The Cisco Enterprise Architecture divides the network into functional components while still maintaining the core, distribution, and access layers. As the figure shows, the primary Cisco Enterprise Architecture modules include:
- Enterprise Campus
- Enterprise Edge
- Service Provider Edge
- Remote
Enterprise Campus
The Enterprise Campus consists of the entire campus infrastructure, to include the access, distribution, and core layers. The access layer module contains Layer 2 or Layer 3 switches to provide the required port density. Implementation of VLANs and trunk links to the building distribution layer occurs here. Redundancy to the building distribution switches is important. The distribution layer module aggregates building access using Layer 3 devices. Routing, access control, and QoS are performed at this distribution layer module. The core layer module provides high-speed interconnectivity between the distribution layer modules, data center server farms, and the enterprise edge. Redundancy, fast convergence, and fault tolerance are the focus of the design in this module.
In addition to these modules, the Enterprise Campus can include other submodules such as:
- Server Farm and Data Center Module - This area provides high-speed connectivity and protection for servers. It is critical to provide security, redundancy, and fault tolerance. The network management systems monitor performance by monitoring device and network availability.
- Services Module - This area provides access to all services, such as IP Telephony services, wireless controller services, and unified services.
Enterprise Edge
The Enterprise Edge consists of the Internet, VPN, and WAN modules connecting the enterprise with the service provider's network. This module extends the enterprise services to remote sites and enables the enterprise to use Internet and partner resources. It provides QoS, policy reinforcement, service levels, and security.
Service Provider Edge
The Service Provider Edge provides Internet, Public Switched Telephone Network (PSTN), and WAN services.
All data that enters or exits the Enterprise Composite Network Model (ECNM) passes through an edge device. This is the point that all packets can be examined and a decision made whether the packet should be allowed on the enterprise network. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) can also be configured at the enterprise edge to protect against malicious activity.