARP); flow control and error notification to upper layers
MAC	Media Access Control	Hardware addressing (MAC addresses); frame assembly/disassembly; media access control (CSMA/CD for Ethernet, CSMA/CA for Wi-Fi); error detection via FCS/CRC

Key Functions

Function	Detail
Framing	Encapsulates the Network Layer packet into a frame by adding a header (destination MAC, source MAC, EtherType) and a trailer (FCS/CRC for error detection)
MAC addressing	48-bit hardware addresses burned into NICs; used only for local delivery — changed at every router hop
Error detection	Frame Check Sequence (FCS) using CRC-32; detects bit errors introduced by the physical medium — corrupted frames are dropped
Media access control	CSMA/CD (Ethernet — half-duplex), CSMA/CA (Wi-Fi); determines which device may transmit when the medium is shared
Flow control	Prevents a fast sender from overwhelming a slow receiver at the link level (distinct from Transport Layer flow control)

Key protocols: Ethernet (IEEE 802.3), Wi-Fi (IEEE 802.11), PPP, HDLC, 802.1Q VLAN tagging, STP (802.1D).

Devices: Switches, bridges/VLANs, wireless access points.

Troubleshooting at Layer 2: MAC table issues, broadcast storms, STP loops, VLAN mismatches, duplex mismatches, CRC errors. See: MAC Address Table | Troubleshooting Layer 2 / VLANs

4. Layer 3 — Network Layer

PDU: Packet | Devices: Routers, Layer 3 switches, firewalls

The Network Layer provides end-to-end logical addressing and routing of packets across multiple networks. While the Data Link Layer handles delivery on a single link, the Network Layer handles delivery from any source to any destination across an arbitrary number of intermediate networks.

Function	Detail
Logical addressing	Assigns hierarchical IP addresses (IPv4 32-bit, IPv6 128-bit) that remain constant end-to-end — unlike MAC addresses which change at each hop
Routing	Routers use routing tables (built by static config or dynamic protocols: OSPF, EIGRP, BGP, RIP) to determine the best path to the destination
Packet forwarding	Moves packets hop-by-hop toward the destination; at each hop the Layer 2 frame is removed and a new one is built for the next link
Fragmentation / Reassembly	IPv4 routers may fragment oversized packets to fit the MTU of the next link; the destination host reassembles them. IPv6 does not allow router fragmentation — Path MTU Discovery is used instead.
Error reporting	ICMP (IPv4) and ICMPv6 (IPv6) report delivery failures, TTL expiry, and unreachable destinations back to the source

Key protocols: IPv4, IPv6, ICMP, ICMPv6, OSPF, EIGRP, RIP, BGP, ARP (resolves Layer 3 to Layer 2).

Devices: Routers, Layer 3 switches, firewalls.

Troubleshooting at Layer 3: Wrong IP address / subnet mask, missing or incorrect default gateway, routing table errors, ACL blocks. See: show ip route | ACLs | Troubleshooting Layer 3 Routing

5. Layer 4 — Transport Layer

PDU: Segment (TCP) / Datagram (UDP) | Devices: Firewalls, load balancers (port-aware)

The Transport Layer provides end-to-end communication services between processes running on different hosts. It is the layer that applications talk to — they do not care how the data travels across the network, only that it arrives correctly and in order (TCP) or quickly without connection overhead (UDP).

TCP vs UDP — The Core Comparison

Feature	TCP (Transmission Control Protocol)	UDP (User Datagram Protocol)
Connection	Connection-oriented — 3-way handshake (SYN, SYN-ACK, ACK) before data transfer	Connectionless — no handshake; just send
Reliability	Guaranteed delivery — ACKs confirm receipt; lost segments are retransmitted	Best-effort — no acknowledgements, no retransmission
Ordering	Sequence numbers ensure correct reassembly order	No sequencing — application handles order if needed
Flow control	Sliding window — receiver advertises how much data it can accept; sender cannot exceed the window	None
Congestion control	Slow start, congestion avoidance, fast retransmit, fast recovery	None — application responsible
Overhead	Higher — 20-byte minimum header, state maintained per connection	Lower — 8-byte header, stateless
Typical use	HTTP/HTTPS, SSH, FTP, SMTP, file transfers — any application where data integrity is critical	DNS, DHCP, SNMP, streaming video/audio, VoIP, online gaming — where speed matters more than guaranteed delivery

