cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6061
Views
18
Helpful
19
Replies

Loopback not reachable

mtechnology
Level 1
Level 1

i have a network setuop as attached.

All the access switches are 4506 with SUP 2 plus (l3 capable but are being used as L2)

These get connected to Core switches which are 4506 with SUP V.

Each access switch is configurd with a VLAN 1 ip address as well as a loopback address. We want to use the loopback IP for remote monitoring. Default route is configured on each access switch.

But i am not able to reach the switches via the loopback IPs. The trace drops at the core routers.

Am i missing something with this setup ?

19 Replies 19

mtechnology
Level 1
Level 1

network diagram attached

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Do you have routes to get to the loopbacks. If your switches are L2 only they won't propogate routes for the loopbacks. You would need to enter static routes for these on your L3 devices and redistribute into EIGRP.

HTH

Jon

Danilo Dy
VIP Alumni
VIP Alumni

vlan1 interface in l2 switch are shutdown by default. Make sure to execute "no shutdown" after creating the vlan1 interface

!

interface vlan1

no shutdown

!

I am not clear about part of what is being done here and seeing configs might help. But I believe that the issue is that the access switches are being used as only layer 2 switches. A layer 2 switch can have only a single management address. But it sounds like the original poster is attempting to have 2 management addresses: they are using VLAN 1 for management and are trying to use loopback for management. I do not believe that both will work if the switch is used as only layer 2 switch.

HTH

Rick

HTH

Rick

Hi Rick

I agree that a true Layer 2 switch can only have one management interface. However what the original poster is talking about is a layer 3 capable switch that is not routing. If i have understood this correctly you can indeed have another interface on the switch but because it is not routing the loopback will not propogate through the network. ie

On a 3550 switch in our lab.

The 3550 has a vlan 10 interface with an address of 10.15.1.3.

I added a loopback interface - loopback10 with an ip address of 192.168.75.1.

I made sure that the switch was not routing ie

no ip routing

Then on the router with an interface in the 10.15.1.x subnet i added a static

ip route 192.168.75.1 255.255.255.255 10.15.1.3 and redistributed this static into EIGRP.

I could ping the loopback from anywhere in the lab.

Is this a fair thing to do in terms of the original question or have i missed the point ?

Jon

Jon

As I said in my post: seeing configs would help. Then we would know better what they are trying to do. Based on the symptoms described I am guessing that they have not provided static routes in the core for the access switch loopbacks, which you did.

I would say that what you did is quite fair as a way to find what works. Whether it is fair in terms of the original question would depend on the full environment of the original question which we do not know. But I think that you did well to demonstrate a way to get it to work.

My opinion is that if they want to operate the access switches as just layer 2 switches, that there is no real advantage in configuring loopback interfaces. It just complicates things and I do not see any real advantage in it. Loopback interfaces have a real advantage when there is more than 1 layer 3 path to the device. But in this situation there is only a single layer 3 path and they are entirely dependent on the operation of the VLAN 1 interface. I think that they would be as well off (and configuration would be more simple) to have remote management use the VLAN 1 interface address as a loopback address.

Perhaps the original poster can clarify the reasons that they chose to implement loopback interfaces on layer 2 switches.

HTH

Rick

HTH

Rick

Rick

I agree entirely in that i cannot see what advantage is to be gained by using Loopbacks on the layer 2 access switches as each switch will be identifiable by one IP address only.

Where i was a little concerned was in your statement

"I do not believe that both will work if the switch is used as only layer 2"

and i was attempting to clarify what makes a switch layer 2 vs layer 3. Is it just whether you turn on "ip routing". If so then clearly you can have 2 ip addressable interfaces on a L3 capable switch even if you run it as a layer 2 switch.

HTH

Jon

Jon

I believe that we do not have a clear understanding of what the original poster is doing when he says that the access switches are layer 2 only. Your point is well taken that even if most of the layer 3 capabilities are not being used (no ip routing) that if it is a layer 3 capable switch then certain layer 3 capabilities will be present such as the ability to configure more than 1 layer 3 interface. In my original response I was perhaps overly focused on the operation as layer 2 only and not sufficiently focused on the native capability of the platform.

HTH

Rick

HTH

Rick

bvsnarayana03
Level 5
Level 5

Either you have the IP add of Vlan removed or add a static route on your core switch pointing to loopback & redistribute in to routing protocol running on core.

Jon,

your understanding is correct.

Please find the core and access switch configs.

I am able to reach till the core from remote locations but not able to reach the access on loopback.

you are going to need a static route on the core switch

ip route 134.251.20.98 255.255.255.224 134.251.21.4

I see you are redistributing static so this should do the trick.

you may want to apply a default metic in eigrp.

From the core switches (2 of them right?) you need to route the access switch loopback ip address to the access switch vlan1 ip address.

! ip route access_switch_loopback_ip_address 255.255.255.255 access_switch_vlan1_ip_address name access_switch_name-loopback#

ip route 134.251.20.98 255.255.255.255 134.251.21.4 name CC_TF_4506_SW1-L9

NOTE: I use host routing rather than subnet/network routing because I can't open your diagram :) therefore I can't see how all access switches connections to core switch. I assume each access switch is directly connected to the core switches as what the access switch and core switch configuration suggests and good design suggests.

one more item, the reason the loopback is not reachable is because it is a virutal interface. There is not a physical segment associated with the 134.251.20.98 255.255.255.224 segment.

Also since this is a loopback a /32 would be more efficient use of address space

i have a loopback address assigned to even the core switch int the same ip address range.

i.e 134.251.20.121/27

This would mean the loopback address configured on the access switches would be in the routing table as a connected segment.

Do you think adding a static route to the loopback would help. according to me the connected route would take precedence.

i dont think adding these routes should be of any help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco