Enterprise SAFE block diagram

Enterprise SAFE block diagram
Figure 12.13 shows a much clearer breakout of the actual modules inside SAFE that need to
be managed and secured. Each module has its own threats and protection issues. It is not
expected that every network would be built using all modules, but rather that this provides a
framework for understanding the security issues involved and isolating them.
From the perspective of the Cisco CCNP training program, we need to focus in again, this
time looking in a little more detail at the Campus Module, as shown in Figure 12.14.
Note that the Campus Module contains a number of smaller modules, each of which is associated
with a specific function:
Management Module Designed to facilitate all management within the campus network as
defined by the SAFE architecture. The Management Module must be separated from the managed
devices and areas by a firewall, by separate VLANs, and by separate IP addresses and subnet
allocation.
Building Module SAFE defines the Building Module as the part of the network that contains
end-user workstations and devices plus the layer 2 access points. Included in this are the Building
Distribution Module and Building Access Module.
Building Distribution Module This module provides standard distribution layer services to
the building switches, including routing, access control, and, more recently, QoS (quality of
service) support.
Building Access Module The Building Access Module defines the devices at the access
layer, including layer 2 switches, user workstations, and, more recently, IP telephones.
Core Module This module follows the principles of the core part of the standard Cisco threelayer
module, focusing on transporting large amounts of traffic both reliably and quickly.
Server Module The main goal of the Server Module is to provide access to the application services
by end users and devices.

454