A router has two FastEthernet interfaces and needs to connect to four vlans in the local network. How can you accomplish this task, using the fewest physical interfaces and without decreasing network performance?
A. Add two more FastEthernet interfaces.
B. Add a second router to handle the vlan traffic.
C. Use a hub to connect the four vlans with a FastEthernet interface on router.
D. Implement a router-on-a-stick configuration.
Correct D:
One-armed routers that perform traffic forwarding are often implemented on virtual local area networks [VLANs]. They would have only a single Ethernet NIC that is part of two or more Virtual LANs, enabling them to be joined. A VLAN allows multiple virtual LANs to coexist on the same physical LAN. This means that two machines attached to the same switch cannot send Ethernet frames to each other even though they pass over the same wires. If they need to communicate, then a router must be placed between the two VLANs to forward packets, just as if the two LANs were physically isolated. The only difference is that the router in question may contain only a single Ethernet NIC that is part of both VLANs. Hence, "one-armed". While uncommon, hosts on the same physical medium may be assigned with addresses and to different networks. A one-armed router could be assigned addresses for each network and be used to forward traffic between locally distinct networks and to remote networks through another gateway.
One-armed routers are also used for administration purposes such as route collection, multi hop relay and looking glass servers.
In the previous section, three ways to create inter-VLAN routing were listed, and legacy inter-VLAN routing was detailed. This section details how to configure router-on-a-stick inter-VLAN routing. You can see in the figure that the router is not in the center of the topology but instead appears to be on a stick near the border, hence the name.
In Figure 4-5, the R1 GigabitEthernet 0/0/1 interface is connected to the S1 FastEthernet 0/5 port. The S1 FastEthernet 0/1 port is connected to the S2 FastEthernet 0/1 port. These are trunk links that are required to forward traffic within and between VLANs.
Figure 4-5 Router-on-a-Stick Topology
To route between VLANs, the R1 GigabitEthernet 0/0/1 interface is logically divided into three subinterfaces, as shown in Table 4-2. The table also shows the three VLANs that will be configured on the switches.
Table 4-2 Router R1 Subinterfaces
Subinterface
VLAN
IP Address
G0/0/1.10
10
192.168.10.1/24
G0/0/1.20
20
192.168.20.1/24
G0/0/1.30
99
192.168.99.1/24
Assume that R1, S1, and S2 have initial basic configurations. Currently, PC1 and PC2 cannot ping each other because they are on separate networks. Only S1 and S2 can ping each other, but they but are unreachable by PC1 or PC2 because they are also on different networks.
To enable devices to ping each other, the switches must be configured with VLANs and trunking, and the router must be configured for inter-VLAN routing.
S1 VLAN and Trunking Configuration [4.2.2]
Complete the following steps to configure S1 with VLANs and trunking:
Step 1. Create and name the VLANs. First, the VLANs are created and named, as shown in Example 4-1. VLANs are created only after you exit out of VLAN subconfiguration mode.
Example 4-1 Create and Name VLANs
S1[config]# vlan 10 S1[config-vlan]# name LAN10 S1[config-vlan]# exit S1[config]# vlan 20 S1[config-vlan]# name LAN20 S1[config-vlan]# exit S1[config]# vlan 99 S1[config-vlan]# name Management S1[config-vlan]# exit S1[config]#
Step 2. Create the management interface. Next, the management interface is created on VLAN 99 along with the default gateway of R1, as shown in Example 4-2.
Example 4-2 Create the Management Interface
S1[config]# interface vlan 99 S1[config-if]# ip add 192.168.99.2 255.255.255.0 S1[config-if]# no shut S1[config-if]# exit S1[config]# ip default-gateway 192.168.99.1 S1[config]#
Step 3. Configure access ports. Next, port Fa0/6 connecting to PC1 is configured as an access port in VLAN 10, as shown in Example 4-3. Assume PC1 has been configured with the correct IP address and default gateway.
Example 4-3 Configure Access Ports
S1[config]# interface fa0/6 S1[config-if]# switchport mode access S1[config-if]# switchport access vlan 10 S1[config-if]# no shut S1[config-if]# exit S1[config]#
Step 4. Configure trunking ports. Finally, ports Fa0/1 connecting to S2 and Fa05 connecting to R1 are configured as trunk ports, as shown in Example 4-4.
Example 4-4 Configure Trunking Ports
S1[config]# interface fa0/1 S1[config-if]# switchport mode trunk S1[config-if]# no shut S1[config-if]# exit S1[config]# interface fa0/5 S1[config-if]# switchport mode trunk S1[config-if]# no shut S1[config-if]# end *Mar 1 00:23:43.093: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up *Mar 1 00:23:44.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up
S2 VLAN and Trunking Configuration [4.2.3]
The configuration for S2 is similar to S1, as shown in Example 4-5.
