Loopback

Unanswered Question
Nov 1st, 2007

Why use the loopback interface for management as opposed to VLAN1?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.8 (3 ratings)
Loading.
Jon Marshall Thu, 11/01/2007 - 08:05

Hi

Vlan interfaces are generally used for management on switches. Loopbacks are often used for management on routers. That's the primary difference.

Jon

paul.matthews Thu, 11/01/2007 - 08:57

It has long been recommended that a loopback address be used for management on routers. The thinking behind that is that if there is any way to your router you can get to the loopback - if you used a real interface address if that was the interface that was down, you would lose access.

With switches, there is a degree of separation between physical interface state and vlan interface state, so that position does not stand the same.

The main reason for using a loopback on a switch as the management address is that it would fall in line with a simple policy "we always use lo0 as management, lo1 - 9 as tunnel end points" sort of thing, and there is no need to modify the policy for routers or switches, and standard security configs may be a little easier.

carl_townshend Mon, 11/05/2007 - 03:20

what kind of address would we put on the loopback, would it be the same as the ethernet address of the lan connected ?

paul.matthews Mon, 11/05/2007 - 08:37

It would normally be a different address than on any interface!

To a degree it woul depend upo other uses for loop[back addresses. If purely for management, I would use a pool of management addresses, and allocate a single address for each device's loopback address, configured with a /32 mask, and advertised as such.

nicolas.vallot Thu, 11/22/2007 - 16:17

Hi,

If you assign a /32 address to a loopback interface, how can you connect to that interface ?

What address do I need to set on a lapop that I connect to that switch ?

Cheers

Jon Marshall Fri, 11/23/2007 - 00:37

Hi Nicholas

You need to make sure that /32 address is advertised in your routing protocol.

On the laptop you should set your default-gateway to the L3 interface for your subnet eg

router interface fa0/0 192.168.5.1 255.255.255.0

or if on L3 switch

int vlan 10

ip address 192.168.5.1 255.255.255.0

laptop

IP 192.168.5.10

Default-gateway 192.168.5.1

if the loopback is on the L3 switch/router where your laptops default-gateway is located then it should just work.

If the loopback is on a different device as i say you will need to either have static routes on your L3 switch/router or use a routing protocol.

HTH

Jon

nicolas.vallot Thu, 11/29/2007 - 12:48

Hi Jon,

Thanks for the detailed answer, I have chosen for the easiest solution, include the loopback network in the routing protocol.

It works like a charm.

Thanks again

Actions

This Discussion