Loopback interface.

markraves · ‎07-25-2007

Hello.

I'm a bit new here, and I'm not quite sure where to post this. I have a 7206vxr router, and a lot of catalyst switches. I have a management net consisting of 64 addresses. 90.xxx.85.0/255.255.255.192. It's routed to the internet as well. (through the 7206) My problem is the 7206 router. I've made a loopback interface with the IP of 90.xxx.85.20 with a subnet mask of 255.255.255.255. when i run no shut on interface loopback0, I can't get hold of anything on the outside of the 7206 (e.g. The Internet).

no fancy configuration on the loopback, just this:

interface loopback0

ip address 90.xxx.85.20 255.255.255.255

This is of course, an available ip address in my range.

The only extra route info on this subnet (except the default route) is this line:

ip route 90.xxx.85.0 255.255.255.192 90.xxx.90.2

90.2 is a pix.

Anyone with a clue to what happens when i activate the subinterface loopback0?

Edison Ortiz · ‎07-25-2007

You are blackholing the internet routes. You shouldn't assign an IP to the loopback address that overlaps with a subnet that is part of the routing table.

EPHRAIM MANI · ‎07-25-2007

Hi Edison but if we see the highest bit match theory pertaing to ip route so it should not bother us here.

like i suspect if see the ip route the there will be host root for the loopback ip and a static route for that 90.x.x.x network.

just my comments. Thanks EM-

markraves · ‎07-26-2007

Edison:

That's what I was afraid of, there are no routing protocols involved, so it should be pretty straightforward.

ephraim_mani:

Uh, my english is not very good, I didn't quite catch the essence of your post, but I'll post the info on 'sh ip route' that concerns this:

90.xxx.90.0/30 is directly connected, FastEthernet3/0.104

S 90.xxx.85.0/26 [1/0] via 90.xxx.90.2

Thanks,

\\markraves

Edison Ortiz · ‎07-26-2007

Mark,

Based on the ip route you just posted, this should work as there isn't any overlap.

I guess I didn't understand your question well, can you post the router config - with the loopback configured and without ?

markraves · ‎07-26-2007

Hello,

Um, I can post the router config without.. I'm sitting now 30miles from the location, and I have no other way inside than through the management net. So if I bring up the loopback, I get thrown out. I'll post the config as it is today: (edited out customers, dhcp pools)

The loopback here works from inside the 90.xxx.85.0, but It's crummy to have it outside the net where everything else is. I was hoping to get it in the 90.xxx.85.0/26 net.

router#sh run

Building configuration...

Current configuration : 19423 bytes

!

! Last configuration change at 08:24:47 CEST Tue Jul 3 2007

! NVRAM config last updated at 18:47:06 CEST Thu Jul 12 2007

!

version 12.3

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname router

!

boot-start-marker

boot system flash disk0:c7200-js-mz.123-6a.bin

boot system flash slot0:c7200-js-mz.123-6a.bin

boot-end-marker

!

enable secret 5 xxxxxxxxxxxxxxxxxx.

!

clock timezone CET 1

clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00

no aaa new-model

ip subnet-zero

no ip source-route

!

no ip domain lookup

ip domain name somethingorother.com

ip name-server 212.20.193.130

ip name-server 217.68.109.10

no ip dhcp conflict logging

!

ip cef

no vlan accounting

!

interface Loopback0

ip address 172.16.16.16 255.255.255.255

!

interface FastEthernet0/0

description ### WAN INTERFACE ###

ip address 90.xxx.95.238 255.255.255.252

no ip redirects

no ip proxy-arp

ip nat outside

no ip route-cache cef

no ip route-cache

duplex full

!

interface FastEthernet3/0

description ### LAN INTERFACE ###

no ip address

no ip redirects

no ip proxy-arp

no ip route-cache cef

no ip route-cache

duplex full

!

interface FastEthernet3/0.101

description ### Management ###

encapsulation dot1Q 101

no ip route-cache

!

interface FastEthernet3/0.104

description ###FIREWALL-PIX###

encapsulation dot1Q 104

ip address 90.xxx.90.1 255.255.255.252

no ip redirects

no ip proxy-arp

no ip route-cache

!

ip nat pool ADSL-NAT-POOL 90.xxx.95.238 90.xxx.95.238 netmask 255.255.255.252

ip nat inside source list 8 pool ADSL-NAT-POOL overload

ip classless

ip route 0.0.0.0 0.0.0.0 90.xxx.95.237 name DEFAULT-GW

ip route 90.xxx.85.0 255.255.255.192 90.xxx.90.2

ip route 90.xxx.90.8 255.255.255.248 90.xxx.90.2

ip route 172.16.16.16 255.255.255.255 Loopback0

ip route 172.16.17.0 255.255.255.0 FastEthernet3/0.102

no ip http server

!

access-list 8 permit 172.20.200.0 0.0.0.255

access-list 8 permit 172.20.201.0 0.0.0.255

access-list 8 permit 172.20.202.0 0.0.0.255

access-list 8 permit 172.20.203.0 0.0.0.255

access-list 8 permit 10.0.36.0 0.0.0.255

access-list 8 permit 10.0.34.0 0.0.0.255

access-list 8 permit 10.0.0.0 0.0.0.255

access-list 8 permit 172.16.17.0 0.0.0.255

access-list 101 permit ip 90.xxx.85.0 0.0.0.63 any

access-list 102 permit ip host xx.xxx.57.xxx any

access-list 103 permit icmp 90.xxx.85.0 0.0.0.63 host 172.16.16.16 echo-reply

!!

tftp-server flash:

!

dial-peer cor custom

!

gatekeeper

shutdown

!

ntp clock-period 17180006

ntp update-calendar

ntp server 90.xxx.85.3

!

end

Edison Ortiz · ‎07-27-2007

Based on the config posted, there isn't a reason why it should work.

Can you post the show ip route with the loopback assigned to that network and without it ?