WEBVTT 0:00:02.060000 --> 0:00:05.740000 So in this video, I'd like to talk about one of the ways of connecting 0:00:05.740000 --> 0:00:10.780000 a router, or I should say a routing device to a VLAN, and this way is 0:00:10.780000 --> 0:00:12.960000 called router on a stick. 0:00:12.960000 --> 0:00:17.980000 So I'm going to talk about how we introduce a router to a VLAN, and what 0:00:17.980000 --> 0:00:19.860000 are the requirements for that? 0:00:19.860000 --> 0:00:24.100000 What does the router need to be able to do in order to be able to route 0:00:24.100000 --> 0:00:27.560000 between VLANs? And we'll also look at how do we follow a frame? 0:00:27.560000 --> 0:00:31.040000 When a frame is actually using this particular method, what does that 0:00:31.040000 --> 0:00:35.320000 look like? What changes occur in that frame as it goes from one VLAN into 0:00:35.320000 --> 0:00:38.420000 the other? And we'll look at those details. 0:00:38.420000 --> 0:00:45.880000 All right, so we know that in order to have frames, I should say data 0:00:45.880000 --> 0:00:52.340000 from one VLAN go into another VLAN, we need something connected to both 0:00:52.340000 --> 0:00:55.360000 of those VLANs that's capable of routing that traffic. 0:00:55.360000 --> 0:01:00.020000 Something that's capable of receiving an incoming Ethernet frame, and 0:01:00.020000 --> 0:01:04.240000 then changing some of the Ethernet headers, changing some of the IP headers, 0:01:04.240000 --> 0:01:08.520000 and then routing that frame out a different interface into a different 0:01:08.520000 --> 0:01:15.740000 VLAN. So in order for a physical router to route between VLANs, what must 0:01:15.740000 --> 0:01:21.100000 be true? Number one, the router has to have unique IP addresses appropriate 0:01:21.100000 --> 0:01:24.160000 for each VLAN subnet. 0:01:24.160000 --> 0:01:28.280000 We've learned that each VLAN needs a unique subnet because the devices 0:01:28.280000 --> 0:01:33.440000 within a VLAN need to know that their subnet is unique and only reachable 0:01:33.440000 --> 0:01:37.140000 within their circle, within their group, within their VLAN. 0:01:37.140000 --> 0:01:43.300000 So that means that within that VLAN, we've got a unique subnet, and one 0:01:43.300000 --> 0:01:47.320000 of the IP addresses, one of the host addresses from that subnet needs 0:01:47.320000 --> 0:01:51.420000 to be put on the router's interface that's connecting to that VLAN. 0:01:51.420000 --> 0:01:55.400000 So that router, here's something I say to a lot of my students, if an 0:01:55.400000 --> 0:02:00.080000 interface, like an interface on your laptop or an interface on a router, 0:02:00.080000 --> 0:02:05.800000 if you expect that interface to be able to create packets or to receive 0:02:05.800000 --> 0:02:11.360000 and respond to packets, that interface must have a layer three address 0:02:11.360000 --> 0:02:15.420000 in that same language, in that same protocol. 0:02:15.420000 --> 0:02:18.900000 In other words, a router when you take it out of the box and you plug 0:02:18.900000 --> 0:02:23.100000 it in and you turn it on, has no IP addresses, IP version four or IP version 0:02:23.100000 --> 0:02:24.980000 six, it has none. 0:02:24.980000 --> 0:02:29.560000 So if I simply stick a cable into that router connecting to my laptop, 0:02:29.560000 --> 0:02:33.840000 and then I bring up that router's interface with the command no shut down. 0:02:33.840000 --> 0:02:38.900000 If an IP packet, let's say IP version four, if an IP version four packet 0:02:38.900000 --> 0:02:42.380000 hits that router's interface, that router's interface is not going to 0:02:42.380000 --> 0:02:46.520000 understand it, because without an IP version four address of its own, 0:02:46.520000 --> 0:02:51.600000 a unique host address, it's not speaking IP version four, it doesn't understand 0:02:51.600000 --> 0:02:54.240000 that language, it'll have to drop that packet. 0:02:54.240000 --> 0:02:58.620000 Similarly, if I was to send an IPV six packet to that router's interface, 0:02:58.620000 --> 0:03:03.320000 it needs to have an IPV six address to be able to process and recognize 0:03:03.320000 --> 0:03:09.080000 that packet. So the same thing is true, if we're doing router on a stick, 0:03:09.080000 --> 0:03:12.080000 well let's just say a router connected to VLANs, let's forget about that 0:03:12.080000 --> 0:03:13.440000 term router on a stick for a minute. 