John - ***Edited***

I went back and looked at the config, yes VLAN 2 is an interface on the core switch.

added "ip route 172.15.20.0 255.255.255.0 vlan 2" and doing a sh ip route 172.15.20.0​ on the core comes back with: "% Network not in table
"

Where exactly is 172.15.20.1 ie. on what device ?

Why should a ping from the core switch go to the firewall, you have no route for that subnet pointing to the firewall and the default gateway on the core switch is not going to the firewall.

Jon

And to Jon's point, where does the 172.15.20.x subnet come into play? The SAN switch's default gateway is 10.10.10.1 which isn't on vlan 2. That address should be changed if you need it on vlan 2 to be a 172.15.20.x address. 

** Edit **

If your SAN management address is in the 10.10.10.x subnet, you'd want to keep it on the trunk port as it's probably running over the native unless you can tag the traffic from the SAN. (If it's being tagged as vlan 2, but you have it on the 10.10.10.x subnet, it shouldn't work unless it's on the 172.15.20.x address and also being tagged.) That being said, I'm not a SAN administrator... :)

Hi John

Haven't spoke to you in ages !

How's it going, are you still studying for CCIE ?

Jon

Hi Jon! No I'm not at this point. I've been hyperfocused on security lately, so I wasn't able to dedicate the time needed for that test. I'm glad you're still on here!! :) How have you been?

I'm fine.

Am looking for a job now but as I haven't worked for quite a while not too hopeful.

I am going to get a blue star on these boards (or try!) and then if no one will employ me in networking I will gracefully retire from CSC.

Security now, well it's definitely in demand :-)

Jon

Jon,

I hope you find something soon...you're one of the most brilliant people I know on these boards. Do you have a LinkedIn account? If so, PM me and I'll endorse you :D

John

John

Many thanks for the kind words and offer.

I do have an account so I'll send you PM over the weekend and hopefully I can return the favour.

I may get lucky, the job situation is not that bad in the UK at the moment.

Jon

John - tried using 10.10.10.250 and still could not ping 172.15.20.1. It is the private subnet for the SAN, on VLAN 2. Not all of the switch ports are set to VLAN 2 on the SAN switch. There are some VLAN 1 ports, and then one Trunk port back to the Core switch.

John - saw your edit, and you're right. I actually test pinging 172.15.20.1 from one of the VLAN 2 access ports on the switch, assigning my laptop a 172.1520.x address. I can reach other IPs on that subnet oddly enough, but not the core switch.

That is just one example though, because a couple of other subnets were having issues like 10.4.8.0 and 10.8.8.0, but not all of the IPs. Whereas before they all worked in the old switches, same config. Which made me think something is missing in the new switch config now - something I didn't have before but need now.

It's still not really clear (at least to me) exactly what the issues are ie. is it data traffic or connecting between the actual switches etc.

It would really help if you could be specific about what isn't working and then we can maybe help narrow down the problems.

Jon

Jon, there is something up with routing. 172.15.20.0 network is one example. Also pinging something on the 10.8.8.0/24 network, I get back random unreachable messages during pinging.

Turning on verbose mode shows a public IP I don't immediately recognize.

172.15.20.1 is the VLAN 2 IP on the core switch. Even with ip default gateway on the SAN switch pointing to the the core switch IP though doesn't allow a ping to it, which made me think something else might be missed..