I want to be able to get access to the switch when I shut down the trunk from 4500B. 

Bryan

I understand that. Because of the confusion of what the src IP was i just wanted to clarify exactly what the issue is.

So 4500a has a L3 vlan interface in vlan 208. I assume the 3750 does as well. You shut the trunk down between the 3560 and the 4500b and you cannot ping from the 4500a - is that the current situation ?

If so can you post -

1) "sh ip int br | include Vlan"  from the 4500a and the 3750

2) "sh int trunk"  from the 4500a and the 3750 and indicate which trunks are connecting -

a) from 4500a to the 3750

b) from the 3750 to the 3560

Jon

So 4500a has a L3 vlan interface in vlan 208. I assume the 3750 does as well. You shut the trunk down between the 3560 and the 4500b and you cannot ping from the 4500a - is that the current situation ?

That is correct.

If so can you post -

1) "sh ip int br | include Vlan"  from the 4500a and the 3750

For the 3750

Vlan1                  unassigned      YES NVRAM  administratively down down   

Vlan203                10.4.3.3        YES NVRAM  up                    up     

Vlan999                unassigned      YES NVRAM  administratively down down

For the 4500A

Vlan207                unassigned      YES NVRAM  down                  down   

Vlan208                10.4.8.2        YES NVRAM  up                    up     

Vlan209                10.4.9.2        YES NVRAM  up                    up    

2) "sh int trunk"  from the 4500a and the 3750 and indicate which trunks are connecting -

3750 Trunk G1/0/27 is connected to the 3560

Gi1/0/1     on           802.1q         trunking      203
Gi1/0/26    on           802.1q         trunking      205
Gi1/0/27    on           802.1q         trunking      208

Port        Vlans allowed on trunk
Gi1/0/1     202-203,208
Gi1/0/26    1,205,1002-1005
Gi1/0/27    202,208

Port        Vlans allowed and active in management domain
Gi1/0/1     202-203
Gi1/0/26    1,205
Gi1/0/27    202

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/1     202-203
Gi1/0/26    1,205
Gi1/0/27    202

a) from 4500a to the 3750

Trunk G1/4 is the trunk from the 4500A to the 3750

Gi1/4       auto             802.1q         trunking      203
Gi1/8       auto             802.1q         trunking      1
Gi1/23      auto             802.1q         trunking      999

Port        Vlans allowed on trunk
Gi1/1       202,210,218,220,227
Gi1/2       211-212,222,224,233,244,255
Gi1/3       208-209,213,226
Gi1/4       202-203,208
Gi1/8       1-4094
Gi1/23      202,208

Port        Vlans allowed and active in management domain
Gi1/1       202,210,218,220,227
Gi1/2       211-212,222,224,233,244,255
Gi1/3       208-209,213,226
Gi1/4       202-203,208
Gi1/8       1,202-203,208-213,218,220,222,224,226-227,233,244,255
         
Port        Vlans allowed and active in management domain
Gi1/23      202,208

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/1       202,210,218,220,227
Gi1/2       211-212,222,224,233,244,255
Gi1/3       208-209,213,226
Gi1/4       202-203,208

b) from the 3750 to the 3560

Bryan

From the 3750 output -

Port        Vlans allowed and active in management domain
Gi1/0/1     202-203
Gi1/0/26    1,205
Gi1/0/27    202

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/1     202-203
Gi1/0/26    1,205
Gi1/0/27    202

vlan 208 is not going across that trunk which is why you cannot ping from the the 4500a switch. Can you post -

"sh vlan brief" from the 3750 switch

Also is the diagram you posted the full picture ie. there are no other switches connected anywhere that could create a loop are there ?

Jon

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi1/0/25, Gi1/0/28

202  VLAN0202                         active   

203  VLAN0203                         active    Gi1/0/3, Gi1/0/5, Gi1/0/11, Gi1/0/12

205  VLAN0205                         active    Gi1/0/7

999  VLAN0999                         active    Gi1/0/2, Gi1/0/4, Gi1/0/6, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/13, Gi1/0/14

                                                Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21

                                                Gi1/0/22, Gi1/0/23, Gi1/0/24

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/25, Gi1/0/28
202  VLAN0202                         active   
203  VLAN0203                         active    Gi1/0/3, Gi1/0/5, Gi1/0/11, Gi1/0/12
205  VLAN0205                         active    Gi1/0/7
999  VLAN0999                         active    Gi1/0/2, Gi1/0/4, Gi1/0/6, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/13, Gi1/0/14
                                                Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21
                                                Gi1/0/22, Gi1/0/23, Gi1/0/24
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default

There two 4500's do communicate.  So I am thinking STP would shut a trunk down when this is properly configured.

Bryan

There is no vlan 208 in the vlan database so vlan 208 does not extend from the 4500a to the 3560 and that is why you can't ping.

There two 4500's do communicate.  So I am thinking STP would shut a trunk down when this is properly configured.

It depends but as both 4500s have a vlan 208 L3 interface it suggests there is another connection not shown in your diagram and perhaps that is why vlan 208 has not be included in the vlan database of the 3750.

It's difficult to say without knowing the full network layout and interconnects between all the switches so adding vlan 208 to the 3750 is not necessarily a solution and may, as you suggest, cause a loop depending on what other interconnections there are.

Jon

The trunks you see in the diagram from the 3560 are the only ones it has.  The trunk you see from the 3750 to the 3560 is new.  I forgot to add the vlan 208 to 3750 when I made that trunk.

If I were to add the default gateway of 10.4.8.2 to the 3560 and add vlan 208 to the 3750 it should put me in business right?  

Bryan

If I were to add the default gateway of 10.4.8.2 to the 3560 and add vlan 208 to the 3750 it should put me in business right?  

If you add vlan 208 to the vlan database on the 3750 that should mean you can ping from 4500a when the trunk to 4500b is down.

As for using 10.4.8.2, which 4500 is that ? Are you not running HSRP for all vlans between the 4500s ? Note if you are then at the moment both 4500s will think they are active for vlan 208 until you update the 3750. If you are running HSRP then use the virtual IP as the default gateway on the 3560.

One last thing. It looks like vlan 208 is the management vlan for your switches. Is there any reason you have used a different vlan on the 3750 ie. you have used vlan 203 ?

Jon

I meant 10.4.8.1 I fat fingered it.  That is the virtual IP.  Also I have no idea why VLAN 203 is being used as management on the 3750.  This network was built way before I worked here.  I am just going in trying to find things to fix.  It is also a live network so I need to be careful. 

Bryan

No problem, i fat finger all the time

Then i suspect both 4500s are showing active for vlan 208. That would be a good way to check that there is no alternate path although you seem to be sure there isn't so it's just an extra check.

I would also recommend changing to vlan 208 for managing the 3750 as well as long as there is no other reason vlan 203 is being used.

Like you say, it's always best to go slow when working on a new network because it can be very difficult to tell when something has been done for a reason or whether it has just "evolved".

Jon

Thanks for your help in this matter and to anyone else who helped.