![]() ![]() To access and manage switches remotely, the primary concept of IP connectivity is the management VLAN which is an arbitrary VLAN that is created, active, allowed on at least one switchport (access or trunk), and has its interface Vlan created, configured with an IP address and activated. This makes the loopback interfaces effectively unreachable. These switches are incapable of routing whatsoever, or they have no way of advertising their loopback interfaces in a routing protocol. This is the reason loopback interfaces do not make much sense on Layer2 switches and on limited-feature Layer3 switches. Routing is the only function that can accomplish that. ![]() As suprising as it may sound, this is exactly what you need - you are in a particular network (10.0.33.0/24 for example) and you want to reach a destination that is outside that network. If you want to reach this loopback from your VLAN 33, you must have routing activated on the switch. In that case, you have to understand that each loopback interface is a separate, standalone and different network interface (even though a virtual interface) from all other interface on the device. You did not explain what is the IP address of the loopback on your Catalyst 2960 but I assume that it is in a different subnet than 10.0.33.0/24 (just as it should be). Regarding reading about management VLANs - I suppose that googling for it will produce myriads of results. There is no benefit gained by using loopback interfaces on Layer2 switches. However, Layer2 switches normally have only one IP address and that one is already enough for management purposes. ![]() Once the SVI has its IP address assigned, why would you want to put the address on some other interface? Loopback interfaces are mostly usable on routers which have many IP addresses so that the loopback interface can be used as a single IP for the entire router. interface Vlan 123 is automatically associated with VLAN 123 and can never, ever, be associated with any other VLAN SVI is by its very definition associated with its (and only its) VLAN e.g. Correct be aware that you do not assign SVIs to VLANs.Finally, each switch has its default gateway out of its management VLAN configured - assuming the router that also must be connected to the VLAN 1000 has its IP address 10.255.255.254. Then, the interface Vlan (SVI) for VLAN 1 is shutdown, as the VLAN 1 is not going to be your management VLAN anymore, and instead, a SVI for VLAN 1000 is created and an IP address is assigned to it. This simple example assumes that all switches are already connected together via trunks so that VLAN 1000 can span all of them. So each of your switches would then be configured as follows: Let's say you have decided to have VLAN 1000 as your management VLAN. Assume 4 switches in your network, connected together via trunks. The address will be assigned to the interface Vlan you create for the particular management VLAN. If I don't use the same subnet for the loopback, how do I manage the switch via telnet/ssh over the network? It seemed like according to the other discussion, there would have to be some kind of other subnet for the loopback interface than what was already being advertised by the router for the VLAN SVI - do I get that correctly?īut then, if I do want to create a management VLAN for the express purpose of being able to manage the L2 devices via telnet/ss h, they need to have an IP address and that needs to be on the loopback interface, right? If the loopback IP address in on the same subnet as that assigned to the VLAN on the port coming into the switch, wouldn't it just switch the traffic over to the loopback interface? Why won't it answer the ARP request? I looked for the pings in Wireshark, but to my surprise they didn't exist! Then I captured again to see why I missed them, and subsequently discovered that the ARPs aren't being replied to by the loopback.īut this I don't think I understand. This is being routed over an 881 using an SVI (with 10.0.33.1) on the back side. I can't ping the loopback on a Catalyst 2960. I don't really understand why the answer to the question worked before, but I have an almost identical problem. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |