Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4834
Views
0
Helpful
9
Replies

Loopback routing

Go to solution
charles.e.davis
Level 1
Level 1

‎08-28-2010 09:58 AM - edited ‎03-06-2019 12:42 PM

I have a local enclave with a mixture of layer 2 switches and 2 layer 3 switches.  I am required to segregate my management network from my managed traffic, but another of the requirements is that I use Loopback addresses to do any ftp or ssh.  I created a private network management VLAN 10.255.255.0 and the divided it in half.  The network management workstation sits on the lower half and each switch also has an IP address on this subnet, 10.255.255.0/25.  The loopbacks sit on the 10.255.255.128/25 because the switches don't allow a loopback to sit on the same network as one of the interfaces.  This is fine for the 2750 switch that directly connects to the network management workstation, but I can't hit any of the other switches.  How can I route those addresses through my network, or how do I put the management workstation on the loopback network to hit them.  There isn't any other reason for the management address besides ftp, logging, and ssh so if I can do the later it would be perfect.  Thanks for your help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to charles.e.davis

‎08-28-2010 10:57 AM 

charles.e.davis@baesystems.com
Ok, so since I'm using multiple layer 2 switches (2960Gs) with only 2 layer 3 switches (3750G), then I need to put a static route on both 3750s for each switch that I have a loopback address on, which will be all of them.  Am I correct or did I not understand you?

Yes although i would have thought as the 2960 is only a L2 switch then you may face problems using a loopback and a L3 SVI management vlan as these switches do not route.

Jon

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-28-2010 10:12 AM

Charles

If the loopbacks are in 10.255.255.128/25 and the management station is in 10.255.255.0.25 then you need a L3 vlan interface for both network ranges so you can route between them. So you need 2 vlans.

Jon

0 Helpful

Go to solution
charles.e.davis
Level 1
Level 1
In response to Jon Marshall

‎08-28-2010 10:17 AM

Ok, I tried to add a vlan to the Loopback interface but didn't have any success.  I also orginally tried to give the loopback an address with the management network and this was also a bust.  How do I accomplish this?  While the topic heading is Loopback routing, mainly I'm just looking for a way to configure the switches so that a network management workstation can hit loopback interfaces across a network.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to charles.e.davis

‎08-28-2010 10:32 AM 

charles.e.davis@baesystems.com
Ok, I tried to add a vlan to the Loopback interface but didn't have any success.  I also orginally tried to give the loopback an address with the management network and this was also a bust.  How do I accomplish this?  While the topic heading is Loopback routing, mainly I'm just looking for a way to configure the switches so that a network management workstation can hit loopback interfaces across a network.

It does depend on how your L3 switches are setup. Are they all routing and are they exchaging routes between each other. Because if they are not then it work. Bear in mind each loopback interface is a L3 interface. So let say your management workstations is connected via a L2 switch to a L3 switch that routes for the 10.255.255.0/25 vlan.

Now for the management workstation to be able to get to any loopback that L3 switch needs a route for each loopback. So all the other L3 switches with loopbacks would need to have advertised their loopback address. Now you can't do this with a vlan as such.

So it really depends on how the switches with loopbacks are advertising that loopback address. It may be that only a pair of your L3 switches are responsible for inter-vlan routing and the rest are connected via L2 trunks in which case you could be looking at a lot of static routes for the loopbacks on the L3 pair that are doing the inter-vlan routing.

It also depends on how the L3 switches are interconnected ie. via L2 trunks or L3 routed links.

Perhaps you could provide some more details on how everything is connected up and how the routing between the L3 switches is setup ?

Jon

0 Helpful

Go to solution
charles.e.davis
Level 1
Level 1
In response to Jon Marshall

‎08-28-2010 10:41 AM

Currently, we are using the layer 3 switches as the primary and secondary default gateways for inter-vlan routing.  We are running OSPF between the switches to allow for route switching.  The network management ws is directly connected to the primary layer 3 switch.  Considering that the loopback interface is a layer 3 interface, how would you ever route traffic to it across a network since it can't be directly tied to an interface.  Of can I advertise for that network 10.255.255.128/25 so that the loopbacks will respond.  I really appreciate your help on this, I know it is a saturday.

0 Helpful

Go to solution
charles.e.davis
Level 1
Level 1
In response to charles.e.davis

‎08-28-2010 10:42 AM

I forgot to mention, I do have a management vlan 10.255.255.0/25 that is routed through my trunks.  I had hoped to just put leave the subnet alone orginally, 10.255.255.0/24, and put the loopbacks on that vlan.  But there was no luck with that.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to charles.e.davis

‎08-28-2010 10:50 AM 

charles.e.davis@baesystems.com
I forgot to mention, I do have a management vlan 10.255.255.0/25 that is routed through my trunks.  I had hoped to just put leave the subnet alone orginally, 10.255.255.0/24, and put the loopbacks on that vlan.  But there was no luck with that.

That's the problem with using loopbacks when you have L2 trunks connecting your switches.

Lets say you have 5 L3 switches sw1 -> sw5.

sw1 is responsible for inter-vlan routing and has a L3 SVI for the management vlan with an address 10.255.255.1/25.

sw2 -> sw5 each have a L3 SVI for the management vlan and use IPs 10.255.255.2. -> 5 respectively.

If you now want to add a loopback to each switch ie. sw2 -> sw5 using 10.255.255.129 -> 132 you would need to add these static routes to sw1

ip route 10.255.255.129 255.255.255.255 10.255.255.2  <-- sw2

ip route 10.255.255.130 255.255.255.255 10.255.255.3  <-- sw3

etc...

loopbacks work well when each device with a loopback is routing and exchanging routes with all other L3 devices.

Jon

0 Helpful

Go to solution
charles.e.davis
Level 1
Level 1
In response to Jon Marshall

‎08-28-2010 10:53 AM

Ok, so since I'm using multiple layer 2 switches (2960Gs) with only 2 layer 3 switches (3750G), then I need to put a static route on both 3750s for each switch that I have a loopback address on, which will be all of them.  Am I correct or did I not understand you?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to charles.e.davis

‎08-28-2010 10:57 AM 

charles.e.davis@baesystems.com
Ok, so since I'm using multiple layer 2 switches (2960Gs) with only 2 layer 3 switches (3750G), then I need to put a static route on both 3750s for each switch that I have a loopback address on, which will be all of them.  Am I correct or did I not understand you?

Yes although i would have thought as the 2960 is only a L2 switch then you may face problems using a loopback and a L3 SVI management vlan as these switches do not route.

Jon

0 Helpful

Go to solution
charles.e.davis
Level 1
Level 1
In response to Jon Marshall

‎08-28-2010 11:03 AM

Ok that worked perfectly.  Thanks for your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card