Setup 802.1q on Cisco ASA 5505

We have a Cisco ASA 5505.  The main network is on 192168.10.X with a Windows server doing DHCP.

We are setting up VoIP phones that use a hosted provider they indicated we should setup:

1.      Setup a VLAN on the ASA
2.      Have the ASA do DHCP for that VLAN
3.      Prioritize that VLAN over the main network VLAN
4.      Turn on 802.1Q tagging

Does anyone have the steps in the ASDM or the config lines to accomplish these steps I would really appreciate it!
jcwiletsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SuperTacoCommented:
for the VLAN:

config t
int vlan 100 or (whatever the vlan number, lets just say 100 here)
ip address (address and subnet mask)
name-if phone_vlan

configt t
int fe\4 (or whatever interface you want to use.  you have plenty of ports on an ASA so I would worry about sub interface)
switchport-access vlan 100


For DHCP:

dhcpd address ip_address-ip_address interface_name
dhcpd dns dns1 or dns2
dhcpd lease lease_length
dhcpd option 3 ip gateway_ip
dhcpd enable interface_name

Prioritize VLAN 100

You can use a class map with a policy map and ACL. I assume that the Vlan you need to apply priority is 192.168.1.0/24
-----------------------------------------------------------
ASA(config)#access-list Traffic-OUT extended permit ip 192.168.1.0 255.255.255.0 any

ASA(config)# class-map OUTGOING
ASA(config-cmap)# match dscp ef
ASA(config-cmap)# match access-list Traffic-OUT
ASA(config-cmap)# exit

ASA(config)# policy-map PriorityPolicy
ASA(config-pmap)# class OUTGOING
ASA(config-pmap-c)# priority
ASA(config-pmap-c)# exit

ASA(config)# service-policy PriorityPolicy interface vlan_100

apply 802.1q tagging:

I wouldn't worry about this because your using a  different interface.  802.1q is utilized for subinterfaces.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jcwiletsAuthor Commented:
Thank you so much.  I think I need 802.1q because the phones if we enable this then assign themselves to that other vlan  and get the correct IP.  If you wouldn't mind helping with enabling that as well?
0
PugglewuggleCommented:
Are you using a call manager?
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Istvan KalmarHead of IT Security Division Commented:
Hi,

Don't forget if you base license you not able pass traffic booth inside and VPN, because it is restricted,
please provide us'sh ver' command output
0
jcwiletsAuthor Commented:
No call manager.  I will check on the license
0
SuperTacoCommented:
for the phones getting the right IP, on another VLAN, you just have to use CDP to find the phones.  Most of my deployments have been small, so 802.1q was not necessary.  It may be for yours.  Like I said before, its usually used for sub-interfaces.  Here's an example

conf t
int f\e0.1
ip address XXXXXXXX
encapsulation .1q  3 (meaning VLAN3)  

If you have a VLAN assigned to the interface you don't need it, but that's how you would do it.  You also really only need it for DHCP if the computers on the LAN are piggy backing their network connection off of the phones.  
0
jcwiletsAuthor Commented:
Yes thats the issue is that computers are piggybacking off the phones and getting DHCP from Windows.  I could just manually set all the IP phones though to the VLAN3 and then have the phone tell the network port to go get DHCP as usual for the PC....  Does that make sense?
0
jcwiletsAuthor Commented:
Ok here is our config as it stands.

Main Data network is 192.168.10.X
Phone network is 192.168.100.X

We followed Super Taco and everything worked except the line
ASA(config-cmap)# match access-list Traffic-OUT

error was cannot have multiple match commands unless its default- something or a trunk

If I can get feed back or what needs to be fixed?  192.168.100.X needs to be able to reach the internet obviously.
0
jcwiletsAuthor Commented:
Sorry config attached asa-config.txt
0
SuperTacoCommented:
I think it's talking about setting it as a default gateway or a trunk port.  Have you tried just adding a simple route?
0
jcwiletsAuthor Commented:
Does it need to be a trunk port?  Can you look over our config I posted?  I really appreciate it
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.