• I have a number of VLANs running trunked thru a dedicated interface. I have snort running on each VLAN so I can customize‚Ķ

    I understand the "permiscuous" nature of Snort in that if Snort is running on the trunk it will alert to traffic on the VLANs.

    Is it best practice to not run snort on the trunk and have it running on the VLAN interfaces?

    Thanks in advance...

    I run Snort on the VLANS and exclude the parent interface, the untagged VLAN on my settup id for LAN management.