0:03:13.440000 --> 0:03:18.460000 If I have a router's interface with a cable that's going into a switch, 0:03:18.460000 --> 0:03:24.440000 all right, so here's my router, here's my switch, and let's say I've got 0:03:24.440000 --> 0:03:28.780000 a bunch of interfaces here on some VLAN, VLAN 12 is what all these are 0:03:28.780000 --> 0:03:33.240000 on, and let's say I've decided that all these devices are going to be 0:03:33.240000 --> 0:03:40.920000 in the 12.1.1 slash 24 network. 0:03:40.920000 --> 0:03:44.520000 Well, if I may have a router here connecting to the switch who's also 0:03:44.520000 --> 0:03:50.540000 going to be in VLAN 12, his interface also needs to have an IP address 0:03:50.540000 --> 0:03:58.580000 that is in that same network, 12.1.1, something. 0:03:58.580000 --> 0:04:02.780000 That way he not only understands the internet protocol and can send and 0:04:02.780000 --> 0:04:07.980000 receive packets, he also recognizes that he is in that same group. 0:04:07.980000 --> 0:04:11.620000 So if we have a router that's going to be routing between multiple VLANs, 0:04:11.620000 --> 0:04:14.340000 we're talking about a router that's going to have to have multiple IP 0:04:14.340000 --> 0:04:17.980000 addresses, each one in a different subnet. 0:04:17.980000 --> 0:04:25.520000 The router may be required to support 802.1Q VLAN tagging, we'll look 0:04:25.520000 --> 0:04:29.640000 at that here in just one moment, and then lastly, hosts must be aware 0:04:29.640000 --> 0:04:31.380000 that that router exists. 0:04:31.380000 --> 0:04:34.760000 Once I give him an IP address and I connect to his interface to that VLAN, 0:04:34.760000 --> 0:04:38.720000 we have to do something to make sure the hosts know that he is their default 0:04:38.720000 --> 0:04:41.960000 gateway, and he's the one who's going to be routing their traffic. 0:04:41.960000 --> 0:04:44.540000 All right, so let's take a look at what's this whole thing about router 0:04:44.540000 --> 0:04:46.720000 on a stick refer to. 0:04:46.720000 --> 0:04:53.860000 So here, I have a switch, switch one on my left here, who has two different 0:04:53.860000 --> 0:04:57.180000 departments, and let's say I've decided to break out these two different 0:04:57.180000 --> 0:04:59.420000 departments into two different VLANs. 0:04:59.420000 --> 0:05:05.820000 So I've got some devices on VLAN 2 and some devices on VLAN 3. 0:05:05.820000 --> 0:05:08.140000 Let's just say that each one of these circles here represents maybe a 0:05:08.140000 --> 0:05:11.660000 laptop or a PC or a server, something like that. 0:05:11.660000 --> 0:05:15.960000 So we previously learned that step number one is to create my VLAN. 0:05:15.960000 --> 0:05:21.780000 So the process of doing that is here in the switch from the global configuration 0:05:21.780000 --> 0:05:27.940000 level just typing VLAN 2, and then repeating that for VLAN 3. 0:05:27.940000 --> 0:05:32.840000 We also know from our switching technology lessons that if you've watched 0:05:32.840000 --> 0:05:36.060000 any switching videos or anything, that that's just part one. 0:05:36.060000 --> 0:05:38.320000 Part two is you have to go to the physical interface. 0:05:38.320000 --> 0:05:44.600000 Maybe that's interface fast ethernet zero slash four right there. 0:05:44.600000 --> 0:05:49.040000 And you have to tell that interface, you're in that particular VLAN, and 0:05:49.040000 --> 0:05:54.480000 that's the switch port access command, switch port access VLAN 2, and 0:05:54.480000 --> 0:05:58.340000 down here, I would do that under switch port access VLAN 3. 0:05:58.340000 --> 0:06:02.540000 Okay, so I've created my VLANs, I've assigned my ports to my VLANs. 0:06:02.540000 --> 0:06:06.880000 Now I got to get a router who is in those VLANs. 0:06:06.880000 --> 0:06:12.100000 Well, one method, because I have two VLANs, which are two different broadcast 0:06:12.100000 --> 0:06:19.860000 domains, I could go to this interface right here on my switch, and I could 0:06:19.860000 --> 0:06:25.880000 do the same thing. 0:06:25.880000 --> 0:06:31.400000 And switch port access VLAN 2, and then down here on fast ethernet zero 0:06:31.400000 --> 0:06:41.140000 two, switch port mode access switch port access VLAN 3. 0:06:41.140000 --> 0:06:48.760000 And now I could run a cable on that port to my interface on my router, 0:06:48.760000 --> 0:06:53.460000 and another cable on that other port to another free unused interface 0:06:53.460000 --> 0:07:00.440000 on the router. Now this top interface fast ethernet zero zero, it needs 0:07:00.440000 --> 0:07:03.720000 to know that it's going to be the default gateway for the two two two 0:07:03.720000 --> 0:07:09.920000 network. So I'd have to give it some IP address IP address two two two 0:07:09.920000 --> 0:07:14.460000 two maybe two two two four. 0:07:14.460000 --> 0:07:19.780000 And then do the same thing for fast ethernet zero one IP address three 0:07:19.780000 --> 0:07:21.580000 three three four. 0:07:21.580000 --> 0:07:24.500000 Because he's in a different network. 0:07:24.500000 --> 0:07:31.320000 Now what I've just done here is I have enabled inter VLAN routing. 0:07:31.320000 --> 0:07:35.300000 Now this is not called router on a stick, but this is capable of inter 0:07:35.300000 --> 0:07:38.760000 VLAN routing. As soon as I put these IP addresses on these routers interfaces, 0:07:38.760000 --> 0:07:43.000000 those will create a new in his routing table. 0:07:43.000000 --> 0:07:46.840000 So let's just say this is his IPV four routing table. 0:07:46.840000 --> 0:07:50.960000 Those will create what we call connected routes. 0:07:50.960000 --> 0:07:54.880000 They'll say, well, I'm directly connected to the two two two network via 0:07:54.880000 --> 0:07:56.560000 fast ethernet zero zero. 0:07:56.560000 --> 0:08:01.300000 And I'm directly connected to the three three three three network via 0:08:01.300000 --> 0:08:03.860000 fast ethernet zero slash one. 0:08:03.860000 --> 0:08:09.740000 And now if I go into my DHCP server, which we don't see here, but if I 0:08:09.740000 --> 0:08:13.440000 tell my DHCP server, hey, if you ever allocate an IP address in the two 0:08:13.440000 --> 0:08:17.560000 two two network, make sure that you give that host the default gateway 0:08:17.560000 --> 0:08:19.940000 of two two two four. 0:08:19.940000 --> 0:08:23.980000 And for these people over here, make sure you give them the default gateway 0:08:23.980000 --> 0:08:26.020000 of three three three four. 0:08:26.020000 --> 0:08:30.420000 So we change these numbers here because these aren't quite correct. 0:08:30.420000 --> 0:08:37.520000 So the people in red here, they would now have a default gateway of two 0:08:37.520000 --> 0:08:43.020000 two two four. And the people in blue who are in VLAN three. 0:08:43.020000 --> 0:08:48.380000 They would have a different default gateway, which is three three three 0:08:48.380000 --> 0:08:53.580000 four. People in VLAN two would ARP for their default gateway and they 0:08:53.580000 --> 0:08:55.340000 would very quickly learn. 0:08:55.340000 --> 0:09:01.460000 That the MAC address of two two two four was zero zero zero one zero zero 0:09:01.460000 --> 0:09:04.360000 eleven. See that's his MAC address right here on this physical interface. 0:09:04.360000 --> 0:09:10.720000 So that's what they would learn when they send their ARP request. 0:09:10.720000 --> 0:09:14.880000 These people down here in VLAN three. 0:09:14.880000 --> 0:09:19.500000 When they sent out an ARP, for example, this guy right here sends an ARP 0:09:19.500000 --> 0:09:26.440000 request for his default gateway, which is three three three four. 0:09:26.440000 --> 0:09:27.540000 That's a broadcast. 0:09:27.540000 --> 0:09:29.200000 So it would be flooded here. 0:09:29.200000 --> 0:09:31.280000 It would be flooded here. 0:09:31.280000 --> 0:09:33.040000 This interface would get it. 0:09:33.040000 --> 0:09:40.820000 And that interface would send back an ARP reply. 0:09:40.820000 --> 0:09:45.020000 And in his ARP reply, he would say, hey, I am three three three four. 0:09:45.020000 --> 0:09:48.120000 And let me give you my MAC address. 0:09:48.120000 --> 0:09:55.320000 So that's how these devices would learn that their default gateway of 0:09:55.320000 --> 0:09:56.780000 three three three four. 0:09:56.780000 --> 0:10:05.360000 Had a MAC equal to zero zero dot two two. 0:10:05.360000 --> 0:10:11.740000 Now, I could continue on with this, but there's a downside with this approach. 0:10:11.740000 --> 0:10:16.760000 You see, if I am expecting that every VLAN on my switch is going to have 0:10:16.760000 --> 0:10:21.800000 a physical cable leading to a router's interface, that means my router 0:10:21.800000 --> 0:10:26.600000 is going to have to have one physical interface that's available for each 0:10:26.600000 --> 0:10:29.260000 VLAN that's configured on my switch. 0:10:29.260000 --> 0:10:33.540000 Now, if I just got two VLANs like this, not a big deal, I can very easily 0:10:33.540000 --> 0:10:37.400000 find routers that have two physical fast ethernet ports. 0:10:37.400000 --> 0:10:39.380000 But this is not a very scalable design. 0:10:39.380000 --> 0:10:43.180000 What if I had 20 or 200 VLANs? 