Sign in Subscribe

CompTIA Network+ Topologies and Network Types: The Practical Way I Teach It

CompTIA Network+ Topologies and Network Types: The Practical Way I Teach It

Why Network Structure Really Matters

For Network+ candidates, this topic matters because CompTIA likes to blur three related ideas: topology, logical behavior, and network type. Once you keep those straight, a whole bunch of exam questions get a lot easier. If you mix them up, distractors start looking correct.

The simplest way to frame it is this: topology describes arrangement, logical topology describes traffic behavior, and network type describes scope or purpose. A LAN can use a star topology. A WAN can use hub-and-spoke. A WLAN is a network type, not a topology — and that distinction comes up all the time. A VPN is a secure overlay or connectivity model, not a physical layout.

This also matters in real troubleshooting. A single failed access switch in a star can affect one floor. A failed hub site in a hub-and-spoke WAN can affect many branches. A WLAN complaint may actually be an RF problem. A storage issue may live on a SAN or storage VLAN and not on the user LAN at all. When you understand the structure, you usually know where to start looking first.

Core Definitions and the Big Exam Distinction

Network topology is the arrangement of devices and links. The easiest way I’ve found to think about it is to keep the usual suspects in mind: star, bus, ring, mesh, point-to-point, hub-and-spoke, and spine-and-leaf. Honestly, once you can picture those seven, a lot of the exam questions start feeling way less intimidating.

Physical topology is the real hardware layout: cables, ports, access points, switches, routers, and fiber runs. If you walk into a Main Distribution Frame (MDF) or an Intermediate Distribution Frame (IDF) and trace patch panels and uplinks, you are looking at physical topology.

Logical topology is how traffic actually moves. This may or may not match the physical layout. For example, a network can be wired like a star but still behave like shared media if it’s using hubs — or it can behave like switched point-to-point Ethernet if it’s using switches.

Network type describes the scope, medium, or purpose of the network: LAN, WLAN, WAN, MAN, PAN, CAN, or SAN.

Deployment or operational models are related but slightly different ideas: SOHO, branch office, data center, intranet, extranet, client-server, peer-to-peer, and IoT/OT. Those are useful exam terms, but they are not all “network types” in the same strict category as LAN or WAN.

Topology vs Network Type: Direct Comparison

Topology answers: How is it arranged? You’ll usually see star, mesh, ring, bus, hub-and-spoke, and spine-and-leaf come up as the common examples. This is a common trap. People see WLAN or WAN and, honestly, assume it must be a topology — but that’s not what those terms mean.

Logical topology answers: How does traffic flow? Examples include shared media, switched Ethernet, token passing, and overlay tunnels. A common trap is assuming cabling tells the whole story.

Network type answers: What kind of network is it? The usual examples you’ll run into are LAN, WLAN, WAN, MAN, PAN, CAN, and SAN. Those are the ones CompTIA loves to come back to, so it’s absolutely worth knowing them cold. Another really common trap is assuming that LAN or WAN tells you what the network physically looks like. It doesn’t — it tells you the scope or purpose, not the actual layout. It doesn’t — it tells you the scope or purpose.

Memorize this sentence because it is exam-ready: A topology describes arrangement; a network type describes scope or purpose.

Physical Topologies You Must Recognize

Bus uses a single shared backbone. Its main advantage is simplicity and low cost, but a backbone failure affects all connected devices. Typical exam clues include legacy coax or shared cable designs.

Star connects all devices to a central device. Its main advantage is easier fault isolation, but the central device can become a single point of failure. This is the typical modern Ethernet LAN design.

Ring forms a loop in which devices connect in sequence. It offers a predictable path, but breaks can disrupt traffic. Historical examples include Token Ring and FDDI.

Mesh uses multiple interconnections between nodes. Its main advantage is high redundancy, but it increases cost and complexity. It is commonly associated with resilient WAN designs.

Hub-and-spoke connects branches through a central site. It simplifies WAN design, but creates dependency on the hub. A common clue is branch connectivity to headquarters.

Point-to-point is a direct link between two nodes. You do get a dedicated path, which is great, but it doesn’t scale all that well once you start adding more sites or devices. That’s where the design starts getting expensive and a little awkward. If you see leased lines or direct uplinks, that’s usually your clue.

