Have you ever watched a packet slip through a network like a secret agent, only to be blocked by a VLAN wall?
You’re not alone. Most folks think VLANs are just a fancy way to keep traffic tidy, but they’re also a barrier that, if you’re not careful, can turn a smooth‑running network into a traffic jam Not complicated — just consistent..
In this guide we’ll walk through packet tracer – configure router‑on‑a‑stick inter‑VLAN routing step by step. By the end, you’ll know how to set up a trunk, create sub‑interfaces, and troubleshoot the most common hiccups.
What Is Router‑on‑a‑Stick Inter‑VLAN Routing?
Router‑on‑a‑stick is the classic method for letting devices on different VLANs talk to each other. Think of a router as a concierge that knows how to deliver mail between different departments in an office building. The trick? You give that router a single physical link to the switch, but you pretend it has multiple virtual interfaces—one per VLAN—by using sub‑interfaces with 802.1Q encapsulation Small thing, real impact. No workaround needed..
In Cisco Packet Tracer, this setup looks like:
- A switch with multiple VLANs, each with its own set of ports.
- A router connected to the switch via a trunk port.
- Sub‑interfaces on the router, each tagged with a VLAN ID.
When a packet lands on the trunk, the router reads the VLAN tag, pulls the packet out of the correct sub‑interface, routes it, then pushes it back out with the right tag.
Why It Matters / Why People Care
You might wonder why we bother with a single router instead of a full‑blown Layer‑3 switch. Here are a few reasons:
- Cost savings – Smaller networks can get away with a single router.
- Simplicity – One device to manage for inter‑VLAN routing.
- Legacy support – Some older equipment only supports router‑on‑a‑stick.
But if you skip the trunk or mis‑configure the sub‑interfaces, devices will never see each other. That’s why mastering this technique is essential for anyone working with VLANs, whether in a lab or in the field It's one of those things that adds up..
How It Works (or How to Do It)
1. Set Up the Switch and VLANs
-
Create VLANs
Switch> enable Switch# configure terminal Switch(config)# vlan 10 Switch(config-vlan)# name Sales Switch(config-vlan)# exit Switch(config)# vlan 20 Switch(config-vlan)# name Engineering Switch(config-vlan)# exit -
Assign ports to VLANs
Switch(config)# interface range fa0/1 - 4 Switch(config-if-range)# switchport mode access Switch(config-if-range)# switchport access vlan 10 Switch(config-if-range)# exit Switch(config)# interface range fa0/5 - 8 Switch(config-if-range)# switchport mode access Switch(config-if-range)# switchport access vlan 20 -
Create a trunk port for the router
Switch(config)# interface fa0/24 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk allowed vlan 10,20
2. Configure the Router
-
Create sub‑interfaces
Router> enable Router# configure terminal Router(config)# interface gig0/0 Router(config-if)# no shutdown Router(config-if)# exit Router(config)# interface gig0/0.10 Router(config-subif)# encapsulation dot1Q 10 Router(config-subif)# ip address 192.168.10.1 255.255.255.0 Router(config-subif)# exit Router(config)# interface gig0/0.20 Router(config-subif)# encapsulation dot1Q 20 Router(config-subif)# ip address 192.168.20.1 255.255.255.0 -
Enable routing (if using a router that needs it)
Router(config)# ip routing
3. Verify Connectivity
-
Ping from a host in VLAN 10 to the router
PC1> ping 192.168.10.1You should see replies.
-
Ping across VLANs
PC1> ping 192.168.20.10If you get replies, the router‑on‑a‑stick is working Worth knowing..
4. Optional: Static Routes or OSPF
If you have more routers or need dynamic routing, add a static route or enable OSPF:
Router(config)# ip route 192.168.30.0 255.255.255.0 192.168.20.2
or
Router(config)# router ospf 1
Router(config-router)# network 192.168.10.0 0.0.0.255 area 0
Router(config-router)# network 192.168.20.0 0.0.0.255 area 0
Common Mistakes / What Most People Get Wrong
- Forgetting to enable the trunk – The router will see no traffic if the switch port isn’t set to trunk mode.
- Wrong VLAN IDs on sub‑interfaces – A typo in the dot1Q command will silently drop packets.
- Missing “no shutdown” on the physical router interface – The interface defaults to shutdown.
- Using the wrong encapsulation – Some routers require
dot1Qinstead ofencapsulation dot1Q. - Not setting IPs on the same subnet – If the router’s IP isn’t in the same subnet as the hosts, you’ll get “unreachable” errors.
Practical Tips / What Actually Works
- Keep a naming convention –
gig0/0.10for VLAN 10,gig0/0.20for VLAN 20. It saves headaches later. - Use
show interface trunkto confirm allowed VLANs and trunk status. - take advantage of
show ip interface briefto double‑check that sub‑interfaces are up. - Add a default route (
ip default-network) if the router needs to forward traffic beyond the local subnets. - Document every VLAN ID, IP scheme, and trunk configuration in a single sheet.
FAQ
Q1: Can I use a Layer‑3 switch instead of a router for inter‑VLAN routing?
A1: Yes. A Layer‑3 switch can perform the same function with less latency, but the steps are similar: create SVIs (Switch Virtual Interfaces) instead of sub‑interfaces.
Q2: Why does my ping time out after setting up the router‑on‑a‑stick?
A2: Check that the trunk port allows the VLANs, the router’s sub‑interface IPs are correct, and the hosts have the correct default gateway.
Q3: Is it possible to have multiple routers on the same trunk?
A3: Not with a single trunk port. Each router needs its own trunk or you’d need a Layer‑3 switch to share the trunk Less friction, more output..
Q4: What if my switch doesn’t support 802.1Q?
A4: You’ll need to upgrade to a model that does, or use a different routing strategy like using a dedicated router per VLAN.
Q5: How do I troubleshoot if only one VLAN works?
A5: Run show vlan on the switch, verify the port membership, then show interface trunk to ensure the VLAN is allowed.
You’ve now got the blueprint to make VLANs talk via a single router.
Take the time to practice in Packet Tracer, tweak the IP ranges, or even add a third VLAN. The more you experiment, the more intuitive the process becomes. Happy routing!
