I have disabled the int vlan 401 on the 3750 because it is not working. I still have the old mgmt vlan enabled and working vlan 1. However, even with 401 disabled I should still be able to ping 10.254.17.1 because vlan 1 is enabled with a default route to a l3 switch that can reach 10.254.17.1. If I am wrong please correct me. I am trying to solve the problem of not being able to ping 10.254.17.1 which is enabled and working on the 4507.

Rick,

Even when I do a no shut on that interface it doesn't work. I cannot reach the switch through vlan 401.

Thank you for any help and if I need to post more reports please let me know.

Exactly! thats what I said yesterday! :-) you should still be able to ping. Even without that new vlan. This should be directing toward its default-gateway.

Could you show us a 'show ip route' on the 10.139.1.1 please?

And from there try this:

traceroute 10.254.17.1

This will give us a better insight to what might be happening.

For the moment, I would totally remove VLAN 401 and the interface from the 3750.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

WISD-6509-Router>traceroute 10.254.17.1

Type escape sequence to abort.

Tracing the route to 10.254.17.1

  1 10.200.1.18 4 msec

    10.139.4.1 0 msec *

WISD-6509-Router>show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.140.2.50 to network 0.0.0.0

     10.0.0.0/8 is variably subnetted, 65 subnets, 3 masks

C       10.136.0.0/16 is directly connected, Vlan136

C       10.138.0.0/16 is directly connected, Vlan138

C       10.139.0.0/16 is directly connected, Vlan1

C       10.200.1.16/29 is directly connected, Vlan303

D       10.254.32.0/20 [90/3072] via 10.200.1.2, 1d19h, Vlan301

                       [90/3072] via 10.139.6.100, 1d19h, Vlan1

C       10.254.0.0/20 is directly connected, Vlan400

D       10.254.48.0/20 [90/3072] via 10.200.1.58, 1d19h, Vlan308

                       [90/3072] via 10.139.18.1, 1d19h, Vlan1

D       10.254.16.0/20 [90/3072] via 10.200.1.18, 1d19h, Vlan303

                       [90/3072] via 10.139.4.1, 1d19h, Vlan1

S*   0.0.0.0/0 [1/0] via 10.140.2.50

WISD-6509-Router>

Can you remove the vlan interface from the 3750 switch for now.

Then do a 'traceroute 10.254.17.1' from there please?

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

I just removed all of int vlan 401 from the switch and I still cannot ping the 10.254.17.1. I figured this was an easy fix but since it's Monday and I think it has something to do with the 4507 I am going to go ahead and call TAC on this one. I appreicate everyone's help and if you want to still provide suggestions until I can get TAC on the line I am willing to keep trying and if not if TAC figures out the issue I will post the steps we took to fix the problem.

Thank you all again for the assistance.

Did you get a chance to do the traceroute from the switch?

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Hello,

On the 3750-

Can you confirm:

IP routing - Enaable or disabled?

"Exactly! thats what I said yesterday! :-) you should still be able to  ping. Even without that new vlan. This should be directing toward its  default-gateway" -  only if the 4507 has vlan 401 in its database and allowed over the trunk this will also enable the vlan.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Hello Paul, this is true, in this case I believe this is configured; pings were successful from other subnets as well as the same LAN. The reason why I say this is because the SVI is in an 'up' state.

I think IP routing is disabled on the 3750 - we would have seen the command 'ip routing' in the config if it was enabled. You could also tell by show ip route.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Hello

Two reasons why this would not work.

1. Ip routing enable on the 3750
2. no vlan 401 in 4507 database

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

I haven't had a chance to call TAC yet because of some other things that have popped up. However, for some odd reason the 3750 can now ping the 4507 with no changes made to any devices. I will test the setting up of the new MGMT Vlan at 3:30PM CST and see if I can get it up and working.

The question I have now is why would I have to have ip routing enabled on the 3750 when the only thing I am trying to setup is a management Vlan? I should only have to set the vlan 401 to the desired IP address and set a default gateway correct? This is all I did on the other network segments and they are working correctly.

Anthony

It is interesting that the 3750 started to work. I wonder if some entry in some table timed out which allowed the 4507 and the 3750 to get in sync and changed the way that IP traffic flows.

I agree that there does not seem to be anything in what you are trying to do that would require enabling ip routing on the 3750. Your design is to use it as a layer 2 switch, with the routing done on the upstream 4507 and that should work just fine.

I am very interested in what will happen when you test again this afternoon.

HTH

Rick

Hello

The question I have now is why would I have to have ip routing enabled  on the 3750 when the only thing I am trying to setup is a management  Vlan? - Answer is = you shouldnt need to have ip routing enabled

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Still unable to get it working even with int vlan 1 disabled. I was checking the trunk ports and ran into something interesting maybe you all might know something about.

RCD-MDF-4507#sh int trunk | in Port |Gi1/6

Port        Mode             Encapsulation  Status        Native vlan

Gi1/6       on               802.1q         trunking      1

Port        Vlans allowed on trunk

Gi1/6       1,17,117,204,401

Port        Vlans allowed and active in management domain

Gi1/6       1,17,117,204,401

Port        Vlans in spanning tree forwarding state and not pruned

Gi1/6       1,17,117,204

RCD-MDF-4507#sh sp vlan 401

VLAN0401

  Spanning tree enabled protocol ieee

  Root ID    Priority    8192

             Address     0007.b371.11d1

             Cost        8

             Port        1 (GigabitEthernet1/1)

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    33169  (priority 32768 sys-id-ext 401)

             Address     0025.450e.9ec0

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi1/1               Root FWD 8         128.1    P2p

Gi1/2               Desg FWD 4         128.2    P2p

Gi1/4               Desg FWD 4         128.4    P2p

Gi1/5               Desg FWD 4         128.5    P2p

Gi1/6               Desg FWD 4         128.6    P2p

Gi1/7               Desg FWD 4         128.7    P2p

Gi1/8               Desg FWD 4         128.8    P2p

Gi1/12              Desg FWD 4         128.12   P2p

RCD-MDF-4507#

The 4507 says it is pruning this vlan on the port in the sh int trunks but the sh vlan 401 shows it is forwarding on the port. I am now confused as there is no pruning enabled. Just to try I configured Gi1/6 to allow 1,17,117,202, and 401 and still no luck. Here is the same reports from the 3750.

RGS-MDF-3750-1-1#show int trunk

Port        Mode         Encapsulation  Status        Native vlan

Gi1/0/1     on           802.1q         trunking      1

Gi1/0/2     on           802.1q         trunking      1

Gi1/0/3     on           802.1q         trunking      1

Gi1/0/4     on           802.1q         trunking      1

Gi1/0/5     on           802.1q         trunking      1

Gi1/0/6     on           802.1q         trunking      1

Gi1/0/7     on           802.1q         trunking      1

Gi1/0/8     on           802.1q         trunking      1

Gi1/0/12    on           802.1q         trunking      1

Port        Vlans allowed on trunk

Gi1/0/1     1-4094

Gi1/0/2     1-4094

Gi1/0/3     1-4094

Gi1/0/4     1-4094

Gi1/0/5     1-4094

Gi1/0/6     1-4094

Gi1/0/7     1-4094

Gi1/0/8     1-4094

Gi1/0/12    1-4094

Port        Vlans allowed and active in management domain

Gi1/0/1     1,17,117,204,401

Gi1/0/2     1,17,117,204,401

Gi1/0/3     1,17,117,204,401

Gi1/0/4     1,17,117,204,401

Gi1/0/5     1,17,117,204,401

Gi1/0/6     1,17,117,204,401

Gi1/0/7     1,17,117,204,401

Gi1/0/8     1,17,117,204,401

Gi1/0/12    1,17,117,204,401

Port        Vlans in spanning tree forwarding state and not pruned

Gi1/0/1     1,17,117,204,401

Gi1/0/2     1,17,117,204,401

Gi1/0/3     1,17,117,204,401

Gi1/0/4     1,17,117,204,401

Gi1/0/5     1,17,117,204,401

Gi1/0/6     1,17,117,204,401

Gi1/0/7     1,17,117,204,401

Gi1/0/8     1,17,117,204,401

Gi1/0/12    1,17,117,204,401

RGS-MDF-3750-1-1#sh sp vlan 401

VLAN0401

  Spanning tree enabled protocol ieee

  Root ID    Priority    8192

             Address     0007.b371.11d1

             Cost        12

             Port        12 (GigabitEthernet1/0/12)

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    33169  (priority 32768 sys-id-ext 401)

             Address     001b.9035.3e80

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/0/1          Desg FWD 4         128.1    P2p

Gi1/0/2          Desg FWD 4         128.2    P2p

Gi1/0/3          Desg FWD 4         128.3    P2p

Gi1/0/4          Desg FWD 4         128.4    P2p

Gi1/0/5          Desg FWD 4         128.5    P2p

Gi1/0/6          Desg FWD 4         128.6    P2p

Gi1/0/7          Desg FWD 4         128.7    P2p

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/0/8          Desg FWD 4         128.8    P2p

Gi1/0/12         Root FWD 4         128.12   P2p

RGS-MDF-3750-1-1#

Anthony

I am sorry that it is not working yet. But I think that we have made progress. At least now we know that it is an issue on the 4507 and not on the 3750. And we know it is not an issue about routing or about routing protocols. We know that the issue is about some reason why the 4507 has pruned that vlan from the trunk.

You have mentioned that you have switched other devices to use a management vlan and that they are working. So can we identify what is different about the configuration of vlan 401 from the other management vlans that are working? One thing that I wonder about is whether the other management vlans have an access port in their management vlan somewhere?

Would you post/re-post some things for us? I would like to see a fresh copy of the show run for the interfaces on the 4507 and the 3750. Also I would like to see the output of show vlan from both switches. And I would like to see the output of show ip interface brief from both switches.

HTH

Rick