Point-to-multipoint uses one central node to serve many endpoints. It’s efficient for distribution, but the center can absolutely become the bottleneck. It is often associated with wireless or provider access models.

Spine-and-leaf is a fabric design in which every leaf connects to every spine. It provides predictable low-latency paths, but requires more hardware and design effort. It is a common modern data center topology.

Bus and ring are mostly legacy concepts for modern enterprise access networks, but they remain testable. Bus uses one shared backbone. Ring connects each device to two neighbors in a loop. Token Ring and FDDI are the historical examples CompTIA may reference.

Star is the dominant modern LAN topology. Endpoints connect to a central switch. A cable failure usually affects one endpoint, but a switch failure can affect many users.

Mesh emphasizes redundancy. In a full mesh, every node connects to every other node. The link count grows quickly: for n nodes, required links = n(n-1)/2. That formula is useful for both understanding cost and answering exam questions. Partial mesh is more common because it balances redundancy and expense.

Hub-and-spoke, point-to-point, and point-to-multipoint are often discussed as WAN or connection-design topologies rather than classic Ethernet physical layouts. That said, CompTIA absolutely still treats them like topology patterns, so you’ll want to recognize them on sight. Hub-and-spoke is common in branch WANs. Point-to-point often maps to leased lines or direct uplinks. Point-to-multipoint is a reasonable conceptual fit for wireless infrastructure and some provider access designs.

Spine-and-leaf is a data center topology. Endpoints attach to leaf switches, not spines. Within a fabric, each leaf typically connects to every spine, creating consistent hop counts and enabling Equal-Cost Multi-Path (ECMP) forwarding.

Physical vs Logical Topology Comparison Matrix

A physically central star layout can behave as shared media or a logical bus when built with old hub-based Ethernet. The exam meaning is that the network looks centralized physically, but traffic is still shared.

A physically central star layout can also behave as switched point-to-point forwarding in modern switched Ethernet. This represents most modern LANs.

Wireless cells with access points can behave logically as a bridged VLAN-backed WLAN, such as in enterprise Wi-Fi infrastructure mode. The key exam point is that WLAN is a type, while traffic still maps into logical segments.

A leaf-spine fabric often behaves logically with Layer 3 ECMP paths, as seen in modern virtualized data centers. The exam meaning is consistent multipath routing.

An Internet underlay can carry an encrypted tunnel overlay, such as an IPsec VPN. The key point is that the logical path differs from the physical transport.

This distinction is one of the most testable ideas in the objective. A network can look like a star on paper, but behave very differently depending on whether the center device is a hub, a switch, a controller, or a tunnel endpoint.

Logical Topologies, Broadcast Domains, and VLANs — the stuff that trips people up if they’re not careful

Logical topology is about traffic behavior. The most important modern comparison is shared media Ethernet versus switched Ethernet.

In old shared-media Ethernet, devices effectively shared the same communication medium. Hubs repeated incoming signals out other ports, so traffic was broadly shared. Those networks used half-duplex operation and CSMA/CD to deal with collisions. So in that model, a physically star-wired network could still behave logically like a bus.

In modern switched Ethernet, switches learn source MAC addresses and build a MAC address table as they go. Known unicast traffic gets forwarded only to the right port. Unknown unicast traffic is flooded within the VLAN until the switch learns where the destination lives. Broadcast traffic gets flooded within the local Layer 2 broadcast domain. In full-duplex switched Ethernet, collisions are basically a non-issue; collision problems mostly belonged to shared-media or half-duplex environments.

That leads to two exam terms you must separate:

  • Collision domain: the area where frame collisions can occur. With hubs, you get one shared collision domain. Switches, on the other hand, break collision domains up by port, and that’s a huge reason they replaced hubs. It makes the network cleaner, more efficient, and a whole lot easier to live with.
  • Broadcast domain: the area where Layer 2 broadcasts are forwarded. Switches forward broadcasts within the VLAN; routers do not forward Layer 2 broadcasts by default.

VLANs create separate Layer 2 broadcast domains without changing the physical cabling. An access port carries one VLAN for an endpoint. A trunk link carries multiple VLANs between switches, usually by tagging the frames so each switch knows where they belong. It’s a neat little trick, and it’s definitely worth knowing. Each VLAN has its own broadcast domain, and if those VLANs need to communicate, you’ll need a router or a Layer 3 switch to do the routing. No routing, no conversation.

