OSI vs TCP/IP Model – Side-by-Side Comparison

1. Why Two Models Exist

Two conceptual frameworks dominate network education and professional practice: the OSI model (Open Systems Interconnection) and the TCP/IP model (also called the Internet model or DoD model). Both describe how data moves from one device to another across a network — but they were created with different goals, at different times, and for different audiences.

Understanding why two models exist — and what each is actually used for — prevents the common confusion of treating them as competing descriptions of the same thing. They are complementary: the OSI model provides a precise theoretical vocabulary for discussing network functions, while the TCP/IP model describes the actual protocol suite that runs the internet.

Feature	OSI Model	TCP/IP Model
Developed by	ISO (International Organization for Standardization) and ITU-T	US Department of Defence (DoD) / DARPA; evolved into the IETF
Year	Published 1984 (ISO 7498)	Original TCP/IP architecture: 1974 (Cerf & Kahn); formalized as a 4-layer model in the 1980s
Number of layers	7 layers	4 layers (some texts use 5)
Primary purpose	Theoretical framework — a vendor-neutral reference for understanding and discussing network functions and interoperability	Practical implementation — describes the actual protocol suite used to build the internet
Real-world use	Conceptual reference, troubleshooting framework, vendor documentation, exam certification standard	The actual operational model — all internet and intranet communication runs on TCP/IP
Protocols defined	Framework only — OSI defines the layers but most OSI-specific protocols (X.25, FTAM) are obsolete	Defines the real protocols: IP, TCP, UDP, HTTP, DNS, TLS, etc.
Status	Still taught universally as the reference model; original OSI protocols largely replaced by TCP/IP	The operational standard — all modern networking runs on TCP/IP

2. The OSI Model — Seven Layers

The OSI model divides network communication into seven distinct layers, each with a clearly defined responsibility. Each layer provides services to the layer above and relies on services from the layer below. This layered separation means a change at one layer (e.g., switching from copper to fibre at Layer 1) does not require changes at other layers — a principle called layer independence.

  OSI Model — 7 layers with mnemonics:

  Layer 7 │ Application  │ "All"
  Layer 6 │ Presentation │ "People"
  Layer 5 │ Session      │ "Seem"
  Layer 4 │ Transport    │ "To"
  Layer 3 │ Network      │ "Need"
  Layer 2 │ Data Link    │ "Data"
  Layer 1 │ Physical     │ "Processing"

  Top-down mnemonic (7→1): "All People Seem To Need Data Processing"
  Bottom-up mnemonic (1→7): "Please Do Not Throw Sausage Pizza Away"

Layer	Name	PDU	Key Responsibility	Example Protocols / Technologies
7	Application	Data	Network services to end-user applications; interface between the network and the application	HTTP, HTTPS, FTP, SMTP, DNS, DHCP, SNMP, SSH, Telnet
6	Presentation	Data	Data translation, encoding, compression, and encryption/decryption — ensures data is in a format the application can use	SSL/TLS (encryption), JPEG, MPEG, ASCII, Unicode, XML, JSON
5	Session	Data	Establishes, manages, and terminates sessions between applications; synchronisation and dialogue control	NetBIOS, RPC, SQL sessions, NFS session management, SIP (partially)
4	Transport	Segment (TCP) / Datagram (UDP)	End-to-end communication, reliability (TCP), flow control, error recovery, port numbers, segmentation and reassembly	TCP, UDP, SCTP
3	Network	Packet	Logical addressing (IP), routing between networks, path determination	IPv4, IPv6, ICMP, OSPF, EIGRP, BGP, ARP (debated)
2	Data Link	Frame	Physical addressing (MAC), error detection (FCS), access to the physical medium, framing	Ethernet (802.3), Wi-Fi (802.11), PPP, HDLC, 802.1Q (VLAN tagging), STP
1	Physical	Bits	Transmission of raw bits over the physical medium — electrical signals, light pulses, or radio waves	Ethernet cables (Cat5e/6/6A), fibre optic, Wi-Fi radio, USB, DSL, hubs, repeaters

CCNA PDU names — memorise these:
Layer 7/6/5 → Data
Layer 4 TCP → Segment | Layer 4 UDP → Datagram
Layer 3 → Packet
Layer 2 → Frame
Layer 1 → Bits

3. The TCP/IP Model — Four Layers

The TCP/IP model (sometimes called the Internet model or DoD model) consolidates the OSI model's seven layers into four practical layers that directly correspond to how the TCP/IP protocol suite is implemented and used. It emerged from the ARPANET research that became the internet, and unlike the OSI model, it was defined alongside the actual protocols — not as a theoretical framework.

Layer	TCP/IP Name	Equivalent OSI Layers	Key Responsibility	Example Protocols
4	Application	OSI 7 (Application) + 6 (Presentation) + 5 (Session)	All user-facing services, data formatting, session management — everything above the transport layer	HTTP, HTTPS, FTP, SMTP, DNS, DHCP, SSH, SNMP, TLS (some argue TLS spans layers)
3	Transport	OSI 4 (Transport)	End-to-end communication, segmentation, reliability (TCP) or speed (UDP), port numbers	TCP, UDP
2	Internet	OSI 3 (Network)	Logical addressing, routing between networks, path selection	IPv4, IPv6, ICMP, ARP (debated), routing protocols (OSPF, BGP at control plane)
1	Network Access (Link)	OSI 2 (Data Link) + 1 (Physical)	Physical transmission, MAC addressing, framing, error detection on a single network segment	Ethernet, Wi-Fi (802.11), PPP, DSL, fibre, cables, NIC hardware

Five-layer variant: Some textbooks (including Cisco's CCNA curriculum) use a 5-layer TCP/IP model that separates the Network Access layer into Data Link (Layer 2) and Physical (Layer 1). This makes the mapping to OSI layers more intuitive and aligns with how network engineers actually discuss device behaviour. The 5-layer variant is common in CCNA study materials.

4. Layer Mapping — OSI to TCP/IP Side by Side

  OSI Model (7 layers)          TCP/IP Model (4 layers)
  ─────────────────────         ─────────────────────────
  7 │ Application  │ ─────┐
  6 │ Presentation │ ─────┤──► 4 │ Application     │
  5 │ Session      │ ─────┘
  4 │ Transport    │ ──────────► 3 │ Transport       │
  3 │ Network      │ ──────────► 2 │ Internet        │
  2 │ Data Link    │ ─────┐
  1 │ Physical     │ ─────┴────► 1 │ Network Access  │


  OSI Model (7 layers)          TCP/IP Model (5-layer variant)
  ─────────────────────         ───────────────────────────────
  7 │ Application  │ ─────┐
  6 │ Presentation │ ─────┤──► 5 │ Application     │
  5 │ Session      │ ─────┘
  4 │ Transport    │ ──────────► 4 │ Transport       │
  3 │ Network      │ ──────────► 3 │ Network (IP)    │
  2 │ Data Link    │ ──────────► 2 │ Data Link       │
  1 │ Physical     │ ──────────► 1 │ Physical        │

OSI Layer	OSI Layer Name	TCP/IP Layer (4-layer)	TCP/IP Layer (5-layer)
7	Application	Application (Layer 4)	Application (Layer 5)
6	Presentation
5	Session
4	Transport	Transport (Layer 3)	Transport (Layer 4)
3	Network	Internet (Layer 2)	Network (Layer 3)
2	Data Link	Network Access (Layer 1)	Data Link (Layer 2)
1	Physical	Network Access (Layer 1)	Physical (Layer 1)

Key mapping facts:
OSI Layers 5, 6, 7 → all map to TCP/IP Application layer
OSI Layer 4 = TCP/IP Transport layer (1:1 match)
OSI Layer 3 = TCP/IP Internet layer (1:1 match)
OSI Layers 1 and 2 → TCP/IP Network Access layer (combined)

The 1:1 mapping at Layer 3 and 4 is why network engineers freely say "Layer 3" and "Layer 4" — both models agree on these layers.

5. Why the OSI Model Is Still Taught

A natural question: if TCP/IP is what actually runs the internet, why is so much time spent studying the OSI model? The answer is that the OSI model provides something the TCP/IP model deliberately avoids — a precise, granular vocabulary for describing network functions that is independent of any specific protocol.

