How to configure Router on a Stick

If you are familiar with switches and VLANs you might know that you require a router if you want to communicate between VLANs. In this tutorial I’ll show you how you can use a router connected to a single switch as a “router on a stick”.

This is the topology we’ll use:

router-on-a-stick

On the switch we have VLAN 10 and VLAN 20 and there’s only a single cable between the router and switch. The router needs access to both VLANs so the link between the router and switch will be a trunk!

It’s possible to create sub-interfaces on a router. These are virtual interfaces and on each sub-interface we can configure an IP address, basically it looks like this:

Router Sub-Interface

You can pick any number that you like but I decided to use the VLAN numbers, one sub-interface for VLAN 10 and another for VLAN 20.

Here’s what the configuration looks like on the router:

R1(config)#interface fastEthernet 0/0
R1(config-if)#no shutdown
R1(config-if)#exit

R1(config)#interface fastEthernet 0/0.10
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip address 192.168.10.254 255.255.255.0
R1(config-subif)#exit

R1(config)#interface fastEthernet 0/0.20
R1(config-subif)#encapsulation dot1Q 20                 
R1(config-subif)#ip address 192.168.20.254 255.255.255.0

Above you can see my two sub-interfaces and the IP addresses that I assigned to them. IP address 192.168.10.254 will be the default gateway for computers in VLAN 10 and 192.168.20.254 for computers in VLAN 20.

One important command is the encapsulation dot1Q. There is no way for our router to know which VLAN belongs to which sub-interface so we have to use this command. Fa0/0.10 will belong to VLAN 10 and Fa0/0.20 to VLAN 20. Let’s check the routing table:

R1#show ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level
       ia - IS-IS inter area, * - candidate default, U - per-user static
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.10.0/24 is directly connected, FastEthernet0/0.10
C    192.168.20.0/24 is directly connected, FastEthernet0/0.20

You can see both sub-interfaces in the routing table. This allows the router to route between the two VLANs. That’s all there is to it! Configure your computers so that the router’s IP address for the corresponding VLAN is their default gateway and you are ready to go.

Configurations

Want to take a look for yourself? Here you will find the configuration of each device.

R1

hostname R1
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.254 255.255.255.0
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.254 255.255.255.0
!
end

SW1

hostname SW1
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/3
 switchport access vlan 20
 switchport mode access
 !
 end

HOST1

hostname HOST1
!
no ip routing
!
interface FastEthernet0/0
 ip address 192.168.10.1 255.255.255.0
 duplex auto
 speed auto
!
ip default-gateway 192.168.10.254
!
end

HOST2

hostname HOST2
!
no ip routing
!
interface FastEthernet0/0
 ip address 192.168.20.1 255.255.255.0
 duplex auto
 speed auto
!
ip default-gateway 192.168.20.254
!
end

I hope you enjoyed this lesson! If you have any more questions just leave a comment below!

Forum Replies

  1. Hi Regina,

    The configuration on the Cisco switch is pretty straightforward. The interface connected to the router has to be a trunk:

    interface fa0/24
    description LINK_TO_ROUTER
    switchport mode trunk
    

    And the interfaces that connect to the host are regular access ports:

    interface fa0/1

    description HOST_IN_VLAN_10
    switchport mode access
    switchport access vlan 10
    

    You don’t need to use VLAN SVIs…a layer 2 switch uses the SVI only for management purposes. A layer 3 switch uses a SVI per VLAN which hosts can use as default gateway (in that case you don’t need a

    ... Continue reading in our forum

  2. Hi Rene/Moderators,

    What happens if I do not configure the sub interfaces?
    Would only intervlan routing be affected?
    What if they are on the same vlan?

  3. Hello Ian

    If you don’t configure subinterfaces on the router, then no tagged traffic will enter the interface. The switch is set up to send frames to the router using dot1q encapsulation. This is where the VLAN number of each specific frame is added to the header as a tag. When the router receives these frames, it will drop them because they include a tag. By adding subinterfaces and the appropriate dot1q encapsulation, you are allowing the router to be able to receive tagged frames and to allow them to egress on the appropriate subinterface.

    If communicati

    ... Continue reading in our forum

  4. Hi if any rate limit configuration needs to be done on the interface we should do in interface level or sub interface level

  5. Question. I see you created sub-interfaces on the routers 0/0 interface. I understand that. But what if you did not use sub-interfaces. What if instead you assigned Router Fa0/0 to ip address 192.168.10.1 and you assigned Router interface fa0/1 to ip address 192.168.20.1. So two connected routes (2 separate IP addresses) on the router connected to the same single switch (switch is divided into VLAN 10 and VLAN 20). Would that work?

30 more replies! Ask a question or join the discussion by visiting our Community Forum