A simple example helps. For example, let’s say VLAN 10 is Users and VLAN 20 is Voice. That kind of separation is really common in real networks. The PC ports would usually be access ports in VLAN 10, while the uplinks between switches would be trunks carrying VLANs 10 and 20. That way, the right traffic gets where it needs to go without everything getting mixed together. Broadcasts from VLAN 10 stay in VLAN 10, and that’s exactly what you want. You really don’t want random user broadcasts wandering into every other segment. If someone in VLAN 10 needs to reach a printer in VLAN 20, that traffic has to be routed at Layer 3. That’s the point where switching stops and routing takes over. That is logical segmentation, not a new physical topology.

Token passing is another logical topology concept. In Token Ring and FDDI, a token moves around the network, and only the device holding it gets to transmit. It was a pretty elegant idea for its time, even if it’s mostly legacy now. That made access more predictable and reduced collisions, but these days it’s mostly a legacy concept or something you’ll see on an exam.

Overlays add another layer of logical behavior. GRE, VXLAN, and VPN tunnels are good examples to keep in mind here. They’re all about creating a logical path that doesn’t necessarily match the physical one. The physical underlay might be Ethernet, fiber, or even the Internet, while the logical path gets built through encapsulation and the tunnel endpoints. So the packet takes one real-world route, but logically it behaves like it’s on a different one.

Core Network Types

LAN is a local area network within a room, floor, building, or site. It usually runs on Ethernet, switches, structured cabling, IP addressing, and VLANs. Most modern LANs are physically built like a star and logically switched.

WLAN is a wireless local area network. It’s still local in scope, but the medium is radio instead of copper or fiber. Enterprise WLANs usually operate in infrastructure mode, where clients connect through access points. Ad hoc or IBSS mode allows direct client-to-client wireless communication, but that is not the normal enterprise design. And just to hammer it home: WLAN is a network type, not a topology.

WAN connects sites across larger geographic distances. Common WAN transports include leased lines, broadband Internet, Metro Ethernet, and provider technologies like MPLS. MPLS is a provider transport technology; SD-WAN is an overlay and control approach that can steer traffic across multiple transports according to policy.

MAN is a metropolitan-scale network spanning a city or metro area. It may be provider-operated or enterprise-owned. Metro Ethernet and provider fiber are common examples.

PAN is a personal area network, such as Bluetooth peripherals, NFC, or tethering around an individual user.

CAN for this exam means Campus Area Network: multiple buildings under one organization, often tied together by fiber backbones. Outside this exam context, CAN can also mean Controller Area Network in automotive or industrial systems, so read the question carefully.

SAN is a storage area network. It is a storage-focused network, not just “a fast LAN.” Fibre Channel SANs often use dedicated fabrics and specialized switches. iSCSI carries block storage over IP/Ethernet and may be physically separate or logically isolated with VLANs, VRFs, and QoS. Also remember that NAS protocols such as NFS and SMB provide file access and are not the same thing as SAN block storage.

Here’s a quick practical look at WLAN, WAN, and SAN basics.

For WLANs, focus on the practical stuff. SSIDs identify the wireless network, channels affect interference, and 2.4 GHz has fewer non-overlapping channels plus more everyday interference sources like microwaves and Bluetooth. In real life, that’s why one bad channel plan can make a wireless floor feel like it’s falling apart. 5 GHz generally offers more channels and less interference, though range characteristics differ. And WLAN performance isn’t just about signal strength — it’s also about airtime contention, client density, channel reuse, and how clients roam between APs.

For WANs, map services to topology. A leased line often fits point-to-point. MPLS commonly supports hub-and-spoke or partial mesh. Internet-based VPNs can also be designed in hub-and-spoke or mesh-like patterns, depending on what the organization needs. SD-WAN can use multiple links — like broadband plus LTE — and then choose paths based on application policy, loss, latency, and jitter.

For SANs, the big design themes are redundancy, multipathing, and predictable performance — those are the things that really matter. Fibre Channel environments often use dual fabrics so a host has more than one storage path. iSCSI environments often keep storage on dedicated VLANs or separate switches, and they may use multipath I/O so a host can keep going if one path fails. SAN concerns include latency, throughput, queue depth, flow control in some designs, and path consistency.

Applied Design, Failure Domains, and Troubleshooting — where the theory gets real fast

Topology directly affects failure domains. In a star, one bad patch cable usually affects one user; a failed access switch affects many. In hub-and-spoke, a branch issue may affect one site, but a hub-site outage can affect all spokes. In mesh, traffic may reroute after a failure, so the symptom may be slowness rather than total outage. In spine-and-leaf, a leaf failure affects attached hosts, while a spine failure reduces available paths but often does not create a full outage if the fabric is healthy.

A compact troubleshooting workflow works well on the exam and in practice:

  • Single user or many users? Single user suggests edge issues; many users suggests shared infrastructure.
  • Local or upstream? Check the endpoint, access port, AP, or branch edge first, then uplinks and core paths.
  • Wired, wireless, WAN, or storage? Don’t troubleshoot a WLAN complaint like a switch issue or a SAN latency issue like a desktop issue.
  • What tools fit? Ping, traceroute, ARP tables, MAC tables, interface counters, DHCP checks, DNS tests, Wi-Fi analyzers, logs, SNMP, syslog, and flow monitoring all have a place in the toolkit.

For example, if one wired user is down in a star LAN, I’d start with link lights, NIC status, switch port state, VLAN assignment, and the DHCP lease. If an entire floor is down, I’d go straight to the access switch, the uplink, power, and then spanning tree or LACP state. If multiple branches lose access, I’d look at the hub router, provider handoff, VPN concentrator, or MPLS edge first. If Wi-Fi is slow, check RSSI, channel overlap, co-channel interference, AP load, and whether the real problem is 2.4 GHz congestion rather than an IP issue. If VMs are slow but users can still browse normally, check storage latency, SAN paths, and multipathing before you blame the LAN. the LAN.

Security by Topology and Network Type

Security controls should match the structure. Flat Layer 2 networks increase broadcast scope and make lateral movement easier. VLANs, subnets, ACLs, firewalls, and NAC are all tools we use to create boundaries.

In a campus or enterprise LAN, segmentation often happens by department, device type, or trust level. Access-layer controls, NAC, and inter-VLAN ACLs all help contain risk.

In a WLAN, separate guest traffic from internal traffic, use strong authentication, and remember that RF extends beyond walls. Guest SSIDs should be isolated from internal resources.

In a WAN or VPN, encryption does not equal unlimited trust. A VPN securely extends access according to authentication and authorization policy. Split-tunnel versus full-tunnel decisions affect both security and performance. Remote-access VPNs connect users; site-to-site VPNs connect networks.

In IoT/OT environments, strict segmentation matters because uptime and safety often outweigh convenience. In SAN and storage networks, dedicated fabrics are common, but converged Ethernet designs also exist; in those cases, isolation and QoS become especially important.

High-Yield Exam Traps and Final Review

  • WLAN is a type, not a topology.
  • VPN is an overlay/tunnel, not a physical layout.
  • VLANs change logical segmentation, not physical shape.
  • Broadcast domain is not the same as collision domain.
  • CAN here means Campus Area Network, not Controller Area Network.
  • SAN is storage-focused; it is not just a faster LAN.
  • Legacy concepts to recognize: bus, ring, token passing, hubs.
  • Modern concepts to know well: star, switched Ethernet, VLANs, WLAN, WAN, VPN basics, mesh, and spine-and-leaf.

What CompTIA is really asking when it uses certain words:

  • Layout, shape, arrangement → topology
  • Traffic flow, forwarding behavior → logical topology
  • Local, campus, metro, wide area, wireless, storage → network type
  • Branch to HQ → WAN, likely hub-and-spoke
  • Storage network → SAN
  • Modern data center → spine-and-leaf

If you remember one final set of answer-ready lines, use these:

A physically star-wired Ethernet LAN may be logically shared if it uses hubs, or logically switched if it uses switches.

Each VLAN is a separate broadcast domain, and inter-VLAN communication requires Layer 3 routing.

A SAN is a storage-focused network using technologies such as Fibre Channel or iSCSI.

A VPN securely extends network access; it does not describe a physical topology.

That is the real goal of this objective: identify what the network is, how it is arranged, how traffic behaves, and what happens when something fails.