Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2001
Views
5
Helpful
3
Replies

Layer 3 Switch vs ASA, which one for inter-vlan routing?

Go to solution
oborrero29
Level 1
Level 1

‎07-05-2014 10:46 AM - edited ‎03-07-2019 07:56 PM

Greetings, 

I've been working on my GNS3 labs and I just finished configuring Routing on a Stick: Trunking (L2 switch w/multiple VLANS and trunk interface to > Router); and I've also completed a lab with L3 Switching and SVI's. From what I've seen in some environments most network setups looks like this, Server > L2 Switch > ASA (ASA Handles Inter-vlan routing); another alternative to that would be Server > L3 Switch > ASA; In this latter scenario where would/should the inter-vlan routing happen? Could a L3 switch and ASA work together? Are there benefits to either setup?  It seems to me that the ASA at it's heart is a L3 switch with WAN capabilities so is there even need for a L3 switch? What's the most common setup for ASA's?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vasilii Mikhailovskii
Level 7
Level 7

‎07-05-2014 11:45 AM

Hello.

First of all ASA is a security device. So how you use it, is really depend on your security requirements.

If you have some special security constraints on inter VLAN traffic routing (like in DMZ between different applications), then ASA should be routing traffic.

If you have a requirement to minimize latency and maximize throughoutput of your routing,, then L3 switch is your choice.

PS: L3 switch has it's cost in term of purchase and support, as well as ASA; so cost might become an important criteria.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Vasilii Mikhailovskii
Level 7
Level 7

‎07-05-2014 11:45 AM

Hello.

First of all ASA is a security device. So how you use it, is really depend on your security requirements.

If you have some special security constraints on inter VLAN traffic routing (like in DMZ between different applications), then ASA should be routing traffic.

If you have a requirement to minimize latency and maximize throughoutput of your routing,, then L3 switch is your choice.

PS: L3 switch has it's cost in term of purchase and support, as well as ASA; so cost might become an important criteria.

0 Helpful

Go to solution
oborrero29
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎07-05-2014 01:23 PM

Hi Vasilii, 

If I can apply ACL's to a L3 switch then what additional benefit can the ASA provide that the L3 switch can't do? Couldn't the L3 switch accommodate the special security constraints on inter VLAN traffic routing? I've read that by default L3 switches allow all traffic opposed to ASAs which block all traffic.

0 Helpful

Go to solution
Vasilii Mikhailovskii
Level 7
Level 7
In response to oborrero29

‎07-06-2014 02:10 AM

Hello.

First of all ASA is a great NAT device. So, if you need flexibility in NAT, then ASA is your chose.

ACLs you mentioned on L3 switch are one-way only, at the same time ASA is a stateful device, that tracks all the connections and may look deep inside (up to L7).

Let try other way: what are your security requirements and what is your budget? Do you need high availability (more than 1 device and automatic failover)?

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card