200-301Glossary — Key Terms & Definitions

A 48-bit hardware identifier burned into every network interface card.

A Layer 2/3 protocol that maps known IP addresses to unknown MAC addresses.

A Layer 3 protocol used for network diagnostics and error reporting.

A Layer 4 connection-oriented protocol that guarantees reliable, ordered delivery.

A Layer 4 connectionless protocol that prioritises speed over reliability.

The set of all devices that receive a Layer 2 broadcast frame.

A network segment where two devices can cause a collision if they transmit simultaneously.

The largest size (in bytes) of a frame or packet that can be sent on a network link.

A virtual IP address on a router that is always up and never tied to a physical interface.

A 32-bit value that divides an IP address into the network and host portions.

A method of IP address allocation that uses prefix notation instead of fixed class boundaries.

Using different subnet mask lengths within the same major network to minimise IP waste.

Using the same subnet mask length for all subnets in a network.

The inverse of a subnet mask, used in ACLs and OSPF network statements.

The IP address of the router a host sends packets to when the destination is on a different subnet.

A link-state routing protocol that calculates the best path using cost based on bandwidth.

The elected OSPF router on a multi-access network that collects and distributes LSAs on behalf of all neighbours.

The OSPF router elected to take over as DR if the current DR fails.

The information packets OSPF routers flood to share their link state with all other OSPF routers.

A 32-bit value that uniquely identifies an OSPF router within an OSPF domain.

A value (0–255) that tells a router how trustworthy a routing source is when multiple sources advertise the same prefix.

The value a routing protocol uses to measure the desirability of a route to the same destination.

A catch-all route (0.0.0.0/0) used when no more-specific route exists in the routing table.

A manually configured route that does not update automatically when the network changes.

A backup static route with a higher AD than the primary dynamic route, installed only if the primary fails.

A Cisco proprietary FHRP that provides a virtual IP gateway shared by an active and standby router.

A category of protocols that provide a virtual gateway IP shared across multiple routers for redundancy.

An open-standard FHRP where routers elect a Master that owns the virtual IP and responds to ARP requests.

A Cisco proprietary FHRP that provides redundancy and load balancing using multiple virtual MACs.

A virtual Layer 3 interface on a switch used to route between VLANs.

A link aggregation technology that bundles multiple physical Ethernet links into one logical link.

The IEEE 802.3ad open-standard protocol used to negotiate EtherChannel formation.

Cisco's proprietary EtherChannel negotiation protocol.

A logical segmentation of a switch network into separate broadcast domains.

A switch port configured to carry traffic for multiple VLANs using 802.1Q tags.

A switch port assigned to a single VLAN, connecting end devices such as PCs and printers.

The VLAN whose frames pass untagged on a trunk link — VLAN 1 by default.

A dedicated VLAN for IP phone traffic, configured on an access port alongside a data VLAN.

A Cisco proprietary protocol that automatically negotiates trunk formation between switches.

A Layer 2 loop-prevention protocol that blocks redundant paths in a switched network.

An enhanced version of STP that converges in seconds instead of 30–50 seconds.

A Cisco enhancement of STP that runs a separate spanning tree instance for each VLAN.

The STP control frames that switches exchange to elect the Root Bridge and maintain the spanning tree.

An STP feature that bypasses the Listening and Learning states on access ports, putting them immediately into Forwarding.

Shuts down a PortFast-enabled port if it receives a BPDU, protecting the spanning tree.

Prevents a port from becoming the Root Port, protecting the Root Bridge position.

Protects against STP loops by detecting unidirectional link failures where BPDUs stop arriving.

A protocol that automatically assigns IP addresses and network parameters to clients.

A hierarchical system that translates human-readable hostnames into IP addresses.

A technique that translates private IP addresses to public IP addresses for Internet access.

A NAT variant that maps multiple private IP addresses to a single public IP using different port numbers.

A simple UDP-based file transfer protocol used to backup and restore Cisco IOS images and configs.

A TCP-based protocol for transferring files that supports authentication and directory listing.

Mechanisms that prioritise certain types of network traffic to guarantee performance.

A 6-bit field in the IP header used to mark packets for QoS treatment.

A 3-bit priority field in the 802.1Q VLAN tag used to mark Ethernet frames for QoS.

An ordered list of permit/deny rules applied to a router interface to filter network traffic.

A switch feature that limits the number of MAC addresses allowed on a port.

A switch security feature that filters DHCP messages to prevent rogue DHCP servers.

A switch security feature that validates ARP packets using the DHCP Snooping binding table to prevent ARP spoofing.

An encrypted remote management protocol used to securely access Cisco devices.

An unencrypted remote management protocol that should be replaced by SSH.

Authentication, Authorisation, and Accounting — the three-component framework for controlling network access.

An open-standard AAA protocol that uses UDP and encrypts only the password.

A Cisco-developed AAA protocol that uses TCP and encrypts the entire authentication payload.

The current standard Wi-Fi security protocol using AES-CCMP encryption.

The latest Wi-Fi security standard featuring SAE (Simultaneous Authentication of Equals) and enhanced protection.

An IEEE standard for port-based authentication that requires credentials before granting network access.

An API architectural style that uses HTTP methods (GET, POST, PUT, DELETE) to interact with network resources.

A lightweight, human-readable data format used to exchange data between APIs and automation tools.

An architecture that separates the network control plane from the data plane, enabling centralised programmability.

APIs on an SDN controller that allow applications and management tools to communicate with the controller.

APIs on an SDN controller that communicate with and programme the network devices below.

Cisco's SDN controller and network management platform providing centralised automation and analytics.

An IPv6 address automatically assigned to every interface, only valid on the local link (FE80::/10).

A globally routable IPv6 address equivalent to a public IPv4 address (2000::/3).

An IPv6 mechanism where hosts automatically generate their own global address from the network prefix advertised by a router.

A method of generating a 64-bit IPv6 interface ID from a 48-bit MAC address.

An encrypted tunnel over a public network that provides secure connectivity.

A suite of protocols providing authentication and encryption for IP traffic.

A permanent encrypted tunnel between two routers or firewalls connecting two offices.

A VPN that allows individual users to securely connect to a corporate network from any location.

A protocol that synchronises clocks across network devices.

A protocol used to monitor and manage network devices via a Network Management Station.

A standard protocol for sending log messages from network devices to a central logging server.