Five Reasons the OSI Model Remains Essential

Reason	Explanation
Troubleshooting framework	The OSI model gives engineers a structured top-down or bottom-up methodology for isolating network faults. "Is this a Layer 1 problem (cable), Layer 2 (VLAN/STP), or Layer 3 (routing)?" is the most common diagnostic conversation in networking. This works because OSI layers map cleanly to specific devices and symptoms.
Vendor-neutral common language	Cisco, Juniper, Arista, Palo Alto, and F5 all use OSI layer terminology in their documentation. "Layer 7 firewall", "Layer 3 switch", "Layer 2 loop" are universally understood terms across all vendors and all networking disciplines.
Protocol design reference	When new protocols are designed, they are specified in terms of which OSI layer they operate at and what services they provide to the layer above. YANG models, gNMI, and HTTP/3 are all described in OSI terms.
Security discussion	Firewall types are categorised by OSI layer (Layer 4 stateful, Layer 7 application-aware). DDoS attacks are described by layer (Layer 3/4 volumetric, Layer 7 application attacks). ACLs operate at Layer 3 and 4. The OSI layer makes the security boundary clear.
Certification exams worldwide	CCNA, CompTIA Network+, JNCIA, and every other major networking certification tests OSI model knowledge extensively. It is the universal baseline for networking education globally.

OSI Layers in Troubleshooting

  Bottom-up troubleshooting approach (most efficient for physical problems):

  Layer 1 — Physical: Is the cable plugged in? Is the link LED lit?
  ↓ If Layer 1 OK...
  Layer 2 — Data Link: Is there a MAC address in the table? Is the VLAN correct?
  ↓ If Layer 2 OK...
  Layer 3 — Network: Is there an IP address? Can you ping the gateway?
  ↓ If Layer 3 OK...
  Layer 4 — Transport: Is the port open? Does telnet to port 80 connect?
  ↓ If Layer 4 OK...
  Layer 7 — Application: Is the service running? Are credentials correct?

  Top-down troubleshooting (useful when the application is the complaint):
  Start at Layer 7 (is the app responding?) and work down to Layer 1.

  Examples of layer-specific problems:
  Layer 1: broken cable, bad SFP, no link light, duplex mismatch
  Layer 2: incorrect VLAN, STP loop, duplicate MAC, missing ARP entry
  Layer 3: wrong IP subnet, missing route, wrong gateway, ACL blocking
  Layer 4: firewall blocking port, wrong port in config, SYN but no ACK
  Layer 7: wrong URL, expired certificate, misconfigured application

6. How Real Protocols Map to Both Models

Real protocols rarely respect model boundaries perfectly — many span multiple layers or are categorised differently depending on context. The table below shows exactly where the most important protocols sit in both models simultaneously.

