WHAT IS A ROUTER ON A STICK FREE
Feel free to ask questions in the comments below ? Now, you will have a complete router-on-a-stick infrastructure. Ip address 192.168.23.250 255.255.255.0 // for managementĭon’t forget to save the router und switch configuration with “write memory”. At last step we will configure the HP ProCurve Switch. In a Cisco router, the interface configured with the sub-interfaces needs always a native vlan (packets will not have any vlan tag). Now we will configure sub-interfaces on that interface and will tag the IP packets for Sales and Marketing subnet Please let the interface at it’s default settings: Now it’s time to configure subinterfaces on the interface which is connect to our primary HP ProCurve Switch. Ip nat inside source list tonat interface Dialer1 overload To access the internet, we need to NAT overload packets going to public IP addresses (in this example we have a PPPoE DSL Dialer-Interface) In this example we have one Cisco router, one HP ProCurve switch and three subnets:įirst we configure inspection firewall profiles, so when someone requests packets from the internet, packets can come back through our inbound WAN interface access-list
WHAT IS A ROUTER ON A STICK HOW TO
On the VLAN tab, we configure trunk, hybrid, and access ports:Įasy as that! Check the official Mikrotik docs for more VLAN example configurations.Today I will show you how to build a so called “Router-on-a-stick” environment. We then add our VLANs and configure port isolation on the VLANs tab: First, we enable Independent VLAN Lookup (IVL) on the System tab. The only thing missing now is configuring the VLANs. The guest network is only available via WiFi.For security reasons, connecting to the management network is only allowed via physical cable connection.We could use VLAN 1 for this, but I like to use VLAN 1 for debugging and instead adopt UniFi devices over the management network. We also allow untagged VLAN 10 traffic because UniFi devices must communicate over an untagged network to be adopted by a UniFi controller. The hybrid port carries the tagged traffic of VLANs 20, 30, and 40 made available by the UniFi access point (AP) via WiFi.The trunk port carries all tagged VLAN traffic from the switch to OPNsense.Here is how we’re going to use the ports of the switch: Port Here is an overview of the VLANs I use: Description I.e., assigning the VLAN with the ID 10 the address 192.168. I like the convention of matching the third octet of the IP with the VLAN ID. The traffic of the native VLAN may traverse a trunk port. Port carrying tagged and untagged traffic for multiple VLANs Port carrying tagged traffic for multiple VLANs Port carrying untagged traffic for one VLAN When configuring VLANs, we usually encounter three types of port configurations (Cisco lingo): It is a method of inter-VLAN (virtual local area networks) routing where one router is connected to a switch via a single cable. In computing, a router on a stick, also known as a one-armed router, is a router that has a single physical or logical connection to a network. So, instructions in this guide also refer to SwOS. For routing, I use OPNsense, so I only need the L2 capabilities of the Mikrotik switch, which is why I run it on SwOS instead of RouterOS. As long as I don’t use too many PoE devices and keep an eye on the temperatures, these fans will dissipate enough heat for the time being. I also replaced its stock fans with Noctua NF-A4x20s, making it completely silent. It’s rack-mountable and was significantly cheaper than comparable Ubiquiti gear I was considering at the time of the purchase. It has a 500W power supply, so it’ll be able to serve as a core switch for my homelab for a long time. It features 24 Gigabit Power over Ethernet (PoE) ports and four 10 Gbps SFP+ ports. The Mikrotik CRS328-24P-4S+RM is a beefy Layer 3 (元) switch. And maybe this is useful for someone else, too.
I wanted to document my switch and VLAN configuration. And with that, my networking needs also changed: stricter firewall rules, segregating untrusted IoT devices into separate networks, traffic prioritization, and more. My homelab grew quite a bit over the past years.