Loopback IP with Eigrp config for management?

Unanswered Question
Oct 1st, 2010

Hello Folks,


I am stuck in middle of the configuration for managing the devices through loopback IP addresses. We would like to manage the network through the loopback IP address. here is the scenereo, we are having access switches (3750E and 3750G) of 40 count uplink to 2 core switches (4506). we would like to manage with the loopback IP address. For testing I used one of the access switch which has less users connected/no users connected using the IP address 10.55.54.1 255.255.255.255 on the access switch and we are running eigrp process on the core switches, but when i ping for testing from core to access switch no response. I am getting message from the command prompt as shown below when i ping from the desktop machine. I  think I need to modify routing on the core switches, but as this is the production network i really don't want to mess up. I think i need to add network stmt in the eigrp command. Please have the configuration and routing information for your reference and kindly suggest.


Reply from 10.55.1.42: TTL expired in transit.
Reply from 10.55.1.42: TTL expired in transit.
Reply from 10.55.1.42: TTL expired in transit.
Reply from 10.55.1.42: TTL expired in transit.


Reply is coming from the IP 10.55.1.42 which is the core2 vlan 1 ip and core 1 vlan1 ip is 10.55.1.41



CORE1 -

core1#sh ip route 10.55.54.1
Routing entry for 10.0.0.0/8
  Known via "static", distance 1, metric 0
  Redistributing via eigrp 10
  Advertised by eigrp 10 metric 56 1 255 1 1500
  Routing Descriptor Blocks:
  * 10.55.1.42
      Route metric is 0, traffic share count is 1

core1#sh runn | in ip route
no ip route-cache cef
no ip route-cache
ip route profile
ip route 0.0.0.0 0.0.0.0 10.55.0.4
ip route 0.0.0.0 0.0.0.0 10.55.1.42 20
ip route 0.0.0.0 0.0.0.0 Null0 255
ip route 10.0.0.0 255.0.0.0 10.55.1.42
ip route 10.0.1.0 255.255.255.0 <Firewall IP>
ip route 10.0.3.0 255.255.255.0 <Firewall IP>

ip route 10.0.8.0 255.255.252.0 <Firewall IP>
ip route 10.0.51.0 255.255.255.0 <Firewall IP>
ip route 10.0.52.0 255.255.255.0 <Firewall IP>

ip route 10.0.100.0 255.255.252.0 <Firewall IP>
ip route 10.0.111.0 255.255.255.0 <Firewall IP>
ip route 10.0.112.0 255.255.255.0 <Firewall IP>
ip route 10.0.116.0 255.255.252.0 <Firewall IP>
ip route 10.0.184.0 255.255.255.0 <Firewall IP>
ip route 10.0.185.0 255.255.255.0 <Firewall IP>
ip route 10.0.186.0 255.255.255.0 <Firewall IP>
ip route 10.0.187.0 255.255.255.0 <Firewall IP>

ip route 10.0.188.0 255.255.254.0 <Firewall IP>
ip route 10.0.192.0 255.255.248.0 <Firewall IP>
ip route 10.0.200.0 255.255.248.0 <Firewall IP>
ip route 10.4.60.0 255.255.255.0 <Firewall IP>
ip route 10.99.96.0 255.255.254.0 <Firewall IP>
ip route 10.99.99.0 255.255.255.0 <Firewall IP>
ip route 10.100.0.0 255.255.0.0 <Firewall IP>
ip route 10.150.150.0 255.255.255.0 <Firewall IP>
ip route 10.255.200.16 255.255.255.240 <Firewall IP>
hqcore1-501#sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  10.55.1.41    YES NVRAM  up                    up     
Vlan304                10.4.4.2        YES manual up                    up     
Vlan308                10.4.8.2        YES manual up                    up     
Vlan312                10.4.12.2       YES manual up                    up     
Vlan3000               10.255.0.2      YES NVRAM  up                    up     
Vlan3001               10.255.0.18     YES NVRAM  up                    up     
Vlan3002               10.255.0.34     YES NVRAM  up                    up     
Vlan3142               10.4.142.2      YES manual up                    up     
Vlan3144               10.4.144.2      YES manual up                    up    


EIGRP config:


router eigrp 10
redistribute static metric 56 1 255 1 1500
no auto-summary
network 10.55.4.0 0.0.3.255

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Fri, 10/01/2010 - 16:02

I do not believe that you have given us enough information to be able to identify the problem.


