Please bear with me as I try to simply define my network and the issue I am suffering from (Actual IP addressing changed to protect the inocent).
I have 2960s switches stacked using the stacking modules and then interconnected using 10GB SFP modules. Each stack currently has a clearly defined role but we trunk VLAN's between stacks to allow the flexibility to have ports in any VLAN from any stack.
Workstation Stack
4 x switches interconnected on uplink ports. Native VLAN on all access ports VLAN5 (all gig ports are access ports). VLAN5 interface address 1923.168.5.240, VLAN2 interface 192.168.1.53
Trunk port carries VLAN's 2, 5 & 11 native VLAN2.
Default Gateway 192.168.1.240
Server Stack
2 x switches interconnected on uplink ports. Native VLAN on all access ports VLAN2, VLAN interface address 192.168.1.49.
Trunk port carries VLAN's 2, 5 & 11 native VLAN2.
Default Gateway 192.168.1.240
Coms Stack
Single switch interconnected on uplink ports. Native VLAN on all access ports VLAN2, VLAN interface address 192.168.1.240.
Trunk port carries VLAN's 2, 5 & 11 native VLAN2.
Default Gateway 192.168.1.1 (FW) provides access to Internet and DMZ.
VLAN2 subnet 192.168.1.0
VLAN5 subnet 192.168.5.0
VLAN11 subnet 192.168.11.0
The Problem is as follows:
from 3 of the switches in the workstation stack I can access all resources in VLANs 2, 5, 11 out to the DMZ and Internet. If I am connected to the switch that has the 10GB uplink port (lets call it SW1) I can only get to resources in VLANs 2 & 5, can't get to the Internet or DMZ or VLAN11. Why just this one switch?
Additional information:
If I configure a access port on SW1 to have a native VLAN 2, correctly configure my workstation in the 192.168.1.0 subnet I CAN gain access to all resources on my network, the DMZ and the Internet.
So I am thinking that for some reason the packets are not being tagged and when my access port is in VLAN5 the IP addressing is being allowed to bleed over subnets that the switches know about but that traffic is not getting back from resources beyond the firewall.
Help / suggestions much appreciated.