In which layer of the campus network hierarchy are ACLs and interVLAN routing typically implemented? (Select
the best answer.)
A.
access
B.
core
C.
distribution
D.
transport
Explanation:
The distribution layer of the campus network hierarchy is where access control lists (ACLs) and interVLAN
routing are typically implemented. The campus network hierarchy is a design framework that is used to outline
different segments of a campus network, how they interact, and best practices for implementation. The campus
network hierarchy is broken into three distinct hardware layers: access, distribution, and core.
The distribution layer serves as an aggregation point for access layer network links. Because the distribution
layer is the intermediary between the access layer and the core layer, the distribution layer is the ideal place to
enforce security policies, provide load balancing, provide Quality of Service (QoS), and perform tasks that
involve packet manipulation, such as routing. Because the distribution layer connects to both the access and
core layers, it often comprises multilayer switches that can perform both Layer 3 routing functions and Layer 2
switching functions. You should also perform networkbased intrusion prevention in the distribution layer,
protecting the access layer devices from threats.
The access layer, which typically comprises Layer 2 switches, serves as a media termination point for
endpoints, such as servers and workstations. Because access layer devices provide access to the network, the
access layer is the ideal place to perform user authentication and port security. Dynamic ARP Inspection (DAI),
Dynamic Host Configuration Protocol (DHCP) snooping, and IP spoofing protection are also typically
implemented in the access layer. Although you can use ACLs in the access layer to classify and mark traffic for
QoS configurations, interVLAN routing is not typically implemented in the access layer.
The core layer provides fast transport services and redundant connectivity to the distribution layer. The core
layer acts as the network’s backbone? thus it is essential that every distribution layer device have multiple paths
to the core layer. Multiple paths between the core and distribution layer devices ensure that network
connectivity is maintained if a link or device fails in either layer. Because the core layer focuses on low latency
and fast transport services, you should not implement mechanisms that can introduce unnecessary latency into
the core layer. For example, mechanisms such as processbased switching, packet manipulation, and packet
filtering introduce latency and should be avoided in the core layer.
In all three layers, you should use Network Foundation Protection (NFP) best practices. You should also protect
against inadvertent loops by using Spanning Tree Protocol (STP). Finally, you should ensure that control plane
traffic is filtered and ratelimited.
The Transport layer is an Open Systems Interconnection (OSI) model layer, not a campus network hierarchy
layer. Therefore, the Transport layer is not where ACLs and interVLAN routing are typically implemented.Cisco: Enterprise Campus: Campus Distribution Layer Infrastructure Security