You state that you are running EIGRP on the core. But you do not tell us whether you are running EIGRP on the 3750 access switches. If you are running EIGRP on the access switches you do not tell us whether you are including the loopback in the EIGRP process. From the fact that the address does not show up in the routing table I would guess that you are not.


Based on what you have posted the packet is being forwarded to 10.55.1.42 based on the static route for ip route 10.0.0.0 255.0.0.0 10.55.1.42. It might be helpful if you would post the output of show ip route from 10.55.1.42.


It might also be helpful if you could tell us from the original device what should be the next hop to get to this loopback interface address.


HTH


Rick

habeebuddin786 Mon, 10/04/2010 - 12:44

Thanks for your response. I have gone through the access switches (3750) but few are running eigrp on it and few switches are not running any eigrp. The switch I have taken for testing is not running any eigrp in it. and no routing is taking place for this access switch. I checked the VTP status and this is running as Transparent mode switch.


below is the show ip route from 10.55.1.42:


sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.55.0.4 to network 0.0.0.0

     10.0.0.0/8 is variably subnetted, 68 subnets, 8 masks
D EX    10.4.4.0/23 [170/3072] via 10.55.5.50, 5d20h, Port-channel13
C       10.4.2.0/23 is directly connected, Vlan32
S       10.0.8.0/22 [1/0] via 10.55.0.20
C       10.255.1.240/28 is directly connected, Vlan1
D EX    10.4.10.0/23 [170/3072] via 10.55.5.18, 5d20h, Port-channel12
C       10.4.18.0/23 is directly connected, Vlan38
D EX    10.4.6.0/23 [170/3072] via 10.55.4.50, 5d20h, Port-channel11
S       10.9.6.0/23 [1/0] via 10.55.0.20
S       10.0.3.0/24 [1/0] via 10.55.0.20
S       10.50.50.0/24 [1/0] via 10.55.0.20
S       10.50.50.0/24 [1/0] via 10.55.0.20
S       10.9.9.0/24 [1/0] via 10.55.0.20
C       10.4.4.0/23 is directly connected, Vlan304
S       10.0.0.0/8 [1/0] via 10.55.1.41
S       10.0.1.0/24 [1/0] via 10.55.0.20
D EX    10.4.4.0/23 [170/3072] via 10.55.4.18, 5d20h, Port-channel10
S       10.55.100.16/28 [1/0] via 10.55.0.20
S       10.4.60.0/24 [1/0] via 10.55.0.20
S       10.0.51.0/24 [1/0] via 10.55.0.20
D EX    10.4.50.0/23 [170/3072] via 10.55.6.82, 5d20h, Port-channel16
D EX    10.4.8.0/23 [170/3072] via 10.55.6.18, 5d20h, Port-channel14
S       10.0.2.0/24 [1/0] via 10.55.0.20
D EX    10.9.9.70/32 [170/129536] via 10.55.6.18, 5d20h, Port-channel14
C       10.255.6.112/28 is directly connected, Port-channel17
D       10.255.6.96/28 [90/1792] via 10.55.6.14, 5d20h, Port-channel17
C       10.4.144.0/23 is directly connected, Vlan344
C       10.255.6.80/28 is directly connected, Port-channel16
D EX    10.4.70.0/23 [170/3072] via 10.55.6.14, 5d20h, Port-channel17
D EX    10.4.68.0/23 [170/3072] via 10.55.6.50, 5d20h, Port-channel15
D EX    10.4.90.0/23 [170/3072] via 10.55.6.14, 5d20h, Port-channel17
D EX    10.4.188.0/23 [170/3072] via 10.55.6.50, 5d20h, Port-channel15
D       10.55.6.64/28 [90/1792] via 10.55.6.82, 5d20h, Port-channel16
C       10.55.5.48/28 is directly connected, Port-channel13
C       10.55.4.48/28 is directly connected, Port-channel11
S       10.0.200.0/21 [1/0] via 10.55.0.20
C       10.55.6.48/28 is directly connected, Port-channel15
S       10.0.192.0/21 [1/0] via 10.55.0.20
D       10.55.5.32/28 [90/1792] via 10.55.5.50, 5d20h, Port-channel13
D       10.55.4.32/28 [90/3072] via 10.55.4.50, 5d20h, Port-channel11
D       10.55.6.32/28 [90/1792] via 10.55.6.50, 5d20h, Port-channel15
C       10.55.0.32/28 is directly connected, Vlan302
C       10.55.5.16/28 is directly connected, Port-channel12
C       10.55.4.16/28 is directly connected, Port-channel10
C       10.55.6.16/28 is directly connected, Port-channel14
C       10.55.0.16/28 is directly connected, Vlan3001
D       10.55.5.0/28 [90/1792] via 10.55.5.18, 5d20h, Port-channel12
D       10.55.4.0/28 [90/1792] via 10.55.4.18, 5d20h, Port-channel10
D       10.55.6.0/28 [90/1792] via 10.55.6.18, 5d20h, Port-channel14
C       10.55.0.0/28 is directly connected, Vlan3000



sh cdp neigh table from the access switch


sh cdp neigh detail
-------------------------
-------------------------
Device ID: Core2

Entry address(es):
  IP address: 10.55.1.42
Platform: cisco WS-C4506-E,  Capabilities: Router Switch IGMP
Interface: GigabitEthernet3/0/52,  Port ID (outgoing port): GigabitEthernet2/22
Holdtime : 137 sec

Version :
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICESK9-M), Version 12.2(53)SG1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 30-Oct-09 18:26 by prod_rel_team

advertisement version: 2
VTP Management Domain: abc

Native VLAN: 1
Duplex: full
Management address(es):
  IP address: 10.55.1.42

-------------------------
Device ID: Core1

Entry address(es):
  IP address: 10.55.1.41
Platform: cisco WS-C4506-E,  Capabilities: Router Switch IGMP
Interface: GigabitEthernet1/0/52,  Port ID (outgoing port): GigabitEthernet2/22
Holdtime : 123 sec

Version :
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICESK9-M), Version 12.2(53)SG1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 30-Oct-09 18:26 by prod_rel_team

advertisement version: 2
VTP Management Domain: abc

Native VLAN: 1
Duplex: full
Management address(es):
  IP address: 10.55.1.41

hqans1-402#ping 10.55.1.41

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.255.1.241, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
hqans1-402#ping 10.55.1.42

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.255.1.242, timeout is 2 seconds:
.....

Jon Marshall Tue, 10/05/2010 - 10:12

If the access switch is not routing then you cannot simply assign a loopback to the switch and expect it to work. If it is acting as a L2 switch then you would have to do the following -


1) on the access switch configure a management vlan eg. vlan 10


2) give the SVI for vlan a ip address and make it reachable from your core switches


3) add a route on your core switches for the loopback pointing to the vlan 10 SVI ip address


I'm still not 100% sure it will work if the switch is not routing but i seem to remember trying it a while back and it worked.


The key point is though that loopbacks are really only useful to manage L3 devices. A switch acting as a L2 switch, whether it is L3 capable or not, is not really suited to managing via loopback, that is why you have a management vlan for switches.


Jon

habeebuddin786 Tue, 10/05/2010 - 10:23

Thanks Jon,


Thats so much informative.


let me try the following steps and let you know the behaviour of the switch. For FYI the switche is L3 (3750) and running in transparent mode.

habeebuddin786 Tue, 10/05/2010 - 10:27

Hey Jon,


If i enabled the routing on this access switch which is layer 3 (3750) how it will work. I enabled the eigrp on the access switch as follows but still its not working. is there anything i m missing in the eigrp config.


router eigrp 10
network 10.55.54.0 0.0.0.255
eigrp stub connected summary

Jon Marshall Tue, 10/05/2010 - 10:31

habeebuddin786 wrote:


Hey Jon,


If i enabled the routing on this access switch which is layer 3 (3750) how it will work. I enabled the eigrp on the access switch as follows but still its not working. is there anything i m missing in the eigrp config.


router eigrp 10
network 10.55.54.0 0.0.0.255
eigrp stub connected summary


Should work with EIGRP running.


What does "sh ip eigrp neighbors" show ?


Also what is the connection between this L3 switch and the core switch ie. are the ports configured ?


Jon

habeebuddin786 Tue, 10/05/2010 - 10:51

From the access switch, eigrp neighbor shows nothing. please find the eigrp neighbor table from the core switch.

also find the cdp neighbor from the access switch for ur reference. it is directly connected to the core switch.


ACCESS SWITCH:

NMS-switch
                 Gig 3/0/47        126              S I   WS-C3750G Gig 1/0/29

                 IP address: 10.9.9.10
CORE-2
                 Gig 3/0/52        144             R S I  WS-C4506- Gig 2/22

                 IP address: 10.55.1.42
CORE1
                 Gig 1/0/52        143             R S I  WS-C4506- Gig 2/22

                 IP address: 10.55.1.41


access-switch#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)


CORE1 SWITCH:

Core1#sh ip eigrp neig
EIGRP-IPv4:(10) neighbors for process 10
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
5   10.55.5.2              Po12              12 6d18h       9   200  0  16
4   10.55.5.34             Po13              13 6d18h      15   200  0  24
2   10.55.4.2              Po10              11 6d18h       6   200  0  31
1   10.55.4.34             Po11              11 6d18h       3   200  0  48
7   10.55.6.2              Po14              11 12w5d       5   200  0  555
6   10.55.6.34             Po15              12 13w4d       4   200  0  2204
3   10.55.6.66             Po16              13 13w4d       4   200  0  1699
0   10.55.6.98             Po17              11 13w4d       2   200  0  5

habeebuddin786 Tue, 10/05/2010 - 10:58

Also please find the config of the port at access switch which

is connected to core swtiches.


Access-switch
!
interface GigabitEthernet1/0/52
description uplink CORE1 g2/22
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,4,5,6,18,38,66,342
switchport mode trunk
end

!
interface GigabitEthernet3/0/52
description uplink CORE2 g2/22
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,4,5,6,18,38,66,342
switchport mode trunk

Jon Marshall Tue, 10/05/2010 - 11:06

Okay this is where it's gets a bit complicated Assuming you're access switch is now routing and running EIGRP.


There are 3 main ways of connecting your L3 switch to the core -


1)  with a L2 access port link ie. the ports on both ends of the link are configured to be in the same vlans


2) with a L2 trunk ie. the ports on both ends are configured as trunks


3) with a L3 routed link ie. the ports are configured a routed ports ie. "no switchport" "ip address x.x.x.x "


Now if you have a loopback on the 3750 it cannot be assigned to a vlan therefore if your connection is either 1) or 2) then you have to get to the loopback via a L3 vlan interface on your 3750.


If you have a L3 routed link then you would not need a L3 vlan interface to get to it. However it's important to note that if you use a L3 routed connected then you must route the local vlans on the 3750 on the 3750 ie. you cannot have the L3 vlan interfaces for the vlans local to the 3750 on the core switches. In addition you cannot have the vlans local to 3750 on any other switches because there is now no L2 adjacency between your 3750 and any other switch.


So i'm going to assume you are not using L3 routed links. Lets assume, going back to my previos thread that you have a vlan 10 management interface on the 3750 and a looback eg.


int vlan 10

ip address 192.168.5.2 255.255.255.0


int loopback 10

ip address 192.168.6.1 255.255.255.0


as i said before the switch is now L3 and running EIGRP. Your core switch also has a L3 vlan 10 interface eg.


core switch

========


int vlan 10

ip address 192.168.5.1 255.255.255.0


so you must form the EIGRP adjacency on the vlan 10 interfaces so on the 3750 you would have -


router eigrp 10

network 192.168.5.0 0.0.0.255

network 192.168.6.1 0.0.0.0   <-- note you can advertise the 192.168.6.0/24 only if you are not using it on any other switch. If you are you will have to advertise the host specific address

no auto-summary


obviously on your core switch there would be an entry for "192.168.5.0 0.0.0.255" under the router eigrp config.


Now the adjacency will be formed over 192.168.5.x network and your 3750 will advertise the loopback address. Note however, how much effort this is compared to simply having the 3750 acting as a L2 switch and managing it via vlan 10. You have had to enable "ip routing", configure a loopback and configure EIGRP simply to be able to manage the switch with a loopback.


So i should have been more specific in my last post. Loopbacks are primarily used on L3 devices that have routed links to other devices because even though you have enabled L3 on your 3750 you are still using a L2 link to connect to the core switch.


Hope all that makes sense.


Edit - just seen your last post about the trunk links so you aren't using L3 links. One of those vlans on the trunk presumably has a L3 vlan interface on the 3750 ?? - that is the one you need to peer with.


Jon

Richard Burts Tue, 10/05/2010 - 11:16

One thing that I notice is that the partial configuration shows EIGRP with a single network statement and that network statements appears to be for the subnet that includes the loopback. There also needs to be a network statement for the layer 3 interface that connects the access switch to the core.


HTH


Rick

Actions

This Discussion