Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Trunk port on a Cisco 2960

Hi all,

I have a Cisco 2960, Version 12.2(25)SEE.

Each interface is in trunk mode: a ip-phone (alcatel) and a PC are connected to each interface. And DATA and VOICE are in two different VLAN.

It works fine.

However, I notice today that when I sniff, with Ethereal for example, any port, I see ALL the unicast trafic!

Is it the normal behaviour of a trunk port? Does the switch send by dafault all unicast VLAN trafic to any trunk port configured on it? Even if a host is connected to this trunk interface?

How can I solve this security point?

Thanks you by advance for your help!

Hall of Fame Super Blue

Re: Trunk port on a Cisco 2960

Yes the switch will send all vlan traffic on a trunk port because by default all vlans are allowed on the trunk.

You can restrict the vlans allowed by using the "switchport trunk allowed ..." command under the interface configuration mode. Only allow the respective data and voice on the trunk ports.


New Member

Re: Trunk port on a Cisco 2960


Thanks you for your quickness!

However, you misunderstood me...

here is my problem:

Suppose I have a host, let's say in DATA VLAN. this host is connected to an IP-Phone, let's say This IP-phone is connected to a port of my 2960, Fast0/5 for example.

When I lauch an ethereal on my host, I see ALL trafic, even packets with source IP AND destination IP which are different from

Example on my host, I can see unicast trafic from to for example. I check subnet masks, all are correct.

Exactly as if I have configured a monitor session on my host...

Quite weird!

Any suggestion?

New Member

Re: Trunk port on a Cisco 2960

well if the trunk port is a transit interfaces between the two hosts communicating and you're mirroring all traffic to ethereal then yes, you will see it. if they're connected on the same switch then no you should not. No reason for that traffic to leave that one switch.

Correct me if i miss-understood you.

New Member

Re: Trunk port on a Cisco 2960

Hi Yandy,

The trunk port isn't a transit interfaces between the two hosts communicating. And these two hosts are not connected to this switch...

For an unknown reason, this traffic arrives however to the uplink of the switch. And these trafic is then forwarded to all trunk ports of this switch: that's why I see these trafic when I capture packets on my trunk port...

The more I think about it, the more it seems strange!

New Member

Re: Trunk port on a Cisco 2960

how many users? is it possible for someone to have flooded your mac-address-table on any of those switches, and now your switch is acting pretty much as a HUB? could you be mirroring traffic from those ports and not know? just trying to see why? It is strange. We had a problem like that recently on our network, and thats cause someone decided they wanted to learn security on a production network.. lol


New Member

Re: Trunk port on a Cisco 2960

Seems like a switch problem.

Try to boot the switch with another IOS.

CreatePlease to create content