Can't ping my lo0 on switch from computers attached to vlan on that switch.

Thanks to those who browse these questions and find value and enjoyment from helping others.

MY GOAL: monitor SNMP events on ex2200-c from NMS in local vlan.

STUCK POINT: Can't even ping from vlan to loopback of ex2200-c in either direction.

NOTE: can ping any to any within vlan-400, can ping loopback from switch itself.

    vlan-400, and the devices connected to the interfaces in vlan-400,  are basically using the switch as a router to my Internet router/modem. They can all see and ping each other. Everyone can browse the Internet.

 I set up one computer as a ununtu 14.04 server with OpenNMS to try to SNMP manage and/or pull info from the Juniper switch. Got the server completely working and sent a event to the switch via its IP address (either 10.0.0.240 - the address assigned to lo0, or 10.0.0.26 - the address assigned to vlan-400.) neither responds.

So I tried to ping these addresses with no response either.

-I turned off the icmp-snooping which blocks some multicast traffic.

-There are no security zones on a switch, only security, so the problem is not adding lo0 to a trusted zone.

-tried route-options static to put a route between vlan-400 ip-address and loopback ip-address --> couldn't really figure out the logic and what I tried still did not resolve the issue.

I could not get either address to respond.

From the switch itself via the console via ssh (putty) I can ping its own lo0 using address 10.0.0.240. And I cannot ping the vlan-400 address of 10.0.0.26.

Obviously the vlan is not connected to the knee bone. And the knee bone is not connected to the loopback.

So I tried adding lo0 into the vlan but junos said "can't do that, loopback is not switchable"

Also tried using hostname instead of ip address and no luck either.

Here is my config and I attached it in a file as well for those who like working that way.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2016.04.13 18:45:35 =~=~=~=~=~=~=~=~=~=~=~=

