1. Home
  2. Cisco Systems
  3. lo0 for management

lo0 for management

Hello,

I have been asked to look into a network management system which manages a lot (100+ switches and 100+ routers) of cisco boxes.

The problem is that a lot of the cisco kit has the "wrong" IP displayed for the chassis in the NMS. This happens when the chassis has multiple IPs and the IP required to be displayed is not lo0 or loopback0 (or has an IfType != 24).

So I am wondering if it is a good idea to sugest that the chassis's are reconfigured to have the required management IP always allocated to lo0.

Is that a lot of work? Would this count as tidying up and have other benefits?

TIA

Ton

Reply to
ton de w
Loading thread data ...

it is standard practice when you have routers or similar devices to a) have a loopback configured b) use it for management. c) use it for protocols that need a reliable interface to make them less susceptible to disruptions when a port is down - the OSPF router ID for example, or for Telnet / SSH to the device (even if this is just the DNS entry within your network).

a lot of management setups prefer to have all traps etc from the device use the loopback address to make it simpler to keeptrack of which traps come from where.

on a cisco IOS device, various protocols can be "fixed" to an interface - SNMP trap (and maybe polling), Syslog and Telnet are common for management.

make sure the SNMP settings follow best practice.

can be - depending on topology you may be reconfiguring the interface you are linked to for management - makes it complicated, and error prone.

it is easy to make a mistake as well (this is from bitter experience) - breaking the interface you talk to on a router 5000 miles away is not something i recommend you repeat......

Reply to
stephen

Also if you do not have a loopback configured (or you have one but don't have SNMP, AAA, syslog, etc configured) to use it, the router will use the IP address of the output interface as the source address of the packet. NMS's really hate this, and so will you because you can't just filter on one IP address and get all the traps, logs from the device.

Configure the loopback to use a /32 mask. If you don't have a routing protocol running on each device that you have a loopback, this will be a great deal of work. If you don't have a routing protocol running then the loopback address doesn't get advertised and you will have to use static routes, which is a mess.

Reply to
Thrill5

Is there a magic command for IOS I can recommend to check out the SNMP config for loopback0? To check that other interfaces are not able to respond to SNMP gets or spit out traps?

Reply to
ton de w

To use the loopback interface IP address as the source address for traps use the command: "snmp-server trap-source loopback0"

Reply to
Thrill5

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.