New to routers... help? 1

[NewAdm]

I'm new to working with Cisco routers. I have taken a class, but it was before I had a real life need to know. We are attempting to utilize netflow to monitor the traffic between a 1721 and a 1720 device.

From what I know, I need to set up a loopback interface for management, but I have not found any good explanations on doing so. This router was configured by an outside company and is different than what I learned.

Questions:
How do I set up the loopback interface?
How do I enable netflow?
What does this config mean?

Walton#show run
Building configuration...

Current configuration : 1971 bytes
!
! Last configuration change at 19:19:33 UTC Tue Oct 30 2007
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Walton
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 xxxxxxx
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
ip name-server 207.166.192.30
ip name-server 207.166.192.31
!
ip cef
!
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0
ip address 192.168.1.254 255.255.255.0
speed 10
half-duplex
!
interface Serial0
ip unnumbered FastEthernet0
no fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.
ip route 192.168.2.0 255.255.255.0 Serial0
no ip http server
ip flow-export source FastEthernet0
ip flow-export version 5
ip flow-export destination 192.168.1.189 777
!
snmp-server community public RO
snmp-server community private RW
snmp-server location Computer Room
snmp-server contact Tim Valus
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty
snmp-server enable traps aaa_server
snmp-server enable traps isdn call-information
snmp-server enable traps is
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps hsrp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps config-copy
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps syslog
snmp-server enable traps cnpd
snmp-server enable traps rtr
snmp-server host 192.168.1.189 version 2c noauth
snmp-server host 192.168.1.189 public
banner motd ^C
WALTON Branch Router - Unauthorized Access Is Strictly Prohibited!
^C
!
line con 0
exec-timeout 3 0
login
line aux 0
exec-timeout 3 0
login
line vty 0 4
exec-timeout 3 0
password 7 xxxxx
login
!
sntp server 207.166.192.2
end

Thanks!

 

[burtsbees]

Walton>en
Walton#conf t
Walton(config)#int lo0
Walton(config-if)#ip add x.x.x.x y.y.y.y
Walton(config-if)#exit

You will also want to do this...

Walton(config)#int fa0
Walton(config-if)#speed auto
Walton(config-if)#duplex auto
Walton(config-if)#end
Walton#wr

As far as netflow, I don't know...what else about the config did you want to know?

Burt

 

[burtsbees]

By the way, on the loopback interface, "x.x.x.x" is the IP address, and "y.y.y.y" is the mask, which on a loopback interface is usually 255.255.255.255...I usually make mine 172.16.16.16 255.255.255.255

Burt

 

[jneiberger]

Why do you need a loopback address to manage your router? If you can manage it without one then there is no need to add it. Some people do this for a specific reason, but if you don't know what that reason is already then you don't need to do it. That just bloats your routing table because you'll need to burn a subnet for each router.

To enable netflow, type "ip route-cache flow" at the interface configuration level. There are some other commands that you need to use ("ip flow-export") to get that data to a netflow collector. Do you have a netflow collector running netflow software?

 

[eliotB]

snmp-server location Computer Room
snmp-server contact Tim Valus

contact Tim Valus in the Computer Room, he should be able to help you ~

Is there something specific about your config you do do not understand or want explained?

 

[NewAdm]

<Why do you need a loopback address to manage your router? If you can manage it without one then there is no need to add it. Some people do this for a specific reason, but if you don't know what that reason is already then you don't need to do it. That just bloats your routing table because you'll need to burn a subnet for each router.

To enable netflow, type "ip route-cache flow" at the interface configuration level. There are some other commands that you need to use ("ip flow-export") to get that data to a netflow collector. Do you have a netflow collector running netflow software?>

The netflow software that I have looked at recommends using the loopback as the output.

Just so I understand, the loopback is on a different subnet than the router's ip, generally with 255.255.255.255 mask? This may be a very noobish question, but then how do you talk to that interface? Do you need to set up a separate route for it?

We're looking in to netflow software to monitor the traffic between two p2p routers. We're a pretty small organization, and would like to keep things simple. We're looking in to Netmon SE software, but are there any free versions that will do what we want?

 

[burtsbees]

The router is able talk to the loopback interface because it is directly connected to the router.

Burt

 

[jneiberger]

NewAdm, the loopback interface is a virtual interface within the router that is basically like any other interface in many ways. It has its own IP subnet associated with it. It has its uses, but it doesn't look to me like you really know why you might want to use it. If that's the case, then don't worry about. You don't need it and you certainly don't need it for netflow.

 

[burtsbees]

Sometimes applications will suggest to set a loopback for administration because it is always up. I use it to control which router will be the dr in my ospf network.

Burt

 

[jneiberger]

I understand why you would use a loopback address. I just wanted to see if the original poster knew why he would need one. He seemed to think it had something to do with netflow.

 

[NewAdm]

I just want to make sure the router is configured optimally. I got netflow working on fa0 without much trouble.

 

[jneiberger]

I just re-read the original post and see that his question about the loopback address really didn't have anything to do with netflow. My bad.

I find they're especially helpful for DNS purposes. Put the loopback address into DNS and do not put the actual router interfaces into DNS. That way you can get to the router as long as one real interface is available. Very handy.