cancel
Showing results for 
Search instead for 
Did you mean: 

Loopback on same network unreachable

Loopback on same network unreachable

Michael_Goodlif
New Contributor II
Hi, I am trying to connect another switch to my network to segregate customer vlan's.

I am announcing my networks as /24's and want to create smaller subnets of these on another switch within my network. So for example create a loopback vlan with a /29 for a single client server connection.

I am testing this in my lab where I have a single network of 192.168.1.1/24. I have created a vlan "InputLB" which is set as loopback and has ipforwarding on. This vlan has 1 port which is active and is connected to the main 192.168.1.1/24 network. This InputLB vlan is assigned the IP address 192.168.1.33/29.

When I try to ping the 192.168.1.33 from any devie on my network, it will not ping. What am I doing wrong? Will this configuration be possible?

Thanks for any help.

18 REPLIES 18

dflouret
Extreme Employee
Each VM should have its own MAC...

Security always means more work....

Michael_Goodlif
New Contributor II
OK, cheers. How do I go about locking Macs to up addresses? Would this cause a problem for example if one of my clients has virtual machines on it's server? Would the switch see the virtual machines mac or the physical mac of the server? I may just go with a simple option of using the subvlans and see if I can get this working on one extended switch from my router. I don't want to over complicate the security and make it unmanagable.  Thanks a lit for all the help. I've learnt a lot.

dflouret
Extreme Employee
Source IP lockdown is a feature that works in conjunction with trusted DHCP servers and DHCP snooping. It is not a functionality that you configure on its own.

You may want to start by experimenting with disabling ARP learning and manually configuring IP to MAC entries.

Michael_Goodlif
New Contributor II
Thanks. I'l just looking at the source-ip-lockdown now but can't seem to find the command to assign the locked IP to the port. How is this done?

I have enabled source-ip-lockdown on one port:

enable ip-security source-ip-lockdown ports 3:49

but the show command returns no ip address:

show ip-security source-ip-lockdown
Ports Locked IP Address
3:49 None

Is this done via DHCP?

GTM-P2G8KFN