Router on a Stick Configuration

In any network, a VLAN is used to segment the network. Users in a particular VLAN will not have access to resources in other VLANs.
For host devices in one VLAN to be able to communicate with hosts on another VLAN, a router will be needed to forward the traffic from one VLAN to another. This is because each VLAN has its own broadcast domain.
In a network with two or three VLANs, it is possible to use individual router interfaces to handle traffic from each VLAN in the network. However, as the number of VLANs increases, this becomes inefficient as the router has limited physical interfaces. One solution to this problem is to replace the router with a Layer 3 switch and use the Layer 3 switch to implement inter-VLAN routing. However, this is expensive, especially when the network has not grown very big.

The most cost-effective way to achieve inter-VLAN routing is by implementing Router on a stick configuration. Here, instead of using each router’s physical interfaces to carry traffic from a specific VLAN, we create router sub-interfaces and then use each sub-interface to carry traffic from one VLAN to another.
In this post, I will guide you through the process of implementing inter-vlan routing using a router in a stick configuration using a sample network topology.

Network Topology

The network topology we will be making use of in this post is shown below. As you can see, it consists of two VLANs that are connected to the router using one physical interface through the switch. In these demonstrations, we will create two sub-interfaces on the router so that hosts in each VLAN can use one sub-interface to forward traffic to the other VLAN.

Network topology for router on a stick configuration

Router on a Stick Configuration: Steps

Here are steps to implement Router on a Stick Configuration using the network topology shown above.

Step 1: Create the Router sub-interfaces

Firstly, Bring the ethernet0/0 interface of router1 up.

R1(config)#interface ethernet0/0
R1(config-if)#no shutdown
R1(config-if)#exit

Then configure sub-interfaces ethernet0/0.10, enable dot1q encapsulation, and assign it to VLAN10. Put the IP 192.168.12.1/24 on interface ethernet0/0.10.

R1(config)#interface ethernet0/0.10
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip address 192.168.12.1 255.255.255.0
R1(config-subif)#no shutdown                          
R1(config-subif)#exit

Configure sub-interfaces ethernet0/0.20, enable dot1q encapsulation, and assign it to VLAN20. Put the IP 192.168.21.1/24 on interface ethernet0/0.20.

R1(config)#interface ethernet0/0.20
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip address 192.168.21.1 255.255.255.0
R1(config-subif)#no shutdown
R1(config-subif)#exit

Step 2: Create the Necessary VLANs

Configure VLAN10 and VLAN20 on SW1

SW1(config)#vlan 10
SW1(config-vlan)#name Sales
SW1(config-vlan)#exit
SW1(config)#vlan 20
SW1(config-vlan)#name Engineer
SW1(config-vlan)#exit

Step 3: Configure Trunks ports

Configure ethernet0/0 on SW1 as a trunk port

SW1(config)#interface ethernet0/0
SW1(config-if)#switchport trunk encapsulation dot1q 
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed vlan 10,20
SW1(config-if)#no shutdown
SW1(config-if)#exit

Step 4: Configure access port

Put interface ethernet0/1 on VLAN10 and interface ethernet0/2 on VLAN20 and do those ports as access ports.

SW1(config)#interface ethernet0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10                
SW1(config-if)#no shutdown
SW1(config-if)#exit

SW1(config)#interface ethernet0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 20
SW1(config-if)#no shutdown 
SW1(config-if)#exit

Step 5: Configure the host devices

As shown in the network topology, we will be using R2 and R3 as the host devices on VLAN10 and VLAN20, respectively.

On R2, disable the routing table, configure the IP address on Ethernet0/0, set the IP gateway on R2, and try to ping the gateway.

R2(config)#no ip routing

R2(config)#interface ethernet0/0
R2(config-if)#ip address 192.168.12.254 255.255.255.0
R2(config-if)#no shutdown 
R2(config-if)#exit

R2(config)#ip default-gateway 192.168.12.1


R2#ping 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1006 ms

On R3, disable the routing table, configure the IP address on Ethernet0/0, set the IP gateway on R3, and try to ping the gateway.

R3(config)#no ip routing 

R3(config)#interface ethernet0/0
R3(config-if)#ip address 192.168.21.254 255.255.255.0
R3(config-if)#no shutdown 
R3(config-if)#exit

R3(config)#ip default-gateway 192.168.21.1

R3#ping 192.168.21.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.1, timeout is 2 seconds:
!!!!!

 Step 6: Check the routing table on the router

Check the routing on R1

R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.12.0/24 is directly connected, Ethernet0/0.10		<--
L        192.168.12.1/32 is directly connected, Ethernet0/0.10
      192.168.21.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.21.0/24 is directly connected, Ethernet0/0.20		<--
L        192.168.21.1/32 is directly connected, Ethernet0/0.20
========================

As seen above, R1 has added some connected routes in its routing table.

Step 7: Verify Connectivity

From R2, ping R3 and the IP gateway of VLAN20. From R3, ping R2 and the IP gateway of VLAN10.

R2#ping 192.168.21.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
R2#ping 192.168.21.1  
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R3#ping 192.168.12.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
R3#ping 192.168.12.1  
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

Related Content;

How to Configure Inter VLAN Routing on Cisco Layer 3 Switch

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top