Yes, use the switchport capture feature. http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/sx_swcg.pdf create the VACL first and then set a switchport as "capture". You can apply the VACL to a WAN interface. Thanks, Jerry