Numerics

2-tier spine-leaf topology A newer network topology design from Cisco Systems that is used in technologies such as Cisco ACI. The two tiers are called spine and leaf. Each leaf device is connected to every spine device in a full mesh. The spine is considered the backbone or the core of the network. The spine is the glue that allows for the communications between leaf devices. If one leaf needs to send traffic to another leaf, it must send the traffic through the spine.

802.1Q A technology that inserts tags into frames in order to identify the virtual local-area network (VLAN) to which traffic belongs when traveling over a trunk link.

802.1x A security protocol suite for authentication of local-area network (LAN) and wireless local-area network (WLAN) users.

A

AAA (Authentication, Authorization, Accounting) Security protocols that assist with proving identity, assigning permissions, and tracking access and actions performed.

ACE (access control entry) A permit or deny statement in an access control list (ACL).

ACL (access control list) A list of access control entries (ACEs) that are checked to match traffic on a Cisco device; ACLs are often used to filter traffic assigned to an interface.

administrative distance A value that ranges from 0 through 255 that determines the believability of a source’s routing information; a lower value is preferred.

advanced distance vector protocol A routing protocol that combines some of the characteristics of both distance vector and link-state routing protocols. Cisco’s Enhanced Interior Gateway Routing Protocol (EIGRP) is considered an advanced distance vector protocol.

Ansible An automation and orchestration tool that is a very popular open-source offering. Ansible is written in Python and uses playbooks written in YAML to carry out the automation. It is unique in that it is agentless. The control node uses Secure Shell (SSH) to manage systems, and these systems do not require any special agent software in order to be configured and maintained.

anycast The ability to assign identical IP addresses to different nodes. The network then calculates and forwards traffic to the “closest” device to respond to client requests.

AP (access point) A device that connects an end user to a network by using IEEE wireless technologies; APs are often dual band.

AP Modes Different modes available with Cisco Access Points for various functions; for example, to have the access point assist with WLAN troubleshooting or security.

API (application programming interface) A set of options that permit simplified access to the functions of a software application or infrastructure.

application layer The highest layer of the Open Systems Interconnection (OSI) model (Layer 7), which represents network services to support end-user applications such as email and File Transfer Protocol (FTP).

Application Virtualization Technology that separates applications from the underlying operating system running on the host system.

ARP (Address Resolution Protocol) A protocol used to map a known logical address to a physical address. A device performs an ARP broadcast to identify the physical Layer 2 address of a destination device on an Ethernet network. This physical address is then stored in local cache memory for later use.

AS (autonomous system) A group of networks under common administration that share a routing strategy.

attenuation The reduction in strength of a signal whenever it travels through a medium. Attenuation occurs with any type of signal, whether electromagnetic or audio. Sometimes referred to as signal loss.

Auto MDI-X A feature that many Cisco devices support on ports. These ports can detect whether a connection would require a crossover cable instead of a straight-through cable and can manipulate the port settings to function with either cable that is connected.

automation The ability to dynamically carry out tasks on a network. For example, a network device might monitor itself (based on the configuration) and then automatically purge files when a storage facility is nearly full.

B

backup configuration The version of a Cisco device configuration stored in the nonvolatile random-access memory (NVRAM) of a system; also called the startup configuration. Also, a copy of a configuration that exists on a remote Trivial File Transfer Protocol (TFTP) or File Transfer Protocol (FTP) server.

bandwidth The capacity of a network link that is available to carry traffic over a physical medium.

BGP (Border Gateway Protocol) An exterior routing protocol that exchanges route information between autonomous systems.

bidirectional NAT (Network Address Translation) A form of NAT that features address translation from the inside network to the outside network as well as translation of traffic flowing from the outside network to the inside network.

boot field The lowest 4 bits of the 16-bit configuration register in Cisco IOS devices. The value of the boot field determines the order in which a router searches for Cisco IOS software.

BPDU guard A Spanning Tree Protocol (STP) security feature for blocking rogue switches.

bridge A device used to segment a local-area network (LAN) into multiple physical segments. A bridge uses a forwarding table to determine which frames need to be forwarded to specific segments. Bridges isolate local traffic to the originating physical segment but forward all nonlocal and broadcast traffic.

broadcast A data frame that is sent to every node on a local segment.

C

CAM (content-addressable memory) The specialized memory used to store a CAM table, which is a dynamic table in a network switch that maps Media Access Control (MAC) addresses to ports. It is the essential mechanism that separates network switches from hubs; the CAM table is often considered to be synonymous with the MAC address table.

CAPWAP (Control and Provisioning of Wireless Access Points) An Internet Engineering Task Force (IETF) standard that Cisco lightweight access points (APs) use to communicate between the controller and other lightweight APs on the network. CAPWAP, which is based on Lightweight Access Point Protocol (LWAPP), is a standard, interoperable protocol that enables a controller to manage a collection of wireless APs.

CDP (Cisco Discovery Protocol) A Cisco-proprietary protocol for discovering information about neighbors.

channel A single communications path on a system. In some situations, channels can be multiplexed over a single connection.

chassis aggregation A technology that allows many switches to act as a single switch.

checksum The result of a calculation used to ensure the integrity of data. Many protocols include checksum fields to verify that no errors are introduced during transmission.