0:10:43.180000 --> 0:10:47.520000 You're going to be hard pressed to find a router with 20 or 200 physical 0:10:47.520000 --> 0:10:51.900000 interfaces. And even if you did, you probably would not want to use them 0:10:51.900000 --> 0:10:55.240000 in this way. It's just not a good design. 0:10:55.240000 --> 0:11:01.320000 Wouldn't it be better if we could just have one cable going from the switch 0:11:01.320000 --> 0:11:06.860000 to one physical interface on the router and have that one interface on 0:11:06.860000 --> 0:11:10.540000 the router capable of routing between all these packets? 0:11:10.540000 --> 0:11:14.280000 And this is what router on a stick is all about. 0:11:14.280000 --> 0:11:19.640000 So with router on a stick, we have one physical cable. 0:11:19.640000 --> 0:11:23.240000 Now, this means that on the router's interface, fast ethernet 00, we're 0:11:23.240000 --> 0:11:27.280000 still going to have to support two subnets, just like in the previous 0:11:27.280000 --> 0:11:31.380000 picture. In the previous picture, when we had two physical interfaces, 0:11:31.380000 --> 0:11:35.760000 we had two subnets, the 2.2.2 network and the 3.3.3 network. 0:11:35.760000 --> 0:11:38.980000 And this is how the router was able to create two directly connected routes 0:11:38.980000 --> 0:11:40.880000 in his routing table. 0:11:40.880000 --> 0:11:44.780000 Now, with router on a stick, the same exact thing is going to be true. 0:11:44.780000 --> 0:11:49.500000 Somehow, I have to have this one physical interface capable of supporting 0:11:49.500000 --> 0:11:53.160000 two subnets. Now, here's my problem. 0:11:53.160000 --> 0:11:54.660000 Here's my dilemma. 0:11:54.660000 --> 0:11:59.360000 If I go on to my physical interface, if I say interface fast ethernet 0:11:59.360000 --> 0:12:05.340000 00, and then from there, I say IP address and give him an IP address that's 0:12:05.340000 --> 0:12:14.460000 appropriate for VLAN2, like 2.2.2.3, let's say. 0:12:14.460000 --> 0:12:16.740000 And I said, okay, now I'm going to give him a second IP address that's 0:12:16.740000 --> 0:12:18.640000 appropriate for VLAN3. 0:12:18.640000 --> 0:12:25.220000 3.3.3.3. Well, here's my problem. 0:12:25.220000 --> 0:12:30.700000 Router interfaces, by default, only support one IPv4 address. 0:12:30.700000 --> 0:12:34.500000 So the moment I hit enter on that second address, my first address will 0:12:34.500000 --> 0:12:37.040000 be gone. It'll be overwritten. 0:12:37.040000 --> 0:12:41.080000 So my first challenge is I need this one physical interface on the router 0:12:41.080000 --> 0:12:46.780000 to support multiple subnets without overriding themselves. 0:12:46.780000 --> 0:12:51.240000 Well, the way we accomplished that is not by doing any configuration on 0:12:51.240000 --> 0:12:53.200000 the fast ethernet interface itself. 0:12:53.200000 --> 0:12:56.860000 On the physical interface, all we need to do is no shutdown. 0:12:56.860000 --> 0:13:00.140000 We just need to make sure it's electrically up and active. 0:13:00.140000 --> 0:13:03.600000 Now, in order to get this fast ethernet interface to support multiple 0:13:03.600000 --> 0:13:07.360000 subnets, now in this case 2, but in reality, we could be talking about 0:13:07.360000 --> 0:13:12.340000 dozens of subnets, what I have to do is divide this multiple interface 0:13:12.340000 --> 0:13:16.340000 into multiple what's called subinterfaces. 0:13:16.340000 --> 0:13:19.560000 So how do we do that? 0:13:19.560000 --> 0:13:22.560000 Well, in Cisco iOS, we simply type interface. 0:13:22.560000 --> 0:13:28.360000 We type our main interface number like fast ethernet 00, and then we type 0:13:28.360000 --> 0:13:31.280000 a dot followed by some number. 0:13:31.280000 --> 0:13:34.900000 Now, the number after the dot could be anything you want. 0:13:34.900000 --> 0:13:39.440000 It really doesn't make a difference, but it probably makes a lot of sense 0:13:39.440000 --> 0:13:43.580000 to select a number that's meaningful to you as a network administrator. 0:13:43.580000 --> 0:13:47.320000 Like in my particular case, I want this subinterface to be the default 0:13:47.320000 --> 0:13:48.860000 gateway for people in VLAN 2. 0:13:48.860000 --> 0:13:52.500000 So it would probably make a lot more sense for me to say fast ethernet 0:13:52.500000 --> 0:14:02.720000 00.2. And then create another one, interface fast ethernet 0 slash 0.3 0:14:02.720000 --> 0:14:09.920000 for VLAN 3. Now, just by putting a dot and a number after your fast ethernet, 0:14:09.920000 --> 0:14:15.240000 that is creating a new logical interface called a sub interface. 0:14:15.240000 --> 0:14:17.720000 It's a sub component. 