1
A communication device that connects other network devices, receiving and forwarding data to a specified destination within a LAN.
Switch
A logical grouping of computers through segmentation in a LAN.
Virtual local area network (VLAN)
The process of providing electrical power to a device by means of a copper Ethernet cable.
Power over Ethernet (PoE)
A 128-bit alphanumeric addressing method that contains 8 header fields and uses NDP. It does not contain checksum fields or support broadcast or variable length subnet mask.
IPv6 (Internet Protocol version 6)
A port configuration that allows multiple VLANs to connect through a single port and is also known as a tagged port.
Trunk port
A port that allows traffic from only one VLAN.
Access port
Ethernet frames that exceed the IEEE 802.3 limit of a 1,500 byte payload and can carry a payload of up to 9,000 bytes.
Jumbo frames
An attack in which the attacker's MAC address is associated with the IP address of the target's device.
ARP spoofing
"The sun is shinin' in the sky, there ain't a cloud in sight, it stopped raining, everybody's in the play, and don't you know, it's a beautiful new day? Hey"
"Mr. Blue Sky" by Electric Light Orchestra (1977)
A technique of adding a VLAN ID into an Ethernet frame. The tag identifies which VLAN the frame is coming from or going to. A tagged frame is called an 802.1q frame or a Dot1q frame.
Port tagging
A switch feature that restricts connection to a given port based on the MAC address.
MAC filtering/port security
A security feature on some switches that verifies that each ARP request has a valid IP-to-MAC binding.
Dynamic ARP inspection (DAI)
An attack in which the attacking host adds two VLAN tags instead of one to the header of the frames that it transmits.
Double tagging
"Free as a breeze, not to mention the trees, whistlin tunes that you know and have soul"
"Southern Nights" by Glen Campbell (1977)
A line sensing port configured to automatically detect the needed cable connection type and then configure the connection accordingly.
Automatic-medium dependent interface crossover (auto-MDIX)
An unsecure protocol that could allow unauthorized devices to modify a switch's configuration.
Dynamic Trunking Protocol (DTP)
A security feature on some switches that filters out untrusted DHCP messages.
Dynamic Host Configuration Protocol (DHCP) snooping
An attack that overloads a switch's MAC forwarding table to make the switch function like a hub.
MAC flooding
"And the man in the back said everyone attack and it turned into a _________ And the girl in the corner said 'Boy I wanna warn ya it'll turn into a ____________"
" The Ballroom Blitz" by Sweet (1973)
To avoid switching loops, switches use these frames to determine the network topology. These frames contain such things as the switch ID, its MAC address, and switch port cost.
Bridge Protocol Data Unit (BPDU)
A routing technique in which every router sends a complete topography of the routers in the network out to directly connected routers.
Distance Vector Routing
A routing technique in which every router sends information about directly connected links to all the routers in the network.
Link State Routing
A table maintained by a switch that contains MAC addresses and their corresponding port locations.
Content Addressable Memory (CAM) table
"Hand me down my walkin' cane, hand me down my hat. Hurry now and don't be late, cause we ain't got time to chat."
"The Rubberband Man" by The Spinners (1976)