MAC address table issues with multiple VLANs?

Hi folks,

I am currently having an issue with my network:

The network runs multiple VLANs, however to simplify ithe problem let us only consider 2 of them:

VLAN4 which carries much of the network traffic and VLAN7 which is for security cameras.

The traffic is segregated to make unauthorised viewing of the security camera feeds more difficult (yes the cameras do have passwords but are continually streaming data to the security DVRs).

I have an on-site stratum 1 (GPS locked) time server that provides time to connected devices via NTP,.

I want the time server to be visible to both networks and this was intended to be via an assymetrical VLAN configuration on an upstream switch:

          The switch port connected to the NTP server has PVID 12.

          Another port with PVID 4 connects to the VLAN 4 part or the network.

          Similarly  a port with PVID 7 connects to the vLAN 7 part of the network.

The switch's VLAN configuration allows traffic from the VLAN 4 or VLAN 7 ports to go to the NTP server's port (the VLAN 4 port and the NTP server port are untagged members of VLAN4 and similarly the VLAN 7 port and NTP server port are untagged members of VLAN 7) return traffic on VLAN 12 can go back to VLAN 4 or VLAN 7 (all three ports being untagged members of VLAN 12) but traffic cannot pass from VLAN 4 to VLAN 7.  Testing the traffic routes through this switch works as expected.

However a downstream switch is a GS728TP, split into 2 logical switches with some ports assigned to VLAN 4 and some to VLAN 7, one of the VLAN 4 ports connects to the uopstream switch as does one of the VLAN 7 ports.  A separate cable connections is used between the switches for each of the two VLANs so no issue with tagged traffic here.

Now the fun starts:  Initially I can communicate from either a VLAN 4 or VLAN 7 port on the GS728TP and it works but once I have pinged the NTP server from my chosen port the switch adds the MAC address of the server to its MAC table (and it shows the VLAN used) but when I then connect to a port on the other VLAN I cannot ping the server.  It appears that although the MAC table logs the VLAN on which it saw the destination MAC it does not consider the path could be different if the traffic is carried via a different VLAN.

If I temporarily disconnect the inter-switch path that carried the first ping the new ping then works so there is no issue with the cables.

I accept this may be an unusual configuration and the GS728TP is not an enterprise level switch; am I just expecting too much from it or would others expect a VLAN switch to keep seperate MAC tables per VLAN or am I simply not diagnosing the issue correctly?

Steve