0:14:17.720000 --> 0:14:19.160000 It's associated with. 0:14:19.160000 --> 0:14:21.860000 It's tied to the physical interface. 0:14:21.860000 --> 0:14:26.980000 But Cisco iOS, the operating system now sort of views these as two completely 0:14:26.980000 --> 0:14:29.100000 independent interfaces. 0:14:29.100000 --> 0:14:33.520000 And because they are independent interfaces, I can put IP addresses on 0:14:33.520000 --> 0:14:39.460000 them that are in different subnets like this. 0:14:39.460000 --> 0:14:44.200000 I can put an IP address on there in fast ethernet 00 slash dot 2 that's 0:14:44.200000 --> 0:14:45.820000 appropriate for VLAN 2. 0:14:45.820000 --> 0:14:51.860000 And I can put another IP address on this one that's appropriate for the 0:14:51.860000 --> 0:14:55.700000 people in VLAN 3 for their default gateway. 0:14:55.700000 --> 0:15:00.000000 Now, you might be wondering, Keith, why did you leave just such huge spaces 0:15:00.000000 --> 0:15:02.460000 here? There's actually a reason for this, and I'll get to that in just 0:15:02.460000 --> 0:15:07.460000 one moment. But the main takeaway I want you to have right now is that 0:15:07.460000 --> 0:15:14.660000 a physical fast ethernet interface by default only supports one subnet, 0:15:14.660000 --> 0:15:16.120000 one subnet only. 0:15:16.120000 --> 0:15:21.580000 So if I want to have this physical fast ethernet supporting multiple IPV 0:15:21.580000 --> 0:15:26.760000 for subnets, then I break it out into what's called sub interfaces. 0:15:26.760000 --> 0:15:32.460000 If I had 300 VLANs on here, I would have to create 300 sub interfaces. 0:15:32.460000 --> 0:15:34.820000 Yes, it would take a little bit of time. 0:15:34.820000 --> 0:15:39.220000 But the benefit is each sub interface now is capable of controlling one 0:15:39.220000 --> 0:15:43.360000 unique subnet. And I can do that. 0:15:43.360000 --> 0:15:47.800000 So that takes care of my first problem, which is I need one physical interface 0:15:47.800000 --> 0:15:50.480000 carrying multiple subnets. 0:15:50.480000 --> 0:15:52.580000 Now, here's my second problem. 0:15:52.580000 --> 0:15:55.460000 Let's take a look at the switch interface for a second. 0:15:55.460000 --> 0:15:59.520000 By default, this switch interface is going to be an access port. 0:15:59.520000 --> 0:16:02.820000 And it's going to be an access port in VLAN 1. 0:16:02.820000 --> 0:16:06.560000 I need to go on to the switch and tell the switch, hey, this interface 0:16:06.560000 --> 0:16:11.980000 actually needs to be associated with both VLAN 2 and VLAN 3. 0:16:11.980000 --> 0:16:15.340000 And any other VLANs I create in the future. 0:16:15.340000 --> 0:16:18.320000 In other words, if you remember your days of switching, that means I need 0:16:18.320000 --> 0:16:20.960000 to make this a VLAN trunk. 0:16:20.960000 --> 0:16:25.040000 So the command for that on the switching side would simply be switch port 0:16:25.040000 --> 0:16:34.560000 mode trunk. Okay, so this is now I'm going to put some colored boxes around 0:16:34.560000 --> 0:16:39.180000 this. So that means that one physical interface now is capable of carrying 0:16:39.180000 --> 0:16:42.360000 traffic on the red VLAN 2. 0:16:42.360000 --> 0:16:47.640000 It's also capable of carrying traffic on the blue VLAN, which is VLAN 0:16:47.640000 --> 0:16:52.960000 3. That's what a VLAN trunk is. 0:16:52.960000 --> 0:16:56.200000 Okay, so let's say that I've just done this. 0:16:56.200000 --> 0:16:58.840000 Now, this is not enough yet, but let's say that this is where I've stopped 0:16:58.840000 --> 0:17:03.160000 so far. Here's a problem I'm going to encounter. 0:17:03.160000 --> 0:17:10.940000 Once, let's say 2-2-1, once he does DHCP in the morning and he discovers 0:17:10.940000 --> 0:17:15.880000 that his default gateway is 2-2-3, very quickly he's going to arpe for 0:17:15.880000 --> 0:17:17.060000 his default gateway. 0:17:17.060000 --> 0:17:21.080000 Because he wants to find out what his default gateway's MAC address is. 0:17:21.080000 --> 0:17:28.260000 So he's going to send an arpe for 2-2-3. 0:17:28.260000 --> 0:17:31.960000 That arpe is a broadcast, so it's going to be flooded by the switch out 0:17:31.960000 --> 0:17:35.660000 all other ports carrying VLAN 2. 0:17:35.660000 --> 0:17:38.660000 So it'll go out to that other PC, which is 2-2-2-2. 0:17:38.660000 --> 0:17:40.460000 He doesn't really care about the arpe. 0:17:40.460000 --> 0:17:42.980000 It'll also go out this trunk. 0:17:42.980000 --> 0:17:47.000000 Right here. Now, here's the thing. 0:17:47.000000 --> 0:17:53.300000 Your trunk is most likely going to be implementing trunking using the 0:17:53.300000 --> 0:17:56.180000 IEEE protocol of 802.1Q. 0:17:56.180000 --> 0:18:04.920000 And if you remember from your switching days, the way 802.1Q works is 0:18:04.920000 --> 0:18:09.040000 when a frame goes across a VLAN trunk doing 802.1Q. 0:18:09.040000 --> 0:18:15.740000 If that frame does not belong to the native VLAN, a VLAN tag gets applied 0:18:15.740000 --> 0:18:19.800000 to it. Well, the native VLAN is VLAN 1, and let's just assume I haven't 0:18:19.800000 --> 0:18:21.560000 done anything to that. 0:18:21.560000 --> 0:18:23.300000 I haven't changed that. 0:18:23.300000 --> 0:18:29.820000 So if this is my arpe request right here, 802.1Q is going to put a VLAN 0:18:29.820000 --> 0:18:32.680000 tag into my Ethernet header. 0:18:32.680000 --> 0:18:37.260000 And it's going to tag that frame saying this frame belongs to VLAN 2. 0:18:37.260000 --> 0:18:41.520000 So let's say this right here is my .1Q tag. 0:18:41.520000 --> 0:18:47.640000 Well, here's my second problem. 0:18:47.640000 --> 0:18:52.360000 Router interfaces don't natively understand tags. 0:18:52.360000 --> 0:18:56.440000 When this Ethernet frame comes into this interface, and he looks at the 0:18:56.440000 --> 0:18:59.740000 Ethernet type code and the Ethernet type code says, hey, there's a .1Q 0:18:59.740000 --> 0:19:03.660000 tag in here. The router's going to say, I have no idea what that is. 0:19:03.660000 --> 0:19:05.860000 I understand ARP. 0:19:05.860000 --> 0:19:07.680000 I understand IPv4. 0:19:07.680000 --> 0:19:10.980000 I don't understand this thing called tags. 0:19:10.980000 --> 0:19:14.040000 And so the router will delete this frame. 0:19:14.040000 --> 0:19:17.760000 So this is where we get into the second requirement where the router not 0:19:17.760000 --> 0:19:21.980000 only needs to have separate sub-interfaces, separate logical interfaces 0:19:21.980000 --> 0:19:26.420000 representing different VLANs or different subnets. 0:19:26.420000 --> 0:19:30.500000 The router's sub-interface also needs to be capable of understanding and 0:19:30.500000 --> 0:19:33.700000 processing these .1Q tags. 0:19:33.700000 --> 0:19:38.780000 So for that, we need to add some additional commands in here. 0:19:38.780000 --> 0:19:42.820000 So under the router's sub-interfaces, we have to use the encapsulation 0:19:42.820000 --> 0:19:48.940000 command. Encapsulation.1Q, in this case it's going to be 2. 0:19:48.940000 --> 0:19:54.520000 Meaning, okay, anytime an Ethernet frame comes in with a .1Q tag, and 0:19:54.520000 --> 0:19:59.100000 that .1Q tag says this frame belongs to VLAN2, it'll be redirected to 0:19:59.100000 --> 0:20:00.540000 this sub-interface. 0:20:00.540000 --> 0:20:03.060000 This sub-interface will process it. 0:20:03.060000 --> 0:20:07.540000 Similarly, we'll do the same thing on the other sub-interface. 0:20:07.540000 --> 0:20:12.900000 Encapsulation.1Q.3. 0:20:12.900000 --> 0:20:17.960000 Now in the actual configuration of things, you have to do the encapsulation 0:20:17.960000 --> 0:20:22.160000 command before you do your IP addressing command. 0:20:22.160000 --> 0:20:26.140000 If I actually went into a router and I created a sub-interface, and then 0:20:26.140000 --> 0:20:29.900000 the very next thing I did in that sub -interface was to add an IP address, 0:20:29.900000 --> 0:20:31.760000 I would actually get an error message. 0:20:31.760000 --> 0:20:34.720000 I would get some sort of error message saying, you know, IP addressing 0:20:34.720000 --> 0:20:37.980000 not supported without .1Q tagging or something like that. 0:20:37.980000 --> 0:20:41.000000 In the next video, I'll show you exactly what that error message looks 0:20:41.000000 --> 0:20:44.920000 like. So the order of processing is on the physical interface, just make 0:20:44.920000 --> 0:20:47.320000 sure it's no shut. 0:20:47.320000 --> 0:20:51.700000 Then start creating sub-interfaces, one sub-interface for each VLAN that 0:20:51.700000 --> 0:20:54.780000 this router is going to need to be able to route for. 0:20:54.780000 --> 0:20:59.920000 After you create your sub-interface, use the encapsulation .1Q command, 0:20:59.920000 --> 0:21:03.480000 and the number after .1Q is your VLAN number. 0:21:03.480000 --> 0:21:06.820000 This is the number that the router is going to see in incoming frames 0:21:06.820000 --> 0:21:09.380000 that have 802.1Q tags. 0:21:09.380000 --> 0:21:14.020000 Then put an IP address under that sub -interface that is an unused host 0:21:14.020000 --> 0:21:19.200000 address that is in the same sub-net as all the devices that are going 0:21:19.200000 --> 0:21:20.640000 to be in VLAN 2. 0:21:20.640000 --> 0:21:27.080000 Now this router will be capable of routing. 0:21:27.080000 --> 0:21:31.480000 Because now when the ARP request comes in, the router will say, oh, here 0:21:31.480000 --> 0:21:34.180000 I see an ARP request with a .1Q tag. 0:21:34.180000 --> 0:21:39.180000 That ARP request will be forwarded to this sub-interface. 0:21:39.180000 --> 0:21:44.500000 He will then send out an ARP response. 0:21:44.500000 --> 0:21:49.300000 When he sends it out, he will tag it on the outbound direction as well. 0:21:49.300000 --> 0:21:54.440000 That is how all these devices here will learn what the MAC address is 0:21:54.440000 --> 0:21:57.400000 of their default gateway. 0:21:57.400000 --> 0:21:59.400000 Now how is the routing actually happening? 0:21:59.400000 --> 0:22:03.200000 Remember, in this router, he has a routing table. 0:22:03.200000 --> 0:22:10.640000 Anytime that you add an IP address to a router's interface, whether it 0:22:10.640000 --> 0:22:13.720000 be a physical interface or whether, like in this case, it be a logical 0:22:13.720000 --> 0:22:18.400000 interface, that creates a route in the routing table. 0:22:18.400000 --> 0:22:24.600000 So now he will say, I am directly connected to the .222 network via sub 0:22:24.600000 --> 0:22:27.220000 -interface fast-ethanet00.2. 0:22:27.220000 --> 0:22:43.820000 I am also directly connected to the .333 network via fast-ethanet00.3, 0:22:43.820000 --> 0:22:48.180000 that sub-interface. 0:22:48.180000 --> 0:22:50.340000 So how are the frames going to flow? 0:22:50.340000 --> 0:22:56.020000 Well, if .2221 right here is trying to send a packet to a destination 0:22:56.020000 --> 0:23:06.600000 of, let's say, .3331, .221 is very quickly going to realize that, oh, 0:23:06.600000 --> 0:23:08.000000 that is not on my network. 0:23:08.000000 --> 0:23:11.820000 My network has the first 24 bits of .222. 0:23:11.820000 --> 0:23:14.260000 This is a different pattern. 0:23:14.260000 --> 0:23:19.240000 Therefore, when I create my Ethernet header, so I will put that in the 0:23:19.240000 --> 0:23:24.860000 packet, I will create Ethernet header, I use my own MAC address as the 0:23:24.860000 --> 0:23:31.680000 source MAC address, which is .22.21, and for the destination MAC address, 0:23:31.680000 --> 0:23:43.260000 I will send it to my router, which is .00.11. 0:23:43.260000 --> 0:23:47.860000 When that frame gets to the switch, the switch will know exactly what 0:23:47.860000 --> 0:23:53.640000 interface, in this case, fast-ethanet01, it will know that .0011 has been 0:23:53.640000 --> 0:23:56.040000 learned on fast-ethanet01. 0:23:56.040000 --> 0:23:57.400000 Now, how did it know that? 0:23:57.400000 --> 0:24:02.860000 It knew that because when the router responded to the ARP request, when 0:24:02.860000 --> 0:24:07.940000 the router sent an ARP reply, that ARP reply had a source MAC address 0:24:07.940000 --> 0:24:12.200000 of whatever is on this physical interface right here. 0:24:12.200000 --> 0:24:16.460000 .0011. That's what allowed the switch to learn in its MAC address table, 0:24:16.460000 --> 0:24:23.600000 that .00.11 is associated to or learned on this trunk, fast-ethanet01. 0:24:23.600000 --> 0:24:29.560000 So let's just put that right here. 0:24:29.560000 --> 0:24:39.820000 So the switch, in his MAC address-table, learned that .00.11 is on VLAN2 0:24:39.820000 --> 0:24:43.140000 on fast-ethanet01. 0:24:43.140000 --> 0:24:47.720000 Similarly, when the router responded to ARP request on behalf of host 0:24:47.720000 --> 0:24:52.280000 in VLAN3, he said, hey, people, you're looking for me, 3333, let me tell 0:24:52.280000 --> 0:24:55.180000 you about myself, I'm .00.11. 0:24:55.180000 --> 0:24:59.260000 The switch learned that that same MAC address was also learned on VLAN3 0:24:59.260000 --> 0:25:09.420000 on fast-ethanet01.11 or fast-ethanet01.1. 0:25:09.420000 --> 0:25:19.120000 So now, when this frame here, from .222.1, going to .333.1, now that's 0:25:19.120000 --> 0:25:24.780000 layer 3. At layer 2, the destination MAC address is default gateway, which 0:25:24.780000 --> 0:25:31.480000 is .00.11. That gets to the switch. 0:25:31.480000 --> 0:25:34.940000 The switch is an incoming frame on VLAN2. 0:25:34.940000 --> 0:25:38.660000 Remember, it came in on a port in VLAN2, going to a destination MAC address 0:25:38.660000 --> 0:25:44.460000 of .0011. Sure enough, in his MAC address table, he has that destination. 0:25:44.460000 --> 0:25:48.840000 He knows that .00.11 on VLAN2 is reachable via fast-ethanet01. 