05-04-2009 06:55 AM - edited 03-06-2019 05:31 AM
Could someone refresh my memory about best practices with loopback interfaces and routing protocols? I starting to roll out a routed access layer design and am trying to figure out the best way to structure my loopback IPs. I need to create a /32 for every switch on my network correct? Even for the ones that are layer 2 and connected to a router or routed access layer switch? I'll advertise the loopback addresses on the router or routed access layer switch, correct?
05-04-2009 07:03 AM
If it's a layer 2 switch then i wouldn't use loopbacks, just use the L3 vlan interface for management altho if it is a routed access-layer where exactly are the layer 2 switches ?
As for the L3 devices (switches or routers) yes you need to advertise out a /32 but it also depends on the size of your network. So if you have a WAN with multiple sites ideally within each site you would advertise out a summary address for your loopbacks and then use /32's within the site. So the rest of the WAN is routed to the loopback based on the subnet and only when it gets to the correct site is the /32 used.
Jon
05-04-2009 07:11 AM
well, a handful of the sites have a layer 3 switch or router with a couple layer 2 switches hanging off of it. When you say "just use the L3 vlan int for mgt", what do you mean? Currently i am using the Native vlan for mgt. I'll need IPs for mgt for the switches at the sites that have a layer 3 switch with a couple layer 2 switches w, thats why i'm thinking the loopback would work out better. The majority of switches in my network will be layer 3 switches at the access layer. Example of loopbacks at one of the sites could be
10.255.1.1
10.255.1.2
10.255.1.3
10.255.1.4
10.255.1.5
10.255.1.6
10.255.1.7
10.255.1.8
10.255.1.9
10.255.1.10
10.255.1.11
10.255.1.12
summarized to a 10.255.1.0 /24
i know a /24 is over kill but it makes it easier to manage
05-04-2009 07:51 AM
let me rephrase my last question.... If i have a layer 3 switch running a routing protocol to the core with a few layer 2 switches hanging off of it, what is the best method of managing the layer 2 switches?
05-04-2009 08:28 AM
The *best* way is to make the vlan 1 on your L2 switch an address in the same subnet as the SVI that you have configured on the L3. Then on the L2 switch, you'll set a default gateway and point to your L3 svi.
Something like:
L3:
int vlan 1
ip address 192.168.5.1 255.255.255.0
int g1/0/5
switchport mode access
switchport access vlan 1
L2:
int vlan 1
ip address 192.168.5.2 255.255.255.0
ip default-gateway 192.168.5.1
HTH,
John
05-04-2009 10:32 AM
yeah that is a pretty standard config you posted. This is what i'm talking about.
L3 Switch
int vlan 1
ip add 10.0.0.55 255.255.255.0
int vlan 53
desc Data
ip add 10.0.53.1 255.255.255.0
int vlan 54
desc Voice
ip add 10.0.54.1 255.255.255.0
router eigrp 200
network 10.0.0.0 0.0.255.255
no auto
ip route 0.0.0.0 0.0.0.0 10.0.0.1
int g0/25
desc Trunk to L2
sw tr en do
sw mo tr
sw tr al vl 53,54
L2 Switch
vlan 53
vlan 54
int g0/25
desc Trunk to L3
sw tr en do
sw mo tr
sw tr al vl 53,54
How can i manage this switch. Right now vlan 1 is the transport vlan for routing information. i need to be able to manage the layer 2 switches.
05-04-2009 10:38 AM
Hello Michael,
John has already provided also the config for the L2 switches.
the management vlan can be a separated vlan or one between vlan53 and vlan54.
if you want to use vlan1 you need to allow it on the L2 trunk ports as well
so you may need
int vlan1
ip address 10.0.0.x 255.255.255.0
no shut
int gi0/25
switchport trunk allowed vlan 1,53,54
and also on the L3 switch side you need vlan1 permitted on the trunk
+
ip default-gateway 10.0.0.55
or you can allocate a new vlan for this.
It is your choice
Be aware that using vlan1 is not recommended for security reasons.
Hope to help
Giuseppe
05-04-2009 10:59 AM
I do not want to use vlan 1 anywhere but between my core and the L3 switch for transport of routing information. I set up a lab and configured an SVI for vlan 53 on the L2 switch and i was able to manage it. mission accomplished. (btw, i hate to be using vlan 1 as a transport vlan but i'm migrating away from that)
05-04-2009 11:30 AM
It's fine that you don't want to use vlan 1 as a transport for anything, but when you ask HOW something is done in the forums, and someone gives you the basic concept (directed toward your "you gave a standard config" comment), you take that and modify it for your network. What I wrote to you wasn't necessarily what you were needing/wanting, but it wasn't wrong.
Being that you only gave us addresses and not vlan information until later in the conversation, so it's kind of difficult to tell you what you should have done in the first place.
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: