5-4-3 rule

This rule refers to the number of repeaters and segments on shared-access Ethernet backbones in a tree topology. The 5-4-3 rule divides the network into two types of physical segments: populated (user) segments and unpopulated (link) segments. User segments have users' systems connected to them. Link segments are used to connect the network's repeaters together. The rule mandates that between any two nodes on the network, there can only be a maximum of five segments, connected through four repeaters, or concentrators, and only three of the five segments may contain user connections.

access link

An access link is only part of one VLAN and is the connection between the node and the VLAN. Any devices attached to an access link are unaware of VLAN membership.

Address Resolution Protocol (ARP)

A TCP/IP protocol used in learning a node's physical, or MAC address, by broadcasting the network address of the device in question. The Address Resolution Protocol, or ARP, is a TCP/IP protocol used to determine a network node's data-link, or MAC, address.

application-specific integrated circuit (ASIC)

Pronounced "a-sick." An ASIC is a chip that is custom designed for a specific application rather than a general-purpose chip such as a microprocessor found in a personal computer (PC).

ARP table

A table of IP addresses and their corresponding MAC addresses.

authentication, authorization, and accounting (AAA)

AAA is an architectural framework for configuring a set of three independent security functions (authentication, authorization, and accounting) in a consistent manner.

back-off algorithm

The formula built in to a contention-based local-area network device, such as an Ethernet NIC, that is used after collision by the media access controller to determine when to try again to get back on to the LAN.

bit bucket

Slang for the virtual waste bucket into which bits are thrown.


A data communications device connecting two or more network segments. Bridges forward frames between these network segments.


To send information to two or more devices simultaneously over a communications network. Broadcast involves sending a transmission simultaneously to all members of a group.

broadcast radiation

The ambient or background level of broadcasts carried in the network.

broadcast storm

A pathological condition that can occur in a TCP/IP network. Broadcast storms are caused by a large number of broadcast packets propagated unnecessarily across a network, thereby causing network overload.


Normal text that has not been encrypted and is readable by anyone.

carrier sense multiple access with collision detect (CSMA/CD)

The LAN access method used in Ethernet. For a device to gain access to the network, it checks to see whether the network is quiet (senses the carrier). If it is not, it waits a random amount of time before retrying. If the network is quiet and two devices access the line at exactly the same time, their signals collide. When the collision is detected, they both back off and each waits a random amount of time before retrying.

collapsed backbone network

The backbone network connecting all network segments is collapsed (shortened considerably), and contained within a hub, or switch chassis.

See [collision]

The result of two workstations (or PCs) trying to use a shared-transmission medium (cable) simultaneously. For example, in a local-area network, the electrical signals, which carry information, bump into each other. This ruins both signals and both must retransmit their information. In most systems, a built-in delay ensures that collisions do not occur again. The whole process takes fractions of a second. Collisions in LANs make no sound. Collisions do, however, slow down a LAN.

collision detection

The process of detecting that simultaneous (and therefore damaging) transmission have taken place. Typically, each transmitting workstation that detects the collision waits some period of time to try again. Collision detection is an essential part of the CSMA/CD access method. Workstations can tell that a collision has taken place if they do not receive an acknowledgement from the receiving station within a certain amount of time (fractions of a second).

collision domain

A group of nodes in an Ethernet network that compete with each other for access. If two or more devices try to access the network at exactly the same time, a collision occurs. In a switched Ethernet environment, each transmitting-receiving pair of nodes is essentially its own collision domain, except that no collisions can occur, because there is no sharing of bandwidth.


A condition that arises when a communications link, path, or network experiences an offered traffic load (that is the amount of traffic offered) that exceeds the network's capacity. For example, consider a 10-Mbps link connected to a switch port. If the switch end station offers to the port a traffic load in excess of 10 Mbps, a congestion condition arises, often in the throttling back (slowing down) of traffic being sent to the switch.

Content Addressable Memory (CAM) entries

Entries in a MAC table.