0:25:48.840000 --> 0:25:53.080000 So that frame will be switched out, fast-ethanet01. 0:25:53.080000 --> 0:25:57.380000 It'll hit the router on his physical interface, fast-ethanet00, going 0:25:57.380000 --> 0:26:02.500000 to his MAC. But when he sees the .1Q tag in here, and I didn't draw that, 0:26:02.500000 --> 0:26:07.060000 but there's going to be a .1Q tag saying, this frame belongs to VLAN2, 0:26:07.060000 --> 0:26:12.160000 the router will route that frame to his own internal sub-interface, .00 0:26:12.160000 --> 0:26:15.580000 .2, because of this command right here. 0:26:15.580000 --> 0:26:18.780000 Initially, he'll think, oh, this frame was for me, because after all, 0:26:18.780000 --> 0:26:22.120000 it was destined to my MAC address, .00.11. 0:26:22.120000 --> 0:26:29.500000 But when he strips off the layer 2 header, when he gets rid of this stuff, 0:26:29.500000 --> 0:26:35.160000 and sees the destination IP address inside, he'll realize, oh, this actually 0:26:35.160000 --> 0:26:36.380000 isn't meant for me. 0:26:36.380000 --> 0:26:38.600000 This is meant for .333.1. 0:26:38.600000 --> 0:26:41.040000 Do I have any idea where that lives? 0:26:41.040000 --> 0:26:42.960000 Oh, yeah, right there. 0:26:42.960000 --> 0:26:45.340000 I know exactly where the .33 network lives. 0:26:45.340000 --> 0:26:48.720000 It's on my sub-interface, .00.3. 0:26:48.720000 --> 0:26:53.800000 So that frame will be routed from sub -interface .00.2, where it came in 0:26:53.800000 --> 0:26:58.480000 on to .00.3, where it needs to go. 0:26:58.480000 --> 0:27:02.540000 And so now he'll create a new layer 2 header, so as the frame gets routed 0:27:02.540000 --> 0:27:05.480000 out, so now it's going to go right back out the same physical interface 0:27:05.480000 --> 0:27:06.240000 where it came in. 0:27:06.240000 --> 0:27:08.720000 It came in fast-eathed at .00. 0:27:08.720000 --> 0:27:13.300000 It was redirected on the ingress to .00.2. 0:27:13.300000 --> 0:27:18.160000 Now it was routed to .00.3. 0:27:18.160000 --> 0:27:25.340000 So now it gets a new layer 2 header applied to it. 0:27:25.340000 --> 0:27:32.940000 And as it goes out here, the new destination MAC address is .333.1. 0:27:32.940000 --> 0:27:44.480000 So whatever his MAC address is, let's just say it's XX.YY. 0:27:44.480000 --> 0:27:49.340000 So our router here will most likely, well, he will already know about 0:27:49.340000 --> 0:27:51.000000 XX.YY.Y. Why is that? 0:27:51.000000 --> 0:27:54.140000 Well, because .333 .1 arped for him. 0:27:54.140000 --> 0:27:57.720000 Way back when .333.1 got his IP address and learned that his default gateway 0:27:57.720000 --> 0:28:14.700000 was .333. He arped for .333. 0:28:14.700000 --> 0:28:21.240000 So the router knows that .333.1 is associated to the MAC address of XX 0:28:21.240000 --> 0:28:27.260000 .YY. So when this packet comes in that needs to be routed out, the new 0:28:27.260000 --> 0:28:33.780000 destination MAC address as it leaves the router will be XX.YY. 0:28:33.780000 --> 0:28:39.900000 And the source MAC address, well, will be the router's MAC address .00 0:28:39.900000 --> 0:28:51.060000 .11. And this is how router on a stick works. 0:28:51.060000 --> 0:28:54.080000 They call it router on a stick because it's a single router connected 0:28:54.080000 --> 0:29:00.240000 to one stick, one link, one cable connected to our switch. 0:29:00.240000 --> 0:29:05.220000 But this one router, his one physical interface is supporting multiple 0:29:05.220000 --> 0:29:12.540000 subnets by the use of creating sub interfaces. 0:29:12.540000 --> 0:29:16.580000 And so now frames can come in on that physical interface. 0:29:16.580000 --> 0:29:22.780000 They're redirected to the sub interface that's designed to handle them. 0:29:22.780000 --> 0:29:26.180000 Once that sub interface strips off the layer two ethernet header and looks 0:29:26.180000 --> 0:29:29.860000 at the destination IP address, it realizes that that frame needs to be 0:29:29.860000 --> 0:29:33.480000 rerouted to a different sub interface. 0:29:33.480000 --> 0:29:39.080000 That different sub interface that gets it, then creates a new layer two 0:29:39.080000 --> 0:29:45.460000 header with its own MAC address as the source, the destination MAC address 0:29:45.460000 --> 0:29:49.800000 as the destination and sends it out. 0:29:49.800000 --> 0:29:54.340000 So that is one way of doing intervLAN routing using an external router 0:29:54.340000 --> 0:29:56.600000 connected to your switch. 0:29:56.600000 --> 0:29:59.100000 And this method is called router on a stick.