This was caused by me forgetting about a switch. Continue reading only if you're very bored
SonicWALL NSA 3500 connected to Cisco Catalyst 3850. The SonicWALL has "sub-interfaces" (VLANs) V2, V800, and V802. The 2 and 802 have worked fine for forever, and I am now trying to add 800, but no traffic is working through the trunk. See the image for my configs. I can't get a downstream "switchport access vlan 800" port with a device to connect, and on the switch I can't ping 172.16.16.7, which is the SonicWALL sub-interface IP, whereas I can ping the IP for VLAN 802.
EDIT - Since configuring the Cisco with "ip classless" I was able to get Spanning-Tree to get out of "BKN" status and VLAN 800 now shows up as a non-pruned VLAN in "sh int gi1/0/2 trunk" but my main issue of not being able to pass traffic or connect an access device on that VLAN still persists.
Here's the link to the image in case it's too small to see here: http://oi60.tinypic.com/15cllp1.jpg
EDIT
Switch#sh span summ
Switch is in pvst mode
Root bridge for: VLAN0800
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 9 9
VLAN0002 0 0 0 14 14
VLAN0003 0 0 0 9 9
VLAN0004 0 0 0 10 10
VLAN0005 0 0 0 10 10
VLAN0006 0 0 0 9 9
VLAN0007 0 0 0 9 9
VLAN0008 0 0 0 9 9
VLAN0009 0 0 0 9 9
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0010 0 0 0 9 9
VLAN0011 0 0 0 9 9
VLAN0012 0 0 0 10 10
VLAN0013 0 0 0 9 9
VLAN0014 0 0 0 9 9
VLAN0015 0 0 0 11 11
VLAN0016 0 0 0 9 9
VLAN0017 0 0 0 9 9
VLAN0018 0 0 0 11 11
VLAN0103 0 0 0 9 9
VLAN0104 0 0 0 10 10
VLAN0105 0 0 0 10 10
VLAN0106 0 0 0 9 9
VLAN0107 0 0 0 9 9
VLAN0111 0 0 0 9 9
VLAN0800 0 0 0 9 9
VLAN0802 0 0 0 10 10
VLAN0803 0 0 0 9 9
---------------------- -------- --------- -------- ---------- ----------
27 vlans 0 0 0 258 258
Switch#sh span vlan 800
VLAN0800
Spanning tree enabled protocol ieee
Root ID Priority 4896
Address dca5.f433.4980
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4896 (priority 4096 sys-id-ext 800)
Address dca5.f433.4980
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/2 Desg FWD 19 128.2 P2p
Gi1/0/14 Desg FWD 4 128.14 P2p
Gi1/0/15 Desg FWD 4 128.15 P2p
Gi1/0/16 Desg FWD 4 128.16 P2p
Gi1/0/17 Desg FWD 4 128.17 P2p
Te1/1/3 Desg FWD 4 128.55 P2p
Te1/1/4 Desg FWD 4 128.56 P2p
Po1 Desg FWD 3 128.2027 P2p
Po2 Desg FWD 3 128.2028 P2p
Switch#sh int gi1/0/2 switchport
Name: Gi1/0/2
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
*See my top edit - VLAN 800 now shows up in "sh int gi1/0/2 trunk" as a non-pruned VLAN but that didn't change my issue of not being able to connect anything on that VLAN and I still cannot ping 172.16.16.7
It sounds like a routing issue. Make sure the Cisco Catalyst 3850 has a default route to the SonicWALL NSA 3500 or a route directly to the 172.16.16.0/24 destination via the SonicWALL. Not having the proper routes would prevent the switch from being able to PING an IP address not on the same subnet.
I would be curious to know whether the device on vlan 800 could PING 172.16.16.7.
Providing some TRACEROUTE results would also be helpful from the switch to 172.16.16.7 and also to the device on vlan 800 and from the device on vlan 800 to 172.16.16.7 and also to the switch.
Oh god, I'm such an idiot. There was a switch between the Cisco and SonicWALL that I completely forgot about until I was up there about to put my network tap into place. It should've been passing everything along, but on a whim I decided to check its config and found
switchport trunk allowed vlan 1,2,802,1002-1005on both ports involved. Sorry to have wasted everybody's time and brainpower. It works now.