Can't see devices on secondary switch in particular vlan

[nosebreaker]

I have 4 switches set in a partial mesh:
sw1 <-> sw3
| |
sw2 <-> sw4

I have an asa5510 plugged into sw1 and sw2, with a few vlans. The problem is that servers plugged into sw2 on 2 of the vlans cannot be seen by anything else! Servers in the same vlan on sw1,2,3 or 4 can see each other, but servers in these other vlans on sw2 cannot been seen by anything! I am also having an issue with the 2nd firewall not being seen, because it can't go across the trunk. See picture for example.

How can I debug the issue here? Spanning tree shows the 4gb link as being disabled, so it is traversing from sw1->sw3->sw4->sw2.

 

[SweetRevelation]

We'd need to see the configs all the switches, at least for the ports on each switch where they connect to each other.

 

[nosebreaker]

Ok, I have cleaned the config so there might be duplicate items here. sw3/sw4 are actually 3750-X switches in a stack.

http://nosebreaker.com/sw1-scrubbed.txt

http://nosebreaker.com/sw2-scrubbed.txt

http://nosebreaker.com/sw3-scrubbed.txt

http://nosebreaker.com/sw4-scrubbed.txt

 

[cknipe]

What device is doing the routing for the vlans? the ASA or the switches? I couldnt tell if switch 1 and 2 are stacked or not but that might be helpful to know as well. Generally you want all of your routing to be performed from 1 place if you can. According to your configs, you have vlan interfaces on switch 1 and switch 2. Lets start there. If the switches are performing the routing, then your will make the default gateway of each subnet equivalent to the vlan interface ip address that this node is a member of. But first, tell us which device you plan on handling routing.

 

[nosebreaker]

The switches aren't doing any routing, the ASA is. sw1 and sw2 are not stacked, they are Dell 5448's. The problem appears to somehow be with the VLANs or spanning tree or something, because the devices on sw2 in those 2 other subnets can't even be seen by devices in the same subnet as they are (blue and purple in the diagram)!

 

[VinceWhirlwind]

I'm assuming the coloured lines "purple", "blue" & "red" in your diagram represent VLANs.

What I don't understand is why you have devices in the same VLAN separated by an ASA5510.

Devices in the same VLAN should have a Layer2 connection to each other - is that what the "4gb" link joining the Dells is meant to be doing?
If so, give us the config for the switch interfaces on either side of the "4gb" link.

Additionally, give us the IP addresses for each interface on the ASA.

Also, the IP address and default GW for each of your "purple", "blue" & "red" servers.

 

[nosebreaker]

The ASA isn't coming into the picture if a device in the same subnet and vlan can't ping the other! Yes the different colors indicate different vlans and subnets. The 4gb/5gb/8gb links are trunks that should be passing all vlans across all the switches.

 

[nosebreaker]

The ASA's in the diagram are a hot/standby failover pair. I cannot ping the secondary interface any more now that I moved them onto the 2nd switch. It's as if the switch isn't passing the vlan traffic to the other! I show that spanning-tree has blocked the 4gb link in the diagram between the dell switches, so it should be traversing from sw1->sw3->sw4->sw2

 

[cknipe]

it looks like all the heavy lifting is being done on the dell switches and the ciscos are just passing the traffic on through. YOu might want to post this in a dell forum as well. does the dell switches have a port trunk permit all vlan statement that you can try on the trunk ports? I looks like you are defining all of the vlans anyway but that might be worth a shot.