Trunk Port/Vlan

Answered Question
Feb 27th, 2009
User Badges:

I've inherited management of a shared fiber line I'm now the only one administrating it…The line consists of 5 3550-12g switches…My issue is one of the line participants has a port going to his private network set up as a dot1q trunk I cannot see what devise he has connected to the fiber line…I would like to know what vlan's are passing across that trunk port he is connected to…I believe the previous administrator gave this participant all the vtp information and this would give him the ability to access other participants vlan's…


Correct Answer by Jon Marshall about 8 years 2 months ago

Well you could SPAN the trunk port out to see what traffic is flowing across but if you know the vlans that the participant should be using i strongly suggest you use the "switchport trunk allowed vlan ... command to limit only those vlans on the link.


That way whether he is honest or dishonest really doesn't make much difference.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jon Marshall Fri, 02/27/2009 - 07:59
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

if you run the command "sh int trunk" on the 3550 switch that has the port running off to the private network it will show you which vlans are allowed on that trunk link.


Jon

sdg2009sdg Fri, 02/27/2009 - 08:39
User Badges:

That command is showing what is allowed and active which would be everything because it's a trunk port with no limitation, what I would like to know is if he is really using a vlan that he should not be…

Say we have 5 vlans

Participant [A] should only use 1-3

Participant [B] should only use 4 and 5

Because Participant [A] has a trunk port with no limitation on it and the VTP name and password he could be accessing Participant [B] vlans

I would like to know before I take any action that Participant [A] is honest or dishonest

How can I tell if he has vlans setup on his private switch for other Participant?


Correct Answer
Jon Marshall Fri, 02/27/2009 - 08:42
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Well you could SPAN the trunk port out to see what traffic is flowing across but if you know the vlans that the participant should be using i strongly suggest you use the "switchport trunk allowed vlan ... command to limit only those vlans on the link.


That way whether he is honest or dishonest really doesn't make much difference.


Jon

Actions

This Discussion