Router on a stick

Answered Question
Jan 23rd, 2009

Just a quick question as to using a "router-on-a-stick" design. The book I am using to re-certify for my CCNA says that a router on a stick is a bad idea because of its single point of failure and that routing on the "backplane" with a L3 switch is a much better option.

While I agree with this, it is also a lot more expensive to do it this way. But on to my question:

Are router on a stick used in many production environments? I know a lot about this question depends on how may users are on the network, what kind of data they are doing (i.e. data or voice AND data), how much time they are staying on the local subnet, etc...

It seems to me, that the router on a stick method would be much cheaper than to have to buy and put a L3 Switch into the distribution layer when I could have a 2800 router or better performing distribution and core work for me.

Some routers (2811 with the appropriate Network Module) allow you to create Etherchannel Bundles on the routed/switch interfaces. So If I have one 48 port switch with three or 4 vlans on that ONE switch, I can use a router on a stick and then do an etherchannel from the switch back to my 2811. Wouldn't this not only give me the ability to route between the Vlans but also aggregate ports for higher speeds AND give redundancy incase of link failures??

I have this problem too.
0 votes
Correct Answer by John Blakley about 7 years 12 months ago

After you enable routing, you would create your VLANs that you want to support, and then you would create interfaces for those VLANs. You then would assign your 192.168.x.x addresses to those VLANs, and these addresses become the gateways on the workstation. (In other words, your gateway would be the VLANs address and not the routers).


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
milan.kulik Fri, 01/23/2009 - 07:56


the router itself would still create a single point-of-failure.

Another problem is the routing performance.

Don't forget 2811 is positioned to route cca 40Mbps flows. If you need to route a massive traffic between two VLANs in your LAN (100Mbps or more), the router CPU would become overloaded.

Router on the stick is a good solution for several VLANs routed to a WAN, but not for massive VLAN-to-VLAN routing inside your LAN.

On the other hand, L3 switches don't usually offer advanced routing features (NAT, e.g.).



rodman.frowert Fri, 01/23/2009 - 08:15


Ok, this makes sense. When the majority of traffic is going vlan-to-vlan than I can see where a L3 switch would be a better idea. But this still brings up the question, the L3 switch now becomes the single point of failure, right?

I haven't gotten much into redundancy yet so I am sure there is another answer for this questions(and more money!).

And, how does the router connect to the L3 switch in the scenario we are talking about? I'm guessing the L3 switch would have a default-gateway option inside it that points BACK to the router so that when a client on one of the access vlans wants to access the wan, the L3 switch forwards that packet to the router.

Also, does the interface on the router get assigned the ENTIRE network? No matter how it is broken up in the access layer, the router's interface still needs to know the entire network, correct?

John Blakley Fri, 01/23/2009 - 08:23


You can use a routing protocol, or static routing from the L3 switch to the router. Router-on-a-Stick is great for small wireless networks. I've used them in the past, and it does keep you from having to get a L3 switch for every location.

On your L3 switchport, you can create a routed port or leave the port in a trunked mode. The routed port will have an address on it (like a router) in the same subnet as your router's lan interface:

router =

switchport on L3 switch =

You could then add a static route (either "ip route" or "ip default-gateway"). I prefer the ip route statement over the default-gateway.

Your L3 switch would be the single point of failure, which is where you get into HSRP and ANOTHER L3 switch :-)



rodman.frowert Fri, 01/23/2009 - 08:49


It does help. I haven't had the opportunity to play with any L3 switches so my knowledge is lacking in that area. I need to add one to my ever growing lab... :-)

So applying what you guys have told me and what I have studyied, lets say I have two subnets/vlans that I need to route between (on two different L2 switches) and also I need them to be able to access the WAN. I want to use a L3 switch in the distribution layer (as we are talking about) and a router in the core layer. The entire network I wasnt to use is

- Network A and B both have a subnet mask of (16 hosts for each network)

1. The Routers LAN interface that connects to the L3 switch would be an ip of

2. The L3 switchport (that connects to the router) would have an IP of

3. The L3 switchport that connects to network A would be

4. The L4 switchport that connects to Network B would be

On the access level switches I would assign an IP in their appropriate subnets so Network A L2 switch could be and NetworkB L2 switch could be

The hosts would then get the remaining IP's.

