The Encapsulated Remote Port Analyzer (ERSPAN) feature allows port-mirroring collection points to be located anywhere across a routed network. This is achieved by encapsulating L2 mirrored packets using GRE with IP delivery. After a packet has been encapsulated, it can be forwarded throughout the L3-routed network.
ERSPAN uses a GRE tunnel to carry traffic between switches. ERSPAN consists of an ERSPAN source session, an ERSPAN destination session, and routable ERSPAN GRE-encapsulated traffic. All participating switches must be connected at Layer 3, and the network path must support the size of the ERSPAN traffic for the egress mirroring session.
To configure the source ERSPAN session, the following parameters should be configured at the source switch:
- Source ports (i.e. the traffic on this port is mirrored)
- ERSPAN destination IPv4 address
- ERSPAN origin IPv4 address
- ERSPAN session ID
- TX/RX
To configure the destination ERSPAN session, the following parameters should be configured at the destination switch:
- ERSPAN destination IPv4 address (as source)
- ERSPAN session ID
- Probe port
