The scenario looks like this. You’ve got a branch office with a single router connecting to your corporate office over the WAN. In your branch office you have a single layer 2 switch and a desire to separate traffic into multiple broadcast domains. Maybe you want an easy way to allow only HR computers to connect to a very specific branch office server and the only place for any restriction of traffic is on that branch office router. Here is where your router on a stick comes into play.
A router on a stick gets its name from a switch connected to the router via a singled connection that passes multiple vlans of traffic to the router for intervlan routing. The task is relatively straight forward. On the switch, create a trunk using dot1q up to the router. On the routers interface we will not be placing any IP address. We will place those on the subinterfaces. Under each subinterface set the encapsulation to dot1q ## where ## is the vlan id. This process is displayed in the below diagram with a sample configuration attached.
R1
hostname R2 ! ip dhcp excluded-address 10.0.100.1 ip dhcp excluded-address 172.16.100.1 ip dhcp excluded-address 192.168.100.1 ip dhcp excluded-address 192.168.100.1 192.168.100.30 ip dhcp excluded-address 172.16.100.1 172.16.100.30 ip dhcp excluded-address 10.0.100.1 10.0.100.30 ! ip dhcp pool VLAN_10 network 192.168.100.0 255.255.255.0 default-router 192.168.100.1 lease 0 8 ! ip dhcp pool VLAN_20 network 172.16.100.0 255.255.255.0 default-router 172.16.100.1 lease 0 8 ! ip dhcp pool VLAN_30 network 10.0.100.0 255.255.255.0 default-router 10.0.100.1 lease 0 8 ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.10 encapsulation dot1Q 10 ip address 192.168.100.1 255.255.255.0 no snmp trap link-status ! interface FastEthernet0/0.20 encapsulation dot1Q 20 ip address 172.16.100.1 255.255.255.0 no snmp trap link-status ! interface FastEthernet0/0.30 encapsulation dot1Q 30 ip address 10.0.100.1 255.255.255.0 no snmp trap link-status ! router eigrp 42 network 10.0.100.0 0.0.0.255 network 172.16.100.0 0.0.0.255 network 192.168.100.0 auto-summary ! ip classless ! end