While I studying for the CCNA exam I came across  a topic known as 802.1q trunk to router which is also commonly referred to router-on-a-stick or ROAS. This being a vital topic for the exam I wanted to write this how-to article in hopes that it aids others in their studies.

Simply put, if you have multiple VLANS and you wish for hosts to communicate with one another then you need to implement a layer 3 device such as a Router to perform routing between the VLANS.

Routing in this scenario is easily accomplished by implementing ROAS. Make sure you have the following

  • A minimum of a fast Ethernet straight-through connection must exist between the router & switch.
  • The switch port of the switch connected to the router must be in trunking mode.
  • A subinterface is required for each VLAN that will be participating in ROAS.
  • The router port & VLAN encapsulation type must match the VLAN encapsulation on the switch port which in most cases will be 802.1q or also known as dot1q.
  • Each subinterface must have an IP address that resides on the same
    segment for each respective VLAN.

In this example we have 3 VLANS (1, 2, and 3) and a VTP domain configured to distribute VLAN information across the 3 switches. Our router is setup with the following 3 subinterfaces configured on fastethernet0/0

Router1(config)#interface fastethernet 0/0.1
Router1(config-subif)#encapsulation dot1q 1
Router1(config-subif)#ip address 192.168.2.1 255.255.255.240

By following the example above for each subinterface you create you end up with the router configuration below.

interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.2.1 255.255.255.240
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.2.17 255.255.255.240
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.2.33 255.255.255.240

Notice that after specifying the encapsulation type on each sub-interface you must specify the VLAN ID. 802.1q performs VLAN tagging which identifies the frames as they travel across the trunk.

Switch(config)#interface fastethernet 0/1
Switch(config-if)#switchport mode trunk

And you end up with the following configuration on the switch

interface FastEthernet0/1
switchport mode trunk

By writing this simple config you will have successfully setup communication across the 3 VLANS.

Since we have a VTP domain setup to distribute VLAN information across our 3 switches you can now assign ports into these VLANS and test communication across segments by issuing some pings.

What, no IP addresses on the hosts yet? That’s solved easily by adding DHCP services to the router.

Write the following config on the router

Router1(config)#ip dhcp pool SiteB.1-Pool
Router1(config)#default-router 192.168.2.1
Router1(config)#network 192.168.2.0 255.255.255.240
Router1(config)#dns-server 192.168.2.3

Follow the above for the remaining 2 dhcp pools and you end up with the following config

ip dhcp pool SiteB.1-Pool
network 192.168.2.0 255.255.255.240
default-router 192.168.2.1
dns-server 192.168.2.3
ip dhcp pool SiteB.2-Pool
network 192.168.2.16 255.255.255.240
default-router 192.168.2.17
dns-server 192.168.2.3
ip dhcp pool SiteB.3-Pool
network 192.168.2.32 255.255.255.240
default-router 192.168.2.33
dns-server 192.168.2.3

Don’t forget the IP Address exclusions; you don’t want to be giving out your router or DNS server IP to any of your hosts!

ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.17
ip dhcp excluded-address 192.168.2.33
ip dhcp excluded-address 192.168.2.3

A common misconfiguration commonly seen on router-on-a-stick is a missing or incorrectly configured default gateway on a host. In this example we are using DHCP services to provide this information to our hosts and is listed as the default-router.