Jon Marshall Thu, 11/01/2007 - 08:05

Hi


Vlan interfaces are generally used for management on switches. Loopbacks are often used for management on routers. That's the primary difference.


Jon

paul.matthews Thu, 11/01/2007 - 08:57

It has long been recommended that a loopback address be used for management on routers. The thinking behind that is that if there is any way to your router you can get to the loopback - if you used a real interface address if that was the interface that was down, you would lose access.


With switches, there is a degree of separation between physical interface state and vlan interface state, so that position does not stand the same.


The main reason for using a loopback on a switch as the management address is that it would fall in line with a simple policy "we always use lo0 as management, lo1 - 9 as tunnel end points" sort of thing, and there is no need to modify the policy for routers or switches, and standard security configs may be a little easier.

carl_townshend Mon, 11/05/2007 - 03:20

what kind of address would we put on the loopback, would it be the same as the ethernet address of the lan connected ?

paul.matthews Mon, 11/05/2007 - 08:37

It would normally be a different address than on any interface!


To a degree it woul depend upo other uses for loop[back addresses. If purely for management, I would use a pool of management addresses, and allocate a single address for each device's loopback address, configured with a /32 mask, and advertised as such.

nicolas.vallot Thu, 11/22/2007 - 16:17

Hi,


If you assign a /32 address to a loopback interface, how can you connect to that interface ?

What address do I need to set on a lapop that I connect to that switch ?


Cheers


Jon Marshall Fri, 11/23/2007 - 00:37

Hi Nicholas


You need to make sure that /32 address is advertised in your routing protocol.


On the laptop you should set your default-gateway to the L3 interface for your subnet eg


router interface fa0/0 192.168.5.1 255.255.255.0


or if on L3 switch


int vlan 10

ip address 192.168.5.1 255.255.255.0


laptop

IP 192.168.5.10

Default-gateway 192.168.5.1


if the loopback is on the L3 switch/router where your laptops default-gateway is located then it should just work.


If the loopback is on a different device as i say you will need to either have static routes on your L3 switch/router or use a routing protocol.


HTH


Jon

nicolas.vallot Thu, 11/29/2007 - 12:48

Hi Jon,


Thanks for the detailed answer, I have chosen for the easiest solution, include the loopback network in the routing protocol.


It works like a charm.


Thanks again

Actions

This Discussion