#ROAS can be one of those topics that seemed to be clear when you read about it, but when you see a sample test question, you just sit there and scratch your head wondering exactly what to do. ROAS can require you to connect several small pieces of information to complete a configuration. Today’s lab gives you practice at connecting the ideas.
Config Lab: ROAS Basics 1
By Wendell Odom
The Lab Exercise
Requirements
Layer 2 switches forward Ethernet frames using Layer 2 logic, so that frames sent inside one VLAN flow only to devices in that same VLAN. To allow traffic between devices in different VLANs, a Layer 3 routing service must be used, typically in the form of a Layer 3 switch or a router. This lab asks you to configure routing between VLANs with one router, connected to one switch with an 802.1Q trunk, with the router using a Router on a Stick (ROAS) configuration.
Configure both router R1 and switch SW1 (as a Layer 2 switch only) so that R1 will route IP packets between the three subnets shown at the bottom of the figure. The specific rules for this lab are:
- On the router, configure ROAS using only subinterfaces.
- On the router, use a subinterface number to match the VLAN ID for subnet 10.0.2.0/24.
- On the router, for the other subinterfaces, choose the next two numbers as subinterface numbers. For example, if you picked subinterface 101 for the first subinterface, use 102 and 103 for the next two.
- On the router, assign the IP addresses used on the trunk by referring to the figure and then choosing the numerically-lowest IP address in the respective subnets.
- To determine the VLAN IDs to use, refer on the initial configuration of the switch plus the figure.
- Assume all router interfaces shown in the lab are physically working
- Assume all PCs have been configured with an address on the correct IPv4 subnet and are working.
Figure 1: ROAS with three VLAN’s
Initial Configuration
Examples 1 and 2 show the beginning configuration state of R1 and SW1.
|
1 2 3 4 5 6 7 8 |
hostname R1 ! interface GigabitEthernet0/1 no shutdown ! interface GigabitEthernet0/2 ip address 10.1.1.1 255.255.255.0 no shutdown |
Example 1: R1 Config
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
hostname SW1 ! vlan 20 ! vlan 30 ! interface GigabitEthernet1/0/1 switchport mode access ! interface GigabitEthernet1/0/2 switchport access vlan 20 switchport mode access ! interface GigabitEthernet1/0/3 switchport access vlan 30 switchport mode access |
Example 2: SW1 Config
Answer Options - Click Tabs to Reveal
You can learn a lot and strengthen real learning of the topics by creating the configuration – even without a router or switch CLI. In fact, these labs were originally built to be used solely as a paper exercise!
To answer, just think about the lab. Refer to your primary learning material for CCNA, your notes, and create the configuration on paper or in a text editor. Then check your answer versus the answer post, which is linked at the bottom of the lab, just above the comments section.
You can also implement the lab using the Cisco Packet Tracer network simulator. With this option, you use Cisco’s free Packet Tracer simulator. You open a file that begins with the initial configuration already loaded. Then you implement your configuration and test to determine if it met the requirements of the lab.
(Use this link for more information about Cisco Packet Tracer.)
Use this workflow to do the labs in Cisco Packet Tracer:
- Download the .pkt file linked below.
- Open the .pkt file, creating a working lab with the same topology and interfaces as the lab exercise.
- Add your planned configuration to the lab.
- Test the configuration using some of the suggestions below.
You can also implement the lab using Cisco Modeling Labs – Personal (CML-P). CML-P (or simply CML) replaced Cisco Virtual Internet Routing Lab (VIRL) software in 2020, in effect serving as VIRL Version 2.
If you prefer to use CML, use a similar workflow as you would use if using Cisco Packet Tracer, as follows:
- Download the CML file (filetype .yaml) linked below.
- Import the lab’s CML file into CML and then start the lab.
- Compare the lab topology and interface IDs to this lab, as they may differ (more detail below).
- Add your planned configuration to the lab.
- Test the configuration using some of the suggestions below.
Network Device Info:
This table lists the interfaces listed in the lab exercise documentation versus those used in the sample CML file.
| Device | Lab Port | CML Port |
| SW1 | G1/1/1 | G1/0 |
| SW1 | G1/0/1 | G0/1 |
| SW1 | G1/0/2 | G0/2 |
| SW1 | G1/0/3 | G0/3 |
Host device info:
This table lists host information pre-configured in CML, information that might not be required by the lab but may be useful to you.
|
Device |
IP Address |
User/password |
|
PC1 |
10.1.1.100 |
cisco/cisco |
|
PC2 |
10.0.2.100 |
cisco/cisco |
|
PC3 |
10.0.3.100 |
cisco/cisco |
|
PC4 |
10.0.4.100 |
cisco/cisco |
Lab Answers Below: Spoiler Alert
Lab Answers: Configuration (Click Tab to Reveal)
Answers
Figure 1: ROAS with three VLAN’s
|
1 2 3 4 5 6 7 8 9 10 11 |
interface GigabitEthernet0/1.1 encapsulation dot1Q 1 native ip address 10.0.2.1 255.255.255.0 ! interface GigabitEthernet0/1.2 encapsulation dot1Q 20 ip address 10.0.3.1 255.255.255.0 ! interface GigabitEthernet0/1.3 encapsulation dot1Q 30 ip address 10.0.4.1 255.255.255.0 |
Example 3: R1 Config
|
1 2 3 4 |
interface GigabitEthernet1/1/1 ! This next line is needed only in older switches... and in CML/VIRL/PT switchport trunk encapsulation dot1q switchport mode trunk |
Example 4: SW1 Config
Older switches that support both ISL and 802.1Q require the switchport trunk encapsulation dot1q command, which sets the specific type of trunking header. Newer switches support only the 802.1Q standard and will reject that command. So uncomment and use the switchport trunk encapsulation dot1q command as needed.
Commentary, Issues, and Verification Tips (Click Tabs to Reveal)
Commentary
The configuration of ROAS can often be confusing for those new to routers and VLANs on switches. ROAS configuration allows a router to be used to route between multiple VLANs using a single trunk interface which is connected into the switched network. Using one router interface has an obvious advantage versus having to use a different physical router interface per VLAN. Having to use one physical router interface per VLAN would cause us to quickly run out of physical interfaces on all but the smallest networks.
For this lab, you were tasked with configuring a ROAS configuration on R1, with matching configuration on switch SW1. The lab requirements asked you to use subinterfaces only, and to use a subinterface number equal to the VLAN ID for subnet 10.0.2.0/24 (the subnet on the left). These instructions require several steps of analysis, as follows:
- Per the figure, subnet 10.0.2.0/24 is listed with port G0/1.
- Per the initial configuration of switch SW1, G0/1 is an access port, with no access VLAN defined, so it must be in VLAN 1.
- Per the requirements, the R1 configuration should use subinterface .1 for subnet 10.0.2.0/24
- VLAN 1 is the default VLAN to be used as the native VLAN.
All of these facts combine to result in the first group of three commands in Example 3. Note that because the native VLAN is used with a subinterface, the command encapsulation dot1q 1 native needed to include the native keyword.
The requirements asked that you use the next two subinterface numbers, so Example 3 shows subinterfaces .2 and .3. Note that the subinterface numbers do not have to match the VLAN IDs. To connect to VLAN 20, R1 uses the encapsulation dot1q 20 subcommand under subinterface .2. Similarly, R1 uses the encapsulation dot1q 30 subcommand under the .3 subinterface to connect to VLAN 30.
Finally, note that ROAS would not work without switch configuration as well. Example 4 shows the required configured on SW4’s G1/0 interface, switchport mode trunk, to manually enable 802.1Q trunking on the link connected to R1.
Known Issues in this Lab
This section of each Config Lab Answers post hopes to help with those issues by listing any known issues with Packet Tracer related to this lab. In this case, the issues are:
| # | Summary | Detail |
| 1 | None | No known issues related to this lab. |
Why Would Cisco Packet Tracer Have Issues?
