snort + trunk + cat6500 + vacls

John strgout at unixjunkie.com
Thu Oct 9 16:16:01 PDT 2003


i'm testing out alternatives for using span ports or inline taps and came
across a doc on using vlan acls to capture data and send them to a port for
sniffing. From what i under stand the sniffer port needs to be a trunk port.
What i don't really understand is how freebsd is going to work with the trunk.
Do i need a vlan interface for every vlan in the trunk, or do i only need one
vlan interface to match the native vlan of the trunk?
Also what should i be sniffing? the vlan interface(s) or the real interface?

btw i'm no switch engineer so go easy on me :)

oh, and one more thing.
debug.bpf_bufsize: 4096 <- shold this be increased or will snort overide this 
number?


More information about the freebsd-questions mailing list