Configure trunk connection between router and a switchĤ. Create Vlans and assign ports to the Vlansģ. Assign IP address and default gateway to the PCĢ. Router on a stick configuration in packet tracer.ġ. Some of the important concepts in this lab are – to create sub-interfaces, use encapsulation dot1Q command to encapsulate the traffic, and mentioning the VLAN number to ascertain that for which VLAN the sub-interface should respond. In the below lab, we will configure ‘Router on a Stick’ that would allow routing between the VLANs. However, Layer 3 Switch is quite expensive so it might not be an affordable option for small office networks. A Layer 3 Switch will then enable routing between VLANs as it has routing capabilities as well. We just have to create virtual interfaces for each VLAN and assign them IP Addresses from the same network. The more simple way to do routing between VLANs is by using a Layer 3 Switch. Hence, ‘Router on a Stick’ is a perfect solution for routing between VLANs with just one router interface. So, it becomes practically non-efficient if we have multiple VLANs. You can see that we have to use extra interfaces for each VLAN. We have not created a sub-interface in the below figure. As you can see, we are using two interfaces on both the router and a switch to allow routing between VLANs. The image below is an alternative method for allowing routing between VLANs. And if we enable routing between multiple VLANs then it will become practically inefficient as the switches and the routers will use those multiple interfaces. If we create a route between VLANs without the ‘Router on a Stick’ method, then we have to waste interfaces on the switches and routers. To make it work, we have to create a truck connection between the switch and a router so that traffic from multiple VLANs can be sent to the router. ‘Router on a stick’ allows us to create sub-interfaces, and assign IP Addresses to those sub-interfaces. And we can assign only one IP Address to a router interface. In general, routers can take traffic from only one subnet and transfer it to another subnet. In a vmware ESX server you just need to configure another vswitch with a vlan tag.‘Router on a Stick’ allows routing between VLANs with only one interface.
#ROUTER ON A STICK CONFIG EXAMPLE WINDOWS#
How are you using virtual box? Is it on a linux machine or a windows machine? Virtual Box is a client VM-Tool like VMware Workstation or not? Try to configure networks in virtual box (interface 1 = vlan tag 10, interface 2 = vlan tag 20)Īnd than you configure eth0 with marketing address and eth1 with sales address (no vlan tagging in Sophos UTM). I think your problem isn’t the Sophos UTM. If you want to tag vlan 1 you can change the native vlan to a number that doesn’t exist as a VLAN. If you have vlan 10 and 20 you need to configure the switch like this: I don’t know your VLAN numbers for marketing and sales. The Cisco Switch has the default native vlan 1. You can use this mostly in case your Sophos UTM device hasn’t enough network ports.
#ROUTER ON A STICK CONFIG EXAMPLE HOW TO#
I hope I could cleary explain how to configure interfaces running on VLANs. For accessing the internet you also need to configure NAT and secure them via Web Protection like this: This definition means, that the can go through every interface that has a default gateway (mostly your WAN line). Use the network definition “Internet IPv4” and/or “Internet IPv6”. To access the internet, I configured a rule that they can use Web Surfing protocolls to the internet. In our example I allowed Marketing and Sales network to use windows shares and make NTP and DNS lookups.
Keep in mind that you need to add marketing, sales and your servernetwork in the DHCP relay networks, otherwise no DHCP broadcast message is directed via unicast to your selected DHCP server.Īfter this you can configure firewall rules like this:Īs the most firewalls, the Sophos UTM (based on a Linux OS using iptables) is working with top-down-first-match. You can configure a DHCP Server scope within the Sophos UTM or on your primary DHCP server with DHCP relay function at the “network services”. This will be the default gateways of those networks.
Now we can configure multiple “Ethernet VLAN” interfaces with a vlan tag like this (networks for marketing and sales):Īt the end of this you will see two new interfaces: Today I will show you to replace the Cisco Router with a Sophos UTM to route between different VLANs.įirst we will connect a Sophos UTM interface (in our example eth3) with our switch environment (switch config example ). In May I posted a tutorial for running a “router on a stick” with Cisco Router, Switch and HP Switch.