(Note: The below text is the same in every Config Lab.)
Cisco Packet Tracer (CPT) simulates Cisco routers and switches. However, CPT does not run the same software that runs in real Cisco routers and switches. Instead, developers wrote CPT to predict the output a real router or switch would display given the same topology and configuration – but without performing all the same tasks, an actual device has to do. On a positive note, CPT requires far less CPU and RAM than a lab full of devices so that you can run CPT on your computer as an app. In addition, simulators like CPT help you learn about the Cisco router/switch user interface – the Command Line Interface (CLI) – without having to own real devices.
CPT can have issues compared to real devices because CPT does not run the same software as Cisco devices. CPT does not support all commands or parameters of a command. CPT may supply output from a command that differs in some ways from what an actual device would give. Those differences can be a problem for anyone learning networking technology because you may not have experience with that technology on real gear – so you may not notice the differences. So this section lists differences and issues that we have seen when using CPT to do this lab.
Beyond comparing your answers to this lab’s Answers post, you can test in Cisco Packet Tracer (CPT) or Cisco Modeling Labs (CML). In fact, you can and should explore the lab once configured. For this lab, once you have completed the configuration, try these verification steps.
- From each of the PCs, attempt to ping the other PCs.
- To verify the configuration on R1 you could either check the configuration directly with the show running-config command or by displaying the current ROAS configuration on the device by using the show vlans command.
More Labs with Related Content!
By Wendell Odom
Write a comment
10 Comments
View comments
For the SW1 config solution the trunk should be on interface GigabitEthernet1/1/1 (currently it says interface GigabitEthernet1/0).
Hi, Wendell,
Good day,
In the above topology diagram,
SW1, GigEth interfaces are marked as, 1/0/1, 1/0/2, and 1/0/3.
But in the above Example2: SW1 Config, these same interfaces, perhaps, marked as, GigEth 0/1, 0/2, and, 0/3 respectively.
This creates a doubt, is this, a print error or not?
Hi Punya (and Emil),
Yep, there were errors, just fixed. The older version of this lab used other interface IDs, and looks like we failed to update the example text for the newer interface ID convention when we updated the .pkt and CML files. Thanks for letting me know. Should be good now.
Wendell
hello Mr Odom
can we use the switchport mode dynamic desirable between a switch and a router???
and please can you give me an example on how to configure the physical interface, (not on the subinterface) in a router to consider this physical interface to be using the native VLAN.
1) Nope. The routers do not support dynamic negotiation of trunking. The switch needs “switchport mode trunk” instead when connected to a router.
2) It’s easy, because it looks just like there’s no trunking. Seriously.
interface gigabitEthernet 0/0
ip address 10.1.1.1 255.255.255.0
That’s it, not mention of VLAN ID, of trunking, etc. The router does not tag frames for the interface. Then subinterfaces configure the other VLANs and the associated interfaces. Check out Chapter 17 of the CCNA 200-301 OCG Volume 1 for details.
Hello,
Thank you for the pkt lab.
Should the interface G0/1 on the router be configured with the command ‘no ip address’ before configuring the sub interfaces
Hi John,
You could if you want to ensure there’s no IP address configured there. The starting point of this lab showed no IP address on the physical interface, so the lab doesn’t need one. As long as you understand the physical interface should not have an IP address configured on it, you’re good.
Hello grendal,
Thank you for the lab. Mai ask please why the keyword native added in’ encapsulation dot1Q 1 native’ i thought the keyword native is only appended to set the native VLAN to something other than VLAN 1.
However, the native VLAN is 1 in this case?
Thank you
Hi John,
To configure a router to associate the native VLAN with a subinterface, rather than the physical interface, that’s when you use the “native” keyword. VLAN 1 is the default native VLAN. But it’s really just a matter of what Cisco chose when they made up the commands.
Hi I achieved the correct config but used g0/1 w/ 10.0.2.1/24 instead of using the subinterface as shown in the answer and I still achieved connectivity between all devices.