Chapter 6 Infrastructure Security Definitions

Question 1

VLAN

Answer 1

One way to identify a local area network is to say that all the devices in the same LAN have a common Layer 3 IP network address and that they also are all located in the same Layer 2 broadcast domain. A virtual LAN (VLAN) is another name for a Layer 2 broadcast domain. VLANs are controlled by the switch. The switch also controls which ports are associated with which VLANs.

Question 2

802.1Q

Answer 2

802.1Q is an IEEE standard protocol used for VLAN tagging of Ethernet frames. 802.1Q defines the procedures to be used by switches, wireless access points, and other network devices when handling such frames. The most critical piece of information in an 802.1Q VLAN tag is the VLAN ID.

Question 2

Root Port

Answer 2

The switch port that is closest to the root bridge in terms of STP path cost (that is, it receives the best BPDU on a switch) is considered the root port. All switches, other than the root bridge, contain one root port.

Question 3

Designated

Answer 3

The switch port that can send the best BPDU for a particular VLAN on a switch is considered the designated port.

Question 4

Nondesignated

Answer 4

These are switch ports that do not forward packets, so as to prevent the existence of loops within the networks.

Question 5

BPDU Guard

Answer 5

If BPDUs show up where they should not, the switch protects itself.

Question 6

Root Guard

Answer 6

Controls which ports are not allowed to become root ports to remote root switches.

Question 7

Port security

Answer 7

Limits the number of MAC addresses to be learned on an access switch port.

Question 8

DHCP snooping

Answer 8

Prevents rogue DHCP servers from impacting the network.

Question 9

Dynamic ARP inspection

Answer 9

Prevents spoofing of Layer 2 information by hosts.

Question 10

IP Source Guard

Answer 10

Prevents spoofing of Layer 3 information by hosts.

Question 11

802.1X

Answer 11

With 802.1X, you can authenticate users before allowing their data frames into the network.

Question 12

Storm Control

Answer 12

Limits the amount of broadcast or multicast traffic flowing through the switch.

Question 13

Access control lists

Answer 13

Used for traffic control and to enforce policy.

Question 14

CDP

Answer 14

CDP Cisco Systems introduced the Cisco Discovery Protocol (CDP) in 1994 to provide a mechanism for the management system to automatically learn about devices connected to the network.

Question 15

LLDP

Answer 15

LLDP 802.1AB (Station and Media Access Control Connectivity Discovery, or Link Layer Discovery Protocol [LLDP]). LLDP, which defines basic discovery capabilities, was enhanced to specifically address the voice application; this extension to LLDP is called LLDP-MED or LLDP for Media Endpoint Devices.

Question 16

Management plane:

Answer 16

This includes the protocols and traffic that an administrator uses between his workstation and the router or switch itself. An example is using a remote management protocol such as Secure Shell (SSH) to monitor or configure the router or switch.

Question 17

Control plane

Answer 17

Control plane: This includes protocols and traffic that the network devices use on their own without direct interaction from an administrator. An example is a routing protocol.

Question 18

Data plane

Answer 18

Data plane: This includes traffic that is being forwarded through the network (sometimes called transit traffic).