This tutorial explains the access, distribution, and core layers of the Cisco three-layer hierarchical model. Learn the two-tier and three-tier campus LAN design in detail.
The term campus LAN refers to a LAN network that spans a single geographic location, such as a building or university campus. A campus LAN can be an entire network or part of an enterprise network. An enterprise network is a large network that may contain several campus networks span different geographic locations. If a campus network is part of an enterprise network, it allows end users and devices to access network services and resources that are available in the same geographic location or somewhat proximity to one another.
The Cisco three-layer hierarchical model is a set of recommendations that describe how a campus LAN network should be designed. This model suggests that instead of designing a flat campus LAN network, an administrator should design a hierarchical campus LAN network. A hierarchical network is easier to manage and troubleshoot than a flat network.
The Cisco three-layer hierarchical model contains three layers: core, distribution, and access. The core layer is the backbone of the network. It provides a high-speed connection between different distribution layer devices. The distribution layer connects the access layer to the core layer. The access layer provides initial connections to end users.
When designing a campus LAN network, an administrator can follow all recommendations of the Cisco three-layer model, follow some recommendations, or ignore all recommendations. In other words, an administrator can design a flat network or a hierarchical network that contains three layers or two layers.
If a network does not contain any layer, it is known as the flat network. If the network contains layers, it is known as the hierarchical network. In a hierarchical network, an administrator can use dedicated hardware for each layer or use combined hardware for two or three layers.
If dedicated hardware is used for the access, distribution, and core layers, the network is known as the Three-Tier network. If combined hardware is used for the distribution and core layers and separate hardware is used for the access layer, the network is known as the Two-Tier network. If combined hardware is used for the access, distribution, and core layers, the network is known as the One-Tier network.
Cisco uses relative terms to describe the role of each hardware device in the Cisco three-layer hierarchical model. For example, if a switch provides the functionalities of the access layer, it is known as the access switch. Or if it provides the functionalities of the distribution layer, it is known as the distribution switch. Similarly, if it provides the functionalities of the core layer, it is known as the core switch.
So far, we have discussed the basic concepts of the cisco hierarchical three-layer model. Now, let's discuss each layer and its functions in detail.
The access layer
The access layer is the first layer of the Cisco three-layer hierarchical model. This layer allows end users to access the network. This layer also connects user-devices such as PCs, IP phones, wireless access points, printers, and scanners to the network.
User-devices connected to this layer use different protocols to discover each other, remove loops, and exchange data. End users access the network through this layer. Various services and security policies are also configured and enforced at this layer.
The main functions of this layer are the following.
- Connecting various types of end devices to the LAN network.
- Providing layer-2 switching and implementing various layer-2 switching services such as spanning tree, virtual access control, QoS, PoE, and ARP.
- Preventing unauthorized devices from connecting to the LAN by enforcing various security policies such as port security, DHCP snooping, and static MAC address configuration.
Switches connected in this layer are known as access switches. End-devices connect to the LAN network through the access switches. In other words, an access switch forwards traffic between connected devices and the rest of the LAN.
The following image shows an example network that contains two access switches.
The distribution layer
The distribution layer is the second layer of the Cisco three-layer hierarchical model. Switches connected in this layer are known as the distribution switches. Unlike access switches, distribution switches do not provide any service to end devices. Distribution switches connect the access switches.
The following image show how distribution switches connect the access switches in the network.
The main functions of the distribution layer switches are the following.
- Providing connectivity between the access layer switches
- Aggregating LAN and WAN links and traffic
- If a separate core layer exists, providing upstream services for the access layer switches
- Controlling and filtering traffic by implementing ACLs
- Controlling broadcast through VLANs
- Providing redundancy and load balancing
- Providing routing services between different VLANs and routing domains
- Acting as a demarcation point between different LANs and broadcast domains
If the network contains a separate core layer, the distribution layer connects the access layer to the core layer. The following image shows how the distribution switches work if the separate core layer exists.
The core layer
This is the third layer of the Cisco three-layer hierarchical model. Switches that work in this layer are known as the core switches. Core switches connect distribution switches. In a complex and large network, core switches reduce cabling needs and switch ports while still allowing all devices to send data to all other devices in the LAN.
Usually, small or medium LAN networks do not design the core layer. Instead of designing a separate core layer, they directly connect distribution switches. This approach does not work in large networks. For example, if a LAN network has two distribution switches, it can connect them directly as shown in the above image (the first image of the distribution layer section).
But if a LAN has several distribution switches, it should not connect them directly. To connect all distribution switches, a LAN requires N*N-1 connections and N-1 available ports on each distribution switch. For example, if the LAN has 8 distribution switches, it needs 8*8-1 = 56 links and 8-1 = 7 ports on each distribution switch. This requirement is without redundancy. For redundancy, if the LAN adds additional connections, the number of required connections will also increase in parallel.
The LAN can reduce the required number of connections and ports by connecting distribution switches through a few extra switches. A switch that connects the distribution switches is known as the core switch.
The following image shows how the core switches connect the distribution switches.
Unlike the access and distribution layers, the core layer does not provide many services. The core layer has a single dedicated role in the Cisco three-layer model. The core layer is responsible for forwarding traffic between the distribution switches.
Key points
- An access switch connects end-user devices to the LAN.
- An access switch forwards traffic between end-user devices and the rest of the LAN.
- An access switch does not connect two or more access switches.
- A distribution switch connects the access switches.
- A distribution switch does not connect end-user devices.
- A distribution switch provides an aggregation point for access switches.
- If the core switches exist, the distribution switches connect the access switches to the core switches.
- A core switch aggregates distribution switches.
- Except for forwarding traffic at the fastest possible speed, core switches do not provide any other services.
- If core switches are not used, the network is known as the Tire-2 network.
- If core switches are used, the network is known as the Tire-3 network.
That's all for this tutorial. If you like this tutorial, please don't forget to share it with friends through your favorite social channel.