Hi Julio

Yes your correct I want to reach  the access switches from a remote site using my MPLS network,

yes they have  included the management IP of the devices (or the subnet) into the routing protocol distributed into the MPLS

there is no filtering at all with the ISP interestingly I just put the default gateway in the access switches to the 3550 on the same subnet and I started to get receiving pings when pinging from another site I then took out the default gateway in the access switch and the pings still kept working ?

sorry not sure what you mean by PE

so I put in the default gateway in the access switch then took it back out and now I can telnet into the switch its like its not arping properly to the 3550 even though they are on the same subnet this is the same issue for all our sites 5 in total

Hi Julio

if I have my whole subnet 10.20.0..0 advertised by the mpls router and all my devices on the same subnet surely if they can get to the layer 3 interface they should be able to get to my devices ?

ie I can get to my router 10.20.0.1 and 10.20.0.2 they are advertinsing the whole subnet they should be able to get to 10.20.0.3-254 shouldn't they

incidently I noticed on the 3560

Feb 15 10:53:12: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0c9f.f001 in vlan 1 is flapping between port Gi0/1 and port Gi0/2
Feb 15 10:53:25: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0c9f.f001 in vlan 1 is flapping between port Gi0/1 and port Gi0/2

*Mar  1 00:01:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/27, changed state to up
*Mar  1 00:01:18: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 10.20.0.1 (Vlan1) is up: new adjacency
*Mar  1 00:01:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

they are my uplinks to the mpls routers which have HSRP configured

Hi, 

Yes you should be able to reach them, but if you are going to reach the management IP of the switches remotely, I mean via SSH or Telnet, ip default-gateway should be implemented unless you are using any kind of routing on the them where an IP is being advertised.

About 

Feb 15 10:53:12: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0c9f.f001 in vlan 1 is flapping between port Gi0/1 and port Gi0/2

it could be originated by a layer 2 loop. Try to identify that MAC address. 

Its the MPLS router that's causing the issues

The layer 2 switch management address are on vlan 1 which is trunked to the 4500 core and the layer 3 interface is being advertised via eirgp to the 3550 but that also  also sits on the subnet and the whole subnet is advertised via the MPLS routers

so I should be able to ping the layer 3 interface which I can and also any other devices on that subnet 

or am I missing something ?

You are right, from the core you should be able to reach every IP on your network, but just for testing purposes, from other subnet can you able to reach the switches always on the same site?

yes from every site core I can reach each of the connected down stream switches

on its subnet

I have a different subnet on the core and I can reach the down stream switches with no issues

here is the diagram its the same for all sites

3550 static route to mpls 4500 static route 3550

eirgp running between 3550 and core layer 3 int faces on 4500

down stream switches 2960 layer 2 trunks to core

management vlan is vlan 1