Solved: Re: Loopback Problems

DAVID RICHWALSKI · ‎02-03-2018

I am try to setup a couple of Loopback address on my Cisco 2851 Router....

Here are parts of my config file:

interface GigabitEthernet0/0
description INSIDE

ip address 192.168.0.50 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
no mop enabled

********************

access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark *** GigabitEthernet0/0 SCORPNET ***
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any

************************

So I was trying to create Loopback address:

interface Loopback0
ip address 192.168.0.20 255.255.255.0
!
interface Loopback1
ip address 192.168.0.21 255.255.255.0
!
interface Loopback2
ip address 192.168.0.22 255.255.255.0
!
interface Loopback3
ip address 192.168.0.23 255.255.255.0

I get an error that 192.168.0.0 overlapping with each of the loopback address....

Can someone let me know what I may be doing wrong...

Thanks.......

Jon Marshall · ‎02-03-2018

You cannot use the same IP subnet on multiple different interfaces which is what the router is telling you.

Each interface needs to use a different subnet.

Jon

View solution in original post

paul driver · ‎02-03-2018

Hello

@DAVID RICHWALSKI wrote:

so that is why I am getting the message:

% 192.168.0.0 overlaps with Loopback0
% 192.168.0.0 overlaps with Loopback0
% 192.168.0.0 overlaps with Loopback0%Default route without gateway, if not a point-to-point interface, may impact performance
SETUP: new interface GigabitEthernet0/0 placed in "shutdown" state

So if I understand right I cannot have ANY loopback on the 255.255.255.0 subnet correct?

No that inst correct - you CAN but as stated by Jon/Philip you cannot have the same subnet on multiple interfaces be it loopbacks or any other interface.

192.168.0.20
255.255.255.0

192.168.0.21

255.255.255.0

192.168.0.22

255.255.255.0

etc...

All the above are in the same subnet,

what will work is

192.168.0.20
255.255.255.0

192.168.1.20
255.255.255.0

192.168.2.21

255.255.255.0

etc..

or as stated by philip

192.168.0.20

255.255.255.255

192.168.0.21

255.255.255.255

192.168.0.22

255.255.255.255

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

DAVID RICHWALSKI · ‎02-05-2018

Hi paul.......I just dont understand why it will not work I followed your directions

I added ip subnet-zero to my startup-config

I tried both :

192.168.0.20

255.255.255.255

192.168.0.20

255.255.255.0

I still get the overlap error

View solution in original post

Jon Marshall · ‎02-03-2018

You cannot use the same IP subnet on multiple different interfaces which is what the router is telling you.

Each interface needs to use a different subnet.

Jon

DAVID RICHWALSKI · ‎02-03-2018

so that is why I am getting the message:

% 192.168.0.0 overlaps with Loopback0
% 192.168.0.0 overlaps with Loopback0
% 192.168.0.0 overlaps with Loopback0%Default route without gateway, if not a point-to-point interface, may impact performance
SETUP: new interface GigabitEthernet0/0 placed in "shutdown" state

So if I understand right I cannot have ANY loopback on the 255.255.255.0 subnet correct?

paul driver · ‎02-03-2018

Hello

@DAVID RICHWALSKI wrote:

so that is why I am getting the message:

% 192.168.0.0 overlaps with Loopback0
% 192.168.0.0 overlaps with Loopback0
% 192.168.0.0 overlaps with Loopback0%Default route without gateway, if not a point-to-point interface, may impact performance
SETUP: new interface GigabitEthernet0/0 placed in "shutdown" state

So if I understand right I cannot have ANY loopback on the 255.255.255.0 subnet correct?

No that inst correct - you CAN but as stated by Jon/Philip you cannot have the same subnet on multiple interfaces be it loopbacks or any other interface.

192.168.0.20
255.255.255.0

192.168.0.21

255.255.255.0

192.168.0.22

255.255.255.0

etc...

All the above are in the same subnet,

what will work is

192.168.0.20
255.255.255.0

192.168.1.20
255.255.255.0

192.168.2.21

255.255.255.0

etc..

or as stated by philip

192.168.0.20

255.255.255.255

192.168.0.21

255.255.255.255

192.168.0.22

255.255.255.255

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

DAVID RICHWALSKI · ‎02-04-2018

I am extremely thankful for the help but I tried bot suggestions and i still cannot get it to work..so I have included my config file for you to look at I you may:

!
! Last configuration change at 20:37:56 CST Sun Jan 21 2018
! NVRAM config last updated at 20:40:29 CST Sun Jan 21 2018 by scorpion
! NVRAM config last updated at 20:40:29 CST Sun Jan 21 2018 by scorpion
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec show-timezone
service password-encryption
service sequence-numbers
!
hostname ***********
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging count
no logging buffered
no logging rate-limit
enable secret 5 **************
enable password 7 *******************
!
no aaa new-model
!
no process cpu extended history
no process cpu autoprofile hog
clock timezone CST -6 0
clock summer-time CDT recurring
!
dot11 syslog
ip source-route
no ip gratuitous-arps
!
!
ip cef
!
!
!
no ip bootp server
ip domain name ************
ip host ******************
ip name-server ***************
ip name-server ***************
ip name-server ***************
ip name-server ***************
ip inspect name protocol dns
ip inspect name protocol ftp
ip inspect name protocol https
ip inspect name protocol icmp
ip inspect name protocol tcp
ip inspect name protocol udp
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2851 sn ************
username ******** privilege 15 secret 5 **************
!
redundancy
!
!
ip tcp synwait-time 10
ip ssh authentication-retries 5
ip ssh port ****** rotary 1
ip ssh rsa keypair-name *******
ip ssh logging events
ip ssh version 2
ip ssh dh min size 4096
!
!
!
buffers tune automatic
!
!
!
!
interface GigabitEthernet0/0
description INSIDE
ip address 192.168.0.50 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface GigabitEthernet0/1
description PrimaryWANDesc_SPECTRUM$FW_OUTSIDE$$ETH-WAN$
mac-address *************
ip address dhcp client-id GigabitEthernet0/1
ip address dhcp hostname ***********
ip access-group 101 in
ip mask-reply
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect protocol out
ip virtual-reassembly in
duplex auto
speed auto
ntp disable
no cdp enable
no mop enabled
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
!
ip forward-protocol nd
ip http server
ip http access-class 2
ip http authentication local
no ip http secure-server
!
ip flow-export version 5
ip flow-export destination
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
!
ip access-list extended DenyStdSSH
deny   tcp any any eq 22
permit tcp any any eq
!
logging trap debugging
logging source-interface GigabitEthernet0/0
logging *********
!
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark *** GigabitEthernet0/0 ***
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 100 remark *******************************
access-list 101 remark *** GigabitEthernet0/1 SPECTRUM ***
access-list 101 remark --- SPECTRUM DHCP ---
access-list 101 permit udp any eq bootps any eq bootpc log
access-list 101 remark *******************************
access-list 101 remark --- DNS ---
access-list 101 permit udp any eq domain any
access-list 101 permit tcp any eq domain any
access-list 101 remark *******************************
access-list 101 remark --- SSH ALTERNATE PORT ---
access-list 101 permit tcp any any eq
access-list 101 remark *******************************
access-list 101 remark --- DNSCRYPT ---
access-list 101 permit udp any any eq
access-list 101 permit udp any any eq
access-list 101 permit tcp any any eq
access-list 101 remark *******************************
access-list 101 remark --- PLEX MEDIA SERVER ---
access-list 101 permit tcp any any eq
access-list 101 remark *******************************
access-list 101 remark --- FTPS Explicit (Passive) ---
access-list 101 permit tcp any any eq
access-list 101 permit tcp any any eq
access-list 101 permit tcp any any eq
access-list 101 permit tcp any any eq
access-list 101 permit tcp any any eq
access-list 101 permit tcp any any eq
access-list 101 permit tcp any any eq
access-list 101 remark *******************************
access-list 101 remark --- SFTP (SSH) ---
access-list 101 permit tcp any any eq
access-list 101 remark *******************************
access-list 101 remark --- SOFTETHER VPN ---
access-list 101 permit tcp any any eq
access-list 101 remark *******************************
access-list 101 remark --- DAMEWARE ---
access-list 101 permit tcp any any eq
access-list 101 remark *******************************
access-list 101 remark --- XBOX LIVE ---
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq 3074
access-list 101 permit udp any any eq 88
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any any eq 3074
access-list 101 permit udp any any eq 3544
access-list 101 permit udp any any eq non500-isakmp
access-list 101 remark *******************************
access-list 101 remark --- ICMP ---
access-list 101 permit icmp any any parameter-problem
access-list 101 permit icmp any any net-unreachable
access-list 101 permit icmp any any host-unreachable
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any ttl-exceeded
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any echo
access-list 101 deny   icmp any any log
access-list 101 remark *******************************
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 224.0.0.0 31.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any log
no cdp run
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!

!
line con 0
exec-timeout 60 0
login local
transport preferred none
transport output telnet
line aux 0
exec-timeout 0 1
no exec
line vty 0 4
access-class DenyStdSSH in
exec-timeout 20 0
privilege level 15
password 7 *******************
login local
rotary 1
transport preferred ssh
transport input ssh
transport output ssh
!
scheduler allocate 20000 1000
ntp logging
ntp update-calendar
ntp server 192.168.0.15 prefer source GigabitEthernet0/0
end

paul driver · ‎02-04-2018

Hello

what exactly are you trying to do ?

Jus create loopbacks correct?

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

DAVID RICHWALSKI · ‎02-04-2018

yes just create 3 loopback .....

Philip D'Ath · ‎02-03-2018

Change your loopback subnet masks to 255.255.255.255. They should also be in a different subnet than Gigabit0/0.

DAVID RICHWALSKI · ‎02-03-2018

Well since I only have that single subnet I guess I won't be able to get it to work......

Thanks fo the help

Reza Sharifi · ‎02-04-2018

As others also noted, here is how you can create 3 loopbacks with 3 different IPs,

see example:

interface Loopback0
ip address 192.168.0.20 255.255.255.255
!
interface Loopback1
ip address 192.168.0.21 255.255.255.255
!
interface Loopback2
ip address 192.168.0.22 255.255.255.255

HTH

DAVID RICHWALSKI · ‎02-04-2018

Hello I did that exactly and still get the overlap error

paul driver · ‎02-05-2018

Conf t
Ip subnet-zero

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

DAVID RICHWALSKI · ‎02-05-2018

Hi paul.......I just dont understand why it will not work I followed your directions

I added ip subnet-zero to my startup-config

I tried both :

192.168.0.20

255.255.255.255

192.168.0.20

255.255.255.0

I still get the overlap error

Jon Marshall · ‎02-05-2018

You have used 192.168.0.0/24 on gi0/0 which means your loopbacks cannot use any IP from that subnet.

It is that simple.

Jon

DAVID RICHWALSKI · ‎02-05-2018

I am VERY thankful for EVERYONES help...I FINALLY got it....I had to get my head wrapped adound this.....Paul suggestion of 192.168.1.20 255.255.255.0 it worked...I just did not see it...thank you all for your help