Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!

Replacing Router VLAN functionality with L3 Switch

Hi there,

we are currently using the cisco ASA 5510 router and numerous L2 cisco swiches with multiple VLANs in our network.


The router is currently configured to route all our local VLAN traffic.

What we want to do is place a L3 cisco switch in front of the router, which is supposed to take care of the VLANs, so the router does not need to handle our local VLAN traffic anymore.


Everything is already pre-configured.

The L3 switch will act as gateway for each VLAN and the default gateway of the switch itself will be the router.


Now my questions are:


1) Do we need to delete the current VLAN configuration from the router or can we just keep it there? It should no longer be needed, as the L3 switch is doing that now, right?


2) Will our routers NATing functionality still work once we put the L3 switch in place?



Here's picture of our current network infrastructure:

And this is what we are planning to do:



I hope you guys are happy to assist me and my team :-)


Thanks in advance,


John Blakley


You'll probably want to remove your subinterfaces from the ASA after you verify that everything is working. You can connect the ASA to a single vlan that matches up to the vlan svi that you have on the switch. What I mean by that is let's assume your ASA's internal interface is addressed at, and you have vlan 10 on the L3 switch addressed at You'd put the interface that the ASA connects to in vlan 10 and you're done.

Natting should continue to work, but you'll need either a routing protocol configured between the ASA and the L3 switch, or you can use statics on the ASA. The L3 switch will have a single default route pointing to the ASA's internal address and the ASA will need to have a route for every vlan pointing back to the L3 switch.

If you have 3 vlans:

vlan 10 -

vlan 20 -

vlan 30 -


The ASA will know about vlan 10 (because it's locally connected for my example of the ASA's interface being at, but it won't know about vlan 20 or 30, so you'll need static routes:

route inside

route inside

Remember my example above of the L3 switch svi having the address on vlan 10 svi? That would be your next hop for the ASA to send its traffic.

Other than that, you should be good as far as I can see. Once everything is working, you might as well remove the subinterfacs from the ASA. You *might* need to double check your nat rules to make sure you don't have anything associated to your subinterfaces. If you do, you'll need to rewrite those rules as well.



HTH, John *** Please rate all useful posts ***