Protocol	OSI Layer(s)	TCP/IP Layer	PDU Name	Notes
HTTP / HTTPS	7 (Application)	Application	Data	HTTP is pure Layer 7. TLS (inside HTTPS) also has Presentation (6) and Session (5) characteristics — it encrypts and manages the secure session.
TLS / SSL	5 (Session) + 6 (Presentation)	Application	Data	TLS encrypts data (Presentation) and establishes a secure session (Session). It sits between the transport and application in practice — a Layer 4.5 functionally.
DNS	7 (Application)	Application	Data	Application layer service. Uses UDP or TCP at Layer 4. See: How DNS Works
DHCP	7 (Application)	Application	Data	Application layer protocol running over UDP 67/68. See: DHCP Overview
FTP / SMTP / SSH	7 (Application)	Application	Data	All application layer protocols with TCP transport.
TCP	4 (Transport)	Transport	Segment	Connection-oriented; ports, sequencing, acknowledgements, flow control. See: Port Numbers
UDP	4 (Transport)	Transport	Datagram	Connectionless; port numbers, no reliability.
IPv4 / IPv6	3 (Network)	Internet	Packet	Logical addressing and routing. The core of both the OSI Network layer and TCP/IP Internet layer. See: IP Interface Brief
ICMP	3 (Network)	Internet	Packet	Error reporting for IP. Used by ping and traceroute. IP protocol number 1. See: Ping / ICMP
ARP	2/3 (Data Link / Network — debated)	Internet / Network Access	Frame / Packet	Maps IP addresses to MAC addresses. Operates between Layer 2 and 3 — often called "Layer 2.5". Uses Ethernet framing (Layer 2) but resolves Layer 3 addresses. See: ARP / MAC Address
OSPF	3 (Network)	Internet	Packet	Routing protocol operating at Layer 3. Uses IP protocol 89 (no TCP/UDP). See: OSPF Overview
BGP	3 (Network) / 4 (Transport)	Internet / Transport	Segment / Packet	BGP is a routing protocol (Layer 3 in function) but runs over TCP port 179 (Layer 4 in transport). Often described as a Layer 4 protocol because of its TCP dependency. See: BGP Overview
Ethernet (802.3)	1 (Physical) + 2 (Data Link)	Network Access	Frame (L2) / Bits (L1)	Ethernet spans both Physical (signalling, cabling) and Data Link (MAC addressing, framing, FCS error detection). See: Ethernet Standards
Wi-Fi (802.11)	1 (Physical) + 2 (Data Link)	Network Access	Frame (L2) / Bits (L1)	Like Ethernet, Wi-Fi spans Physical (RF) and Data Link (MAC, CSMA/CA). See: Wi-Fi 802.11 Standards
STP / RSTP	2 (Data Link)	Network Access	Frame	Loop prevention at Layer 2 using BPDUs. See: STP Overview
VLANs / 802.1Q	2 (Data Link)	Network Access	Frame	VLAN tagging is a Layer 2 function — the 4-byte 802.1Q tag is inserted in the Ethernet frame header. See: VLANs
PPP / HDLC	2 (Data Link)	Network Access	Frame	WAN serial link Data Link protocols.
SNMP	7 (Application)	Application	Data	Network management application protocol over UDP 161/162. See: SNMP/Syslog Logging
NTP	7 (Application)	Application	Data	Time synchronisation over UDP 123. See: NTP Sync

7. Encapsulation and De-encapsulation — Both Models

Encapsulation is the process by which each layer adds its own header (and sometimes trailer) to the data passed down from the layer above, building up the complete PDU for transmission. De-encapsulation is the reverse — each layer at the receiver strips its header and passes the inner data upward.

This process is the same in both OSI and TCP/IP — the two models describe the same physical reality, just with different levels of granularity.

  Encapsulation at the sender (top to bottom):

  Application generates HTTP request: "GET /index.html HTTP/1.1"
       │
       │ Layer 7 (OSI App / TCP/IP App)
       ▼
  ┌─────────────────────────────────────────────────────────┐
  │  HTTP Data: "GET /index.html HTTP/1.1"                  │
  └─────────────────────────────────────────────────────────┘
       │ Layer 4 (Transport): TCP adds port numbers, seq#
       ▼
  ┌────────────────────────────────────────────────────────────────┐
  │  TCP Header │  HTTP Data                                       │
  │  Src:54321  │  "GET /index.html..."                            │
  │  Dst:80     │                        ← TCP Segment             │
  └────────────────────────────────────────────────────────────────┘
       │ Layer 3 (Network): IP adds source/destination IPs
       ▼
  ┌──────────────────────────────────────────────────────────────────────┐
  │  IP Header  │  TCP Header │  HTTP Data                               │
  │  Src:10.0.0.5│  Src:54321  │  "GET /index.html..."  ← IP Packet      │
  │  Dst:93.x.x.x│  Dst:80    │                                          │
  └──────────────────────────────────────────────────────────────────────┘
       │ Layer 2 (Data Link): Ethernet adds MAC addresses, FCS
       ▼
  ┌────────────────────────────────────────────────────────────────────────────┐
  │ Eth Header │  IP Header  │  TCP Header │  HTTP Data            │ FCS (CRC) │
  │ Src MAC    │  Src IP     │  Src Port   │  "GET /index.html..."  │           │
  │ Dst MAC    │  Dst IP     │  Dst Port   │           ← Ethernet Frame        │
  └────────────────────────────────────────────────────────────────────────────┘
       │ Layer 1 (Physical): Frame serialised to electrical/optical bits
       ▼
  10110001 01001100 10110010 ... (bits transmitted on the wire)

  De-encapsulation at the receiver: reverse process — each layer
  reads its header, processes it, and passes the inner data upward.

