Interfaces and Sub-Interfaces in a Router: What Are They and What Are They For?

One of the essential components of any network is the router. Despite the fact that many people conceive it as that device that emits Wi-Fi signal, it is much more than that. One of the essential features of the router is to allow communication between the different VLANs, that is, the different virtual LANs that are created to segment the traffic properly. Remember that all VLANs are created in a switch and applied per port to the connected equipment. This guide will explain everything you need to know about the sub-interfaces of a router and what distinguishes it from the interfaces.

Sub-interfaces are extremely important when setting up communication between two or more VLANs. Especially if you are working with equipment from the manufacturer Cisco. However, it is important to reinforce a few essential concepts before moving on to the sub-interfaces in question. These sub-interfaces also exist in any Linux-based router, although they are not called sub-interfaces, but virtual interfaces, but it is really the same, and it serves the same purpose: to intercommunicate the VLANs that we have.

Interfaces and Sub-Interfaces in a Router

A router has multiple ports, in turn, each port is a network interface. When we talk about a network interface, we refer to the hardware component that allows a device to connect to any network. Consequently, a router has multiple network interfaces, that is, several network cards packed into a single device.

To some extent, it is similar to a computer. Although all computers have a single wired network interface, according to our needs you can add one or more network cards so that your computer has more than one interface. The same applies to wireless network interfaces, that is, a single computer can have multiple wireless network interfaces. The latter is especially useful if you are interested in activities related to hacking Wi-Fi networks.

On the other hand, what exactly is the role of the router? This device has the ability to connect to one or more networks. In turn, it can connect with other routers in order to exchange routing information. The routing itself is made possible by the routing tables. Each router has a routing table in which are the possible destinations where the path followed by each data packet should be redirected. The router has all the necessary features to be able to make decisions about which is the best way to go, so that no data packet is discarded or is blocked at some point in its journey through the network.

Router-on-a-Stick

If your network has more than one VLAN, it is not possible for the switch to fulfill the function of allowing a computer in VLAN 1 to communicate with VLAN 2, except if it is an L2 + or L3 switch that incorporates the Inter functionality. -VLAN routing, in this case you could.

In case you have a “normal” L2 switch, you will need the services of a router to intercommunicate the VLANs, decapsulating and encapsulating the VLANs to communicate them correctly. What does Router-on-a-Stick mean? Let’s look at this example network:

Two computers are presented, each of them is connected to a VLAN. One to VLAN 10 and the other to VLAN 20. These computers are connected to a switch through their corresponding interfaces. That is, the switch has two ports occupied by both computers. On the other side of the switch there is a connection between it and a router. If we speak strictly at the physical level, if you have two VLANs, you can choose to occupy one port of the router for each port so that it connects to the switch. Therefore and for this case, the switch would have to have two trunk ports.

If we scale the case to four, five, six or more VLANs, this would be practically unfeasible. Very easily both the router and switch ports will be occupied, which causes the management of both devices to present with various difficulties. That is why the concept of Router-on-a-Stick allows the creation of sub-interfaces in the router, that is, in the same physical interface of the router, we can create virtual interfaces or sub-interfaces, and each of them It will be associated with one of the VLANs that our network has.

As for the switch, if we apply Router-on-a-Stick, we will only need a trunk port.

How to configure the sub-interfaces

At the beginning, we commented that the sub-interfaces are applied to a great extent in the devices of the manufacturer Cisco. For that reason, we are going to demonstrate its operation through the configuration via CLI (Command Line Interface) of the Cisco router itself. The first thing we must guarantee is that the switch or switches in our network have their access ports and VLAN assignment correctly configured.

Switch1#configure terminal
Switch1 (config)# interface gigabitEthernet 0/1
Switch1 (config-if)# switchport mode access
Switch1 (config-if)# switchport access vlan 100
Switch1 (config-if)# interface gigabitEthernet 0/2
Switch1 (config-if)# switchport mode access
Switch1 (config-if)# switchport access vlan 200

We must also guarantee the correct configuration of our trunk port that will allow the traffic of the different VLANs to travel to the router and vice versa.

Switch1 (config)# interface gigabitEthernet 0/24
Switch1 (config-if)# switchport trunk encapsulation dot1q
Switch1 (config-if)# switchport mode trunk

One of the commands we have entered is this:

switchport trunk encapsulation dot1q

This refers to the IEEE 802.1Q communication standard . Basically it is the protocol that allows each Ethernet frame that is generated from the hosts (computers) to have a VLAN ID, that is, an identifier that indicates which VLAN that frame has to go to. This protocol works only between network devices: routers and switches. It does not apply to hosts, so once it reaches its destination, that VLAN ID is sent as untagged, or untagged, that is, it is presented as a normal Ethernet frame.

Now, we configure the router. Always, before configuring sub-interfaces we have to ensure that the interfaces are actually working. So we must always start with the “no shutdown” command to activate them. Then you can start with the sub-interfaces.

(config)# interface gigabitEthernet 0/0
(config-if)# no shutdown
(config-if)# exit
(config-if)# interface gigabitEthernet 0/0.100
(config-subif)# encapsulation dot1Q 100
(config-subif)# ip address 192.168.1.1 255.255.255.0
(config-subif)# exit
(config)# interface gigabitEthernet 0/0.200
(config-subif)# encapsulation dot1Q 200
(config-subif)# ip address 192.168.2.1 255.255.255.0
(config-subif)# exit

A tip that is used to give is that each sub-interface has the same numbering as the number of the VLAN with which we are working. As we can see in the example commands, one sub-interface is .100 (for VLAN 100) and the other is .200 (for VLAN 200). This is more than anything to make the configuration and administration much easier and avoid any problems.

On the other hand, we see again the command «encapsulation dot1Q» and this time, it is accompanied by the ID of the VLAN that corresponds to it. This will allow each sub-interface to be able to interpret all 802.1Q tagged frames coming from the switch trunk port. If this is not configured, the router will not interpret the frames and will not know where to direct each of them.

Finally, we see assignment of IP addresses for each sub-interface. These same IP addresses will be configured on each host and will act as the default gateway . That is, every computer that is on VLAN 100 must have the address 192.168.1.1 configured as a gateway. The same applies to VLAN 200, the gateway IP address is 192.168.2.1.

Router-on-a-Stick is one of the most important concepts when it comes to networks. It stands out mainly for allowing to take full advantage of very few ports of our network devices. A router interface can have one or more sub-interfaces. This allows scalability and flexibility for our network without this representing unnecessary costs. An important aspect is that it is highly recommended that this trunk works at Multigigabit speeds, and even at 10G speeds, so as not to have a bottleneck in this link when we are transferring files between the VLANs.