robmin@ex2200c# clear
robmin@ex2200c# clr
robmin@ex2200c# show | no-more
## Last changed: 2015-02-18 04:55:06 PST
version 12.3R9.4;
groups {
MYGROUP {
interfaces {
<ge-*> {
traps;
}
}
}
ACCESS-PORT {
interfaces {
<ge-*> {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
}
}
JUMBO {
interfaces {
"<[gx]e-*>" {
mtu 9000;
}
}
}
}
/* I am watching the system uptime to see how accuarate the internal clock is. I reset the time on 5-2-2015, 7:10pm */
system {
host-name ex2200c;
domain-name rhcrco.int;
time-zone America/Los_Angeles;
root-authentication {
encrypted-password "$1$.Kwy3nB8$IHVTgcWgqqjRo97tjOorj1"; ## SECRET-DATA
}
name-server {
8.8.8.8;
75.75.75.75;
8.8.4.4;
10.0.0.1;
}
login {
class ExamClass {
permissions [ clear network view view-configuration ];
allow-commands "(configure)";
allow-configuration "(interfaces) | (routing-options) | (protocols)";
}
class MyCustomClass {
permissions view-configuration;
allow-commands "show configuration";
}
user MyCustomUser {
uid 2002;
class MyCustomClass;
authentication {
encrypted-password "$1$cFcLmPXI$nZC3NQZtv0WztFUTwreaa1"; ## SECRET-DATA
}
}
user robin {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$l0Uh4pQW$3VadaIK6OMZ6.eWSN4p6/."; ## SECRET-DATA
}
}
user robmin {
full-name "Robin Hood";
uid 2001;
class super-user;
authentication {
encrypted-password "$1$zES4Qia2$cw0t/MQzx.7nJu2zcnQcF0"; ## SECRET-DATA
}
}
}
static-host-mapping {
bumpkin1 inet 10.0.0.155;
host inet 10.0.0.155;
bumpkin1.rhcrco.int inet 10.0.0.155;
}
services {
ssh;
telnet;
web-management {
https {
system-generated-certificate;
interface vlan.100;
}
}
dhcp {
traceoptions {
file dhcp_logfile;
level all;
flag all;
}
}
}
/* user keyword sends syslog info to ssh or telnet session */
syslog {
user * {
any emergency;
}
user robmin {
conflict-log any;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
file AUTH-INFO {
authorization info;
}
file INTERACTIVE-COMMANDS {
interactive-commands any;
}
file CONFIG-CHANGES {
change-log info;
}
console {
any emergency;
}
}
ntp {
boot-server 216.218.254.202;
server 129.6.15.30;
}
}
chassis {
alarm {
management-ethernet {
link-down ignore;
}
}
auto-image-upgrade;
}
interfaces {
traceoptions {
file INT-TRACE size 128k files 10;
}
interface-range MYRANGE {
member-range ge-0/0/1 to ge-0/0/5;
}
ge-0/0/0 {
traps;
unit 0 {
description "Hi Robin, Is anyone going to need your skills?";
family inet {
filter {
input rate-limit-subnet;
}
address 10.20.1.4/24;
}
}
}
ge-0/0/1 {
unit 0 {
description "Connection to Cisco 3620 fa0/1 10.20.1.1";
family inet {
address 10.20.1.2/24;
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members 25;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members v50;
}
}
}
}
ge-0/0/6 {
description "10.60.1.2 Connection to R6 JunipJ2350-R6";
unit 0 {
family inet {
address 10.60.1.2/24;
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/8 {
unit 0 {
family inet {
filter {
input TESTSTOP;
}
address 10.80.1.2/24;
}
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/1/0 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/1/1 {
unit 0 {
description "Connection to Cisco 3620 fa0/0 10.30.0.1";
family inet {
address 10.30.0.2/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.0.0.240/24;
}
}
}
me0 {
unit 0 {
family inet {
address 10.0.0.144/24;
}
}
}
vlan {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-ex2200-c-12p-2g;
}
}
}
unit 2 {
family inet {
address 10.20.0.16/24 {
broadcast 10.20.0.255;
}
}
}
unit 25 {
family inet {
address 10.1.10.2/24;
}
}
unit 50 {
family inet {
address 10.1.11.2/24;
}
}
unit 100 {
family inet {
address 10.10.100.2/23;
