Solved: Management interface connectivity using only Loopback interface on ospf

Starfish · ‎02-05-2018

Hello,

I have a C3650 switch (call it switch A), it connects to another C3650 (switch B)which is configured as layer 3 with ospf on it.

Switch A connects to 3 layer 2 4500 switches, nothing else is configured on this switch A except for loopback address.

Can I just configure ospf on this switch A and will it become ospf neighbour to switch B then?

Will this help me with management access to this switch A?

Do I need to configure anything else to bring management connectivity

Richard Burts · ‎02-09-2018

I agree with Jon that the most simple and most direct solution is to configure an SVI, run OSPF on the SVI, and use that for management. But the original poster asked about using a loopback for management and that was what I was addressing. To use the loopback as the management address you need an IP on the loopback and you need an SVI with an IP address and you need to advertise both addresses in OSPF. Francesco suggests redistributing the loopback into OSPF and that certainly is a possibility. But if it were me I would simply run OSPF on both the SVI and the loopback and not bother with redistribution.

HTH

Rick

HTH

Rick

View solution in original post

Jon Marshall · ‎02-05-2018

How is switch A connected to B ie. L2 trunk by the sounds of it ?

If you want to manage all switches you would be better to use a dedicated vlan/IP subnet and assign an IP to each switch and then set default gateway on L2 switches to be L3 switch SVI IP address.

Using loopbacks for management makes more sense when switches are all L3.

Jon

Francesco Molino · ‎02-05-2018

Hi

It seems your switch A is only layer 2 except your management that's a L3 interface.
My question is: are you using OOB management interface or a SVI?
If you're using management svi, and based on your IOS version, you can configure ospf on it and the peering will be built if on the other side you have your management L3 as no passive interface.
Did you tried and get an issue? Or a simple question?

If you need help don't hesitate to come back

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Richard Burts · ‎02-05-2018

Francesco asks a key question when he asks how the switch is configured. The original post describes it as loopback. Francesco asks if it is SVI. and that distinction is critical. A loopback interface is a virtual interface and has no physical interfaces associated with it. An SVI is a virtual interface which is associated with each of the physical interfaces belonging to that vlan. So if you enable OSPF on a loopback interface it is not able to transmit hello messages on any interface, so it will never form any neighbor relationships. If you enable OSPF on an SVI then the OSPF hello messages can be transmitted on any interface (or trunk) associated with that vlan and OSPF neighbor relationships can be formed. So we need clarification from the original poster about how the switch is configured.

HTH

Rick

HTH

Rick

Francesco Molino · ‎02-05-2018

Yeah I asked because he's telling there's a loopback but not sure that management is configured as svi 😀

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Richard Burts · ‎02-06-2018

Agree that the original post was ambiguous about how the management interface is configured. Waiting for the original poster to provide some clarification.

HTH

Rick

HTH

Rick

Starfish · ‎02-08-2018

Thanks for replying guys.

There is no management SVI configured.

Only thing configured is loopback, this particular switch connects to another switch on trunk port and this another switch has ospf and routing to outside.

Can I just advertise loopback under router ospf of the switch and question and bring up connectivity?

Can it build neighbour relationship on trunk port then and have reachability directly?

Or do I need an SVI configured ?

Richard Burts · ‎02-08-2018

Thanks for confirming that the management address is on loopback and not on SVI.

Is there any SVI configured on this switch?

You can (probably) enable OSPF on the loopback interface. But from the loopback interface it will not be able to send hello messages and therefore not able to establish neighbor relationship if loopback is the only interface running OSPF. If there were another interface on the switch running OSPF then you could advertise the address of the loopback through that connection.

HTH

Rick

HTH

Rick

Francesco Molino · ‎02-08-2018

As Richard said, if you want to form an ospf adjacancy, you'll need a SVI interface and after you'll be able to redistribute your loopback ip into that OSPF process.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Jon Marshall · ‎02-09-2018

Don't bother with loopback, just use a vlan dedicated for mangement and create SVI.

