Loopback on same network unreachable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-20-2014 06:25 PM
Hi, I am trying to connect another switch to my network to segregate customer vlan's.
I am announcing my networks as /24's and want to create smaller subnets of these on another switch within my network. So for example create a loopback vlan with a /29 for a single client server connection.
I am testing this in my lab where I have a single network of 192.168.1.1/24. I have created a vlan "InputLB" which is set as loopback and has ipforwarding on. This vlan has 1 port which is active and is connected to the main 192.168.1.1/24 network. This InputLB vlan is assigned the IP address 192.168.1.33/29.
When I try to ping the 192.168.1.33 from any devie on my network, it will not ping. What am I doing wrong? Will this configuration be possible?
Thanks for any help.
I am announcing my networks as /24's and want to create smaller subnets of these on another switch within my network. So for example create a loopback vlan with a /29 for a single client server connection.
I am testing this in my lab where I have a single network of 192.168.1.1/24. I have created a vlan "InputLB" which is set as loopback and has ipforwarding on. This vlan has 1 port which is active and is connected to the main 192.168.1.1/24 network. This InputLB vlan is assigned the IP address 192.168.1.33/29.
When I try to ping the 192.168.1.33 from any devie on my network, it will not ping. What am I doing wrong? Will this configuration be possible?
Thanks for any help.
18 REPLIES 18
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-21-2014 05:26 PM
Each VM should have its own MAC...
Security always means more work....
Security always means more work....
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-21-2014 05:26 PM
OK, cheers. How do I go about locking Macs to up addresses? Would this cause a problem for example if one of my clients has virtual machines on it's server? Would the switch see the virtual machines mac or the physical mac of the server? I may just go with a simple option of using the subvlans and see if I can get this working on one extended switch from my router. I don't want to over complicate the security and make it unmanagable.  Thanks a lit for all the help. I've learnt a lot.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-21-2014 05:26 PM
Source IP lockdown is a feature that works in conjunction with trusted DHCP servers and DHCP snooping. It is not a functionality that you configure on its own.
You may want to start by experimenting with disabling ARP learning and manually configuring IP to MAC entries.
You may want to start by experimenting with disabling ARP learning and manually configuring IP to MAC entries.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-21-2014 05:26 PM
Thanks. I'l just looking at the source-ip-lockdown now but can't seem to find the command to assign the locked IP to the port. How is this done?
I have enabled source-ip-lockdown on one port:
enable ip-security source-ip-lockdown ports 3:49
but the show command returns no ip address:
show ip-security source-ip-lockdown
Ports Locked IP Address
3:49 None
Is this done via DHCP?
I have enabled source-ip-lockdown on one port:
enable ip-security source-ip-lockdown ports 3:49
but the show command returns no ip address:
show ip-security source-ip-lockdown
Ports Locked IP Address
3:49 None
Is this done via DHCP?
