Setup 802.1q on Cisco ASA 5505

We have a Cisco ASA 5505.  The main network is on 192168.10.X with a Windows server doing DHCP.

We are setting up VoIP phones that use a hosted provider they indicated we should setup:

1.      Setup a VLAN on the ASA
2.      Have the ASA do DHCP for that VLAN
3.      Prioritize that VLAN over the main network VLAN
4.      Turn on 802.1Q tagging

Does anyone have the steps in the ASDM or the config lines to accomplish these steps I would really appreciate it!
jcwiletsAsked:
Who is Participating?
 
SuperTacoCommented:
for the VLAN:

config t
int vlan 100 or (whatever the vlan number, lets just say 100 here)
ip address (address and subnet mask)
name-if phone_vlan

configt t
int fe\4 (or whatever interface you want to use.  you have plenty of ports on an ASA so I would worry about sub interface)
switchport-access vlan 100


For DHCP:

dhcpd address ip_address-ip_address interface_name
dhcpd dns dns1 or dns2
dhcpd lease lease_length
dhcpd option 3 ip gateway_ip
dhcpd enable interface_name

Prioritize VLAN 100

You can use a class map with a policy map and ACL. I assume that the Vlan you need to apply priority is 192.168.1.0/24
-----------------------------------------------------------
ASA(config)#access-list Traffic-OUT extended permit ip 192.168.1.0 255.255.255.0 any

ASA(config)# class-map OUTGOING
ASA(config-cmap)# match dscp ef
ASA(config-cmap)# match access-list Traffic-OUT
ASA(config-cmap)# exit

ASA(config)# policy-map PriorityPolicy
ASA(config-pmap)# class OUTGOING
ASA(config-pmap-c)# priority
ASA(config-pmap-c)# exit

ASA(config)# service-policy PriorityPolicy interface vlan_100

apply 802.1q tagging:

I wouldn't worry about this because your using a  different interface.  802.1q is utilized for subinterfaces.
0
 
jcwiletsAuthor Commented:
Thank you so much.  I think I need 802.1q because the phones if we enable this then assign themselves to that other vlan  and get the correct IP.  If you wouldn't mind helping with enabling that as well?
0
 
PugglewuggleCommented:
Are you using a call manager?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Istvan KalmarHead of IT Security Division Commented:
Hi,

Don't forget if you base license you not able pass traffic booth inside and VPN, because it is restricted,
please provide us'sh ver' command output
0
 
jcwiletsAuthor Commented:
No call manager.  I will check on the license
0
 
SuperTacoCommented:
for the phones getting the right IP, on another VLAN, you just have to use CDP to find the phones.  Most of my deployments have been small, so 802.1q was not necessary.  It may be for yours.  Like I said before, its usually used for sub-interfaces.  Here's an example

conf t
int f\e0.1
ip address XXXXXXXX
encapsulation .1q  3 (meaning VLAN3)  

If you have a VLAN assigned to the interface you don't need it, but that's how you would do it.  You also really only need it for DHCP if the computers on the LAN are piggy backing their network connection off of the phones.  
0
 
jcwiletsAuthor Commented:
Yes thats the issue is that computers are piggybacking off the phones and getting DHCP from Windows.  I could just manually set all the IP phones though to the VLAN3 and then have the phone tell the network port to go get DHCP as usual for the PC....  Does that make sense?
0
 
jcwiletsAuthor Commented:
Ok here is our config as it stands.

Main Data network is 192.168.10.X
Phone network is 192.168.100.X

We followed Super Taco and everything worked except the line
ASA(config-cmap)# match access-list Traffic-OUT

error was cannot have multiple match commands unless its default- something or a trunk

If I can get feed back or what needs to be fixed?  192.168.100.X needs to be able to reach the internet obviously.
0
 
jcwiletsAuthor Commented:
Sorry config attached asa-config.txt
0
 
SuperTacoCommented:
I think it's talking about setting it as a default gateway or a trunk port.  Have you tried just adding a simple route?
0
 
jcwiletsAuthor Commented:
Does it need to be a trunk port?  Can you look over our config I posted?  I really appreciate it
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.