10-01-2010 01:10 PM - edited 03-06-2019 01:17 PM
Hello Folks,
I am stuck in middle of the configuration for managing the devices through loopback IP addresses. We would like to manage the network through the loopback IP address. here is the scenereo, we are having access switches (3750E and 3750G) of 40 count uplink to 2 core switches (4506). we would like to manage with the loopback IP address. For testing I used one of the access switch which has less users connected/no users connected using the IP address 10.55.54.1 255.255.255.255 on the access switch and we are running eigrp process on the core switches, but when i ping for testing from core to access switch no response. I am getting message from the command prompt as shown below when i ping from the desktop machine. I think I need to modify routing on the core switches, but as this is the production network i really don't want to mess up. I think i need to add network stmt in the eigrp command. Please have the configuration and routing information for your reference and kindly suggest.
Reply from 10.55.1.42: TTL expired in transit.
Reply from 10.55.1.42: TTL expired in transit.
Reply from 10.55.1.42: TTL expired in transit.
Reply from 10.55.1.42: TTL expired in transit.
Reply is coming from the IP 10.55.1.42 which is the core2 vlan 1 ip and core 1 vlan1 ip is 10.55.1.41
CORE1 -
core1#sh ip route 10.55.54.1
Routing entry for 10.0.0.0/8
Known via "static", distance 1, metric 0
Redistributing via eigrp 10
Advertised by eigrp 10 metric 56 1 255 1 1500
Routing Descriptor Blocks:
* 10.55.1.42
Route metric is 0, traffic share count is 1
core1#sh runn | in ip route
no ip route-cache cef
no ip route-cache
ip route profile
ip route 0.0.0.0 0.0.0.0 10.55.0.4
ip route 0.0.0.0 0.0.0.0 10.55.1.42 20
ip route 0.0.0.0 0.0.0.0 Null0 255
ip route 10.0.0.0 255.0.0.0 10.55.1.42
ip route 10.0.1.0 255.255.255.0 <Firewall IP>
ip route 10.0.3.0 255.255.255.0 <Firewall IP>
ip route 10.0.8.0 255.255.252.0 <Firewall IP>
ip route 10.0.51.0 255.255.255.0 <Firewall IP>
ip route 10.0.52.0 255.255.255.0 <Firewall IP>
ip route 10.0.100.0 255.255.252.0 <Firewall IP>
ip route 10.0.111.0 255.255.255.0 <Firewall IP>
ip route 10.0.112.0 255.255.255.0 <Firewall IP>
ip route 10.0.116.0 255.255.252.0 <Firewall IP>
ip route 10.0.184.0 255.255.255.0 <Firewall IP>
ip route 10.0.185.0 255.255.255.0 <Firewall IP>
ip route 10.0.186.0 255.255.255.0 <Firewall IP>
ip route 10.0.187.0 255.255.255.0 <Firewall IP>
ip route 10.0.188.0 255.255.254.0 <Firewall IP>
ip route 10.0.192.0 255.255.248.0 <Firewall IP>
ip route 10.0.200.0 255.255.248.0 <Firewall IP>
ip route 10.4.60.0 255.255.255.0 <Firewall IP>
ip route 10.99.96.0 255.255.254.0 <Firewall IP>
ip route 10.99.99.0 255.255.255.0 <Firewall IP>
ip route 10.100.0.0 255.255.0.0 <Firewall IP>
ip route 10.150.150.0 255.255.255.0 <Firewall IP>
ip route 10.255.200.16 255.255.255.240 <Firewall IP>
hqcore1-501#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Vlan1 10.55.1.41 YES NVRAM up up
Vlan304 10.4.4.2 YES manual up up
Vlan308 10.4.8.2 YES manual up up
Vlan312 10.4.12.2 YES manual up up
Vlan3000 10.255.0.2 YES NVRAM up up
Vlan3001 10.255.0.18 YES NVRAM up up
Vlan3002 10.255.0.34 YES NVRAM up up
Vlan3142 10.4.142.2 YES manual up up
Vlan3144 10.4.144.2 YES manual up up
EIGRP config:
router eigrp 10
redistribute static metric 56 1 255 1 1500
no auto-summary
network 10.55.4.0 0.0.3.255
10-01-2010 04:02 PM
I do not believe that you have given us enough information to be able to identify the problem.
