Implementing redundant links at the core layer ensures that network devices can find alternate paths to
send data in the event of a failure. When Layer 3 devices are placed at the core layer, these redundant
links can be used for load balancing addition to providing backup.
Security at the Network Edge
Many of the security risks that occur at the access layer of the network result from poorly secured
end devices. User error and carelessness account for a significant number of network security breaches.
Three types of common security risks that occur at the access layer are as follows:
Providing adequate security for end devices may not be in the scope of a network design project.
Nevertheless, the designer needs to understand the network impact of a security incident, such as a
worm or a Trojan, at an end device. The designer can then better determine which network security
measures to put in place to limit the effects on the network.
Permitting network access to only known or authenticated devices limits the ability of intruders to enter
the network. It is important to apply wireless security measure that follows recommended practices.
Today's networks are more likely to face an attack originating from the access layer of the internal
network than from external sources. Thus, the design of server farm security is different from the older
DMZ model. A layer of firewall features and intrusion protection is required between the servers and the
internal networks, and between the servers and the external users. An additional security layer between
the servers may also be required.
The sensitivity of data stored on the servers and contained in the transactions traveling the network
determines the appropriate security policy for the design of the server farm.
To achieve high availability, servers are redundantly connected to two separate switches at the access
layer. This redundancy provides pa path from the server to the secondary switch if the primary switch
fails. Devices at the distribution and core layers of the server farm network are also redundancy and
Because these servers will form the foundation of our network management and security, we will want
to create a separate management VLAN which is isolated from the resto fo the network by a firewall or
access lists. The rest of the network by a firewall or access lists. The only traffic that we will allow in the
management network is either from the managed devices or protected by encryption.