Other Layer 4 Functions

Function	Detail
Port numbers	Identifies the application process on each host. Well-known ports: HTTP=80, HTTPS=443, SSH=22, FTP=21, DNS=53, SMTP=25, DHCP=67/68. Combined with IP address to form a socket.
Multiplexing / Demultiplexing	Port numbers allow multiple simultaneous application sessions to share a single IP address — the Transport Layer demultiplexes arriving segments to the correct process
Segmentation / Reassembly	Large application messages are split into smaller segments sized to fit the network's MSS (Maximum Segment Size); the destination reassembles them in sequence number order

Troubleshooting at Layer 4: Port blocked by firewall/ACL, TCP session not establishing, retransmissions causing slow throughput, window size too small. See: Ports Reference | ACLs | ACLs Overview

6. Layer 5 — Session Layer

PDU: Data | Devices: Application servers (session management is software)

The Session Layer manages the establishment, maintenance, and orderly termination of sessions between two communicating applications. A session is a logical, persistent dialogue between two processes — longer-lived than a single TCP connection and independent of the underlying transport.

Function	Detail
Session establishment	Negotiates and creates a session between two application processes, authenticating participants if required
Session maintenance	Keeps the session alive, handles re-synchronisation after a disruption, and manages dialog direction (simplex, half-duplex, full-duplex at the application level)
Session termination	Closes sessions gracefully when communication is complete, releasing resources cleanly on both sides
Checkpoints / Synchronisation	Inserts synchronisation points into long data streams so that if a failure occurs, transfer can resume from the last checkpoint rather than starting over

Protocols with Session Layer characteristics: NetBIOS, RPC (Remote Procedure Call), PPTP, SIP (Session Initiation Protocol — VoIP), H.323.

Important CCNA note: In the real-world TCP/IP stack, the Session, Presentation, and Application layers are all collapsed into a single Application layer. The OSI distinction between them is conceptual and used for classification and exam questions — not as a strict implementation boundary. For example, TLS could be argued to sit at Layer 5, 6, or 7 depending on context.

7. Layer 6 — Presentation Layer

PDU: Data | Devices: Software / protocol libraries (no dedicated hardware)

The Presentation Layer acts as the data translator between the network and the application. It ensures that data sent by one application can be understood by a different application running on a different system, regardless of internal data representation.

Function	Detail
Data translation / format conversion	Converts between character encoding formats: ASCII, EBCDIC, Unicode (UTF-8/UTF-16); handles big-endian vs little-endian byte ordering between different architectures
Encryption / Decryption	TLS/SSL encrypts application data before transmission and decrypts it on receipt. This is why HTTPS shows a padlock — TLS operates at this layer (though in TCP/IP it is handled within the Application layer implementation)
Compression / Decompression	Reduces data size before transmission to improve throughput: JPEG (images), MPEG/H.264 (video), MP3 (audio), gzip (web content)
Data serialisation	Converts complex application objects (databases, XML, JSON) into a flat byte stream for transmission and back again — used heavily in REST APIs and web services

Standards / formats at Layer 6: ASCII, Unicode, JPEG, GIF, PNG, MPEG, MP3, SSL/TLS, XDR (External Data Representation), MIME.

See: HTTP & HTTPS | SSH | IPsec

8. Layer 7 — Application Layer

PDU: Data | Devices: Servers, clients, application-aware firewalls, load balancers

The Application Layer is the topmost layer — the interface between the network stack and the end-user software. It does not refer to the applications themselves (a web browser, an email client) but to the network protocols and services those applications use to communicate. This is the layer where most protocols you interact with daily operate.

Protocol / Service	Port(s)	Purpose	More Info
HTTP / HTTPS	80 / 443	Web browsing — client requests resources from a web server	HTTP & HTTPS
DNS	53 (UDP/TCP)	Resolves hostnames to IP addresses	How DNS Works
DHCP	67/68 (UDP)	Automatically assigns IP addresses, subnet masks, gateways, and DNS to hosts	How DHCP Works
FTP / SFTP	21 / 22	File transfer between client and server	FTP Guide
SMTP	25 / 587	Sending email from client to server and server to server	SMTP
SSH	22	Secure remote CLI access to routers, switches, and servers	SSH Guide
Telnet	23	Legacy unencrypted remote CLI — replaced by SSH in all production environments	Telnet
SNMP	161/162 (UDP)	Network device monitoring, management, and trap notification	SNMP/Syslog
NTP	123 (UDP)	Synchronises clocks across network devices	NTP Sync

