cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5900
Views
32
Helpful
16
Replies

Loopback Interface - Switch, Router management

cisco_lite
Level 1
Level 1

I have created a management Vlan. And I would like to access all the devices being the part of same subnet. I would like to understand how does it work?

If I telnet Cat6500 on loopback ip from the same subnet, how do the packets travel to loopback ? Is it through other ethernet for e.g. physical interface. So if the ethernet interface was down how would I reach the loopback.

And if the loopback ip is multiple hops away from the remote connecter, would the routes towards loopback interface need to be advertised.

Just interested in knowing how does loopback work for management purpose.

16 Replies 16

Jon Marshall
Hall of Fame
Hall of Fame

"And if the loopback ip is multiple hops away from the remote connecter, would the routes towards loopback interface need to be advertised."

Yes basically. You need to advertise your loopbacks via your your routing protocol so they can be reached.

To reach the loopback, yes you will enter a physical interface. If that interface goes down and that is the only interface that you can use to connect to the loopback you will not be able to reach the loopback (but the loopback would stay up).

However in a lot of topologies there are usually more than one entry point into the device especially a 6500.

Jon

Mark Yeates
Level 7
Level 7

Essentially you could use any IP address on the switch for management purposes. If you create a loopback IP address and wish to use it across your network you will need to advertise it.

HTH,

Mark

Can I define the loopback interface to be of the same network as the other ethernet interface on the same device. Is there any issue with that ?

Could you also please explain the use of interface null0. I couldn't completely understand from cisco.com materials.

Thanks.

"Can I define the loopback interface to be of the same network as the other ethernet interface on the same device. Is there any issue with that ?"

No because the switch/router will come back with an error about an overlapping subnet address.

Null0 is used for a number of things. Basically if a route points to Null0 any packets that match that route will be sent to Null0 ie. not forwarded.

Is there anything in particular you are thinking of in terms of Null0 usage.

Jon

With regards to loopback, I would like to maintain single subnet throughout the network i.e. for management purpose. But it doesn't seem possible due to presence different routing devices in the path. I don't think all the loopback interfaces can be part of the same subnet if they are spread around. Which means that just for the different loopback networks, I will have to advertise/define routes for loopback throughout the network. What is an ideal way of using loopback for management/syslog purpose.

I was trying to use Null0 as security/performance best practice. I believe in presence of a default route, null interface has no benefit. Please suggest.

You can create a subnet specifically for loopback IP addresses, and use a 32 bit mask on each device and advertise the whole loopback address space in your routing protocol. you can also source things such as syslog, telnet, NTP..etc from your loopback interface.

What I think you are talking about using null0 for your default route which will drop all the packets whose destination address couldn't find any match with any of the routes in the routing table.

HTH,

Mark

P.S. Sorry Jon for the cross posting.

"You can create a subnet specifically for loopback IP addresses, and use a 32 bit mask on each device and advertise the whole loopback address space in your routing protocol. "

Can you please give me an example of this. In my topology, there is Cat6500 which has vlans outside and inside FWSM. Also, there are switches and routers outside as well as inside the FWSM. I would like to use loopback on all the routers and switches. Do you mean for every loopback address /32, an additional entry would have to go into the routing tables across the path.

It depends on where you are routing from and to. So lets say you had a data centre with multiple devices and you accessed these devices from a remote site then you could advertise out just the /24 loopback address subnet from your DC.

But if you are in the same building or campus then advertising the subnet may not work and you may indeed to advertise each loopback as a /32.

You need to fit this to your topology. For example the last place i worked we have 100's of sites and each of the larger sites and it's satellites were allocated /24's for management and then these were advertised across the WAN to our other sites.

Jon

In my case, I will be accessing all the devices within a single site from behind FWSM. So what I understand from your suggestion is that I will have to use /32 advertisement. Would it make any difference if I were to use static routes for /32.

You could advertise either the individual loopback IPs or the subnet all together depending how widespread you want the IPs to go.

I found a good link should help you understand further.

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008010e9ca.shtml#topic6

You could also use different subnets to segment the different areas of your network.

HTH,

Mark

Is it better to use routing protocol for loopback interface for management puropose or should static routes be good. If it is routing protocol which one is advisable. Currently, we have single topology and no routing protocol is used at the moment.

Also, in case of default route is interface Null0 required.

Hello Cisco_lite,

a routing protocol is a better choice otherwise the number of static routes can become difficult to manage.

You can use EIGRP that provides support for classless routing.

to be noted the routing protocol can also provide a dynamic default route to all devices.

in this case a floating static route to null0 is needed only on the device that generates the defualt route in EIGRP

Hope to help

Giuseppe

It really depends on your current configuration/topology. A routing protocol generally is much easier to configure especially in a decent sized network.

Once again recommending a routing protocol really depends on the network and/or topology. I like to use EIGRP when I can (requires a Cisco only network), and OSPF is also good for a multivendor network.

If you don't mind configuring static routes for your management traffic then that will work just fine too.

HTH,

Mark

The loopback must be on a different network than your regular address space. You can take a private class C address space and create a /32 address on each one of your devices.

interface loopback0

ip address 192.168.1.1 255.255.255.255

interface Null0 is often called the "bit bucket" as that's what it does is drops the packets. There are many uses suck as "black holing" or for loop prevention.

http://www.cisco.com/en/US/tech/tk364/technologies_tech_note09186a00801c9a6e.shtml

HTH,

Mark

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco