If you have ever heard the term ‘router on a stick’, that is a reference to using an external router connected using only one physical interface to a switch that has multiple vlans defined on it. The single physical interface is configured using vlan trunking/tagging with Ethernet subInterfaces.

Let’s assume there are three vlans configured for this small office scenario:

Vlan 2 – Cisco device management
Vlan 3 – Office Workstations
Vlan 4 – Servers

The vlan usage is pretty self explanatory with the descriptions above. The office PCs running Windows XP will be configured for Vlan 3. The office file/mail/print servers will be configured for Vlan 4. Lastly, Vlan 2 will be used as the management vlan for all managed network devices.

There will also be a vlan 999 for the native/untagged vlan traffic, since it is best practice not to use Vlan1 for this purpose.

Here is what the configurations would look like:

On the Cisco access switch:

hostname OfficeSwitch-001
vtp mode transparent
!
vlan 2
 name Management
vlan 3
 name Workstations
vlan 4
 name Servers
vlan 999
 name Native-Trunk
!
interface GigabitEthernet0/1
description Connected to OfficeRouter-001 Fa0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 10.1.2.10 255.255.255.0
!
ip default-gateway 10.1.2.1

On the 2811 router:

interface FastEthernet0/1
description Connected to OfficeSwitch-001 Gig0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.2
description Management L3 Interface
encapsulation dot1Q 2
ip address 10.1.2.1 255.255.255.0
!
interface FastEthernet0/1.3
description Workstation L3 Interface
encapsulation dot1Q 3
ip address 10.1.3.1 255.255.255.0
!
interface FastEthernet0/1.4
description Server L3 Interface
encapsulation dot1Q 4
ip address 10.1.4.1 255.255.255.0
!
interface FastEthernet0/1.999
description Native Vlan
encapsulation dot1Q 999 native
no ip address