1
00:00:01,450 --> 00:00:04,210
So here are my devices.

2
00:00:04,240 --> 00:00:12,640
First thing is let's configure the router, So Fast

3
00:00:12,660 --> 00:00:14,670
Ethernet00,

4
00:00:15,160 --> 00:00:17,240
no shut interface Fast

5
00:00:17,260 --> 00:00:26,040
Ethan00.1. So I'm going to create a subinterface with IP address 10.1.1.254

6
00:00:26,260 --> 00:00:28,810
but notice what's gonna happen when I press enter.

7
00:00:29,170 --> 00:00:36,940
I'm told that configuring IP routing on a LAN sub-interface is only allowed if that sub-interfaces are

8
00:00:36,940 --> 00:00:39,850
already configured as part of an 802.1

9
00:00:39,860 --> 00:00:50,620
Q or ISL VLAN. So I'm gonna type encapsulation .1Q VLAN 1 and this is our native VLAN or untagged

10
00:00:50,620 --> 00:00:59,980
VLAN. So now I can put the IP address on that sub-interface, second sub-interface 

11
00:01:00,080 --> 00:01:13,760
.1Q VLAN 2 IP Address 10.1.2.254/24 mask third sub-interface.

12
00:01:14,050 --> 00:01:24,090
This is gonna be encapsulation .1 VLAN 3 an IP address 10.1.3.254/24 

13
00:01:24,090 --> 00:01:24,790
mask.

14
00:01:24,910 --> 00:01:31,620
So do show run pipe begin face.

15
00:01:31,640 --> 00:01:35,000
So here is our FastEthernet interface, here

16
00:01:35,020 --> 00:01:44,950
are our three sub interfaces that's how you configure inter VLAN routing on a router on a stick.

17
00:01:45,090 --> 00:01:52,810
So let's configure our PCs, show IP shows that PC 1 doesn't currently have an IP address.

18
00:01:52,950 --> 00:02:12,260
So IP 10.1.2.1/24 mask default gateway is the router, PC 2 IP Address 10.2.3.

19
00:02:12,390 --> 00:02:12,800
1

20
00:02:16,170 --> 00:02:23,910
10.1.3.254. So can PC 1 ping its default gateway?

21
00:02:24,340 --> 00:02:26,350
Yes, it can.

22
00:02:26,380 --> 00:02:29,510
What about PC 2?

23
00:02:29,580 --> 00:02:31,800
It can also ping its default gateway.

24
00:02:32,190 --> 00:02:37,970
So these two PCs can ping router 1 on the respect of sub- interfaces.

25
00:02:37,980 --> 00:02:40,080
Can the PCs ping each other?

26
00:02:42,170 --> 00:02:53,770
PC 1 ping 10.1.3.1, Ping succeeds, PC 2 ping 10.1.2.1 Ping succeeds. That traffic

27
00:02:53,770 --> 00:02:59,350
is being switched to the router being inter VLAN routed and sent back to PC 2.

28
00:03:02,270 --> 00:03:05,190
I'll do a wireshark capture in a moment

29
00:03:05,190 --> 00:03:10,490
but notice what happens when I shut the physical interface FastEthernet00.

30
00:03:14,320 --> 00:03:21,260
PC 1 is no longer able to ping PC 2 when no shut the interface on the router

31
00:03:24,060 --> 00:03:28,500
interface comes up and pings start succeeding.

32
00:03:28,540 --> 00:03:36,440
That's how you configure a layer 2 switch with different VLANs and an external router acting as a router

33
00:03:36,440 --> 00:03:39,970
on a stick during the inter VLAN routing.

34
00:03:39,980 --> 00:03:46,020
So now let's run a Wireshark capture so we can see what's actually happening.

35
00:03:47,360 --> 00:03:56,250
I'm going to run the Wireshark capture on the switch so we can see the frames going to the router.

36
00:03:56,320 --> 00:04:01,960
So when PC 1 pings PC 2 we should see that it's tagged with VLAN 2

37
00:04:01,960 --> 00:04:06,350
but when it comes back again from the router it's tagged with VLAN 3

38
00:04:09,440 --> 00:04:15,550
PC 1 ping PC 2.

39
00:04:15,780 --> 00:04:25,620
So we can see the traffic from 10.1.2.1  going to 10.1.3.1 in the frame.

40
00:04:25,790 --> 00:04:35,910
We can see it's tagged with the line to the destination MAC address of this frame.

41
00:04:36,070 --> 00:04:40,500
Here's the router show interface f0/0

42
00:04:43,280 --> 00:04:45,100
notice the Mac address

43
00:04:45,350 --> 00:04:51,680
C201.1E3C.0000.

44
00:04:51,680 --> 00:05:00,640
So that frame is going to the router tagged with VLAN 2 here's another frame

45
00:05:00,650 --> 00:05:07,680
Notice the source Mac address is the router and the VLAN ID is VLAN 3.

46
00:05:07,700 --> 00:05:15,320
So what's happened is the frame arrived on port 1 was sent out at port 3 going to the router tagged

47
00:05:15,320 --> 00:05:23,540
with VLAN 2 and was received back from the router going to PC 2 but received on this port tagged as

48
00:05:23,540 --> 00:05:25,880
VLAN 3

49
00:05:25,990 --> 00:05:32,400
and once again there's the frame going to the router tagged with the VLAN 2

50
00:05:32,790 --> 00:05:41,370
here's the frame from the router so source mac address of the router tagged with VLAN 3 the IP packet

51
00:05:41,370 --> 00:05:46,660
is still from PC 1 going to PC 2.

52
00:05:46,690 --> 00:05:48,780
So what about the return traffic.

53
00:05:49,240 --> 00:05:49,510
Here's

54
00:05:49,570 --> 00:05:55,290
traffic from PC 2 notice tagged with VLAN 3 going to the router.

55
00:05:55,300 --> 00:05:58,390
So that's the frame here going to the router.

56
00:06:00,310 --> 00:06:05,370
Here's the frame from the router tagged with the VLAN 2.

57
00:06:05,380 --> 00:06:11,910
So once again here it's untagged hits the switch is tagged as VLAN 3 to the router

58
00:06:12,160 --> 00:06:17,080
it's inter VLAN router tagged as VLAN 2 send sent back to the switch

59
00:06:18,190 --> 00:06:20,510
untagged to pc 1.

60
00:06:20,560 --> 00:06:30,990
So we are seeing the tag frame on port 3 from PC 2 to the router tagged in VLAN 3

61
00:06:31,270 --> 00:06:36,790
and then here from the router to PC 1 tagged in VLAN 2.