1.2 Network Topology Architectures

The CCNA exam tests your understanding of common network architecture designs and when to use each one. Different network sizes and requirements call for different topological approaches.

Three-Tier Architecture (Traditional Enterprise)

The three-tier architecture is the classic enterprise campus network design, dividing the network into three distinct layers:

Access Layer

• Where endpoints connect to the network
• Layer 2 switches with 24-48 ports each
• Provides PoE (Power over Ethernet) for phones and APs
• VLAN assignment, port security, 802.1X authentication
• First point of entry for user traffic

Distribution Layer

• Aggregation point for access layer switches
• Layer 3 switches performing inter-VLAN routing
• Policy enforcement: ACLs, QoS marking
• Route summarization toward the core
• Redundant uplinks to core layer

Core Layer

• High-speed backbone connecting distribution blocks
• Fastest switching hardware (high throughput, low latency)
• Minimal policy processing—speed is the priority
• Never perform packet filtering here (ACLs add latency)
• Redundant links and devices for maximum availability

When to Use Three-Tier:

• Large campus networks with hundreds or thousands of users
• Multiple buildings or floors requiring separate distribution blocks
• Environments where clear separation of function is needed

Two-Tier Architecture (Collapsed Core)

The two-tier or collapsed core architecture combines the core and distribution layers into a single layer. This is appropriate for smaller networks where a full three-tier design would be overengineered.

Spine-Leaf Architecture (Data Center)

The spine-leaf topology is the modern standard for data center networks. It provides predictable latency and high bandwidth for east-west traffic (server-to-server within the data center).

Design Principles:

• Every leaf switch connects to every spine switch
• No direct leaf-to-leaf or spine-to-spine connections
• Exactly two hops between any two servers (leaf → spine → leaf)
• Equal-cost multipathing (ECMP) across all spine links

Spine Switches (Backbone):

• High-capacity switches that interconnect all leaf switches
• Only connect to leaf switches, never to endpoints
• Typically 2-4 spine switches for redundancy

Leaf Switches (Access):

• Connect directly to servers, storage, and other endpoints
• Also connect to external networks (WAN, internet) via border leaf
• Every leaf has identical uplinks to every spine

Why Spine-Leaf for Data Centers:

• Predictable latency — always exactly 2 hops between any two endpoints
• No STP — all links are active (Layer 3 point-to-point between spine and leaf)
• Easy to scale — add more leaf switches for more ports, more spine switches for more bandwidth
• Handles east-west traffic — modern applications communicate server-to-server more than client-to-server

On the Exam: Understand that spine-leaf eliminates STP by using Layer 3 point-to-point links between every spine and leaf switch. This is a fundamental difference from traditional hierarchical designs.

SOHO (Small Office / Home Office)

A SOHO network is a simple network design for home offices or very small businesses (1-10 users).

Typical SOHO Setup:

• Single multi-function device that combines: router + switch + wireless AP + firewall
• ISP connection via cable modem, DSL modem, or fiber ONT
• NAT to share one public IP address among all internal devices
• Built-in DHCP server for automatic IP assignment
• Simple Wi-Fi with WPA2/WPA3 security

WAN (Wide Area Network)

A WAN connects geographically separated LANs. WANs extend the network beyond the local campus.

Common WAN Technologies:

On-Premises vs. Cloud

Hybrid deployments combine on-premises and cloud infrastructure, keeping sensitive workloads on-premises while leveraging cloud for scalability and disaster recovery.