Troubleshooting at Layer 7: Application not responding, DNS name resolution failures, DHCP not assigning addresses, SSH authentication errors. See: How DNS Works | How DHCP Works

9. Encapsulation and Decapsulation

Encapsulation is the process of adding layer-specific headers (and in some cases trailers) to data as it passes down the OSI stack on the sending host. Decapsulation is the reverse — each layer strips its own header as data moves up the stack on the receiving host.

  SENDER — data moves DOWN the stack (encapsulation)
  ───────────────────────────────────────────────────────────────────
  Layer 7 Application:   [ DATA                              ]
  Layer 4 Transport:     [ TCP Header | DATA                 ]  ← Segment
  Layer 3 Network:       [ IP Header  | TCP Hdr | DATA       ]  ← Packet
  Layer 2 Data Link:     [ ETH Hdr | IP Hdr | TCP Hdr | DATA | FCS ]  ← Frame
  Layer 1 Physical:      10101100 11001010 ...  (raw bits on medium)

  RECEIVER — data moves UP the stack (decapsulation)
  ───────────────────────────────────────────────────────────────────
  Layer 1:  Receive bits → reassemble into frame
  Layer 2:  Check FCS → strip Ethernet header/trailer → pass packet up
  Layer 3:  Check destination IP → strip IP header → pass segment up
  Layer 4:  Check port, reassemble segments → strip TCP header → pass data up
  Layer 7:  Application receives original data

At Layer 2 the encapsulated unit is called a frame and includes a trailer (FCS) as well as a header — the only PDU with both. At each router hop, the Layer 2 frame is completely removed and rebuilt for the next link (new source and destination MAC addresses), while the Layer 3 packet passes through unchanged (except TTL decrement).

10. OSI vs TCP/IP Model Mapping

The TCP/IP model (also called the Internet model) is the practical protocol suite that powers the modern internet. It has four layers that map onto the seven OSI layers. Understanding the mapping is essential for the CCNA because exam questions use both models interchangeably.

OSI Layer	OSI Name	TCP/IP Layer	PDU	Key Protocols / Standards
7	Application	Application	Data	HTTP, HTTPS, FTP, SMTP, DNS, DHCP, SSH, Telnet, SNMP, NTP
6	Presentation			TLS/SSL, JPEG, MPEG, ASCII, Unicode, MIME
5	Session			NetBIOS, RPC, SIP, PPTP
4	Transport	Transport	Segment / Datagram	TCP, UDP
3	Network	Internet	Packet	IPv4, IPv6, ICMP, ARP, OSPF, EIGRP, BGP, RIP
2	Data Link	Network Access (Link)	Frame	Ethernet, 802.11 Wi-Fi, PPP, HDLC, 802.1Q, STP
1	Physical	Network Access (Link)	Bits	UTP, fibre optic, coaxial, radio, RJ45, LC, SC

See: Common Port Numbers

11. Devices and the OSI Layers They Operate At

Device	OSI Layer(s)	What It Does	More Info
Hub / Repeater	Layer 1	Regenerates electrical signals; no addressing awareness; broadcasts to all ports	Hub/Interface Guide
Switch / Bridge	Layer 2	Forwards frames based on MAC addresses; maintains CAM table; isolates collision domains	Switch/MAC Table
Wireless Access Point	Layer 1 & 2	Converts between wired Ethernet and 802.11 wireless frames; manages CSMA/CA and association	APs & WLC
Router	Layer 3	Forwards packets based on destination IP; separates broadcast domains; connects different networks	Router/Routing
Layer 3 Switch	Layer 2 & 3	Switches frames at Layer 2 (hardware ASIC) and routes packets at Layer 3 — combines both functions in one device	L3 Switch
Firewall	Layer 3–7	Inspects and filters traffic based on IP, port, and application — NGFW operates up to Layer 7	ACL/Firewall
IDS / IPS	Layer 4–7	Inspects packet contents for attack signatures; IPS can actively block malicious traffic	ACL/IPS

12. Troubleshooting Using the OSI Model

The OSI model's greatest practical value is as a structured troubleshooting framework. Two standard approaches exist — always document what you find at each layer before moving on.

