The network access layer, or network edge, is where users or endpoints connect to the network.
Users connect to the network through a Gigabit ethernet port or 802.11 wireless. Whilst in most cases the users will not require the full bandwidth made available to them through the network port, there is the headroom available for when it is required (for example transferring or receiving a large file) when required by the user.
The access layer can be extended out by an additional access layer too, a wireless access point connected to an access layer switch, or a VoIP phone that provides an ethernet port on the device itself are examples of this.
The access layer can be divided into segments so different devices can be put into separate networks. This can be for performance, security or management reasons.
In a hierarchical LAN design, access switches are not connected to each other. For one access switch to communicate with another access layer switch, it must go through a distribution layer switch.
The access layer has an important role in that it needs to ensure that the network is protected from malicious attacks as it is where users and visitors plug into the enterprise network.
Examples of protection can be that devices connecting to the network are not given access to services for which they may not be authorised to access.