✅ Completed ⚙️ Intermediate

OfficeSetupRouterOnAStick

This document details the logical and physical network design for the “Lab One” office environment. The infrastructure supports 12 end-user devices distributed across three departments (HR, Sales, and IT). The network utilizes a Router-on-a-Stick (ROAS) architecture for inter-VLAN routing and a centralized Dnsmasq server for automated IP addressing and name resolution.

Dec 24, 2025 ~3 min read 487 words
ROAS
Network Core: The router manages inter-VLAN routing for four distinct subnets (VLANs 10, 20, 30, and 99). A Dnsmasq Server is positioned in the IT management segment to provide centralized DHCP and DNS services across the entire infrastructure via DHCP Relay.Endpoint Distribution: Twelve Alpine Linux workstations are distributed across the canvas, each labeled with its specific department, switch interface (e.g., Et0/2, Et1/3), and dynamically assigned IP address.Visual Coding: Connections are color-coded to denote VLAN membership: blue for HR (VLAN 10), green for Sales (VLAN 20), and orange for IT/Management (VLAN 30), providing a clear map of the layer 2 traffic segmentation and layer 3 addressing scheme.

Network Design Document

Project Name: Router A Stick ( ROAS ) Office Network Setup

Document Version: 1.1

Date: December 25, 2025

Author: Rajkumar Neupane

Download YAML

1.0 Executive Summary

This document details the logical and physical network design for the “Lab One” office environment. The infrastructure supports 12 end-user devices distributed across three departments (HR, Sales, and IT). The network utilizes a Router-on-a-Stick (ROAS) architecture for inter-VLAN routing and a centralized Dnsmasq server for automated IP addressing and name resolution.

Pasted image 20251225031435

2.0 Hardware Inventory

The following hardware components are utilized in this implementation:

Table 1: Equipment List

Device Type Quantity Description Role
Router 1 Cisco IOSv Router WAN Gateway, Inter-VLAN Routing (ROAS)
Switch 1 Cisco IOSv-L2 Managed Switch Access Layer, VLAN Segmentation (802.1Q)
Endpoints 12 Alpine Linux Desktops End-user workstations for HR, Sales, and IT
Server 1 Dnsmasq Docker Container DHCP and DNS Services (Hosted in IT_MGMT)

3.0 Network Topology and VLAN Design

To ensure security and traffic segmentation, the network is divided into four distinct Virtual LANs (VLANs). Traffic between VLANs is managed by sub-interfaces on the router.

Table 2: VLAN Configuration

VLAN ID Name Department Subnet Gateway IP
10 HR_DATA Human Resources 192.168.10.0/28 192.168.10.1
20 SALES_DATA Sales 192.168.10.16/28 192.168.10.17
30 IT_MGMT IT Support 192.168.10.32/28 192.168.10.33
99 NATIVE Management 192.168.10.48/28 192.168.10.49

4.0 Switch Port Assignment

The managed switch is configured with specific access ports for each department and a Trunk port for the router uplink. Port Security and Spanning-Tree Portfast are enabled to ensure stability and security.

Table 3: Physical Port Mapping

Switch Interface VLAN Department Connected Device
Et0/2, Et0/3, Et1/0, Et1/1 10 HR Desktops 2, 3, 5, 6
Et0/0, Et0/1, Et1/2, Et1/3, Et2/2, Et2/3 20 Sales Desktops 0, 1, 6*, 7, 10, 11
Et2/0, Et2/1 30 IT Desktops 8, 9
Et3/1 30 IT Dnsmasq Server
Et3/0 Trunk Uplink Router1 (Ethernet 0/0)

Pasted image 20251225031229

5.0 Core Services Configuration

5.1 DHCP and DNS (Dnsmasq)

The network uses a central Dnsmasq server located at 192.168.10.34. It uses Tagging logic to provide unique gateways for each VLAN while sharing a common DNS pool.

Dnsmasq Configuration Snippet:

Bash

# VLAN 10 - HR_Department
dhcp-range=set:vlan10,192.168.10.5,192.168.10.14,255.255.255.240,12h
dhcp-option=tag:vlan10,option:router,192.168.10.1

# VLAN 20 - Sales_Department
dhcp-range=set:vlan20,192.168.10.21,192.168.10.30,255.255.255.240,12h
dhcp-option=tag:vlan20,option:router,192.168.10.17

Pasted image 20251225031053

6.0 Implementation Verification

6.1 DHCP Lease Success

Successful implementation is verified by the ability of Alpine Linux clients to pull correct IP addresses from the designated subnets. All clients successfully reached the relay agent at 192.168.10.34.

Verification Log (Desktop 0 - Sales):

Bash

inserthostname-here:~$ sudo udhcpc -i eth0
udhcpc: broadcasting select for 192.168.10.21, server 192.168.10.34
udhcpc: lease of 192.168.10.21 obtained from 192.168.10.34

Pasted image 20251225031010

6.2 Connectivity Testing

Connectivity is confirmed via ICMP ping tests:

  1. Local Gateway Ping: Clients can ping their respective sub-interfaces (e.g., 192.168.10.1). Pasted image 20251225030705
  2. Inter-VLAN Ping: Verified communication between HR (VLAN 10) and Sales (VLAN 20). Pasted image 20251225030822

7.0 Conclusion

The Lab One network successfully demonstrates a secure, tiered office infrastructure. By utilizing a Router-on-a-Stick design and DHCP relaying, the network provides efficient resource management and department isolation while allowing controlled inter-departmental communication.

End of Document