See also [MAC tables]


The point at which all the internetworking devices share a common understanding of the routing topology. The slower the convergence time, the slower the recovery from link failure. The convergence time is the time it takes for all network devices, such as a bridge, switch, or router, to update their tables and be in agreement with all the other devices.

cut through

In a network switch, the connecting of one circuit to another.

cut-through switch

A switching device that begins to output an incoming data packet before the packet is completely received.

cyclic redundancy check (CRC)

A process used to check the integrity of a block of data. A CRC character is generated at the transmission end. Its value depends on the hexadecimal value of the number of 1s in the data block. The transmitting device calculates the value and appends it to the data block. The receiving end makes a similar calculation and compares its results with the added character. If there is a difference, the recipient requests retransmission. CRC is a common method of establishing that data was correctly received in data communications.

See [ciphertext]

The AT&T Bell Labs definition: "A representation of facts, concepts, or instructions in a formalized manner suitable for communication, interpretation, or processing." If it's not voice or video, it's data.


Also referred to as "latency." The wait time between two events, such as the time from when a signal is sent to the time it is received. There are all sorts of reasons for delays, such as propagation delays caused by weather conditions (affecting radio signals), satellite delays caused by the distance the signal must travel to the satellite in space and back, and or serialization delay caused by the amount of time it takes the signal to enter/exit a port interface. The additional time introduced by the network in delivering a packet's worth of data compared to the time the same information would take on a full-period, dedicated point-to-point circuit.

default gateway

The default gateway of a network is the router used to forward all traffic not addressed to a network host within the local network.

demarcation point

The point of separation and/or interconnection where the lines from the telephone company network service provider connect to the customer's lines.


The reverse of modulate.

designated port

The designated port is the port that is the single interface to forward traffic to the root bridge.

designated switch

The closest switch to the root switch through which frames are forwarded to the root.


The receiving side or ending point of a transmission across a network.

distant end

The far end of a network connection. Also referred to as the circuit or route destination.


DEC, Intel, Xerox standard. An earlier Ethernet standard that was superseded by IEEE 802.3. Network protocols often use the Ethernet frame from this specification.

Dynamic Trunking Protocol (DTP)

A Cisco proprietary protocol that enables a switch port to automatically negotiate and configure a VLAN trunk with another switch port.


The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (ciphertext) as a mechanism for protecting the confidentiality, integrity, and authenticity of the original data. Encryption uses an encryption algorithm and one or more encryption keys.

error correction

Routines in a system that correct for errors during transmission. Error correction detects errors in received transmissions and corrects those errors before delivering the transmitted data to the user.

error handling

Routines in a system that respond to errors. The effectiveness of an error-handling response is measured in how the system informs the user of such error conditions and what alternatives it provides for dealing with them.


An acronym for the network management model that is made up of five layers: fault (F), configuration (C), accounting (A), performance (P), and security (S) management.

file server

A high-speed computer in a network that stores the programs and data files shared by users. A file server acts like a remote disk drive.


A firewall is a device that implements security policies designed to keep a network secure from network intruders. A firewall can be a single router filtering out unwanted packets, a combination of routers and servers each performing some type of firewall processing, or a dedicated hardware device examining each packet and determining whether the packet is allowed to enter the network the firewall is protecting.

flat network topology

A flat network is one Layer 2 network segment. It is a network in which all attached devices can reach each other without going through any intermediary hardware devices, such as a router. A VLAN is a flat network. A nonblocking switch has enough paths available that all traffic can pass through the switch without being blocked or dropped.


A network switching method whereby identical frames are sent in all directions to ensure that they reach their intended destination.

fragment-free switching

A hybrid of cut-through and store-and-forward switching.


Generic term specific to a number of data communication protocols. A frame of data is a logical unit of data, which is commonly a fragment of a much larger set of data, such as a file of text or image information.

full-duplex connection

A circuit connection that can send and receive data simultaneously. In pure digital networks, this is achieved with two pairs of wires. In analog networks or in digital networks using carriers, it is achieved by dividing the bandwidth of the line into two frequencies, one for sending and the other for receiving.

fur-ball networks

A network that grows in all directions without any structure and often results from poor (or no) network planning.

half-duplex connection

A circuit connection that can send data in both directions, but only one direction at a time. Example: Two-way radio was the first to use half duplex?while one party spoke, the other party listened.


In network communications, a temporary data set added to the beginning of the user data in order to transfer the user data across a network. The header contains source and destination addresses as well as data that describe the content of the message.


