Traffic Mirroring Configuration Guide for Cisco 8000 Series Routers, Cisco IOS XR Release

Configuration guidelines for ERSPAN

Updated: February 5, 2026

Overview

This section provides essential guidelines for configuring ERSPAN, including requirements for source and destination interfaces, supported traffic types, and encapsulation methods. Use these principles to ensure proper setup and functionality of remote traffic mirroring sessions.

These guidelines apply for ERSPAN:

Source and destination interface requirements

The source interfaces are Layer 3 interfaces, such as physical and bundle interfaces, or subinterface.
Each monitor session allows only one destination interface.
The next hop interface must be a main interface. It can be a physical or bundle interface.

Traffic types and protocol support

The routers mirror IPv4 and IPv6 traffic.
The router supports MPLS traffic mirroring and GRE tunnel configuration with the next hop over a labeled path.
The router supports only ERSPAN TYPE II header. The value of the index field is always 0. The value of the session-ID field is an internal number that is used by the data path to distinguish between sessions.
The router mirrors only unicast traffic. However, from Cisco IOS XR Software Release 7.5.3 onwards, the router can mirror multicast traffic.
ERSPAN will be functional regardless of any configuration related to MPLS or LDP present on the router.

Encapsulation and tunneling

ERSPAN with GRE IPv4 or IPv6 has tunnel destinations.
In ERSPAN over GRE IPv6, the HopLimit and TrafficClass fields in outer IPv6 header can be edited under the tunnel configuration.

Mirroring support

ERSPAN supports only Rx direction.
MPLS packet mirroring is supported only from Cisco IOS XR Software Release 7.5.3 onwards.

Access Control List (ACL) integration

ERSPAN over GRE IPv4 and IPv6 supports SPAN ACL.
For ACL ERSPAN, the ERSPAN next-hop must have ARP resolved. Any other traffic or protocol triggers ARP.
ACL permit or deny entries with capture action are part of mirroring features.

Packet capture capabilities

The router supports full packet capture.

Monitor session support

Starting from Cisco IOS XR Release 24.3.1, the system creates one default monitor session and users can configure up to three additional monitor sessions, totaling four sessions, which is the maximum number of monitor sessions that the router allows.

Release-wise feature summary

This table summarizes key feature changes across different software releases.

Table 1. Release-wise feature summary
Feature	Release	Details
GRE sequence bit for ERSPAN	7.0.14	GRE header sequence bit is set; sequence number is always 0 for ERSPAN packets.
Sequence bit	7.5.3	The sequence number bit is always set one and the sequence number field, which is 4 bytes, is always set to zero.
Packet truncation over remote GRE tunnels	7.5.3	Allows flexible packet truncation for mirrored traffic.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.