}
}
unit 400 {
family inet {
address 10.0.0.26/24;
}
}
}
}
snmp {
name "snmp MyMatrix";
description "MyMatrix switch";
location "Marci's House or My House";
contact "rhcrco@hotmail.com, cell-phone";
community public {
authorization read-only;
clients {
10.0.0.0/24;
10.10.100.0/23;
192.168.14.0/24;
}
}
community MYCOMMUNITY {
authorization read-only;
clients {
10.0.0.0/24;
10.10.100.0/23;
10.20.1.0/24;
10.30.0.0/24;
10.40.1.0/24;
10.50.1.0/24;
10.60.1.0/24;
10.70.1.0/24;
10.80.1.0/24;
10.90.1.0/24;
}
}
trap-group MM-traps {
version v2;
destination-port 155;
categories {
authentication;
chassis;
link;
remote-operations;
routing;
startup;
rmon-alarm;
vrrp-events;
configuration;
services;
sonet-alarms;
}
targets {
10.0.0.19;
}
}
trap-group authentication-traps {
categories {
authentication;
chassis;
link;
remote-operations;
routing;
startup;
rmon-alarm;
vrrp-events;
configuration;
services;
sonet-alarms;
}
targets {
10.0.0.19;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.0.1;
route 240.0.0.8/32 discard;
route 240.0.0.9/32 reject;
route 1.1.1.1/32 {
next-hop 10.40.1.1;
qualified-next-hop 2.2.2.2 {
preference 7;
}
}
route 7.7.7.7/32 next-hop 10.20.1.3;
route 18.18.18.18/32 next-hop 10.80.1.1;
route 6.6.6.6/32 next-hop 10.60.1.1;
route 10.60.31.0/24 next-hop 10.60.1.1;
}
}
protocols {
##
## Warning: requires 'ospf2' license
##
ospf {
export MYDEFAULT;
/* See if I could add this without the license upgrade */
area 0.0.0.0 {
interface ge-0/0/1.0;
interface ge-0/0/0.0;
interface ge-0/0/8.0;
interface ge-0/0/6.0;
}
}
lldp {
interface all;
}
lldp-med {
interface all;
}
}
policy-options {
prefix-list MyNets {
10.0.0.0/24;
10.10.100.0/23;
10.11.11.0/24;
10.20.0.0/24;
10.30.1.0/24;
10.40.1.0/24;
10.60.31.0/24;
10.61.1.1/32;
}
prefix-list MyLabNets {
1.1.1.1/32;
2.2.2.2/32;
3.3.3.3/32;
4.4.4.4/32;
5.5.5.5/32;
6.6.6.6/32;
7.7.7.7/32;
9.9.9.9/32;
10.10.100.0/23;
10.11.11.0/24;
10.20.1.0/24;
10.40.1.0/24;
10.60.1.0/24;
10.61.31.0/24;
10.70.3.0/24;
10.80.1.0/24;
18.18.18.18/32;
}
policy-statement Block-Vlan {
term term1 {
from {
source-address-filter 10.1.10.13/32 orlonger;
}
then reject;
}
term else {
then accept;
}
}
policy-statement MYDEFAULT {
term ZEROZERO {
from {
protocol static;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
}
policy-statement MYPOLICY1 {
term fromR1 {
from {
protocol rip;
neighbor 10.30.1.1;
}
then {
preference subtract 1;
accept;
}
}
term FROMR2 {
from {
neighbor 1;
area 0.0.0.0;
}
then reject;
}
term MY_ROUTE_FILTER1 {
from {
family inet;
interface ge-0/0/4.0;
route-filter 10.20.1.1/32 address-mask 255.255.255.0;
}
then {
tag add 5;
origin igp;
}
}
term MY_PREFIX-LIST {
then {
load-balance per-packet;
}
}
}
}
firewall {
family inet {
filter MedImgGuest {
term 1 {
from {
protocol udp;
destination-port [ bootpc bootps ];
}
then accept;
}
term 2 {
from {
destination-address {
8.8.8.8/32;
}
protocol udp;
destination-port domain;
}
then accept;
}
term 3 {
from {
destination-address {
8.8.4.4/32;
}
protocol udp;
destination-port domain;
}
then accept;
}
term 4 {
from {
destination-address {
192.168.0.0/16;
}
}
then {
reject;
}
}
term 5 {
from {
destination-address {
172.16.0.0/12;
}
}
then {
reject;
}
}
term 6 {
from {
destination-address {
10.0.0.0/8;
}
}
then accept;
}
term 7 {
from {
protocol tcp;
destination-port [ http https ];
}
then accept;
}
term FINAL {
then {
count accept_good_trafic_1;
log;
reject;
}
}
}
filter MedImgVendor {
term 1 {
from {
protocol udp;
destination-port [ bootpc bootps ];
}
then accept;
}
term 2 {
from {
destination-address {
10.10.100.245/32;
}
protocol udp;
destination-port domain;
}
