From owner-freebsd-questions@FreeBSD.ORG  Thu Oct  9 16:16:01 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 346E616A4B3
	for <freebsd-questions@freebsd.org>;
	Thu,  9 Oct 2003 16:16:01 -0700 (PDT)
Received: from dmz2.unixjunkie.com (adsl-65-70-175-250.dsl.rcsntx.swbell.net
	[65.70.175.250])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B0BDE43FAF
	for <freebsd-questions@freebsd.org>;
	Thu,  9 Oct 2003 16:15:54 -0700 (PDT)
	(envelope-from strgout@unixjunkie.com)
Received: from mail.unixjunkie.com (mail [10.253.254.36])
	by dmz2.unixjunkie.com (8.12.8p2/8.12.8) with ESMTP id h99NcJk7022924
	for <freebsd-questions@freebsd.org>;
	Thu, 9 Oct 2003 18:38:19 -0500 (CDT)
	(envelope-from strgout@mail.unixjunkie.com)
Received: from mail.unixjunkie.com (mail [10.253.254.36])
	by mail.unixjunkie.com (8.12.8p2/8.12.8) with ESMTP id h99NcIlf022921
	for <freebsd-questions@freebsd.org>;
	Thu, 9 Oct 2003 18:38:18 -0500 (CDT)
	(envelope-from strgout@mail.unixjunkie.com)
Received: (from strgout@localhost)
	by mail.unixjunkie.com (8.12.8p2/8.12.8/Submit) id h99NcIS0022920
	for freebsd-questions@freebsd.org;
	Thu, 9 Oct 2003 18:38:18 -0500 (CDT)	(envelope-from strgout)
Date: Thu, 9 Oct 2003 18:38:18 -0500
From: John <strgout@unixjunkie.com>
To: freebsd-questions@freebsd.org
Message-ID: <20031009233817.GA22899@mail.unixjunkie.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Subject: snort + trunk + cat6500 + vacls
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2003 23:16:01 -0000

i'm testing out alternatives for using span ports or inline taps and came
across a doc on using vlan acls to capture data and send them to a port for
sniffing. From what i under stand the sniffer port needs to be a trunk port.
What i don't really understand is how freebsd is going to work with the trunk.
Do i need a vlan interface for every vlan in the trunk, or do i only need one
vlan interface to match the native vlan of the trunk?
Also what should i be sniffing? the vlan interface(s) or the real interface?

btw i'm no switch engineer so go easy on me :)

oh, and one more thing.
debug.bpf_bufsize: 4096 <- shold this be increased or will snort overide this 
number?