Let’s learn about the hierarchical LAN design model. This blog will examine the access, distribution, and core layers and their characteristics. And why taking the Advanced Cisco Enterprise Networks Architecture Specialization Exam 500-470 ENSDENG is essential. Part 1 of this blog will explore the standard Cisco enterprise architecture designs.
Table of Contents
Hierarchical LAN Design
Let’s begin with the hierarchical LAN design model. A hierarchical network design involves dividing the network into discrete layers. Each layer or tier in the hierarchy provides a specific function that defines its role within the overall network. This helps the network designer and architect optimize and select the proper network hardware, software, and features to perform a specific part of that network layer. Hierarchical models apply to both LAN and WAN designs. This blog will teach us about the 500-470 ENSDENG LAN design. The benefit of dividing a flat network into smaller and more manageable blocks is that local traffic remains local. Only traffic that is distinct from other networks moves to a higher layer. The above figure shows that in a typical enterprise hierarchical LAN campus network design, we have three layers: access layer, distribution layer, and core layer.
The access layer provides workgroups or users access to the network. The distribution layer provides policy-based connectivity and controls the boundary between the axes. The core layer provides fast transport between distribution switches within the enterprise campus. These modular layers can be easily replicated throughout the network, simplifying the network design and providing an easy way to scale the web and a consistent deployment model. The hierarchical LAN design model provides fault containment by constraining the network chain to a subset of the network, which affects fewer systems and makes it easy to manage and improve resilience. In a modular layer design, network components can be placed or taken out of service with little or no impact on the rest of the network. This feature makes troubleshooting, problem isolation, and network management more effortless.
In the figure, you can see that there is an access layer. The endpoint and end users can connect to the network through the access layer switch. The distribution layer switch has an aggregation point for the access layer switch and a boundary for services and control policies. For example, here, you can configure the access list. The core layer provides a fast-speed connection for the distribution layer switch. With the core layer, we can connect to 500-470 ENSDENG enterprise networks like private cloud, public cloud, WAN, internet, etc. The core layer can provide fast-speed connections between the distribution layer switch and other parts of enterprise networks.
Number of Layers
The number of layers depends on the characteristics of the network at the deployment site. As you can see in the above figure, we have two designs: the first has two layers, and the second has three. You can use a two-layer model if you have a small enterprise with few freaks and low numbers of users and requirements. The two-layer model has an access layer, a distribution layer, and a core layer. When we scale our design, we will have only two layers, where the core and distribution layers reside in one layer and the access layer in the other. With the hierarchical LAN design model, we can use a two-layer model whenever necessary and a three-layer one whenever necessary.
The Access Layer
Let’s explore the 500-470 ENSDENG access layer a little more. We know that the access layer can be considered the entry point into the network or the exit point, depending on the direction of data flow. It is where end-user devices connect, feeding into the access layer switch. Due to the number of end-user devices connecting to the network, there tend to be more switches on the access layer than in any other typical hierarchical network design. They require high port density to support many connecting devices but generally don’t need high throughput, as each port connects to just one specific instrument. These devices can be anything that requires a network connection, including laptops, smartphones, tablets, and printers. As it must support many devices, the access layer tends to have the most features.
Some services you can typically find in the access layer include the CDP and LLDP, which mean the discovery and configuration of security and network identity. We can enable port security with DHCP or 802.1x. For application recognition, we can use the QOS marking policy and queuing. We can allow power over the Ethernet or POE for the physical infrastructure. The access layer feeds into the distribution layer via the OSI layer’s two trunks or layer 3’s rotating ports. The user devices connect to the switch in the access layer at layer 2. The other name for the access layer is the network edge. End-user devices or endpoints can relate to this access layer switch. In most cases, we don’t use the bandwidth, but if we want to give the users a high burst of traffic, we can use a high bandwidth, like wired or wireless access.
We can use gigabit Ethernet for wired connections and wireless access; we can use the IEEE 802.11n or IEEE 802.11c standard. To improve the quality of experience (QE) and productivity of the end user, we can use PCs, IP phones, printers, wireless access points, and other devices. When we use the wireless access point and IP phones, we add one new layer to the access layer because, in such a case, we have the wireless access point connected to the access layer switch. The wireless endpoints can connect to the wireless access point. So, we get one new layer. This 500-470 ENSDENG layer is good for the quality of a service trust boundary because this is the first device we trust on our machine. Because of that, in most cases, we configured the trust boundary on the access layer switch.
It is important to note that, in the access layer, we should configure vLANs for controlled traffic control. We are creating logical networks via this process. With this, we can implement security features like port security and some other things. We can implement quality-of-service features like policing and marking. Because of that, the access layer is one of the layers the administrator should work on more than others. For connectivity between the access layer and distribution layer, in most cases, we use layer two links.
In most cases, this layer two link is the distribution layer. If, in some design, we configure the access layer switch with the layer three interfaces, this means rotating interfaces. Because access layer switches don’t support multi-layer switching or layer three ports in most cases, we use layer two links between the access layer and the distribution layer. We may use layer three links between the access and distribution layers in some designs.
The Distribution Layer
The distribution layer in the hierarchical 500-470 ENSDENG LAN design serves as the intermediary between the access layer and the core layer. Its primary function is to provide connectivity and routing services to multiple access layer switches. By utilizing layer three links, the distribution layer can efficiently route traffic between different subnets or VLANs, enhancing network performance and scalability. The distribution layer may also implement VLAN tagging, quality of service (QoS), and security policies to optimize network operations.
The Core Layer
The core layer is essential as it connects multiple network components and comprises the highest-speed, most potent network devices. However, since it only has one purpose, it doesn’t require too many features to be fast. The core must be reliable and efficient to maximize performance and always be available. It should be designed with redundancies so it doesn’t have a single point of failure. If a catastrophic problem occurs, recovery needs to be quick. Higher-speed switching is essential, as is fault tolerance. The core layer should be scaled through quality rather than quantity. CPU-intensive packet manipulation, such as restrictive ACLs and QoS classification, should be avoided at this level.
The 500-470 ENSDENG core layer should be as lean as possible to minimize the potential for failure and maximize efficiency. As we can see in the figure if we have more than two distribution layer switches and want to connect the distribution layer switches, we need many links, but only with the core layer. The most essential things in the core layer are the speed, high availability, and coating performance. The core layer is the backbone and aggregation point for multiple networks. It provides scalability, high availability, and fast convergence to the network.