• Kiếm tiền với Hostinger

    Kiếm Tiền Cùng Hostinger

    Bạn đang tìm kiếm cách kiếm thêm thu nhập online? Hãy tham gia ngay chương trình Affiliate của Hostinger! Với mỗi khách hàng đăng ký thông qua liên kết của bạn, bạn sẽ nhận được khoản hoa hồng hấp dẫn.

    Hostinger cung cấp các dịch vụ lưu trữ web (hosting) chất lượng cao với mức giá cạnh tranh, giúp bạn dễ dàng giới thiệu và thu hút người dùng.

    Đừng bỏ lỡ cơ hội tuyệt vời này để tăng thêm thu nhập thụ động.

    Tham Gia Ngay

How to configure routing between a Cisco Router and a Cisco Switch L2 device (Router-on-a-Stick)

TigerDao

Administrator
Thành viên BQT
This article will explain how to provide routing between two VLANs on a simple Layer 2 switch using a Cisco router with just one interface. This configuration is often asked as a question on CCNA exams, so hopefully it will be helpful to those preparing for the certification. Take a look at the diagram below to get started:

(IMG)

Cisco Layer 2 switches carry two VLANs (VLAN 10 – RED and VLAN 20 – GREEN) with two hosts connected to them as shown on the diagram above. The two ports of the switch with machines connected to them (FE1/0/2 and FE1/0/3) must be access ports.

The first host belongs to Network 10.10.10.0/24 (VLAN10) and the second host belongs to 20.20.20.0/24 (VLAN20).

By default, if the switch is just a normal Layer 2 switch, two hosts cannot communicate between them because they belong to different VLANs and there is no routing.

Therefore, if we want to provide network connectivity between two VLANs, we need a Layer 3 engine somewhere in the network.

This can be done if the switch is Layer 3 (using Layer 3 InterVLAN Routing) or if there is a router. In this article, we use a router to provide Layer 3 connectivity as shown in the diagram.

The router uses only a single interface connected to a trunk port on the switch. The Router interface can be divided into two subinterfaces, with each subinterface belonging to the appropriate VLAN.

The switch port connected to the router must be a trunk port so that it can carry both VLANs to the router port. Take a look at the configuration below:

Configuration on Cisco Switch

Switch-TGM# conf t
Switch-TGM(config)# vlan 10
Switch-TGM(config-vlan)# exit
Switch-TGM(config)# vlan 20
Switch-TGM(config-vlan)# exit

Switch-TGM(config)# interface FastEthernet1/0/1
Switch-TGM(config-if)# describe trunk-to-router-on-a-stick
Switch-TGM(config-if)# switchport trunk encapsulation dot1q
Switch-TGM(config-if)# switchport mode trunk
Switch-TGM(config-if)# spanning-tree portfast trunk
Switch-TGM(config-if)# exit

Switch-TGM(config)# interface FastEthernet1/0/2
Switch-TGM(config-if)# describe connection-to-RED-VLAN
Switch-TGM(config-if)# switchport mode access
(config-if)# switchport access vlan 10
Switch-TGM(config-if)# exit

Switch-TGM(config)# interface FastEthernet1/0/3
Switch-TGM(config-if)# describe connection-to-GREEN-VLAN
Switch-TGM(config-if)# switchport mode access
Switch-TGM(config-if)# switchport access vlan 20
Switch-TGM(config-if)# exit
Switch-TGM(config)# exit
Switch-TGM# copy run start


Note:

The “spanning-tree portfast trunk” command on interface FastEthernet1/0/1 is used to bypass the tree delay when connecting the interface to the router. This command should not be used if the interface is connected to another Switch to avoid possible tree loops.

Configuration on Cisco Router

Router-TGM# conf t
Router-TGM(config)# interface fastethernet 0/0.10
Router-TGM(config-if)# encapsulation dot1q 10
Router-TGM(config-if)# ip address 10.10.10.2 255.255.255.0
Router-TGM(config-if)# exit
Router-TGM(config)# interface fastethernet 0/0.20
Router-TGM(config-if)# encapsulation dot1q 20
Router-TGM(config-if)# ip address 20.20.20.2 255.255.255.0
Router-TGM(config-if)# exit


Now, for two hosts to communicate with each other, they must set as default gateway the IP address of the corresponding router interface address (e.g. for a host in VLAN 10, the gateway must be 10.10.10.2 and for hosts in VLAN 20 the connection port must be 20.20.20.2).

Restrict traffic between VLANs

If you want to restrict traffic between two VLANs, you can do so using an Access Control List applied to the router’s subinterfaces.

For example, if you want to only allow server 10.10.10.10 to communicate with server 20.20.20.10 then you can create the following ACL and apply it to the router as shown below:

Router-TGM# conf t
Router-TGM(config)# access-list 101 permit ip host 10.10.10.10 host 20.20.20.10
Router-TGM(config)# interface fastethernet 0/0.10
Router-TGM(config-if)# ip access-group 101 in
Router-TGM(config-if)# exit


The numbered ACL 101 allows all traffic from host 10.10.10.10 to host 20.20.20.10 and denies everything else (note that in the ACL there is a hidden “deny all” at the end of the access list access).

Use cases and limitations

The “Router on a stick” configuration is useful in situations where there are no Layer3 switches and the only network devices you have are Layer2 routers and switches. In this case, you can provide Layer3 routing between two or more Layer2 VLANs that exist on the switch.

Note, however, that all inter-VLAN traffic will pass through the router’s single physical interface.

Therefore, if the router is a low-end model with not much bandwidth performance, and if the interface is just a plain old 10/100 Mbps interface, then you may have traffic problems (especially if the VLANs there is a lot of data traffic going through).

Good luck!

Xem tiếp...
 
Top