Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
5790
Views
0
Helpful
4
Replies

Loopback interface for management?

louis0001
Level 3
Level 3

‎09-21-2017 11:45 AM - edited ‎03-08-2019 12:07 PM

Hi,

I took over a flat network some time ago and have now divided it into different subnet's/vlans

The original routers were on a 10.1.X.1/24 vlan 1

I've now subneted that to:

10.1.X.1/24 vlan101 = management
10.2.X.1/24 vlan102 = data
10.3.X.1/24 vlan103 = voice
10.4.X.1/24 vlan104 = guest

Am I better off, moving the management ip address to a loopback interface rather than a sub interface?
I don't want anybody being able to access the management subnet which is easy by applying an access list to the sub interface but I'm not sure if it can be done for a loopback. Or even, would I gain anything this way?

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎09-21-2017 11:59 AM - edited ‎09-21-2017 12:00 PM

It's not clear exactly what is on the management subnet other than the router and who, in terms of source IPs, should be allowed to access that subnet. 

 

A bit more information would help. 

 

Jon

0 Helpful

louis0001
Level 3
Level 3
In response to Jon Marshall

‎09-21-2017 12:04 PM

Hi,

it's only other routers, switches, wireless access points etc and only network admins should be able to access that.

We have it setup like this already and it works. I'm just wondering if there is any advantage to assigning that ip 10.1.X.1 to a loopback rather than say g0/0/0.101

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to louis0001

‎09-21-2017 12:08 PM - edited ‎09-21-2017 12:09 PM

It depends on your topology, so which device is doing the routing for the management subnet, what are the admins source IPs etc. 

 

If, for example, the router you posted the configuration from was the L3 device that routed traffic to and from the management subnet then you could not use a loopback. 

 

Jon

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎09-21-2017 02:42 PM

Jon makes a really important observation when he says that it depends on your topology. Since we do not know much about your topology it is difficult to give you a good answer. Please provide information about the topology.

 

Having asked for more information, I am going to make a guess about part of the topology. Since you indicate that currently the management address of 10.1.X.1 is configured on interface g0/0/0.101 then I am going to guess that the router is connected to a trunk port from a switch where the various vlans are operating. If that is the case then there is a simple answer to your question. You should not try to move the management address to a loopback interface. You need the management address to be associated with that vlan (and to be able to arp for addresses in that subnet). You can do that if the address is on the subinterface but you would not be able to do that if the management address is on a loopback.

 

HTH

 

Rick 

HTH

Rick
0 Helpful
Top