Jon

Richard Burts · ‎02-09-2018

I agree with Jon that the most simple and most direct solution is to configure an SVI, run OSPF on the SVI, and use that for management. But the original poster asked about using a loopback for management and that was what I was addressing. To use the loopback as the management address you need an IP on the loopback and you need an SVI with an IP address and you need to advertise both addresses in OSPF. Francesco suggests redistributing the loopback into OSPF and that certainly is a possibility. But if it were me I would simply run OSPF on both the SVI and the loopback and not bother with redistribution.

HTH

Rick

HTH

Rick

Jon Marshall · ‎02-09-2018

Rick

I was assuming switch A was L2 only to be honest as the OP mentions switch B as L3, as well as other 4500 switches which are L2 only.

In that case a loopback would not be applicable.

Even if switch A was L3 you still have the other 4500s so again would use management vlan.

But obviously depends how you interpret original post.

Jon

Joseph W. Doherty · ‎02-09-2018

NB: the other posters have already really covered this, but somethings another description of what you need to do might help.

If switch A is only doing L2, the loopback IP should be unreachable.

Yes, it should be possible to configure OSPF on switch A, but you need some kind of shared network to form an OSPF adjacency between switches A and B.

In a later post, you describe the connection between switches A and B are on a trunk.(?) If so, you might configure an SVI on switch A for any VLAN on that trunk from switch B. Switch B would need a SVI for the same VLAN. On both switches, you would enable OSPF on the common VLAN SVIs. If your other OSPF parameters are set correctly, you should then establish an OSPF adjacency.

Once you have that OSPF adjacency, you could include the switch A's loopback into the OSPF topology. Then you should be able to manage switch A either by its SVI address or by the loopback address.

If you only have the one routed adjacency and just the one routed path, having the loopback in the OSPF topology buys you little. However, having the loopback to be used as switch A's RID would be good practice even if you don't have that IP in the topology.

Richard Burts · ‎02-09-2018

I read again the original post and find that its description of the switch is quite vague. Jon assumes that the switch is layer 2 only and that is a reasonable assumption. If the switch is layer 2 only then Jon is correct that the loopback is not applicable. And the question about running OSPF on the switch is not possible.

Since the description was vague and since the original poster asks about running OSPF on the switch I assumed that the switch was (or could become) layer 3 and answered about that. And I addressed how to make the loopback interface work since that was the original question. I agree that the optimum solution (assuming layer 3) is to not have the loopback and to use an SVI (which could provide management access to the 4500 switches which are clearly layer 2).

We need the original poster to clarify how they want to operate this switch. Is it layer 2 or layer 3?

HTH

Rick

HTH

Rick

Joseph W. Doherty · ‎02-09-2018

Rick, yup, OP is vague, although it did mention that the switch in question is a 3650, which should be L3 capable, although its licensing might preclude using OSPF.

Rick, yes, you did answer how to run OSFP and setup up a loopback - which is why my first statement was a disclaimer basically saying my post was a rehash of information already provided by the other posters. If it seemed I was trying to correct something you wrote, such was not my intention.

As to your last post's remark, if L3, about not having a loopback and using an SVI being an optional solution, we're not in agreement on that. Actually I don't disagree, either. As you say, much vague about this so I cannot say what might be an optimal solution or not regarding using a loopback for device management.

BTW, to OP, as I mentioned, running as a L2 switch, a loopback won't be accessible. However, you can define a IP on a VLAN for management purposes. I.e. if your goal is IP management of this switch, you don't need to run routing on it or use a loopback. Further, although mentioned in the other posts, if you convert this switch to run L3, you still don't need a loopback to use OSPF or to manage it via an IP. Lastly, as I mentioned in this post, to run OSPF on this switch, you may need to insure you have the correct license enabled.