CCNA Lab 13: Router on a Stick

When you have multiple vlans on a switch, devices in those vlans can’t communicate with each other. You need something to connect these vlans together. This is the function of a router. A common way for CCNA level routing is the router on a stick.

Routers know which network can be found where. They do this based on layer 3 information, the IP address and subnetmasker. There are several ways a router can get to know this kind of information:

  • based on connected interfaces
  • statically configured information
  • dynamic routing protocols

When a router has an interface which has an IP address and subnetmasker which is part of a network it automatically knows how to find that network. It is connected to it. When the router is not connected to the network it needs to figure out where to find it. That’s where static configuration or dynamic protocols come in to play. Well known dynamic routing protocols are OSPF, EIGRP and BGP.

Most routers are placed strategically in the network, like a spider in a web. It will likely have multiple interfaces, for example an inside and outside interface. Or an interface in different zones of the network. A router on a stick is a different kind of deployment. In this deployment the router actually only has one interface. This interface is connected to a switch using a trunk. On this trunk multiple vlans are transported. The router is used to route between these vlans, possibly with some level of security.

The image shows the concept of a router on a stick. Here you can also see we’re using something called a ‘subinterface’. Subinterfaces are virtual interfaces, so from the standpoint of the router it actually has multiple interfaces. The image is also the topology we’ll be using for this lab.

Download the topology file here:

PT_Router_on_a_stickDownload
CCNA router on a stick

Preparing the lab

Perform the following tasks to prepare the lab.

  1. Configure the following vlans on Berlin:
Vlan numberVlan name
10Sales
20HR
  1. Configure Gi1/0/2 as an access port in vlan 10
  2. Configure Gi1/0/3 as an access port in vlan 20
  3. Configure Gi1/0/1 as a trunk port, allow only vlans 10 and 20 on it.

Below is the configuration you should perform:

Show More

Berlin>ena
Berlin#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Berlin(config)#vlan 10
Berlin(config-vlan)#name Sales
Berlin(config-vlan)#vlan 20
Berlin(config-vlan)#name HR
Berlin(config-vlan)#int g 1/0/2
Berlin(config-if)#switchport mode access
Berlin(config-if)#switchport access vlan 10
Berlin(config-if)#no shutdown
Berlin(config-if)#int g 1/0/3
Berlin(config-if)#switchport mode access
Berlin(config-if)#switchport access vlan 20
Berlin(config-if)#no shut
Berlin(config-if)#int g 1/0/1
Berlin(config-if)#switchport trunk encap dot1q
Berlin(config-if)#switchport mode trunk

Berlin(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up

Berlin(config-if)#switchport trunk allowed vlan 10,20
Berlin(config-if)#no shutdown
Berlin(config-if)#

It depends on the platform whether you need the “switchport trunk encapsulation dot1q” command. In this case it was needed. If you don’t use it, but try to configure the port as a trunk port it will tell you. The message you will get is:

‘Command rejected: An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode.’

That way you will know that you need to add the encapsulation command.

Configure router on a stick

Switching configuration done we can move on to the routing configuration. Before we begin, let’s verify that the PC’s can’t ping each other.

  1. Open the command prompt on PC0.
  2. ping 192.168.20.2

This should fail.

  1. Connect to Amsterdam and enter configuration mode.
  2. Enter interface configuration mode for interface Fa0/0
  3. Ensure the interface is online (unshut it).
  4. Type the command: “interface fa0/0.10”

Now you have created a subinterface. Subinterfaces are created automatically when you enter a subinterface number on the CLI. This also means that sometimes when you make a typo you might create one by accident. You can easily remove them by using the no form of the command. Just be sure that when you do you are not making a typo.

  1. Type the command: “encapsulation dot1q 10”

This command will tell the router to watch for frames arriving with a dot1q vlan tag of 10. When a frame containing this tag enters the switch on interface Fa0/0 it will be processed by the subinterface.

  1. Type the command: “ip address 192.168.10.1 255.255.255.0”

Now we have assigned an IP address to the interface. This is one of the most common commands you’re likely to perform on the CLI.

  1. Ensure the interface is not shutdown.
  2. Configure subinterface fa0/0.20 with vlan 20 and IP address 192.168.20.1/24

I used a new kind of notation for the IP address. You notice the /24 behind the IP address? This refers to the subnet mask. This method of writing down the subnet mask is also called the CIDR (pronounced as cider) notation. The /24 defines the number of bits with a value of 1. In this case 24 of them are a 1. That means that the subnet mask is 255.255.255.0 in this case. In another lab we will dive into this notation and provide (a lot) of practice with the notation.

You should have entered the following configuration:

Show More

Amsterdam(config-subif)#interface fa 0/0.20
Amsterdam(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.20, changed state to up

Amsterdam(config-subif)#encapsulation dot1q 20
Amsterdam(config-subif)#ip address 192.168.20.1 255.255.255.0
Amsterdam(config-subif)#no shutdown

Verification

  1. Enter the command “show ip interface brief”
Amsterdam#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        unassigned      YES unset  up                    up
FastEthernet0/0.10     192.168.10.1    YES manual up                    up
FastEthernet0/0.20     192.168.20.1    YES manual up                    up
FastEthernet0/1        unassigned      YES unset  administratively down down
Vlan1                  unassigned      YES unset  administratively down down

You can see the interfaces are configured and Up. That means we’ve done our work correctly. Or, at least we created the subinterfaces and we defined IP addresses on them. What we don’t see in this view is whether we applied the right encapsulation on the interface. To be able to see that we need another command:

  1. Type the command “show interface fa0/0.10”
Amsterdam#show interface fa 0/0.10
FastEthernet0/0.10 is up, line protocol is up (connected)
  Hardware is PQUICC_FEC, address is 0001.4305.cc01 (bia 0001.4305.cc01)
  Internet address is 192.168.10.1/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation 802.1Q Virtual LAN, Vlan ID 10
  ARP type: ARPA, ARP Timeout 04:00:00,
  Last clearing of "show interface" counters never

Now you can see the vlan ID which is used on this interface. In this case vlan 10, which is correct.

Now we’ve done our work, let’s check whether everyting is working. PC0 and PC1 should be able to ping each other.

  1. Connect to the command prompt on PC0
  2. Ping 192.168.20.2

It might take a short while for the pc’s to start pinging, so you might see some timeouts occurring. But you should have connectivity between the two PC’s:

C:\>ping 192.168.20.2

Pinging 192.168.20.2 with 32 bytes of data:

Request timed out.
Request timed out.
Reply from 192.168.20.2: bytes=32 time=1ms TTL=127
Reply from 192.168.20.2: bytes=32 time<1ms TTL=127

Leave a Reply

Your email address will not be published. Required fields are marked *