The Day I Realized I Was Speaking a Different Language
True story: My first week at a networking job, my senior engineer asked me to “check the ARP table on the distribution layer switch and verify the MAC-to-IP bindings aren’t causing the broadcast storm we’re seeing on VLAN 20.”
I nodded confidently. Then I walked back to my desk and Googled literally every word he’d said except “the” and “on.”
ARP? I vaguely remembered something about addresses. Distribution layer? Was that a physical location? Broadcast storm? That sounded dramatic and bad. VLAN 20? I knew VLANs existed, but why was this one numbered, and what made it special?
That humiliating moment taught me something crucial: in networking, vocabulary isn’t just academic fluff—it’s the difference between being useful and being the person everyone has to explain things to three times. When your network goes down at 2 AM and someone’s screaming about OSPF adjacencies not forming over a GRE tunnel, you don’t have time to pull up Wikipedia.
Whether you’re studying for the CCNA 200-301 exam or just trying to survive your first networking job, this glossary is the resource I wish I’d had. Not just definitions—but the real-world context that makes these terms actually stick in your brain.
Grab some coffee. This is going to be comprehensive. Because when it comes to networking terminology, half-measures get you half-certified (which is the same as not certified at all).
The OSI Model: Where Every Networking Conversation Starts
Before we dive into specific terms, we need to talk about the framework that organizes all of networking: the OSI model. Every single term in this glossary lives somewhere in this seven-layer cake of networking madness. Understanding where terms fit in the OSI model is half the battle of understanding what they actually do.
OSI Model (Open Systems Interconnection) — This is the conceptual framework that standardizes how network communication happens, broken into seven layers. Think of it as the organizational chart for how data moves from your fingertips to a server on the other side of the planet. When someone says “that’s a Layer 2 issue,” they’re using OSI speak to tell you where to look for problems. The seven layers, from bottom to top: Physical, Data Link, Network, Transport, Session, Presentation, and Application. The classic mnemonic is “Please Do Not Throw Sausage Pizza Away,” though I’ve heard some more colorful versions in server rooms at 3 AM.
Encapsulation — As data travels down the OSI layers, each layer wraps the data in its own header (and sometimes trailer) information. It’s like putting a letter in an envelope, then putting that envelope in a bigger envelope, then putting THAT in a shipping box. At Layer 4, your data becomes a segment. At Layer 3, it becomes a packet. At Layer 2, it becomes a frame. At Layer 1, it becomes bits on a wire. Understanding encapsulation helps you understand why a “packet” and a “frame” aren’t the same thing—a distinction that will absolutely show up on your exam.
PDU (Protocol Data Unit) — This is the generic term for data at any layer of the OSI model. Rather than constantly saying “the thing that carries data at Layer X,” we use PDU. Specifically: Layer 4 PDUs are segments (TCP) or datagrams (UDP), Layer 3 PDUs are packets, Layer 2 PDUs are frames, and Layer 1 PDUs are bits. If an exam question asks about “Layer 3 PDUs,” they want you to say packets.
Layer 1: The Physical Foundation
Layer 1 is where data stops being logical and becomes actual electricity, light, or radio waves. Most people gloss over this layer because it seems boring, but I’ve seen entire networks brought down by a single bad cable. Never underestimate the physical layer.
Ethernet — The dominant technology for local area networks, defining how devices communicate over cables. When you plug a network cable into your computer, you’re using Ethernet. It’s been around since the 1970s and has evolved from 10 Mbps to 400 Gbps, but the core principles remain the same. The IEEE 802.3 standard defines modern Ethernet.
Duplex — Describes whether a connection can send and receive simultaneously. Full duplex means both directions at once (like a phone conversation). Half duplex means one direction at a time (like a walkie-talkie). Modern switches almost always use full duplex. If you see a port stuck in half duplex, something’s wrong—probably a duplex mismatch, which will absolutely tank your performance and is a classic troubleshooting scenario.
Speed/Bandwidth — How much data can flow through a connection per second. Usually measured in Mbps (megabits per second) or Gbps (gigabits per second). Note that’s bits, not bytes—a 1 Gbps connection moves about 125 megabytes per second. This distinction matters when someone asks why their “gigabit internet” doesn’t download files at 1 gigabyte per second.
Straight-through Cable vs. Crossover Cable — Straight-through cables connect different types of devices (switch to router, computer to switch). Crossover cables connect similar devices (switch to switch, computer to computer). Modern devices usually have Auto-MDIX, which figures this out automatically, but the concept still appears on exams and you’ll occasionally encounter older equipment that cares.
SFP/SFP+ (Small Form-factor Pluggable) — Modular transceivers that let you plug different types of connections into network equipment. Want to connect fiber? Pop in a fiber SFP. Need copper? Swap in a copper SFP. This modularity lets you customize your equipment without replacing the whole device. SFP is for 1 Gbps, SFP+ is for 10 Gbps.
Layer 2: Where the Real Magic Begins
Layer 2 is where networking starts to get interesting. This is the realm of switches, MAC addresses, and VLANs—the foundation of your local network. If Layer 1 is the highway, Layer 2 is the traffic management system.