This base-16 numbering system is used as shorthand for representing binary numbers. Each half byte (4 bits) is assigned a hex digit as shown in the following. Hex values are identified with an H or dollar sign; thus $3E0, 3E0h, and 3E0H all stand for the hex number 3E0.

host-based intrusion detection system (HIDS)
See [intrusion detection system (IDS)]

A central connecting device in a network that joins communication lines together in a star configuration. Passive hubs are connected-only units that add nothing to the data passing through them. Active hubs (sometimes called multiport repeaters) regenerate the data bits to maintain a strong signal. Intelligent hubs provide added functionality.


In-band exchanges between devices give each other control information on the same channel as the data transmission.


To be attached to another entity. For example, one device is attached to another device, or one user to another user.

Internet Group Multicast Protocol (IGMP)

The protocol governing management of multicast groups in a TCP/IP network.

Internet Protocol (IP)

The network layer protocol in the TCP/IP communications protocol suite (the IP in TCP/IP). IP contains a network address and allows messages to be routed to a different network or subnet. IP does not ensure delivery of a complete message, and the TCP transport layer is used to provide this guarantee.

Internetwork Packet Exchange (IPX)
See [Novell Internet Protocol (IPX)]
intrusion detection systems (IDS)

An intrusion detection system or IDS (pronounced "eye-dee-ess") is a software or hardware platform that detects an attack on a network or computer system. A network-based IDS, or NIDS, is designed to support multiple hosts, whereas a host-based IDS, or HIDS, detects illegal actions within the host. Most IDS programs typically use signatures of known cracker attempts to signal an alert. Others look for deviations from an established normal routine (baseline) as an indication of an attack.

See [delay]
MAC tables

A table of MAC addresses and their associated bridge/switch ports.

man-in-the-middle (MiM) attack

Also known as a replay attack. A MiM attack is a breach of security in which information is stored without authorization and then retransmitted to trick the receiver into unauthorized operations, such as false identification or authentication or a duplicate transaction. For example, in a poorly designed authentication system, it is possible to record the output from a valid fingerprint using wiretapping and make it a substitute when an invalid fingerprint is presented for analysis. MiM attacks can be prevented using strong digital signatures that include time stamps and unique information from the previous transaction, such as the value of a constantly incremented sequence number.

managed object

The single piece of information that is created by the individual components in a network architecture.

See also [Management Information Base (MIB)]

Management Information Base (MIB)

A MIB is a collection of managed objects residing in a virtual information store. Collections of related managed objects are defined in specific MIB modules.

See also [managed object]

maximum transmission unit (MTU)

The largest possible unit of data that can be sent on a given physical medium. Example: The MTU of Ethernet is 1500 bytes. The MTU is the largest frame size that can be transmitted over the network. Messages larger than the MTU are broken down, or fragmented, into smaller frames.


The conduit or link that carries transmissions. Examples: coaxial cable, copper wire, radio waves, waveguide, and fiber. Plural of medium.

Media Access Control (MAC) address

A MAC address is in the form of a 48-bit number unique to each LAN (local-area network) NIC (network interface card). The MAC address is programmed into the card at the time of manufacture. The IEEE registration authority administers the MAC addresses scheme for all LANs that conform to the IEEE Project 802 series of standards. These LANs include both Ethernet and Token Ring. The MAC address comprises two distinct identifiers (IDs), which are programmed into ROM (read-only memory) and cannot be changed. The first address is a unique 24-bit manufacturer's ID, also known as the organizational unique identifier (OUI), which is assigned by the IEEE to the manufacturer of the NIC. The second address is a 24-bit extension ID, assigned by the manufacturer.


Any material substance that can be used for the sending and receiving of signals from one point to another, such as radio, light, or acoustic waves. Examples: optical fiber, cable, wire, dielectric slab, water, air, and free space. Singular of media.


The capability of treating a small number of hosts, or nodes, as a single physical segment or collision domain. Microsegmentation can be accomplished with a switch because a switch treats each port as its own.


Acronym for modulator/demodulator. Conventional modems are equipment that convert digital signals to analog signals and vice versa. Modems are used to send digital data signals over the analog Public Switched Telephone Network (PSTN).


The changing or converting of a signal from one type to another, such as converting a signal from analog to digital.


The broadcast of messages to a selected group of workstations on a LAN, WAN, or the Internet. Multicast is communication between a single device and multiple members of a device group.

multistation access unit (MAU)

A central hub in a Token Ring local-area network (LAN).

native virtual LAN

A native virtual LAN is a VLAN that is not associated explicitly with a trunk link.