You state that you are running EIGRP on the core. But you do not tell us whether you are running EIGRP on the 3750 access switches. If you are running EIGRP on the access switches you do not tell us whether you are including the loopback in the EIGRP process. From the fact that the address does not show up in the routing table I would guess that you are not.
Based on what you have posted the packet is being forwarded to 10.55.1.42 based on the static route for ip route 10.0.0.0 255.0.0.0 10.55.1.42. It might be helpful if you would post the output of show ip route from 10.55.1.42.
It might also be helpful if you could tell us from the original device what should be the next hop to get to this loopback interface address.
HTH
Rick
10-04-2010 12:44 PM
Thanks for your response. I have gone through the access switches (3750) but few are running eigrp on it and few switches are not running any eigrp. The switch I have taken for testing is not running any eigrp in it. and no routing is taking place for this access switch. I checked the VTP status and this is running as Transparent mode switch.
below is the show ip route from 10.55.1.42:
sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.55.0.4 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 68 subnets, 8 masks
D EX 10.4.4.0/23 [170/3072] via 10.55.5.50, 5d20h, Port-channel13
C 10.4.2.0/23 is directly connected, Vlan32
S 10.0.8.0/22 [1/0] via 10.55.0.20
C 10.255.1.240/28 is directly connected, Vlan1
D EX 10.4.10.0/23 [170/3072] via 10.55.5.18, 5d20h, Port-channel12
C 10.4.18.0/23 is directly connected, Vlan38
D EX 10.4.6.0/23 [170/3072] via 10.55.4.50, 5d20h, Port-channel11
S 10.9.6.0/23 [1/0] via 10.55.0.20
S 10.0.3.0/24 [1/0] via 10.55.0.20
S 10.50.50.0/24 [1/0] via 10.55.0.20
S 10.50.50.0/24 [1/0] via 10.55.0.20
S 10.9.9.0/24 [1/0] via 10.55.0.20
C 10.4.4.0/23 is directly connected, Vlan304
S 10.0.0.0/8 [1/0] via 10.55.1.41
S 10.0.1.0/24 [1/0] via 10.55.0.20
D EX 10.4.4.0/23 [170/3072] via 10.55.4.18, 5d20h, Port-channel10
S 10.55.100.16/28 [1/0] via 10.55.0.20
S 10.4.60.0/24 [1/0] via 10.55.0.20
S 10.0.51.0/24 [1/0] via 10.55.0.20
D EX 10.4.50.0/23 [170/3072] via 10.55.6.82, 5d20h, Port-channel16
D EX 10.4.8.0/23 [170/3072] via 10.55.6.18, 5d20h, Port-channel14
S 10.0.2.0/24 [1/0] via 10.55.0.20
D EX 10.9.9.70/32 [170/129536] via 10.55.6.18, 5d20h, Port-channel14
C 10.255.6.112/28 is directly connected, Port-channel17
D 10.255.6.96/28 [90/1792] via 10.55.6.14, 5d20h, Port-channel17
C 10.4.144.0/23 is directly connected, Vlan344
C 10.255.6.80/28 is directly connected, Port-channel16
D EX 10.4.70.0/23 [170/3072] via 10.55.6.14, 5d20h, Port-channel17
D EX 10.4.68.0/23 [170/3072] via 10.55.6.50, 5d20h, Port-channel15
D EX 10.4.90.0/23 [170/3072] via 10.55.6.14, 5d20h, Port-channel17
D EX 10.4.188.0/23 [170/3072] via 10.55.6.50, 5d20h, Port-channel15
D 10.55.6.64/28 [90/1792] via 10.55.6.82, 5d20h, Port-channel16
C 10.55.5.48/28 is directly connected, Port-channel13
C 10.55.4.48/28 is directly connected, Port-channel11
S 10.0.200.0/21 [1/0] via 10.55.0.20
C 10.55.6.48/28 is directly connected, Port-channel15
S 10.0.192.0/21 [1/0] via 10.55.0.20
D 10.55.5.32/28 [90/1792] via 10.55.5.50, 5d20h, Port-channel13
D 10.55.4.32/28 [90/3072] via 10.55.4.50, 5d20h, Port-channel11
D 10.55.6.32/28 [90/1792] via 10.55.6.50, 5d20h, Port-channel15
C 10.55.0.32/28 is directly connected, Vlan302
C 10.55.5.16/28 is directly connected, Port-channel12
C 10.55.4.16/28 is directly connected, Port-channel10
C 10.55.6.16/28 is directly connected, Port-channel14
C 10.55.0.16/28 is directly connected, Vlan3001
D 10.55.5.0/28 [90/1792] via 10.55.5.18, 5d20h, Port-channel12
D 10.55.4.0/28 [90/1792] via 10.55.4.18, 5d20h, Port-channel10
D 10.55.6.0/28 [90/1792] via 10.55.6.18, 5d20h, Port-channel14
C 10.55.0.0/28 is directly connected, Vlan3000
sh cdp neigh table from the access switch
sh cdp neigh detail
-------------------------
-------------------------
Device ID: Core2
Entry address(es):
IP address: 10.55.1.42
Platform: cisco WS-C4506-E, Capabilities: Router Switch IGMP
Interface: GigabitEthernet3/0/52, Port ID (outgoing port): GigabitEthernet2/22
Holdtime : 137 sec
Version :
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICESK9-M), Version 12.2(53)SG1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 30-Oct-09 18:26 by prod_rel_team
advertisement version: 2
VTP Management Domain: abc
Native VLAN: 1
Duplex: full
Management address(es):
IP address: 10.55.1.42
-------------------------
Device ID: Core1
Entry address(es):
IP address: 10.55.1.41
Platform: cisco WS-C4506-E, Capabilities: Router Switch IGMP
Interface: GigabitEthernet1/0/52, Port ID (outgoing port): GigabitEthernet2/22
Holdtime : 123 sec
Version :
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICESK9-M), Version 12.2(53)SG1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 30-Oct-09 18:26 by prod_rel_team
advertisement version: 2
VTP Management Domain: abc
Native VLAN: 1
Duplex: full
Management address(es):
IP address: 10.55.1.41
hqans1-402#ping 10.55.1.41
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.255.1.241, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
hqans1-402#ping 10.55.1.42
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.255.1.242, timeout is 2 seconds:
.....
10-05-2010 10:01 AM
Hi Richard,
Can you assist me?
10-05-2010 10:12 AM
If the access switch is not routing then you cannot simply assign a loopback to the switch and expect it to work. If it is acting as a L2 switch then you would have to do the following -
1) on the access switch configure a management vlan eg. vlan 10
2) give the SVI for vlan a ip address and make it reachable from your core switches
3) add a route on your core switches for the loopback pointing to the vlan 10 SVI ip address
I'm still not 100% sure it will work if the switch is not routing but i seem to remember trying it a while back and it worked.
The key point is though that loopbacks are really only useful to manage L3 devices. A switch acting as a L2 switch, whether it is L3 capable or not, is not really suited to managing via loopback, that is why you have a management vlan for switches.
Jon
10-05-2010 10:23 AM
Thanks Jon,
Thats so much informative.
let me try the following steps and let you know the behaviour of the switch. For FYI the switche is L3 (3750) and running in transparent mode.
10-05-2010 10:27 AM
Hey Jon,
If i enabled the routing on this access switch which is layer 3 (3750) how it will work. I enabled the eigrp on the access switch as follows but still its not working. is there anything i m missing in the eigrp config.
router eigrp 10
network 10.55.54.0 0.0.0.255
eigrp stub connected summary
10-05-2010 10:31 AM
habeebuddin786 wrote:
Hey Jon,
If i enabled the routing on this access switch which is layer 3 (3750) how it will work. I enabled the eigrp on the access switch as follows but still its not working. is there anything i m missing in the eigrp config.
router eigrp 10
network 10.55.54.0 0.0.0.255
eigrp stub connected summary
Should work with EIGRP running.
What does "sh ip eigrp neighbors" show ?
Also what is the connection between this L3 switch and the core switch ie. are the ports configured ?
Jon
10-05-2010 10:51 AM
From the access switch, eigrp neighbor shows nothing. please find the eigrp neighbor table from the core switch.
also find the cdp neighbor from the access switch for ur reference. it is directly connected to the core switch.
