Cisco's 3 Layered Model

Cisco's 3 Layered Model

Over years of building network equipment, Cisco Systems has developed a three-layered model. Starting with the basics, the Cisco network is traditionally defined as a three-tier hierarchical model comprising the core, distribution, and access layers. Cisco both developed their system according to this model and recommend their end-users to follow the same philosophy. Cisco's three-layered model is a widely used network model, besides the OSI Layered Model and TCP/IP Layered Model[5]. Cisco also highlighted the importance of the Cisco three-layered model in its famous CCNA certifications.



The Cisco three-layered model originates from the enterprise campus network [1] which has evolved over the last 20 years.

Early LAN-based computer networks were made of a small number of simply connected servers, PCs and printers. The first generation of campus networks came into form by interconnecting these LANs. Problems in one area of the network frequently impacted the entire network and a failure in one part of the campus often affected the entire campus network.

To address the above problems, Cisco borrowed the structured programming design principle from software engineering. Based on two complementary principles: hierarchy and modularity, large complex Cisco systems must be built using a set of modularized components that can be assembled in a hierarchical and structured manner. The hierarchy is Cisco's three-layered Model.

Description of Cisco layers

Core layer

The core layer is literally the internet backbone, the simplest yet most critical layer. The primary purpose of the core is to provide fault isolation and backbone connectivity; in other words, the core must be highly reliable and switch traffic as fast as possible. Therefore, on one hand, the core must provide the appropriate level of redundancy to allow fault tolerance in case of hardware or software failure or upgrade; on the other hand, the high-end switches and high-speed cables are implemented to achieve High data transfer rate and Low latency period.

The core means to be simple and provides a very limited set of services. Architects and engineers shouldn't implement complex policy services or attach user/server connections directly at this layer.

Examples of core layer Cisco equipment include [2]:

  • Cisco switches such as 7000, 7200, 7500, and 12000 (for WAN use)
  • Catalyst switches such as 6000, 5000, and 4000 (for LAN use)
  • T-1 and E-1 lines, Frame relay connections, ATM networks, Switched Multimegabit Data Service (SMDS)

Distribution layer

The distribution layer acts as an interface between the access layer and the core layer. The primary function of the distribution layer is to provide routing, filtering, and WAN access and to determine how packets can access the core, if needed [3].

While core layer and access layer are special purpose layers[4], the distribution layer on the other hand serves multiple purposes. It is an aggregation point for all of the access layer switches and also participates in the core routing design. This layer includes LAN-based routers and OSI layer 3 switches. It ensures that packets are properly routed between subnets and VLANs.

Access layer

The access layer is sometimes referred to as the desktop layer. The network resources the workgroup and users needed will be available locally.

The access layer is the edge of the entire network, where a wide variety of types of consumer devices such as PCs, printers, cameras attach to the wired portion of the network, various services are provided, and dynamic configuration mechanisms implemented. As a result, the access layer is most feature-rich layer of the Cisco three-layered model.

The following table lists examples of the types of services and capabilities that need to be defined and supported in the access layer of the network.

Examples of Types of Service and Capabilities[1]
Service Requirements Service Features
Discovery and Configuration Services 802.1AF, CDP, LLDP, LLDP-MED
Security Services IBNS (802.1X), (CISF): port security, DHCP snooping, DAI, IPSG
Network Identity and Access 802.1X, MAB, Web-Auth
802.1X, MAB, Web-Auth QoS marking, policing, queuing, deep packet inspection NBAR, etc.
Intelligent Network Control Services PVST+, Rapid PVST+, EIGRP, OSPF, DTP, PAgP/LACP, UDLD, FlexLink, Portfast, UplinkFast, BackboneFast, LoopGuard, BPDUGuard, Port Security, RootGuard
Physical Infrastructure Services Power over Ethernet


[1] [2] [3] [4] [5]

  1. ^ Cisco : Enterprise Campus 3.0 Architecture: Overview and Framework
  2. ^ The Cisco Three-Layered Hierarchical Model
  3. ^ Cisco Three Layer Hierarchical Model vs OSI
  4. ^ OSI & TCP-IP Tutorial
  5. ^ OSI Model v.s. TCP/IP Model v.s. Cisco 3 Layer Model

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • OSI model — 7. Application layer NNTP  · SIP  · SSI  · DNS  · FTP  · Gopher  · …   Wikipedia

  • TCP/IP model — See also: Internet Protocol Suite The TCP/IP model (Transmission Control Protocol/Internet Protocol) is a descriptive framework for the Internet Protocol Suite of computer network protocols created in the 1970s by DARPA, an agency of the United… …   Wikipedia

  • Internetworking — involves connecting two or more distinct computer networks or network segments via a common routing technology. The result is called an internetwork (often shortened to internet ).The most notable example of internetworking is the Internet… …   Wikipedia

  • ICND1 — is the common acronym for Interconnecting Cisco Networking Devices Part 1. This acronym is noteworthy because IT networking professionals do not refer to ICND1 training by its full name; Interconnecting Cisco Networking Devices Part 1 but rather… …   Wikipedia

  • Application firewall — An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet… …   Wikipedia

  • Dynamic infrastructure — is an information technology paradigm concerning the design of data centers so that the underlying hardware and software can respond dynamically to changing levels of demand in more fundamental and efficient ways than before. The paradigm is also …   Wikipedia

  • Network neutrality — This article is about the general principle of network neutrality. For its specific application to Canada, see Network neutrality in Canada. For its application to the U.S., see Network neutrality in the United States. Network Neutrality Related… …   Wikipedia

  • Liger Zero — Zoids Zoid name = Liger Zero ImageName = Liger Zero.png Caption = Bit Cloud s Liger Zero in its various forms Model number = RZ 041 Faction = Helic Republic Zoid type = Lion Crew = 1 Weight = 85 Length = 22.4 Height = 8.3 Speed = 307 km/h Weapons …   Wikipedia

  • Telecommunication — A parabolic satellite communication antenna at the biggest facility for satellite communication in Raisting, Bavaria, Germany …   Wikipedia

  • NETeXPERT — Infobox Software name = NETeXPERT caption = Screenshot of NETeXPERT collapsible = author = developer = Objective Systems Integrators released = latest release version = 6.1 latest release date = November, 2007 latest preview version = 6.2 latest… …   Wikipedia