This document descibes the two different methods to implement Switched Port Analyzer (SPAN)-based Silent Monitoring on the Cisco Unified Contact Center Express (UCCX). The first method is to use external switch tagging (EST) and the second method is to use virtual switch tagging (VST). The difference between the two is where the VLAN tagging happens, either on an external switch or a virtual switch. In order to determine this, look at the switch interface configurations as well as the VMware vSwitch configurations.
Note: In order to set up SPAN-based recording, it is necessary to use a Unified Computing System (UCS) C-Series server or the configuration is unsupported. In addition, Cisco Catalyst 2950 and 3650 Series Switches and earlier are not supported based on the Solutions Referenced Network Design (SRND) because they do not support ingress SPAN.
Cisco recommends that you have knowledge of these topics:
UCCX Version 8 or later
Cisco IOS® switch configuration
The information in this document is based on these software and hardware versions:
UCCX Version 8 and later
VMware ESXi Version 4.x and later
Cisco Catalyst 6500
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
External Switch Tagging
Ensure that your ESXi management network and other server elements are physically separated. In the case of UCCX, a 1:1 mapping is required.
Physical network interface card (NIC) > Individual vSwitch > Unique Port Group with only the UCCX server attached.
Here is an example configuration where there is both a physical and logical separation - vmnic0 is assigned to vSwitch0 for general-purpose virtual machines (VMs) and ESXi management connectivity, while vmnic1 is assigned to vSwitch1 for the UCCX VM.
Catalyst 6500 Switchport Configuration
Interface GigabitEthernet1/1 Description Connection to UCCX VM Switchport Switchport mode access Switchport access vlan 500
Notice that no VLAN tagging is performed at the VMware vSwitch. Two vSwitches with unique Virtual Machine Network Interface Cards (VMNICs) assigned to each are used in order to isolate the ESXi management network as well as the UCCX VM. Also note that the interface on the Catalyst 6500 is configured as an access port, which enables the tagging of VLAN 500.
Accept promiscuous mode in security settings.
Make sure you only have one VMNIC assigned to this vSwitch. UCCX 8+ does not support NIC teaming.
VM Network 2 Configuration
Make sure the VLAN ID is set to None(0).
Note: If the VLAN ID is set, all other packets from other VLANs will be disregarded and not delivered.
Security should inherit promiscuous mode from the switch properties.
On the UCCX Cisco Desktop Administrator, verify that Desktop Monitoring is set to DISABLED in the VoIP Monitoring Service.
General Network Considerations
The Catalyst 2950 and 3650 Series Switches and earlier are not supported.
On the physical switch, the destination port that connects the UCS server to the dedicated UCCX VMNIC is in access mode and not trunk. Respectively, the switchport should be configured for UCCX VLAN data traffic.
It is recommended that you create a static Address Resolution Protocol (ARP) entry within the switch for the VLAN of the UCCX server data VLAN as configured for the access VLAN of the individual switch port.
Note: This is set in the privileged configuration of the switch and not on the switch port level.
Full Switch Configuration
Here is an example of a production switch where the UCS server with UCCX is connected and the monitor configuration for UCCX is addressed in the VLAN 500 network range.
Gig1/1 is the UCCX interface on VLAN 500 Gig1/2 is the ESXi management network on VLAN 502 All voice traffic is on VLAN 400 Mac address: 0000.aaaa.bbbb is the mac address of the UCCX server.
CONNECTION TO UCCX SERVER
Interface GigabitEthernet1/1 Description Connection to UCCX VM Switchport Switchport mode access Switchport access vlan 500 (VLAN of UCCX server)
CONNECTION TO ESXi MANAGEMENT NETWORK:
Interface GigabitEthernet 1/2 Description Connection to ESXi Management Network Switchport Switchport mode access Switchport access vlan 502 (VLAN of ESXi management network and other VMs)