A system of interconnected lines. A system that sends and/or receives any combination of voice, video, and/or data between users.

network address translation (NAT)

An Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. NAT enables a company to shield internal addresses from the public Internet.

network-based intrusion detection system (NIDS)
See [intrusion detection system (IDS)]
network interface card (NIC)

A printed circuit board that plugs into the PCI bus of both the client machines and servers in a network. The network adapter controls the transmission and receiving of data at the OSI model physical and data link layers.

network latency

Network latency is the delay introduced when a frame or packet is temporarily stored, analyzed, and then forwarded on to the network. Network latency is measured in milliseconds (ms).

network operations center (NOC)

A network operations center, or NOC, is a central network management location. A NOC functions as a control center for network fault management (troubleshooting), configuration, accounting, performance monitoring, and security.

network segmentation

The division of a single network into multiple smaller segments.

See [network interface card (NIC)]

A network junction or connection point. Every terminal, computer, hub, and switch is a node.

nonblocking switch

A nonblocking switch has enough paths available that all traffic can pass through the switch without being blocked or dropped.


The segment(s) of a network that are not protected from intrusion or attacks by an outside, or public, entity are considered nonsecure. Nonsecure network segments are "open to the world."

nonvolatile RAM (NVRAM)

Nonvolatile RAM is memory that retains its contents even when powered off.

Novell Internet Protocol (IPX)

The Internetwork Packet Exchange, or IPX, protocol is the network layer protocol in the Novell NetWare operating system. Similar to the IP layer in TCP/IP, IPX contains a network address and enables messages to be routed to a different network or subnet.


Out-of-band devices exchange control information on a dedicated channel, separate from that used by the active data transmission channel. An out-of-band port is not part of an active domain and does not carry network data but rather network management data. Out-of-band ports are used when you do not want to add bandwidth to the active network data channel.


A block of data that is transmitted over the network in a packet-switched system. The terms frame, packet, and datagram are often used synonymously, although erroneously, in network discussions. Packets are found at the OSI model network layer and frames are found at the OSI model data link layer.


The data-carrying capacity of some structure, typically referring to a part of a packet or frame in a network system. The payload holds the message data generated from the user.

See [Protocol Independent Multicast (PIM)]
See [Protocol Independent Multicast (PIM)]

Normal text that has not been encrypted and is readable by text editors and word processors.

port cost

The cost of a switch port is based on the number of network segments the frame crosses before reaching its destination.

port monitoring
See [SPAN]
potential vulnerability

A potential vulnerability in a software platform is better known as a bug (as in software bug). A bug, which is a code error, can be exploited.

print server

A computer hardware device that controls one or more printers and enables a printer to be located anywhere in the network.

promiscuous mode

Promiscuous mode is the condition in which a network node, or a port on a network node, recognizes and accepts all incoming packets, regardless of protocol type or destination. If a network device is in promiscuous mode, it might have been compromised.

promiscuous port

A port configured for promiscuous mode.


With regard to hardware and software, the term proprietary specifies that the property in question was developed by and is currently owned by a vendor organization or individual.

Protocol Independent Multicast (PIM)

PIM is a multicast routing protocol endorsed by the Internet Engineering Task Force (IETF) and is used in conjunction with an existing unicast routing protocol. PIM comes in two flavors: dense mode (PIM-DM) and sparse mode (PIM-SM). Dense mode is used when recipients in the target group are in a concentrated area. Sparse mode is more efficient when members are scattered across the network.

quality of service (QoS)

A defined level of performance in a data communications system.


Remote Authentication Dial-In User Service, or RADIUS, is an access-control protocol using a challenge/response method for authentication. Challenge/response is an authentication method used to verify the legitimacy of users logging on to the network. When a user logs on to the network, the server uses account information to send a challenge number back to the user. The user enters a defined response, which is then sent back to the server.

registered jack (RJ)

Any of the RJ series of jacks, described in the Code of Federal Regulations, Title 47, part 68. Used to provide interface to the public telephone network.


The simplest type of LAN interconnection device. A repeater moves all received packets or frames between LAN segments. The primary function of a repeater is to extend the length of the network media (cable).

Reverse Address Resolution Protocol (RARP)

Reverse ARP is a low-level TCP/IP protocol used by a workstation (typically diskless) to query a node for purposes of obtaining its logical IP address.


The path a message takes across a network.


Intelligent devices that connect like and unlike LANs. They connect to MANs (metropolitan-area networks) and WANs (wide-area networks). Routers can be X.25, Frame Relay, and Asynchronous Transfer Mode (ATM). Routers are protocol sensitive, typically supporting multiple protocols.

runtless switching
See [fragment-free switching]

The segment(s) of a network that are protected from intrusion or attacks by an outside, or public, entity are considered secure.

server farm

A room of PCs that are acting as servers and are arranged in racks along walls. These PCs may include file servers, database servers, print servers, e-mail servers, and web servers. Powerful PCs containing databases and other information that they dispense to thousands of PCs connected to them from across the network.

service level agreement (SLA)

Between the provider and the user, a contract that specifies the level of service expected during the term of the agreement. SLAs are used by vendors and customers as well as internally by IT shops and their end users.

simplex connection

A circuit connection that can send information in one direction only. One-way transmission.


The sending side or starting point of a data transmission across a network.


The Cisco Switched Port Analyzer (SPAN) feature, sometimes called port mirroring or port monitoring, selects network traffic for analysis by a network analyzer such as a SwitchProbe device or other Remote Monitoring (RMON) probe.

SPAN port

A configured switch port that selects network traffic for analysis by a network analyzer. Also known as port mirroring.

Spanning Tree Protocol (STP)

Spanning Tree Protocol (STP) is a link-management protocol that prevents the formation of logical loops in the LAN and is standardized in IEEE 802.1d.

steady-state condition

A network in a steady-state condition is a network that has few changes and is considered static in nature. This is not to say that there cannot be change in a steady-state network; it means that changes are few and far between.

store-and-forward switching

The temporary storage of a message for transmission to its destination at a later time, such as when the entire frame is received into the switch buffers.


A subnet is a division of a network into an interconnected, but independent, segment, or domain. The division is accomplished to improve performance and security.


A mechanical or electronic device that directs the flow of signals, either electrical or optical, from one side to the other.


A 1.544-Mbps point-to-point dedicated, digital circuit provided by the telephone companies. The monthly cost is typically based on distance. T1 lines are widely used for private networks as well as interconnections between an organization's private branch exchange (PBX) or LAN and the telephone company (telco).


Terminal Access Controller Access Control System, or TACACS, is an access-control protocol that authenticates a user logging on to the network. TACACS is a simple username/password system. TACACS+ adds encryption and a challenge/response option to the TACACS operation.


Standards for wiring buildings for telecommunications.


The pattern of interconnection between nodes, such as in a star or ring topology.


In network communications, a data code or set of codes that make up the last part of a transmitted message.


A device that both transmits and receives data.

transparent bridge

A nonblocking switch has enough paths available that all traffic can pass through the switch without being blocked or dropped.


To test for a particular condition in a running program. For example, to "trap an interrupt" means to wait for a particular interrupt to occur and then execute a corresponding routine. An error trap tests for an error condition and provides a recovery routine. A debugging trap waits for the execution of a particular instruction in order to stop the program and analyze the status of the system at that moment.


The art and science of figuring out why something does not work and fixing the problem.

trunk link

A trunk link carries multiple VLANS between devices and is often supported on Fast Ethernet or Gigabit Ethernet links.

trunk port

The originating or terminating port of a communications trunk.


The communication from one device to another device over a network. In other words, a point-to-point communication.

virtual LAN (VLAN)

A VLAN is a networking technology that enables networks to be logically segmented without having to be physically segmented or wired.

virtual LAN (VLAN) tagging

VLAN tagging is used by the receiving switch to identify the VLAN to which frames belong as they are received from across the trunk link that connects the two switches together.

VLAN Trunking Protocol (VTP) pruning

VLAN Trunking Protocol (VTP) pruning maximizes network bandwidth use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets from being sent across the network.

VTP management domain

A VTP management domain is a group of switches that share VTP information.

wide-area network (WAN)

A communications network that covers a wide geographic area, such as a state or country.


The bandwidth of a particular transmission or networking system. For example, the wire speed of 10BASE-T Ethernet is 10 Mbps. When data is said to be transmitted at wire speed, this implies there is little or no software overhead associated with the transmission and that the data travels at the maximum speed of the hardware.


A terminal or desktop computer in a network. A generic term for a user's machine.