The de-facto standard for IP Security (IPSec) and virtual private network (VPN) encryption.

Implementation of Ethernet that runs over thin, RG-58, or RG-59 coaxial cable. A 10BASE2 segment has a maximum distance of 185 meters (m).

Implementation of Ethernet that runs over thick coaxial cable, and each segment has a maximum distance of 485 m.

Implementation of Ethernet that runs over multimode fiber cabling. Each 10BASE-FL link has a maximum distance of 2 kilometers (km).

Implementation of Ethernet that runs over Category 3 or 5 unshielded twisted-pair (UTP) cabling. Each 10BASE-T segment has a distance of 100 m.

Implementation of Gigabit Ethernet that runs over shielded twisted-pair (STP) cabling. Each 1000BASE-CX segment has a maximum distance of 25 m.

Implementation of Fast Ethernet that runs over multimode fiber cabling. A 100BASE-FX segment has a maximum distance of 400 m in half-duplex mode and 2 km in full-duplex mode.

Implementation of Gigabit Ethernet that runs over single-mode fiber cabling. Each 1000BASE-LX segment has a maximum distance of 5 km.

Implementation of Fast Ethernet that runs over Category 5 UTP cabling. A 100BASE-TX segment has a maximum distance of 100 m.

Collective term for both 100BASE-TX and 100BASE-FX Fast Ethernet topologies.

The IEEE standard for port-based, Layer 2 authentication in 802 networks.

The IEEE standard for wired Ethernet topologies. This specification encompasses Ethernet, Fast Ethernet, and Gigabit Ethernet today.

The IEEE standard for Token Ring topologies.

The IEEE standard for wireless, Ethernet-compatible wireless LANs (WLANs).

The IEEE standard for link layer security for 802.11 networks.

The IEEE standard for link layer quality of service (QoS) for 802.11 networks.

A time value derived from the physical layer (PHY) based on radio frequency (RF) characteristics of the basic service set (BSS).

Implementation of Gigabit Ethernet that runs over multimode fiber cabling. Each 1000BASE-SX segment has a maximum distance of 220 m.

Implementation of Gigabit Ethernet that runs over Category 5 UTP cabling. Each 1000BASE-T segment has a maximum distance of 100 m.

A server that provides authentication, authorization, and accounting functions.

Transmit queues for 802.11e QoS-enabled devices.

A term used for design networks that indicates the edge of a network. In a LAN, the access layer provides end stations with connectivity to the network.

What a station receiving a frame sends back to the sending station to acknowledge the frame.

A client actively searching for an access point (AP). It usually involves the client sending probe requests on each channel it is configured to use and waiting for probe responses from APs.

The latest standard encryption algorithm endorsed by the National Institute of Standards and Technology (NIST). AES is based on the Rijndael encryption algorithm.

The mode of AES used in 802.11i.

A logical port on the AP for the wireless station.

Varying interframe spaces based on an AC's priority.

The part of the radio system designed to radiate or receive electromagnetic energy.

The central point of communications for all stations in a BSS.

Allows a station and Ethernet device (which can support one or more Ethernet variants such as 10BASE-T, 100BASE-TX, or 1000BASE-T) to automatically synchronize speed and duplex mode.

An AAA server for 802.1X or Extensible Authentication Protocol (EAP) authentication.

The entity to which a supplicant wants to secure connectivity.

An 802.11 management frame used by the AP to update the BSS of the AP's presence and its parameters.

A short-range wireless technology designed to create personal area networks.

A cipher that generates a key stream of a fixed size. The plaintext must be fragmented into matching size blocks during the encryption operation.

An Ethernet network device that physically separates two Ethernet collision domains.

An internetwork of devices that are capable of sending and receiving broadcast frames to and from one another.

A single frame destined to all stations in a broadcast domain.

A group of 802.11 stations communicating with one another via an AP.

A physical layer spreading technique used by the 802.11b standard to achieve 5.5 and 11 Mbps data rates.

A time period where access to the wireless medium requires polling via the point coordination function (PCF) or hybrid coordination function (HCF).

The device that receives packets sent by the home agent (HA) destined for the mobile node (MN). The CoA can exist on the MN itself or on the foreign agent (FA).

Overlap of two BSSs that are on the same channel.

The result of two frames being transmitted in the same collision domain at the same time.

An internetwork of Ethernet devices that contend for a single medium.

The time duration where distributed coordination function (DCF) stations contend with one another to access the medium.

A term used for designing networks that indicates the center of a network. The core layer should forward frames or packets as fast as possible between routers or switches.

The basic medium access method for 802.11 networks.

The basic medium access method for Ethernet networks.

The time period when the 802.11 medium is idle.

Enhanced DCF (EDCF) admission-control mechanism where stations determine whether they should transmit based on budget advertisements from the AP.

The second layer of the Open System Interconnection (OSI) reference model. Consists of two sublayers: the data link sublayer and the logical link sublayer.

Also known as the MAC layer, this sublayer focuses on topology-specific implementations. For example, 802.5 Token Ring networks have a different MAC from that of 802.3 Ethernet networks.

Unit for describing antenna gain relative to an isotropic antenna.

Unit for power measured relative to 1 milliwatt.

CSMA/CA operation in 802.11 wireless LANs. DCF is the required basic access mechanism for all 802.11 devices.

The amount of time after the medium becomes available that a station must wait before beginning DCF medium access. A DIFS is equal to a short interframe space (SIFS) plus two slot times.

Describes the intensity of the radiation pattern emanating from an antenna.

A term used for designing networks that indicates the layer of the network that segments the networks into distinct Layer 2 broadcast domains by using routers or Layer 3 switches. Network services, such as access control lists (ACLs), route filtering, and Network Address Translation (NAT), are applied at the distribution layer.

The symbol-encoding mechanism used for 2 Mbps 802.11 operation.

The modulation technique used for 802.11 WLAN networking.

A term that describes whether a network topology allows simultaneous transit and receive by network devices or not .

See Also full duplex, half duplex.

A Point-to-Point Protocol (PPP) authentication framework.

An EAP authentication type based on Challenge Handshake Authentication Protocol (CHAP) authentication.

An EAP authentication type based on TLS authentication. Digital certificates are used for client- and server-side mutual authentication.

A mode of encryption where the same plaintext always produces the same ciphertext.

Mandatory 802.11e contention-based traffic prioritization and medium access method.

A measurement that indicates the actual power that is radiated from an antenna.

A collection of BSSs that communicate with one another through the distribution system (usually the wired Ethernet port on an AP).

The IEEE 802.3 standard for wired 10 Mbps network operation. Other higher-speed variants to Ethernet are Fast Ethernet and Gigabit Ethernet.

The time it takes for an Ethernet frame to traverse the network diameter.

The data contained in the payload of a MAC frame.

An agent on routers or Layer 3 switches that aids the MN in determining it has roamed and in receiving packets from the HA.

Occurs when the power level of the signal drops because of various environmental factors.

The IEEE 802.3u standard for 100 Mbps network operation.

A field in MAC frames to determine whether an error has occurred during transmission. The FCS value is computed and inserted into the frame by the transmitting station. The receiving station recalculates the FCS value and compares it to the FCS value in the frame. If the values match, the frame has been received error free.

A duplex method that uses a different frequency to carry information in each direction.

The ANSI X3T9.5 standard for 100 Mbps network operation. FDDI uses a Token Ring–like topology with a multimode fiber cable plant.

A modulation technique that hops from channel to channel.

A modulation technique that shifts between two frequencies to represent 0s and 1s.

A network topology where stations can transmit and receive data simultaneously.

The IEEE 802.3z and 802.3ab standard for 1000 Mbps network operation.

The master key for broadcast and multicast frame encryption operations, including encryption and message integrity.

A common cellular phone standard.

The link layer key used to encrypt multicast and broadcast frames. The GTK is derived from the GMK.

An agent on routers or Layer 3 switches which ensures that a roaming MN receives its IP packets.

A network topology where stations can either transmit or receive data at any moment.

Optional 802.11e polled access medium mechanism.

When two stations are out of range of one another, but both are in range of the AP, the stations are said to be hidden from each other.

A half-duplex Ethernet device with multiple ports. A hub allows a single Ethernet signal to be repeated out many ports.

Protocol used by APs to communicate with one another.

A group of 802.11 stations communicating directly with one another. An IBSS is also referred to as an ad hoc network because it is essentially a simple peer-to-peer WLAN.

A weak MIC function defined in 802.11. The ICV uses a CRC-32 to provide message integrity for 802.11 frames.

Protocol used by FAs and HAs to send agent advertisements.

An ideal lossless antenna that provides the same gain in all directions.

A numeric value that is concatenated to the key before the key stream is generated to avoid the same key generating the same key stream.

A Cisco-developed EAP authentication type based on Microsoft CHAP (MS-CHAP) authentication.

Standard across all 802-based networks, this sublayer contains a simple frame protocol that provides connectionless frame delivery.

Guarantees to the frame receiver that the frame is truly from the sender (as opposed to a man-in-the-middle) and that the frame has not been tampered with during transmission.

A mobile-IP–aware roaming station.

A protocol that allows for a MN to retain a static IP address as it roams across VLANs.

A single frame destined to many stations in a broadcast domain.

Occurs when multiple versions of the transmitted signal arrive at the receiver via different paths.

Authentication where not only does the network authenticate the client, but the client also authenticates the network. This authentication is a requirement for 802.11i authentication.

The virtual carrier-sense function for 802.11 stations. The NAV is a timer on every station that is updated by data frames transmitted on the medium. A station wanting to transmit must have a NAV that is equal to 0 before it can begin DCF operation.

The distance between Ethernet stations at the extreme ends of a broadcast domain.

Number once. A number that is used only one time, primarily for cryptographic functions such as authentication or encryption.

A modulation technique used to provide very high data rates for 802.11a and 802.11g.

The 802.11 mandatory authentication type. Open authentication is a null authentication type, where any station is granted access.

Scanning where the client does not transmit any frames but rather listens for beacon frames on each channel. The client continues to change channels at a set interval, just as with active scanning, but the client does not send probe requests.

An optional coding technique used in 802.11b.

Mode of medium access for 802.11 BSSs where the AP (or point coordinator) polls PCF-pollable stations for data to transmit.

An 802.1X authentication type where server-side authentication happens using digital certificates and client-side authentication happens via another 802.1X authentication type, such as EAP-MD5.

The amount of time after the medium becomes available that a station must wait before beginning PCF medium access. A PIFS is equal to a SIFS plus one slot time.

In 802.11i networks, PMK is the dynamic key generated by 802.1X authentication.

The key used for link layer encryption in 802.11i networks.

A communication device used for electromagnetic transmission through free space.

A specific implementation of an AAA server.

The cryptographic engine used for WEP encryption.

The minimum signal level for the receiver to be able to decode the received signal.

A half-duplex Ethernet device. A repeater repeats an Ethernet signal to increase the network diameter of a given Ethernet topology. For example, you can use a repeater to extend the distance of a 10BASE-T network from 100 m to 200 m.

APs that are in the same broadcast domain and configured with the same service set identifier (SSID).

A challenge/challenge-response authentication type included in the 802.11 standard where a WEP key is the shared secret.

The shortest amount of time stations wait before attempting to access the medium. A SIFS is typically used to manage frames. For example, after a station receives a data frame, it waits for a SIFS and then sends an acknowledgment frame.

A measure of the information bits that can be communicated or the amount of spectrum that is used to convey that information.

A logical grouping for 802.11 devices.

A cipher that generates a key stream to match the size of the plaintext or unencrypted data frame.

The device that is attempting to access the LAN using 802.1X authentication.

A multiport Ethernet bridge that typically uses hardware acceleration to increase the performance of switching Ethernet frames between collision domains.

Eight distinct classifications for data as defined in 802.11e.

A modulation scheme that uses a different time slot to carry information in each direction.

An encryption and MIC algorithm included in the 802.11i standard that uses per-frame keys and lightweight message integrity to fix weaknesses in the WEP and ICV functions of in the 802.11 standard.

A logical ring-based topology with deterministic, noncontention-based medium access. Typical data rates are 16 Mbps and 4 Mbps.

A moment in time when a station can begin transmitting frames for a given duration. A TXOP can facilitate multiple frames/acknowledgments as long as they fit within the duration of the TXOP.

A new technology that provides very high data rates through the use of very short durations and very low power pulses.

A single frame destined to a specific station in a broadcast domain.

A broadcast domain.

A measure of the reflections formed from impedance mismatches along transmission lines.

A Layer 2 encryption algorithm based on the RC4 algorithm to provide data privacy for 802.11 networks.