asked on
ASA5510: VLAN and QoS config for VoIP?
Hi everyone,
We're in the process of switching over our phone system from a legacy Nortel MICS and are currently playing with a FreePBX implementation. Our network consists of Cisco Catalyst 2690 switches, Dell PowerConnect 3448P PoE switches, and an ASA5510. We have no layer 3 switches or separate routers and are hoping to avoid adding either for cost reasons.
The ASA has 4 interfaces configured: inside, outside, dmz, and guest_inside. We host our own mail and web servers which sit on the DMZ. We also have a WLC-2504 which has one interface on our inside network and another connected to the guest_inside interface on the ASA.
Our internal network configuration consists of one VLAN (vlan 1). We’re currently in an experimentation phase with FreePBX and are trying to understand how to best configure QoS, separate VLANs, etc.
After that long winded intro, I have some questions:
1. We have 2 Dell PowerConnect 3448P switches set aside for use only with VoIP phones. We’re currently using the ASA as a DHCP Server on the inside interface and we’ll also need DHCP (and option 66) for the VoIP phones. What’s the best way to connect the Dell PoE switches to the network:
A. Connect them to the existing Cisco switch stack with a trunk and create a VLAN for VoIP on the Dell switch ports?
B. Create another interface on the ASA (inside_voip for example) with the same security level as the inside interface (100) and create a VLAN for VoIP on the Dell switch ports?
C. Create sub-interfaces on the inside interface and let the ASA handle intervlan routing and create a VLAN for VoIP on the Dell switch ports?
D. Something else?
2. What’s the best strategy for setting up QoS on the ASA? I’ve read the “Configuring QoS” ASDM help docs and they aren’t particularly helpful. Ultimately, I want to give absolute priority to voice and it’s not clear to me if I just need to setup a Priority Queue, Policing, Traffic Shaping, or some combination of the 3.
Thanks -- Steve
We're in the process of switching over our phone system from a legacy Nortel MICS and are currently playing with a FreePBX implementation. Our network consists of Cisco Catalyst 2690 switches, Dell PowerConnect 3448P PoE switches, and an ASA5510. We have no layer 3 switches or separate routers and are hoping to avoid adding either for cost reasons.
The ASA has 4 interfaces configured: inside, outside, dmz, and guest_inside. We host our own mail and web servers which sit on the DMZ. We also have a WLC-2504 which has one interface on our inside network and another connected to the guest_inside interface on the ASA.
Our internal network configuration consists of one VLAN (vlan 1). We’re currently in an experimentation phase with FreePBX and are trying to understand how to best configure QoS, separate VLANs, etc.
After that long winded intro, I have some questions:
1. We have 2 Dell PowerConnect 3448P switches set aside for use only with VoIP phones. We’re currently using the ASA as a DHCP Server on the inside interface and we’ll also need DHCP (and option 66) for the VoIP phones. What’s the best way to connect the Dell PoE switches to the network:
A. Connect them to the existing Cisco switch stack with a trunk and create a VLAN for VoIP on the Dell switch ports?
B. Create another interface on the ASA (inside_voip for example) with the same security level as the inside interface (100) and create a VLAN for VoIP on the Dell switch ports?
C. Create sub-interfaces on the inside interface and let the ASA handle intervlan routing and create a VLAN for VoIP on the Dell switch ports?
D. Something else?
2. What’s the best strategy for setting up QoS on the ASA? I’ve read the “Configuring QoS” ASDM help docs and they aren’t particularly helpful. Ultimately, I want to give absolute priority to voice and it’s not clear to me if I just need to setup a Priority Queue, Policing, Traffic Shaping, or some combination of the 3.
Thanks -- Steve
CiscoVoice Over IPHardware FirewallsDell
Last Comment
SteveV
ASKER
Thanks for the reply. If I go with C, I assume I'll need to remove the IP address and DHCP server settings from the physical interface before I create my sub-interfaces?
With that done, would I create my sub-interfaces and for each sub-interface specify the VLAN and setup DHCP server?
Will this break my config? Or asked differently; will removing the IP address from the physical interface affect existing access lists, nat, etc. and if so, what's the best way to correct this?
Sorry if these are basic questions but I know enough to be moderately dangerous and want to make sure I fully understand what things I'll need to change.
Thanks again -- Steve
With that done, would I create my sub-interfaces and for each sub-interface specify the VLAN and setup DHCP server?
Will this break my config? Or asked differently; will removing the IP address from the physical interface affect existing access lists, nat, etc. and if so, what's the best way to correct this?
Sorry if these are basic questions but I know enough to be moderately dangerous and want to make sure I fully understand what things I'll need to change.
Thanks again -- Steve
ASKER
Still looking for help on this if anyone has any suggestions.
Thanks -- Steve
Thanks -- Steve
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks for the help.
2. You'll want all three. This http://www.laguiadelnetworking.com/how-to-enable-qos-priority-queue-on-the-cisco-asa-firewall/ will help, as will this: https://albahra.com/journal/2013/04/crash-course-cisco-asa-5505-setup-with-qos