MAC Address (Media Access Control) — A unique 48-bit hardware address burned into every network interface card. It looks like 00:1A:2B:3C:4D:5E and is supposed to be globally unique. The first three octets identify the manufacturer (called the OUI), and the last three are assigned by the manufacturer. When someone says “Layer 2 address,” they mean MAC address. Fun fact: you can spoof MAC addresses pretty easily, which is why MAC-based security alone is a terrible idea.
Switch — A device that connects network devices and forwards traffic based on MAC addresses. Unlike the old hubs (which just broadcast everything everywhere), switches are intelligent—they learn which MAC addresses live on which ports and only send traffic where it needs to go. This is why switches dominate modern networks and hubs are basically extinct.
MAC Address Table (CAM Table) — The database a switch builds mapping MAC addresses to physical ports. When a frame arrives, the switch checks this table to know where to send it. If the destination MAC isn’t in the table, the switch floods the frame to all ports (except the one it came from). Understanding how this table is built and used is fundamental to understanding switch operation. The command show mac address-table is one you’ll use constantly.
VLAN (Virtual Local Area Network) — A logical segmentation of a network at Layer 2. VLANs let you divide a single physical switch into multiple separate broadcast domains. Put all your accounting computers on VLAN 10, engineering on VLAN 20, and guest WiFi on VLAN 99—now they’re isolated from each other even though they share the same physical infrastructure. VLANs are foundational to network design and security. If you only master one CCNA topic deeply, make it VLANs.
Trunk Port — A switch port configured to carry traffic from multiple VLANs. When you connect two switches together, you typically make it a trunk so traffic from all VLANs can flow between them. Trunk ports use tagging (usually 802.1Q) to mark which VLAN each frame belongs to. The alternative is an access port, which carries only one VLAN’s traffic.
802.1Q — The IEEE standard for VLAN tagging on trunk links. It inserts a 4-byte tag into Ethernet frames that identifies which VLAN the frame belongs to. The tag includes a 12-bit VLAN ID field, which is why VLAN numbers go up to 4094. When you configure trunking, you’re almost always using 802.1Q (Cisco’s proprietary ISL is basically dead).
Native VLAN — The VLAN that traverses a trunk link without any 802.1Q tag. By default, this is VLAN 1. Here’s the critical part: if both sides of a trunk don’t agree on the native VLAN, you get a native VLAN mismatch—traffic gets tagged/untagged incorrectly, weird things happen, and CDP will scream at you with log messages. This is a classic troubleshooting scenario and an absolute exam favorite.
DTP (Dynamic Trunking Protocol) — Cisco’s proprietary protocol that automatically negotiates trunk links between switches. While convenient, it’s a security risk because an attacker could negotiate a trunk and access all your VLANs. Best practice is to manually configure trunk/access modes and disable DTP with switchport nonegotiate.
STP (Spanning Tree Protocol) — The protocol that prevents loops in switched networks. When you have redundant switch connections (which you should for reliability), STP blocks some ports to create a loop-free topology. Without STP, a single redundant link would create broadcast storms that could crash your entire network in seconds. STP is complex enough to deserve its own article, but understanding root bridge election, port states, and port roles is essential. The Cisco STP documentation is surprisingly readable.
Root Bridge — The switch at the center of the STP topology. All traffic flows toward and away from the root bridge. The root is elected based on lowest bridge priority (default 32768) combined with lowest MAC address. If you want a specific switch to be root (and you should), manually lower its priority with spanning-tree vlan X priority Y. Never let STP randomly elect a wimpy access layer switch as your root bridge.
RSTP (Rapid Spanning Tree Protocol) — The faster, improved version of STP that converges in seconds rather than the 30-50 seconds of classic STP. RSTP (802.1w) is backward compatible with STP and is what you should be running on modern networks. When someone says “STP” in 2024, they often mean RSTP.
PortFast — A Cisco feature that lets a port skip the STP listening and learning states and go directly to forwarding. Use this on access ports connecting to end devices like computers and printers. Never use it on ports connecting to switches, or you’ll create loops. PortFast is typically paired with BPDU Guard for security.
BPDU Guard — A security feature that disables a port if it receives a BPDU (Bridge Protocol Data Unit). Since end devices shouldn’t be sending BPDUs, receiving one indicates either a misconfiguration or someone connecting unauthorized network equipment. BPDU Guard plus PortFast is the standard configuration for access ports.
EtherChannel (Port Channel) — A method of bundling multiple physical links into one logical link for increased bandwidth and redundancy. Instead of STP blocking your redundant links, EtherChannel lets you use them all. You can bundle up to 8 links, and the switch treats them as one interface. Configuration can be static, use LACP (open standard), or PAgP (Cisco proprietary). LACP is preferred because it’s vendor-neutral.
ARP (Address Resolution Protocol) — The protocol that maps IP addresses to MAC addresses. When your computer needs to communicate with IP 192.168.1.1 but doesn’t know its MAC address, it broadcasts an ARP request: “Hey, who has 192.168.1.1?” The device with that IP responds with its MAC. This mapping is cached in the ARP table. Understanding ARP is crucial because ARP issues cause some of the weirdest network problems. show ip arp on routers and arp -a on computers will become your friends.
Broadcast Domain — The area of a network where a broadcast frame can reach. By default, a VLAN is a broadcast domain. Routers separate broadcast domains; switches (without VLANs) extend them. Too large a broadcast domain means too much broadcast traffic, which wastes bandwidth and CPU on all devices. This is one reason we use VLANs.
Collision Domain — The area where simultaneous transmissions cause collisions. With hubs, the entire network was one collision domain. With switches, each port is its own collision domain. This is mostly historical now since modern full-duplex switched networks don’t have collisions, but the concept still appears on exams.
Layer 3: The Network Layer Where Routing Lives
Layer 3 is where we stop thinking about individual network segments and start thinking about connecting networks together. This is the realm of routers, IP addresses, and routing protocols. If you want to send traffic beyond your local network, you need Layer 3.
IP Address (Internet Protocol) — The logical address assigned to devices for network communication. Unlike MAC addresses (hardware), IP addresses are assigned and can change. IPv4 addresses are 32 bits (like 192.168.1.100), and IPv6 addresses are 128 bits (like 2001:0db8:85a3::8a2e:0370:7334). Every device that communicates on an IP network needs an IP address.
Subnet/Subnetting — The practice of dividing a network into smaller networks. Instead of having one massive 10.0.0.0/8 network with 16 million addresses, you break it into manageable pieces like 10.1.1.0/24 with 254 addresses each. Subnetting is both an art and a science, and it’s one of the most heavily tested topics on the CCNA. If you can’t subnet quickly and accurately, you will fail the exam. Practice until the math is automatic.
Subnet Mask — Defines which portion of an IP address is the network part and which is the host part. In 192.168.1.100/24, the /24 (or 255.255.255.0) tells us the first 24 bits are the network and the last 8 bits are for hosts. Understanding subnet masks is inseparable from understanding IP addressing.
CIDR (Classless Inter-Domain Routing) — The modern method of representing subnet masks using slash notation (/24, /16, /27). It replaced the old “classful” system where networks were either Class A, B, or C with fixed sizes. CIDR allows flexible subnet sizes, which is how we haven’t completely run out of IPv4 addresses yet.
Default Gateway — The router that devices use to reach networks outside their own subnet. When your computer needs to reach 8.8.8.8 (Google DNS) and it’s not on your local subnet, your computer sends the traffic to its default gateway. The gateway then figures out where to send it next. If your default gateway is wrong or unreachable, you can communicate locally but nothing else.
Router — A device that forwards traffic between networks based on IP addresses. While switches forward based on MAC addresses (Layer 2), routers forward based on IP addresses (Layer 3). Routers make routing decisions by consulting their routing table to determine the best path to a destination network.
Routing Table — The database a router uses to determine where to send packets. Contains entries for known networks with information about how to reach them (next-hop IP, outgoing interface, metric, etc.). The command show ip route reveals this table and is essential for troubleshooting. Every routing decision—every single packet—is based on this table.
Static Route — A manually configured route telling the router how to reach a specific network. Simple, predictable, but doesn’t adapt to changes. If the path fails, the route stays there uselessly. Use static routes for small, stable networks or for specific exceptions. The command looks like ip route DESTINATION_NETWORK MASK NEXT_HOP.
Default Route — A route that matches all destinations (0.0.0.0/0). It’s the “if you don’t know where to send it, send it here” entry. Typically points toward the internet. If no more specific route matches, the default route kicks in.
Administrative Distance (AD) — A number representing how much the router trusts a route’s source. Lower is more trusted. Connected routes have AD of 0, static routes have 1, OSPF has 110, RIP has 120. If a router learns the same destination from multiple sources, AD is the tiebreaker. This concept is crucial for understanding why one route is chosen over another.
Metric — The value a routing protocol uses to determine the best path when multiple paths exist. Different protocols use different metrics: RIP uses hop count, OSPF uses cost (based on bandwidth), EIGRP uses a composite of bandwidth, delay, load, and reliability. Lower metric usually means better path.
OSPF (Open Shortest Path First) — A link-state routing protocol that’s the industry standard for enterprise networks. OSPF routers share their entire topology knowledge, calculate the best paths using Dijkstra’s algorithm, and converge quickly when changes occur. OSPF is complex—it has areas, neighbor states, LSA types, DR/BDR elections—but it’s heavily tested and incredibly powerful. The Cisco OSPF design guide is essential reading.
OSPF Area — A logical grouping of OSPF routers that limits the scope of link-state advertisements. All OSPF networks have Area 0 (the backbone), and all other areas must connect to it. Areas reduce routing table size and CPU load. A multi-area OSPF design is common in larger networks.
