A security feature that allows access to information to be granted on an individual basis.
B
bandwidth
The range of frequencies a transmission line or channel can carry. The greater the bandwidth, the greater the information-carrying capacity of a channel. For a digital channel this is defined in bits. For an analog channel it is dependent on the type and method of modulation used to encode the data.
broadcast
A packet delivery system where a copy of a given packet is given to all hosts attached to the network. For example: Ethernet.
C
captive portal
A server that is programmed to respond to redirected packets. Captive portals enable service providers to capture a subscriber's attention with targeted messages such as authentication, requests for per-service payment, and blocked access to a particular service. A captive portal group consists of one or more servers. A captive portal group is identified by its unique name. Each server in a captive portal group is identified by its IP address and TCP port. SSG selects one server from the group in a round-robin fashion to receive the redirected packets. Servers can be in the SSG Open Garden or default network.
CEF
Cisco Express Forwarding. An advanced Layer 3 IP switching technology. CEF optimizes network performance and scalability for networks with large and dynamic traffic patterns such as the Internet, on networks characterized by intensive Web-based applications, or interactive sessions.
D
DSL
Digital Subscriber Line.
E
encapsulation
The technique used by layered protocols in which a layer adds header information to the protocol data unit (PDU) from the layer above.
Ethernet
One of the most common local area network (LAN) wiring schemes, Ethernet has a transmission rate of 10, 100, or 1000 Mbps.
H
host key
Combination of port bundle and SSG source IP address that uniquely identifies a subscriber.
I
Internet Protocol (IP)
The network layer protocol for the Internet protocol suite.
ISP
Internet service provider. A company that allows home and corporate users to connect to the Internet.
M
mini-ACL
Access control list (ACL) with eight or less access control entries (ACEs). ACLs with more than eight entries are referred to as turbo ACLs.
Modular QoS Command-line interface
See MQC.
MQC
Modular QoS Command-line interface. Also referred to as Modular CLI. A platform independent CLI for configuring QoS features on Cisco products.
multicast
Single packets copied by the network and sent to a specific subset of network addresses. These addresses are specified in the Destination Address Field.
O
OAP
Overlapping Address Pool. An IP address group that supports multiple IP address spaces and still allows for the verification of nonoverlapping IP address pools within a pool group.
Open Garden
Collection of websites or networks that users can access without having to provide authentication information.
P
permanent virtual circuit
A fixed virtual circuit between two users. The public data network equivalent of a leased line. No call setup or clearing procedures are needed.
point-to-point subinterface
With point-to-point subinterfaces, each pair of routers has its own subnet. If you put the PVC on a point-to-point subinterface, the router assumes that there is only one point-to-point PVC configured on the subinterface. Therefore, any IP packets with a destination IP address in the same subnet are forwarded on this VC. This is the simplest way to configure the mapping and is, therefore, the recommended method.
port
The abstraction used by Internet transport protocols to distinguish among multiple simultaneous connections to a single destination host.
PPP
Point-to-Point Protocol. The successor to SLIP, PPP provides router-to-router and host-to-network connections over both synchronous and asynchronous circuits.
PPPoA
PPP over ATM. Enables a high-capacity central site router with an Asynchronous Transfer Mode (ATM) interface to terminate multiple remote PPP connections.
PPPoE
PPP over Ethernet. Allows a PPP session to be initiated on a simple bridging Ethernet connected client. Refers to a signaling protocol defined within PPPoE as well as the encapsulation method. See also RFC 2516.
PPPoEoA
PPP over Ethernet over ATM. Allows tunneling and termination of PPP sessions over Ethernet links and allows for Ethernet PPP connections over ATM links.
PPPoEoE
PPP over Ethernet over on Ethernet. Allows tunneling and termination of PPP sessions over Ethernet links and allows for Ethernet PPP connections over Ethernet links.
PPPoEo802.1Q VLAN
PPP over Ethernet over IEEE 802.1Q VLANs. Allows tunneling and termination of Ethernet PPP sessions across VLAN links. IEEE 802.1Q encapsulation is used to interconnect a VLAN-capable router with another VLAN-capable networking device. The packets on the 802.1Q link contain a standard Ethernet frame and the VLAN information associated with that frame.
PPPoX
PPP over PPPoA or PPPoE or both.
PTA
PPP terminated aggregation. A method of aggregating IP traffic by terminating PPP sessions and aggregating the IP traffic into a single routing domain.
PTA-MD
PTA-Multidomain. A method of aggregating IP traffic by terminating PPP sessions and aggregating the IP traffic into a VPN or multiple IP routing domains. For an ISP, the aggregated traffic either remains in the ISP network or routes to the Internet. For a wholesale provider, the aggregated IP traffic is forwarded to different destinations or domains depending on the service selected; thus the term PTA-Multidomain.
PVC
Permanent virtual circuit or connection. Virtual circuit that is permanently established. PVCs save bandwidth associated with circuit establishment and tear down in situations where certain virtual circuits must exist all the time. In ATM terminology, called a permanent virtual connection. Compare with SVC. See also virtual circuit (VC).
PVP
Permanent virtual path. Virtual path that consists of PVCs.
PXF
Parallel Express Forwarding. Also referred to as fast forwarder. A pipelined, multiprocessor parallel packet engine, optimized for fast packet forwarding.
R
RADIUS
Remote Authentication Dial-In User Service (RADIUS). A client/server security protocol created by Livingston Enterprises. Security information is stored in a central location, known as the RADIUS server.
RBE
Routed bridge encapsulation. The process by which a stub-bridged segment is terminated on a point-to-point routed interface. Specifically, the router is routing on an IEEE 802.3 or Ethernet header carried over a point-to-point protocol such as PPP, RFC 1483 ATM, or RFC 1490 Frame Relay.
S
SESM
Subscriber Edge Services Manager (SESM). Successor product to the Cisco SSD. The SESM is part of a Cisco solution that allows subscribers of digital subscriber line (DSL), cable, wireless, and dialup to simultaneously access multiple services provided by different Internet service providers, application service providers, and corporate access servers.
SESM works with the Cisco 10000 router (as the SSG node) to provide subscriber authentication, service selection, and service connection capabilities to subscribers of Internet services. Subscribers interact with the SESM web application using a standard Internet browser. The SESM functionality provides a flexible and convenient graphical user interface (GUI) for subscribers and enables service providers to bill subscribers for connection time and services used, rather than charging a flat rate.
SSD
Service Selection Dashboard. The SSD is a customizable web-based application that works with the Cisco SSG to allow end customers to log in to and disconnect from proxy and passthrough services through a standard web browser. After the customer logs in to the service provider's network, an HTML dashboard is populated with the services authorized for that user. See also SESM.
SSG
Service Selection Gateway. SSG is a switching solution for service providers who offer intranet, extranet, and Internet connections to subscribers using broadband access technology such as digital subscriber lines (DSL) lines, cable modems, or wireless to allow simultaneous access to network services. SSG provides subscriber authentication, service selection, and service connection capabilities to subscribers of Internet services. SSG provides connectivity to corporate networks and differential service selection to users with access to multiple simultaneous services. Users can dynamically connect to and disconnect from any of the services available to them.
SVC
Switched virtual circuit. Virtual circuit that is dynamically established on demand and is torn down when transmission is complete. SVCs are used in situations where data transmission is sporadic. Called a switched virtual connection in ATM terminology. Compare with PVC.
T
TCP
Connection-oriented transport layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack.
turbo access control list
A function of the PXF pipeline that determines whether a packet matches a list in a fixed, predictable period of time, usually regardless of the number of entries in a list. Turbo ACLs enable more expedient packet classification and access checks when the router is evaluating ACLs. The Turbo ACL feature compiles the ACLs into a set of lookup tables, while maintaining the first match requirements. Packet headers are used to access these tables in a small, fixed number of lookups, independently of the existing number of ACL entries.
V
VC
Virtual Circuit. Also referred to as Virtual Channel. Used in ATM applications. A link that seems and behaves like a dedicated point-to-point line or a system that delivers packets in sequence, as happens on an actual point-to-point network. In reality, the data is delivered across a network via the most appropriate route. The sending and receiving devices do not have to be aware of the options and the route is chosen only when a message is sent. There is no pre-arrangement, so each virtual circuit exists only for the duration of that one transmission.
VCI
Virtual channel identifier. A 16-bit field in the header of an ATM cell. The VCI, together with the VPI, is used to identify the next destination of a cell as it passes through a series of ATM switches on its way to its destination. ATM switches use the VPI/VCI fields to identify the next network VCL that a cell needs to transmit on its way to its final destination. The function of the VCI is similar to that of the DLCI in Frame Relay.
VLAN
Virtual LAN. Group of devices on one or more LANs that are configured (using management software) so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.
VPI
Virtual path identifier. An 8-bit field in the header of an ATM cell. The VPI, together with the VCI, is used to identify the next destination of a cell as it passes through a series of ATM switches on its way to its destination. ATM switches use the VPI/VCI fields to identify the next VCL that a cell needs to transmit on its way to its final destination. The function of the VPI is similar to that of the DLCI in Frame Relay.
VRF
Virtual routing and forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a PE router.
VSA
Vendor-Specific Attribute. An attribute that has been implemented by a particular vendor. It uses the attribute Vendor-Specific to encapsulate the resulting AV pair: essentially, Vendor-Specific = protocol:attribute = value.
X
xDSL
Various types of digital subscriber lines. Examples include ADSL, HDLS, and VDSL.