Approach	Direction	Best Used When
Bottom-Up	Start at Layer 1 (cable) and work up to Layer 7	Complete loss of connectivity — no ping, no link lights; suspect a physical problem
Top-Down	Start at Layer 7 (application) and work down to Layer 1	Specific application not working but other apps or pings succeed; suspect a port/firewall/DNS issue
Divide and Conquer	Start in the middle (Layer 3/4 — ping, port test) and work in the appropriate direction based on the result	When you have some information about where the problem is and want to narrow quickly

Common Symptoms Mapped to OSI Layers

Symptom	Likely Layer	First Check
No link light on NIC or switch port	Layer 1	Cable, SFP, port shutdown
High CRC / input error counters on interface	Layer 1–2	Faulty cable, duplex mismatch, bad NIC
Devices on same switch cannot communicate	Layer 2	VLAN mismatch, STP blocking, MAC table issue
Can ping gateway but not remote hosts	Layer 3	Routing table, missing route, ACL
Ping works but specific application fails	Layer 4	Port blocked by firewall/ACL, service not listening
Website loads with IP but not hostname	Layer 7	DNS resolution failure
Login credentials rejected	Layer 7 (or 5)	Application auth issue, certificate problem

See: End-to-End Troubleshooting | Troubleshooting Layer 2 | Troubleshooting Layer 3 | End-to-End Troubleshooting Scenario

13. End-to-End Data Flow Scenario

John opens a browser on his laptop and navigates to https://netstuts.com. Here is exactly what happens at each OSI layer on his machine, across the network, and on the web server.

  ── JOHN'S LAPTOP (Sender) — Encapsulation ─────────────────────────

  Layer 7 Application:
    Browser generates an HTTP GET request for https://netstuts.com
    DNS resolves "netstuts.com" → 203.0.113.50  (Layer 7 → Layer 3)

  Layer 6 Presentation:
    TLS handshake negotiated; browser encrypts the HTTP request
    Data is now an opaque TLS record

  Layer 5 Session:
    TLS session established; session state maintained for the
    duration of the HTTPS connection

  Layer 4 Transport:
    TCP 3-way handshake to 203.0.113.50 port 443
    HTTP request segmented; sequence numbers assigned
    PDU: TCP Segment [ Src Port: 52341 | Dst Port: 443 | SEQ | Data ]

  Layer 3 Network:
    IP header added; TTL set to 128
    PDU: IP Packet [ Src: 192.168.1.100 | Dst: 203.0.113.50 | Segment ]

  Layer 2 Data Link:
    ARP resolves gateway IP (192.168.1.1) to MAC AA:BB:CC:DD:EE:FF
    Ethernet frame built
    PDU: Frame [ Dst MAC: AA:BB:CC:DD:EE | Src MAC: 00:0C:29:4B:A8:E3 | Packet | FCS ]

  Layer 1 Physical:
    Frame converted to electrical signals on Cat6 UTP → sent to switch

  ── NETWORK PATH ────────────────────────────────────────────────────

  Switch (Layer 2): Forwards frame to router port (MAC table lookup)

  Router (Layer 3): Strips Layer 2 frame, decrements TTL,
    looks up 203.0.113.50 in routing table, builds new Layer 2 frame
    for next hop toward the internet → repeats at each hop

  ── WEB SERVER (Receiver) — Decapsulation ──────────────────────────

  Layer 1: Receives bits → assembles frame
  Layer 2: Checks FCS → strips Ethernet header → passes packet up
  Layer 3: Checks destination IP (matches) → strips IP header → passes up
  Layer 4: Checks port 443 → reassembles segments → strips TCP header
  Layer 5: TLS session recognised
  Layer 6: TLS decrypts the payload → original HTTP GET exposed
  Layer 7: Web server processes GET request → returns HTTP 200 with page

