A loopback interface is a logical virtual interface created on a router simulating a real interface. This can be used to connect to management services such as Web (HTTPS), SNMP, ACS (TR069), Syslog or SSH as well as authentication services such as TACACS+ or RADIUS instead of using a LAN IP.
For authentication function, using the dedicated loopback address will reduce the administrative overhead since there is no need to add multiple router IP addresses into the AAA server. In addition security will be enhanced by isolating authentication from the user network.
Using a loopback address means the virtual interface is always up, especially when the CPE has multiple WAN interfaces. For example, if BGP connected on WAN1 is down, management and AAA traffic can be routed to the defined loopback interface through the VPN tunnel connected on WAN2.
Another benefit is that the loopback IP can be an IP address (with a 32-bit mask). This means that the interface is not assigned to any LAN port, which improves security and saves a lot of IP address space. We can imagine that if we assign 24-bit mask IPs to many managed routers, there will be insufficient network IPs.
1. specify a LAN interface and give it an IP addr. with 32-bit mask.
2. Go to Management setup page and tick Enable Loopback Interface.
Published On:2022-08-30
Was this helpful?