I have a network with 21 9300 L3 routers, I'm confused as this is my first time setting these up, they are able to ping the internet from the vlans but when i try to ping from the cli 8.8.8.8 it fails, it only works from the main 9300 at our hq that is the only one that can ping 8.8.8.8 from the CLI. I've tried to match the configuration from all of our switches but it doesn't seem to allow me to connect. I initially added a static route but that didn't work and then i added a default gateway but that also did not work. Note: all of the switches come back to the hq switch by fiber.
I don't have a diagram at all there is little to no documentation about the network. The NAT is being handled by our Checkpoint Firewall, and of course so our network is a little different from most. We have waterplants that use scada and we keep that network closed therefore it never touches the internet and we have that disabled in our firewall. The admin side which has internet is managed by a third party vendor, they take care of the computers on that side of the vlan we only provide the switches and route the traffic, so anything that is 10.76.x.x is allowed to go to the internet anything that is on the 172.16.x.x is at a waterplant therefore there is no internet access on these machines.
Correct, so the vlans are working as they should 172.16.x.x has no internet, 10.76.x.x has internet as it should. My issue is that if I'm in the cli on the actual SR switch, I'm unable to ping outside for ex: 8.8.8.8 fails and because of this I'm unable to reach the cisco site to license the switch. The HQ switch can ping 8.8.8.8 and cisco.com successfully and is licensed from the call-home.
To Verify ping 8.8.8.8 and source it from an interface in the 10.76.x.x. Also, Is this the vlan you are using to manage the switches and you want to have access to Internet?
interface Vlan1
description management
ip address 192.168.0.1 255.255.255.0