14. Exam Tips & Key Points

Know the mnemonic: top-down All People Seem To Need Data Processing; bottom-up Please Do Not Throw Sausage Pizza Away.
Know each layer's PDU name: Bits (L1), Frame (L2), Packet (L3), Segment/Datagram (L4), Data (L5–L7).
The Data Link frame is the only PDU with both a header and a trailer (the FCS/CRC).
MAC addresses change at every router hop; IP addresses remain the same end-to-end (unless NAT is involved).
TCP = reliable, connection-oriented, ordered (use for file transfer, web, SSH); UDP = fast, connectionless, best-effort (use for DNS, DHCP, VoIP, streaming).
The default gateway is a Layer 3 concept — required for communication beyond the local subnet.
In the TCP/IP model, OSI Layers 5, 6, and 7 are all mapped to a single Application layer.
ARP bridges Layer 2 and Layer 3 — it resolves an IP address to a MAC address on the local segment.
Scenario tip: "Which layer is responsible for error recovery?" → Layer 4 (TCP retransmission). "Which layer detects errors?" → Layer 2 (FCS/CRC) — but only detects; it drops the frame. TCP at Layer 4 performs the actual recovery.
For troubleshooting: always start with the physical layer (cable, link light) before investigating anything else. A broken cable looks identical to a routing problem until you check L1.

15. Summary Reference Table

Layer	Name	PDU	Key Functions	Devices	Protocols
7	Application	Data	Network services to apps, process-to-process comms	Servers, clients	HTTP, DNS, DHCP, FTP, SMTP, SSH, SNMP, NTP
6	Presentation	Data	Translation, encryption, compression	Software libraries	TLS/SSL, JPEG, MPEG, ASCII, Unicode
5	Session	Data	Session setup, maintenance, teardown, checkpoints	App servers	NetBIOS, RPC, SIP, PPTP
4	Transport	Segment / Datagram	End-to-end delivery, segmentation, flow control, ports	Firewalls, load balancers	TCP, UDP
3	Network	Packet	Logical addressing, routing, fragmentation, ICMP	Routers, L3 switches	IPv4, IPv6, ICMP, OSPF, EIGRP, BGP, RIP, ARP
2	Data Link	Frame	Framing, MAC addressing, error detection (FCS), media access	Switches, bridges, APs	Ethernet, 802.11, PPP, 802.1Q, STP
1	Physical	Bits	Bit transmission, signal encoding, media / connectors	Hubs, repeaters, cables, NICs	IEEE 802.3 (Ethernet), 802.11 (Wi-Fi), USB, SONET

OSI Layer Functions Quiz

1. What is the primary function of the Physical Layer (Layer 1)?

A. Error detection using CRC — that is the Data Link Layer's FCS function B. Logical addressing and routing — that is the Network Layer's function C. Transmission of raw bits over a physical medium — converting binary data into electrical, optical, or radio signals and defining cables, connectors, voltages, and encoding D. Managing sessions between applications — that is the Session Layer's function

Correct answer is C. The Physical Layer (Layer 1) is responsible solely for transmitting raw bits — it converts binary 0s and 1s into the appropriate physical signal for the medium (electrical voltage on copper UTP, light pulses on fibre optic, radio waves on wireless) and back again at the receiving end. It defines everything about the physical interface: cable types (Cat5e, Cat6, fibre), connectors (RJ45, LC), pin layouts, voltage levels, bit rate, signal encoding (Manchester, NRZ, 4B/5B), and duplex mode. It has no awareness of what those bits represent — that is handled by higher layers. Devices at Layer 1 include hubs, repeaters, and the physical signalling portion of NICs.

2. Which layer is responsible for framing, MAC addressing, and error detection using FCS?

A. Data Link Layer (Layer 2) — encapsulates packets into frames, adds source and destination MAC addresses, and appends an FCS trailer for error detection B. Network Layer (Layer 3) — handles IP addressing and routing, not framing C. Transport Layer (Layer 4) — handles segmentation and end-to-end reliability, not framing D. Presentation Layer (Layer 6) — handles data formatting, encryption, and compression

Correct answer is A. The Data Link Layer (Layer 2) takes the Network Layer packet and encapsulates it into a frame by adding a header containing the destination and source MAC addresses and an EtherType field, plus a trailer containing the FCS (Frame Check Sequence — a CRC-32 checksum). If the FCS computed on receipt does not match the transmitted value, the frame is silently discarded. Layer 2 also handles media access control (CSMA/CD for Ethernet, CSMA/CA for Wi-Fi). Layer 2 operates in two sublayers: LLC (identifies the upper-layer protocol) and MAC (addressing and access control). Switches and bridges are the primary Layer 2 devices.

3. A packet travels from a PC in New York to a server in London, passing through 12 routers. Which layer address remains unchanged throughout the journey, and which changes at every hop?

A. Both IP and MAC addresses remain unchanged end-to-end B. The IP address (Layer 3) remains the same source-to-destination; the MAC address (Layer 2) is replaced at every router hop with new source and destination MACs for the next link C. The MAC address remains unchanged end-to-end; the IP address changes at each router D. Both IP and MAC addresses change at every router hop

Correct answer is B. This is one of the most important distinctions in the CCNA curriculum. The IP address (Layer 3) is an end-to-end address — the source IP is always the PC's IP and the destination IP is always the server's IP throughout the entire journey across all 12 routers (unless NAT modifies them). The MAC address (Layer 2) is a hop-by-hop address — it only has meaning on the single physical link between two adjacent devices. At every router, the incoming Layer 2 frame is completely stripped (discarded), the router makes a Layer 3 routing decision based on the destination IP, then builds a brand-new frame for the next link with the router's own MAC as the new source and the next-hop device's MAC as the new destination.

4. Which Layer 4 protocol should be used for a VoIP call, and why?

A. TCP — because it guarantees delivery and ensures all audio packets arrive in order B. TCP — because its flow control prevents the network from being overwhelmed C. TCP — because its 3-way handshake provides better security for voice traffic D. UDP — because VoIP requires low latency and real-time delivery; retransmitting a lost packet would arrive too late to be useful, making TCP's reliability overhead counterproductive

Correct answer is D. VoIP uses UDP (typically via RTP — Real-time Transport Protocol over UDP) because real-time audio is latency-sensitive but not reliability-critical. A retransmitted audio packet that arrives 200ms late is useless — it would disrupt the conversation more than simply playing silence or interpolating from surrounding packets. TCP's retransmission, sequencing, and flow control mechanisms introduce variable delay (jitter) that is unacceptable for voice. UDP sends packets as fast as possible with minimal overhead (8-byte header vs TCP's 20-byte minimum) and lets the application handle any gaps. The same logic applies to live video streaming, online gaming, and DNS lookups — all use UDP. TCP is the right choice when every byte must arrive correctly: file transfers, web pages, SSH.

5. What is the primary role of the Session Layer, and how does it differ from the Transport Layer?

A. It encrypts and decrypts data — that is the Presentation Layer's role B. It frames data for transmission — that is the Data Link Layer's role C. It manages the establishment, maintenance, synchronisation, and orderly termination of application-level sessions — above the Transport Layer's end-to-end connection management D. It transmits raw bits over the physical medium

Correct answer is C. The Session Layer manages the logical conversation (session) between two application processes — it is responsible for opening the session, keeping it alive, inserting synchronisation checkpoints for long transfers (so resumption is possible after a failure), and closing it gracefully. The distinction from Layer 4: the Transport Layer manages a single TCP connection (segments, sequencing, ACKs), while the Session Layer manages a higher-level dialogue that may span multiple Transport Layer connections. In practice, the TCP/IP stack collapses Layers 5, 6, and 7 into a single Application layer — the Session Layer boundary is a conceptual/exam distinction. Protocols with clear session characteristics include SIP (VoIP call setup), NetBIOS, and RPC.

6. When a user visits an HTTPS website, which OSI layer is responsible for the encryption of the data in transit?

A. Presentation Layer (Layer 6) — TLS/SSL provides the encryption and decryption of application data, which is the Presentation Layer's function in the OSI model B. Transport Layer (Layer 4) — TCP handles connection establishment but not encryption C. Network Layer (Layer 3) — IP routing is unaffected by HTTPS encryption D. Session Layer (Layer 5) — manages session establishment but not encryption

Correct answer is A. In the OSI model, the Presentation Layer (Layer 6) is responsible for data translation, encryption/decryption, and compression. TLS (Transport Layer Security), which underpins HTTPS, encrypts the application payload before it leaves the host and decrypts it on receipt — this data transformation function maps to the Presentation Layer. Note that in the TCP/IP model's practical implementation, TLS operates within the Application layer (above TCP), so in real-world terms it spans what the OSI model calls Layers 5–7. The CCNA exam typically maps TLS/SSL to Layer 6 when asking about the OSI model specifically.

