Home
Support
Product Support
Routers
Cisco 8000 Series Routers
Configuration Guides

Traffic Mirroring Configuration Guide for Cisco 8000 Series Routers, Cisco IOS XR Release

View all Saved Content

PDF

Is this helpful?

Helpful Unhelpful

Feedback

Thank you for your feedback. Your response has been recorded.

Ask about this document

Cisco Configuration Guide, Release 4.2

Table of contents

Expand all sections

About this document

Preface

Using YANG Data Models

Getting Started with Traffic Mirroring

Traffic mirroring
Configuration guidelines for traffic mirroring
Restrictions for traffic mirroring
Traffic mirroring terminology
Traffic mirroring types
How traffic mirroring works

ACL-based traffic mirroring

ACL-based traffic mirroring
How ACL-based traffic mirroring works
Configure ACLs for traffic mirroring
Configure layer 3 ACL-based traffic mirroring
Attach a source interface
Multiple SPAN ACL sessions for MPLS

Local SPAN

Local SPAN
Configuration guidelines for local SPAN
Restrictions for local SPAN
Configure local SPAN
Local SPAN with ACLs
Local SPAN rate limit

ERSPAN

ERSPAN
Configuration guidelines for ERSPAN
Restrictions for ERSPAN
Supported ERSPAN sessions
ERSPAN over GRE
Partial packet capture for ERSPAN
ERSPAN with flexible CLI
ERSPAN rate limit
ERSPAN rate-limit per destination
Traffic mirroring with DSCP
Monitor ERSPAN sessions with SPAN and security ACLs
Selective packet capture for protocol and drops

SPAN to file

SPAN to file
Always-On SPAN to file with periodic write
SPAN to file with unique capture

Mirror forward-drop packets

Mirror forward-drop packets
Guidelines for mirroring forward-drop packets
Restrictions for mirroring forward-drop packets
Configure forward-drop packets

Mirror buffer drop packets

Mirror buffer drop packets
Guidelines for mirroring buffer drop packets
Configure buffer drop packets mirroring for SPAN to file
Configure buffer drop packets mirroring for ERSPAN

File Mirroring

File mirroring
Restrictions for file mirroring
Configure file mirroring

How to troubleshoot traffic mirroring

Troubleshoot traffic mirroring issues
Additional debug commands

ACL-based traffic mirroring

Updated: February 5, 2026

Overview

This chapter provides configuration procedures for ACL-based traffic mirroring to selectively monitor IPv4, IPv6, and MPLS traffic. These techniques enhance security and optimize resource usage by focusing on specific data flows defined by addresses, protocols, or port numbers.

It covers benefits like improved security and efficient resource use, details configuration guidelines and restrictions, and provides step-by-step procedures for setting up IPv4, IPv6, and Layer 3 ACLs.

ACL-based traffic mirroring

This section explains how ACL-based traffic mirroring allows for selective monitoring of specific traffic flows based on characteristics like IP addresses and protocols.

How ACL-based traffic mirroring works

This section explains the operational stages of ACL-based traffic mirroring and how the router processes defined rules. It describes how the system uses specific keywords and configurations to determine which packets are mirrored to the designated destination port.

Configure ACLs for traffic mirroring

Use this procedure to create and apply IPv4 or IPv6 access control lists for traffic mirroring. This task explains how to define permit actions for specific traffic patterns and attach the monitoring configuration to a SPAN source interface for ingress traffic.

Configure layer 3 ACL-based traffic mirroring

Use this procedure to configure traffic mirroring for Layer 3 Access Control Lists (ACLs). This task includes starting a monitor session, defining a tunnel destination, and applying the capture keyword within the ACL to initiate the mirroring of specific IPv4 traffic.

Attach a source interface

Use this procedure to attach a source interface to a monitor session for an Access Control List (ACL). This task covers entering interface configuration mode, applying the IPv4 access group, attaching a source interface, and specifying the direction of traffic to be replicated for monitoring.

Multiple SPAN ACL sessions for MPLS

This section explains the feature that allows monitoring and mirroring of ingress MPLS traffic by configuring multiple SPAN ACL sessions.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.