Guest

Cisco Unified Contact Center Express

UCCX SPAN-Based Silent Monitoring Configuration Example

Document ID: 118160

Updated: Aug 18, 2014

Contributed by Pavan Dave, Mike Sanchez, and Clifford Aldan, Cisco TAC Engineers.

   Print

Introduction

This document descibes the two different methods to implement Switched Port Analyzer (SPAN)-based Silent Monitoring on the Cisco Unified Contact Center Express (UCCX). The first method is to use external switch tagging (EST) and the second method is to use virtual switch tagging (VST). The difference between the two is where the VLAN tagging happens, either on an external switch or a virtual switch. In order to determine this, look at the switch interface configurations as well as the VMware vSwitch configurations.

Note: In order to set up SPAN-based recording, it is necessary to use a Unified Computing System (UCS) C-Series server or the configuration is unsupported. In addition, Cisco Catalyst 2950 and 3650 Series Switches and earlier are not supported based on the Solutions Referenced Network Design (SRND) because they do not support ingress SPAN.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

  • UCCX Version 8 or later
  • Cisco IOS® switch configuration
  • VMware configuration

Components Used

The information in this document is based on these software and hardware versions:

  • UCCX Version 8 and later
  • VMware ESXi Version 4.x and later
  • Cisco Catalyst 6500
  • Cisco UCS-C220-M3

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

External Switch Tagging

VMware Configuration

Ensure that your ESXi management network and other server elements are physically separated. In the case of UCCX, a 1:1 mapping is required.

Physical network interface card (NIC) >  Individual vSwitch > Unique Port  Group with only the UCCX server attached. 

Here is an example configuration where there is both a physical and logical separation - vmnic0 is assigned to vSwitch0 for general-purpose virtual machines (VMs) and ESXi management connectivity, while vmnic1 is assigned to vSwitch1 for the UCCX VM.

Catalyst 6500 Switchport Configuration

Interface GigabitEthernet1/1
Description Connection to UCCX VM
Switchport
Switchport mode access
Switchport access vlan 500

Notice that no VLAN tagging is performed at the VMware vSwitch. Two vSwitches with unique Virtual Machine Network Interface Cards (VMNICs) assigned to each are used in order to isolate the ESXi management network as well as the UCCX VM. Also note that the interface on the Catalyst 6500 is configured as an access port, which enables the tagging of VLAN 500.

vSwitch1 Configuration

  • Accept promiscuous mode in security settings.

  • Make sure you only have one VMNIC assigned to this vSwitch. UCCX 8+ does not support NIC teaming.

VM Network 2 Configuration

  • Make sure the VLAN ID is set to None(0).

    Note: If the VLAN ID is set, all other packets from other VLANs will be disregarded and not delivered.



  • Security should inherit promiscuous mode from the switch properties.



  • On the UCCX Cisco Desktop Administrator, verify that Desktop Monitoring is set to DISABLED in the VoIP Monitoring Service.

General Network Considerations

The Catalyst 2950 and 3650 Series Switches and earlier are not supported.

On the physical switch, the destination port that connects the UCS server to the dedicated UCCX VMNIC is in access mode and not trunk. Respectively, the switchport should be configured for UCCX VLAN data traffic.

It is recommended that you create a static Address Resolution Protocol (ARP) entry within the switch for the VLAN of the UCCX server data VLAN as configured for the access VLAN of the individual switch port. 

Note: This is set in the privileged configuration of the switch and not on the switch port level.

Full Switch Configuration

Here is an example of a production switch where the UCS server with UCCX is connected and the monitor configuration for UCCX is addressed in the VLAN 500 network range.

 Gig1/1 is the UCCX interface on VLAN 500
Gig1/2 is the ESXi management network on VLAN 502
All voice traffic is on VLAN 400
Mac address: 0000.aaaa.bbbb is the mac address of the UCCX server.
CONNECTION TO UCCX SERVER

Interface GigabitEthernet1/1
Description Connection to UCCX VM
Switchport
Switchport mode access
Switchport access vlan 500 (VLAN of UCCX server)

CONNECTION TO ESXi MANAGEMENT NETWORK:

Interface GigabitEthernet 1/2
Description Connection to ESXi Management Network
Switchport
Switchport mode access
Switchport access vlan 502 (VLAN of ESXi management network and other VMs)

Static MAC arp entry
Mac-address-table static 0000.aaaa.bbbb vlan 500 interface GigabitEthernet1/1 auto-learn

RSPAN monitor Session:
Monitor session 40 source vlan 400 (vlan of all voice traffic)
Monitor session 40 destination interface gi1/1 ingress learning (interface of UCCX)

Virtual Switch Tagging

Catalyst 6500 Switchport Configuration

interface GigabitEthernet1/25
description ESXi vmnic0 on C-series server
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 15, 500
switchport mode trunk
switchport nonegotiate
spanning-tree portfast edge trunk

VMware Configuration

Note: The VLAN tagging is performed at the vSwitch port group level. The interface on the external switch is in trunk mode, which forwards all packets on VLANs 15 and 500.

In this example, the UCCX VM network adapter is assigned to the UCCX Net port group.

The UCCX Net port group is tagged with VLAN ID 500. vSwitch0 will now perform the VLAN tagging.

Promiscuous mode is configured at the UCCX Net port group as well.

The UCCX Net port group active adapter is also set to use only one adapter and the rest are set to unused.

Notice that the configuration at the port group level overrides the vSwitch global configuration. Changes made only apply to the port group.

The configuration of Local SPAN or Remote SPAN sessions at the upstream level remains the same.

Verify

In order to verify your configurations, you can compare your setup to the previous examples.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Updated: Aug 18, 2014
Document ID: 118160