Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
5
Helpful
1
Replies

Replacing Router VLAN functionality with L3 Switch

ogbranny1337
Level 1
Level 1

‎03-11-2014 01:03 AM - edited ‎03-07-2019 06:38 PM

Hi there,

we are currently using the cisco ASA 5510 router and numerous L2 cisco swiches with multiple VLANs in our network.

 

The router is currently configured to route all our local VLAN traffic.

What we want to do is place a L3 cisco switch in front of the router, which is supposed to take care of the VLANs, so the router does not need to handle our local VLAN traffic anymore.

 

Everything is already pre-configured.

The L3 switch will act as gateway for each VLAN and the default gateway of the switch itself will be the router.

 

Now my questions are:

 

1) Do we need to delete the current VLAN configuration from the router or can we just keep it there? It should no longer be needed, as the L3 switch is doing that now, right?

 

2) Will our routers NATing functionality still work once we put the L3 switch in place?

 

 

Here's picture of our current network infrastructure:

And this is what we are planning to do:

planned

 

I hope you guys are happy to assist me and my team :-)

 

Thanks in advance,

Brandon

Labels:
0 Helpful
1 Reply 1

John Blakley
VIP Alumni
VIP Alumni

‎03-11-2014 04:14 AM

Brandon,

You'll probably want to remove your subinterfaces from the ASA after you verify that everything is working. You can connect the ASA to a single vlan that matches up to the vlan svi that you have on the switch. What I mean by that is let's assume your ASA's internal interface is addressed at 192.168.1.1, and you have vlan 10 on the L3 switch addressed at 192.168.1.2. You'd put the interface that the ASA connects to in vlan 10 and you're done.

Natting should continue to work, but you'll need either a routing protocol configured between the ASA and the L3 switch, or you can use statics on the ASA. The L3 switch will have a single default route pointing to the ASA's internal address and the ASA will need to have a route for every vlan pointing back to the L3 switch.

If you have 3 vlans:

vlan 10 - 192.168.1.0/24

vlan 20 - 192.168.2.0/24

vlan 30 - 192.168.3.0/24

 

The ASA will know about vlan 10 (because it's locally connected for my example of the ASA's interface being at 192.168.1.1), but it won't know about vlan 20 or 30, so you'll need static routes:

route inside 192.168.2.0 255.255.255.0 192.168.1.2

route inside 192.168.3.0 255.255.255.0 192.168.1.2

Remember my example above of the L3 switch svi having the 192.168.1.2/24 address on vlan 10 svi? That would be your next hop for the ASA to send its traffic.
 

Other than that, you should be good as far as I can see. Once everything is working, you might as well remove the subinterfacs from the ASA. You *might* need to double check your nat rules to make sure you don't have anything associated to your subinterfaces. If you do, you'll need to rewrite those rules as well.

HTH,

John

HTH, John *** Please rate all useful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card