01-04-2025 06:38 AM
I configured Embedded Packet Capture on the following trunk port. The pcap file shows TCP unicast traffic which should not traverse through this port. The IP addresses in the ACL belongs to vlan 636. The neighbour switch connected to Te1/1/14 does not have vlan 636 configured.
Is this expected behaviour for EPC on a trunk port allowing all vlans?
interface TenGigabitEthernet1/1/14
switchport mode trunk
monitor capture parameters
monitor capture mc1 interface TenGigabitEthernet1/1/14 both
monitor capture mc1 access-list acl1
monitor capture mc1 file location bootflash:test.pcap buffer-size 10 size 10
Extended IP access list acl1
10 permit ip 10.10.1.0 0.0.0.255 any
20 permit ip any 10.10.1.0 0.0.0.255
01-04-2025 06:51 AM
I send you PM check it
MHM
01-05-2025 01:53 AM
Is this directly connected access port traffic or these are transit switches?
Could you please run below commands in both switches and see vlan 636 is there or not and allowed in trunk or not.
! check if the vlan is created in both switches
show vlan
! Validate if the vlan is allowed in the trunk or not at both ends
show interfaces trunk
! Validate if you're capturing in the right interface
show cdp nei TenGigabitEthernet1/1/14
! Check the VTP mode of both switches
show vtp status | i Mode
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide