In this lesson, I will show you how to configure router on a stick on Cisco IOS. Configuring router on a stick in needed when you are using a layer 2 switch and dividing your network into different VLAN's, and you want that the devices in those different VLAN's to be able to reach each other.

Let's consider I have the following scenario:


R2 and R3 can be considered as a PC and they are both on 2 different VLAN's and belong to 2 different network id. This way, the 2 routers will never be able to reach one another even they are connected physically to the same switch because they are on 2 different VLAN's. For this reason, I need to configure R1 to be the Router on a Stick in which in case R2 want to reach R3 then he sends his traffic to SW1 then the switch send it to R1 who will do the routing between the VLAN's and send the traffic to R3. For this, we require to have sub-interfaces on R1 so each sub-interface act as the Gateway of R2 and R3.


Let's start with the configuration of the Hosts. I want R2 and R3 to act just as a dump device, so like a PC. To do that we have to write the following commands:

R2#conf t
R2(config)#no ip routing
R2(config)#interface f0/0
R2(config-if)#ip address 192.168.10.254 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#ip default-gateway 192.168.10.1 
R2(config)#


R3#conf t
R3(config)#no ip routing
R3(config)#interface f0/0
R3(config-if)#ip address 192.168.20.254 255.255.255.0
R3(config-if)#no shut
R3(config-if)#exit
R3(config)#ip default-gateway 192.168.20.1

You see that I have used "no ip routing" just to disable the routing capability on the Router so it act as a PC, and I had to put the IP address on the interface as well the default-gateway same as you do on the PC. I will tell you in a moment about the Gateway addresses that I have used.

So we finished about R2 and R3 configuration. Let's configure now the Switch so we assign its ports to VLAN 10 and VLAN 20. Let's first create the VLAN's on SW1.

SW1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#vlan 10
SW1(config-vlan)#exit
SW1(config)#vlan 20
SW1(config-vlan)#exit
SW1(config)#exit
SW1#show vlan brief 
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/0, Gi0/1, Gi0/2
10   VLAN0010                         active    
20   VLAN0020                         active    
100  VLAN100                          active    
200  VLAN0200                         active    
300  VLAN0300                         active    
1002 fddi-default                     act/unsup 
1003 trcrf-default                    act/unsup 
1004 fddinet-default                  act/unsup 
1005 trbrf-default                    act/unsup 
SW1#

As you can see, VLAN 10 and VLAN 20 have been created buy they don't have inside of them any port. Based on the picture, we have to put G0/1 on VLAN 10 and G0/2 on VLAN 20 and we need to make those ports and access ports because they are connected to end devices.

SW1(config)#interface g0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10
SW1(config-if)#exit
SW1(config)#interface g0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 20
SW1(config-if)

Excellent - Let's see now if G0/1 and G0/2 are now assigned to the right VLAN.

SW1#show vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/0
10   VLAN0010                         active    Gi0/1
20   VLAN0020                         active    Gi0/2
100  VLAN100                          active    
200  VLAN0200                         active    
300  VLAN0300                         active    
1002 fddi-default                     act/unsup 
1003 trcrf-default                    act/unsup 
1004 fddinet-default                  act/unsup 
1005 trbrf-default                    act/unsup 
SW1#

You can see the the port G0/1 of SW1 is now in VLAN 10 and the port G0/2 of SW1 is now in VLAN 20. That's great. The last thing we need to do SW1 is to configure the Trunk port to the Router R1 because both VLAN 10 and VLAN 20 traffic should go to R1 when their devices want to communicate to each other because R1 can do the routing between the VLANS.

SW1(config)#interface g0/0
SW1(config-if)#switchport mode trunk
SW1(config-if)#switch trunk encapsulation dot1q 
SW1(config-if)#switchport mode trunk 
SW1(config)#

Let's verify if now the interface G0/0 is in a trunk mode using the encapsulation dot1Q:

SW1#show interfaces g0/0 switchport 
Name: Gi0/0
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none 
Administrative private-vlan mapping: none 
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Appliance trust: none
SW1#

You can see it is in trunk mode. Very good. So we have finished the work on the Switch. The last step we need to do is to configure R1 to act as a router on a stick and routing the traffic of the VLAN's to each other. For this, we need to create sub-interfaces on F0/0 so one is for VLAN 10 and one is for VLAN 20 and we have to put addresses from the range of IP's that we have assigned to R2 and R3. Let me show you what you need to do.

R1#conf t
R1(config)#interface f0/0
R1(config-if)#no shutdown
R1(config-if)#exit       
R1(config)#interface f0/0.10
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip address 192.168.10.1 255.255.255.0
R1(config-subif)#no shutdown
R1(config-subif)#exit
R1(config)#interface f0/0.20
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip address 192.168.20.1 255.255.255.0
R1(config-subif)#no shutdown
R1(config-subif)#

1st we go to the physical interface which is F0/0 and we make it up. Then we create 2 sub-interfaces which will be acting as gateways for R2 and R3 (that's why I have put the gateways on R2 and R3 to be as the IP's on the sub-interfaces on R1). In these sub-interfaces I put the right IP's and I use the encapsulation dot1Q with the VLAN 10 because this is a trunk port.

Let's check the routing table on R1:

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C    192.168.10.0/24 is directly connected, FastEthernet0/0.10
C    192.168.20.0/24 is directly connected, FastEthernet0/0.20
R1#

Excellent - we have 2 entries for the 2 networks on the routing tables, so that means the VLAN traffics of VLAN 10 and VLAN 20 can be routed so R2 and R3 can reach each other.

Let's try to ping from R2 to R3 and see the result:

R2#ping 192.168.20.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/71/84 ms
R2#

Let's see if we ping from R3 to R2 IP address:

R3#ping 192.168.10.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/56/76 ms
R3#

Wouhoo!!!!! the LAB is working perfectly :)

Conclusion:

In this lesson I have explained to you how to configure Router on a stick and I have showed you all steps that you require to do for this.

If you have any question or suggestion, please leave your comment below and I will get back to you ASAP.