Solved

cisco 3550: assigning an ip to a loopback, but not able to ping it.

Posted on 2004-09-07
10
1,006 Views
Last Modified: 2012-06-27
Hi all,

I'm having a problem (probably conceptual) with assigning an ip to a loopback address, and then pinging it.

There are six 3550 switches (without the routing addon).  These switches are clustered, and there are 3 vlans on the cluster.

The six switches are hostnamed:

LAN_A_S1            LAN_B_S1
LAN_A_S2            LAN_B_S2
LAN_A_S3            LAN_B_S3

The vlans are LANA, LANB, and BIZ

vlan1 is LANA is 10.10.1.0/24
vlan2 is LANB is 10.10.2.0/24
vlan5 is BIZ     is 192.168.1.0/24

The cluster master is LAN_A_S1, and has 10.10.1.111 assigned to vlan1.  There are no other ips on the switches.

Altho we had intended to segregate LANA and LANB with the corresponding switches, it didn't turn out that way, so the LAN_A_x switches have machines on all the vlans on them, as do the LAN_B_x switches.

vlan1 is where most of the machines are at, and most of the traffic occurs.

There is no routing between the vlans.

I'm a CLI kinda guy, so following my usual practice, I went to assign ips to loopback0 on each of the switches as follows:

LAN_A_S1      10.10.1.112
LAN_A_S2      10.10.1.113
LAN_A_S3        10.10.1.114

LAN_B_S1             10.10.2.112
LAN_B_S2         10.10.2.113
LAN_B_S3       10.10.2.114

Now I go to my desktop machine (gentoo linux ip 10.10.1.176) to ping the LANA switches, and....nothing.
I can ping the LAN_A_S1 vlan1 ip (10.10.1.111), but not .1.112 or .1.113 or .1.114.

ditto for the 10.10.2.0 vlan from another machine (10.10.2.176).

Since I can ping the vlan1 ip, but not -any- of the loopbacks, I'm sure I'm missing/ forgetting something, but I don't know what.  Any pointers welcome.

Another question is what the the subnet mask should be?  I've used 255.255.255.0 for everything, but maybe on the loopbacks it should be 255.255.255.255?  On the other hand, all the configs have no ip classless in them.....

Another question is...why was LAN_A_S1's ip assigned to the vlan, and not the loopback?

Thanks in advance!




0
Comment
Question by:amlp
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 12001478
If you want to ping the looback interfaces you need to have some kind of routing enabled. They are a virtual internal interface, 1 hop away from the VLAN interface.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 12001528
But why are you bothering with loopback addresses? A switch just needs a management address, which isconfigured on the vlan interface.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 80 total points
ID: 12001645
Just because they are managed as a cluster does not mean that each one cannot have its own IP address. They are managed on VLAN1 typically.

Just assign the IP's to VLAN1 interface.

OR, as Mike suggested, you need to have L3 routing enabled, run some dynamic routing protocol so that the loopback interfaces are propogated to each other.

I just did an experiment. I was not sure that it would work, because you cannot assign a loopback interface to a particular vlan.

Between my 3550 L3 switch and a router, I am running OSPF and redistributing connected. However many loopback addresses I decide to add to the 3550, as long as each is a separate subnet, the router learns the route to them and I can ping them from anywhere.

The issue is that a loopback is a dis-jointed connected interface, and each one needs to be a separate subnet. The subnet can be 255.255.255.255 ...

C3550L3>
!
!
interface Loopback1
 ip address 192.168.124.1 255.255.255.0
!
interface Loopback2
 ip address 192.168.125.125 255.255.255.255

C1602>
O E2    192.168.125.125 [110/20] via 192.168.122.253, 00:00:06, Ethernet0
O E2 192.168.124.0/24 [110/20] via 192.168.122.253, 00:08:55, Ethernet0

My PC is 192.168.122.150, connected to vlan 2 on the 3550:

C:\WINDOWS>ping 192.168.124.1

Pinging 192.168.124.1 with 32 bytes of data:

Reply from 192.168.124.1: bytes=32 time<1ms TTL=255
Reply from 192.168.124.1: bytes=32 time<1ms TTL=255
Reply from 192.168.124.1: bytes=32 time<1ms TTL=255
Reply from 192.168.124.1: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.124.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms


C:\WINDOWS>ping 192.168.125.125

Pinging 192.168.125.125 with 32 bytes of data:

Reply from 192.168.125.125: bytes=32 time=1ms TTL=255
Reply from 192.168.125.125: bytes=32 time=1ms TTL=255
Reply from 192.168.125.125: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.125.125:
    Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms
Control-C
^C
C:\WINDOWS>

0
 

Author Comment

by:amlp
ID: 12002255
so, if I understand:

1.  the loopbacks are 'disconnected' from the backplane, so to speak;  they are not a 'virtual port' into the backplane.  They're just sitting there not really connected to anything?

2.  Standard practice for -switches- is to assign device ip's to the appropriate vlan (usually vlan1).  So if there are 3 vlans on a switch, then you need three ip's per switch, assuming you want the switch to have a 'pingable' presence on all the subnets.

3.  If you are routing between the vlans, then the loopbacks can form a sort of 'virtual vlan'; in fact they have to if they are going to be useful?    If not, then what is the use of the loopbacks?

Thanks very much for the prompt responses!



0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12003199
1. yes

2. not necessary on a stack. The stack vlan interfaces should have ip on them. You can assign an iP to vlan1 interface on each switch, but the stack master sort of takes over and there is only one vlan1 interface.

3. Not really. They are just more or less dis-connected 'hosts', one host on each switch that is outside the vlans. I guess that could be construed as a 'virtual vlan'. Loopbacks do have purposes, but I've never seen one used on a switch this way...i don't know why you couldn't use it for just the purposes that you are intending, to give each switch a pingable IP address, even in a stack.

Hmmm.... now that I think about it, if you create a loopback, it is only on the stack master, or do you see it in the individual configs? Oh, wait, there are no individual configs, it is just one stack config...see #2 above....what was it again that you were trying to accomplish?

0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 45 total points
ID: 12008188
Loopbacks are usually used on a router, to give it an address that will be reachable as long as one physical interface is up. It's also used to stabilize some routing protocol configurations such as in OSPF and BGP- but that's irrelevant right now. In your case, the VLAN interface is always up as long as one switch port is up, so it serves the same purpose as a loopback on a router.

You only need one VLAN interface to have an IP. If you have multiple vlans, presumably you have a way to get between them- either the basic routing function on a 3550 or some knd of external router. So anyone on any subnet ought to be able to ping the switch.
0
 
LVL 11

Expert Comment

by:PennGwyn
ID: 12008448
> The issue is that a loopback is a dis-jointed connected interface, and each one needs to be a separate subnet. The subnet

MASK

> can be 255.255.255.255 ...

This is the issue.  In order to route properly, the loopback addresses cannot be on the same subnet as any other interface on the box.  You've tried to assign addresses that lie within the VLAN ranges, and so they never get routed to the loopback interfaces.

0
 

Author Comment

by:amlp
ID: 12008652
The original goal is to get all the switches (and other things) to log informational messages to a loghost I have running on 10.10.1.176.  I discovered from some googling that logging only works if ip's are assigned (which kinda makes sense, since a switch is a layer 2 device).  I have other questions about that, but that should probably be a different set of points.

Thank you all.
0
 

Author Comment

by:amlp
ID: 14031683
If I may followup on this, I think I see what is confusing me on this.

From the accepted answer:
> Just because they are managed as a cluster does not mean that each one cannot have its own IP address. They are managed on VLAN1 typically.

>Just assign the IP's to VLAN1 interface.

My thinking was the whole vlan1 (or vlan2 or vlan6 or whatever) had a -single- ip across -all- the 3550's, so that if I ping vlan2-ip, it is not possible to tell whether the return is from one switch or another.

Reading the above discussion implies this is incorrect.  A given vlan may be abstracted across several 3550's, but the ip assigned to that vlan on a given switch is specific to that vlan on that switch only.

Is this correct?

thanks
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 14031717
Yes. IF the switches are NOT clustered, then each one has its own IP address identity.
IF the switches ARE clustered, then only VLAN1 has a single identity for the entire cluster, and the cluster "master" will be the one answering.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now