Encapsulated Remote Switched Port Analyzer (ERSPAN)

ERSPAN allows mirroring of packets across a Layer 3 network. Using ERSPAN, you can encapsulate monitored traffic and send it to an analysis station not directly connected to the switch.

ERSPAN encapsulates mirrored packets using GRE with IP delivery. After a packet has been encapsulated, it is forwarded throughout the Layer 3-routed network across a special Layer 3 tunnel. The data section contains the original mirrored packet.

With ERSPAN, port mirroring, from any port to any port, is enabled regardless of the port type and the modularity of the device.

The following figure shows a typical ERSPAN data flow. In the figure, traffic going into and out of the monitor port (in this case, traffic between Host 2 and Host 3) is also sent to Host 1, across the ERSPAN tunnel.

Figure 2  ERSPAN data flow

The monitored traffic can be configured to all possible directions of the monitor port. You can configure ingress traffic only, egress traffic only, or both ingress and egress traffic.

ERSPAN is available only in Layer 3.

ERSPAN configuration steps

You must complete the following tasks to enable ERSPAN:
  • Configure the ERSPAN profile.
  • Configure the monitor port.
Parent topic: Port Mirroring and Monitoring