Hello,

So in summary this 3560 is trunked to the core switch and any clients attached it cannot ping the default-gateway - is this correct?

Can you check if this switch has ip routing enabled and  if so disable it , Also add a default-gateway address pointing to the core

conf t

no ip routing

ip default-gateway x.x.x.x.x

Also could you post the running config of this switch.

res

Paul

Please don't forget to rate this post if it has been helpful.

Hello david,

It is a bit difficult to establish exactly what is occurring with the information provided,

1) Regarding your stp setup

Are you saying the 3560 is the stp root and the core switch 6513 is acting as the secondary stp root?

2) Regarding you switch configuration

Are you saying any clients attached to this 3560 cannot ping their default-gateway?

• Can you tell what the default-gateway ip address of your clients?
  
• The management ip address of the 3560
  
• The SVI address of the core switch relating to the management vlan?
  
• Is ip routing enabled on the 3560
  

res

Paul

Please don't forget to rate this post if it has been helpful.

ok ! i do a design for more understanding !

the Cat 3560 Ip default gateway x.x.x.x (only MNG) have two uplink (trunk) to core (one blocked)

The CAT6909-1

spanning-tree mode rapid-pvst

spanning-tree vlan 100,900 priority 8192

!

interface Vlan100

ip address 172.21.0.x 255.255.255.0

standby 1 ip 172.21.0.1

standby 1 priority 110

!

interface Vlan900

ip address 10.10.0.x 255.255.255.0

standby 2 ip 10.10.1.1

standby 2 priority 110

ip route to Vlan 360 nex hop 10.10.1.254

The CAT6913-1

spanning-tree mode rapid-pvst

spanning-tree vlan 360 priority 8192

!

interface Vlan360

ip address 172.21.36.x 255.255.255.0

standby 1 ip 172.21.36.1

standby 1 priority 110

!

interface Vlan900

ip address 10.10.0.x 255.255.255.0

standby 1 ip 10.10.1.254

standby 1 priority 110

!

ip route to Vlan 100 nex hop 10.10.1.1

the other CORE ( 6509-6513 ) it's a bck with the spanning tree work fine

This is a brief summary of the architecture, is much more complex

Hello David,

On the 3560 -

Sh ip route

show vlan brief

sh spanning-tree blockedports

sh span summary

sh int trunk

res

Paul

Please don't forget to rate this post if it has been helpful.

sh ip ro

Default gateway is 172.21.0.1

Host               Gateway           Last Use    Total Uses  Interface

ICMP redirect cache is empty

SW#sh vlan brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    VLAN1                                  active    Gi0/2, Gi0/3

2    VLAN2                                active    Fa0/29

101  VLAN101                                  active

225  VLAN225                                    active    Fa0/30, Fa0/47

231  VLAN231                              active

253  VLAN253                                   active    Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10,Fa0/11, Fa0/12, Fa0/14, Fa0/15, Fa0/16,                                                                       Fa0/17, Fa0/18, Fa0/19

                                                Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24,Fa0/25, Fa0/26, Fa0/27, Fa0/28, Fa0/29,                                                             Fa0/30, Fa0/31

                                                Fa0/32, Fa0/33, Fa0/34, Fa0/35, Fa0/37,Fa0/38, Fa0/39, Fa0/40, Fa0/41, Fa0/42,                                                             Fa0/45, Fa0/47

                                                Fa0/48

332  VLAN0332                         active    Fa0/14

333  VLAN0333                         active    Fa0/6, Fa0/7, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21

                                                Fa0/22, Fa0/23, Fa0/24, Fa0/25, Fa0/27, Fa0/28, Fa0/31, Fa0/32, Fa0/33, Fa0/34, Fa0/37, Fa0/38

                                                Fa0/39, Fa0/40, Fa0/41, Fa0/42, Fa0/44, Fa0/48

334  VLAN0334                         active    Fa0/13

348  VLAN0348                         active    Fa0/8

360  VLAN0360                         active    Fa0/26, Fa0/35, Fa0/36

368                                              active    Fa0/43

476  VLAN0476                                  active   

492  VLAN0492                                  active

729                                             active    Fa0/5, Fa0/45, Fa0/46

900  VLAN900                           active   

901  VLAN901                     active   

902  TEST_SRST_NOC                    active   

1002 fddi-default                     act/unsup

1003 trcrf-default                    act/unsup

1004 fddinet-default                  act/unsup

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1005 trbrf-default                    act/unsup

