High-level enterprise network design (2-tier, 3-tier, fabric, and cloud)

1.1 Explain the different design principles used in an enterprise network

📘CCNP Encore (350-401-ENCORE-v1.1)

Designing an enterprise network requires selecting a structure (architecture) that supports performance, scalability, reliability, and operation simplicity. Cisco defines several common high-level designs that organizations use depending on their size and technical requirements. The most common designs are:

  • 2-Tier Architecture (Collapsed Core)
  • 3-Tier Architecture (Core, Distribution, Access)
  • Fabric-Based Architecture (SD-Access Fabric)
  • Cloud-Based Architecture (Hybrid, Multi-cloud, Cloud-managed)

Each design affects how traffic flows, how the network scales, and how easy it is to secure and manage. Understanding these is important for the ENCOR exam.

1. 2-Tier Architecture (Collapsed Core)

Overview

A 2-tier architecture is a simplified design where the core and distribution layers are combined into one single layer called the collapsed core. Below it is the access layer, where end devices connect.

It typically includes:

  • Collapsed Core Layer
  • Access Layer

Where It Is Used

  • Small to medium-sized networks
  • Branch sites
  • Smaller campuses
  • Environments with limited traffic loads

Key Characteristics

  • Fewer devices and links
  • Lower cost and less complexity
  • Faster deployment
  • Limited scalability compared to 3-tier

How It Works in an IT Environment

  • Access switches connect to a pair of collapsed-core switches.
  • Routing, policy control, Layer 3 distribution, and sometimes security functions run in the collapsed-core switches.
  • Devices like servers, wireless controllers, or firewalls connect either to access switches or directly to collapsed-core switches.

Exam Tips

  • The term “collapsed core” is another name for 2-tier.
  • Used in networks where high redundancy and large scale are not required.
  • Still supports redundancy using dual-homed access switches.

2. 3-Tier Architecture (Core, Distribution, Access)

Overview

The 3-tier architecture is the traditional and most widely used model for large enterprise networks. It separates functions into three layers:

  1. Core Layer – High-speed backbone
  2. Distribution Layer – Policy, routing, inter-VLAN control
  3. Access Layer – Devices connect here (PCs, IP phones, APs, IoT devices)

Where It Is Used

  • Medium to large enterprise campuses
  • Data-heavy environments
  • Organizations needing more scalability, redundancy, and control

Key Characteristics

  • Clear separation of responsibilities
  • Easier to scale as the network grows
  • Supports advanced routing, redundancy protocols, and QoS
  • Handles large broadcast domains by segmenting networks

How Each Layer Functions in IT

Access Layer

  • Connects endpoints
  • Provides PoE for phones and access points
  • Implements VLANs, port-security, and first-hop redundancy

Distribution Layer

  • Aggregates multiple access switches
  • Performs inter-VLAN routing
  • Implements access control, routing protocols (OSPF, EIGRP), and redundant links
  • Connects to the core layer

Core Layer

  • High-speed, low-latency switching
  • No complex filtering or packet manipulation
  • Designed for maximum uptime and fast forwarding

Exam Tips

  • Exam often focuses on roles of each layer and why separation is important.
  • Core should be fast and simple, distribution is policy and control, access is where devices connect.

3. Fabric-Based Architecture (Software-Defined Access – SD-Access)

Overview

Fabric architecture in enterprise networks refers to a software-defined approach that virtualizes the network. Cisco’s enterprise implementation is SD-Access, using the Cisco DNA Center controller.

A fabric creates an overlay network where endpoints can move anywhere in the network but keep the same identity and access permissions. It uses:

  • Control-plane nodes (mapping endpoints and locations)
  • Border nodes (entry/exit from the fabric)
  • Edge nodes (where endpoints connect)
  • Fabric wireless integration
  • Underlay network (basic IP connectivity)

Where It Is Used

  • Modern enterprise campuses
  • Organizations needing automation and secure segmentation
  • Networks with many mobile users and devices

Key Characteristics

  • Centralized automation through DNA Center
  • Micro-segmentation using scalable group tags (SGTs)
  • Consistent policies across wired and wireless
  • Overlays and underlays
  • VXLAN used as the encapsulation technology

Fabric Operational Concepts

  • The underlay is a simple routed network, often using IS-IS or OSPF.
  • The overlay uses VXLAN tunnels between fabric nodes.
  • The control plane uses LISP to track endpoints.
  • DNA Center automates provisioning, segmentation, and assurance.

Exam Tips

  • Know the difference between underlay vs overlay.
  • SD-Access uses VXLAN + LISP + Cisco DNA Center.
  • Fabric allows user and device isolation without redesigning VLANs.
  • Endpoints can move anywhere while keeping their security policies.

4. Cloud-Based Enterprise Network Design

Overview

Cloud networking integrates on-premises networks with cloud platforms such as:

  • Cisco Meraki Cloud-managed networks
  • Cisco SD-WAN (Viptela)
  • Public cloud providers (AWS, Azure, Google Cloud)
  • Hybrid cloud and multi-cloud models

Cloud networking shifts management, routing, or infrastructure to cloud-based controllers.

Where It Is Used

  • Organizations with remote sites
  • Environments adopting SaaS/IaaS
  • Branch networks requiring centralized control
  • Businesses wanting to reduce physical hardware

Key Characteristics

  • Cloud-managed devices (Meraki switches, APs, firewalls)
  • Centralized dashboards for configuration and monitoring
  • Zero-touch provisioning for new sites
  • Traffic optimization using SD-WAN overlays
  • Direct internet access to cloud applications

Types of Cloud Networking

Cloud-Managed

  • Devices remain on-premises
  • Configuration and monitoring handled in the cloud
  • Example: Cisco Meraki Dashboard

Cloud-Supported Infrastructure

  • Controllers run in the cloud
  • Devices operate locally
  • Example: Cisco DNA Center Cloud-hosted

Hybrid or Multi-Cloud

  • Workloads and applications spread across multiple cloud providers
  • SD-WAN ensures secure, optimized connectivity between them

Exam Tips

  • Understand how SD-WAN supports cloud adoption.
  • Cloud-managed networks rely on central controllers rather than local CLI configs.
  • Cloud designs focus on scalability, automation, and simplified operations.

Comparison Summary

ArchitectureBest ForKey Features
2-TierSmall/medium networksSimple, cost-effective, collapsed-core, limited scalability
3-TierLarge campus networksCore/distribution/access separation, scalable, resilient
Fabric (SD-Access)Modern enterprisesAutomated, policy-based, overlay/underlay, VXLAN, DNA Center
CloudDistributed & cloud-focused orgsCloud-managed, SD-WAN, centralized management, hybrid support

What You Must Know for the CCNP ENCOR Exam

✔ Roles and functions of access, distribution, and core layers
✔ When to use 2-tier vs 3-tier
✔ Concepts of fabric, including:

  • Underlay
  • Overlay
  • Control plane
  • VXLAN
  • LISP
  • DNA Center
    ✔ Cloud networking design principles
    ✔ How SD-WAN and cloud management support enterprise designs
    ✔ Differences between traditional and software-defined architectures
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by