I hate motorola with a passion.
DUDE! Me too. You have Vanguards? They were very cheap and many people used them when CISCO was high on the hog charging 10 times the ammount. I have 2 still in production. I hate having to do anything with them and good luck working out complicated issues do to lack of documentation. You could make a case that you are a risk from failure and swap them out. I have just been lazy. Although I have a CISCO to replace it I bought on ebay.

When I said any traffic on the T1 link would be on the LAN port I was thinking in terms that each T1 link had a seperate lan port. They are just a bridge really and anything that would be destined for Layer 2 would appear there on the LAN pport in terms of management. Tiger is correct that an ACL will filter traffic desitined to the LAN port. But you can access that LAN port and see what is on the WAN interface through the lan port... because it's already been converted to a higher level. But you wouldn't be able to sniff the actuall interface, just maybe a few errors or something?