Example 4-5 S2 Configuration
S2[config]# vlan 10 S2[config-vlan]# name LAN10 S2[config-vlan]# exit S2[config]# vlan 20 S2[config-vlan]# name LAN20 S2[config-vlan]# exit S2[config]# vlan 99 S2[config-vlan]# name Management S2[config-vlan]# exit S2[config]# S2[config]# interface vlan 99 S2[config-if]# ip add 192.168.99.3 255.255.255.0 S2[config-if]# no shut S2[config-if]# exit S2[config]# ip default-gateway 192.168.99.1 S2[config]# interface fa0/18 S2[config-if]# switchport mode access S2[config-if]# switchport access vlan 20 S2[config-if]# no shut S2[config-if]# exit S2[config]# interface fa0/1 S2[config-if]# switchport mode trunk S2[config-if]# no shut S2[config-if]# exit S2[config-if]# end *Mar 1 00:23:52.137: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R1 Subinterface Configuration [4.2.4]
The router-on-a-stick method requires you to create a subinterface for each VLAN to be routed.
A subinterface is created using the interface interface_id.subinterface_id global configuration mode command. The subinterface syntax is the physical interface followed by a period and a subinterface number. Although not required, it is customary to match the subinterface number with the VLAN number.
Each subinterface is then configured with the following two commands:
encapsulation dot1q vlan_id [native]: This command configures the subinterface to respond to 802.1Q encapsulated traffic from the specified vlan-id. The native keyword option is only appended to set the native VLAN to something other than VLAN 1.
ip address ip-address subnet-mask: This command configures the IPv4 address of the subinterface. This address typically serves as the default gateway for the identified VLAN.
Repeat the process for each VLAN to be routed. Each router subinterface must be assigned an IP address on a unique subnet for routing to occur.
When all subinterfaces have been created, enable the physical interface using the no shutdown interface configuration command. If the physical interface is disabled, all subinterfaces are disabled.
In the configuration in Example 4-6, the R1 G0/0/1 subinterfaces are configured for VLANs 10, 20, and 99.
Example 4-6 R1 Subinterface Configuration
R1[config]# interface G0/0/1.10 R1[config-subif]# description Default Gateway for VLAN 10 R1[config-subif]# encapsulation dot1Q 10 R1[config-subif]# ip add 192.168.10.1 255.255.255.0 R1[config-subif]# exit R1[config]# R1[config]# interface G0/0/1.20 R1[config-subif]# description Default Gateway for VLAN 20 R1[config-subif]# encapsulation dot1Q 20 R1[config-subif]# ip add 192.168.20.1 255.255.255.0 R1[config-subif]# exit R1[config]# R1[config]# interface G0/0/1.99 R1[config-subif]# description Default Gateway for VLAN 99 R1[config-subif]# encapsulation dot1Q 99 R1[config-subif]# ip add 192.168.99.1 255.255.255.0 R1[config-subif]# exit R1[config]# R1[config]# interface G0/0/1 R1[config-if]# description Trunk link to S1 R1[config-if]# no shut R1[config-if]# end R1# *Sep 15 19:08:47.015: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down *Sep 15 19:08:50.071: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up *Sep 15 19:08:51.071: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up R1#
Verify Connectivity Between PC1 and PC2 [4.2.5]
The router-on-a-stick configuration is complete after the switch trunk and the router subinterfaces have been configured. The configuration can be verified from the hosts, router, and switch.
From a host, verify connectivity to a host in another VLAN using the ping command. It is a good idea to first verify the current host IP configuration using the ipconfig Windows host command, as shown in Example 4-7.
Example 4-7 Verify Windows Host Configuration
C:\Users\PC1> ipconfig Windows IP Configuration Ethernet adapter Ethernet0: Connection-specific DNS Suffix . : Link-local IPv6 Address : fe80::5c43:ee7c:2959:da68%6 IPv4 Address : 192.168.10.10 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.10.1 C:\Users\PC1>
The output confirms the IPv4 address and default gateway of PC1. Next, use ping to verify connectivity with PC2 and S1, as shown in Figure 4-5. The ping output successfully confirms that inter-VLAN routing is operating, as shown in Example 4-8.
Example 4-8 Verify Inter-VLAN Routing by Pinging from PC1
C:\Users\PC1> ping 192.168.20.10 Pinging 192.168.20.10 with 32 bytes of data: Reply from 192.168.20.10: bytes=32 time