How to configure Cisco Router on a stick

Asset 6

How to configure Cisco Router on a stick

Posted on 17 March 2013 by Beaming Support

If you wish to use multiple vlans on your network you will need a layer 3 device to connect these networks.

The device is called a router on a stick and we’re going to show you how to configure Cisco router on a stick in this article.

Firstly, please see the topology below:

Router on a stick

First we shall create the VLANs:

SW1#configure terminal
SW1(config)# vlan100
SW1(config-vlan)# name vlan100
SW1(config-vlan)# exit
SW1#configure terminal
SW1(config)# vlan101
SW1(config-vlan)# name vlan101
SW1(config-vlan)# exit
SW1(config)# interface FastEthernet0/1
SW1(config-if)# switchport mode trunk
SW1(config-if)# spanning-tree portfast
SW1(config)# interface FastEthernet0/2
SW1(config-if)# switchport access vlan 100
SW1(config)# interface FastEthernet0/3
SW1(config-if)# switchport access vlan 100
SW1(config)# interface FastEthernet0/4
SW1(config-if)# switchport access vlan 101
SW1(config)# interface FastEthernet0/5
SW1(config-if)# switchport access vlan 101

We now need to configure the router:

R1# configure terminal
R1(config)# interface FastEthernet0/0.100
R1(config-if)# encapsulation dot1Q 100
R1(config-if)# ip address 192.168.100.254 255.255.255.0
R1(config-if)# exit
R1(config)# interface FastEthernet0/0.101
R1(config-if)# encapsulation dot1Q 101
R1(config-if)# ip address 192.168.101.254 255.255.255.0
R1(config-if)#^Z

Once you have assigned the appropriate IP addresses and gateway to the PCs you will be able to communicate between the VLANS. If you wish to limit the traffic that passes between vlans you can assign an access list to prevent unwanted traffic from traversing the VLANs.

In the below example with will permit only http traffic to the SRV100 and SRV101 from the opposing VLANS:

R1(config)#access-list 150 permit tcp any host 192.168.100.1 eq 80
R1(config)#access-list 150 deny ip any any
R1(config)#access-list 151 permit tcp any host 192.168.101.1 eq 80
R1(config)#access-list 151 deny ip any any
R1(config)#int fast
R1(config)#int fastEthernet 0/1.100
R1(config-subif)#ip access-group 151 out
R1(config-subif)#int fastEthernet 0/1.101
R1(config-subif)#ip access-group 150 out

We're networking experts

When it comes to private wide area networks and business continuity services, a “set it and leave it” approach just doesn’t cut the mustard.

More guides, straight to your inbox

Our monthly how-to guides, cyber security tips and business tech advice help businesses stay online and make the most of their connectivity.

  • This field is for validation purposes and should be left unchanged.

Business cyber security advice.

Straight to your inbox every month.

  • How-to guides to boost productivity and efficiency
  • Changes in voice and internet tech that your business should know
  • Cyber security advice anyone can follow

  • This field is for validation purposes and should be left unchanged.