Snort in IPS running on vlan and parent interfaces?

  • I have snort running on my vlans and the vlan parent interface. I suppressed the false alerts in my vlans…the traffic gets problems.

    It is my understanding that snort runs in a "permiscuos" way and will trigger alerts in the parent interface. I have not suppressed anything in the parent interface.

    I am seeing alerts on the parent interface that were triggered by clients on my vlans(e.g. Skype alert)...I am not seeing the alert on my vlan interface.

    I am concerned snort is not blocking appropriately or it is??? Can any one provide any thoughts on how this should alert with vlans? Is there something I should be doing different?


  • I believe snort works on what interface you set it and what rules you apply on those interface.

Log in to reply