VLAN Issue

I am setting up a VLAN according to the attached diagram. I am not sure this will work, as the firewall will be at a remote location that receives its internet from my location, BUT I also want direct access to their network at my location. The issue is the ISP connection. I want those ports to be without an IP configuration (HP Procurve IP set to disabled). Do, I have that traffic be tagged. My understanding on Procurves is that I can have one port on a VLAN be untagged traffic.

Previously I had problems with the ISPs ARP tables and these switches if they were not set to IP disabled. So, I want the VLAN attached to the external ports and the ISP to basically be "dumb," but still have the VLAN to the internal network. Please see the attached diagram.
Glenn ManryAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andy BartkiewiczNetwork AnalystCommented:
I would get ride of the vlan 20 and vlan 10 links you have between your HP switches. You don't need them because you have fiber ports that you are trunking between these switches, plus you might create a routing loop. Also I'm assuming that your firewall is inline and isn't doing routing, so your external vlan is going to have to extend to port 3 on the top HP switch shown on the diagram.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Andy BartkiewiczNetwork AnalystCommented:
Also Port 3 on the top switch will need to be a routed port and set as the gateway of last resort
Glenn ManryAuthor Commented:
I apologize, the dotted lines in my diagram are for implication of connection via the trunk. I made that diagram for lay people, and I left out some explanatory text in order to mask specifics.

So, I have the trunk and the VLAN 10 and 20 for the proper separation of functions. However, my FW is doing the routing. Should I change the layer 3 switch to a layer 2?

Glenn ManryAuthor Commented:
I believe the layer 3 switch is interfering with the setup. I am going to re-implement with two layer two switches.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.