i'm testing out alternatives for using span ports or inline taps and came across a doc on using vlan acls to capture data and send them to a port for sniffing. From what i under stand the sniffer port needs to be a trunk port. What i don't really understand is how freebsd is going to work with the trunk. Do i need a vlan interface for every vlan in the trunk, or do i only need one vlan interface to match the native vlan of the trunk? Also what should i be sniffing? the vlan interface(s) or the real interface?
btw i'm no switch engineer so go easy on me :) oh, and one more thing. debug.bpf_bufsize: 4096 <- shold this be increased or will snort overide this number? _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
