Skip to content
crmnuggets
Menu
  • Home
  • ABOUT
  • CRM
  • RCCG SOD
  • FACEBOOK ADS
  • TERMS
  • PRIVACY
  • HIRE ME
Menu

Follow Us On Social Media

The Three-Layer Network Design Model

The Three-Layer Network Design Model: An Analysis (+Examples)

Posted on April 26, 2023July 31, 2025 by Adeniyi Salau

Contents hide
1 Hierarchical Design Model
2 Firewalls
3 Demilitarized zone
4 Action Point
5 Related posts:

 

The campus wired LAN uses a hierarchical design model to separate the network topology into modular groups or layers.
Separating the design into layers allows each layer to implement specific functions, which simplifies the network design.
This also simplifies the deployment and management of the network.
The campus wired LAN enables communications between devices in a building or group of buildings, as well as interconnection to the WAN and Internet edge at the network core.
A hierarchical LAN design includes the access, distribution, and core layers as shown in the figure.

The figure shows two internet clouds at the top. Each cloud connects to two routers, one on the left and one on the right.

 

Below the routers are two layers 3 switches within a box labelled core layer. Each router connects to each of the switches.

 

The switches also have multiple lines between them, with a circle around the lines.

 

Below these two switches are two more switches within a box labelled distribution layer. Each of the top switches connects to each of the two switches below them.

 

Below the distribution layer, switches are three-layer 2 switches and two access points within a box labelled the access layer.

 

Each access layer switch has a connection to each of the distribution layer switches. Each access point connects to just one of the access layer switches.

 

Below the access layer box are two wireless tablets. Each wireless tablet connects wirelessly to a wireless AP.  Also, below the access layer box are four IP phones.

PEOPLE ALSO READ:  Guaranteeing System Security: Practical Steps To Follow
Powered by Inline Related Posts

 

Each phone has a PC attached. One phone connects to the left access layer switch, two phones connect to the middle access layer switch, and the last phone connects to the right access layer switch.

 

Hierarchical Design Model

Each layer is designed to meet specific functions.
The access layer provides endpoints and users direct access to the network. The distribution layer aggregates access layers and provides connectivity to services.
Finally, the core layer provides connectivity between distribution layers for large LAN environments.
User traffic is initiated at the access layer and passes through the other layers if the functionality of those layers is required.
Even though the hierarchical model has three layers, some smaller enterprise networks may implement a two-tier hierarchical design.
In a two-tier hierarchical design, the core and distribution layers are collapsed into one layer, reducing cost and complexity.

 

The figure shows two internet clouds at the top. Each cloud connects to two routers, one on the left and one on the right.
Below the routers are two layer 3 switches within a box labeled collapsed core.
Each router connects to each of the switches. Below the collapsed core box are three layer 2 switches and two access points.
Each switch has a connection to each of the switches within the collapsed core box. Each access point connects to just one of the access layer switches.
Below the collapsed core box are two wireless tablets.
Each wireless tablet connects wirelessly to a wireless AP. Also, below the collapsed core box are four IP phones.
Each phone has a PC attached. One phone connects to the left access layer switch, two phones connect to the middle access layer switch, and the last phone connects to the right access layer switch.
In flat or meshed network architectures, changes tend to affect a large number of systems.
Hierarchical design helps constrain operational changes to a subset of the network, which makes it easy to manage as well as improve resiliency.
Modular structuring of the network into small, easy-to-understand elements also facilitates resiliency through improved fault isolation.

Firewalls

Typically, a firewall with two interfaces is configured as follows:

  • Traffic originating from the private network is permitted and inspected as it travels toward the public network. Inspected traffic returning from the public network and associated with traffic that originated from the private network is permitted.
  • Traffic originating from the public network and traveling to the private network is generally blocked. 
PEOPLE ALSO READ:  Address Resolution Protocol: How It Works
Powered by Inline Related Posts

 

Demilitarized zone

A demilitarised zone (DMZ) is a firewall design where there is typically one inside interface connected to the private network, one outside interface connected to the public network, and one DMZ interface, as shown in the figure.

  • Traffic originating from the private network is inspected as it travels toward the public or DMZ network. This traffic is permitted with little or no restriction. Inspected traffic returning from the DMZ or public network to the private network is permitted.
  • Traffic originating from the DMZ network and travelling to the private network is usually blocked.
  • Traffic originating from the DMZ network and travelling to the public network is selectively permitted based on service requirements.
  • Traffic originating from the public network and travelling toward the DMZ is selectively permitted and inspected. This type of traffic is typically email, DNS, HTTP, or HTTPS traffic. Return traffic from the DMZ to the public network is dynamically permitted.
  • Traffic originating from the public network and travelling to the private network is blocked.

Action Point

PS: I know you might agree with some of the points raised in this article or disagree with some of the issues raised.

Please share your thoughts on the topic discussed. We would appreciate it if you could drop your comment. Thanks in anticipation.

 

Sharing Is Caring. If you enjoy this article, help us share with others.
truehost

Related posts:

  1. The Ultimate Online Privacy Guide for Journalists
  2. Differences Between Wireless And Wired LANs
  3. How To Establish Incident Response Capability
  4. Understanding Diamond Model Of Intrusion Analysis
PEOPLE ALSO READ:  Trojan Horses: How It Really Works (+Examples)
Powered by Inline Related Posts

Post navigation

← Initial SQL Slammer Infection: How It Is Done
Local Area Networks: What You Never Knew (+Examples) →

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

CHECK THIS

WE GOT YOU COVERED

ads

You may also like

  1. The Ultimate Online Privacy Guide for Journalists
  2. Differences Between Wireless And Wired LANs
  3. How To Establish Incident Response Capability
  4. Understanding Diamond Model Of Intrusion Analysis

SEARCH THROUGH OUR BLOG

HOST WITH REST OF MIND

truehost

NAVIGATE HERE

WE GOT YOU COVERED

ads
© 2025 CRMNUGGETS | Powered by Minimalist Blog WordPress Theme