Trunk Port/Vlan

Answered Question
Feb 27th, 2009

I've inherited management of a shared fiber line I'm now the only one administrating it…The line consists of 5 3550-12g switches…My issue is one of the line participants has a port going to his private network set up as a dot1q trunk I cannot see what devise he has connected to the fiber line…I would like to know what vlan's are passing across that trunk port he is connected to…I believe the previous administrator gave this participant all the vtp information and this would give him the ability to access other participants vlan's…

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 10 months ago

Well you could SPAN the trunk port out to see what traffic is flowing across but if you know the vlans that the participant should be using i strongly suggest you use the "switchport trunk allowed vlan ... command to limit only those vlans on the link.

That way whether he is honest or dishonest really doesn't make much difference.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jon Marshall Fri, 02/27/2009 - 07:59

if you run the command "sh int trunk" on the 3550 switch that has the port running off to the private network it will show you which vlans are allowed on that trunk link.

Jon

sdg2009sdg Fri, 02/27/2009 - 08:39

That command is showing what is allowed and active which would be everything because it's a trunk port with no limitation, what I would like to know is if he is really using a vlan that he should not be…

Say we have 5 vlans

Participant [A] should only use 1-3

Participant [B] should only use 4 and 5

Because Participant [A] has a trunk port with no limitation on it and the VTP name and password he could be accessing Participant [B] vlans

I would like to know before I take any action that Participant [A] is honest or dishonest

How can I tell if he has vlans setup on his private switch for other Participant?

Correct Answer
Jon Marshall Fri, 02/27/2009 - 08:42

Well you could SPAN the trunk port out to see what traffic is flowing across but if you know the vlans that the participant should be using i strongly suggest you use the "switchport trunk allowed vlan ... command to limit only those vlans on the link.

That way whether he is honest or dishonest really doesn't make much difference.

Jon

Actions

This Discussion