Chef A configuration management tool written in Ruby and Erlang. It uses a Ruby domain-specific language for writing system configuration recipes. Chef is used to streamline the task of configuring and maintaining a company’s servers and can integrate with cloud-based platforms such as Amazon EC2, Google Cloud Platform, Oracle Cloud, OpenStack, SoftLayer, Microsoft Azure, and Rackspace to automatically provision and configure new machines.

CIDR (classless interdomain routing) A process implemented to resolve the rapid depletion of Internet Protocol (IP) address space on the Internet and to minimize the number of routes on the Internet. CIDR provides a relatively efficient method of allocating IP address space by removing the concept of classes in IP addressing. CIDR enables routes to be summarized on powers-of-two boundaries; therefore, it reduces multiple routes into a single prefix.

Cisco DNA Center A network management and command center for provisioning and configuring many network devices using a single graphical user interface (GUI). It can utilize advanced artificial intelligence (AI) and machine learning (ML) to proactively monitor, troubleshoot, and optimize a network. Cisco DNA Center also integrates with third-party systems for improved operational processes.

classful addressing A type of addressing that categorizes Internet Protocol (IP) addresses into ranges that are used to create a hierarchy in the IP addressing scheme. The most common classes are A, B, and C, which can be identified by looking at the first three 3 bits of an IP address.

classless addressing A type of addressing that does not categorize addresses into classes and that is designed to deal with wasted address space.

client DNS configuration Configuration of DNS on a client that permits the device to resolve fully qualified domain names (such as www.yahoo.com) to the Internet Protocol (IP) addresses needed for network communication.

cloud services Resources that exist on the Internet for use by several customers.

collapsed core network design A simplified version of the three-layer network model from Cisco Systems that collapses the distribution layer into the core layer, resulting in two layers: core and access.

collision The result of two frames colliding on a transmission medium. In modern Ethernet networks, this condition is avoided through the use of switches.

configuration register A 16-bit storage location that is set as a numeric value (usually displayed in hexadecimal form) and used to specify certain actions on a router, such as where to look for the IOS image and whether to load the startup configuration from NVRAM (nonvolatile random-access memory).

congestion A situation that occurs during data transfer when one or more computers generate network traffic faster than it can be transmitted through the network.

congestion management A quality of service (QoS) category for dealing with network congestion.

console A direct access to a router for configuring and monitoring the router.

container A newer virtualization technology that permits the virtualization of applications (or services) without requiring the complete virtualization of an underlying operating system.

control plane A category of network processing that involves control protocols such as routing protocols.

controller A software-defined networking control plane device.

convergence The result when all routers within an internetwork agree on routes through the internetwork.

CRC (cyclic redundancy check) An error-checking mechanism by which the receiving node calculates a value based on the data it receives and compares it with the value stored within the frame from the sending node.

CRUD (Create, Read, Update, Delete) The basic functions of persistent storage.

cryptography The practice and study of techniques for secure communication in the presence of third parties called adversaries.

CSMA/CA (carrier-sense multiple access with collision avoidance) A physical specification used in wireless networks to provide contention-based frame transmission. A sending device first verifies that data can be sent without contention before it sends the data frame.

CSMA/CD (carrier-sense multiple access with collision detection) A physical specification used by Ethernet to provide contention-based frame transmission. CSMA/CD specifies that a sending device must share physical transmission media and listen to determine whether a collision occurs during or after transmitting. In simple terms, this means that an Ethernet card has a built-in capability to detect a potential packet collision on the internetwork.

D

DAI (dynamic ARP inspection) A technology made possible by Dynamic Host Configuration Protocol (DHCP) snooping that helps guard against Media Access Control (MAC) address spoofing in the network. It also helps guard against many different MAC-related attacks, such as MAC flooding.

data access port A port on a switch that is used to accept traffic from a single VLAN from workstations (or up to two VLANs if an IP phone is also attached to the port). Contrast this with a trunk port that is carrying the traffic of many VLANs.

data plane A category of network processing that involves the movement of user traffic.

de-encapsulation The process by which a destination peer layer removes and reads the control information sent by the source peer layer in another network device.

default mask A binary or decimal representation of the number of bits used to identify an Internet Protocol (IP) network. The class of the IP address defines the default mask. The mask can be presented in dotted-decimal notation or as the number of bits making up the mask.

default route A network route used for destinations that don’t have a better match in the routing table.

default routing The process of creating a default gateway for unknown destinations.

default VLAN (virtual local-area network) A VLAN that permits all ports to participate in it by default. By default, access ports are assigned to the default VLAN. In a Cisco switch with the default factory configuration, the default VLAN is VLAN 1.

delay The amount of time necessary to move a packet through an internetwork from source to destination.

demarc The point of demarcation between a carrier’s equipment and the customer premises equipment (CPE).

device access The ability to connect to a Cisco device for management using a wide variety of methods, including Secure Shell (SSH), Telnet, and the console.

device trust Trust for the quality of service (QoS) markings sent from a device.

DHCP (Dynamic Host Configuration Protocol) A communication protocol that permits a server to automatically assign the IP address information required by clients on the network, along with a slew of other useful information (such as default gateway and Domain Name System [DNS] server). DHCP servers and DHCP clients are involved in the process.

DHCP (Dynamic Host Configuration Protocol) relay A device on a network that forwards DHCP requests from clients as unicast traffic to a DHCP server on a remote network segment.