ACCESS SWITCH:
NMS-switch
Gig 3/0/47 126 S I WS-C3750G Gig 1/0/29
IP address: 10.9.9.10
CORE-2
Gig 3/0/52 144 R S I WS-C4506- Gig 2/22
IP address: 10.55.1.42
CORE1
Gig 1/0/52 143 R S I WS-C4506- Gig 2/22
IP address: 10.55.1.41
access-switch#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
CORE1 SWITCH:
Core1#sh ip eigrp neig
EIGRP-IPv4:(10) neighbors for process 10
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 10.55.5.2 Po12 12 6d18h 9 200 0 16
4 10.55.5.34 Po13 13 6d18h 15 200 0 24
2 10.55.4.2 Po10 11 6d18h 6 200 0 31
1 10.55.4.34 Po11 11 6d18h 3 200 0 48
7 10.55.6.2 Po14 11 12w5d 5 200 0 555
6 10.55.6.34 Po15 12 13w4d 4 200 0 2204
3 10.55.6.66 Po16 13 13w4d 4 200 0 1699
0 10.55.6.98 Po17 11 13w4d 2 200 0 5
10-05-2010 10:58 AM
Also please find the config of the port at access switch which
is connected to core swtiches.
Access-switch
!
interface GigabitEthernet1/0/52
description uplink CORE1 g2/22
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,4,5,6,18,38,66,342
switchport mode trunk
end
!
interface GigabitEthernet3/0/52
description uplink CORE2 g2/22
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,4,5,6,18,38,66,342
switchport mode trunk
10-06-2010 07:47 AM
Did you get this working ??
Jon
10-05-2010 11:06 AM
Okay this is where it's gets a bit complicated Assuming you're access switch is now routing and running EIGRP.
There are 3 main ways of connecting your L3 switch to the core -
1) with a L2 access port link ie. the ports on both ends of the link are configured to be in the same vlans
2) with a L2 trunk ie. the ports on both ends are configured as trunks
3) with a L3 routed link ie. the ports are configured a routed ports ie. "no switchport" "ip address x.x.x.x
Now if you have a loopback on the 3750 it cannot be assigned to a vlan therefore if your connection is either 1) or 2) then you have to get to the loopback via a L3 vlan interface on your 3750.
If you have a L3 routed link then you would not need a L3 vlan interface to get to it. However it's important to note that if you use a L3 routed connected then you must route the local vlans on the 3750 on the 3750 ie. you cannot have the L3 vlan interfaces for the vlans local to the 3750 on the core switches. In addition you cannot have the vlans local to 3750 on any other switches because there is now no L2 adjacency between your 3750 and any other switch.
So i'm going to assume you are not using L3 routed links. Lets assume, going back to my previos thread that you have a vlan 10 management interface on the 3750 and a looback eg.
int vlan 10
ip address 192.168.5.2 255.255.255.0
int loopback 10
ip address 192.168.6.1 255.255.255.0
as i said before the switch is now L3 and running EIGRP. Your core switch also has a L3 vlan 10 interface eg.
core switch
========
int vlan 10
ip address 192.168.5.1 255.255.255.0
so you must form the EIGRP adjacency on the vlan 10 interfaces so on the 3750 you would have -
router eigrp 10
network 192.168.5.0 0.0.0.255
network 192.168.6.1 0.0.0.0 <-- note you can advertise the 192.168.6.0/24 only if you are not using it on any other switch. If you are you will have to advertise the host specific address
no auto-summary
obviously on your core switch there would be an entry for "192.168.5.0 0.0.0.255" under the router eigrp config.
Now the adjacency will be formed over 192.168.5.x network and your 3750 will advertise the loopback address. Note however, how much effort this is compared to simply having the 3750 acting as a L2 switch and managing it via vlan 10. You have had to enable "ip routing", configure a loopback and configure EIGRP simply to be able to manage the switch with a loopback.
So i should have been more specific in my last post. Loopbacks are primarily used on L3 devices that have routed links to other devices because even though you have enabled L3 on your 3750 you are still using a L2 link to connect to the core switch.
Hope all that makes sense.
Edit - just seen your last post about the trunk links so you aren't using L3 links. One of those vlans on the trunk presumably has a L3 vlan interface on the 3750 ?? - that is the one you need to peer with.
Jon
10-05-2010 11:16 AM
One thing that I notice is that the partial configuration shows EIGRP with a single network statement and that network statements appears to be for the subnet that includes the loopback. There also needs to be a network statement for the layer 3 interface that connects the access switch to the core.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: