Sunday, January 2, 2011

CCNA tutorial: Router On A stick

A couple of previous posts were about


 A special topology known as Router On a Stick was also mentioned(it is an interesting topic taught in Cisco's CCNA curriculum). In certain situations VLAN prove to be too restrictive since they disallow inter-VLAN communication ( to understand why see VLAN Intro PART 2). To resolve this problem a router is set up and configured to allow such communication. Usually the topology ends up looking something like this:


router on a stick


Note:
switch0's (2960 model) fa0/1 is connected to router's fa0/0 (2811) 
PC-0-5 are connected to fa0/2 and so on 

Router configuration:

For each VLAN id there will be a corresponding sub-interface and an ip address assigned to it. Explanation of a couple of key commands:

int fa0/0.1  //create a subinterface with id 1
encapsulation dot1Q 2 //dot1q refers to IEEE 802.1Q which documents VLAN
//standards. 
//This command sets VLAN tagging and all hosts in VLAN id 2
//will be communicate with this interface 

A sub-interface:


In cisco devices a sub-interface is a division of the physical interface into many logical,independent interfaces.So a physical port, say fa0/0 may be divided into fa0/0 , fa0/0.1 ,fa0/0.2 -3 separate interfaces belonging to the same physical interface but logically acting independently. 
Pinging PC1 from PC0 will not work initially. What you need to do is to create subinterfaces and enable 802.1Q encapsulation/tagging. Now the router will be able to understand the tagged packets. 

Additionally assign a unique subnetwork to each VLAN group and the router's subinterface.In the following code note that VLAN id 1 has been assigned 10.0.0.0/8 subnetwork, id 2 with 20.0.0.0/8 and VLAN id 3 with 30.0.0.0/8 .Router's fa0/0 interface has 10.0.0.1/8 , fa0/0.1 20.0.0.1/8 and fa0/0.3 with 30.0.0.1/8. 

All the hosts need to be assigned a gateway address. Remember that the gateway address and host address always belong to the same (sub)network. Keeping this in mind: 

PC0,PC3,PC5 will have their gateway address as 10.0.0.1/8
PC1 will have 20.0.0.1/8
and PC2 and PC4 will have 30.0.0.1/8

Interestingly 30.0.0.1 interface has been configured to accept VLAN id- 3 packets which is correct since all the nodes in VLAn id -3 will have their gateway address as 30.0.0.1/8.

Finally try to ping PC1 from PC0. If pings are successful you have been able to do inter-VLAN communication. If not try the realtime mode to see where packets are being dropped. The most common mistakes include not setting the encapsulation type on the router, binding subinterface with the wrong vlan id. Remember that by default VLAN id 1 is called the native VLAN and these packets are NEVER tagged. That is the reason why you DO NOT need to set encapsulation/tagging on fao/0 interface.


//switch:
en
conf t
vlan 2
name account
exit
vlan 3
name admin
exit

int fa0/1
switchport mode trunk //sets this port as trunking port
exit

int fa0/3
switchport access vlan 2 //this port belongs to VLAN id 2
exit
int range fa0/4,fa0/6
switchport access vlan 3
exit
end //jump from config mode to privileged mode
copy running-config startup-config //save all the settings

//Router:

enable
configure terminal
int fa0/0
ip address 10.0.0.1 255.0.0.0
no shutdown  //enable interface
int fa0/0.1 //enable logical subinterface fa0/0 id 1
encapsulation dot1Q 2 //Enables router to 'read' vlan tagged packets.
ip address 20.0.0.1 255.0.0.0
int fa0/0.3 
encapsulation dot1Q 3
ip address 30.0.0.1 255.0.0.0
end

copy running-config startup-config