DHCP A technology for eliminating rogue DHCP servers in a network.

distance vector protocol An interior routing protocol that relies on information from immediate neighbors only instead of having a full picture of the network. Most distance vector protocols involve each router sending all or a large part of its routing table to its neighboring routers at regular intervals.

DMVPN (Dynamic Multipoint Virtual Private Network) A Cisco technology for dynamically connecting spokes to the hub over a public network.

DNS (Domain Name System) A system used to translate fully qualified hostnames or computer names into Internet Protocol (IP) addresses.

dotted-decimal notation A method of representing binary IP addresses in decimal format. Dotted-decimal notation represents the four octets of an IPv4 address in four decimal values separated by dots (that is, periods or decimal points).

dynamic NAT (Network Address Translation) A form of NAT that uses a pool of addresses for translation and access lists to define the addresses that will be translated.

dynamic port security A variation of port security that features Media Access Control (MAC) addresses that are dynamically learned and allowed on the switch port.

dynamic route A network route that adjusts automatically to changes within the internetwork. These routes are learned dynamically via a routing protocol.

dynamic routing Using routing protocols to dynamically share prefix and next-hop information.

E

eBGP (External Border Gateway Protocol) A form of BGP that involves peering with a remote autonomous system (AS).

EGP (exterior gateway protocol) A protocol designed to route traffic between autonomous systems (ASs).

EIGRP (Enhanced Interior Gateway Routing Protocol) A Cisco-proprietary routing protocol that includes features of both distance vector and link-state routing protocols. EIGRP is considered an advanced distance vector protocol.

EIGRP (Enhanced Interior Gateway Routing Protocol) for IPv4 A hybrid routing protocol designed by Cisco in an attempt to address scalability while offering ease of configuration.

EIGRP for IPv6 A protocol for IPv6 routing based upon EIGRP.

encapsulation The process of wrapping data in a particular protocol header. In the context of the Open Systems Interconnection (OSI) model, encapsulation is the process by which a source peer layer includes header and trailer control information with a protocol data unit (PDU) destined for its peer layer in another network node. The information that is encapsulated instructs the destination peer layer how to process the information. Encapsulation occurs as information is sent down the protocol stack.

endpoint A generic term used to describe an entity in an internetwork that is using the network to communicate. Examples of endpoints include end-user workstations, network printers, and file servers.

errdisable recovery A Cisco device feature that permits automatic recovery from error conditions after a set duration of time.

error One of the many different error conditions that might occur in an Ethernet network. The show interface command is used to see the errors for an interface.

escalation The process of taking a troubleshooting issue to other parties for their assistance.

EtherChannel The bundling of links together for shared bandwidth.

Ethernet frame format The common fields in modern Ethernet frames, including a source Media Access Control (MAC) address and destination MAC address, which are critical fields for Ethernet switches.

Ethernet switching A process that permits full-duplex communication that is collision free in modern local-area networks (LANs).

EXEC The user interface for executing Cisco router commands.

exploit A piece of software or another mechanism that leverages a vulnerability in a system in order to carry out an attack.

extended ACL (access control list) An ACL that permits the matching of traffic using many different criteria, including source Internet Protocol (IP) address and destination IP address.

extended options Extra options used by commands such as ping and traceroute for adjusting various parameters when running network tests using Internet Control Message Protocol (ICMP).

F

fault isolation The process of determining exactly where a problem exists in a network.

FCS (frame check sequence) Extra characters added to an Ethernet frame for error control purposes. FCS is the result of a cyclic redundancy check (CRC).

FHRP (first hop redundancy protocol) A protocol such as Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), or Gateway Load Balancing Protocol (GLBP) that is used to make multiple default gateways available to client systems.

file system management The process of managing the various storage facilities within a Cisco device, including components such as random-access memory (RAM), nonvolatile random-access memory (NVRAM), flash, and universal serial bus (USB).

firewall A hardware or software device that seeks to protect a network or device at specific points in the network.

flash Router memory that stores the Cisco IOS image and associated microcode. Flash is erasable, reprogrammable read-only memory (ROM) that retains its content when the router is powered down or restarted.

floating static route A route that has an artificially high administrative distance value in order to make dynamic routes more preferred. Such routes are used as backup routes when the dynamic routing protocol fails to determine a path to a destination.

flow control A mechanism that throttles back data transmission to ensure that a sending system does not overwhelm the receiving system with data.

frame flooding A process in which a switch sends traffic out all ports except for the port where the traffic entered. This is done for broadcast frames and unknown unicast frames.

frame rewrite A process in which routers manipulate address information inside the packets they are sending. Specifically, they rewrite MAC address information.

frame switching The processes used on an Ethernet switch to efficiently forward and filter traffic in the LAN.

frame tagging A method of tagging a frame with a unique user-defined virtual local-area network (VLAN). The process of tagging frames allows VLANs to span multiple switches.

FTP (File Transfer Protocol) A protocol used to copy a file from one host to another host, regardless of the physical hardware or operating system of each device. FTP identifies a client and server during the file transfer process. In addition, it provides a guaranteed transfer by using the services of Transmission Control Protocol (TCP).

full-duplex The physical transmission process on a network device by which one pair of wires transmits data while another pair of wires receives data. Full-duplex transmission is achieved by eliminating the possibility of collisions on an Ethernet segment, thereby eliminating the need for a device to sense collisions.

G

gateway of last resort The router to which traffic is sent when a more exact destination of the traffic is not in the local routing table.

global configuration mode An IOS CLI mode that enables simple device configuration commands—such as router names, banners, and passwords—to be executed. Global configuration commands affect the whole device rather than a single interface or component.

global unicast The IPv6 address type that is used for Internet routing.

GRE (generic routing encapsulation) A process used for tunneling IPv4 traffic.

H

half-duplex A physical transmission process in which only a single device in the broadcast domain can send data at a time. In a half-duplex Ethernet network, CSMA/CD is used.

header Control information placed before the data during the encapsulation process.

hierarchical routing protocol A routing environment that relies on several routers to compose a backbone. Most traffic from non-backbone routers traverses the backbone routers (or at least travels to the backbone) to reach another non-backbone router.

hop count The number of routers a packet passes through on its way to the destination network.

host route The most specific route possible in the routing table. This route features a 32-bit or 128-bit mask, depending on whether IPv4 or IPv6 is used.

hostname A logical name given to a network device.

HSRP (Hot Standby Router Protocol) A first hop redundancy protocol (FHRP) that permits multiple default gateways in the network.

hybrid cloud Cloud technology that includes internal and external cloud components.

hybrid topology A network that features the use of multiple topologies, such as a star topology connected to a full mesh topology.

hypervisor Software that makes virtualization of servers possible. A Type 1 hypervisor runs directly on top of host hardware (bare metal), and a Type 2 hypervisor runs within an operating system.

I

iBGP (Interior Border Gateway Protocol) A form of BGP that involves peering within an autonomous system (AS).

ICMP (Internet Control Message Protocol) A protocol that communicates error and control messages between Internet Protocol (IP) devices. Multiple types of ICMP messages are defined. ICMP enables devices to check the status of other devices and is used with ping and traceroute.

IEEE (Institute of Electrical and Electronics Engineers) An organization with many functions, activities, and objectives, including defining standards for many local-area networks (LANs), including Ethernet (802.3), wireless LANs (802.11), Zigbee (802.15.4), WiMax (802.16), and many more.

implicit deny all A statement that ends every ACL. It is an implied deny statement which ensures that packets not matching an explicit entry are denied. It does not appear as a separate ACE when listing an ACL.

initial configuration dialog The dialog used to configure a router the first time it is booted or when no configuration file exists. The initial configuration dialog is an optional tool used to simplify the configuration process. It is often called setup mode.

initial device configuration Configuration provided by an administrator or provided by the Cisco factory default of the basic parameters of a device.

inside global The inside addresses after they have been translated with Network Address Translation (NAT). Inside global addresses are registered addresses that represent inside hosts to outside networks.

inside local The addresses on the inside of a network before they are translated with Network Address Translation (NAT).

interface A router component that provides network connections to an external transmission medium. Depending on the model of router, interfaces exist either on the motherboard or on separate, modular interface cards. Interfaces can also be logical, such as loopback interfaces or 802.1Q subinterfaces.

interior routing protocol A routing protocol that exchanges information within an autonomous system (AS). Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) are examples of interior routing protocols.

inter-VLAN routing The process of using a routing engine (RE) to move packets from one VLAN to another. Remember that VLANs usually have a one-to-one correlation with IP subnets.

IOS recovery The process of copying a valid IOS image to a Cisco device that has a troubled operating system. This is often done from a Trivial File Transfer Protocol (TFTP) server that stores backup or upgraded IOS files.

IOS tool One of the many powerful troubleshooting and monitoring tools built in to IOS.

IP (Internet Protocol) One of the many protocols maintained in the Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols. IP is the Layer 3 network-level mechanism used for Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). IP comes in two versions: version 4 (IPv4) and version 6 (IPv6).

IP SLA (service-level agreement) A tool for testing a network and monitoring its health and performance over time.

IP standard access list An access list that provides a way of filtering IP traffic on a router interface based on only the source IP address or range.

IPS (intrusion prevention system) A specialized security device that can recognize attack traffic and drop that traffic before it reaches critical parts of the network. Cisco next-generation firewalls often have built-in IPS capabilities.

IPsec (IP Security) A suite of protocols that provide security over a network to Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) packets. IPsec is often used with virtual private networks (VPNs) today.

IPv6 (Internet Protocol version 6) autoconfiguration The ability of an IPv6 device to receive its IPv6 address information automatically, with little to no administrator intervention.

IPv6 (Internet Protocol version 6) stateless address autoconfiguration The IPv6 process for assigning full IPv6 address information to devices that require it.

J

JSON (JavaScript Object Notation) An open-standard file format that uses human-readable text to transmit data objects consisting of attribute/value pairs and array data types. It is a very common data format, with a diverse range of applications, such as serving as a replacement for XML in AJAX systems.

K

keepalive frame A protocol data unit (PDU) transmitted at the data link layer that is used for multiple purposes, including verifying that an interface is up and available.

L

LACP (Link Aggregation Control Protocol) A protocol that can dynamically create EtherChannels.

LAG (link aggregation) A form of link aggregation found on many Cisco devices, including many wireless LAN controllers (WLCs). LAG permits the sharing of bandwidth for multiple ports and also offers fault tolerance in the event of a LAG link failure.

