04-08-2015 10:26 AM - edited 03-05-2019 01:11 AM
I wanted to know if it is normal that all traffic on my network this through all trunk ports of switches
I set a sniffer and a switch connected without any connection trunk only to validate, the sniffer see that you are getting all network traffic through the trunk.
What can be causing this behavior and what considerations should be taken apart filtering vlans?
Regards.
04-08-2015 11:18 AM
You can allow only a given vlan to traverse over a trunk to specific segment or a switch, so that it will reduce the broadcast and reduce unwanted noise traversing over that particular trunk to a particular switch.
04-08-2015 04:13 PM
Now I might have misunderstood your concern but I'll give it a shot:
Trunks carry traffic for multiple vlans and with no filtering in place they carry traffic for all vlans configured, normally you will see broadcasts e.g. DHCP or ARP requests going through all the trunk ports on a switch (that are not STP Blocking). This is normal behaviour.
However if your sniffer is picking up a lot of packets that are meant for unicast destinations going out all trunk ports and also being captured by your sniffer over some time, then could be something else. CAM Overflows result in the switch flooding packets out all ports that are in the same vlan and out all trunk ports on which the vlan is allowed. This would result in the behaviour you observed. you can use the show mac address-table count to verify mac address space.
Hope this helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide