Occasionally questions are asked on the Security Onion (SO) mailing list about physical and virtual network configurations for getting network traffic into SO. These questions often have nothing to do with SO itself and everything to do with network architecture issues, such as sensor and tap placement, switch configuration, and virtualization software configuration.
Here is a paper I originally wrote back in April for the Security Onion mailing list to address these issues. It would probably be better as a blog post, but it's a little long for that and transferring the graphics from Word to the blog is a bit of a pain, so I'm leaving it PDF format for now. If anyone spots any errors or finds anything that isn't clear, let me know and I will update the document.
Network Topology Configurations for Security Onion