LAN (local-area network) protocol A set of rules used for the transmission of data within a LAN. A popular LAN protocol is Ethernet.

Layer 2 EtherChannel The bundling of links together at Layer 2 for switching traffic.

Layer 2 protocol A protocol such as Cisco Discovery Protocol (CDP) that operates at Layer 2 of the Open Systems Interconnection (OSI) model.

Layer 3 EtherChannel The bundling of links together at Layer 3 for routed traffic.

Layer 3 switch Another name for a multilayer switch. Layer 3 switch indicates that the device has routing intelligence (capabilities) built inside it, permitting it to both switch and route traffic.

licensing The process of acquiring the legal permission required to run a particular software product on a device.

link-local address A special IPv6 address used to permit communication between devices sharing the same data link.

link-state protocol An interior routing protocol in which each router sends the state of its own network links across the network to every router within its autonomous system (AS) or area. This process enables routers to learn and maintain full knowledge of the network’s exact topology and how it is interconnected. Link-state protocols, such as Open Shortest Path First (OSPF), use a “shortest path first” algorithm.

LLC (logical link control) sublayer A sublayer of the data link layer that provides some of the functions needed to support the data link layer.

LLDP (Link Layer Discovery Protocol) An open-standard Layer 2 technology that permits devices to learn information about each other over the local link.

local authentication A process in which a Cisco device performs the security checks required to prove the identity of a user requesting access to the device, using its running configuration on the local router.

local SPAN A monitoring tool for a local switch.

log event Information recorded about the health and operation of a device, thanks to the local syslog system.

logging The process on a Cisco router of using syslog to report about the operation and health of the local device.

logical addressing Network layer IP addressing (as opposed to the physical addressing of the data link layer). A logical address consists of two parts: the network and the node.

login banner A message presented to a user just before the username prompt on the device. Such banners are often used for security warnings.

loopback A virtual interface that is used for many maintenance and monitoring techniques. It can also provide a stable connection between devices that have multiple physical paths in the event that one of those paths goes down, since loopbacks should always be available as long as one physical path between the devices remains functional.

LSA (link-state advertisement) A data structure in OSPF that contains the status of a router’s links or network interfaces. LSAs are carried in link-state updates (LSUs).

M

MAC (Media Access Control) address A physical Layer 2 address used to define a device uniquely on a data link.

MAC (Media Access Control) address table The database on a Layer 2 switch that lists the MAC addresses known by the device and the ports these MAC addresses are attached to.

MAC (Media Access Control) aging The process of removing stale MAC addresses from a Layer 2 switch.

MAC (Media Access Control) learning The process of recording the source MAC addresses for incoming frames on a Layer 2 switch.

marking The tagging of traffic with an identifier to be used for quality of service (QoS).

Maximum MAC Addresses A port security feature that permits you to restrict the total number of Media Access Control (MAC) addresses associated with a port in the MAC address table.

MD5 Verify A Cisco device feature that permits the integrity verification of an IOS image.

mesh topology A network topology that features full connections or partial connections between all network nodes.

metric The relative cost of sending packets to a destination network over a specific network route. Examples of metrics include hop count and cost.

Metro Ethernet A version of Ethernet used for the creation of a metropolitan-area network (MAN).

mitigation The actions and technologies that are put in place in order to help guard against security attacks to systems.

Modified EUI-64 A method of assigning an IPv6 node with its host address portion; this is one of the many time-saving features of IPv6.

MPLS (Multiprotocol Label Switching) The switching of traffic using labels instead of IP address information. Typically used within provider networks.

multi-area OSPF A feature of OSPF that divides a routed system into hierarchical areas, allowing greater control over routing update traffic. Router loads are generally reduced, as is the frequency of SPF recalculation. Multi-area OSPF can scale to large deployments.

multicasting A process of using one IP address to represent a group of IP hosts. Multicasting is used to send messages to a subset of IP addresses in a network or networks.

multipath routing protocol A routing protocol that load balances over multiple optimal paths to a destination network. This is often used when the costs of the paths are equal. (EIGRP can load balance across unequal-cost paths.)

multiplexing A transport layer method in which application conversations are combined over a single channel by interleaving packets from different segments and transmitting them.

N

named ACL (access control list) An ACL that uses a name instead of a number as an identifier.

NAT (Network Address Translation) The process of translating internal IP addresses to routable registered IP addresses on the outside of a network.

native VLAN A VLAN on a trunk link that is not tagged with an 802.1Q VLAN identifier. All untagged traffic on a trunk link belongs to the native VLAN.

network command The command Border Gateway Protocol (BGP) uses to advertise a local prefix.

network mask The subnet mask used with an IP address.

next-generation firewall The latest firewalls from Cisco Systems, which feature cutting edge technologies and capabilities, thanks in great part to the Cisco acquisition of Sourcefire in 2013.

next hop The next device in a path to reach a network destination.

NIC (network interface card) An adapter or circuitry that allows a network host to attach to a data link.

northbound API (application programming interface) The communications in SDN from the management station to the SDN controller.

NTP (Network Time Protocol) A protocol that provides IP network-based synchronization of device clocks, facilitating log and transaction analysis, and improving quality-of-service (QoS) responsiveness in voice and video over IP systems.

numbered ACL (access control list) An access control list (ACL) identified by a number instead of a name.

