Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9047
Views
5
Helpful
3
Replies

Loopback interfaces vs Management VLAN

Go to solution
Patrick McHenry
Level 3
Level 3

‎07-07-2013 10:07 AM - edited ‎03-07-2019 02:16 PM

Hi,

I wondering about best practices when it comes to addressing. For a new network I thought I would start it right by creating a loopback address and having that the address configured in TACACS and SolarWinds and that being the address we use to SSH to. For the layer 2 switches I'm not sure what to do.

I thought I would also create a Management VLAN on the Core switch and have all other layer 2, Management interfaces in that Subnet/VLAN. But, if there are no interfaces that are up in that VLAN, the VLAN is down and won't be reached. For instance; at one site we will have a stack of switches that will not require any trunks or interfaces that will need to carry the Management VLAN for this to work. Because there are no intrefaces up in the Management VLAN, the VLAN interface shows down.

Is there a practical solution for this?

And is there a way to configure the Management VLAN to always be up even if nothing is on it?

I had another thought - maybe it would be better to have loopback interfaces for routers and also core switches and then create a Management VLAN for layer 2 switches connecting to the core switch?

Thank you for any advice, Pat.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Patrick McHenry

‎07-07-2013 10:51 AM

Pat,

The switches at many of the remote sites are not close enough for copper connections so, I don't really see the use for it

That is very good point.  If you  are not close enough (within a 100 meters) then you can't use the out of band port.

Can you give me an example of how this is deployed/used - physically?

Imagine you have 10 3750X switches, you can connect the out of band port from each switch to another switch and give the out of band port an IP address. So:

example:

switch-1 10.10.10.1/24

switch-2 10.10.10.2/24

.

.

switch-10 10.10.10.10/24

On the collection switch you create vlan 50

vlan 50

exit

inter vlan 50

ip add 10.10.10.100/24

no sh

Once this is done, now you connect the collection switch to one of your routers or switches that are capable of layer-3  and advertise 10.10.10.0/24 subnet.

That will give you out of band management access to all 10 switches.

HTH

Reza

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎07-07-2013 10:18 AM

Hi Pat,

For your layer-2 devices only, you just need to create a management vlan and an svi and add it to the trunk link.  That will bring up the interface even when there is noting connected to it.

so, on layer-2 devices

config t

vlan 20

name mgmt-interface

exit

int vlan 20

ip address 10.10.10.1 255.255.255.0

desc mgmt vlan interface

no sh

Then add the vlan to your uplink

For your layer-3 device, it is good idea to use loopback interface.

Also, the newer switches (3750x, 3560x, 3850 series) all have an out of band management interface.  You can use that to connect all your layer-2/3 switches to another switche, and than connect that switch to your router and have that subnet be routerd.

HTH

Go to solution
Patrick McHenry
Level 3
Level 3
In response to Reza Sharifi

‎07-07-2013 10:28 AM

Thanks Reza.

Yes, I think I will have loopbacks for my routers and layer 3 switches but, then have a Managment VLAN for the Layer 2 Management IPs.

About the out of band management. How is this set up?

I've used the Management port for switches in a DMZ and it is very nice - keeps management secure but, what other use can it serve?

The switches at many of the remote sites are not close enough for copper connections so, I don't really see the use for it. Can you give me an exampke of how this is deployed/used - physically?

Thank you.

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Patrick McHenry

‎07-07-2013 10:51 AM

Pat,

The switches at many of the remote sites are not close enough for copper connections so, I don't really see the use for it

That is very good point.  If you  are not close enough (within a 100 meters) then you can't use the out of band port.

Can you give me an example of how this is deployed/used - physically?

Imagine you have 10 3750X switches, you can connect the out of band port from each switch to another switch and give the out of band port an IP address. So:

example:

switch-1 10.10.10.1/24

switch-2 10.10.10.2/24

.

.

switch-10 10.10.10.10/24

On the collection switch you create vlan 50

vlan 50

exit

inter vlan 50

ip add 10.10.10.100/24

no sh

Once this is done, now you connect the collection switch to one of your routers or switches that are capable of layer-3  and advertise 10.10.10.0/24 subnet.

That will give you out of band management access to all 10 switches.

HTH

Reza

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card