Re: lo0 for management
- From: ton de w <ton_de_winter@xxxxxxxxxxx>
- Date: Thu, 29 Nov 2007 05:57:38 -0800 (PST)
On 26 Nov, 01:23, "Thrill5" <nos...@xxxxxxxxxxxxx> wrote:
Also if you do not have a loopback configured (or you have one but don'tIs there a magic command for IOS I can recommend to check out the SNMP
have SNMP, AAA, syslog, etc configured) to use it, the router will use the
IP address of the output interface as the source address of the packet.
NMS's really hate this, and so will you because you can't just filter on one
IP address and get all the traps, logs from the device.
Configure the loopback to use a /32 mask. If you don't have a routing
protocol running on each device that you have a loopback, this will be a
great deal of work. If you don't have a routing protocol running then the
loopback address doesn't get advertised and you will have to use static
routes, which is a mess.
"stephen" <stephen_h...@xxxxxxxxxxxx> wrote in message
news:Xz02j.6579$Bt.1804@xxxxxxxxxxxxxxxxxxxxxxx
"ton de w" <ton_de_win...@xxxxxxxxxxx> wrote in message
news:ea8f96d1-4155-43c6-82ec-d248b96da2b7@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello,
I have been asked to look into a network management system which
manages a lot (100+ switches and 100+ routers) of cisco boxes.
The problem is that a lot of the cisco kit has the "wrong" IP
displayed for the chassis in the NMS.
This happens when the chassis has multiple IPs and the IP required to
be displayed is not lo0 or loopback0 (or has an IfType != 24).
it is standard practice when you have routers or similar devices to
a) have a loopback configured
b) use it for management.
c) use it for protocols that need a reliable interface to make them less
susceptible to disruptions when a port is down - the OSPF router ID for
example, or for Telnet / SSH to the device (even if this is just the DNS
entry within your network).
a lot of management setups prefer to have all traps etc from the device
use
the loopback address to make it simpler to keeptrack of which traps come
from where.
on a cisco IOS device, various protocols can be "fixed" to an interface -
SNMP trap (and maybe polling), Syslog and Telnet are common for
management.
make sure the SNMP settings follow best practice.
So I am wondering if it is a good idea to sugest that the chassis's
are reconfigured to have the required management IP always allocated
to lo0.
Is that a lot of work? Would this count as tidying up and have other
benefits?
can be - depending on topology you may be reconfiguring the interface you
are linked to for management - makes it complicated, and error prone.
it is easy to make a mistake as well (this is from bitter experience) -
breaking the interface you talk to on a router 5000 miles away is not
something i recommend you repeat......
TIA
Ton--
Regards
stephen_h...@xxxxxxxxxxxx - replace xyz with ntl
config for loopback0?
To check that other interfaces are not able to respond to SNMP gets or
spit out traps?
.
- Follow-Ups:
- Re: lo0 for management
- From: Thrill5
- Re: lo0 for management
- References:
- lo0 for management
- From: ton de w
- Re: lo0 for management
- From: stephen
- Re: lo0 for management
- From: Thrill5
- lo0 for management
- Prev by Date: PIX 501: DHCP on outside interface will not renew
- Next by Date: validate-checksum Command
- Previous by thread: Re: lo0 for management
- Next by thread: Re: lo0 for management
- Index(es):
Relevant Pages
|