NVRAM (nonvolatile random-access memory) A memory area of a router that stores permanent information, such as the router’s backup configuration file. The contents of NVRAM are retained when the router is powered down or restarted.

O

OSI (Open Systems Interconnection) model A layered networking framework developed by the International Organization for Standardization that describes seven layers that correspond to specific networking functions.

OSPF (Open Shortest Path First) A hierarchical link-state routing protocol that was developed as a successor to the distance vector protocol Routing Information Protocol (RIP).

OSPFv2 (Open Shortest Path First version 2) OSPF for IP version 4 (IPv4).

OSPFv3 (Open Shortest Path First version 3) OSPF for IP version 6 (IPv6).

P

packet switching A process by which a router moves a packet from one interface to another.

PAgP (Port Aggregation Protocol) A protocol for dynamically bundling EtherChannels.

passive-interface A routing protocol command that places a router interface into “receive-only” mode so that no routing updates are sent out, but those that are received are processed. This allows the passive interface’s network to be advertised out other interfaces without generating unnecessary routing protocol traffic on the passive interface network.

password recovery The process of resetting the password on a Cisco device in order to permit access to the device. This typically requires physical access to the device. On newer Cisco devices, password recovery usually involves totally wiping any stored configuration.

PAT (Port Address Translation) A form of NAT that allows many different inside devices to share a single global address for translation.

PDU (protocol data unit) A unit of measure that refers to data that is transmitted between two peer layers in different network devices. Segments, packets, and frames are examples of PDUs.

peer-to-peer communication A form of communication that occurs between the same layers of two different network hosts.

peerings A term for BGP adjacencies.

ping A software tool for testing IP connectivity between two devices. ping is used to send multiple Internet Control Message Protocol (ICMP) packets to a receiving device. The destination device responds with another ICMP packet to notify the source device of its existence.

PoE (Power over Ethernet) A series of standards that deliver power to end devices using the Ethernet connection the device is already using for data. PoE is often used to power APs, VoIP phones, and video over IP cameras.

policing A quality of service (QoS) technique that involves dropping traffic that exceeds a certain rate.

port security A system of MAC-based switch port security capabilities that can limit or deny access to certain hosts attempting to connect to a switch port.

port security violation actions The various actions that can be taken when there is a port security violation.

PortFast A Spanning Tree Protocol (STP) feature that transitions a port to forwarding almost immediately.

preemption The ability of a Hot Standby Router Protocol (HSRP) device to take over as the active forwarder.

prefix The network portion of a Layer 3 logical address.

presentation layer Layer 6 of the Open Systems Interconnection (OSI) model, which is concerned with how data is represented to the application layer.

prioritization A quality of service (QoS) feature that permits some traffic to receive better treatment compared to other traffic.

priority The process of giving certain traffic forms preferential treatment over other traffic forms.

private cloud Cloud technology that resides internal to a company.

private IPv4 (Internet Protocol version 4) address An IPv4 address that is for use in internal networks only. Private IPv4 addressing allows for the duplication of addresses behind corporate network boundaries and was created to help ward off the IPv4 address shortage. RFC 1918 lists most of the private IPv4 address space.

privileged mode An extensive administrative and management mode on a Cisco router. This CLI mode permits testing, debugging, and commands to modify the router’s configuration.

protocol A formal description of a set of rules and conventions that defines how devices on a network must exchange information.

public cloud Cloud technology that exists external to a company.

Puppet An open-core software configuration management tool. It runs on many UNIX-like systems as well as on Microsoft Windows and includes its own declarative language to describe system configuration. It is written in C++, Clojure, and Ruby, and its free- software version is released under the Apache License 2.0.

PVST+ (Per VLAN Spanning Tree) A Cisco implementation of STP that provides an STP topology for each VLAN in your infrastructure.

R

RAM (random-access memory) A memory area of a router that serves as a working storage area. RAM contains data such as routing tables, various types of caches and buffers, and input and output queues and the router’s active configuration file. The contents of RAM are lost when the router is powered down or restarted.

REST (representational state transfer) A software architectural style that defines a set of constraints to be used for creating web services. Web services that conform to the REST architectural style, called RESTful web services, provide interoperability between computer systems on the Internet. RESTful APIs are now hugely popular, thanks to the explosion in cloud technology.

RIP (Routing Information Protocol) A distance vector routing protocol that uses hop count as its metric.

ROM (read-only memory) A type of memory that stores the bootstrap program and power-on diagnostic programs.

ROM Monitor mode A mode on a Cisco router that allows basic functions such as changing the configuration register value or loading an IOS image to Flash from a Trivial File Transfer Protocol (TFTP) server.

route aggregation The process of combining multiple IP networks into one superset of those networks. Route aggregation is implemented to reduce the number of routing table entries required to forward IP packets accurately in an internetwork.

routed protocol A protocol that can be routed, such as Internet Protocol (IP).

router-on-a-stick A router attached to a trunk link that is used to route between the VLANs on the trunk.

router mode A mode that enables the execution of specific router commands and functions. User and privileged are examples of router modes that allow you to perform certain tasks.

routing algorithm Well-defined rules that aid routers in the collection of route information and the determination of the optimal path.

routing protocol A protocol that uses algorithms to generate a list of paths to a particular destination and the cost associated with each path. Routers use routing protocols to communicate with each other the best route to use to reach a particular destination.

routing table An area of a router’s memory that stores route forwarding information. Routing tables contain information such as destination network, next hop, and associated metrics.

RSTP (Rapid Spanning Tree Protocol) A newer version of Spanning Tree Protocol (STP) that provides very fast convergence due to the many enhancements over the original protocol, including a new proposal and agreement mechanism that uses the point-to-point links between switches.

running configuration The configuration in RAM on a Cisco device that is currently being used by the device.

S

SCP (Secure Copy Protocol) A protocol that permits the secure transfer of files in a network. SCP relies upon Secure Shell (SSH) for the security mechanisms.

SDN (software-defined networking) An approach to network management that enables dynamic, programmatically efficient network configuration. The goals of SDN are to improve network performance and monitoring, as well as quickly deploy changes to meet business requirements.

session layer Layer 5 of the Open Systems Interconnection (OSI) model, which establishes, manages, and terminates sessions between applications on different network devices.

setup mode The router mode triggered on startup if no configuration file resides in nonvolatile random-access memory (NVRAM).

shaping The quality of service (QoS) process of buffering traffic that goes over a certain rate.

sliding window A method by which TCP dynamically adjusts the window size during a connection, enabling the receiving device involved in the communication to slow down the sending data rate. The purpose of the sliding window mechanism is to maximize throughput through a network and between two hosts.

SMTP (Simple Mail Transfer Protocol) A protocol used to pass mail messages between devices; SMTP uses Transmission Control Protocol (TCP).

SNMP (Simple Network Management Protocol) A standards-based protocol that allows remote monitoring and management of networked devices.

SNMP (Simple Network Management Protocol) version 2c A version of SNMP that does not provide sophisticated security.

SNMP (Simple Network Management Protocol) version 3 A version of SNMP that provides sophisticated security.

socket The combination of the source and destination Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port numbers and the source and destination Internet Protocol (IP) addresses. A socket can be used to define any UDP or TCP connection uniquely.

source addressing The management technique of specifying the source IP address of traffic coming from a router. This often allows for more consistent or reliable traffic management.

source NAT (Network Address Translation) A type of NAT that uses the source address in traffic packets.

southbound API (application programming interface) The communication protocol that allows communication between a software-defined networking (SDN) controller and network devices.

SSH (Secure Shell) A protocol that allows for secure communication between a client and a router. It is a secure alternative to Telnet.

SSID (service set identifier) A 32-byte unique identifier that is used to name a wireless network.

standard ACL (access control list) An ACL that can filter using source Internet Protocol (IP) address information.

star topology A topology with a switch connecting workstations. If this topology is drawn with the switch in the center of the network diagram, it resembles a star.

startup configuration The configuration of a device that is stored in nonvolatile random-access memory (NVRAM) for booting a system.

startup configuration file The backup configuration file on a router, stored in nonvolatile random-access memory (NVRAM).

static EtherChannel The manual configuration of an EtherChannel without the use of dynamic protocols.

static NAT (Network Address Translation) A type of NAT in which a single source address is mapped to a specific translated address.

static port security The manual configuration of a MAC address or addresses on a switch port with port security enabled.

static route A network route that is manually entered into a routing table. Static routes function well in simple and predictable network environments.

static routing The creation of static route entries for routing purposes.

sticky learning The process of recording dynamically learned MAC addresses as static entries in the running configuration of a switch running port security.

STP (Spanning Tree Protocol) A technology used to prevent Layer 2 loops.

STP (Spanning Tree Protocol) optional features Additional STP features that help secure and optimize the protocol.

STP (Spanning Tree Protocol) root bridge selection The process by which STP elects a root device.

stratum A measure of the “distance” from an authoritative time source.

subinterface One of possibly many virtual interfaces on a single physical interface.

subnet mask The network mask associated with an IP address. The purpose of this value is to distinguish between the network and host portions of the address.

subnetting A process of splitting a classful range of IP addresses into multiple Internet Protocol (IP) subnetworks to allow more flexibility in IP addressing schemes. Subnetting overcomes the limitation of address classes and allows network administrators the flexibility to assign multiple networks with one class of IP addresses.

SVI (switched virtual interface) A Layer 3 interface defined on a switch. SVIs are also called VLAN interfaces because there is usually one defined for each VLAN, allowing inter-VLAN routing to be performed by a Layer 3 switch instead of by a router. A Layer 2 switch can have only one SVI configured, and it is used for switch management.

switch A network device that provides increased port density and forwarding capabilities compared to a bridge. The increased port densities of switches enable Ethernet LANs to be segmented, thereby increasing the amount of bandwidth delivered to each device.

switch stacking The process of grouping physical switches together to allow them to act as one virtual switch.

syslog A network protocol and service that provides centralized log message archiving.

T

TACACS+ (Terminal Access Controller Access Control System Plus) A security protocol that provides authentication, authorization, and accounting (AAA) for Cisco devices.

TCP (Transmission Control Protocol) One of the many protocols maintained in the Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols. TCP provides transport layer connection-oriented and reliable service to the applications that use it.

TCP/IP (Transmission Control Protocol/Internet Protocol) model A model that represents the protocols used in the Internet Protocol (IP) protocol suite, including those at the application, transport, network, and data link layers.

