Available for ESXi 5.5 and later.
This feature only captures packets in one direction and defaults to inbound.
You can run a capture on the physical network card, vmkernel, or the virtual switchport of a particular virtual machine.
By default the captured packets are displayed on the terminal. It’s easier if you save the capture and transfer it via SFTP to view via wireshark https://www.wireshark.org/
Enabling SSH on ESXi host
You need to enable SSH on the ESXi host that is managing your VMs. This is done by logging in directly to the ESXi via CIMC or KVM switch:
Access your ESXi host via SSH.
Capturing packets on physical interface, VMkernel, and VM switchport:
Confirm the virtual port number & client name of the device you wish to run the capture on:
Command: net-stats –l
If you wish to run a packet capture on vmk0 and export the output to a file named CAPTURE.pcap in the /tmp/ directory of your host:
Command: pktcap-uw --vmk vmk0 -o /tmp/CAPTURE.pcap
*Notice how as I press enter the number of packets increases from 35 >> 41 >> 48 >> and finally 55.
To cancel the capture I press: Ctrl + c
If you wish to run a packet capture on vmnic3 and export the output to a file named Capture.pcap in the /tmp/ directory of your host:
Command: pktcap-uw --uplink vmnic3 -o /tmp/CAPTURE.pcap
If you wish to run a packet capture on one of your virtual machines and export the output to a file named Capture.pcap in the /tmp/ directory of your host:
Command: pktcap-uw --switchport <switchportnumber > -o /tmp/CAPTURE.pcap
Exporting captures to an SFTP server:
Now we need to export CAPTURE.pcap to an external SFTP server for easy viewing via WIRESHARK. I’m using an SFTP on Ubuntu, but you can use any SFTP you would like.
Log into the SFTP server.
Run the command: sftp <esxi-user-ID>@<ESXi-IP-Address> . For example in my case it will be: sftp firstname.lastname@example.org
Run the command: get /tmp/CAPTURE .pcap
At this point you should have been able to download the capture to your SFTP:
Changing from the default inbound to outbound direction:
It’s very important to remember that this feature only captures traffic one way. Up until this point we have been capturing traffic in the default inbound direction. To Capture packets on the outbound direction:
Command: --dir 1
pktcap-uw --vmk vmk0 --dir 1 -o /tmp/CAPTURE.pcap
pktcap-uw --uplink vmnic3 --dir 1 -o /tmp/CAPTURE.pcap
pktcap-uw --switchport 50331657 --dir 1 -o /tmp/CAPTURE.pcap
... View more
Hello everyone, I had this same issue. To fix please do the following: Boot-order will look something like this: - Option # 1 EFI shell - Option #2 Virtual CD drive - Option #5 HDD. Make HDD option #1 and rebooted the server. After doing this, the ESXi will load without any issues. to access the BIOS you're going to need to hit F6 or F2 and the system might prompt you to create a password.
... View more
How does it work? The branch Gateway downloads a music file from a TFTP server into its flash memory & references the file every time a local IP phone request MOH services. This configuration can be helpful in the following scenarios: If you have a multi-site organization with centralized call processing & you want to avoid having branch locations get their MOH audio over the WAN. If you have a multi-site organization with centralized call processing & you want to maintain a MOH service even if connection to the central site servers has gone down. (SRST). Configuration Steps: **Assuming everything has been properly configured in the CUCM MOH server for multicast MOH, we are going to focus on the Router/Gateway configuration. This scenario is going to be for a .wav file that will be stored in the routers flash. 1. Go to the interface that connects the phones to the router (Usually the internal GW interface) and input “ip pim sparse-dense-mode”: GW(config)#interface gig0/1 GW(Config-if)#ip address 192.168.1.1 255.255.255.0 GW(Config-if)#no shut GW(Config-if)#ip pim sparse-dense-mode 2. Enable IP Multicast routing & ccm-manager music-on-hold in global configuration: GW(Config)#ip multicast-routing GW(Config)#ccm-manager music-on-hold 3. Go to your TFTP server & input the music file that you will be using as MOH. It’s very important that you make the audio file .wav. Also make the audio format PCM 8 bit, 8KHz, mono sampling; so that you don’t have any problems with sound quality. The audio format can be edited using windows XP’s “Sound Recorder”. All you have to do is click on File -> properties -> convert now -> & choose the correct settings you need to edit. 4. Once you placed a .wav file in the TFTP server you need to upload the file to the GW flash memory. To do this you need to input the following commands: GW# Copy tftp: flash: Address or name of remote host? 192.168.1.254 Source filename ? Holdmusic.wav Destination filename [Holdmusic.wav]? -enter- 5. Now that the .wav file was downloaded to flash, enable the call-manager-fallback settings: GW(Config)#call-manager-fallback GW(Config-cm-fallback)#ip source-address 192.168.1.1 GW(Config-cm-fallback)#max-ephones <1-100> GW(Config-cm-fallback)#max-dn <1-288> dual-line GW(Config-cm-fallback)#moh holdmusic.wav GW(Config-cm-fallback)#multicast moh 220.127.116.11 port 16384 route 192.168.1.1 This last command should include the IP address of all the interfaces streaming multicast MOH. It’s also important to point out that the MOH ip address and port number should match what’s configured in the centralized MOH server; under multi-cast Audio Source Information. 6. Once you’re done with the configuration, you can go to the CUCM central MOH server and set the hop count to 1. This is a great way to assure your MOH stream is coming from the router and not the centralized server. You could also enable web access from the phone configuration page in CUCM & input the “holdee” IP address in a web browser to confirm what MOH source is streaming the audio. 7. A Few great commands to help you troubleshoot issues include: Show ccm-manager music-on-hold Show ip mroute Show ip multicast interface Show ephone moh Debug ephone moh Helpful links: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cusrst/admin/sccp_sip_srst/configuration/guide/SCCP_and_SIP_SRST_Admin_Guide/srst_appendix_b_.html https://supportforums.cisco.com/discussion/10207446/moh-router-flash https://supportforums.cisco.com/document/68401/procedure-allocate-ip-address-and-port-srst-multicast-moh
... View more
Sometimes, you may want to change the NTP source of your Cisco Unified Communications Manager. Here’s some information that might help with the procedure. To view your current NTP configuration: To test NTP reachability, clock drift & stratum: Notice that the NTP status command shows 192.168.213.140 as my only NTP reference. If you wanted to add a new NTP reference you could use the command “utils ntp server add X.X.X.X”. Before adding the new NTP reference, you might want to make sure you can reach the device first: Once you confirmed connectivity, you can proceed: “utils ntp server add X.X.X.X” Furthermore, if you want to delete the old NTP reference for whatever reason: “utils ntp server delete” Once you’re ready to go; you can manually restart the NTP service: Notice the old reference is now gone, and we only have 1 NTP server with an IP address of 192.168.201.52: After doing these changes, you might have to log into the CUCM admin page and specify a new NTP reference for your Date/Time Groups: Go to CUCM administration page >> System >> Phone NTP reference >> Add New: Once you have that covered go to System >>Date/Time Group >> Choose your DTG >> Add Phone NTP reference: At this point you can add the new NTP server and remove any NTP servers you will no longer need. ***VERY IMPORTANT*** Changing the NTP server in the Date/Time Group will reset all the devices in the Device Pools associated to the Date/time group in question. If you are using a CUCM version 8.6+ and the environment is virtualized, you will get a message on your Admin home page letting you know you’re running on a trail period. This is expected. Please contact TAC at www.cisco.com or call 1800-553-2447 to have a license re-host for your virtual MAC. Useful Documents/information: Administration guide for CUCM 8.6 / NTP settings: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/cucos/8_6_1/cucos/osg_861_cm/iptpch4.html#wp1053371 Issue with Time Synchronization on Cisco Unified Communications Manager with Network Time Protocol Server – last updated 2010 http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-60/111973-ntp-sync.html CUCM NTP Command line reference for CUCM 8.6: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/cli_ref/8_6_1/cli_ref_861.html#pgfId-42375 CUCM NTP Command line reference for CUCM 10.X: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/cli_ref/10_5_2/CUCM_BK_CA8D6D40_00_cucm-cli-reference-guide-1052/CUCM_BK_CA8D6D40_00_cucm-cli-reference-guide-1052_chapter_01001.html#d3795e7869a1635 Settings that could affect your Virtual License MAC CUCM 8.X:
... View more
Hello Ryan, I'm sorry to hear about the hard time you're having. Unfortunately the goal you are trying to accomplish isn't feasible without some type of call control server (CUCM). The Cisco ATA isn't an intelligent device. Its main goal is to transfer Analog to VoIP signaling between devices. It needs to register to a call processing server and receive instructions. For more information on how the ATA works: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cata/190/1_0/english/administration/guide/sip/ATA190/a190_ag2str.html Thanks, Luis Esquivel
... View more
STCAPP STCAPP feature allows CUCM to control analog phones through FXS ports in a Voice Gateway. This is done using SCCP protocol, so at the end, the analog port (FXS) will register to the CUCM server. Prerequisites Cisco IOS 12.3(11)T or later in Voice Gateway Cisco Unified Communications Manager 4.2 or later At least 1 FXS port & available DSP’s for voice conversion Voice Gateway Configuration First we need to configure SCCP on the Voice GW: Select the interface that points to the CUCM where the analog phone will be registering to: Router(config)# sccp local FastEthernet0/0 Point the VG to the IP address of the CUCM. Configure different CUCM servers with different identifier numbers and select the appropriate CUCM version: Router(config)# sccp ccm 10.8.1.2 identifier 10 version 7.0+ Enable SCCP protocol on the router: Router(config)# sccp Create a CCM group with its identifier number (Range 1 to 50): Router(config)# sccp ccm group 1 Within the CCM group, associate the CUCM server ID in order of priority: Router(config-sccp-ccm)# associate ccm 10 priority 1 Here is an example of the configuration with 3 CUCM servers: sccp local loopback0 sccp ccm 192.168.100.10 identifier 10 version 7.0+ sccp ccm 192.168.100.11 identifier 11 version 7.0+ sccp ccm 192.168.100.12 identifier 12 version 7.0+ sccp ! sccp ccm group 1 associate ccm 10 priority 1 associate ccm 11 priority 2 associate ccm 12 priority 3 Now we’re going to enable the STC Application for Analog FXS ports. Associate the STC Application with the CCM-group that controls calls & features: Router(config)# stcapp ccm-group 1 Enable the STC Application: Router(config)# stcapp Configure a dial-peer for the voice port and activate STCAPP: Router(config)#dial-peer voice 1 pots Router(config-dial-peer)#service stcapp Router(config-dial-peer)#port 0/1/0 Enable caller ID for that voice port Router(config)#voice-port 0/1/0 Router(config-voice-port)# caller-id enable Here is an example of the configuration for voice port 0/3/0: stcapp ccm-group 1 stcapp ! voice-port 0/3/0 caller-id enable ! dial-peer voice 1 pots service stcapp port 0/3/0 CUCM Configuration 1. Add a new gateway in CUCM administration page: Select Voice Gateway type you are using from the drop down menu Select SCCP from the protocol drop down menu In the next screen, fill the requested MAC address. In this field use the last 10 Digits of your MAC address (To find the MAC address of the VG, use the ‘show interface’ command – make sure to use the interface selected as source in the VG configuration) Select the call manager group from the drop down menu (that matches the CUCM servers and order configured in the VG configuration) Select the correct modules and find the appropriate sub-units in the drop down menu. This configuration will change for each VG being used (you can run the ‘show diag’ output from the gateway to figure this out). For example, select 24 FXS SCCP if you are using a VG224 gateway. * Note how the actual gateway name will display SKIGW along with the 10-digit MAC address 2. Finally, add and register the FXS voice ports From the gateway just added, select the port that you want to configure Select the Device Pool, calling search space, Device Security profile and all other settings as required Add new DN on Line 1 – Enter your Directory number Change maximum number of calls to 2 at the bottom of the page if needed (this is also required for call transfer, conference, etc) Repeat these steps for each port you want to configure. At the end go back to your Gateway page and apply config – now you can go to the port and you should confirm that the port is registered with your primary call manager IP address * Note how the actual FXS endpoint names automatically takes the GW MAC address Important things to keep in mind: The CUCM gateway configuration will vary depending on the Router being used No additional dial peers are needed to establish the connection The Voice gateway might also have other analog/digital ports being used for other voice protocols. This means the VG can be also configured for H323, MGCP or SIP. References: http://www.cisco.com/c/en/us/td/docs/ios/voice/fxs/configuration/guide/15_0/fxs_15_0_cg/fxsbasic.html#wpxref30700 http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/vcr4/vcr4-cr-book/vcr-s12.html#wp3900630153 http://www.cisco.com/c/en/us/td/docs/ios/voice/fxs/configuration/guide/15_0/fxs_15_0_cg/fxssccpsplmft.html#wpmkr1087297
... View more
FAC Forced Authorization Code. This allows an administrator to regulate the types of calls certain users can place by forcing the user to enter a valid authorization code before completing the call. CMC Client Matter Codes. CMC assist with call accounting & billing for billable clients. Like FAC; CMC requires the user to enter a code, but in this case it meets a tracking purpose & not a security purpose. You have the ability as an administrator to assign client matter codes to different populations like students, teachers & administration; or Sales, HR & customer service; all with the goal of keeping track of call accounting & billing. Keep in mind: CMC & FAC codes require you to make changes in the route patterns & update your dialing plans to reflect that you enabled these features. H.323 Gateways do not support FAC/CMC because these gateways cannot play tones. Cisco IP soft phones cannot play tones. If a user is dialing from a soft phone; he/she can wait 2 seconds after dialing a number & enter the code needed to complete the call. No order tone will be herd. After entering the FAC/CMC you can skip the T.302 timer by pressing the # key. If you press redial or have a number assigned to a speed dial, CMC/FAC codes will not be remembered by CUCM; so you will be forced to enter the authorization code. CMC information will be stored in Call Detail Records Analysis & Reporting (CAR) files. These can be used to run reports on CMC data. Prerequisites: CUCM version 5.0 & above. Configuration Steps: Let’s start with Client Matter Codes. To add a CMC choose Call Routing -> Client Matter Codes - > Add New. Enter the CMC you wish to use (no more than 16 digits) & provide a description (no more than 50 characters). When done; click “save”. Now we need to enable client matter codes for route patterns. To add a route pattern choose Call Routing -> Route/Hunt -> Route Pattern. After including the correct Route pattern; make sure you check off the “Require Client Code” box. When finished, click “save”. ** You can repeat this step for all the route patterns that require a CMC. If this configuration is successful; you will hear 2 sudden beep sounds & see a prompt: “Enter Client Matter Code” reflected on the IP phone. Now let’s continue with FAC. To add a FAC you need to go to Call Routing -> Forced Authorization Codes -> Add New. Enter the following information: FAC name = no more than 50 characters. Must be unique Authorization code = no more than 16 digits. Must be unique Authorization level = authorization level that exists within a range of 0-255. To successfully route a call, the user authorization level must be equal to or greater than the required authorization level that is specified for the route pattern. When finished, click “save”. Now let’s head back to the CUCM for some finishing touches. CUCM -> Call Routing -> Route/Hunt -> Route Pattern. After including the correct Route pattern, make sure you check off the “Require Forced Authorization code” & include an authorization code according to the FACs already created. ** You can repeat this step for all the route patterns that require a FAC. If this configuration is successful; you will hear 2 sudden beep sounds & see a prompt: “Enter Forced Authorization Code” reflected on the IP phone. Final Steps: After your configuration is finished & properly working; make sure you inform all employees of how to use the CMC & FAC. To avoid issues, make sure CMC & FAC router patterns don’t overlap. Remember that a route pattern can have both CMC & FAC. References: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/7_1_2/ccmfeat/fsgd-712-cm/fsfaccmc.html#wpxref15243 http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/bccm-712-cm/b03cmc.html http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/bccm-712-cm/b03fac.html
... View more
Hey Mike, Great Question. This bug has actually already been fixed. The fixed release 9.2(3)SR1 is only available through TAC. You would have to open a case via phone or visit cisco.com. Other known Bugs that you could ask TAC about are: CSCtz22064 - ATA-187 hear Ring Back Tone with Directed Call Park unexpectedly CSCtq85079 - ATA187 will crash if port2 keeps tftp downloading CSCua01061 - ATA187 reset when there're mutiple ARP Reply CSCua51467 - ATA187 memory leak CSCty43474 - ATA 187 Allows telnet access on port 32000 CSCtz67038 - Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability CSCub39248 - ATA 187 is not obtaining IP address from VLAN configured on its Eth port CSCuc82525 - ATA187 units requires a reload to regain connectivity to CUCM CSCuc14110 - ATA187 Sends empty SIP packet causing SIP ALG problems CSCud88926 - ATA 187 provides its uptime instead of local time to analog phones. CSCud74510 - Non secure ATA 187 not registering to SRST, if secure SRST checked CSCuh49249 - ATA-187 Crashes in SRST mode when called via ISDN BRI CSCuj59548 - ATA 187 don't honor configured Renewal(T1) I hope this helps!
... View more