Router on a Stick Configuration - Juniper, Cisco, Vyatta

Layer 2 switch is  a network device which provides network access for hosts connected to its ports. Hosts  are grouped  in to VLANs  according to switch port configuration.  If they are hosts belonging to different VLANs it is not connectivity between hosts so it must be a mechanism which provides connectivity  - routing between  hosts on different VLANs.  Each VLAN should have assigned its own IP address space - subnet.  Layer 2 switch can't do routing between subnets and frames destined outside of VLAN must be sent to device which  is capable  of routing between VLAN. This device is known as  router and when it is connected with its only  one interface to L2 switch  this concept is called Router-on-a-Stick configuration.

Instead of transferring frames from particular VLAN on dedicated switch port it exists a method which allows  to  send frames from multiple VLANs through  one port of switch.  This switch port is called a trunk port and  frames sent through the trunk port must carry  information  about VLAN they are coming from.   The VLAN-ID information is  placed in to 802.1 tag and a tag is added  to original Ethernet frame right after source MAC address.  VLAN-id field inside 802.1q tag is  determined according to VLAN configured on switchport where a frame originally enters switch.

On opposite side of trunk there is a Router-on-a-Stick  which needs to understand  tagged 802.1q frames coming from trunk port of switch. Physical interface of router connected to switch is divided to multiple logical sub-interfaces. Each sub-interface is configured  with IP subnet, VLAN-id and type of encapsulation (802.1q standard or proprietary Cisco ISL). Router's job is routing between subnets  and encapsulating frames with proper 802.1q tag according to VLAN-id configured  on  sub-interface.

The router port must be Fast Ethernet or Gigabit Ethernet port because it must be able to receive and send frames at the same time - working in duplex mode. Funny to say but Juniper shows speed 10M with half-duplex for interface fxp3 and Router-on-a-stick configuration is working.

The goal of this tutorial is to show Router-on-a-Stick configuration for different vendor products - Juniper, Cisco, Vyatta. I'm using  LiSA Multilayer switch as layer 2 switch in this Lab for pure layer 2 switching - no layer 3 interfaces are configured on LiSA.  The VLAN 100 and VLAN200 are created on LiSA and interface Ethernet 3 is a trunk port with only VLAN 100 and 200 allowed on  this port. Host PC100 is connected to interface Ethernet0 with VLAN100 configured on this interface.  VLAN 200 is configured on interface Ethernet 1 and it connects host PC200.


Router-on-a-Stick Juniper - click  image to enlarge

There is Juniper on the picture doing intervlan routing between Vlan 100 and 200.  I'm posting only one topology picture for all router-on-a-stick configurations but keep in mind Juniper should be replaced with particular type of router  (Vyatta, Cisco) for following lab.

1. Linux Microcore host PC 100, PC 200 and LiSA Configuration

LiSA and Microcore hosts configuration is quite common for all Labs so I'm posting  it only once.

1.1 Microcore PC 100 host configuration

echo "ifconfig eth0 192.168.100.2 netmask 255.255.255.0" >> /opt/bootlocal.sh
echo "route add default gw 192.168.100.1" >> /opt/bootlocal.sh
echo "hostname PC100" >> /opt/bootlocal.sh
/usr/bin/filetool.sh -b

sudo /opt/bootlocal.sh

1.2 Microcore PC 200 host configuration

echo "ifconfig eth1 192.168.200.2 netmask 255.255.255.0" >> /opt/bootlocal.sh
echo "route add default gw 192.168.200.1" >> /opt/bootlocal.sh
echo "hostname PC200" >> /opt/bootlocal.sh
/usr/bin/filetool.sh -b

sudo /opt/bootlocal.sh

1.3 Linux Multilayer Switch - LiSA configuration

Configuration shouldn't be a problem for people familiar with Cisco.

LiSA#show running-config
Building configuration...

Current configuration : 352 bytes
!
hostname LiSA
!
!
!
vlan 100
name Access100
!
vlan 200
name Access200
!
interface Ethernet 3
description Trunk to Router
switchport trunk allowed vlan 100,200
switchport mode trunk
!
!
interface Ethernet 0
description Link to PC 100
switchport access vlan 100
!
!
interface Ethernet 1
description Link to PC 200
switchport access vlan 200
!
end

2. Router on a Stick - Juniper  Configuration

The configuration below is using Gigabit NIC e1000 (em interface).   Ping between PC 100 and PC 200 is successful at the time of configuration but after reboot of  Olive, em3 interface is stacked in administratively shutdown state regardless of configuration.  I can't find a solution to this issue but according to Olive Clue multiple VLANs should not be working for em interfaces.

For this reason I recommend to use NIC i82559er which is working flawlessly (fxp interface).

root@JUNOS4> show configuration

## Last commit: 2011-01-28 19:14:35 UTC by root
version 10.1R1.8;
system {
host-name JUNOS4;
root-authentication {
encrypted-password "$1$zjHC5DHn$p1x2.U8FZjdXBPY/qsVvu1"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
em3 {
vlan-tagging;
unit 100 {
vlan-id 100;
family inet {
address 192.168.100.1/24;
}
}
unit 200 {
vlan-id 200;
family inet {
address 192.168.200.1/24;
}
}
}
}

I've attached captured traffic between Juniper and LiSA during ping from PC 100 (192.168.100.2) to PC 200 (192.168.200.2). All frames seems to have correct 802.1 tags.

3. Router on a Stick - Vyatta  6.1 Core Configuration

Vyatta is open-sorce routing solution running on x86 hardware. Read more about Vyatta here.  I created tutorial how to install Vyatta on Qemu image available here.

vyatta@vyatta:~$ show configuration

interfaces {
ethernet eth3 {
duplex auto
smp_affinity auto
speed auto
vif 100 {
address 192.168.100.1/24
}
vif 200 {
address 192.168.200.1/24
}
}
loopback lo {
}
}
system {
host-name VYATTA
login {
user root {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
user vyatta {
authentication {
encrypted-password ****************
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ****************
url http://packages.vyatta.com/vyatta
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}

4. Router on a Stick - Cisco 3725 Configuration

Cisco#show run

Building configuration...

Current configuration : 1017 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
interface FastEthernet0/0
description Link to LiSA
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.100
description Sub-interface VLAN 100
encapsulation dot1Q 100
ip address 192.168.100.1 255.255.255.0
!
interface FastEthernet0/0.200
description Sub-interface VLAN 200
encapsulation dot1Q 200
ip address 192.168.200.1 255.255.255.0
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end

End.


2 thoughts on “Router on a Stick Configuration - Juniper, Cisco, Vyatta

  1. Hi, I'm using LISA same in your lab. My problem was LISA does not appear enough interface. I'm using command "show int" to check.

    Thanks your lab!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.