In which layer of the campus network hierarchy are ACLs and interVLAN routing typically implemented? (Select the best answer.)
The distribution layer of the campus network hierarchy is where access control lists (ACLs) and interVLAN routing are typically implemented. The campus network hierarchy is a design framework that is used to outline different segments of a campus network, how they interact, and best practices for implementation. The campus network hierarchy is broken into three distinct hardware layers: access, distribution, and core.
The distribution layer serves as an aggregation point for access layer network links. Because the distribution layer is the intermediary between the access layer and the core layer, the distribution layer is the ideal place to enforce security policies, provide load balancing, provide Quality of Service (QoS), and perform tasks that involve packet manipulation, such as routing. Because the distribution layer connects to both the access and core layers, it often comprises multilayer switches that can perform both Layer 3 routing functions and Layer 2 switching functions. You should also perform networkbased intrusion prevention in the distribution layer, protecting the access layer devices from threats.
The access layer, which typically comprises Layer 2 switches, serves as a media termination point for endpoints, such as servers and workstations. Because access layer devices provide access to the network, the access layer is the ideal place to perform user authentication and port security. Dynamic ARP Inspection (DAI), Dynamic Host Configuration Protocol (DHCP) snooping, and IP spoofing protection are also typically implemented in the access layer. Although you can use ACLs in the access layer to classify and mark traffic for QoS configurations, interVLAN routing is not typically implemented in the access layer.
The core layer provides fast transport services and redundant connectivity to the distribution layer. The core layer acts as the network’s backbone? thus it is essential that every distribution layer device have multiple paths to the core layer. Multiple paths between the core and distribution layer devices ensure that network connectivity is maintained if a link or device fails in either layer. Because the core layer focuses on low latency and fast transport services, you should not implement mechanisms that can introduce unnecessary latency into the core layer. For example, mechanisms such as processbased switching, packet manipulation, and packet filtering introduce latency and should be avoided in the core layer.
In all three layers, you should use Network Foundation Protection (NFP) best practices. You should also protect against inadvertent loops by using Spanning Tree Protocol (STP). Finally, you should ensure that control plane traffic is filtered and ratelimited.
The Transport layer is an Open Systems Interconnection (OSI) model layer, not a campus network hierarchy layer. Therefore, the Transport layer is not where ACLs and interVLAN routing are typically implemented.