Yes i got a result. pinging from switch source vlan 302 to 192.168.2.254 100% success. was able to ping from laptop with IP of 192.168.2.254 to 192.168.2.1. so it seem like it is the connection from the trident 7 to vlan 302 that is the culprit. could I have added the vlan to the port incorrectly? 

Okay, so we know the routing is working correctly.

If you do a "sh vlan brief" on the switch do you see the port allocated to the correct vlan ?

Jon

yes vlan 302  shows status active and port GI 1/0/3 

Okay can we recap where we are -

what exactly is connected to gi1/0/3 ?

Can you also post as an attachment the full configuration of the 3850.

Jon

1/0/2 connection to router

1/0/3 connection to Trident 7 vlan 302

interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
 no switchport
 ip address 192.168.2.253 255.255.255.248
!
interface GigabitEthernet1/0/3
 switchport access vlan 302
 switchport trunk allowed vlan 302
 switchport mode access
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
 switchport trunk allowed vlan 401-418
 switchport mode trunk
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
 switchport trunk allowed vlan 501-518
 switchport mode trunk
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
 switchport trunk allowed vlan 601-606
 switchport mode trunk

!

interface Vlan1
 ip address 208.74.184.240 255.255.255.0
!
interface Vlan301
 no ip address
!
interface Vlan302
 ip address 192.168.2.1 255.255.255.248
!
interface Vlan303
 no ip address
!
interface Vlan305
 no ip address
!
ip default-gateway 192.168.2.254
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.2.254
!

How is the Trident end of the connection configured ie. is it configured as a trunk link or as an access port in vlan 302 ?

If it is a trunk link it will be tagging packets so if it is a trunk can you modify the configuration of gi1/0/3 ie.

int g1/0/3
no switchport access vlan 302
switchport mode trunk

I am assuming that vlan will be tagged ie. vlan 302 is not the untagged vlan.

Jon

I believe that has cleared up the connection problem. I am now able to ping from the trident 7 to 192.168.2.1 and also 192.168.2.254 

thank you guys so much for all the help!!! 

now all i have to do is recreate this 59 more times and add in a DNS server. I so wish there was a way I could do this and not have to divide my IP pool into subnets. Do you guys have any thoughts on that? 

Glad to hear it's working.

Not sure what you are asking about dividing up the IP pool.

What are your main concerns, is it having to update the clients with new IP addressing in terms of subnet masks, the general migration etc ?

Jon

right now i am testing with private IP addresses but when put into production we will be using public IP addresses. all our customers are using the same default gateway right now. when we put this into production the way that it is configured now we will not be able to do that, the default gateway will be different for each VLAN. that will make migrating very difficult because the vlan applied to the customer equipment is in the provisioning created in the Trident 7. so when we change we will have to send new provisioning to each device and doesn't sound very fun at all. we only have a few thousand customers. and it sound as if we will have to do it all at once. 

Not sure what you mean by provisioning exactly ?

Is this to with handing out IP addresses, default gateways etc. or something else entirely ?

Jon

Provisioning has to do with configuring the end user equipment.configuring it to send traffic on a specific vlan and also to tell it the internet package that the customer has purchased and sets the transfer rate ie. 25 meg download 5 meg upload. if there was a way that i could give each device the gateway that it needs for the vlan but all vlan get IP addresses from a large pool that would work. however i doubt that is possible with the current way we have configured it.

So the actual customer devices don't get IPs from you (which would make sense).

It is the edge device for the customer that you need to update with the correct details, is that correct ?

Where I am still not following is if you need to update the gateway for each device once you create the new vlans then how exactly this relates to the IP pool.

I think there is probably something obvious I am missing as I have never worked for an ISP.

I was just trying to understand the full problem in case there was something I could suggest to make it easier but perhaps you have already considered all the options.

Jon

Matt told us in the original post that the objective was to reduce the size of the broadcast domain. When you break up a large broadcast domains into several VLANs that means that you also need to break up the single address pool that you had into several subnets. I appreciate that the process of migrating from a single large domain/single address pool to multiple smaller broadcast domains/smaller subnet will be awkward. But you can not have separate independent broadcast domains without having separate independent subnets.

HTH

Rick

Rick

I understand the reason for more subnets.

I am just trying to get to the bottom of what the actual issue is ie. if DHCP is used creating multiple smaller subnets should not really be an issue.

It may be that it is to do with the migration and there may be suggestions we could make to help.

Jon