3.4.a Router on a stick
ROS or Router on a stick is a uncommon topology that involves a router connected to a single trunk port on a switch. If a packet needs to go from one VLAN to another it must flow into the trunk port of the switch into the router and then back into the switch.
This configuration does not have great performance as the single link creates a bottleneck.
Here is a simple ROS:
In order to avoid manually configuring the IP addresses manually, create a DHCP pool for each subnet:
! ip dhcp excluded-address 10.0.1.1 ip dhcp excluded-address 10.0.2.1 ip dhcp excluded-address 10.0.3.1 ip dhcp excluded-address 10.0.4.1 ip dhcp excluded-address 10.0.5.1 ip dhcp excluded-address 10.0.6.1 ip dhcp excluded-address 10.0.7.1 ! ip dhcp pool local1 network 10.0.1.0 255.255.255.0 default-router 10.0.1.1 ! ip dhcp pool local2 network 10.0.2.0 255.255.255.0 default-router 10.0.2.1 ! ip dhcp pool local3 network 10.0.3.0 255.255.255.0 default-router 10.0.3.1 ! ip dhcp pool local4 network 10.0.4.0 255.255.255.0 default-router 10.0.4.1 ! ip dhcp pool local5 network 10.0.5.0 255.255.255.0 default-router 10.0.5.1 ! ip dhcp pool local6 network 10.0.6.0 255.255.255.0 default-router 10.0.6.1 ! ip dhcp pool local7 network 10.0.7.0 255.255.255.0 default-router 10.0.7.1 !
Next create the virtual interfaces on the Router with the correct VLAN ID. Also make sure to issue “no shutdown” more the physical interface:
interface Ethernet0/0 no ip address ! interface Ethernet0/0.1 encapsulation dot1Q 101 ip address 10.0.1.1 255.255.255.0 ! interface Ethernet0/0.2 encapsulation dot1Q 102 ip address 10.0.2.1 255.255.255.0 ! interface Ethernet0/0.3 encapsulation dot1Q 103 ip address 10.0.3.1 255.255.255.0 ! interface Ethernet0/0.4 encapsulation dot1Q 104 ip address 10.0.4.1 255.255.255.0 ! interface Ethernet0/0.5 encapsulation dot1Q 105 ip address 10.0.5.1 255.255.255.0 ! interface Ethernet0/0.6 encapsulation dot1Q 106 ip address 10.0.6.1 255.255.255.0 ! interface Ethernet0/0.7 encapsulation dot1Q 107 ip address 10.0.7.1 255.255.255.0 !
Now we have the router all setup. Lets configure the switch:
interface Ethernet0/0 switchport trunk encapsulation dot1q switchport mode trunk ! interface Ethernet0/1 switchport access vlan 101 switchport mode access ! interface Ethernet0/2 switchport access vlan 102 switchport mode access ! interface Ethernet0/3 switchport access vlan 103 switchport mode access ! interface Ethernet1/0 switchport access vlan 104 switchport mode access ! interface Ethernet1/1 switchport access vlan 105 switchport mode access ! interface Ethernet1/2 switchport access vlan 106 switchport mode access ! interface Ethernet1/3 switchport access vlan 107 switchport mode access !
After doing this configure the virtual PC’s to get their IP address from DHCP:
PC1> ip dhcp DORA IP 10.0.1.2/24 GW 10.0.1.1
Verify that L3 routing works:
PC1> ping 10.0.2.2 84 bytes from 10.0.2.2 icmp_seq=1 ttl=63 time=2.773 ms ^C PC1> ping 10.0.3.2 84 bytes from 10.0.3.2 icmp_seq=1 ttl=63 time=2.404 ms ^C PC1> ping 10.0.4.2 84 bytes from 10.0.4.2 icmp_seq=1 ttl=63 time=3.054 ms ^C PC1> ping 10.0.5.2 84 bytes from 10.0.5.2 icmp_seq=1 ttl=63 time=3.006 ms ^C PC1> ping 10.0.6.2 84 bytes from 10.0.6.2 icmp_seq=1 ttl=63 time=2.923 ms ^C PC1> ping 10.0.7.2 84 bytes from 10.0.7.2 icmp_seq=1 ttl=63 time=2.787 ms ^C PC1>
Let’s have a look at some packet captures.
Here is the request packet sent from 10.0.1.2 => 10.0.2.2 – notice the 802.1Q ID of 101.0
Here is the reply from 10.0.2.2 => 10.0.1.2. Note the 802.1Q header is different with an ID of 102.
Trouble shooting is similar to the setup:
- Check the physical interfaces are UP/UP
- Check trunk status on Switch
- Check if VLAN ID’s are correct
- Check if netmasks are correct
- Make sure all devices have a default router configured and it is reachable
3.4.b SVI
SVI stand for Switched Virtual Interfaces, they are a Layer 3 addition to a switche’s L2 functionality. SVI’s can replace a ROAS.
To configure a Switched Virtual Interface:
ip routing ! interface Ethernet0/0 switchport access vlan 101 switchport mode access ! <snip>
After enabling each SVI for each VLAN you should have inter-vlan connectivity.