Sunday, January 2, 2011

CCNA tutorial: Router On A stick

A couple of previous posts were about

 A special topology known as Router On a Stick was also mentioned(it is an interesting topic taught in Cisco's CCNA curriculum). In certain situations VLAN prove to be too restrictive since they disallow inter-VLAN communication ( to understand why see VLAN Intro PART 2). To resolve this problem a router is set up and configured to allow such communication. Usually the topology ends up looking something like this:

router on a stick

switch0's (2960 model) fa0/1 is connected to router's fa0/0 (2811) 
PC-0-5 are connected to fa0/2 and so on 

Router configuration:

For each VLAN id there will be a corresponding sub-interface and an ip address assigned to it. Explanation of a couple of key commands:

int fa0/0.1  //create a subinterface with id 1
encapsulation dot1Q 2 //dot1q refers to IEEE 802.1Q which documents VLAN
//This command sets VLAN tagging and all hosts in VLAN id 2
//will be communicate with this interface 

A sub-interface:

In cisco devices a sub-interface is a division of the physical interface into many logical,independent interfaces.So a physical port, say fa0/0 may be divided into fa0/0 , fa0/0.1 ,fa0/0.2 -3 separate interfaces belonging to the same physical interface but logically acting independently. 
Pinging PC1 from PC0 will not work initially. What you need to do is to create subinterfaces and enable 802.1Q encapsulation/tagging. Now the router will be able to understand the tagged packets. 

Additionally assign a unique subnetwork to each VLAN group and the router's subinterface.In the following code note that VLAN id 1 has been assigned subnetwork, id 2 with and VLAN id 3 with .Router's fa0/0 interface has , fa0/0.1 and fa0/0.3 with 

All the hosts need to be assigned a gateway address. Remember that the gateway address and host address always belong to the same (sub)network. Keeping this in mind: 

PC0,PC3,PC5 will have their gateway address as
PC1 will have
and PC2 and PC4 will have

Interestingly interface has been configured to accept VLAN id- 3 packets which is correct since all the nodes in VLAn id -3 will have their gateway address as

Finally try to ping PC1 from PC0. If pings are successful you have been able to do inter-VLAN communication. If not try the realtime mode to see where packets are being dropped. The most common mistakes include not setting the encapsulation type on the router, binding subinterface with the wrong vlan id. Remember that by default VLAN id 1 is called the native VLAN and these packets are NEVER tagged. That is the reason why you DO NOT need to set encapsulation/tagging on fao/0 interface.

conf t
vlan 2
name account
vlan 3
name admin

int fa0/1
switchport mode trunk //sets this port as trunking port

int fa0/3
switchport access vlan 2 //this port belongs to VLAN id 2
int range fa0/4,fa0/6
switchport access vlan 3
end //jump from config mode to privileged mode
copy running-config startup-config //save all the settings


configure terminal
int fa0/0
ip address
no shutdown  //enable interface
int fa0/0.1 //enable logical subinterface fa0/0 id 1
encapsulation dot1Q 2 //Enables router to 'read' vlan tagged packets.
ip address
int fa0/0.3 
encapsulation dot1Q 3
ip address

copy running-config startup-config