Introduction

At home I like to keep my wireless network separate from the wired network. The way I do this is using VLANs or Virtual LANS. So for example I have my wired network on VLAN 2 and my wireless network on VLAN 50, doing this ensures the networks cannot communicate directly and are in separate broadcast domains.

Terminology: VLAN

A VLAN is a Virtual LAN. Devices in a VLAN communicate as if they were connected to the same broadcast domain in the same way that all devices connected to a hub or  switch do. However you can segment your switch into VLANs each becoming a separate broadcast domain.

Configuration

We will use the topology shown below. The wired network will be on 192.168.2.0/24 and the wireless network will be on 192.168.50.0/24.

 

1. We start on S1 and the first thing we need to do is  create our VLANs, we do this from global configuration mode using the commands “vlan vlan-id” where vlan-id is the identifying number of the VLAN we are creating. In our case we are creating VLAN 2 and VLAN 50. We can give names to the VLANS so we can identify them in the show commands later, we give the VLAN names from the VLAN configuration mode and the command is “name vlan-name” where vlan-name is just a word.

S1(config)#vlan 2
S1(config-vlan)#name WIRED_NETWORK
S1(config-vlan)#
S1(config-vlan)#vlan 50
S1(config-vlan)#name WIRELESS_NETWORK

 

2. Now we have VLANs setup we can verify with the “show vlan” command.

S1#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
2    WIRED_NETWORK                    active    
50   WIRELESS_NETWORK                 active    
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
2    enet  100002     1500  -      -      -        -    -        0      0
50   enet  100050     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0   
1003 tr    101003     1500  -      -      -        -    -        0      0   
1004 fdnet 101004     1500  -      -      -        ieee -        0      0   
1005 trnet 101005     1500  -      -      -        ibm  -        0      0   

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
S1#

You can see from this output that we have our two VLANS created but also a default VLAN and VLANS 1002 – 1005. VLAN 1 is the default VAN on a switch, if you do no VLAN configuration all interfaces and devices connected to the switch are part of VLAN 1. VLANs 1002 – 1005 are only present so the switch complies with the standards.

 

3. You should have also noticed from the output above that even though we have two VLANs created we don’t actually have any interfaces associated with the VLANS so next thing to go is go into the interface configuration and assign the correct interfaces to the relevant vlans. To do this we first need to put the switch ports into access mode, by default these are dynamic desirable which means that the interface will try and become a trunk if possible and if not fall back to an access interface. We want to set out interfaces to access so we do this with the command “switchport mode access” and then set the interface to the correct VLAN with the command “switchport access vlan vlan-id” where vlan-id is the VLAN we want to put the interface into.

S1(config)#interface FastEthernet 0/1
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 2
S1(config-if)#
S1(config-if)#interface FastEthernet 0/2
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 50

If we now look at the output of “show vlan” we can see that the VLANs now have the interfaces assigned.

S1#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24
2    WIRED_NETWORK                    active    Fa0/1
50   WIRELESS_NETWORK                 active    Fa0/2
...

 

4.  We now need to be able to route between the two VLANS so we jump to R1 and from here we create two sub-interfaces on FastEthernet0/0, we do this by typing the command “interface interface interface-number.subinterface-number” where interface is they type of interface such as Ethernet / ATM / FastEthernet, interface-number is the number of the interface such as 0/0 or 0/1 or 1/0/3 and subinterface-number is any number up to 4294967295 to uniquely identify the subinterface. I like to use the VLAN id as the subinterface number. We’ll then create FastEtherent0/0.2 and FastEthernet0/0.50 on our router.