7. Which OSI layer does a web browser interact with to request a webpage, and what is the PDU at that layer called?

A. Data Link Layer — the PDU is called a frame B. Application Layer (Layer 7) — the PDU is called data; the browser uses HTTP/HTTPS to request resources from the web server C. Network Layer — the PDU is called a packet D. Physical Layer — the PDU is raw bits

Correct answer is B. The Application Layer (Layer 7) is the topmost OSI layer and the interface between the network stack and end-user software. A web browser uses the HTTP (port 80) or HTTPS (port 443) protocol — both Application Layer protocols — to send requests and receive responses from web servers. The PDU at Layers 5, 6, and 7 is generically called data. The Application Layer does not refer to the browser application itself, but to the network protocols it uses: HTTP, DNS, FTP, SMTP, DHCP, SSH, SNMP, NTP. The other options describe lower layers: Data Link (frame), Network (packet), Physical (bits).

8. What is encapsulation, and what happens to a Layer 2 Ethernet frame at every router hop?

A. Encapsulation is data encryption — the frame is encrypted at each router to protect it in transit B. Encapsulation is the physical transmission of bits — the frame passes through routers unchanged C. Encapsulation is packet fragmentation — routers split the frame into smaller pieces at each hop D. Encapsulation is adding headers (and trailers) at each layer as data moves down the stack; at every router hop the incoming Layer 2 frame is stripped entirely and a new one is built for the next link

Correct answer is D. Encapsulation is the process where each OSI layer adds its own header (and Layer 2 adds a trailer) to the data as it passes downward through the stack — Application data → TCP segment → IP packet → Ethernet frame → bits. At every router hop, the incoming Ethernet frame is completely decapsulated (the Layer 2 header and FCS trailer are discarded). The router examines the Layer 3 IP packet, makes a routing decision based on the destination IP address, decrements the TTL, and then re-encapsulates the packet into a brand-new Layer 2 frame appropriate for the next link — with the router's own MAC as the new source and the next-hop device's MAC as the new destination. The Layer 3 packet content is preserved intact through this process.

9. A network engineer notices high CRC error counts on a switch interface. Which OSI layer should they investigate first, and what are the likely causes?

A. Layers 1–2 — CRC errors indicate the FCS check is failing, meaning bit errors are occurring on the physical medium; likely causes are a faulty cable, dirty fibre connector, duplex mismatch, or a failing NIC B. Layer 3 — CRC errors are caused by incorrect IP addressing in the packet header C. Layer 4 — CRC errors result from TCP retransmissions overwhelming the interface D. Layer 7 — CRC errors are caused by application-level data corruption

Correct answer is A. CRC (Cyclic Redundancy Check) errors on a switch interface are detected by the Data Link Layer's FCS (Frame Check Sequence) mechanism — but the cause is almost always at Layer 1. The FCS is computed over the frame's bits; if any bits are corrupted in transit, the computed FCS at the receiver will not match the transmitted value, and the frame is counted as a CRC error and discarded. Common causes: damaged or low-quality cable; dirty or mis-seated fibre connector; cable exceeding maximum length; electromagnetic interference; speed/duplex mismatch (duplex mismatch is a very common cause of late collisions and CRC errors on Ethernet); failing NIC or SFP transceiver. Always start troubleshooting with the physical layer — swap the cable or SFP before investigating higher layers.

10. Which layer is responsible for selecting the best path between networks and forwarding packets hop-by-hop toward the destination?

A. Transport Layer (Layer 4) — responsible for end-to-end delivery between processes, not path selection between networks B. Data Link Layer (Layer 2) — responsible for single-link delivery using MAC addresses, not multi-network routing C. Network Layer (Layer 3) — routers use routing tables built by static config or dynamic protocols (OSPF, EIGRP, BGP) to select the best path and forward packets toward the destination D. Physical Layer (Layer 1) — responsible for bit transmission, not routing decisions

Correct answer is C. The Network Layer (Layer 3) is the routing layer. Routers build and maintain routing tables — populated by static routes, connected networks, and dynamic routing protocols (OSPF, EIGRP, RIP, BGP). When a packet arrives, the router performs a longest-prefix match lookup in the routing table against the destination IP address, selects the best-matching route, and forwards the packet out the appropriate interface toward the next hop. This process repeats at every router along the path until the packet reaches the destination network. Key Layer 3 protocols include IPv4, IPv6, ICMP (error reporting), and ARP (resolves Layer 3 addresses to Layer 2 for local delivery).

← Back to Home