Using Catalyst Center, you can set up an Encapsulated Remote Switched Port Analyzer (ERSPAN) configuration such that the IP traffic flow between two entities is copied to a specified destination for monitoring or troubleshooting.

To configure ERSPAN using Catalyst Center, create a traffic copy policy that defines the source and destination of the traffic flow that you want to copy. You can also define a traffic copy contract that specifies the device and interface where the copy of the traffic is sent.

Note	Because traffic copy policies can contain either security groups or IP network groups, throughout this guide, we use the term groups for both security groups and IP network groups, unless specified otherwise.

Catalyst Center simplifies the process of monitoring traffic. You do not have to know the physical network topology. You only have to define a source and destination of the traffic flow and the traffic copy destination where you want the copied traffic to go.

• Source: One or more network device interfaces through which the traffic that you want to monitor flows. The interface might connect to endpoint devices, specific users of these devices, or applications. A source group comprises Ethernet, Fast Ethernet, Gigabit Ethernet, 10-Gigabit Ethernet, or port channel interfaces only.

• Destination: The IP subnet through which the traffic that you want to monitor flows. The IP subnet might connect to servers, remote peers, or applications.

• Traffic Copy Destination: Layer 2 or Layer 3 LAN interface on a device that receives, processes, and analyzes the ERSPAN data. The device is typically a packet capture or network analysis tool that receives a copy of the traffic flow for analysis.

  Note	At the destination, we recommend that you use a network analyzer, such as a Switch Probe device, or other Remote Monitoring (RMON) probe, to perform traffic analysis.

  The interface type can be Ethernet, Fast Ethernet, Gigabit Ethernet, or 10-Gigabit Ethernet interfaces only. When configured as a destination, the interface can be used to receive only the copied traffic. The interface can no longer receive any other type of traffic and cannot forward any traffic except that required by the traffic copy feature. You can configure trunk interfaces as destinations. This configuration allows the interfaces to transmit encapsulated traffic.

  Note	There can be only one traffic copy destination per traffic copy contract.

Catalyst Center supports traffic copy policy on these devices:

• Source: Cisco Catalyst 3000, Catalyst 4000, Catalyst 9000

• Destination: Cisco Nexus 7000, ASR 1000, Catalyst 6000, ISR 4000

The traffic copy policy feature has these limitations:

• You can create up to 8 traffic copy policies, 16 copy contracts, and 16 copy destinations.

• The same interface cannot be used by more than one traffic copy destination.

• Catalyst Center does not show a status message to indicate that a traffic copy policy has been changed and is no longer consistent with the one that is deployed in the network. However, if you know that a traffic copy policy has changed since it was deployed, you can redeploy the policy.

• You cannot configure a management interface as a source group or traffic copy destination.