Encapsulation Summary Table

OSI Layer	Header Added	PDU Result	Key Information in Header
7 / 6 / 5 — Application	Application header (e.g., HTTP method, URL)	Data	HTTP: GET/POST, URL, headers; DNS: query type; etc.
4 — Transport	TCP or UDP header	Segment (TCP) / Datagram (UDP)	Source port, destination port, sequence number (TCP), checksum
3 — Network	IP header	Packet	Source IP, destination IP, TTL, protocol (6=TCP, 17=UDP, 1=ICMP), DSCP (QoS)
2 — Data Link	Ethernet header + FCS trailer	Frame	Source MAC, destination MAC, EtherType (0x0800=IPv4, 0x86DD=IPv6, 0x0806=ARP), FCS (error detection)
1 — Physical	None — frame converted to bit stream	Bits	Encoding (NRZ, Manchester), line rate, signal voltage/ light/RF modulation

8. Network Devices and Their OSI Layers

Each type of network device operates at a specific OSI layer — the layer at which it reads, processes, and makes forwarding decisions. Understanding device-layer relationships is foundational to network design and is heavily tested on the CCNA.

Device	OSI Layer	TCP/IP Layer	What It Reads	Forwarding Decision Based On
Hub / Repeater	Layer 1 — Physical	Network Access	Electrical signal / bits	No decision — regenerates and floods all bits to all ports. No intelligence.
Switch (L2)	Layer 2 — Data Link	Network Access	Ethernet frame header	Destination MAC address → MAC address table (CAM table). See: MAC Address Table
Router	Layer 3 — Network	Internet	IP packet header	Destination IP address → routing table (longest prefix match). See: show ip route
Layer 3 Switch	Layer 2 + 3	Network Access + Internet	MAC frame + IP packet	MAC address for L2 forwarding; IP for L3 routing between VLANs. Hardware-based routing (ASIC). See: L3 Switch
Firewall (stateful / L4)	Layer 3 + 4	Internet + Transport	IP header + TCP/UDP header	Source/destination IP, port, protocol, connection state (SYN/ACK/FIN tracking). See: ACL/Firewall
Next-Gen Firewall / L7 FW	Layers 3–7	All layers	Full packet including application payload	Application identity (HTTP URL, DNS name, app signature), user identity, content inspection.
Load Balancer	Layer 4 or 7	Transport or Application	TCP/UDP header (L4) or HTTP content (L7)	L4: source IP/port hash or round-robin. L7: HTTP Host header, URL path, cookies.
Wireless AP	Layer 1 + 2	Network Access	Radio signal → 802.11 frame	MAC address (L2 bridging between wireless and wired). See: APs & WLC

9. OSI Upper Layers (5, 6, 7) — Are They Relevant Today?

One source of confusion in CCNA study is that OSI Layers 5 (Session), 6 (Presentation), and 7 (Application) are all collapsed into the single TCP/IP Application layer — and in practice, most modern protocols implement session, presentation, and application functions together in a single protocol stack. This has led some engineers to dismiss OSI upper layers as irrelevant. They are not — they remain analytically useful.

Layer 5 — Session

The Session layer manages the establishment, maintenance, and termination of communication sessions. In practice, session management is handled by:

TLS/SSL — establishes and tears down secure sessions (handshake → data transfer → close_notify)
SIP (Session Initiation Protocol) — explicitly manages VoIP call sessions (INVITE → 200 OK → BYE)
RPC (Remote Procedure Call) — manages distributed application sessions
SQL sessions — database connection establishment and teardown

Layer 6 — Presentation

The Presentation layer handles data translation between different formats and encryption. In modern networking:

TLS encryption — encrypts data before handing to TCP (Presentation function)
Data serialisation formats — JSON, XML, Protocol Buffers, ASN.1 (used in SNMP and certificates) — translate application data into a format for network transmission
Compression — HTTP Content-Encoding (gzip, Brotli) compresses data before transmission
Character encoding — ASCII, Unicode, UTF-8 translation

Layer 7 — Application

Layer 7 is the interface between the network and the application. It provides network services directly to user applications — HTTP gives a browser access to web content, DNS resolves names, SMTP transfers email. Unlike the lower layers, Layer 7 protocols are application-specific.

Practical insight: In the TCP/IP model, TLS is often described as "between Layer 4 and Layer 7" because it provides both session-management (Layer 5) and encryption (Layer 6) functions above TCP (Layer 4) but below the application protocol (HTTP, SMTP, etc.). This is why TLS is sometimes called a "Layer 4.5" protocol — it does not fit neatly into any single OSI layer, which is actually a good example of why the OSI model is a theoretical framework and not a literal description of how protocols are implemented.

10. Summary — Key Differences and Practical Takeaways

Aspect	OSI Model	TCP/IP Model
Number of layers	7	4 (or 5 in the variant)
Created	ISO, 1984 — after TCP/IP already existed	DARPA/IETF, 1974 onwards — protocols first, model later
Nature	Prescriptive theoretical model — defines what each layer should do	Descriptive practical model — describes what TCP/IP protocols actually do
Application layers	Three separate layers (5, 6, 7) for session, presentation, application	One combined Application layer covering all upper-layer functions
Lower layers	Two separate layers (1, 2) for Physical and Data Link	One combined Network Access layer (or two in 5-layer variant)
Protocol independence	Designed to be protocol-independent — any protocol can implement the layers	Tightly coupled to TCP/IP protocol suite
Primary use today	Education, troubleshooting framework, vendor documentation, security classification	Actual network operation — all internet communication uses TCP/IP

  Practical summary for the CCNA exam:

  ✔ Use OSI layer numbers when:
    → Discussing what a device does ("Layer 3 switch", "Layer 2 loop")
    → Troubleshooting ("Layer 1 problem — check the cable")
    → Describing where a protocol operates ("BGP runs at Layer 3/4")
    → Security discussions ("Layer 7 firewall inspects HTTP content")
    → CCNA exam questions about layers, PDUs, and device behaviour

  ✔ Use TCP/IP model when:
    → Discussing actual protocol implementation
    → Describing how internet communication works in practice
    → Referring to the protocol stack (IP/TCP/HTTP)

  ✔ Both models agree on:
    → Transport layer = TCP / UDP
    → Network layer = IP (Layer 3)
    → These are the two layers that matter most for daily
      network engineering work

  ✔ Know the PDU names cold:
    Data → Segment/Datagram → Packet → Frame → Bits
    (Application/Presentation/Session → Transport → Network → Data Link → Physical)

Test Your Knowledge — OSI vs TCP/IP Quiz

1. The OSI model has 7 layers and the TCP/IP model has 4. Which three OSI layers are all combined into the single TCP/IP Application layer?

A. OSI Layers 1, 2, and 3 B. OSI Layers 5 (Session), 6 (Presentation), and 7 (Application) C. OSI Layers 4 (Transport), 5 (Session), and 6 (Presentation) D. OSI Layers 3, 4, and 5

Correct answer is B. The TCP/IP Application layer absorbs OSI Layers 5 (Session), 6 (Presentation), and 7 (Application). This is because TCP/IP was designed around real protocols, which typically implement session management, data encoding, and application logic together in one protocol (e.g., HTTP handles all three). OSI layers 1 and 2 are combined into the TCP/IP Network Access layer; OSI layers 3 and 4 map directly (1:1) to TCP/IP Internet and Transport layers. See: OSI Layer Functions

2. A network engineer says "this is a Layer 2 problem." What does that mean in terms of the OSI model, and what devices/technologies would be investigated?

A. Layer 2 refers to the Transport layer — TCP/UDP port configuration would be checked B. Layer 2 is the Physical layer — cable and hardware issues would be investigated C. Layer 2 is the Data Link layer — the engineer would check MAC address tables, VLANs, STP, and Ethernet framing issues on switches D. Layer 2 is the Network layer — IP addressing and routing would be investigated

Correct answer is C. OSI Layer 2 is the Data Link layer. Layer 2 problems involve MAC address tables (CAM tables), VLAN assignments, 802.1Q tagging, STP/RSTP loop prevention, Ethernet frame errors (FCS errors), and duplex mismatches. Layer 2 devices include switches and bridges. OSI Layer 1 is Physical (cables, NICs); Layer 3 is Network (IP, routing); Layer 4 is Transport (TCP/UDP ports). The OSI layer numbering is the universal language for troubleshooting discussions. See: MAC Address Table

3. What is the correct PDU name for data at each of these OSI layers: Layer 4 (TCP), Layer 3, and Layer 2?

A. Layer 4 TCP = Segment; Layer 3 = Packet; Layer 2 = Frame B. Layer 4 = Frame; Layer 3 = Segment; Layer 2 = Packet C. Layer 4 = Packet; Layer 3 = Frame; Layer 2 = Segment D. Layer 4 = Datagram; Layer 3 = Frame; Layer 2 = Packet

Correct answer is A. Memorise the PDU names in order: Application/Presentation/Session = Data; Transport (TCP) = Segment; Transport (UDP) = Datagram; Network = Packet; Data Link = Frame; Physical = Bits. These are heavily tested on the CCNA exam, particularly the Segment/Packet/Frame distinction at Layers 4, 3, and 2.

4. Why is the OSI model still taught and used extensively even though the TCP/IP model describes what actually runs the internet?

A. Because most modern protocols use OSI-specific protocols (X.25, FTAM) that require OSI knowledge B. Because the TCP/IP model is being phased out in favour of OSI C. Because the OSI model is more accurate than TCP/IP for describing how protocols work D. The OSI model provides a precise, vendor-neutral vocabulary for troubleshooting, documentation, security classification, and protocol design discussions. Terms like "Layer 3 switch", "Layer 7 firewall", and "Layer 2 loop" are universally understood because the OSI framework is the common language of networking

Correct answer is D. OSI protocols (X.25, FTAM, CLNS) are largely obsolete — TCP/IP has won. But the OSI model's layer vocabulary is universally adopted across all vendors, all certifications, and all networking disciplines. Every network engineer, regardless of their vendor or platform, uses "Layer 3" to mean routing/IP and "Layer 2" to mean switching/MAC. The OSI model is the shared reference frame that makes cross-vendor and cross-platform communication unambiguous.

5. Which OSI layer does a standard Layer 2 switch operate at, and what does it use to make forwarding decisions?

A. Layer 3 — it uses destination IP addresses to forward frames B. Layer 2 (Data Link) — it reads the destination MAC address in the Ethernet frame header and looks it up in the MAC address table (CAM table) to determine the output port C. Layer 1 — it regenerates bits on all ports like a hub D. Layer 4 — it inspects TCP port numbers before forwarding

Correct answer is B. A Layer 2 switch operates at the Data Link layer (Layer 2). It reads the destination MAC address from each incoming Ethernet frame and performs a lookup in its CAM (Content Addressable Memory) table to find the port associated with that MAC. It does not look at IP addresses (that's Layer 3 routing) or TCP ports (that's Layer 4). Layer 1 hubs simply regenerate signals to all ports with no intelligence. See: MAC Address Table

6. TLS (used in HTTPS) is difficult to categorise in the OSI model. Which OSI layers best describe its functions, and why?

A. Layer 1 and 2 — TLS operates on the physical medium level B. Layer 4 only — TLS is just an extension of TCP C. Layers 5 and 6 — TLS manages the secure session lifecycle (Layer 5: Session) and encrypts/decrypts data (Layer 6: Presentation). It sits above TCP (Layer 4) but below the application protocol (Layer 7) D. Layer 7 only — TLS is an application protocol

Correct answer is C. TLS spans OSI Layers 5 (Session) and 6 (Presentation). Its session management functions (TLS handshake to establish the secure channel, session resumption, session termination with close_notify) map to Layer 5. Its encryption and decryption of data (transforming plaintext to ciphertext and back) maps to Layer 6. TLS runs above TCP (Layer 4) and below HTTP (Layer 7) — sometimes called "Layer 4.5" because it does not fit neatly into a single OSI layer.

