Hi Abed,
Thanks. I got the VLANs working and figured out policies to get them talking to the internet zone on the router.
I still have some questions about the static routes. Does each vlan need its own static route with a next-hop set as the gateway router for its zone? I had it configured this way and it seems to be working, but I have run into some perplexing issues when I try and daisychain a second switch to the first (with the same vlans configured).
I'm able to get DHCP to a vlan through a trunk that connects the two ports, but management is still done through a default vlan. This no longer works.
I fixed it yesterday because i noticed that it had just the one static route of 0.0.0.0/0 --> 192.168.1.1, which is the gateway of the interface on the SRX-300 that is providing DHCP through the default vlan to both switches. I connected to the console port and I set it to match the 4 static routes I had configured on the other switch (which is directly connected to the firewall), and voila - the switch was again accessible through the management IP.
Today I had to power down the firewall to move it to its proper place in the server rack, and after coming back online and connecting everything, again I cannot get DHCP through the default vlan of the second switch. I have tried changing the static routes of both switches to 0.0.0.0/0 ---> 192.168.1.1 without any change to the issue. I also tried setting the next hop of the second switch to the IP of the first switch, but this did not help.
I'm really stuck on this one, not sure what else to try!