How To | Achieve Router-On-A-Stick Routing Between VLANs On Allied Telesis Routers Introduction Router on a stick, also called one-armed routing, describes the use of a single multihomed interface of a router to route between multiple subnets. It is commonly used when multiple IP subnets are being used on a single LAN segment. The router simply has a multihomed interface, with an IP address in each of the subnets being used on the segment. It can thereby participate in all of the subnets, and route between them. Router eth0 192.168.1.254 192.168.2.254 Subnets 192.168.1.0/24, 192.168.2.0/24 used on this LAN However, if a single interface on a router is to route not just between subnets on a single segment, but between multiple different VLANs, then the router needs to use VLAN tagging. Router eth0 This interface must be a tagged member of both VLANs VLAN 1 VLAN 2 The Allied Telesis AR400 and AR700 series routers are able to perform VLAN tagging on IP packets being sent/received on their Ethernet interfaces. C613-16042-00 REV B www.alliedtelesis.com Which products does it apply to? This document applies to the following Allied Telesis routers and managed layer 3 switches, running software version 2.6.x or later: z AR400 series routers z AR700 series routers Configuring the router to route between VLANs on a single interface Consider a typical situation in which there are multiple VLANs configured on a Layer 2 switch, and a single tagged uplink port on the switch connected to the eth0 interface of the router. Router eth0 3 tagged sub interfaces: • 192.168.1.254 with VID=1 • 192.168.2.254 with VID=2 • 192.168.3.254 with VID=3 Port tagged in VLAN1, VLAN2, VLAN3 Layer 2 switch VLAN 1 192.168.1.0/24 VLAN 2 192.168.2.20/24 VLAN 3 192.168.3.0/24 The configuration required on the router would be: enable ip add ip int=eth0-1 ip=192.168.1.254 vlantag=1 add ip int=eth0-2 ip=192.168.2.254 vlantag=2 add ip int=eth0-3 ip=192.168.3.254 vlantag=3 With this configuration, the router will associate incoming packets tagged with VID=x to the eth0-x subinterface. They will then be routed, based on destination IP address, to another subinterface, and tagged with the VID configured on that subinterface before being sent out the physical interface. 2 Routing between interfaces is still available Note that even when the router is routing between subinterfaces on a single physical interface, it is still capable of routing between that multihomed interface and other physical interfaces. In particular, on a router with switch ports, it would be quite possible to have other VLANs configured on the switch ports, and to route between those VLANs and the VLANs attached to the eth0 port. For example, consider the situation depicted in the diagram below, where a second switch is attached to the router via an untagged uplink, that can therefore carry only VLAN4 packets. Router Ports 1 2 3 4 eth0 Internet Layer 2 switch VLAN 4 192.168.4.0/24 Layer 2 switch VLAN 1 192.168.1.0/24 VLAN 2 192.168.2.20/24 VLAN 3 192.168.3.0/24 For this situation, the router would be configured as follows: enable ip add ip int=eth0-1 ip=192.168.1.254 vlantag=1 add ip int=eth0-2 ip=192.168.2.254 vlantag=2 add ip int=eth0-3 ip=192.168.3.254 vlantag=3 create vlan=vlan4 vid=4 add vlan4 port=1 add ip int=vlan4 ip=192.168.4.254 3 create vlan=5 vid=5 add vlan=5 port=2 add ip int=vlan5 ip=192.168.5.254 add ip route=0.0.0.0 int=vlan5 next=192.168.5.253 USA Headquarters | 19800 North Creek Parkway | Suite 200 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895 European Headquarters | Via Motta 24 | 6830 Chiasso | Switzerland | T: +41 91 69769.00 | F: +41 91 69769.11 Asia-Pacific Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830 www.alliedtelesis.com © 2007 Allied Telesis Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners. C613-16042-00 REV B