Cisco’s Hierarchical Network Design Model

Distribution Layer

The distribution layer of the Cisco model acts as the intermediary or demarcation point between the core and access layers. It is at this layer that routing is usually handled, between the access layer, the core layer, and between the different access layer broadcast domains. Other functions of the distribution layer include route aggregation and redistribution, media translation, implementation of security policies, and broadcast domain definition.

Address aggregation involves setting up a network addressing scheme such that multiple networks may exist behind a single routing table entry. This helps make routing tables smaller and more efficient. On IP networks, this is usually a function of the routing protocol used, and the use of addressing schemes that incorporate Variable Length Subnet Masks (VLSM) and/or Classless Inter-Domain Routing (CIDR). VLSM is a special way of designing IP addressing with custom subnet masks, while CIDR provides the ability to aggregate ranges of addresses – both will be discussed in detail in Chapter 5. Route redistribution is a process by which the networks learned by one routing protocol are shared with another routing protocol, a concept that will be explored in more detail in Chapter 8.

Media translation involves just what the name suggests – for example, the distribution layer would be the point at which your network transitions between Cat5 Ethernet LANs and on to your fiber-optic backbone.

Security policies (in the form of ACLs or Access Control Lists) are usually implemented at the distribution layer as well. Configured on routers, these lists allow you to filter the types of traffic that users or systems are allowed to pass between connected networks. For example these lists might allow only certain systems or applications the ability to transfer data between subnets.

Finally, the distribution layer is also where broadcast domains interconnect. Routers act as the demarcation points between broadcast domains, since a router is configured not to allow broadcast traffic to pass by default.

Access Layer

The access layer of the Cisco model represents the point where network users gain access to local resources. High bandwidth is provided at the distribution layer through the use of switches, which help to separate hosts into smaller collision domains. Often referred to as the workgroup layer, the access layer also provides network access to smaller home or branch offices by way of Frame Relay, ISDN and demand-dial connections.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.