Spanning Tree

Unanswered Question
Apr 29th, 2008
User Badges:

When a port is in Blocking Mode what traffic is permitted? All documentations states network Management traffic. But I pulled a trace today and I see DNS resolutions, ICMP ping replies and TCP traffic. Is this normal? I ask because I have spanning tree running connecting 2 switches together. Between the switches are IPS devices. We use spanning tree to act as our failover method. But I am seeing alerts pop up on my backup IPS device. I was under the impression no traffic should be entering that device except for the occasional BPDUs sent between the switch. Any help would be great been working on this for 2 months. Below is a diagram showing the switch port mode and how the IPS are inline.

(switch1)FWD------IPS-A----- FWD(switch2)


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mlund Wed, 04/30/2008 - 00:46
User Badges:
  • Silver, 250 points or more


Switch2BLK means it will only transmit BPDU and will only receive BPDU, ( actually it can receive whatever traffic but all traffic will be dropped, exept for the BPDU:s).

Switch1FWD means it will forward all traffic that is normally flooded,like broadcast, maybe multicast depending on configurations, multicast in range, and unknown unicast destination.

If you see other traffic like ICMP ping replies the source and destination mac-address should be known. Look in switch1 to see what mac-address-table looks like for the traffic you traced



This Discussion