Now after all this is done, I still need to use trunking on the L3 ports that connect to the L2 switches, right? Or like you said, I can also configure them as routed ports just like routers so I don't necessarily need to configure them for trunking?

This is what is confusing me. I think I am forgetting that L3 CAN BE used as a router too...

I would then need to use a type of routing protocol (or a static route) to tell the L3 switch how to get information destined for outside the LAN out of the local network. On the router, I would also need a static route that points to the WAN, correct?

John Blakley Fri, 01/23/2009 - 09:01

Your ports that connect to the L2 switches would just be configured as a trunk. In order to be able to route between VLANs in the L3 switch, you would need to enable routing on the switch.

Yes, you would still need a default route from the router out to your provider.


rodman.frowert Fri, 01/23/2009 - 09:13

And when routing on the L3 switch is enabled, I assume there is somewhere where you have to tell the switch what ports networks A and B are on? Is it similiar to adding subinterfaces on the router if a router on a stick was to be used?

Sorry for the questions. Just trying to get everything in order. I'm looking at a 3550 on eBay that I really need to get! :-)

Correct Answer
John Blakley Fri, 01/23/2009 - 09:18

After you enable routing, you would create your VLANs that you want to support, and then you would create interfaces for those VLANs. You then would assign your 192.168.x.x addresses to those VLANs, and these addresses become the gateways on the workstation. (In other words, your gateway would be the VLANs address and not the routers).


rodman.frowert Fri, 01/23/2009 - 09:25

Cool. So it is basically like creating subinterfaces on the router when doing a route on a stick method.

I think that answered it!

Joseph W. Doherty Fri, 01/23/2009 - 10:10

What might be a bit confusing about a L3 switch, it's functionally both a L2 switch and a router. For communications between an L3 swich and a traditional router, think how you might communicate between routers.

On the issues of costs, in the Cisco line-up, its practically impossible to find both the capabilities of a software router and performance of a L3 switch that's inexpensive. However, an inexpensive combination can be very effective. Consider the combination of a Catalyst 3560-8PC or Catalyst 3560-12PC for LAN routing and a small Cisco software router for the WAN link (sized and selected for the WAN link).

rodman.frowert Fri, 01/23/2009 - 11:30

Yes, the cost it amazing. But considering what they do and how long they last I guess its all relative.

Joseph W. Doherty Fri, 01/23/2009 - 12:11

Amazing high or amazing low?

As Milan noted in his first post, a small 2811 can not really handle a single 100 Mbps port at wire speed (the 2821 or 2851 with gig ports can't either).

A 3845 might well handle a single 100 Mbps link. But for multiple 100 Mbps or gig, even the 7200 VXRs might struggle. The small 3560s, might handle all their ports at wire speed. Compare the cost of one with a small WAN router (if you need WAN interfaces [e.g. T1s]/features [e.g. NAT]) compared to a base ASR for multiple 100 Mbps LAN performance. Also remember, once you've unloaded LAN routing, you only need to size the WAN router for WAN bandwidth. So instead of a 2800, a 500, 800 or 1800 series might be all you need. Of course if you already have a 2800, the small L3 switch delivers LAN performance, now, and may postpone the need for a larger WAN router for some time.

rodman.frowert Sat, 01/24/2009 - 09:20

Well when you put it that way.. :-)

What about the network modules that can be fit into certain routers that allow you to add switch functionality? Are they not switched ports done at wire speeds or is the router cpu still doing all the work?

Joseph W. Doherty Sat, 01/24/2009 - 15:46

Ethernet modules, I believe, depend on whether the flow stays within the module or whether it needs to transverse the router. The former may provide wire speed; the latter, probably not.


This Discussion