I need help. We are in the process of changing a large  L2 network. Everything terminates into a single small FW. The IP range is so the end of the port configured on the FW is This is where everything terminates. 


Now we want to remove this function from the FW and introduce a L3 device with a vlan which i created called VLan4 and the ip address i assigned to it is Also made necessary route changes to send traffic to FW and out. 


I was hoping that when we unplug the cable from the FW and into the L3 that everything will work, but it is not. I am getting Arp incomplete. It looks like behind the L3 there are other devices (hubs/switches) and when i do show cdp neigh, my port on L3 shows as connected to 2 different devices. 


What am i doing wrong?

If all the Switches are L2, then you need to create an SVI with Vlan 1 and allocate FW IP address to that SVI ( and keep that in shutdown mode)


follow below steps on Switch :


config t


interface vlan 1

ip address




When the maintenance window agreed, remove the FW Cable, from Swtich

in the switch


config t

interface vlan 1

no shutdown



ping from device and advise.


once this is success, you need to create FW different IP address and accordingly for internet and NATiing part.


Hope this steps helps.





