SwOS/Router-On-A-Stick

From MikroTik Wiki
Jump to: navigation, search

Router-On-A-Stick - 802.1Q Trunking With MikroTik

By: Steve Discher, LearnMikroTik.com, Updated 3-24-13

Router-On-A-Stick is a phrase referring to the connection of a 802.1Q capable switch to a single router interface. By trunking across the Ethernet interface and assigning separate Vlans to each of the switch's ports or groups of ports, it is possible to create a configuration that simulates a router with many separate physical Ethernet interfaces. Consider the following example:

RouterOnAStick.png

In this example, a router with a single Ethernet interface is trunked to a MikroTik switch. In practice, this same configuration can be used between two switches or two routers. The purpose of this article is to show the steps required to setup the MikroTik RB250GS switch as a trunked switch in the router-on-a-stick configuration.

To log into the RB250GS switch, simply web browse to 192.168.88.1 from a computer on the same physical network segment with an IP on the same subnet, 192.168.88.0/24. The default user name is admin with no password.

All settings may be left at the defaults with the exception of a few.

In this example we are using Vlan Id's 1, 20, 30 and 40. Note that the switch will respond to http requests to its IP address on all ports. This behavior is a bit different than Cisco IOS that responds to untagged traffic via an IP bound to Vlan 1. The way the OS is built, there is no need for a default gateway or a subnet mask.

NOTE: Once you set port 1 to "trunk" mode, you will not longer be able to communicate with the switch unless you create a Vlan1 on your router.

Selection of the Vlan ID and the assignment to the ports is your choice, decide what Vlan ID's you will use and where you will assign them.

In this example we need two ports for devices on Vlan 30 on Ports 3 & 5 and one port for device on Vlan 40 on Port 4 and one port for a device on Vlan 20 on port 2.

NOTE: Before starting configuration, it is assumed you have 192.168.88.2 bound to your laptop and the switch is at the default Ip of 192.168.88.1. You must be accessing the switch via ehter2 through ether5 since you are about to turn ether1 into a trunk port and you will lose communication with the switch at that point on ether1.

1. Begin by clicking on the VLAN tab and make the following changes, assuming the trunk port will be Port1 (the port that is connected to the router).

2. The VLAN page determines how the switch strips the Vlan tags with specific Vlan ID's from the packets as they exit these ports. Setting Port 1 to Vlan Mode "enabled" and VLAN Header to "add if missing" makes Port 1 a trunk port.

3. When done, your VLAN page should look similar to this:

VLAN.png

4. Next, click on the VLANs tab. This is where you create the Vlan Id's to be used on the switch and on which ports these tags will be applied. So, for example, in this scenario, if I create a Vlan interface on the router with a Vlan ID of 10, that traffic will appear on the switch on port 2. Likewise Vlan 30 will be on port 3 and Vlan 40 on port 4. The trunk port is port 1.

NOTE: You must also create Vlan1 but it is not necessary to assign it to any ports, just create it.

5. Here is the example:

VLANs.png

Here is how it looks on the new RB260GS Switch, note the slight changes compared to the RB250GS:

Vlans250gs1.png


6. The last step is to change the IP address, system identity and the password on the System tab and configure the router.

The router configuration is a standard one for Vlans, create Vlan interfaces attached to the Ethernet interface that is connected to the switch (in this example Ether1) and match the Vlan ID numbers you assigned to the switch. Then bind your IP addresses to the Vlan interfaces.

Here is the router interface configuration:

2012-11-27 15-58-28.jpg
IPAddresses.png

NOTE: The management IP for the switch is handled a bit differently. You must create a Vlan1 with ID=1 on the physical interface that will trunk to the switch. Then bind your management IP to that Vlan1 interface. In the example above, you would bind 192.168.88.2/24 to Vlan1 and then you can access the switch through the trunk port.