Using Loopback Interfaces

Answered Question
May 24th, 2012

Hello,

I have a 2811 router where one of its 2 FE interfaces is used to connect to the ISP. We have quite a number of requirements for multiple IP addresses. These additional IP addresses were configured on loopback interfaces and are accessible from over the internet for the purposes they are needed.

We recently got a new ISP setup and also bought an additional 2 port FE card where the new ISP link would be terminated. While trying to setup the new ISP in the same manner as the previous one on the same router, I ran into a problem setting up the additional IPs in the same manner by using the loopback interface:

ROUTER(config-if)#ip add a.b.c.94 255.255.255.192

% a.b.c.64 overlaps with Loopback11

ROUTER(config-if)#

I didnt setup the initial ISP on the router, so I am unsure why the loopback interface was used. In my previous configurations, I setup using secondary IPs on the primary FE interface.

With this error stated above, I would like to understand the advantage of using the loopback interface as against the secondary IPs on the main interface as I need to resolve this issue and go ahead to setup the additional IPs from the new ISP for different uses within the office environment.

Regards,

Femi

I have this problem too.
0 votes
Correct Answer by Richard Burts about 1 year 10 months ago

Femi

It is fairly simple to configure static address translation of an inside address to an outside address. The command looks like

ip nat inside source static  

and the outside address does not need to be configured on an interface.

You do need ip nat inside on the inside interface and ip nat outside on the outside interface. But I assume that you probably already have these.

for details see this link

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
bret Thu, 05/24/2012 - 18:34

This is happening because your loopbacks are in the same subnet. Put the new loopback in a different subnet and you should be fine.

HTH

Sent from Cisco Technical Support iPad App

Richard Burts Thu, 05/24/2012 - 19:30

Femi

What is happening is not an issue about loopback interface or secondary address. You would have exactly the same problem on both types of interfaces.

The issue here is that the address and mask that you are using create a subnet that overlaps with an existing subnet on the router. And IOS will not allow two overlapping subnets.

To make it work you need to use and address and a mask that do not overlap with an existing subnet. Since we have no knowledge of what addresses you are using there is not much other advice that we can give you.

HTH

Rick

femi.agboade Fri, 05/25/2012 - 04:44

Hello Richard,

Sorry that i missed out some info. Please see details of the IP addresses below:

IP configured on Loopback 11 = a.b.c.95 255.255.255.255

Default IP route = ip route 0.0.0.0 0.0.0.0 a.b.c.65

IP to be configured on the FE port that throws overlap error =a.b.c.94 255.255.255.192

Additional IPs issued that have been attempted to add on additional loopback interfaces: a.b.c.96 to a.b.c.100

Please note that a.b.c is same for all the IPs.

Regards,

Femi

Richard Burts Fri, 05/25/2012 - 05:35

Femi

Thanks for the additional information. If a.b.c is the same for all addresses then the problem is in the mask that you are using of 255.255.255.192. This defines a subnet containing 64 addresses. If you have multiple addresses (and especially if the addresses are like 95, 96, etc which are sequential) then you probably should use a mask of 255.255.255.255.

HTH

Rick

femi.agboade Fri, 05/25/2012 - 07:43

Hello Richard,

So I try to set the FE to IP address a.d.c.94 255.255.255.255 but got a bad mask error. Then I used subnet mask 255.255.255.252, after which i tried adding the IP a.b.c.95 255.255.255.255 to the loopback interface and got the overlap error. However, when i tried using any other IP between .96 and .100, it worked. Apparently, using the .252 mask makes .95 a broadcast IP which is still in the same subnet with .94

Does this imply that i cannot use .95 along with .94 in this configuration? That would be painful as I had to pay extra to get these additional IPs from the ISP.

Regards,

Femi

Richard Burts Fri, 05/25/2012 - 09:17

Femi

Yes to configure an address that will operate on a physical interface such as FE then you need a subnet mask of at least 255.255.255.252. And that will create a subnet that occupys 4 addresses (94, 95, 96, 97). Sometimes when you are getting IP addresses from the ISP you can ask for a /30 for the connection and another small block that falls outside the range of the /30. Perhaps that might work for you?

We do not know how you are using these addresses (other than trying to put some on loopback interfaces) and so it is difficult to know if there are alternatives. I am guessing that you are using at least some of these addresses for address translation, so that devices inside your network on private addresses can access the Internet and have fixed public addresses. If that is the case then perhaps it is possible to set up some of these new addresses for address translation without requiring that they be configured on an interface?

HTH

Rick

femi.agboade Fri, 05/25/2012 - 09:27

Hello Richard,

Thanks for the feedback.

The IPs configured on the physical FE interfaces are primarily used to setup site-to-site VPN tunnels to 3rd parties.

The IPs configured on the loopback interfaces are used for the following:

  • One-on-one Server to Public IP mapping
  • VPN server to remote clients

So the main use of the loopback interfaces is for one-on-one server to public IP mapping.

Hope this helps as I would rather explore an aternative configuration than to ask the ISP for new sets of IPs.

Regards,

Femi

femi.agboade Fri, 05/25/2012 - 09:31

Hi again,

Sorry i apparently didnt finish reading your post before i hit the "add reply" button.

You typed:

I am guessing that you are using at least some of these addresses for address translation, so that devices inside your network on private addresses can access the Internet and have fixed public addresses.

Yes, that is the main aim for getting the additonal IPs up actually. Also to ensure that services coming from the internet can reach those devices directly

If that is the case then perhaps it is possible to set up some of these new addresses for address translation without requiring that they be configured on an interface?

Would love to explore any other possible option to configure.

Regards,

Femi

Correct Answer
Richard Burts Fri, 05/25/2012 - 10:46

Femi

It is fairly simple to configure static address translation of an inside address to an outside address. The command looks like

ip nat inside source static  

and the outside address does not need to be configured on an interface.

You do need ip nat inside on the inside interface and ip nat outside on the outside interface. But I assume that you probably already have these.

for details see this link

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml

HTH

Rick

femi.agboade Sun, 05/27/2012 - 13:14

Hello Rick,

Thanks for the comments. I actually never knew that i could configure a static address translation of an inside address to an outside address without configuring that outside address on an interface.

So why then do you think the loopback interface was used in my case?

Regards,

Femi

Richard Burts Sun, 05/27/2012 - 15:24

Femi

We do not know how the loopback interfaces are being used and so is difficult to know for sure why they were configured. But my guess is that they were configured because someone else, who was configuring your routers first, did not know that you could configure translation without having interfaces applied to an interface. Or perhaps they needed to be able to advertise the subnet of the extra IP addresses, and having it on a loopback is the easy way to get a subnet into the routing protocol.

HTH

Rick

femi.agboade Sun, 05/27/2012 - 16:35

Hello Rick,

The ISP gave us the additional IP addresses with a mask of /32, so I do not think advertising the subnet mask of the extra IP addresses may have been the reason as /32 would not be anything to broadcast I presume.

It could be that the person didnt also know that translation can be done without applying the IP addresses to a specific interface on the router.

Thanks a lont for your feedbacks.

Regards,

Femi

Actions

Login or Register to take actions

This Discussion

Posted May 24, 2012 at 5:59 PM
Stats:
Replies:12 Avg. Rating:5
Views:2396 Votes:0
Shares:0
Tags: router
+

Related Content

Discussions Leaderboard