Information Technology Reference
In-Depth Information
As shown in the previous sections, each individual module has different requirements. The
building access layer is the only layer that uses Layer 2 switching. Both the campus core
and the server farm have requirements for high availability, high performance, and a higher
cost per port.
Ta ble 3 -1 1 shows network requirements for application types.
Ta b l e 3 -1 1
Network Requirements for Application Types
Specification
Building Access
Distribution
Layer
Campus
Core
Server Farm
Te c h n o l o g y
Layer 2 and Layer 3
switches
Layer 3 switches
Layer 3
switches
Layer 3
switches
Scalability
High
Medium
Low
Medium
Availabilit y
Medium
Medium
High
High
Performance
Medium
Medium
High
High
Cost per port
Low
Medium
High
High
Edge Distribution
For large c ampus L ANs, the edge distribution module prov ides additional sec urit y be-
tween the campus LAN and the enterprise edge (WAN, Internet, and virtual private net-
works [VPN]). The edge distribution protects the campus from the following threats:
IP spoofing:
The edge distribution switches protect the core from spoofing of IP
addresses.
■
Unauthorized access:
Controls access to the network core.
■
Network reconnaissance:
Filtering of network discovery packets to prevent dis-
covery from external networks.
■
Packet sniffers:
The edge distribution separates the edge's broadcast domains from
the campus, preventing possible network packet captures.
■
Medium-Size LANs
Medium-size LANs contain 200 to 1000 devices. Usually, the distribution and core layers
are collapsed in the medium-size network. Access switches are still connected to both dis-
tribution/core switches to provide redundancy. Figure 3-12 shows the medium-size cam-
pus LAN.
Small and Remote Site LANs
Small and remote sites usually connect to the corporate network via a small router. The
LAN service is provided by a small LAN switch. The router filters broadcast to the WAN
circuit and forward packets that require services from the corporate network. You can
such as a backup domain controller and DNS; if not, you must configure the router to
