Hi Everyone..... I moved my server room from our old admin bldg. to our brand new bldg. last weekend. I knew in advance that this would physically separate our firewall from our internet radio but I knew (or thought I knew) how to backhaul the internet side of the network to the new location with using a second fibre pair and use VLAN's within the Procurve switches to link the radio to the firewall. Refer to attached diagram to see my current setup. Once the server room was populated with all my gear in the rack and cabled up.... everything fired up nicely. I then setup the fibre for the inside lan and all PC's within the 3 locations could see the servers no problem. I then connected my "InetBackhaul" link and to my dismay internet did not light up. Here is how I configured the switches......
School Switch - Setup Second VLAN called INETBackhaul and added port 48 as a tagged port and port 44 as an untagged port and set the rest of the ports to stay on the default_VLAN. You can see on the attached diagram that the radio is on port 44 and the fibre link is on port 48 linked to the other side. (I read that you should always have the uplink port as a Tagged port, not sure why but I did try setting port 48 to untagged as well but didn't help)
Office Bldg Switch - Exact setup as the school switch... Created a VLAN called INETBackhaul and added port 48 as a tagged port and port 44 as an untagged port that links into the Untrust (or internet) port of our juniper firewall. I figured this would light up right away and give a channel for our router to talk to the Radio.... but no joy. No traffic was passing over the second VLAN (or so it seemed).
Yes I verified the physical connection on the second link and it works fine. So I knew it had something to do with the VLAN config. So after some intensive and stress filled hours to get this online my work around was to put port 44 on each switch back on the DEFAULT_VLAN. When I did that internet connection came alive and all internet traffic was flowing across the port 47 link. As this works, I really wanted to physically separate the traffic from the internet side to the LAN side. As added info to this issue, after the dust settled and everything was working I did notice my email spam filter logs were showing email coming in from the internet with timestamps BEFORE I implemented my work around. So I think traffic was able to come in, but the router was not able to get back to the router (Arp issue maybe??). Can anyone see anything I am missing here?