How to configure Router on a Stick

willveld · March 20, 2016, 5:09pm

Renee

Hope you are well a quick sanity check please for me on this one - should the following be 192.168.20.254 ??? for Host 2 in the example - you have stated 192.168.10.254 as below >>>>

interface FastEthernet0/0
 ip address 192.168.20.1 255.255.255.0
 duplex auto
 speed auto
!
ip default-gateway 192.168.10.254
!
end

Many Thanks

Will

ReneMolenaar · March 20, 2016, 6:50pm

Hi Will,

That’s an error, I just fixed it. The default gateway has to be in the same subnet as your IP address. Host2 has to use 192.168.20.254 as its default gateway.

Thanks for letting me know!

Rene

willveld · March 21, 2016, 2:47pm

Renee

This was great from a learning point of view for me since I configured the same default gateway fro both my hosts (on packet tracer) … and will hopefully not forget on the exam re any ROAS related question - thanks for quick response Renee

Will

florianl · December 5, 2016, 12:35pm

Hi Rene,

i have a question regarding the parent interface.
Can we use the parent interface as well and assign an ip address to it? Or if we work with subinterfaces we cant use the parent interface anymore.
If we still can use it i guess only the native vlan, meaning untagged packets would go to the parent interface as on the router side there is no vlan mapping, right?

thanks

Florian

lagapidis · December 5, 2016, 4:37pm

Hello Florian

Yes it is possible to assign the physical interface an IP address and have subinterfaces on that interface with other IP subnets. It will function exactly as you described. Untagged frames will go to the physical interface while tagged frames will go to the subinterfaces depending on the VLAN settings on each of them.

It is however a good idea not to create such a configuration. It’s a much cleaner configuration, and more secure as well, if you tag all frames and have them terminate on subinterfaces rather than on the physical interface.

I hope this has been helpful!

Laz

florianl · December 6, 2016, 11:48am

Hi Laz,

thanks for the answer!

Regards

Florian

shantel · December 20, 2016, 10:14pm

19 posts were merged into an existing topic: How to configure Router on a Stick

mrleeiian · March 8, 2017, 1:04am

Hi Rene/Moderators,

What happens if I do not configure the sub interfaces?
Would only intervlan routing be affected?
What if they are on the same vlan?

lagapidis · March 8, 2017, 11:54am

Hello Ian

If you don’t configure subinterfaces on the router, then no tagged traffic will enter the interface. The switch is set up to send frames to the router using dot1q encapsulation. This is where the VLAN number of each specific frame is added to the header as a tag. When the router receives these frames, it will drop them because they include a tag. By adding subinterfaces and the appropriate dot1q encapsulation, you are allowing the router to be able to receive tagged frames and to allow them to egress on the appropriate subinterface.

If communication between two devices on the switch that are on the same VLAN occurred, those frames would never reach the router. This is because no routing is necessary since both devices are on the same subnet. So, same-VLAN communication would not be effected.

I hope this has been helpful!

Laz

pavanc.08 · March 10, 2018, 1:01pm

Hi if any rate limit configuration needs to be done on the interface we should do in interface level or sub interface level

lagapidis · March 12, 2018, 11:13am

Hello Pavan

Rate limiting can be implemented either on an interface level or a subinterface level. In order to have a more granular control of the rate limiting that you want to implement, it is preferable to apply it to the subinterface. Of course, depending on how you implement it, there may be some limitations.

The following Cisco documentation includes more details about rate limiting and other techniques and how they pertain to subinterfaces.

I hope this has been helpful!

Laz

jmwalker24 · April 7, 2018, 2:12pm

Question. I see you created sub-interfaces on the routers 0/0 interface. I understand that. But what if you did not use sub-interfaces. What if instead you assigned Router Fa0/0 to ip address 192.168.10.1 and you assigned Router interface fa0/1 to ip address 192.168.20.1. So two connected routes (2 separate IP addresses) on the router connected to the same single switch (switch is divided into VLAN 10 and VLAN 20). Would that work?

lagapidis · April 10, 2018, 3:46pm

Hello Jason

Based on your description, this is what you are suggesting:

I’m not sure if this is exactly what you meant, but there are two problems with this. The first is that the assigning of 192.168.20.1 to the Fa0/1 interface of the router will not allow the router to receive packets from VLAN 20. Where does it connect to?

Secondly, if you didn’t create the subinterfaces on the Fa0/0 interface of the router and the Fa0/1 interface of the switch was still configured as a trunk port allowing both VLANs 10 and 20, then all the frames exiting Fa0/1 of the switch would be dropped by Fa0/0 of R1 because they include a VLAN tag. The interface on the router is not configured to understand these, so the link would fail. This is a case where there is a misconfiguration on each end of the link: a trunk on one end and in essence an access port on the other.

Now my suspicion is that you meant that the IP address of Fa0/1 of the SWITCH should be configured as 192.168.20.1. Once again, this would not work because first of all, a switch port configured as a trunk cannot be assigned an IP address. In order to assign an IP address the port must be configured as a routed port (assuming the switch supports this). This however means that it cannot carry multiple VLANs.

So the only way to really configure router on a stick is with subinterfaces. It’s good that you are asking such questions however, because it shows that you are thinking more deeply about what is going on and you want to more fully understand the concepts involved.

I hope this has been helpful!

Laz

howells.sam · December 12, 2018, 11:13am

Hi Laz / Rene,
I’m happy with the concept of ROAS, but am unsure as to why we are encapsulating the subinterface?

Surely we can only have a subinterface if the link itself is a trunk? Or are we actually just telling the router the type of encapsulation the switch is configured to trunk us with? If so do we not need some encapsulation commands to bring the trunk up between Switch - Router in the first place?

Regards,
Sam

lagapidis · December 19, 2018, 10:49am

Hello Sam

Encapsulation, as you stated, is just necessary to tell the router what encapsulation method is being used by the switch on the other end, so that the trunk can be established. Now the command is actually applied to the subinterface because we are adding an additional piece of information, which is the VLAN ID. Even though the command is applied to the subinterface, we’re not actually encapsulating the subinterface, but we’re telling it what type of encapsulation (802.1Q or ISL) to use for the trunk tag.

I hope this has been helpful!

Laz

olipyrrhon · July 29, 2019, 9:36am

Hi Renee,

I’m using a 1841 router and 2960 switch for this lab (physical)

Router
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.254 255.255.255.0
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.254 255.255.255.0
!
end

Switch
!
interface FastEthernet0/24
 switchport mode trunk
!
sh int fa0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
!
interface FastEthernet0/47
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/48
 switchport access vlan 20
 switchport mode access
end

I can ping both hosts from Router, each host is able to ping it’s default gateway
BUT they can’t reach the other network.
Is there something wrong with my config? I’m confused because I think I understand the topic but it doesn’t work when I implement it

Olivier

lagapidis · July 31, 2019, 10:41am

Hello Olivier

It looks like you’re having similar problems to the default gateway lab. The configuration looks fine at first glance. My suspicion is that the problem is with the firewalls on the computers themselves. Take a look at this post and apply the same principles:

I hope this has been helpful!

Laz

maritdelange · January 7, 2020, 9:58pm

Somewhere else I read that you also have to issue the ‘no ip address’ command on the interface that will have subinterfaces configured. Is that true?

lagapidis · January 8, 2020, 7:08am

Hello Marit

By default a router interface does not have an IP address assigned. However, if you are working on a router that is not “out of the box” and has had previous configurations, then it’s always best practice to ensure that no IP address has been assigned to the physical interface. You could do this by examining the interface itself using show ip interface brief, or you can simply issue the no ip address command. It is considered a good precaution rather than a requirement to issue this command just to be sure there is no address assigned.

I hope this has been helpful!

Laz

maritdelange · January 8, 2020, 8:20am

As usual very helpful, thanks Laz!