#sh spanning-tree blockedports

Name                 Blocked Interfaces List

-------------------- ------------------------------------

VLAN0231             Gi0/4

VLAN0253             Gi0/4

VLAN0334             Gi0/4

VLAN0348             Gi0/4

VLAN0368             Gi0/4

VLAN0476             Gi0/4

VLAN0492             Gi0/4

Number of blocked ports (segments) in the system : 7

#sh spanning-tree summary

Switch is in rapid-pvst mode

Root bridge for: none

Extended system ID           is enabled

Portfast Default             is disabled

PortFast BPDU Guard Default  is enabled

Portfast BPDU Filter Default is disabled

Loopguard Default            is disabled

EtherChannel misconfig guard is enabled

UplinkFast                   is disabled

BackboneFast                 is disabled

Configured Pathcost method used is short

Name                   Blocking Listening Learning Forwarding STP Active

---------------------- -------- --------- -------- ---------- ----------

VLAN0001                     0         0        0          1          1

VLAN0002                     0         0        0          4          4

VLAN0101                     0         0        0          3          3

VLAN0225                     0         0        0          4          4

VLAN0227                     0         0        0          1          1

VLAN0231                     1         0        0          1          2

VLAN0253                     1         0        0         18         19

VLAN0332                     0         0        0          4          4

VLAN0333                     0         0        0         14         14

VLAN0334                     1         0        0          2          3

VLAN0348                     1         0        0          2          3

VLAN0360                     0         0        0          4          4

VLAN0368                     1         0        0          1          2

VLAN0476                     1         0        0          2          3

VLAN0492                     1         0        0          2          3

VLAN0729                     0         0        0          4          4

VLAN0900                     0         0        0          1          1

VLAN0901                     0         0        0          1          1

VLAN0902                     0         0        0          3          3

sh int trunk

Port        Mode             Encapsulation  Status        Native vlan

Gi0/1       on               802.1q         trunking      1

Gi0/4       on               802.1q         trunking      1

Port        Vlans allowed on trunk

Gi0/1       2,101,225,253,332-335,337,345,348,360,368,371,468,476,492,729,902

Gi0/4       1-4094

Port        Vlans allowed and active in management domain

Gi0/1       2,101,225,231,252-253,332-335,337,345,348,360,368,371,468,476,492,729,902

Gi0/4       1-2,8-9,11,18,22,26,30,44-45,50,90,101,200,222-223,225,227,231,234,250-263,268-270,301-352,358-360,363-364,368,371-374,389-390,468,476,492,499-500,554-559,729,900-902

Port        Vlans in spanning tree forwarding state and not pruned

Gi0/1       2,101,225,231,252-253,332-335,337,345,348,360,368,371,476,492,729,902

Gi0/4       1,332

Hello David,

You have a default-gateway of 172.21.0.1 which puts this switch in vlan 100

I dont see layer 2 vlan 100 on this switch or allowed on the trunk

try this on the 3560:

conf t

vlan 100

exit

int gig0/1

Switchport trunk allowed vlan add 100

Also can you check the cores for vlan 100:
sh vlan brief
sh int trunk

res

Paul

Please don't forget to rate this post if it has been helpful.

Hello David,

If i correctly understand, your issue was.

clients(vlan 360) on switch 3560 not able to access or ping default gateway which is on server firm switch and server on firm switch which is on same vlan.

We are use trunk link  between switches insted on access link to carry traffic from all vlans over single link with vlan tagging information so each receving switch must identify for which vlan a frame belongs to.Vlan tag information append by first switch the network and remove by last switch in the network where packet send over edge port .In your network you are trying to ping from vlan 360 to gateway which is on firm switch (6513).As frames leaves switch 3560 it append vlan tagg 360and as soon as frame receive on the core switch it  drops because vlan 360 is not defind on core switch.

Please configure following way.

The CAT6909-1

spanning-tree mode rapid-pvst

spanning-tree vlan 100,360,900 priority 8192

!

interface Vlan100

ip address 172.21.0.x 255.255.255.0

standby 1 ip 172.21.0.1

standby 1 priority 110

!

interface Vlan900

ip address 10.10.0.x 255.255.255.0

standby 2 ip 10.10.1.1

standby 2 priority 110

interface Vlan 360

ip address 172.21.36.x 255.255.255.0

standby 1 ip 172.21.36.1--------------------------------gateway for vlan 360

standby 1 priority 110

The CAT6913-1

remove all config from The CAT6913-1and configure switch port as access vlan 360 on which server is connected.

Do not forget to create all vlans on this firm switch also but do not configure int mode for them.

Ok It' s a possible solution but it isn't applicable because the server lan is native on this 6513. Otherwise i think it can't help propagating this vlan to the switch access.

From my troubleshooting information, I suppose that the problem is regarding the L3/L2 between the 6513s and the 6509s.

Hello david,

You say you can ping from the distribution and core, but not from this switch?

can you post the running config of that switch, also

sh standby brief

sh spanning-tree blocked ports

sh spanning-tree vlan 360

sh int trunk

sh vlan brief

res

Paul

Please don't forget to rate this post if it has been helpful.