IP Management for Remote site or Branches on Cisco Router

sabetghadam.me@gmail.com · ‎07-05-2021

Hello everybody.

I hope everything goes well for you.

I have a problem with IP management on our Devices.

we assigned IP on physical interfaces that are the gateway of our users in branches. so behind the physical interface are a lot of users, devices, and so on. I want to harden our devices and base on the cisco harden documents we need to assign IP managment on a loopback interface because Loopback interfaces are always up, whereas physical interfaces can change state, and the interface can potentially not be accessible.

Unfortunately, we have some limitations such as

1- behind the physical interface ( earlier management ) we have a lot of devices (switches, computers,..) that should have a gatway.

2- when we assign an IP address on the loopback interface we lose our connection behind the physical interface that is gataway.

Could you please give me your advice?

Thank you.

Mehrab

Seb Rupik · ‎07-06-2021

Hi there,

In the interest of route summarisation you should choose a loopback /32 unused address from the branch sites IP address allocation. Configuring and enabling this interface should not impact the IP routing for local devices.

It sounds like you may be assigning the public IP to this loopback, which may explain the outage you are experiencing.

Assuming you are running VPN to your branch sites, simply advertise the /32 address via your IGP towards your HQ site. This will provide reachability for your NMS for monitoring.

cheers,

Seb.