Date: Thu, 9 Oct 2003 18:38:18 -0500 From: John <strgout@unixjunkie.com> To: freebsd-questions@freebsd.org Subject: snort + trunk + cat6500 + vacls Message-ID: <20031009233817.GA22899@mail.unixjunkie.com>
next in thread | raw e-mail | index | archive | help
i'm testing out alternatives for using span ports or inline taps and came across a doc on using vlan acls to capture data and send them to a port for sniffing. From what i under stand the sniffer port needs to be a trunk port. What i don't really understand is how freebsd is going to work with the trunk. Do i need a vlan interface for every vlan in the trunk, or do i only need one vlan interface to match the native vlan of the trunk? Also what should i be sniffing? the vlan interface(s) or the real interface? btw i'm no switch engineer so go easy on me :) oh, and one more thing. debug.bpf_bufsize: 4096 <- shold this be increased or will snort overide this number?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031009233817.GA22899>