Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1912
Views
0
Helpful
1
Replies

RSPAN over MPLS to IDS (Alienvault)

whickwire
Level 1
Level 1

‎10-20-2017 07:24 AM - edited ‎02-21-2020 06:32 AM

So I'm probably in over my head but I'm curious about the technical possibility of using RSPAN to mirror a particular vlan from one of my remote sites and sent it over RSPAN to a switch a our headquarters. I'm aware of the ramifications of saturating the MPLS link but I was curious if this was possible?

 

I was reading up on it and some were mentioning the need for tunnels and some said so long as the RSPAN vlan is included in the trunk all should be good. There was also mention that so long as the MPLS vlan is not routed and the same in all switches it should be functionally possible.

 

Would love to hear some thoughts!!

 

Labels:
0 Helpful
1 Reply 1

Patrick Moubarak
Level 4
Level 4

‎11-01-2017 07:32 PM

RSPAN is layer 2 (so you have to transport the L2 VLAN over L3 MPLS).

Have you looked at ERSPAN which uses GRE encapsulation?

I have used ERSPAN to AlienVault VM since I was not able to RSPAN at layer 2 to UCS...

We ran into an issue at some point when AlienVault moved from Snort to Suricata but the support fixed it.

Patrick

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card