I am trying to set up a J2350 router with a lo0 interface address 7.7.7.7. So I put
robmin@Junip2350-R7# show | compare
[edit interfaces]
+ lo0 {
+ unit 0 {
+ family inet {
+ address 7.7.7.7/32;
+ }
+ }
+ }
I am able to ping this address from the router itself #run ping 7.7.7.7 successful
ON a EX2200-C switch that is connected to this router the following way:
Switch Router
ge-0/0/0 ge-0/0/0
10.20.1.4/24 <------direct cable------------> 10.20.1.3/24
I am able to ping from switch to router using the directly connected address
I am able to ping from router to switch using the driectly connected address
I set up a static route on my switch to point to next-hop of 10.20.1.3 so the switch would know to go to that address to get to 7.7.7.7. Here is that config:
robmin@JunipEX22cSW1# show routing-options
static {
route 0.0.0.0/0 next-hop 10.0.0.1;
route 240.0.0.8/32 discard;
route 240.0.0.9/32 reject;
route 1.1.1.1/32 {
next-hop 10.40.1.1;
qualified-next-hop 2.2.2.2 {
preference 7;
}
}
route 7.7.7.7/32 next-hop 10.20.1.3;
}
But I am not able to ping from the switch to the router's lo0 of 7.7.7.7
I have had no problem setting up multiple Cisco routers with a lo0 address and pinging from my Juniper switch.
If you notice in my static config above, I have a route to 1.1.1.1 via 10.40.1.1. Just like between my switch and my juniper router these two are connected directly from the switch to the router on a direct link. When I ping the Cisco lo0 address of 1.1.1.1 I have success.
Why is this so mysterious on Juniper? I did searches on the internet and found articles on Group Global loopback configurations, and found people instructing to use a Proxy Arp. I did try to configure the Group Global loopback and it still did not work:
robmin@Junip2350-R7# show groups
global {
interfaces {
lo0 {
unit 0 {
family inet {
address 7.7.7.7/32 {
preferred;
}
address 127.0.0.1/32;
}
}
}
}
}
THIS still resulted in not being able to ping this loopback address from the Juniper switch.
Why would this be so hard to make work?
Does anyone know what is required to set up a Juniper Router with a simple loopback address that matches the physical router in my lab (i.e. This Juniper router is my 7th router so I want the loopback address to be 7.7.7.7)?
Any light shed on this subject is much appreciated!
robin hood
Switch config: (after this is the router config)
robmin@JunipEX22cSW1# run show configuration | no-more
## Last commit: 2015-05-22 10:24:30 PDT by robmin
version 12.3R9.4;
groups {
MYGROUP {
interfaces {
<ge-*> {
traps;
}
}
}
ACCESS-PORT {
interfaces {
<ge-*> {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
}
}
JUMBO {
interfaces {
"<[gx]e-*>" {
mtu 9000;
}
}
}
}
/* I am watching the system uptime to see how accuarate the internal clock is. I reset the time on 5-2-2015, 7:10pm */
system {
host-name JunipEX22cSW1;
domain-name rhcrco.int;
time-zone America/Los_Angeles;
root-authentication {
encrypted-password "$1$.Kwy3nB8$IHVTgcWgqqjRo97tjOorj1"; ## SECRET-DATA
}
name-server {
8.8.8.8;
75.75.75.75;
8.8.4.4;
10.0.0.1;
}
login {
class MyCustomClass {
permissions view-configuration;
allow-commands "show configuration";
}
user MyCustomUser {
uid 2002;
class MyCustomClass;
authentication {
encrypted-password "$1$cFcLmPXI$nZC3NQZtv0WztFUTwreaa1"; ## SECRET-DATA
}
}
user robin {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$l0Uh4pQW$3VadaIK6OMZ6.eWSN4p6/."; ## SECRET-DATA
}
}
user robmin {
full-name "Robin Hood";
uid 2001;
class super-user;
authentication {
encrypted-password "$1$zES4Qia2$cw0t/MQzx.7nJu2zcnQcF0"; ## SECRET-DATA
}
}
}
static-host-mapping {
bumpkin1 inet 10.0.0.155;
host inet 10.0.0.155;
bumpkin1.rhcrco.int inet 10.0.0.155;
}
services {
ssh;
telnet;
web-management {
https {
system-generated-certificate;
interface vlan.100;
