Move of vlan interface from switch to Firewall

Hello , 

We have a Switch ( 2 stack)  and Firewall is directly connected to one of the Gig ports .


We have below VLAN interfaces configured on the switch 


interface Vlan10
description management
ip address
ip helper-address
interface Vlan20
description servers
ip address
interface Vlan30
description Wireless
ip address
ip helper-address
interface Vlan40
description Wired Clients
ip address
ip helper-address
interface Vlan50
description voip
ip address
ip helper-address
interface Vlan70
description Routing
ip address
interface Vlan226
description mgmt_new
ip address


So default gateway configured on the machines in each vlan is the vlan interfaces IP address which is OK


We need to move the Layer 3 interface to ASA , 


My question is does this mean that currently traffic between above vlans is moving through switch . Is there any command which is responsible to route the traffic between VLANs ? the internal traffic is currently not going to firewall


How do i move there interfaces to ASA which is connected on VLAN 70 / the ASA IP address is


Also i dont see the commands to create the VLAN 


like vlan 10
name management


This means that Vlan is automatically created when creating a vlan interface ?


Also , when i move the vlan interfaces to ASA


do i have to do like below , and then create the same interface L3 on ASA

interface Vlan10
no ip address
no ip helper-address

with your current configuration, all inter-Vlan (between Vlans) traffic is processed by the switch. Is the plan to move ALL Vlans to the firewall ? In that case, you have to make the interface connecting the switch stack to the firewall a trunk, and, as you already said yourself, create Vlan interfaces on the firewall.


On the switch, configure:


no ip routing


and remove all Vlan interfaces, e.g.:


no interface Vlan 10


Hi @Georg Pauwen  Thanks


Yes plan is to move vlans 4 vlans initially on ASA


i have 2 questions ; does the command


no ip routing will impact the remaining vlans which we will move later ?


does the command no interface Vlan 10   also delete the vlan 10 because in the configuration ( show runn) i dont see below


vlan 10
name management



Hi ,



one more thing in addition to above 2 queries ,  i have below two commands configured 


What is the difference between ip default gateway and ip route  . This is confusing for me  / Do i need both is ASA IP address 


ip default-gateway
ip forward-protocol nd
ip route



Dont disable ip routing until ALL svis ha e been migrated onto the ASA 


ip default-gateway is used for a host device which at present your switch isn’t as it enabled for ip routing 

OK Thanks Paul


The Management  IP addresss of Switch is VLAN 10 interface 


So i am not going to touch vlan 10 .