NetworkingCCNA

CCNA Network Topologies: Two-Tier, Three-Tier, Spine-Leaf & WAN

Network topology is the physical and logical layout of how devices connect. The CCNA 200-301 exam tests your ability to identify and compare network topology models — two-tier (collapsed core), three-tier (core/distribution/access), spine-leaf, WAN topologies, SOHO networks, and on-premises vs cloud deployments. Each topology exists because of specific scale, redundancy, and cost trade-offs. Knowing why each design exists is as important as knowing what it looks like.

9 min

5 sections · 5 exam key points

5 practice questions

Three-tier campus design: Access, Distribution, Core

The three-tier model is the traditional enterprise campus architecture. The access layer is where end devices connect — desktops, phones, printers — through Layer 2 switches. The distribution layer aggregates access layer switches, enforces policy with ACLs, and routes between VLANs using Layer 3 switches. The core layer provides fast, redundant transport between distribution blocks and connects to the WAN and data center.

The key principle is that each layer has a specific function. Access layer switches don't route; they switch. Distribution switches don't connect to end users; they aggregate and route. Core switches move traffic as fast as possible with minimal processing — no ACLs, no NAT, just fast routing between distribution blocks.

Three-tier makes sense when a campus is large enough that a single distribution layer would become a bottleneck. Mid-size to large enterprise campuses with multiple buildings use this model. The redundancy built into each layer — dual links from access to distribution, dual links from distribution to core — ensures no single link failure takes down a segment.

Two-tier (collapsed core) design

In a two-tier or collapsed core design, the core and distribution layers are merged into a single layer. Access switches connect directly to distribution/core switches that also handle the inter-site or WAN connectivity. This removes one tier, reducing hardware cost and complexity.

Two-tier works for small to medium campuses where the traffic volume doesn't justify a dedicated core layer. The access layer still connects end users; the collapsed distribution/core layer handles routing, policy, and WAN connectivity. Most branch offices and small campuses use this model.

Spine-leaf topology for data centers

Spine-leaf is the dominant data center topology replacing traditional three-tier designs. Every leaf switch connects to every spine switch. No leaf connects directly to another leaf. No spine connects to another spine. This creates a predictable, uniform topology where any server can reach any other server in exactly two hops — one to the leaf, one to the spine, one back to the destination leaf.

The benefit is consistent latency and easy horizontal scaling. Adding capacity means adding a new leaf switch (connected to all spines) or a new spine switch (connected to all leaves). There's no traffic bottleneck at the core because all spine switches share load equally. This is why hyperscale data centers and cloud providers use spine-leaf almost exclusively.

For CCNA, understand the contrast: in a three-tier data center design, east-west traffic (server to server) travels up to the core and back down — three hops, unpredictable latency. In spine-leaf, east-west traffic is always exactly two hops.

WAN topologies: Hub-and-spoke, point-to-point, full mesh

WAN topologies describe how geographically distributed sites connect. A hub-and-spoke (or star) topology has a central hub site — usually headquarters — with spoke sites connecting to it. All inter-spoke traffic routes through the hub. Simple and cost-effective but creates a single point of failure at the hub.

A point-to-point topology connects two sites with a dedicated link. Predictable performance, easy to manage, but doesn't scale — N sites require N*(N-1)/2 links for full mesh. A full mesh gives every site a direct connection to every other site, maximizing redundancy and performance, but the link count becomes expensive at scale.

A partial mesh is the common compromise — key sites have direct links to multiple other sites; less critical sites use hub-and-spoke. Modern enterprises often replace dedicated WAN links with SD-WAN overlays over broadband internet.

SOHO and cloud network models

A Small Office/Home Office (SOHO) network is the simplest topology: a broadband router/modem connects to the ISP, a small switch or built-in switch ports connect wired devices, and a built-in wireless radio connects Wi-Fi clients. The router provides DHCP, NAT, and basic firewall. There is no dedicated distribution or core layer.

Cloud networking extends the on-premises topology into public cloud. A Virtual Private Cloud (VPC on AWS, VNet on Azure) acts like an on-premises network — you define subnets, route tables, and security groups. Site-to-site VPNs or dedicated connections (AWS Direct Connect, Azure ExpressRoute) bridge on-premises and cloud networks. Understanding this hybrid model is increasingly tested on CCNA.

Topology comparison

Topology	Layers/hops	Best for	Key trade-off
Three-tier campus	Access → Distribution → Core	Large enterprise campus	Higher cost, maximum scalability
Two-tier (collapsed core)	Access → Distribution/Core	Small-medium campus, branch	Lower cost, simpler, less scalable
Spine-leaf	Leaf → Spine → Leaf (2 hops)	Data center	Predictable east-west latency, easy scale
Hub-and-spoke WAN	Spoke → Hub → Spoke	Branch networks	Simple, cheap, hub is single point of failure
Full mesh WAN	Site ↔ Site (direct)	Critical multi-site	Maximum redundancy, expensive at scale
SOHO	Router/switch/AP combined	Home, small office	Minimal cost, no enterprise features

Key exam facts — CCNA

Three-tier: access (end users) → distribution (routing, policy) → core (fast transport)
Two-tier collapses distribution and core into one layer — saves cost, reduces scale
Spine-leaf: every leaf connects to every spine, no leaf-to-leaf, always 2 hops east-west
Hub-and-spoke WAN: all traffic routes through the hub; hub failure isolates all spokes
SOHO uses a single combo device for routing, switching, and wireless

Common exam traps

The core layer is where end users connect

End users connect at the access layer. The core layer is dedicated to fast transport between distribution blocks — it should not perform complex processing like ACLs.

Spine-leaf is just a newer name for three-tier

Spine-leaf was specifically designed to eliminate the three-tier bottleneck in data centers. It guarantees two-hop east-west paths; three-tier data centers have variable hop counts.

A full mesh WAN is always better than hub-and-spoke

Full mesh offers the best redundancy but requires N*(N-1)/2 links. For 10 sites that's 45 links. Hub-and-spoke needs only 10. Cost and complexity must be weighed against redundancy needs.

Practice questions — Network Topologies

These questions are representative of what you will see on CCNA exams. The correct answer and explanation are shown immediately below each question.

Q1.In a three-tier campus network, which layer connects end-user devices such as PCs and IP phones?

A.Core layer

B.Distribution layer

C.Access layer

D.Spine layer

Explanation: The access layer is where end-user devices connect. The distribution layer aggregates access switches and enforces policy. The core layer provides fast transport between distribution blocks.

Q2.A data center network uses a topology where every leaf switch connects to every spine switch. Traffic between any two servers always takes exactly two hops. Which topology is this?

A.Three-tier

B.Hub-and-spoke

C.Spine-leaf

D.Full mesh

Explanation: Spine-leaf topology ensures every server-to-server path is exactly two hops: source leaf → spine → destination leaf. This provides predictable latency and easy horizontal scaling.

Q3.A small company with 20 employees needs a simple network with routing, switching, and Wi-Fi. Which topology best describes their network?

A.Three-tier campus

B.Spine-leaf

C.SOHO

D.Partial mesh WAN

Explanation: A SOHO network combines routing, switching, and wireless in a single or few devices. It's designed for small offices where enterprise-grade tiered architecture isn't needed.

Q4.Which WAN topology creates a single point of failure at the central site?

A.Full mesh

B.Point-to-point

C.Hub-and-spoke

D.Spine-leaf

Explanation: In hub-and-spoke, all inter-spoke traffic routes through the hub. If the hub site loses connectivity, all spoke-to-spoke communication fails, making the hub a single point of failure.

Q5.A company wants to merge the distribution and core layers to reduce cost. Which design results from this decision?

A.Spine-leaf

B.Three-tier

C.Two-tier (collapsed core)

D.SOHO

Explanation: Collapsing the distribution and core layers into a single tier produces the two-tier or collapsed core design. It reduces hardware cost and complexity while still separating access from the aggregation/routing layer.

Frequently asked questions — Network Topologies

What is the difference between two-tier and three-tier campus design?

Three-tier design has separate access, distribution, and core layers, each with distinct roles. Two-tier (collapsed core) merges the distribution and core into one layer. Three-tier scales better for large campuses; two-tier is simpler and cheaper for small-to-medium deployments.

Why is spine-leaf preferred in modern data centers?

Spine-leaf guarantees exactly two hops between any two servers (leaf → spine → leaf), providing predictable east-west latency. Traditional three-tier data centers have variable hop counts. Spine-leaf also scales horizontally — add a leaf for more servers, add a spine for more bandwidth.

What is a collapsed core?

A collapsed core is a two-tier network design where the core and distribution layers run on the same hardware. Instead of separate core switches, the distribution switches also perform core functions. This reduces cost and complexity for smaller campuses.

How does SOHO differ from enterprise networking?

SOHO uses a single combo device (router + switch + WAP) configured with a consumer-grade web GUI. Enterprise networks use separate, managed devices at each tier with CLI configuration, redundant links, centralized management, and enterprise-grade security features.

What is east-west traffic and why does it matter for topology design?

East-west traffic flows between servers in the same data center (server to server). As applications became more distributed and microservices-based, east-west traffic grew to dominate data center traffic. Spine-leaf was specifically designed to handle east-west efficiently with uniform two-hop paths.

Practice this topic

CCNApractice questions

Test yourself on Network Topologies

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime