Design Guide

LAN Baseline Architecture Overview—Branch Office Network

OL-11333-01

Multilayered Branch Architecture

• Network Admission Control (NAC) to protect against viruses

With many of these services provided at the access layer, the best design practice should integrate all

these services seamlessly either at Layer 2 or Layer 3 access. The following sections provide more

details of the considerations that go into the design of an access layer and the various elements of the

access layer.

Layer 2 versus Layer 3 at Access Layer

There are two options for the switches in the access layer. The first option is to use Layer 2 at the access

layer, and the second option is to enable routing and to use VLANs to place users in different groups at

the access layer. These two options are shown in

Figure 3.

Figure 3 Layer 2 versus Layer 3 at the Access Layer

Layer 2 Access

Traditionally, the switches deployed at the access layer operate at Layer 2, which can result in the

following two spanning tree issues for some customers:

• Troubleshooting is more difficult

• Convergence in high availability designs can take longer in case of switch or link failure

These problems arise in a traditional, highly-available architecture. In a traditional design, two

distribution switches and an access switch are involved with a Layer 2 loop, as shown in

Figure 4.

29xx or 35xx

Access Switches

Access

Distribution

Layer 3

Layer 2 at Access

Layer 3 at Access

Core

Edge

3560 and

above

Core

Edge

AccessPoint

180056