This topic is to discuss the following lesson:
How does the configuration on the switch look like? If the switch is just a simple Cisco Layer 2 switch, do we need to create the VLAN SVIs?
i had that done on the router,
What else has to be done on the switch?
First, thank you for your helpful lesson. I have a question about vlan and this lesson. One reason for making vlan is security. If we do this (Router on a Stick) don’t you think we eliminate this security? Afterward every vlan can get to other vlan?
Thanks in Advance
Good question and there’s a good answer to it. Each VLAN uses a different subnet and if you want communication between VLANs it has to be routed. On the router we can use access-lists to filter on layer 3 (IP addresses / subnets) and also on layer 4 (protocol and port numbers). This allows you to block certain traffic between VLAN.
The configuration on the Cisco switch is pretty straightforward. The interface connected to the router has to be a trunk:
interface fa0/24 description LINK_TO_ROUTER switchport mode trunk
And the interfaces that connect to the host are regular access ports:
description HOST_IN_VLAN_10 switchport mode access switchport access vlan 10
You don’t need to use VLAN SVIs…a layer 2 switch uses the SVI only for management purposes. A layer 3 switch uses a SVI per VLAN which hosts can use as default gateway (in that case you don’t need a router on a stick anymore).
it was a good answer.thanks Rene.
this was very helpful. Pls could you help explain wat possible error could they be when the workstaions i.e laptops in my case, are unable to ping each other on the intervlan network experiment. I used an OSPF routing protocol but the port used was ge0/0.1 and ge0/0.2. The router is a cisco 2800 series. I would really appreciate the help
There are a couple of things that you should check. First of all, see if the computers have a default gateway configured and secondly, see if they can configure their default gateway (the IP address on the sub-interface in their vlan). If this doesn’t work then you need to check if the trunk from the switch to the router has been configured correctly. You won’t need OSPF for a router on a stick since the only “routing” device is the router.
I am stuck in a situation with my router on a stick.
Both of my PC’s can ping the router and telnet through the switch but they can not ping each other. Do you know what the issue could possibly be ? The set up is a 2821 router with a 3750 switch with the 2 PCs connected to it.
Here are the things you should try and in what order:
- Try to ping from the computers to the IP address of the router in the same subnet (proves that L2/L3 are working).
- Try to ping from the computer to the IP address of the router in another subnet (proves that default gateway of PC is OK).
If 1+2 are working for both computers then there are no problems with your router on a stick, since routing is working. Keep in mind that Windows XP / 7 block ICMP by default! Turn off the firewall for a moment to see if that solves your problem.
thanks rene could you plz help me that in this example there is only one computer in each vlan configured, so if i want to configure many computers on each vlan, what is going to be the configuration of the switch and other computers for each vlan.
The only change you have to make is to assign the switch interface to the correct VLAN and set the default gateway correctly on the computer. It doesn’t matter if you have 1 or 10 computers in the VLAN.
Catalyst 2960 Series 24 port vlan 10 = fa0/2(192.168.1.2) fa0/3(192.168.1.3) fa0/4(192.168.1.4) fa0/5(192.168.1.5)-----> my server(S1) vlan 20 = fa0/5(172.21.0.2) fa0/6(172.21.0.3) fa0/7(172.21.0.4) fa0/8(172.21.0.5)-------> my second server(S2)
when I’m use router on stick, vlan 10 and vlan 20 can PING to S1 or S2
and they can PING together.
my question :
- how Can I block access(PING) fa0/5 to fa0/2 ?
- is possible vlan 10 cannot ping vlan 20 but they can ping to S1 and S2?
plz Help…send on my email
To filter inter-VLAN traffic you have to use access-lists and apply them to the sub-interfaces of your router on a stick:
If you want traffic from VLAN 10 to VLAN 20 but not the other way around then you need reflexive-access lists:
How do we perform Router on a Stick when the default gateway is same for multiple subnet. For example if we have /26 mask and we have 2 blocks
(192.168.1.1-192.168.1-126) and (192.168.1.129-192.168.1.254) but what if we create 3 vlan from 1 block ?
Example :if we take 10 host for VLAN 1, 20 host for VLAN 2 and 30 host for VLAN 3 , then their Network id is same and also their broadcast address.Then in
this case how can we configure subinterfaces.
Please rectify my problem . I will be very thankfull to you.
Each and every subnet has to be unique, you can’t have any overlapping network/broadcast addresses. If you try to configure an IP address that overlaps with another subnet then your router will produce an error.
In your case, if you have 192.168.1.0 / 24 and you want 4 VLANs then you can create 4 equal subnets out of it:
#1 192.168.1.0 /26
#2 192.168.1.64 /26
#3 192.168.1.128 /26
#4 192.168.1.192 /26
Or if you want a subnet that has space for 30,20 and 10 hosts then you can do something like this:
#1 192.168.1.0 /27 (fits 30 hosts)
#2 192.168.1.32 /27 (fits 30 hosts, can’t go any smaller)
#3 192.168.1.48 /28 (fits 16 hosts, can’t go any smaller)
All these subnets are non-overlapping.
You have an amazing ability to write and teach.
Thanks!!! And I’m enjoying a lot yours articles!
Thanks Rene, A great lesson. I had one cable that was bad on me. Found a pair of scissors and cut it in half! LOL Great lesson… Got all the way thru this lesson nicely! Thanks
That’s something that happens all of us sometimes…the worst cables are those that work sometimes…better to get rid of those asap