TCP (Transmission Control Protocol) three-way handshake A three-step process whereby a TCP session is established. In the first step, the sending device sends the initial sequence number with the SYN bit set in the TCP header. The receiver sends back a packet with the SYN and ACK bits set. In the third and final step, the sender sends a packet with the ACK bit set.

TCP (Transmission Control Protocol) windowing A method of increasing or reducing the number of acknowledgments required between data transmissions. See also sliding window.

Telnet A standard protocol that provides a virtual terminal and enables a network administrator to connect to a device’s CLI remotely.

terminal monitor Functionality that permits a user with a Telnet or Secure Shell (SSH) session to a Cisco device to see logging messages produced by that local device.

TFTP (Trivial File Transfer Protocol) A protocol used to copy files from one device to another. TFTP is a stripped-down version of File Transfer Protocol (FTP).

three-tier network design This classic Cisco networking model defines three layers: the access, distribution, and core layers.

Timezones A clock setting that is possible on a Cisco device.

traceroute An IP service on a Cisco router that uses User Datagram Protocol (UDP) and Internet Control Message Protocol (ICMP) to identify the hops between sending and receiving devices and the paths taken from the sending devices to destinations. Typically, traceroute is used to troubleshoot Internet Protocol (IP) connectivity between two devices.

trailer Control information placed after the data in packets during the encapsulation process. See encapsulation for more detail.

transport layer Layer 4 of the Open Systems Interconnection (OSI) model, which is concerned with segmenting the upper-layer application data stream and, in the case of TCP, is concerned with establishing end-to-end connectivity through the network, sending segments from one host to another, and ensuring the reliable transport of data.

troubleshooting methodology An approach to troubleshooting using a defined sequence of steps.

trunk A communications line or link that supports multiple virtual local-area networks (VLANs) on a single physical interface. The standardized protocol for Ethernet trunks is 802.1Q.

U

UDP (User Datagram Protocol) One of the many protocols maintained in the Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols. UDP is a Layer 4, best-effort delivery protocol and, therefore, provides connectionless network services.

unicast A method of data transfer from one specific system on a network to another specific system on the network.

unidirectional NAT (Network Address Translation) NAT that occurs in one direction (for example, inside addresses being translated for outbound traffic but no translation occurring for source addresses in the return path).

unique local addressing An IPv6 approach to private addressing that is similar to IPv4’s RFC 1918 private addressing.

user mode A display-only mode on a Cisco router. Only limited information about the router can be viewed within this router mode, and no configuration changes are permitted. User mode often refers to privilege level 1, which is the default for a new user account created on the local router.

V

virtual network service A network service that has been virtualized (for example, a virtual security service).

VLAN (virtual local-area network) A technique that involves assigning devices to specific LANs based on the port to which they attach on a switch rather than the physical location. VLANs can extend the flexibility of LANs by allowing devices to be assigned to specific LANs on a port-by-port basis rather than on a per-device basis.

VLSM (variable-length subnet masking) A process that provides flexibility in assigning Internet Protocol (IP) address space. Routing protocols that support VLSM allow administrators to assign IP networks with different subnet masks. This increased flexibility saves IP address space because administrators can assign IP networks based on the number of hosts on each network.

VM (virtual machine) A server running in a virtual environment, which might be an on-premises VMware environment or a VM running in a cloud service.

VNI (virtual network infrastructure) An infrastructure that includes virtualized network devices in the enterprise.

voice port A switch port that has been configured to carry voice traffic in addition to data.

VPN (virtual private network) A very common type of network used to send confidential information over a public network. There are two major categories of VPNs: Site-to-site VPNs are used to connect different offices together securely, and a remote access VPN is used to connect a remote user to a central network.

VTP (VLAN Trunking Protocol) A protocol for configuring and administering virtual local-area networks on Cisco network devices. With VTP, an administrator can make configuration changes centrally on a single Catalyst Series switch and have those changes, such as the addition of VLANs, automatically communicated to all the other switches in the network.

vty (virtual terminal line) A virtual access port on a Cisco device that allows connectivity using protocols such as Telnet and Secure Shell (SSH).

vulnerability A misconfiguration or bug in a system that might permit security attacks to succeed. Many vulnerability scanners in the industry now are specialized devices for checking systems for such problems. A popular example is Nessus.

W

WAN (wide-area network) A network that uses data communications equipment to connect multiple local-area networks (LANs). Examples of WAN connectivity options include Metro Ethernet and L3 virtual private networks (VPNs).

well-known port One of a set of ports between 1 and 1023 that are reserved for specific Transmission Control Protocol/Internet Protocol (TCP/IP) protocols and services.

Wi-Fi channel overlap A situation in which wireless networks interfere with each other due to potential conflicts in the 2.4 GHz band. To avoid problems when you are setting up wireless access points (APs) in the 2.4 GHz band, you should be sure to use the non-overlapping channels 1, 6, and 11.

wildcard (inverse) mask A technique that is used in access control lists (ACLs) to mark bits as not being required to match. For example, the wildcard mask 0.0.0.255 means the last octet of the associated Internet Protocol (IP) address doesn’t have to match.

WLC (wireless LAN controller) A device used to control and manage wireless access points (APs) in a network.

WPA (Wi-Fi Protected Access) The main security technology in use today for Wi-Fi networks. Versions WPA, WPA2, and WPA3 are in use today, and each successive version introduces security improvements over previous versions.