06-25-2018 09:28 AM - edited 03-08-2019 03:28 PM
Hi all,
I had a question about SPANNING traffic to a router. I am aware that a router interface doesn't support SPAN, however I'm trying to figure out a way to forward SPAN traffic to a router. I am aware that the router has switch cards, but will RSPAN work from the switch to the router's switch card, then forward the traffic to a routing HWIC card?
Please let me know what is recommending for this.
06-25-2018 10:13 AM
06-25-2018 10:27 AM
06-27-2018 05:32 AM
06-27-2018 07:44 PM
06-28-2018 05:33 AM
Hi Matt,
You can find supported modules below.
The challenge is that the 3800 series platform is not blessed with a large quantity of 1G ports, nor can it effectively service such a rate, an HWIC slot is limited to 400Mbps.
Based on what information you've put forward so far, you'd be best served by installing an Etherswitch Service Module, which is essentially a 3750 switch, wrapped in sheet metal which plugs into the 3800 router.
Unfortunately there is only one module which has 2 x 1G ports, NME-XD-48ES-2S-P, which may prove to be cost prohibitive for the overall solution, depending on your financial environment.
You would place your IDS on one port, and have a port to your switched network.
You should continue to be able to RITE your traffic passing through the router, through the NME backplane connection.
Your options change a bit if your open to changing your IDS location, e.g. must it be connected to the router? Could it connect to the switch?
or
If you replace your router with a newer model, more 1G ports are available is smaller switch modules. (e.g. 3900 and SM-ES3)
Eric
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide