Learning has never been so easy!
In this how-to I will describe what the term Router on a Stick means and also how to configure it. This how-to is designed for basic users, but can be used as a guide by senior admins that just forgot how to set it up or what it is. Please leave your feedback in the comments at the bottom.
What is Router on a Stick (ROAS).
A ROAS is used within a small to mediam sized organization that needs to implement inter-VLAN routing. What that means is simply routing withing your network between VLANS. Like having a VLAN for your Servers and also one for your client Data. You need a router to be able to route between the two VLANS or you can use a Layer 3 switch. Using the Layer 3 switch is NOT (ROAS). So I will not be covering it in this how-to.
A ROAS is used within a small to mediam sized organization that needs to implement inter-VLAN routing. What that means is simply routing withing your network between VLANS. Like having a VLAN for your Servers and also one for your client Data. You need a router to be able to route between the two VLANS or you can use a Layer 3 switch. Using the Layer 3 switch is NOT (ROAS). So I will not be covering it in this how-to.
In this how-to I will be using the following devices:
1 Cisco Router named - R1
1 Cisco Switch named - S1
1 PC named - PC1
1 Server named - SRV1
**Note that the link between SW1 and R1 is a trunk link.
1 Cisco Router named - R1
1 Cisco Switch named - S1
1 PC named - PC1
1 Server named - SRV1
**Note that the link between SW1 and R1 is a trunk link.
The VLAN configuration is as follows:
VLAN 10 = Data
VLAN 20 = Servers
VLAN 10 = Data
VLAN 20 = Servers
**Note you can add as many VLANS as you wish, but the more VLANS = More subinterfaces on your router which can burden your router. So if more then 10 VLANS, best to you a L3 Switch.
A router with one VLAN interface is needed to connect to the SVI on a switch. A switch with a port that is configured as trunk is needed to connect to a router. Refer to the exhibit. A network administrator needs to configure router-on-a-stick for the networks that are shown.
The IP addressing is as follows:
VLAN 10 = 172.10.2.0/23 (255.255.254.0)
VLAN 20 = 172.10.4.0/23 (255.255.254.0)
VLAN 10 = 172.10.2.0/23 (255.255.254.0)
VLAN 20 = 172.10.4.0/23 (255.255.254.0)
8 Steps total
Step 1: Overview of the Network
This step is just an overview of what we are working with. Click the image so you can get an understanding of what is being done here and how you can physically connect them.
Step 2: Physicaly connect all your devices
Grab a straight-through cable and connect it to port FA0/0 on R1. Connect the other end of that cable to port FA0/1 on S1.
Grab two more straight-through cables and connect one to the PC and one to the Server.
The Server will connect to port FA0/20 on S1
The PC will connect to port FA0/10 on S1
The PC will connect to port FA0/10 on S1
Step 3: Configure IP addresses on the PC and Server.
In this step all we have to do is configure the PC and Server with their proper IP addresses. In this guide i just staticaly set them but you might also be using DHCP.
However you need to configure your IP addresses for the PC and Server do so now.
However you need to configure your IP addresses for the PC and Server do so now.
PC:
IP add: 172.10.2.10
Mask: 255.255.254.0
Default Gateway: 172.10.2.1
IP add: 172.10.2.10
Mask: 255.255.254.0
Default Gateway: 172.10.2.1
SRV:
IP add: 172.10.4.10
Mask: 255.255.254.0
Default Gateway: 172.10.4.1
IP add: 172.10.4.10
Mask: 255.255.254.0
Default Gateway: 172.10.4.1
Step 4: Configure the VLANs on the switch.
Now that everything is cabled we can start configuring the switch.
** Note that as of now, the Router still has no configuration so don't be alarmed if nothing is working.
** Note that as of now, the Router still has no configuration so don't be alarmed if nothing is working.
Create the VLANs on the layer 2 switch:
Create VLAN 20 for Servers
S1(config)#vlan 20
S1(config-vlan)#name Servers
S1(config-vlan)#exit
Create VLAN 20 for Servers
S1(config)#vlan 20
S1(config-vlan)#name Servers
S1(config-vlan)#exit
Create VLAN 10 for Data
S1(config)#vlan 10
S1(config-vlan)#name Data
S1(config-vlan)#exit
S1(config)#vlan 10
S1(config-vlan)#name Data
S1(config-vlan)#exit
You can see from the image that the VLANs exist on the switch, but their is no interfaces (switchports) assigned to the VLANs.
Step 5: Apply switch interface to VLAN and set to access.
Now that the VLANs are configured we need to move some switch ports into the VLANs. In this example port fa0/10 belongs to VLAN 10 (Data) and port fa0/20 belongs to VLAN 20 (Servers).
Both of these ports will also be hard coded as access ports.
By hard coding them as access ports, another switch can't be plugged into the port and act as a Trunk.
Both of these ports will also be hard coded as access ports.
By hard coding them as access ports, another switch can't be plugged into the port and act as a Trunk.
S1(config)#int fa0/20
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 20
S1(config-if)#exit
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 20
S1(config-if)#exit
S1(config)#int fa0/10
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10
S1(config-if)#exit
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10
S1(config-if)#exit
Now as you can see in the image that the two interfaces are part of their proper VLANs.
Step 6: Configure the Trunk port from Switch to Router
Now that the VLANS are configured in the switch database we can configure the Trunk link between the switch and router.
**Refer to the image in step 1 to locate the trunk link.
**Refer to the image in step 1 to locate the trunk link.
S1(config)#int fa0/1
S1(config-if)#switchport mode trunk
S1(config-if)#exit
S1(config-if)#switchport mode trunk
S1(config-if)#exit
Now we can confirm the trunking encapsulation which now defaults to 802.1q.
S1(config)#do show interface fa0/1 switchport
Step 7: Configure sub-interfaces on the Router
In this step we can now start to complete our ROAS setup. By creating sub-interfaces on the router, the VLANs have a default gateway, enabling you to forward between VLANs.
First we have to tell fa0/0 to not have use an IP address, and also to turn on the physical interface.
R1(config)#int fa0/0
R1(config-if)#no ip address
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config-if)#no ip address
R1(config-if)#no shutdown
R1(config-if)#exit
Now we can configure the sub-interfaces on the router.
We will start with VLAN 10.
We will start with VLAN 10.
R1(config)#int fa0/0.10
R1(config-subif)#encapsulation dot1q 10
*what that line means: dot1q is the trunking protocol, and 10 is the VLAN ID.
R1(config-subif)#ip address 172.10.2.1 255.255.254.0
R1(config-subif)#no shutdown
R1(config-subif)#exit
R1(config-subif)#encapsulation dot1q 10
*what that line means: dot1q is the trunking protocol, and 10 is the VLAN ID.
R1(config-subif)#ip address 172.10.2.1 255.255.254.0
R1(config-subif)#no shutdown
R1(config-subif)#exit
Now VLAN 20
R1(config)#int fa0/0.20
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip address 172.10.4.1 255.255.254.0
R1(config-subif)#no shutdown
R1(config-subif)#exit
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip address 172.10.4.1 255.255.254.0
R1(config-subif)#no shutdown
R1(config-subif)#exit
We can now confirm the settings. Notice the two subinterfaces and both status show as up/up.
R1(config)#do show ip interface brief
Step 8: Confirm routing between VLANs.
So now that everything has been setup properly we can confirm routing between the VLANs simply by issuing a ping command from the PC to the Server and vice-versa.
PC>ping 172.10.4.10
Server>ping 172.10.2.10
As you can see from the image we have successfully configured our inter-VLAN routing.
So that is how you configure Router-On-A-Stick, pretty simple eh?
As mentioned above this is NOT a good solution for big networks but for your average small - medium sized organization this will do the trick of routing between VLANs without a Layer 3 switch.
Please feel free to leave comments at the bottom.
Thank you for reading this paper.
References
- The Cisco documentation on Inter-VLAN routing
15 Comments
- Thai PepperOrtrigger Nov 1, 2013 at 09:47pmWell done. It was thorough but simple enough that a new guy can follow what's going on.
- Macehsc5775 Nov 1, 2013 at 09:50pmwow, great work
this How To is really extensively
thx - HabaneroDuffney Jan 25, 2014 at 09:51pmGreat write up, glad to see someone else is writing network guides. :P
- JalapenoSVITPRO Sep 25, 2014 at 11:09pmExactly what i was looking for. Very clear and concise tutorial.
- Pimientomanuelpereira Oct 7, 2014 at 01:56pmI am configuring everything, what this says, but still can not ping the other devices...help..
- JalapenoSVITPRO Oct 10, 2014 at 10:51pmI want to have 3 subnets and I want to trunk three more switches to the main switch that trunks with the router (SW1 Vlan10, SW2 Vlan 20, SW3, Vlan 30).how different is the set up? I want to do this because we have more clients than 1 swith can hold.Please explain thanks
- Pimientoalladinbroola Nov 20, 2014 at 05:44amWell explained and understandable.Thank you so much this is a great help
- Pimientoasimroy Dec 16, 2015 at 12:18amThanks a bunch. Very simple writing and understandable.
God bless you in writing in this way to enlighten others. - PimientoAllen Visser Oct 24, 2017 at 10:06amGreat simple example. Saved me the time of having to eat thru endless Cisco pages while rushing to prep for my next CCNP exam. Thanks!
- PoblanoC. P. Nov 13, 2017 at 04:39pmHi pstonge!
Great how-to!But I still have one noob question.
It can be done in a network with layer 2 switches?
Than you! - Tabascoyankeelady2015 Jan 6, 2018 at 03:41amExcellent write up....Excellent job! Your instructions are very clear and detailed. Thank you for sharing.
- Pimientomarkhardy3 Aug 10, 2018 at 09:46amReally excellent tutorial. Thank you for taking the time to explain every step so clearly and concisely.
- DatilKrasimirPetrov_ Oct 31, 2018 at 02:31amGood read. Thank you very much for sharing.
Excellent tutorial - SerranoRuiconman1 Dec 2, 2018 at 07:47pmgreat work
this How To is really extensively
thank you - Pimientospicehead-nwuvi Feb 12, 2019 at 09:27pmi was not able to ping and i thought i had everything copied correct but i had my cables for vlan 10 and 20 swapped. so when i entered the default gateways into the router, it didnt work. so i swapped them and voila. so to answer manuelpereira , you may have to check your default gateways or cables and make sure your addresses are set correct.