We have a customer network with number of routers/switches. We have a management network to manage devices via telnet/ssh.
On switches we have a vlan interface for switch management while on routers we have sub-interfaces ( 802.1Q trunk, with encapsulation) connected back to the switch for the management.
Customer has ask us to give them a access to router/switches, we have give them telnet/ssh access via management network, to access router remotely customer ssh router (the sub-interface IP address F0/0.10 on router), but when the router interface Fa0/0.10 is down ( because switch at the remote end is down), customer cannot the telnet/ssh to router.
How can I allow customer to keep accessing the router while sub-interface on the router is down ( which they are telneting to)? I am happy to change to router config, but not sure which bits.
I can't create the loopback interface and assign the IP address to it from the managment network as the router subinterface F0/0.10 is already have IP address from that subnet and router gives overlapping mask error message.
I created the new looback interface on router and give is the same IP as of F0/0.10 and configure F0/0.10 as a IP unumbered loopback 0, it;s not working either for me.
Can I somehow configure the router to respond to the telnet/ssh when subinteface is down- I am happy to move the addresses, create new interfaces , change routing etc. but I can't change the network subnet that is already assigned to customer.
You should be able to make the Lo0 interface address with a /32 mask. It can be from an entirely new /24 netblock that is not currently used in your network.
Any device that's routing can use that scheme and will inject its /32 host address into the routing table (along with the networks associated with any other connected and up interfaces) as long as you haven't otherwise filtered it out.
I find several parts of the description of this issue to be puzzling. Is there only the single switch connected to FA0/0.10? If the router connection is a physical connection to the single switch and the switch is down then it makes sense that the router subinterface would be down.
It is not clear to me in the description whether the customer is attempting to access the router or is attempting to access the switch. If the customer is attempting to access the router using the address of FA0/0.10 I can see that this would fail. And it seems to me that an easy alternative would be to allow the customer to access the router using the IP address that connects the router to the customer. If the customer is attempting to access the switch and the switch is down then there is no alternative that will allow access.
I don't want to allocate the new subnet with /32 for the management as it will require many changes in the network such firewall etc.
There will be a single switch connected to the router physical interface F0/0, but there will be a multiple switches hanging off the first switch. ( all switches in the vlan10, including router sub-interface F0/0.10).
Customer will require access to both, switch(es) and router, customer understand that if the first switch ( that physically connects to the router interface F0/0 ) fails, access to all other switches will also fail, which is acceptable. At this point we must have access to router regardless we have lost access to the switch.
Customer want router to be accessible even if the switch(es) are down, as the router at the point router is fine and is still connected to the WAN network. Customer will lose the access to the switch(es) but should not lose the router access.
We have different IP subnets ( VRF's) for the customer data network ( LAN) and the router management, so I can't assign the router management IP address from the customer LAN subnet
Forgot to mentioned that we have three VRF's on router ( vrf-lite/ multi vrf) , one for customer data network, one for router management, one switch ( es) management.
Fa0/0.10 is in the switch management VRF, while router Loopback 0 is in the router VRF.
We have to maintain the vrf's to keep router and switch management traffic separate.
Router is always accessible to us ( not to customer) via router vrf hence its still available even if the router LAN management interface F0/0 is down.
Customer lose the access to both router and switch(es) if the F0/0 down.
The only option I can see would be to allocate a new subnet for customer router management and assign this to a new loopback and put under the switch management vrf.
I do not fully understand parts of your explanation and probably do not understand all of your requirements. But it seems to me that the customer might be able to access your router using the IP address of the interface that provides their physical connection to the router. Would that solution satisfy your requirements?
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts The ProblemOn traditional
switches whenever we have a trunk interface we use the VLAN tag to
demultiplex the VLANs. The switch needs to determine which MAC ...
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts Introduction: Netdr is a tool
available on a RSP720, Sup720 or Sup32 that allows one to capture
packets on the RP or SP inband. The netdr command can be use...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...