1

All my IP phones connected to 5 switches grouped into a VLAN that only carries voice traffic. (Voice VLAN). I also have more 10 VLANS shared in our switches.thru VTP domain

SPAN is configured on the top switch to use Voice VLAN as the source of network traffic. Any voice traffic sent or received by a port that is part of Voice VLAN that traverses the top switch will be copied and sent to the SPAN destination port.

It is captured only if the phone is sending packets that hit the top switch. This is also the case if the phone on the bottom switch was on a call with an IP phone connected to the top switch. It also works if the phone on the bottom switch is sending packets through the top switch to a connected gateway.

My question is:

The SPAN Port didn't capture only the calls between 2 IP phones @ the same switch.

All my switches are Cisco 3560

Dave M
  • 4,514
  • 22
  • 31
  • 30
shawish
  • 23
  • 3
  • Why do you need to capture all the VoIP traffic? Do you need to record all call for legal purposes or is this just for debugging purposes? – jcollie May 18 '11 at 21:34
  • Are you expecting the spanned port to capture traffic between phones on a different switch even though the traffic is not traversing the top switch? – blankabout May 18 '11 at 21:36
  • its our company policy..... all the calls between any switches will recorded – shawish May 18 '11 at 22:07

2 Answers2

2

To satisfy your requirements, you'll likely need to disable SIP reinvite (or whatever the equivalent is for your VoIP system) to force all traffic through the VoIP softswitch. Then just make sure you're monitoring the switch port that uplinks to your VoIP softswitch and you'll be able to record all calls.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • as we checked through our the recording software application when any calls done between the 2 IP phones @ the same switch we can saw the signaling traffic only without the voice traffic. but if the calls done through any different switches' the software can record that call – shawish May 18 '11 at 22:31
  • 1
    I understand that. By disabling SIP reinvite, the RTP path is forced through your VoIP system instead of going direct from phone-to-phone. Short of doing that, you'll either need a SPAN port on each switch or you'll need switches that support RSPAN. – EEAA May 18 '11 at 22:32
0

Is the links between your switches a trunk? Perhaps you just need just need to enable mirroring of encapsulated traffic.

I.e.:

monitor session 1 destination interface gigabitethernet0/48 encapsulation replicate

HampusLi
  • 3,478
  • 17
  • 14