I have created a management Vlan. And I would like to access all the devices being the part of same subnet. I would like to understand how does it work?
If I telnet Cat6500 on loopback ip from the same subnet, how do the packets travel to loopback ? Is it through other ethernet for e.g. physical interface. So if the ethernet interface was down how would I reach the loopback.
And if the loopback ip is multiple hops away from the remote connecter, would the routes towards loopback interface need to be advertised.
Just interested in knowing how does loopback work for management purpose.
"And if the loopback ip is multiple hops away from the remote connecter, would the routes towards loopback interface need to be advertised."
Yes basically. You need to advertise your loopbacks via your your routing protocol so they can be reached.
To reach the loopback, yes you will enter a physical interface. If that interface goes down and that is the only interface that you can use to connect to the loopback you will not be able to reach the loopback (but the loopback would stay up).
However in a lot of topologies there are usually more than one entry point into the device especially a 6500.
Essentially you could use any IP address on the switch for management purposes. If you create a loopback IP address and wish to use it across your network you will need to advertise it.
Can I define the loopback interface to be of the same network as the other ethernet interface on the same device. Is there any issue with that ?
Could you also please explain the use of interface null0. I couldn't completely understand from cisco.com materials.
"Can I define the loopback interface to be of the same network as the other ethernet interface on the same device. Is there any issue with that ?"
No because the switch/router will come back with an error about an overlapping subnet address.
Null0 is used for a number of things. Basically if a route points to Null0 any packets that match that route will be sent to Null0 ie. not forwarded.
Is there anything in particular you are thinking of in terms of Null0 usage.
With regards to loopback, I would like to maintain single subnet throughout the network i.e. for management purpose. But it doesn't seem possible due to presence different routing devices in the path. I don't think all the loopback interfaces can be part of the same subnet if they are spread around. Which means that just for the different loopback networks, I will have to advertise/define routes for loopback throughout the network. What is an ideal way of using loopback for management/syslog purpose.
I was trying to use Null0 as security/performance best practice. I believe in presence of a default route, null interface has no benefit. Please suggest.
You can create a subnet specifically for loopback IP addresses, and use a 32 bit mask on each device and advertise the whole loopback address space in your routing protocol. you can also source things such as syslog, telnet, NTP..etc from your loopback interface.
What I think you are talking about using null0 for your default route which will drop all the packets whose destination address couldn't find any match with any of the routes in the routing table.
P.S. Sorry Jon for the cross posting.
"You can create a subnet specifically for loopback IP addresses, and use a 32 bit mask on each device and advertise the whole loopback address space in your routing protocol. "
Can you please give me an example of this. In my topology, there is Cat6500 which has vlans outside and inside FWSM. Also, there are switches and routers outside as well as inside the FWSM. I would like to use loopback on all the routers and switches. Do you mean for every loopback address /32, an additional entry would have to go into the routing tables across the path.
It depends on where you are routing from and to. So lets say you had a data centre with multiple devices and you accessed these devices from a remote site then you could advertise out just the /24 loopback address subnet from your DC.
But if you are in the same building or campus then advertising the subnet may not work and you may indeed to advertise each loopback as a /32.
You need to fit this to your topology. For example the last place i worked we have 100's of sites and each of the larger sites and it's satellites were allocated /24's for management and then these were advertised across the WAN to our other sites.
In my case, I will be accessing all the devices within a single site from behind FWSM. So what I understand from your suggestion is that I will have to use /32 advertisement. Would it make any difference if I were to use static routes for /32.
You could advertise either the individual loopback IPs or the subnet all together depending how widespread you want the IPs to go.
I found a good link should help you understand further.
You could also use different subnets to segment the different areas of your network.
Is it better to use routing protocol for loopback interface for management puropose or should static routes be good. If it is routing protocol which one is advisable. Currently, we have single topology and no routing protocol is used at the moment.
Also, in case of default route is interface Null0 required.
a routing protocol is a better choice otherwise the number of static routes can become difficult to manage.
You can use EIGRP that provides support for classless routing.
to be noted the routing protocol can also provide a dynamic default route to all devices.
in this case a floating static route to null0 is needed only on the device that generates the defualt route in EIGRP
Hope to help
It really depends on your current configuration/topology. A routing protocol generally is much easier to configure especially in a decent sized network.
Once again recommending a routing protocol really depends on the network and/or topology. I like to use EIGRP when I can (requires a Cisco only network), and OSPF is also good for a multivendor network.
If you don't mind configuring static routes for your management traffic then that will work just fine too.
The loopback must be on a different network than your regular address space. You can take a private class C address space and create a /32 address on each one of your devices.
ip address 192.168.1.1 255.255.255.255
interface Null0 is often called the "bit bucket" as that's what it does is drops the packets. There are many uses suck as "black holing" or for loop prevention.
If I am in network1 i.e. 18.104.22.168 /24 subnet which is the management VLAN. Now the router ethernet is outside this network i.e. network2 with 22.214.171.124 /24. If I create a loopback address on the router such as 126.96.36.199 how can I access it from network1.
Because network1 will assume that 188.8.131.52 should be available on the same VLAN. And it will not pass it on to the next hop if /32 route is defined for 184.108.40.206.
I can see the confusion.
If the device your are trying to manage is separated by a number of L3 hops then you cannot use the same subnet in 2 different locations because as you quite rightly point out this can't work. This is why i wrote this -
"But if you are in the same building or campus then advertising the subnet may not work and you may indeed to advertise each loopback as a /32"
What i meant by this is exactly what you are referring to ie. you may not be able to advertise as a subnet. Where i was talking about advertising a subnet was in the following example
Site 1 is your location
Site 2 is a remote site that is routed to from site 1.
So within Site 2 you can use a /24 or /25 etc.. subnet for all loopbacks. But within that site if you wanted all devices out of the same subnet they would need L2 adjacency precisely because of what you pointed out. Doesn't matter if you advertised them within that site as /24 addresses or /32's, they still need L2 adjacency if they are out of the same subnet.
But from outside the site you can advertise as a /24, /25 etc.. and route across your WAN to that site.
Hope that's cleared up some of the confusion.