DR/BDR (Designated Router/Backup Designated Router) — In OSPF multi-access networks (like Ethernet), these are elected routers that manage adjacency relationships. Instead of every router forming adjacencies with every other router (messy), everyone forms adjacencies with the DR and BDR. DR/BDR election is based on priority and router ID. Understanding this election process is critical.
EIGRP (Enhanced Interior Gateway Routing Protocol) — Cisco’s advanced distance-vector routing protocol (technically a “hybrid”). It’s easier to configure than OSPF and converges quickly using DUAL algorithm. The downside is it was Cisco proprietary for decades (now open standard, but still mostly Cisco). EIGRP uses a composite metric and maintains a topology table with backup routes ready to go.
RIP (Routing Information Protocol) — The simplest distance-vector routing protocol, using hop count as its only metric (maximum 15 hops). RIP is ancient, slow to converge, and inefficient. You’ll rarely see it in production networks, but it appears on exams to test your understanding of routing fundamentals. It’s also useful as a baseline for understanding more complex protocols.
BGP (Border Gateway Protocol) — The routing protocol that runs the internet. BGP is an exterior gateway protocol used to exchange routing information between different autonomous systems (like between your company and your ISP, or between ISPs). BGP is complex and is covered more deeply at the CCNP level, but you should know it exists and when it’s used.
Autonomous System (AS) — A collection of networks under single administrative control that presents a unified routing policy. Each AS has an AS number. Inside an AS, you run interior gateway protocols like OSPF. Between ASes, you run BGP.
Inter-VLAN Routing — The process of routing traffic between VLANs. Since VLANs are separate broadcast domains, you need a Layer 3 device to move traffic between them. This is done either with a traditional router (router-on-a-stick with subinterfaces) or a Layer 3 switch (more common today). Understanding this is essential because VLANs without routing are isolated islands.
Router-on-a-Stick — A method of inter-VLAN routing where a single router interface is divided into subinterfaces, each handling one VLAN. Traffic from switches arrives on a trunk port, and the router routes between subinterfaces. It works but creates a bandwidth bottleneck. Modern networks usually use Layer 3 switches instead.
SVI (Switched Virtual Interface) — A virtual interface on a Layer 3 switch that represents a VLAN. Creating an SVI and assigning it an IP address allows the switch to route traffic for that VLAN. This is how Layer 3 switches perform inter-VLAN routing—no external router needed. interface vlan 10 followed by an IP address creates an SVI.
HSRP (Hot Standby Router Protocol) — A Cisco first-hop redundancy protocol that provides default gateway failover. Two (or more) routers share a virtual IP address that hosts use as their default gateway. If the active router fails, the standby takes over automatically. Similar protocols include VRRP (open standard) and GLBP (Cisco, with load balancing). FHRP questions are common on the exam.
ICMP (Internet Control Message Protocol) — A Layer 3 protocol used for diagnostics and error reporting. When you ping something, you’re using ICMP echo requests and replies. When a route fails, ICMP communicates “destination unreachable.” Understanding ICMP helps with troubleshooting and also explains why blocking all ICMP is usually a bad idea.
TTL (Time to Live) — A field in the IP header that prevents packets from circulating forever. Each router decrements the TTL by 1; when it hits 0, the packet is dropped and an ICMP “time exceeded” message is sent. TTL is what makes traceroute work. Default TTL varies by OS (Windows: 128, Linux: 64).
Layer 4: Transport Protocols
Layer 4 is where we decide how data gets delivered—reliably or quickly. The choice between TCP and UDP affects everything from how applications work to how we troubleshoot problems.
TCP (Transmission Control Protocol) — A connection-oriented transport protocol that guarantees delivery. TCP establishes connections with a three-way handshake, tracks what’s been sent and received with sequence numbers, and retransmits anything lost. It’s reliable but has overhead. Use TCP when data integrity matters: web browsing, email, file transfers.
UDP (User Datagram Protocol) — A connectionless transport protocol that provides no guarantees. UDP just sends data and hopes it arrives. No handshake, no acknowledgments, no retransmission. But it’s fast and efficient. Use UDP when speed matters more than reliability: video streaming, VoIP, DNS queries, online gaming.
Three-Way Handshake — The process TCP uses to establish connections: SYN, SYN-ACK, ACK. Client sends SYN, server responds with SYN-ACK, client confirms with ACK. Now they’re connected and can exchange data. Understanding this helps you understand TCP behavior and how to diagnose connection problems.
Port Number — A number identifying a specific application or service. Ports allow multiple services to run on one IP address. Well-known ports (0-1023) are reserved for common services: HTTP is 80, HTTPS is 443, SSH is 22, DNS is 53. Registered ports (1024-49151) are for other applications. Ephemeral ports (49152-65535) are temporary ports used by clients.
Socket — The combination of IP address and port number that uniquely identifies a connection endpoint. A web connection might be 192.168.1.100:50234 → 142.250.190.46:443. Understanding sockets helps you understand how devices manage multiple simultaneous connections.
Window Size — In TCP, the amount of data a receiver can accept before requiring an acknowledgment. Larger windows mean more data in flight and better throughput (up to a point). Window size is dynamically adjusted based on network conditions. This is how TCP adapts to network congestion.
Common Services and Protocols
These are the protocols and services you’ll encounter constantly, both on the exam and in real life. Many of these operate at the application layer but are so fundamental to networking that CCNA covers them.
DHCP (Dynamic Host Configuration Protocol) — The protocol that automatically assigns IP addresses to devices. Instead of manually configuring every device, DHCP servers hand out IP addresses, subnet masks, default gateways, and DNS server addresses. The process is DORA: Discover (client broadcasts), Offer (server responds), Request (client accepts), Acknowledge (server confirms). When “getting an IP address” fails, you’re troubleshooting DHCP.
DNS (Domain Name System) — The protocol that translates human-readable names (like google.com) to IP addresses. Without DNS, you’d have to memorize IP addresses for every website. DNS uses a hierarchical structure: root servers, TLD servers (.com, .org), and authoritative servers. Understanding DNS is crucial because “can’t reach the website” is often actually “DNS isn’t working.” Port 53 for both TCP and UDP.
NAT (Network Address Translation) — The technique that allows multiple devices to share one public IP address. Your home router does NAT—all your devices have private IPs (like 192.168.1.x), but they appear to the internet as your single public IP. NAT is why we haven’t completely exhausted IPv4 addresses. Types include Static NAT (one-to-one), Dynamic NAT (pool of addresses), and PAT (many-to-one using ports). PAT is what your home router uses.
PAT (Port Address Translation) — Also called NAT overload, this is NAT where many internal addresses share one external address, differentiated by port numbers. It’s the most common type of NAT. When you see NAT in most contexts, PAT is what’s actually happening.
NTP (Network Time Protocol) — The protocol that synchronizes clocks across network devices. Time synchronization is critical for logging, authentication, certificates, and correlating events across devices. An NTP server provides accurate time; clients sync to it. Stratum indicates how many hops from an authoritative time source (stratum 1 is directly connected to an atomic clock). Port 123.
SNMP (Simple Network Management Protocol) — The protocol for monitoring and managing network devices. SNMP lets management systems query devices for information (CPU usage, interface statistics, errors) and receive alerts (traps) when something goes wrong. Versions matter: SNMPv1/v2c are insecure (community strings in plaintext); SNMPv3 adds encryption and authentication. Ports 161 (queries) and 162 (traps).
Syslog — The standard for message logging. Network devices send log messages to a syslog server for centralized storage and analysis. Severity levels range from 0 (emergency) to 7 (debugging). When you’re troubleshooting a network issue, syslog is often where you find the answers. Port 514.
SSH (Secure Shell) — The encrypted protocol for remote command-line access to devices. SSH replaced Telnet because it encrypts everything—credentials, commands, output. If you’re connecting to manage a router or switch remotely, you should be using SSH. Port 22. Always disable Telnet and enable SSH on any device you manage.
Telnet — The ancient, unencrypted protocol for remote access. Every keystroke, including passwords, is sent in plaintext. Never use Telnet in production. Ever. Port 23.
FTP (File Transfer Protocol) — Protocol for transferring files. Unencrypted (use SFTP instead for security). Uses port 21 for control and port 20 for data transfer. FTP is old but still appears on the exam and in legacy systems.
TFTP (Trivial File Transfer Protocol) — A simplified version of FTP with no authentication. Used for things like transferring IOS images to routers. TFTP is simple and lightweight but offers no security. Port 69 (yes, really).
HTTP/HTTPS — Protocols for web traffic. HTTP is unencrypted (port 80); HTTPS encrypts traffic using TLS (port 443). Modern sites should always use HTTPS. As a network admin, you’ll need to understand these for managing web-based interfaces, proxy configurations, and security policies.
Security Fundamentals
Security isn’t optional anymore—it’s woven into everything. These terms appear constantly on the CCNA and in real network design.
ACL (Access Control List) — A list of rules that filters traffic based on criteria like source/destination IP, ports, and protocols. ACLs can permit or deny traffic and are fundamental to network security. Standard ACLs filter on source IP only (numbered 1-99 or named). Extended ACLs filter on source, destination, ports, and protocols (numbered 100-199 or named). Placement matters: apply standard ACLs close to destination, extended ACLs close to source. For more depth, check out our CCNA guides on ACLs.
Firewall — A device or software that controls traffic between networks based on security rules. Firewalls can be stateless (evaluate each packet independently, like an ACL) or stateful (track connection state and make smarter decisions). Modern firewalls often include deep packet inspection, intrusion prevention, and application awareness.
IDS/IPS (Intrusion Detection/Prevention System) — Security systems that monitor for malicious activity. IDS detects and alerts; IPS detects and blocks. These examine traffic patterns, signatures, and behaviors to identify attacks. The difference is passive monitoring (IDS) versus active blocking (IPS).
AAA (Authentication, Authorization, Accounting) — The framework for network access control. Authentication verifies who you are. Authorization determines what you can do. Accounting tracks what you did. RADIUS and TACACS+ are protocols that implement AAA. Any enterprise network uses AAA for managing access to devices and resources.
RADIUS — A protocol for centralized AAA, commonly used for network access (VPN, WiFi authentication). RADIUS combines authentication and authorization in one transaction and encrypts only passwords. Port 1812 (authentication) and 1813 (accounting) or legacy ports 1645/1646.
TACACS+ — Cisco’s AAA protocol, preferred for device administration (managing routers and switches). TACACS+ separates authentication, authorization, and accounting and encrypts the entire payload. Use TACACS+ for managing network devices; RADIUS for network access control. Port 49.
802.1X — The IEEE standard for port-based network access control. Before a device can communicate on the network, it must authenticate. Components include the supplicant (client software), authenticator (switch), and authentication server (RADIUS). 802.1X is how enterprises control who can plug into the network.
Port Security — A switch feature that limits which MAC addresses can use a port. You can specify exactly which MACs are allowed, how many, and what happens if a violation occurs (shutdown, restrict, protect). Port security helps prevent unauthorized device connections and MAC flooding attacks.
DHCP Snooping — A security feature that validates DHCP messages and builds a binding database of IP-MAC associations. It prevents rogue DHCP servers and DHCP-based attacks. Trusted ports (uplinks to legitimate DHCP servers) accept all DHCP messages; untrusted ports (to end devices) only accept client messages. DHCP snooping data is used by other features like Dynamic ARP Inspection.
DAI (Dynamic ARP Inspection) — A security feature that validates ARP packets against the DHCP snooping database. It prevents ARP spoofing attacks where an attacker poisons ARP tables to intercept traffic. DAI drops ARP packets that don’t match known IP-MAC bindings.
Wireless Networking
Wireless is now integral to every network. The CCNA covers wireless fundamentals, and these terms are essential whether you’re managing a small office or an enterprise campus.
WLAN (Wireless Local Area Network) — A local network using radio frequencies instead of cables. WLANs use the IEEE 802.11 standards (a/b/g/n/ac/ax). Modern wireless typically means Wi-Fi 6 (802.11ax) with 2.4 GHz and 5 GHz bands.
AP (Access Point) — A device that connects wireless clients to a wired network. APs broadcast SSIDs, manage client associations, and bridge traffic between wireless and wired segments. They can be standalone (autonomous) or centrally managed by a controller.
WLC (Wireless LAN Controller) — A device that centrally manages multiple access points. Instead of configuring each AP individually, the WLC handles authentication, RF management, roaming, and policy. APs become “lightweight”—they handle only the radio part while the controller handles the intelligence. This architecture (CAPWAP) is standard in enterprise deployments.
SSID (Service Set Identifier) — The name of a wireless network that clients see. A single AP can broadcast multiple SSIDs (for guest, corporate, IoT). SSIDs are mapped to VLANs, providing wireless segmentation.
WPA2/WPA3 — Security protocols for wireless networks. WPA2 uses AES encryption and is the current standard. WPA3 adds stronger protections including SAE (Simultaneous Authentication of Equals) which prevents dictionary attacks on passwords. Never use WEP (ancient and broken) or WPA (outdated). Personal mode uses a shared password (PSK); Enterprise mode uses 802.1X authentication.
CAPWAP (Control and Provisioning of Wireless Access Points) — The protocol used between lightweight APs and wireless LAN controllers. It tunnels control and data traffic, allowing centralized management. Understanding that CAPWAP tunnels traverse your network is important for design and troubleshooting.
Network Automation and Programmability
Automation is the future of networking. The CCNA now includes these concepts because modern network engineers need to understand programmable infrastructure.
API (Application Programming Interface) — A defined way for programs to interact with systems. Network devices increasingly expose APIs that let you configure them programmatically instead of through CLI commands. REST APIs are the most common type in networking.
REST (Representational State Transfer) — An architectural style for APIs that uses standard HTTP methods (GET, POST, PUT, DELETE). RESTful APIs return data in JSON or XML format. When you interact with a modern controller or cloud service programmatically, you’re usually using REST.
JSON (JavaScript Object Notation) — A data format that’s become standard for API communication. JSON is human-readable and easy to parse programmatically. It looks like: {"interface": "GigabitEthernet0/1", "ip": "192.168.1.1"}. Understanding JSON is essential for network automation.
YANG — A data modeling language used to define configuration and operational data for network devices. YANG models describe what data a device has and what operations you can perform. YANG works with protocols like NETCONF and RESTCONF.
NETCONF — A protocol for network configuration management using XML over SSH. It provides structured, programmatic access to device configurations. NETCONF is more powerful than SNMP for configuration management.
Ansible/Puppet/Chef — Configuration management tools that automate network device setup and maintenance. Ansible is particularly popular in networking because it’s agentless (doesn’t require software on managed devices) and uses simple YAML playbooks.
SDN (Software-Defined Networking) — An architecture that separates the control plane (decision-making) from the data plane (forwarding). SDN centralizes network intelligence in controllers, making networks more programmable and automated. It’s a paradigm shift from traditional distributed networking.
