Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2332
Views
20
Helpful
8
Replies

Switch management - best practice

Go to solution
johnny_5
Level 1
Level 1

‎02-13-2020 06:57 PM

Network infrastructure consists of multiple stores connected with MPLS, everything back hauled to our data center for internet and resources. Every store has a router and a switch on premise, except for one which i will get to in a moment. Every router and switch has a Loopback assigned for us to connect.  At one store we have the router and 2 switches, think a main backbone  (L3 - 3850)and a downstream (L3-3750). Today the last PC got moved off of VLAN 1 on the downstream switch and immediately we lost remote connection. The switch is up and operational but I have no connectivity. Both switches are running EIGRP. Looking at the configs it appears that the downstream switch had it default gateway and an ip route statement using the IP address on VLAN 1.

Before my time the loopbacks were setup to use a single IP and get advertised in EIGRP.  Is there a best practice to setup a connection between 2 L3 switches? We were using the IP address of VLAN 1 to connect to this downstream switch as the assigned loopback never worked.

The router to the backbone uses a point to point which is advertised also in the EIGRP table. Is it best practice to use loopbacks at a "management" access IP? Could i use a point to point to connect both switches?

 

 

 

 

 

 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎02-13-2020 07:20 PM

Hi

How to connect 2 switches acting as L3 devices?
You can have them trunked together for all needed vlans and have 1 SVI on each within the same vlan to be able to access them both.
If you want to avoid L2, then it will be best practices to have a p2p link to interconnect them and be eigrp adjacencies
In your case, if I understand correctly, the 2 switches are hosting hosts and you don't need to run eigrp between them, then 1st solution will better. On the 2nd switch, you will have a svi within 1 of the trunked vlans as i said before. Also you want to keep the default gateway command and disable ip routing because not needed.

Loopbacks are preferable for management because you can have an global IP Plan and use it on your acls, monitoring tools.....
Also, when applying ios hardening config, you can apply a standard config on every devices for the control-plane to authorized ssh access, scp... only on loopback interfaces.
Using loopback on a 2nd switch though will require to keep ip routing to make sure you can access it.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

8 Replies 8

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎02-13-2020 07:20 PM

Hi

How to connect 2 switches acting as L3 devices?
You can have them trunked together for all needed vlans and have 1 SVI on each within the same vlan to be able to access them both.
If you want to avoid L2, then it will be best practices to have a p2p link to interconnect them and be eigrp adjacencies
In your case, if I understand correctly, the 2 switches are hosting hosts and you don't need to run eigrp between them, then 1st solution will better. On the 2nd switch, you will have a svi within 1 of the trunked vlans as i said before. Also you want to keep the default gateway command and disable ip routing because not needed.

Loopbacks are preferable for management because you can have an global IP Plan and use it on your acls, monitoring tools.....
Also, when applying ios hardening config, you can apply a standard config on every devices for the control-plane to authorized ssh access, scp... only on loopback interfaces.
Using loopback on a 2nd switch though will require to keep ip routing to make sure you can access it.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
johnny_5
Level 1
Level 1
In response to Francesco Molino

‎02-13-2020 07:43 PM

It may be best to show you a snippet of the issue - remote connectivity.

Backbone1

router eigrp 50

network 172.18.1.116 0.0.0.3<<<point to point with Router

 network 172.18.5.34 0.0.0.0 <<<Loopback address

network 192.110.100.0

 eigrp stub connected summary

ip default-gateway 192.110.100.1

interface Vlan1
ip address 192.110.100.1 255.255.255.0

 

Downstream1

router eigrp 50

network 172.18.5.35 0.0.0.0<<<Loopback address - unable to connect

 network 192.110.100.0

 eigrp stub connected summary

ip default-gateway 192.110.100.1

interface Vlan1
ip address 192.110.100.1 255.255.255.0

 

Also when the change was made we created a loopback address for the 198.110.100.x network on our CORE switch within out datacenter for some NATing we preform on our ASA. To circle back I can remotly connect to the store router and the backbone switch but not the downstream switch(using loopback or VLAN IP).

 

 

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to johnny_5

‎02-13-2020 08:50 PM

Why do you have the same ip on both switches for VLAN 1?
Is it a copy/paste error on the forum or really the config applied?
As you don't have access to your downstream switch, change the ip of your backbone switch.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
johnny_5
Level 1
Level 1
In response to Francesco Molino

‎02-14-2020 04:42 AM

Yes that was a typo, my apologies!

Downstream1

interface Vlan1
ip address 198.110.22.6 255.255.255.0

 

I'm a bit confused, if I can access the backbone currently via the loopback 172.18.5.34 then why change it? For the infrastructure as a whole we are using the 172.18.5.0/24 range for the loopbacks for all cisco devices. If I had another IP available in that range 172.18.5.x would assigning it to VLAN1 on the backbone and by using the ip route statement on the downstream and then advertise in EIGFRP correct the issue?

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to johnny_5

‎02-14-2020 10:25 AM

Backbone1

router eigrp 50

network 172.18.1.116 0.0.0.3<<<point to point with Router

 network 172.18.5.34 0.0.0.0 <<<Loopback address

 

If I had another IP available in that range 172.18.5.x would assigning it to VLAN1 on the backbone and by using the ip route statement on the downstream and then advertise in EIGFRP correct the issue?

172.18.5.34 is already assigned to loopback interface on the core. If you try to assign another IP in the 72.18.5.x/24 range to vlan1, you will get a duplicate address error. That is the reason, you need a different subnet for vlan1.

HTH

 

 

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to johnny_5

‎02-15-2020 04:50 PM

Ip of vlan 1 on your downstream switch is in a different subnet that the svi vlan 1 from backbone.
This means your eigrp neighborship isn't coming up.
Can you share the show ip eigrp neighbo please?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
johnny_5
Level 1
Level 1
In response to Francesco Molino

‎02-26-2020 01:59 PM

I created a new VLAN/30 for the switches to communicate. When I removed the default gateway statement off of the downstream i lost remote connectivity again. I added the IP of the backbone as the default gateway and it worked. Thank you for your assistance.

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to johnny_5

‎02-26-2020 07:09 PM

You're welcome.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card