R1(config)#interface FastEthernet0/0.2
R1(config-subif)#interface FastEthernet0/0.50
R1(config-subif)#

Now we have out interfaces lets assign these to the relevant VLANs with the command “encapsulation dot1q vlan-id” where vlan-id is the VLAN we want to put this sub-interface into. We need to go back under the sub-interface configuration for FastEthernet0/0.2 and FastEthernet0/0.50. While we are in the sub-interface configuration we’ll add the IP address for the interfaces too. 192.168.2.254 for FastEthernet0/0.2 and 192.168.50.254 for FastEthernet0/0.50

R1(config)#interface FastEthernet0/0.2
R1(config-subif)#encapsulation dot1Q 2
R1(config-subif)#ip address 192.168.2.254 255.255.255.0
R1(config-subif)#
R1(config-subif)#interface FastEthernet0/0.50
R1(config-subif)#encapsulation dot1Q 50
R1(config-subif)#ip address 192.168.50.254 255.255.255.0
R1(config-subif)#

 

5. If we try and ping then router from the PCs, wired network PC set to 192.168.2.1 and the wireless network PC set to 192.168.50.1, we will get no response. Why? Because S1 and R1 need to be able to communicate the two VLANs over a single interface, this is where trunking comes in. Trunking allows us to send all VLAN traffic over one connection rather than having to have an individual interface for each VLAN. To enable trunking between R1 and S1 we first need to go to S1 and enter the command “switchport mode trunk” in interface configuration mode on interface FastEthernet0/3.

S1(config)#interface FastEthernet0/3
S1(config-if)#switchport mode trunk
S1(config-if)#

This then allows S1 to trunk with R1 and pass all VLAN traffic. We can verify this by looking at “show vlan“, we’ll see that Fa0/3 is missing from the output, this is because it is no longer associated with a single vlan.

S1#show vlan
VLAN Name                             Status    Ports
 ---- -------------------------------- --------- -------------------------------
 1    default                          active    Fa0/4, Fa0/5, Fa0/6, Fa0/7
                                                 Fa0/8, Fa0/9, Fa0/10, Fa0/11
                                                 Fa0/12, Fa0/13, Fa0/14, Fa0/15
                                                 Fa0/16, Fa0/17, Fa0/18, Fa0/19
                                                 Fa0/20, Fa0/21, Fa0/22, Fa0/23
                                                 Fa0/24
 2    WIRED_NETWORK                    active    Fa0/1
 50   WIRELESS_NETWORK                 active    Fa0/2
 ...

To see the trunk information we need to use the command “show interface trunk“, here we will see all the active trunk interfaces, the status of the trunk and which VLANs it is passing.

S1#show interface trunk
Port        Mode         Encapsulation  Status        Native vlan
Fa0/3       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/3       1-1005

Port        Vlans allowed and active in management domain
Fa0/3       1,2,50

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/3       1,2,50
S1#

 

6. We should now be able to ping R1 from the wired network PC.

C:\>ping 192.168.2.254

Pinging 192.168.2.254 with 32 bytes of data:
Reply from 192.168.2.254: bytes=32 time<1ms TTL=255
Reply from 192.168.2.254: bytes=32 time<1ms TTL=255
Reply from 192.168.2.254: bytes=32 time<1ms TTL=255
Reply from 192.168.2.254: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.2.254:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>

We should also be able to ping the wireless network PC.

C:\>ping 192.168.50.1

Pinging 192.168.50.254 with 32 bytes of data:
Reply from 192.168.50.1: bytes=32 time<1ms TTL=255
Reply from 192.168.50.1: bytes=32 time<1ms TTL=255
Reply from 192.168.50.1: bytes=32 time<1ms TTL=255
Reply from 192.168.50.1: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.50.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>

Summary

We have now setup VLANs on a switch and sub-interfaces on a router. Setup and enabled trunking for our new VLANS between the switch and router as well as assigning switchports to VLANS. We have verified the configuration with relevant show commands and finally tested the connectivity and have successfully pinged between the two network.

We can expand on this further and use a layer3 switch and do all of our routing at the switch and remove our bottleneck on the trunk link.

 

I hope you found this post informative, please leave a comment if you have any questions or feedback.

4,108 comments on “InterVLAN Routing: Router on a stick

  1. Pingback: wholesale jordan concords

  2. Pingback: Magnetic Tags Removal

  3. Pingback: commercial appliance repair

  4. Pingback: cong ty dau nhot

  5. Pingback: over 50 life cover

  6. Pingback: commercial appliance repair.

  7. Pingback: VigRX Plus

  8. Pingback: income online

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>