Re: How do I ssh to Loopback interface on Cisco L3 Switch

robjgodfrey · ‎02-02-2011

I have recently deployed a switch to a remote site. After configuring the switch, everything works fine, however, I was unable to connect to the switch through the Loopback interface. What must I do to make this possible.

To get to this device, the remote location has a Cisco 2611XM router, then connected to the router is a Cisco Catalyst 3550 switch, and finally connected to that switch is my Cisco Catalyst 3560 switch.

Here are some details as to how this is setup.

Cisco 2511XM Router (RT-SPR-01) - I can SSH to VLAN1 and Loopback0.

********************************************************

interface Loopback0
ip address 10.109.253.1 255.255.255.255

!

interface FastEthernet0/0

description CONNECTION TO SW-SPR-01
ip address 10.109.1.4 255.255.255.0
service-policy output pq-policy
speed 100
full-duplex

!

ip route 0.0.0.0 0.0.0.0 10.0.0.114
ip route 10.18.0.0 255.255.0.0 10.109.1.1
ip route 10.109.0.0 255.255.0.0 10.109.1.1

!

********************************************************

Cisco Catalyst 3550 (SW-SPR-01) - I can Telnet to VLAN1 and Loopback0.

********************************************************

interface Loopback0
ip address 10.109.253.2 255.255.255.255
!
interface FastEthernet0/1
description CONNECTION TO RT-SPR-01
switchport trunk native vlan 999
switchport mode access
speed 100
duplex full
spanning-tree portfast
!

interface FastEthernet0/48
description CONNECTION TO SW-SPR-02
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk

!

interface Vlan1
ip address 10.109.1.1 255.255.255.0
ip helper-address 10.109.2.41
ip helper-address 10.105.2.11
!

ip default-gateway 10.109.1.4
ip classless

ip route 0.0.0.0 0.0.0.0 10.109.1.4

!

********************************************************

Cisco Catalyst 3560 (SW-SPR-02) - I can SSH to VLAN1 but not Loopback0.

********************************************************

interface Loopback0
ip address 10.109.253.11 255.255.255.255
!
interface GigabitEthernet0/1
description CONNECTION TO SW-SPR-01
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
!

interface Vlan1
ip address 10.109.1.11 255.255.255.0
ip helper-address 10.109.2.41
!

ip default-gateway 10.109.1.4
ip classless
ip route 0.0.0.0 0.0.0.0 10.109.1.4
ip route 0.0.0.0 0.0.0.0 10.109.1.1

!

********************************************************

Please let me know what I am doing wrong and what I can do to fix this issue. I would like to have Loopback interfaces on all L3 switches to allow management through that interface for CiscoWorks and for WhatsUpGold.

Thank you,

Robert

Chad Peterson · ‎02-02-2011

Hi Robert,

Do you have routing enabled on the 3560? Also can you ping the loopback interface? Just want to make sure we can at least communicate to Lo0 at some level before getting into ssh.

Chad

robjgodfrey · ‎02-02-2011

I used the following:

!

ip routing

!

After this I lost my ssh session and had to connect through the neighbor switch. After I entered an ip route I was able to SSH again, but I still got no replies from the Lo0 when I would ping it.

Do I have to specify an ip protocol such as EIGRP?

Chad Peterson · ‎02-02-2011

You'll need to make sure you have a route the loopback address. So if you are using EIGRP you'll need to have your 3560 advertise it.