After discussing the issue

Eric R. Jones · ‎04-26-2016

Hello, I'm probably making this harder than it is but here we go.

we are reconfiguring our network and wish to use loopback address at the core and two distro switches, all 6500 series.

routing will be at the core and distro with the edges having no dynamic routing protocols configured.

the core and distros will be running ospf and have loopback address assigned.

should the edges also have loopback0 configured or just assign the loopback subnet from the distros as the switches IP address?

with the distros configured for ospf won't they pickup the edges as directly connected devices and routed to the core?

with this in mined we can ssh or putty to each device and as long as we use ACLs properly we can deny general access the subnet by non management PCs correct?

ej

Marvin Rhoads · ‎04-26-2016

Yeah you might be making it harder than it needs to be. :)

Most loopback interface implementations I've seen use a /32 for the loopback addresses. If, however, you're using a larger subnet like a /24 then you could have the edge/access switches in that same subnet with connected routes getting their management to/from the distribution layer.

Note that connected won't automatically redistribute into OSPF in the event of differing subnets, but a command or two will take care of that.

I generally advocate a management VLAN with SVIs used for the switches management IP addresses; but then I came up as a switching guy more than a routing guy so I tend to work with the tools I learned earlier. I do use the separate magement interfaces with their own separate VRFs when I have the opportunity but few of the types of enterprises I typically work with are interested in having a true out of band management network.

Eric R. Jones · ‎04-26-2016

I have not worked on routers except when studying for the CCNA.

I live in a switch world so our layout is 6500 cores, 6500 distro and 3750/3850 edge devices.

On each core and distro turn on the dynamic routing protocol of choice. Setup the IP addresses/interfaces to be routed.

Then:

Create on each edge a management vlan and svi and associate it to a port that is directly connected to a distro switch.

I now need to tell each edge device it's default gateway is the distro it's directly connected to and since we aren't turning on routing on the edge switches.

ip default-gateway <switch ip address>

I haven't tested this yet just popped in my head.

ej

Marvin Rhoads · ‎04-26-2016

One issue I see with that approach is that the management network will be a /24 (or whatever) at every edge switch. If the distribution layers sees in with the same mask and all that would be OK.

However... normally loopbacks are a /32. Otherwise the L3 switches running you routing protocol are all advertising the same route.

Eric R. Jones · ‎04-27-2016

After discussing the issue with the team I found I wasn't missing information I just miss-interpreted what was being said. I have revisited the plan. The Core shall have a /32 bit mask for its Loopback0 interface and employ OSPF. The distros shall have /32 bit masks for their Loopback0 interfaces and employ OSPF. The management vlan shall have a /27. We set ip default for so edges know where to go. I looked up the differences between ip default, ip default-network, and ip default-gateway so I know when to use which properly. Thank you for the information.

ej

Create management network using loopback interfaces