Configuring monitor port for passive recording

Owned by Kiss, Mate
May 24, 2022
4 min read

For network monitoring based call recording the recorder needs a mirror copy of the network traffic that includes the VoIP calls.

Monitor port on a switch

In order to aggregate VoIP call traffic into one port, a monitor has to be configured on the switch facility. The Switch Port Analyzer (SPAN) feature was introduced on switches because of a fundamental difference they have with hubs. After a switch boots up, it will start to build up a Layer 2 forwarding table based upon the source MAC address of the different packets received. Once this forwarding table has been built, the switch forwards traffic destined for a MAC address directly to the corresponding sport.

In this above diagram, Verba is attached to a port that is configured to receive a copy of every single packet that is sent by host A. This port is called a SPAN port.

More information on the Cisco site

You can find more information about configuring and using monitor ports in Cisco switching environment, please read the following documentation's:

Port Monitoring

http://www.cisco.com/en/US/tech/tk389/tk816/tsd_technology_support_protocol_home.html

Configuring SPAN on Catalyst 5000

http://www.cisco.com/en/US/docs/switches/lan/catalyst5000/catos/5.x/configuration/guide/span.html

Configuring SPAN and RSPAN on Catalyst 4000 Running Hybrid Mode

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/18ew/configuration/guide/span.html

Configuring SPAN and RSPAN on Catalyst 3550

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/configuration/guide/swspan.html

Configuring SPAN and RSPAN on Catalyst 2950

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22ea/SCG/swspan.html

Configuring SPAN on Catalyst 2900XL/3500XL

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml#topic1

Configuration example

In the following example we provide a short description about setting up a monitor port on a Cisco Catalyst 3524-XL-PWR switch.

You can use SPAN to monitor traffic on a given port by forwarding incoming and outgoing traffic on the port to another port in the same VLAN. A SPAN port cannot monitor ports in a different VLAN, and a SPAN port must be a static-access port. You can define any number of ports as SPAN ports, and any combination of ports can be monitored:

Step 1 - Connect your computer to the switch (through the LAN or the console port).

Step 2 - configure terminal

Enter global configuration mode.

Step 3 - interface FastEthernet 0/24

Enter interface configuration mode, and enter the port that acts as the monitor port.

Step 4 - port monitor FastEthernet 0/1

Enable port monitoring on the desired port.

Step 5 - Repeat Step 4. until you configured all VoIP ports.

Step 6 - end

Return to privileged EXEC mode.

Step 7 - show running-config

Verify your entries.

Step 8 - copy running-config startup-config

Copy running configuration to startup configuration.

For more information, please ask your switch manufacturer or your system integrator/distributor.

Monitor port on an IP phone (Verba Desktop configuration)

In order to aggregate VoIP call traffic into one port in a Verba Desktop environment, we can configure the PC to monitor voice traffic through the 10/100 Ethernet port of the IP phone which is connected to the desktop computer.

In the above diagram, Verba is attached to the 10/100 Ethernet port of the IP phone. All voice traffic is monitored directly on the IP phone PC port.

Below Unified Communications Manager 3.3(3) versions, voice traffic is automatically forwarded to the PC port. From 3.3(3) version onward you can forbid voice traffic monitoring on the PC port. You are able to configure this option for every phone through the Unified Communications Manager administration interface:

PC Voice VLAN Access,

Which indicates whether the phone will allow a device attached to the PC port to access the Voice VLAN. Disabling Voice VLAN Access will prevent the attached PC from sending and receiving data on the Voice VLAN. It will also prevent the PC from receiving data sent and received by the phone. You Must set this setting to be able to use Verba Desktop Edition for call recording.

(Deprecated) Monitoring through a hub

This option is deprecated and not recommended in production environments. It is documented here to just cover all available technologies.

When IP phones connected through a hub, there is no special configuration task in order to aggregate call traffic, because when a hub receives a packet on one port, it will send out a copy of that packet on all ports except on the one where it was received. So you can simply connect Verba server to a hub port, and all VoIP traffic will appear on Verba recording interface.

For example, if you want to capture Ethernet traffic sent by host A to host B and both are connected to a hub, just attach Verba to this hub as all other ports see the traffic between host A and B.