Spanning Tree

Unanswered Question
Apr 29th, 2008

When a port is in Blocking Mode what traffic is permitted? All documentations states network Management traffic. But I pulled a trace today and I see DNS resolutions, ICMP ping replies and TCP traffic. Is this normal? I ask because I have spanning tree running connecting 2 switches together. Between the switches are IPS devices. We use spanning tree to act as our failover method. But I am seeing alerts pop up on my backup IPS device. I was under the impression no traffic should be entering that device except for the occasional BPDUs sent between the switch. Any help would be great been working on this for 2 months. Below is a diagram showing the switch port mode and how the IPS are inline.

(switch1)FWD------IPS-A----- FWD(switch2)

(Switch1)FWD-----IPS-B------BLK(switch2)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mlund Wed, 04/30/2008 - 00:46

Hi

Switch2BLK means it will only transmit BPDU and will only receive BPDU, ( actually it can receive whatever traffic but all traffic will be dropped, exept for the BPDU:s).

Switch1FWD means it will forward all traffic that is normally flooded,like broadcast, maybe multicast depending on configurations, multicast in 224.0.0.0-255 range, and unknown unicast destination.

If you see other traffic like ICMP ping replies the source and destination mac-address should be known. Look in switch1 to see what mac-address-table looks like for the traffic you traced

/Mikael

Actions

This Discussion