Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

using loopback on a DMZ switch

Hi all,

I'm trying to set up monitoring of my DMZ switch. All servers in this dmz are in a 172.18.x.x subnet, and all ports on the switch are in a VLAN51. This VLAN only exists on this switch and there is no trunking involved. The switch is a 3550-12T. I'm trying to reach the switch by creating a loopback interface with a 172.18.x.x address. I am unable to ping the switch from any of the servers that are in that subnet. If I do a show arp on the switch I don't see anything. Anybody have any ideas why I can't reach this switch via the loopback interface?

Do I have to give VLAN 1 an IP and try and get there that way?

I have all firewall rules in place properly as I can get to all servers that are on that switch, I just can't get to the switch.

Any ideas on how best to set this up.

Thanks very much,

Steve

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: using loopback on a DMZ switch

Steve

Is there a reason why you want a loopback interface ?.

If you just want the switch to be layer 2 which you very probably do if it is a DMZ switch then shutdown vlan 1, create a vlan51 SVI, assign it an ip address out of the 172.18.x.x range and set the default-gateway to be the DMZ interface on your firewall.

HTH

Jon

7 REPLIES

Re: using loopback on a DMZ switch

Steve,

When you create a loopback interface, then you need to assign it an ip address that is not being used by any SVI and you need to have proper routing for this new IP.

I would suggest to configure an IP which is not on the 172.18.x.x subnet and have proper routing to this IP from the NMS

HTH

Narayan

New Member

Re: using loopback on a DMZ switch

If I understand you correctly, you are saying that I would need to give Loop1 an IP like 10.x.x.x or something other than 172.18.x.x and then setup routing to 10.x.x.x. Is that correct?

Re: using loopback on a DMZ switch

yes you are correct, but as Jon said, if the switch is behaving purely as L2, it is suggested to create the SVI for that vlan on that switch and monitor it with that IP

Narayan

Hall of Fame Super Blue

Re: using loopback on a DMZ switch

Steve

That won't work. You would still need an interface on the 3550 with an ip address out of the 172.18.x.x network.

What you could do is

1) create vlan 51 SVI

2) Assign it an address from 172.18.x.x eg 172.18.1.1

3) Create loopback and assign it 10.x.x.x address.

4) Add route "ip route 10.x.x.x 255.255.255.255 172.18.1.1

This would work with the 3550 still acting as layer 2 switch but then it seems a lot more trouble than it is worth.

Jon

New Member

Re: using loopback on a DMZ switch

you will not be able to ping or access the loopback IP, you may need to enable routing.

Hall of Fame Super Blue

Re: using loopback on a DMZ switch

Steve

Is there a reason why you want a loopback interface ?.

If you just want the switch to be layer 2 which you very probably do if it is a DMZ switch then shutdown vlan 1, create a vlan51 SVI, assign it an ip address out of the 172.18.x.x range and set the default-gateway to be the DMZ interface on your firewall.

HTH

Jon

New Member

Re: using loopback on a DMZ switch

Hi Jon,

I think that is the piece I was missing, I didn't give VLAN 51 an IP. Thanks for your help.

Steve

302
Views
0
Helpful
7
Replies
CreatePlease login to create content