cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
880
Views
0
Helpful
1
Replies
Highlighted
Beginner

RSPAN over MPLS to IDS (Alienvault)

So I'm probably in over my head but I'm curious about the technical possibility of using RSPAN to mirror a particular vlan from one of my remote sites and sent it over RSPAN to a switch a our headquarters. I'm aware of the ramifications of saturating the MPLS link but I was curious if this was possible?

 

I was reading up on it and some were mentioning the need for tunnels and some said so long as the RSPAN vlan is included in the trunk all should be good. There was also mention that so long as the MPLS vlan is not routed and the same in all switches it should be functionally possible.

 

Would love to hear some thoughts!!

 

Everyone's tags (5)
1 REPLY 1
Enthusiast

Re: RSPAN over MPLS to IDS (Alienvault)

RSPAN is layer 2 (so you have to transport the L2 VLAN over L3 MPLS).

Have you looked at ERSPAN which uses GRE encapsulation?

I have used ERSPAN to AlienVault VM since I was not able to RSPAN at layer 2 to UCS...

We ran into an issue at some point when AlienVault moved from Snort to Suricata but the support fixed it.

Patrick

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here