Walk softly and carry a Router-on-a-stick! (ROS)
Walk softly and carry a Router-on-a-stick! (ROS)
So you are maintaining a medium-sized network and you want to route traffic between your VLANs. What are your options? You can place one router interface in one VLAN and another router interface in each of the additional VLANs, but this is horribly inefficient use of router resources. Another option is to use Layer 3 switches to move traffic between your VLANs. While this is quite efficient and widely used, it is not a topic included in the ICND curriculum. For this reason, I will skip to option 3, also known as Router-on-a-stick (ROS).
I recently had a student in my class who mentioned that he heard that the term Router-on-a-stick was losing favor. I was shattered by this news. So many terms in IT are dry and unentertaining, so this one deserves its place in the network admin’s lexicon. That being said, let’s examine the network scenario and configuration for which ROS will fill the need. Here is a network diagram for the configuration that will appear in this blog:
R2 and R3 are really just IP endpoints in this scenario – you can even imagine them as IP hosts. R1 is the router that will be assuming the role as the router on a stick. VLAN 2 and VLAN 3 are already configured on SW1. Since the topic of this blog is routing between VLANs, we can’t forget the necessity of the trunking link between the switch and the ROS router, R1. This configuration is standard on a switch for creating a trunk and is shown here:
SW1 (config-if)#switchport trunk encapsulation dot1q <- necessary on some switches
SW1 (config-if)#switchport mode trunk
SW1 (config-if)#speed 100
SW1 (config-if)#duplex full <- it is a good idea to hard-code speed and duplex on trunk links
Good practice would also include limiting which VLANs are permitted to cross the trunk link. Here is the syntax:
SW1 (config-if)#switchport trunk allowed vlan 1,2,3
The rest of the necessary configuration must occur on R1. Let’s take a look:
R1 (config)#interface FastEthernet0/0
R1 (config-if)#no ip address
R1 (config-if)#speed 100
R1 (config-if)#interface FastEthernet0/0.1
R1 (config-if)#encapsulation dot1Q 1 native
R1 (config-if)#ip address 10.1.1.1 255.255.255.0
R1 (config-if)#interface FastEthernet0/0.2
R1 (config-if)#encapsulation dot1Q 2
R1 (config-if)#ip address 10.2.2.1 255.255.255.0
R1 (config-if)#interface FastEthernet0/0.3
R1 (config-if)#encapsulation dot1Q 3
R1 (config-if)#ip address 10.3.3.1 255.255.255.0
On the ‘real’ interface, remove the IP address (if one exists), hard code the speed and duplex (to match the switch), and the rest of the configuration goes on the subinterfaces. You will notice that the subinterface numbers that are in the above configuration match the number of the VLAN. While this is not a requirement, it sure makes troubleshooting, as well as following the logic, much easier. The ‘encapsulation’ command creates a VLAN on each subinterface on the router using the dot1q trunking protocol. Each subinterface requires an IP address in the range of the VLAN with which it is associated. This address will also serve as the default gateway address for the hosts in the VLAN.
Now that this configuration is in place, it is wise to verify functionality. Let’s do that by attempting a ping from R2 to R3:
As you see, the configuration is not particularly difficult, and this solution is quite viable for small to medium networks. Once your network scales to LARGE, you will probably migrate to Layer 3 switches for your inter-VLAN routing solution.
Until then, enjoy configuring, and saying, router-on-a-stick!
You May Also Like
In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management
This is part 1 of our 5-part Office 365 free training course. In this Office 365 training video, instructor Spike Xavier introduces some of the most popular services found in Microsoft Office 365 including the Admin Portal and Admin Center. For instructor-led Office 365 training classes, see our course schedule: Spike Xavier SharePoint Instructor – … Continue reading An Overview of Office 365 – Administration Portal and Admin Center
How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015