In this post I will explain how to provide routing between two VLANs on a simple Layer 2 switch using a Cisco router with just one interface. This is called also Router-on-a-stick. This configuration is usually asked as a question in CCNA exams, so I hope it will be helpful for people preparing for certification. Lets see the diagram below to get us started:
A Cisco Layer 2 switch carries two VLANs (VLAN 10 – RED and VLAN 20 – GREEN) with two hosts connected on them as shown on the diagram above. The first host belongs to Network 10.10.10.0/24 (VLAN10) and the second one to 20.20.20.0/24 (VLAN20). By default, if the switch is just a normal Layer 2 switch the two hosts can not communicate between them because they belong to different VLANs and there is no routing. Thus, if we want to provide network connectivity between the two VLANs we need to have a Layer 3 engine somewhere in the network. This can be accomplished either if the switch is Layer 3 or if there is a router in place. In our example we use a router to provide Layer 3 connectivity as shown in our diagram.
The router uses just a single interface connected to a trunk port on the switch. The Router interface can be divided into two subinterfaces, with each subinterface belonging to the appropriate VLAN. The switch port connected to the router must be a trunk in order to be able to carry both VLANs towards the router port. Lets see the configuration below:
SWITCH CONFIGURATION
# conf t
(config)# vlan database
(config-vlan)# vlan 10 name RED
(config-vlan)# vlan 20 name GREEN
(config-vlan)# exit
(config)# interface FastEthernet1/0/1
(config-if)# description trunk-to-router-on-a-stick
(config-if)# switchport trunk encapsulation dot1q
(config-if)# switchport mode trunk
(config-if)# exit
(config)# interface FastEthernet1/0/2
(config-if)# description connection-to-RED-VLAN
(config-if)# switchport mode access
(config-if)# switchport access vlan 10
(config-if)# exit
(config)# interface FastEthernet1/0/3
(config-if)# description connection-to-GREEN-VLAN
(config-if)# switchport mode access
(config-if)# switchport access vlan 20
(config-if)# exit
(config)# exit
# copy run start
ROUTER CONFIGURATION
# conf t
(config)# interface fastethernet 0/0.10
(config-if)# encapsulation dot1q 10
(config-if)# ip address 10.10.10.2 255.255.255.0
(config-if)# exit
(config)# interface fastethernet 0/0.20
(config-if)# encapsulation dot1q 20
(config-if)# ip address 20.20.20.2 255.255.255.0
(config-if)# exit
Now, in order for the two hosts to communicate between them, they must set as default gateway the IP address of the corresponding router subinterface address (e.g for host in VLAN 10 the gateway must be 10.10.10.2 and for host in VLAN 20 the gateway must be 20.20.20.2).
Related posts:
- How to configure a Cisco Layer 3 switch-InterVLAN Routing
- How to Configure VLANs on a Cisco Switch
- Basic Cisco Switch Configuration
- Private Vlan Configuration
- Configuring a Cisco Catalyst Switch SPAN mirroring port
- Cisco Router 851 – 871 Interfaces and Basic Configuration
- Deleting the VLAN Database from a Cisco Switch
17 Responses to 'Cisco Router-on-a-stick with Switch'
Leave a Reply
Configuration Tutorial For Cisco ASA 5500 Firewalls
With FREE ASA 5505 Configuration Tutorial Bonus
CLICK HERE TO DOWNLOAD EBOOKS
Thanks, this is perfect. If only Cisco had published this in their switching book.
thanks for saving me
this tutorial really helps me.
would this work with a layer 2 dell switch 3524?
If the switch support Dot1Q trunking then it will work
Great posting, very helpful.
Hi,
I’m new to networks, and I’m trying to configure router-on-a-stick w/ switch using a Cisco Catalyst 2960 switch and C7206 router.
I tried running through those commands but got stuck with the “switchport trunk encapsulation dot1q” line. I’m guessing the switch doesn’t support “dot1q” like you said earlier.
Is there an alternative way to still configure router-on-a-stick?
You must have some sort of “Vlan tagging” in order to split the single link interface into several vlans.
Jack,
You only have to enter the command:
(config-if)# switchport trunk encapsulation dot1q
if your switch supports 203.1q AND ISL (ISL is an old school cisco proprietry protocol)
If the option isnt there, it only supports 203.1q so there is no need to specify 203.1q, just skip the line….as in:
# conf t
(config)# vlan database
(config-vlan)# vlan 10 name RED
(config-vlan)# vlan 20 name GREEN
(config-vlan)# exit
(config)# interface FastEthernet1/0/1
(config-if)# description trunk-to-router-on-a-stick
(config-if)# switchport mode trunk
(config-if)# exit
(config)# interface FastEthernet1/0/2
(config-if)# description connection-to-RED-VLAN
(config-if)# switchport mode access
(config-if)# switchport access vlan 10
(config-if)# exit
(config)# interface FastEthernet1/0/3
(config-if)# description connection-to-GREEN-VLAN
(config-if)# switchport mode access
(config-if)# switchport access vlan 20
(config-if)# exit
(config)# exit
# copy run start
Yeap, Warren is right. I haven’t played much with 2960 switches but seems they support only 802.1q as Vlan protocol, so you just need to specify “switchport mode trunk” only in your configuration.
Hi,
I just did the router-on-a-stick lab and works well with two PCs as hosts.
But I couldn’t make work using two routers acting as hosts, as instructed I added the default gateway to the routers but no luck (the only way that I could make it work was by running rip an all 3 routers..But I think I can do it without running rip.. I just don’t know how any help would be appreciated )
This is the config on the router
PC2#show run
Building configuration…
Current configuration : 819 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname PC2
boot-start-marker
boot-end-marker
memory-size iomem 15
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!no ip domain lookup
ip audit po max-events 100
!
interface FastEthernet0/0
ip address 172.12.2.2 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 172.12.0.0
!
ip default-gateway 172.12.2.1
ip http server
no ip http secure-server
ip classless
line con 0
line aux 0
line vty 0 4
!
!
end
The default gateway on the router must be assigned as following:
ip route 0.0.0.0 0.0.0.0 172.12.2.1
Remove RIP and put the above command and should work.
So what about the native vlan on the interface that is trunking to the router? meaning, what if I want the native vlan to be 2 or 3 instead of the default 1?
Hi Sean,
There is command under the interface configuration with which you specify the native vlan. I think the command is “switchport trunk native vlan 2“
Warren, What is 203.1q? Don’t you mean 802.1q? …or am I missing something?
Eddie,
He means 802.1q….it was a typo
hi, i have 2 doubts:
1. let’s say there are 3 vlans- vlan 1,2,3. now my trunk link connecting the switch and the router uses dot1q. now on the router i configure 2 sub-interfaces- one using dot1q 2 and the other using dot1q 3. the traffic belonging to vlan 1 will be sent by the switch to the router without any tag. so will the physical interface of the router deal with that untagged frame (and hence will i have to assign an ip to the physical interface of the router) or will i have to create a sub-interface for vlan 1 as well? and if i’ll have to create a subinterface for vlan 1 then what will be my vlan id in the encapsulation dot1q statement cuz that frame would be without any vlan tag.
doubt 2 : let’s say i configure a sub-interface of a router with the statement – “encap dot1q 2″. now can i configure another statement as – “encap isl 3″? (i know it’s a stupid question but i am still curious to know). any help will be highly appreciated.
thanks.
john.
John,
Good questions.
1) you can put as vlanid 1 and put the keyword “native vlan”
2) from what I know, you can not have dot1q and isl on the same trunk port. In any case, ISL is not used any more by Cisco.