Controller — In SDN, the centralized software that manages network devices. The controller has a global view of the network and programs forwarding devices. Cisco DNA Center, OpenDaylight, and cloud provider controllers are examples.
IPv6 (Because We Actually Did Run Out of IPv4)
IPv6 deserves its own section because it’s fundamentally different from IPv4 and heavily tested. You cannot pass the CCNA without understanding IPv6.
IPv6 Address — A 128-bit address written in hexadecimal, like 2001:0db8:85a3:0000:0000:8a2e:0370:7334. You can compress this by dropping leading zeros and replacing consecutive all-zero groups with :: (once per address). That address becomes 2001:db8:85a3::8a2e:370:7334. IPv6 gives us 340 undecillion addresses—enough for every grain of sand on Earth.
Link-Local Address — An IPv6 address that’s only valid on the local link (fe80::/10). Every IPv6 interface automatically creates a link-local address. They’re used for neighbor discovery, routing protocol communication, and local communication. You can’t route traffic to link-local addresses—they stay local.
Global Unicast Address — The IPv6 equivalent of a public IPv4 address. Currently, these start with 2 or 3 (the 2000::/3 range). Global unicast addresses are routable on the internet.
Unique Local Address — The IPv6 equivalent of private addresses (fc00::/7). Similar to 10.x.x.x in IPv4. These are routable within an organization but not globally.
EUI-64 — A method for generating the interface ID portion of an IPv6 address from the MAC address. Take the MAC, split it in half, insert FFFE, and flip the 7th bit. Modern devices often use privacy extensions instead (random interface IDs) to prevent tracking.
SLAAC (Stateless Address Autoconfiguration) — A method for IPv6 devices to configure themselves without DHCP. The device generates its own address using the network prefix (from router advertisements) and its interface ID (from EUI-64 or randomly). It’s beautiful and simple compared to IPv4’s dependence on DHCP.
NDP (Neighbor Discovery Protocol) — IPv6’s replacement for ARP and several other protocols. NDP uses ICMPv6 messages for neighbor discovery, router discovery, duplicate address detection, and more. Messages include Router Solicitation, Router Advertisement, Neighbor Solicitation, Neighbor Advertisement, and Redirect.
Dual-Stack — Running IPv4 and IPv6 simultaneously on the same infrastructure. This is the most common transition mechanism—devices have both v4 and v6 addresses and use whichever works. Most of the internet runs dual-stack today.
Troubleshooting Terms (The Ones You’ll Use at 2 AM)
These terms relate to diagnostics and troubleshooting—the real work of networking. Knowing these helps you find and fix problems faster.
Ping — The basic reachability test using ICMP echo requests. If ping works, you have Layer 3 connectivity. If ping fails, the problem could be routing, ACLs, firewall rules, or the target being down. Always start troubleshooting with ping.
Traceroute (tracert on Windows) — Shows the path packets take to reach a destination by manipulating TTL values. Each hop in the output is a router. If the traceroute stops at a certain point, you’ve found where the problem is. Traceroute is essential for diagnosing routing issues.
Show Commands — The primary way to examine Cisco device status. Key ones include: show running-config (current configuration), show ip route (routing table), show ip interface brief (quick interface status), show interfaces (detailed interface stats), show vlan (VLAN info), show spanning-tree (STP status). Master these commands; you’ll use them constantly.
Debug — Real-time diagnostic output on Cisco devices. Debug commands show you exactly what’s happening—packet by packet, event by event. But be careful: debugging on a production device can overwhelm the CPU. Always have a plan to turn debugging off.
CRC Errors — Cyclic Redundancy Check errors indicate damaged frames. Some CRC errors are normal, but excessive numbers indicate cable problems, interface issues, or EMI interference. Check show interfaces for error counts.
Collision/Late Collision — Collisions occur when two devices transmit simultaneously on a shared medium. Late collisions happen after the collision window and usually indicate duplex mismatches. In full-duplex switched networks, you shouldn’t see collisions. If you do, something’s wrong.
Input/Output Errors — Generic error counters on interfaces. Input errors are problems with received traffic; output errors are problems sending. Investigate further to determine the specific cause: CRC, runts, giants, overruns, etc.
WAN Technologies (Connecting the World)
Wide Area Networks connect geographically separated locations. These technologies span distances that LANs can’t.
WAN (Wide Area Network) — A network spanning large geographic areas, connecting LANs together. Your connection to the internet is a WAN connection. WANs use various technologies depending on speed, cost, and distance requirements.
Leased Line — A dedicated point-to-point connection from a service provider. You get guaranteed bandwidth that no one else shares. Expensive but reliable and predictable. Common speeds include T1 (1.544 Mbps) and T3 (44.736 Mbps), though these are increasingly being replaced by fiber.
MPLS (Multiprotocol Label Switching) — A WAN technology where traffic is routed based on labels rather than IP headers. Service providers use MPLS to create virtual private networks for customers. When you buy “MPLS service” from a provider, you’re getting a managed WAN that connects your sites.
VPN (Virtual Private Network) — Encrypted connections over untrusted networks (like the internet). VPNs create secure “tunnels” for traffic. Site-to-site VPNs connect offices; remote access VPNs connect individual users. Technologies include IPsec, SSL/TLS, and GRE (for tunneling without encryption).
IPsec — A suite of protocols for securing IP communications through encryption and authentication. IPsec can protect traffic in tunnel mode (new IP header) or transport mode (original headers). It’s the standard for site-to-site VPNs.
GRE (Generic Routing Encapsulation) — A tunneling protocol that encapsulates packets inside other packets. GRE itself doesn’t encrypt—it just wraps traffic. Often combined with IPsec: GRE creates the tunnel, IPsec encrypts it. GRE is useful for carrying protocols that IPsec alone can’t handle (like multicast).
SD-WAN (Software-Defined WAN) — Modern WAN architecture that uses software to manage connectivity across multiple WAN links. SD-WAN can intelligently route traffic based on application requirements, combining MPLS, broadband, and LTE connections. It’s a major trend in enterprise networking.
QoS (Because Not All Traffic Is Equal)
Quality of Service ensures critical traffic gets priority. When bandwidth is constrained, QoS determines what gets through first.
QoS (Quality of Service) — Techniques for prioritizing network traffic. Voice calls shouldn’t stutter because someone’s downloading a file. QoS includes classification (identifying traffic), marking (tagging it), queuing (prioritizing), and shaping/policing (limiting speeds).
DSCP (Differentiated Services Code Point) — A 6-bit field in the IP header used to mark traffic priority. DSCP values range from 0-63. Common values: EF (46) for voice, AF classes for varying importance, 0 for best effort. Routers read DSCP to make queuing decisions.
CoS (Class of Service) — A 3-bit field in the 802.1Q VLAN tag used to mark priority at Layer 2. CoS values range from 0-7. CoS and DSCP often need to be mapped at Layer 2/Layer 3 boundaries.
Traffic Shaping vs. Policing — Both limit traffic rates, but differently. Policing drops excess traffic immediately (hard limit). Shaping buffers excess traffic and sends it when possible (smooths bursts). Shaping is gentler; policing is stricter.
Cloud and Virtualization Terms
Modern networks extend into the cloud. Understanding these concepts is increasingly essential.
Virtualization — Running multiple virtual systems on one physical system. In networking, virtual switches, routers, and firewalls let you build network infrastructure in software. Understanding virtualization helps you work with modern data centers and cloud environments.
Hypervisor — Software that creates and manages virtual machines. Type 1 hypervisors run directly on hardware (VMware ESXi, Hyper-V); Type 2 run on an operating system (VirtualBox). Network virtualization often runs on hypervisor platforms.
IaaS/PaaS/SaaS — Cloud service models. Infrastructure as a Service gives you virtual machines and networks (AWS EC2, Azure VMs). Platform as a Service gives you development platforms (Heroku, Google App Engine). Software as a Service gives you applications (Office 365, Salesforce). Understanding these helps you design hybrid networks.
Cloud Connectivity — How you connect your network to cloud providers. Options include VPN over internet (cheaper, less predictable), dedicated connections (AWS Direct Connect, Azure ExpressRoute), and SD-WAN solutions. Designing cloud connectivity is a critical modern skill.
Final Thoughts: Words Become Instincts
I know this is a lot. Seventy-five-plus terms, and we could easily add seventy-five more. But here’s what I’ve learned after years in this field: these terms don’t stay as vocabulary words forever. They become instincts.
The first time someone mentioned “broadcast storm,” I had to look it up. Now I can diagnose one by the sound of my monitoring tools going crazy. The first time I saw “OSPF adjacency,” it was gibberish. Now I troubleshoot neighbor relationships without conscious thought.
This glossary is a starting point, not a destination. Use it as a reference. Quiz yourself. Build mental models. When you’re watching a David Bombal video or reading the Official Cert Guide and you hit a term you don’t recognize, come back here. When you’re doing practice questions in BOSON ExamSim and an explanation uses vocabulary you’re shaky on, reference this guide.
Eventually, these words won’t be obstacles to understanding—they’ll be the language you think in. And that transformation is what separates someone who passed the CCNA from someone who is a network professional.
One term at a time, one concept at a time, one lab at a time. That’s how fluency happens.
Now stop reading and go lab something. Theory without practice is just trivia. Pick a term you’re fuzzy on, open Packet Tracer or NetSim, and break something on purpose. Then fix it. That’s where real learning happens.
Your future bilingual (networking-language-speaking) self will thank you.
P.S. — Bookmark this page. I promise you’ll be back. Everyone comes back to the glossary at 11 PM the night before their exam. I certainly did.
P.P.S. — Missing a term you think should be here? Confused about something I didn’t explain well enough? Drop a comment. This glossary grows with the community. And check out our CCNA study plans for a structured approach to mastering all of this.