Chapter 6 Infrastructure Security Definitions Flashcards
VLAN
One way to identify a local area network is to say that all the devices in the same LAN have a common Layer 3 IP network address and that they also are all located in the same Layer 2 broadcast domain. A virtual LAN (VLAN) is another name for a Layer 2 broadcast domain. VLANs are controlled by the switch. The switch also controls which ports are associated with which VLANs.
802.1Q
802.1Q is an IEEE standard protocol used for VLAN tagging of Ethernet frames. 802.1Q defines the procedures to be used by switches, wireless access points, and other network devices when handling such frames. The most critical piece of information in an 802.1Q VLAN tag is the VLAN ID.
Root Port
The switch port that is closest to the root bridge in terms of STP path cost (that is, it receives the best BPDU on a switch) is considered the root port. All switches, other than the root bridge, contain one root port.
Designated
The switch port that can send the best BPDU for a particular VLAN on a switch is considered the designated port.
Nondesignated
These are switch ports that do not forward packets, so as to prevent the existence of loops within the networks.
BPDU Guard
If BPDUs show up where they should not, the switch protects itself.
Root Guard
Controls which ports are not allowed to become root ports to remote root switches.
Port security
Limits the number of MAC addresses to be learned on an access switch port.
DHCP snooping
Prevents rogue DHCP servers from impacting the network.
Dynamic ARP inspection
Prevents spoofing of Layer 2 information by hosts.
IP Source Guard
Prevents spoofing of Layer 3 information by hosts.
802.1X
With 802.1X, you can authenticate users before allowing their data frames into the network.
Storm Control
Limits the amount of broadcast or multicast traffic flowing through the switch.
Access control lists
Used for traffic control and to enforce policy.
CDP
CDP Cisco Systems introduced the Cisco Discovery Protocol (CDP) in 1994 to provide a mechanism for the management system to automatically learn about devices connected to the network.