7 Replies Latest reply: Feb 3, 2012 1:43 PM by DelVonte RSS

    Router-On-A-Stick with built-in switch question


      I have a FiOS router on the 192.168.1.x network.

      I have a Cisco 1811 router with 8-port switch.

      I have a Linksys 8-port gigabit switch...no management or advanced capabilities.

      I want to create VLANS and assign them to different ports on the Cisco 1811 switch ports.


      My Fios router connects to the 1811 FE0/0 router interface.

      I assigned this


      I created subinterfaces on the 1811 Fe0/1 interface (fe 1.7, fe1.8)

      I added dot1q encap on these subinterfaces.

      I added IP addresses to these subinterfaces. (,


      I created a default route


      I added IP NAT OUTSIDE to the Fe0/0 interface

      I added IP NAT INSIDE on the fe0/1 subinterfaces.


      I added VLAN 8 to the fe1.8 subinterface.

      I added VLAN 9 to the fe1.9 subinterface.


      I can't seem to get out on the internet on workstations from the 192.168.8.x and 192.168.9.x networks.


      Also...how do these Layer 2 switchports (2-9) function when fe0/1 has the subinterfaces and connects to a dumb switch?

      How can I design a better solution?


      Thanks for any insight...



        • 1. Re: Router-On-A-Stick with built-in switch question

          That depends on the dumb switch, but normally the traffic will be untagged and so it will be an extension of the network you connect it to. I think it would be better to create an SVI for each VLAN and configure one of the 1811 ports as an access port in that VLAN. Then connect that port to the dumb switch, that will extend the vlan to that switch.

          • 2. Re: Router-On-A-Stick with built-in switch question
            CiscoLoco - CCIE# 50844

            Can your workstations even ping there default gateways that should be configured on the subinterfaces?  Make sure your linksys is trunking with the router.  Also, why are you trying to use your linksys switch when the router has 8 switch ports?  You could just utilize your switch ports on the router by creating SVIs and then tagging the switch ports for the correct vlan.  For example


            interface Vlan 8

            ip address

            no shut


            interface Vlan 9

            ip address

            no shut


            int fa2/0/1 (whatever your switch ports are listed as)

            switchport access vlan * (whichever vlan you want to this port to part of)

            • 3. Re: Router-On-A-Stick with built-in switch question

              Perfect! I was confused about creating subinterfaces or SVIs.

              • 4. Re: Router-On-A-Stick with built-in switch question

                Ok...I'm very close I think. I created SVIs for vlan 70 and vlan 80 and assigned ip addresses to them. I assigned fe7 to vlan 70 using the 'switchport access vlan 70" command. I connected this interface to my dumb linksys 8-port switch.


                Using a workstation connected to this switch, I can ping all SVI IP addresses.

                I can communicate with other workstations on this switch.


                My FiOS router( connects to fe0/0 which I assigned 192.168,1,254.

                I configured IP NAT OUTSIDE on this interface.

                I configured a default route of


                I wasn't sure where my IP NAT INSIDE interface should be, but I placed it on interface VLAN 70.


                I placed as the DMZ on my FiOS router.


                None of my workstations can communicate with the internet however, they can all ping


                I only need to access the internet using any VLAN I create(SVI).

                I'm confused on what to do next.

                • 5. Re: Router-On-A-Stick with built-in switch question

                  You don't need the NAT command because the 192.168.1.X is a private network as well. NAT should be performed by the Fios device, adding the default route to the router should be enough. You may also need to set DNS to the appropriate servers on your pcs, you can probably just set it to the Fios IP of


                  Edited: I missed the DMZ note. I'm not sure at this point because of the FiOS device. It really depends on that devices capabilities.

                  • 6. Re: Router-On-A-Stick with built-in switch question

                    I think I got it now. IP NAT allowed me to access the internet. I need to use the FiOS router  in order to see television guides, etc. So, the FiOS router provides addresses to the STB(Set Top Boxes) in the 192.168.1.x network. They have some advanced DHCP stuff in there as well.


                    In any case, I used the DMZ to forward all traffic to my Cisco 1811 @


                    Inter VLAN routing was working, but IO could not access the internet.

                    I created an access list 1:




                    I created the NAT:

                    ip nat inside source list 1 interface fastethernet 0 overload


                    Right after that command, everything started communicating with the internet.

                    Now I need to add static port mappings to my server.


                    Does this all sound right?

                    • 7. Re: Router-On-A-Stick with built-in switch question

                      Nice. I'm glad it's working for you.