then accept;
}
term 3 {
from {
destination-address {
192.168.0.0/16;
}
}
then {
reject;
}
}
term 4 {
from {
destination-address {
172.16.0.0/12;
}
}
then {
reject;
}
}
term 5 {
from {
destination-address {
10.0.0.0/8;
}
}
then accept;
}
term 6 {
from {
protocol tcp;
destination-port [ http https ];
}
then accept;
}
term FINAL {
then {
count Vendor_stuff_in_2;
log;
reject;
}
}
}
filter limit-ssh-access {
term ssh-accept {
from {
source-prefix-list {
MyNets;
}
protocol tcp;
destination-port ssh;
}
then accept;
}
term ssh-reject {
from {
protocol tcp;
destination-port ssh;
}
then {
discard;
}
}
term else-accept {
then accept;
}
}
filter rate-limit-subnet {
term Match-Subnet {
from {
source-address {
7.7.7.7/32;
10.80.1.0/24;
10.20.1.0/24;
10.40.1.0/24;
10.70.3.0/24;
10.60.1.0/24;
10.61.31.0/24;
}
}
then {
policer Pol1;
log;
accept;
}
}
term Match-Destination-Address {
from {
destination-address {
9.9.9.9/32;
}
}
then {
policer Pol1;
log;
accept;
}
}
term else-accept {
then accept;
}
}
filter TESTSTOP {
term 1 {
then {
log;
accept;
}
}
}
filter Inside-Lab {
term NoSpoof {
from {
source-prefix-list {
MyLabNets;
}
}
then {
log;
accept;
}
}
term Spoof {
then {
log;
discard;
}
}
}
filter Protect-Lab {
term ICMP {
from {
destination-prefix-list {
MyLabNets;
}
protocol icmp;
icmp-type [ echo-reply echo-request ];
}
then accept;
}
term Established {
from {
destination-prefix-list {
MyLabNets;
}
protocol tcp;
tcp-established;
}
then accept;
}
term OtherBadStuff {
then {
log;
discard;
}
}
term SSH {
from {
source-address {
10.10.100.245/32;
}
source-port ssh;
}
then {
log;
accept;
}
}
}
filter Block-from-10.1.10.13-MacBook {
term term1 {
from {
source-address {
10.1.10.0/24;
}
}
then {
reject;
}
}
term else-accept {
then accept;
}
}
filter Block-from-10.1.11.13-WinLaptop {
term term1 {
from {
source-address {
10.1.11.13/32;
}
}
then {
reject;
}
}
term else {
then accept;
}
}
filter Block-to-WinLaptop-10.1.11.0/24 {
term term1 {
from {
destination-address {
10.1.11.0/24;
}
}
then {
discard;
}
}
term else {
then accept;
}
}
}
family ethernet-switching {
filter Block-Vlan {
term term1 {
from {
source-address {
10.1.10.0/24;
}
}
then discard;
}
term else {
then accept;
}
}
filter Between-every-address {
term term1 {
from {
source-address {
10.1.10.0/24;
}
destination-address {
10.1.11.0/24;
}
}
then discard;
}
term term2 {
from {
source-address {
10.10.100.0/23;
}
destination-address {
10.1.11.0/24;
}
}
then discard;
}
term term3 {
from {
source-address {
10.1.11.0/24;
}
destination-address {
10.1.10.0/24;
}
}
then discard;
}
term term4 {
from {
source-address {
10.1.11.0/24;
}
destination-address {
10.10.100.0/23;
}
}
then discard;
}
term term5 {
from {
source-address {
10.10.100.0/23;
}
destination-address {
10.1.10.0/24;
}
}
then discard;
}
term term6 {
from {
source-address {
10.1.10.0/24;
}
destination-address {
10.10.100.0/23;
}
}
then discard;
}
term term7 {
then accept;
}
}
}
policer Pol1 {
if-exceeding {
bandwidth-limit 50k;
burst-size-limit 1500;
}
then discard;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
default {
l3-interface vlan.0;
}
lpc {
vlan-id 400;
}
v100 {
vlan-id 100;
filter {
input Between-every-address;
}
l3-interface vlan.100;
}
v25 {
vlan-id 25;
interface {
ge-0/0/4.0;
}
l3-interface vlan.25;
}
v50 {
vlan-id 50;
interface {
ge-0/0/5.0;
}
l3-interface vlan.50;
}
vlan-100;
vlan-400 {
interface {
ge-0/1/0.0;
ge-0/0/2.0;
ge-0/0/7.0;
ge-0/0/10.0;
ge-0/0/11.0;
ge-0/0/3.0;
}
}
vlan-lpc;
}
poe {
interface all;
}

{master:0}[edit]
robmin@ex2200c#

THANK YOU FOR GETTING ALL THE WAY TO THE END. Your awesome!!

Robin Hood
my real name