Date: Mon, 01 Jul 2002 21:24:28 +0400 From: "Dmitry S. Rzhavin" <dima@rt.ru> To: mike.jablonski@abnamrousa.com, security@FreeBSD.ORG Subject: Re: snort + vlans Message-ID: <3D20904C.8AF8703C@rt.ru> References: <072290CFDAAC1F4A8A5853B20A9ADF4A2B0EB0@MES3>
next in thread | previous in thread | raw e-mail | index | archive | help
mike.jablonski@abnamrousa.com wrote: > > you need to enable the span port feature. > Sorry, seems my explain was too bad. I have internal FW. It is connected to cat2924 with xl0 at 100Mbit. Switch port is in trunk mode. there is 2 vlans on xl0: vlan0 and vlan1. There is no ip on xl0. My defaultouter (cisco 26XX) is in vlan0 (trunk too). My office subnet is on vlan1 (all office hosts configured as vlan 1 on switch). So, my box works as router+FW between vlan0 and vlan1. Now it works. So, I want to setup snort to detect attacks. What iface (xl0, vlan0, or what) shall I bind snort (snort -i flag) to make it analyze both internal and external traffic? Another question is: cisco detects vlans with vtp protocol. Does FreeBSD supports it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D20904C.8AF8703C>