Cisco has developed a guide, called the Cisco SAFE Blueprint, of best practices for designing and securing networks. The Cisco SAFE Blueprint addresses design issues by dividing a large network into layers of modularity. This modular approach helps to ensure that proper consideration is provided to each critical part of the network at the time of design, and it provides scalability. As introduced in Chapter 1, "Network Design," the Cisco Enterprise Composite Network Model is the name given to the architecture used by the SAFE blueprint. At the highest layer, this model divides an enterprise network into the following three main functional areas:
At the second layer of modularity, shown in Figure 4-10, the Enterprise Campus functional area is subdivided into multiple modules, which are listed in Table 4-2. Some of the key devices in each of those modules are listed in Table 4-2, as are some security design considerations. Figure 4-10. Enterprise Campus Module Details
Removing some of the complexity of the redundancy presented in Figure 4-10 and integrating as many elements of security discussed in this chapter, a campus network design might look like what is shown in Figure 4-11. Figure 4-11. Enterprise Campus Network DesignFor more information on the Cisco Secure Blueprint for Enterprise Networks (SAFE) white paper, visit the http://www.cisco.com/go/safe. In addition to SAFE, Cisco has been promoting the self-defending network concept. The philosophy for a self-defending network is to have security present in every aspect of an organization. In a self-defending network, every device, from the desktop PC through the LAN infrastructure and across the WAN, plays a role in securing the network. For more on self-defending networks, visit the Cisco website. This chapter explores the following critical elements of campus security that make up the Self-Defending Network philosophy of Cisco:
|