}
}
dhcp {
traceoptions {
file dhcp_logfile;
level all;
flag all;
}
}
}
/* user keyword sends syslog info to ssh or telnet session */
syslog {
user * {
any emergency;
}
user robmin {
conflict-log any;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
file AUTH-INFO {
authorization info;
}
file INTERACTIVE-COMMANDS {
interactive-commands any;
}
file CONFIG-CHANGES {
change-log info;
}
console {
any emergency;
}
}
ntp {
boot-server 216.218.254.202;
server 129.6.15.30;
}
}
chassis {
alarm {
management-ethernet {
link-down ignore;
}
}
auto-image-upgrade;
}
interfaces {
traceoptions {
file INT-TRACE size 128k files 10;
}
interface-range MYRANGE {
member-range ge-0/0/1 to ge-0/0/5;
}
ge-0/0/0 {
traps;
unit 0 {
description "Hi Robin, Is anyone going to need your skills?";
family inet {
address 10.20.1.4/24;
}
}
}
ge-0/0/1 {
unit 0 {
description "Connection to Cisco 3620 fa0/1 10.20.1.1";
family inet {
address 10.20.1.2/24;
}
}
}
ge-0/0/2 {
unit 0 {
description "Connection to user/device 10.0.0.13/24";
family ethernet-switching {
port-mode access;
vlan {
members v50end-devices;
}
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
address 10.40.1.2/24;
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members v100;
}
}
}
}
ge-0/0/6 {
traceoptions {
flag event;
flag media;
}
unit 0 {
description "Connection to user/device 10.0.0.x/24 via VLAN 50";
family ethernet-switching {
port-mode access;
vlan {
members v50end-devices;
}
}
}
}
ge-0/0/7 {
apply-groups [ ACCESS-PORT JUMBO ];
unit 0 {
family ethernet-switching;
}
}
ge-0/0/8 {
unit 0 {
description "Connecton to Future Juniper Switch";
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
ge-0/0/9 {
unit 0 {
description "Connection to Future Cisco Switch";
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
ge-0/0/10 {
unit 0 {
family inet {
address 10.0.0.155/24;
}
}
}
ge-0/0/11 {
unit 0 {
description "Connection to USB-Ethernet then to MacBookAir 10.10.100.246/23";
family ethernet-switching {
port-mode access;
vlan {
members v100;
}
}
}
}
ge-0/1/0 {
unit 0 {
description "Connection to Comcast Modem 10.0.0.26/24";
family ethernet-switching {
port-mode access;
vlan {
members v50end-devices;
}
}
}
}
ge-0/1/1 {
unit 0 {
description "Connection to Cisco 3620 fa0/0 10.30.0.1";
family inet {
address 10.30.0.2/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 9.9.9.9/32;
}
}
}
me0 {
unit 0 {
family inet {
address 10.0.0.144/24;
}
}
}
vlan {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-ex2200-c-12p-2g;
}
}
}
unit 2 {
family inet {
address 10.20.0.16/24 {
broadcast 10.20.0.255;
}
}
}
unit 50 {
family inet {
address 10.0.0.26/24;
}
}
unit 100 {
family inet {
address 10.10.100.246/23;
}
}
}
}
snmp {
name "snmp MyMatrix";
description "MyMatrix switch";
location "Marci's House or My House";
contact "rhcrco@hotmail.com";
community public {
authorization read-only;
clients {
10.0.0.0/24;
10.10.100.0/23;
192.168.14.0/24;
}
}
community RHCRCO {
authorization read-only;
clients {
10.0.0.0/24;
10.10.100.0/23;
192.168.14.0/24;
}
}
trap-group MM-traps {
version v2;
destination-port 155;
categories {
chassis;
link;
routing;
}
targets {
10.0.0.2;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.0.1;
route 240.0.0.8/32 discard;
route 240.0.0.9/32 reject;
route 1.1.1.1/32 {
next-hop 10.40.1.1;
qualified-next-hop 2.2.2.2 {
preference 7;
}
}
route 7.7.7.7/32 next-hop 10.20.1.3;
}
}
protocols {
##
## Warning: requires 'ospf2' license
##
ospf {
export MYDEFAULT;
/* See if I could add this without the license upgrade */
area 0.0.0.0 {
interface ge-0/0/11.0;
interface ge-0/1/1.0;
interface ge-0/0/1.0;
interface ge-0/0/2.0 {
passive;
}
}
}
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
policy-options {
prefix-list MyNets {
10.0.0.0/24;
10.10.100.0/23;
10.20.0.0/24;
