cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1458
Views
0
Helpful
1
Replies
whickwire
Beginner

RSPAN over MPLS to IDS (Alienvault)

So I'm probably in over my head but I'm curious about the technical possibility of using RSPAN to mirror a particular vlan from one of my remote sites and sent it over RSPAN to a switch a our headquarters. I'm aware of the ramifications of saturating the MPLS link but I was curious if this was possible?

 

I was reading up on it and some were mentioning the need for tunnels and some said so long as the RSPAN vlan is included in the trunk all should be good. There was also mention that so long as the MPLS vlan is not routed and the same in all switches it should be functionally possible.

 

Would love to hear some thoughts!!

 

1 REPLY 1
Patrick Moubarak
Enthusiast

RSPAN is layer 2 (so you have to transport the L2 VLAN over L3 MPLS).

Have you looked at ERSPAN which uses GRE encapsulation?

I have used ERSPAN to AlienVault VM since I was not able to RSPAN at layer 2 to UCS...

We ran into an issue at some point when AlienVault moved from Snort to Suricata but the support fixed it.

Patrick

Content for Community-Ad