When a port is in Blocking Mode what traffic is permitted? All documentations states network Management traffic. But I pulled a trace today and I see DNS resolutions, ICMP ping replies and TCP traffic. Is this normal? I ask because I have spanning tree running connecting 2 switches together. Between the switches are IPS devices. We use spanning tree to act as our failover method. But I am seeing alerts pop up on my backup IPS device. I was under the impression no traffic should be entering that device except for the occasional BPDUs sent between the switch. Any help would be great been working on this for 2 months. Below is a diagram showing the switch port mode and how the IPS are inline.