I have been asked to set up our network to allow a VOIP monitoring server capture all voice traffic going on in our call center.

All of our closet switches are 2950s and 2960s.  All link back via dedicated fiber runs to a 4500.

On our office network, the [default] vlan is used for everyday access and vlan 15 is configured as the voice vlan.  All relevant endpoint ports are configured with "voice vlan 15".  Therefore, the PCs and phones in the support center are plugged into the same port, wtih the phones using 15 and the PCs daisy-chained off the phones using [default].

All fiber links between the switches are configured as trunks to carry traffic for our various vlans.  Our phone server is connected to the 4500, with those ports configured as "access vlan 15."

As I said, I have been asked to capture all traffic in the support center's phones.  To do this, I was planning to use a monitor session to mirror vlan 15's traffic to a monitor destination port that will go back to the monitoring server's monitoring port.  I know from past experience that this scheme works.

However, from a security perspective, I have been asked to ensure that only traffic from the call center phones is capable of being captured by this server.

The call center is run from a dedicated 2960, it's name is sw4.

My question is, will a monitor session on sw4 run against vlan 15 also pick up vlan 15 traffic going on between the other switches, since trunks that carry 15 connect everything together?  I would think not, but I wanted to make sure.   I would expect that the only time traffic is going to be present on sw4 over vlan 15 is if it is going either between two phones on that switch on vlan 15, or between the call center phones and some other ports somewhere else on vlan 15, but not a phone on another switch and the phone system or between two phones on other switches.

Am I correct in that expectation?