10.30.1.0/24;
}
policy-statement MYDEFAULT {
term ZEROZERO {
from {
protocol static;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
}
policy-statement MYPOLICY1 {
term fromR1 {
from {
protocol rip;
neighbor 10.30.1.1;
}
then {
preference subtract 1;
accept;
}
}
term FROMR2 {
from {
neighbor 1;
area 0.0.0.0;
}
then reject;
}
term MY_ROUTE_FILTER1 {
from {
family inet;
interface ge-0/0/4.0;
route-filter 10.20.1.1/32 address-mask 255.255.255.0;
}
then {
tag add 5;
origin igp;
}
}
term MY_PREFIX-LIST {
then {
load-balance per-packet;
}
}
}
}
firewall {
family inet {
filter MedImgGuest {
term 1 {
from {
protocol udp;
destination-port [ bootpc bootps ];
}
then accept;
}
term 2 {
from {
destination-address {
8.8.8.8/32;
}
protocol udp;
destination-port domain;
}
then accept;
}
term 3 {
from {
destination-address {
8.8.4.4/32;
}
protocol udp;
destination-port domain;
}
then accept;
}
term 4 {
from {
destination-address {
192.168.0.0/16;
}
}
then {
reject;
}
}
term 5 {
from {
destination-address {
172.16.0.0/12;
}
}
then {
reject;
}
}
term 6 {
from {
destination-address {
10.0.0.0/8;
}
}
then accept;
}
term 7 {
from {
protocol tcp;
destination-port [ http https ];
}
then accept;
}
term FINAL {
then {
count accept_good_trafic_1;
log;
reject;
}
}
}
filter MedImgVendor {
term 1 {
from {
protocol udp;
destination-port [ bootpc bootps ];
}
then accept;
}
term 2 {
from {
destination-address {
10.10.100.245/32;
}
protocol udp;
destination-port domain;
}
then accept;
}
term 3 {
from {
destination-address {
192.168.0.0/16;
}
}
then {
reject;
}
}
term 4 {
from {
destination-address {
172.16.0.0/12;
}
}
then {
reject;
}
}
term 5 {
from {
destination-address {
10.0.0.0/8;
}
}
then accept;
}
term 6 {
from {
protocol tcp;
destination-port [ http https ];
}
then accept;
}
term FINAL {
then {
count Vendor_stuff_in_2;
log;
reject;
}
}
}
filter limit-ssh-access {
term ssh-accept {
from {
source-prefix-list {
MyNets;
}
protocol tcp;
destination-port ssh;
}
then accept;
}
term ssh-reject {
from {
protocol tcp;
destination-port ssh;
}
then {
discard;
}
}
term else-accept {
then accept;
}
}
filter rate-limit-subnet {
term Match-Subnet {
from {
source-address {
7.7.7.7/32;
}
}
then {
policer Pol1;
count LoopPings;
log;
accept;
}
}
term else-accept {
then accept;
}
}
}
policer Pol1 {
if-exceeding {
bandwidth-limit 100k;
burst-size-limit 1500;
}
then discard;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
default {
l3-interface vlan.0;
}
v100 {
vlan-id 100;
l3-interface vlan.100;
}
v2 {
vlan-id 2;
l3-interface vlan.2;
}
v50end-devices {
vlan-id 50;
l3-interface vlan.50;
}
}
poe {
interface all;
}
{master:0}[edit]
robmin@JunipEX22cSW1#
ROUTER CONFIG:
robmin@Junip2350-R7# run show configuration | no-more
## Last commit: 2004-05-03 23:28:34 UTC by robmin
version 9.6R2.11;
groups {
global {
interfaces {
lo0 {
unit 0 {
family inet {
address 7.7.7.7/32 {
preferred;
}
address 127.0.0.1/32;
}
}
}
}
}
}
system {
host-name Junip3520-R7;
domain-name rhcrco.ini;
root-authentication {
encrypted-password "$1$32F5yw2X$Qm1RFT2isv2j5Zeteu0Ax."; ## SECRET-DATA
}
name-server {
10.0.0.1;
8.8.8.8;
}
login {
user robmin {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$ZMWfXsf1$1Ox1Uv9Va8Wx4gELPFiz0/"; ## SECRET-DATA
}
}
}
services {
ssh;
telnet;
web-management {
http;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.20.1.3/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 7.7.7.7/32;
}
}
}
}
snmp {
community MYCOMMUNITY {
authorization read-only;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.20.1.4;
route 1.1.1.1/32 next-hop 10.20.1.4;
}
}
security {
zones {
security-zone PUBLIC {
host-inbound-traffic {
system-services {
telnet;
ssh;
http;
ping;
}
}
interfaces {
ge-0/0/0.0;
}
}
}
}
[edit]
robmin@Junip2350-R7#
THANKS THANKS THANKS 