Setting up connection between offices via Fiber

A local company has offered Fiber connections - we signed up and they offered a free Dark Fiber Connection (i know, its shouldn't be called dark fiber), it is just a fiber connection that has been split off their normal fiber and connected at both of my locations to Netgear switches.  There is no service or system running between this fiber connection.  My problem is I can't seem to communicate across the fiber connection.  

My first office is setup with a x.x.108.x setup and my second office is setup with a x.x.109.x both with  My default gateway on the PCs are set to my third party firewalls which originally were hooked to the Internet via Time Warner 35/5 connection with a VPN tunnel from the firewall.  This was way to slow so I was hoping the fiber connection would help.  I had the firewall company put in a route to say when traffic from one branch is sent to not go through the VPN tunnel but send the traffic back to the switch x.x.108.127 and they have verified that the traffic is flowing in this way now.  Unfortunately once this route was put in place the traffic doesn't go anywhere once it hits the switches - I get Timed Out when trying to ping or tracert the traffic.  

My switch is a Negear GS752TS and I know very little about what settings I need to put in place so that it will talk to my other Netgear switch at the other office.  I tried putting in a route in my Routing Table saying x.x.109.0 go to my other switch at x.x.109.251 but I still get timed out when I try to communicate with the other office.  I can see that port 48 where the Fiber is connected has traffic flowing across it but it doesn't seem to allow me to direct the correct traffic to it.  What settings do I need to put in place to make this work.  Currently neither office can talk to the other office.

Please let me know if I need to provide further information and I appreciate your patience reading through all of the information I have provided so far.  Thank you.
Jeremy HolbrookInformation Security OfficerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Trent SmithCommented:
What firewall devices are you using?  Have you verified that the stage 2 portion of your VPN is set up correctly?
Jeremy HolbrookInformation Security OfficerAuthor Commented:
The firewalls won't be sending it via VPN as the Fiber connects directly between the two switches.  The firewall is only acting as a router to send the traffic to the switch....I am not in the office at the moment so I can't tell you the brand of firewall but we use a third party (SilverSky) who provides and manages them.
Trent SmithCommented:
It sounds like you will need to add the route to the firewall so that you can talk between the two different sites.  Unless of course you have a layer 3 switch at both locations which you would need to add the route to.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Jeremy HolbrookInformation Security OfficerAuthor Commented:
I believe the switch can handle layer 3 but I am unsure what setting change to make it work.  I will have to research some more.  Thanks.
your locations using different segments.
What is the status of the SFP port on each switch?
You might have to vlan the SFP port on each side and have this VLAN defined on the local Feed and establish as suggested routes there.
Jeremy HolbrookInformation Security OfficerAuthor Commented:
Not sure how to tell the status of the SFP other than I see that they are lit up on the switches and I can see traffic across the ports.  Unfortunately I know very little about these but I have been reading up on the VLAN options but wasn't sure if that would be my answer.
Trent SmithCommented:
You are running VLAN's?  You have to allow access from both the VLAN's to the ports that are passing the traffic or they will not talk properly.  If I missed that in your first post I apologize.
Jeremy HolbrookInformation Security OfficerAuthor Commented:
No I haven't implemented VLANs as of yet.  Unfortunately I am to new at this and I was just not sure what option within the switches I should try.  I will try the VLAN option now.
I think the VLAN is needed to separate the current segment from the other feed with the firewall/router feed managing the transmission.
Given you are currently terminating the fiber connection on a switch..

Not sure whether this switch can have networking RIP2 or other protocols setup on the two ports to converge your networks.
Jeremy HolbrookInformation Security OfficerAuthor Commented:
I looked it up and it does seem to support RIP-2, not that I know what that is yet but I will research it.
Trent SmithCommented:
I worked with a company that had a dedicated fiber run to a building on their property but the company had a network that was VLAN specific at that location and in order to get them to be able to work with our servers we had to add that VLAN to all the connections on our end that were required to get back to the server.  It was a nightmare but after it was set up it was very secure.
simply connecting desperte segments to a switch will only work when a firewall/router on each end to which each system sends non-local network traffic has a configuration to send the traffic through this path.

RIP2 is a network discovery/advertising protocol.
Each side will advertise their network via the fiber connection.

Managing the interconnect solely on the switch will deprive you of the ability to access the remote side should an issue with the fiber arise as the traffic will not leave the switch.

Allowing the firewall/router manage this, will allow for failover.

Do you have an option to have the fiber terminate on the firewall/router on each end?

VLANing the SFP port on each end
And then configuring the VLAN on the firewall/router you can then setup the paths through the link
Jeremy HolbrookInformation Security OfficerAuthor Commented:
The firewall has open ports but doesn't accept a SFP connection or the Fiber connector - just TCP connectors.  I was afraid of what you mentioned that if the Fiber drops the traffic is lost but the Firewall company left the VPN connection up as a secondary route and they would just have to switch it back over to primary to get it back working.

I am trying to figure out the VLAN option now but not quite figuring it out yet.  Trying to read through the switch's manual to figure out what I am supposed to be doing :)
each end of the SFP/fiber connection should have their own IP. ip segment of four ips/30

the switch has no information on how to get to the other side of the fiber.
Jeremy HolbrookInformation Security OfficerAuthor Commented:
We ended up setting up three vlans on both the switch and our firewalls with rules on the firewall to route traffic between the three.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.