7. During encapsulation, in what order are headers added to the data as it travels down the OSI stack?

A. Application data → TCP/UDP header added (Segment/Datagram) → IP header added (Packet) → Ethernet header + FCS added (Frame) → serialised to Bits B. IP header → TCP header → Ethernet header → Application data C. Ethernet header → IP header → TCP header → Application data (inside-out) D. Bits → Frame → Packet → Segment → Application data (de-encapsulation order)

Correct answer is A. Encapsulation adds headers top-down through the OSI stack — each layer wraps the data from the layer above with its own header (and sometimes trailer). The application generates data → Transport adds TCP/UDP header (creating a Segment or Datagram) → Network adds IP header (creating a Packet) → Data Link adds Ethernet header and FCS trailer (creating a Frame) → Physical serialises to bits. De-encapsulation is the reverse — the receiver strips headers bottom-up. See: Packet Flow / show ip route

8. Where does ARP (Address Resolution Protocol) sit in the OSI model, and why is its placement debated?

A. Strictly Layer 3 — it is part of the IP protocol suite B. Strictly Layer 2 — it uses MAC addresses only C. Layer 7 — ARP is an application-level protocol D. ARP is debated between Layers 2 and 3 — it uses Ethernet frames (Layer 2) as its transport but its purpose is to resolve Layer 3 IP addresses to Layer 2 MAC addresses. It bridges the two layers, making it a Layer 2.5 protocol in practice

Correct answer is D. ARP is the classic "between layers" example. It is carried in Ethernet frames (it has its own EtherType 0x0806) — that's a Layer 2 characteristic. But its entire purpose is to translate Layer 3 IP addresses into Layer 2 MAC addresses — that's a Layer 3 function. Different sources place it at Layer 2, Layer 3, or explicitly say "Layer 2.5" to acknowledge this ambiguity. On the CCNA exam, if forced to choose one, Layer 2 or "between 2 and 3" is the safe answer. See: ARP / MAC Address

9. A packet is being inspected by a stateful firewall that can read source/destination IP addresses, TCP port numbers, and track TCP connection state (SYN/ACK/FIN). At which OSI layers is this firewall operating?

A. Only Layer 3 B. Layers 3 and 4 — it reads the Layer 3 IP header (source/destination IP) and the Layer 4 TCP header (ports, connection state) C. Only Layer 4 D. Layers 1, 2, 3, and 4 — a firewall must read all lower layers

Correct answer is B. A stateful firewall inspects both Layer 3 (IP header: source IP, destination IP, protocol) and Layer 4 (TCP/UDP header: source port, destination port, TCP flags for state tracking). This is why it is called a "Layer 4 firewall" — the highest layer it inspects is Layer 4. A next-generation firewall (NGFW) extends inspection to Layer 7 (application content, URL, user identity). See: ACL/Firewall

10. Which statement correctly describes the relationship between the OSI model and the TCP/IP model?

A. They are competing models — networks use either OSI or TCP/IP but not both B. The OSI model is newer and replaces the TCP/IP model in modern networks C. They are complementary — the OSI model provides a theoretical, vendor-neutral reference framework with precise layer terminology, while the TCP/IP model describes the actual protocol suite used to build and run the internet. Both are used simultaneously: TCP/IP for implementation, OSI for discussion and troubleshooting D. They are identical — the OSI model is just a more detailed version of TCP/IP

Correct answer is C. The OSI and TCP/IP models are complementary, not competing. Every modern network runs TCP/IP protocols (IP, TCP, UDP, HTTP, etc.) — but network engineers use OSI layer terminology daily to discuss, design, troubleshoot, and document those same networks. The models describe the same physical reality at different levels of granularity: TCP/IP (4 layers) for practical protocol mapping, OSI (7 layers) for precise analytical discussion. See: OSI Layer Functions | Common Port Numbers

← Back to Home