Traffic Mirroring Configuration Guide for Cisco 8000 Series Routers, Cisco IOS XR Release

ERSPAN over GRE

Updated: February 5, 2026

On this page

Overview

Configuration guidelines for ERSPAN over GRE
How ERSPAN over GRE works
Configure ERSPAN over GRE

Overview

This section explains how ERSPAN over GRE IPv6 enables the secure encapsulation and mirroring of IPv4 or IPv6 traffic.

The ERSPAN over GRE IPv6 is a traffic mirroring feature that

enables mirroring IPv4 or IPv6 traffic in your network
uses GRE IPv6 for secure encapsulation of mirrored data, and
sends mirrored traffic to remote analyzers for detailed examination.

Configuration guidelines for ERSPAN over GRE

These guidelines apply to ERSPAN over GRE:

Configuration commands use

Use the cef proactive-arp-nd enable command to configure missing adjacency information for the next hop.

How ERSPAN over GRE works

Summary

The router encapsulates and mirrors traffic using ERSPAN over GRE IPv6 with the sequence number set to 0, sends it to a remote analyzer, and resolves the next-hop address for successful delivery.

The key components involved in the process are:

ERSPAN header: Used to encapsulate the mirrored traffic.
GRE IPv6 packet: Provides the tunneling mechanism for carrying ERSPAN traffic.
Sequence number: Set to 0 in the GRE header for ERSPAN packets.
Remote Traffic Analyzer: Receives and monitors the mirrored traffic.
Next-Hop address resolution: Ensures the router can deliver packets by resolving ARP or neighbor information for the GRE IPv6 tunnel.

Workflow

These are the stages of how ERSPAN over GRE works:

The router encapsulates the trafficby adding an ERSPAN header inside the GRE IPv6 packet. The GRE header of the ERSPAN encapsulated packets has the sequence number set to 0.
The router sends the replicated traffic packet to the destination for monitoring through the GRE IPv6 channel for traffic mirroring.
The router sends the mirrored traffic to a remote traffic analyzer for monitoring.
The router must resolve the ARP or neighbor for ERSPAN GRE IPv6 tunnel next-hop. We recommend using the cef proactive-arp-nd enable command to configure missing adjacency information for the next hop.

Configure ERSPAN over GRE

Use these steps to configure ERSPAN over GRE IPv6:

Procedure

	1.	Enable GRE IPv6 tunnel configuration. Example: `Router#configure Router(config)#interface tunnel-ip1 Router(config-if)#tunnel mode gre ipv6 Router(config-if)#tunnel source 2001:DB8:1::1 Router(config-if)#tunnel destination 2001:DB8:2::1 Router(config-if)#no shut Router(config)#commit` A GRE IPv6 tunnel is configured on an interface.
	2.	Enable an ERSPAN session. Example: `Router#configure Router(config)#monitor-session mon1 ethernet Router(config-mon)#destination interface tunnel-ip1 Router(config-mon)#commit Router(config-mon)#end`
	3.	Configure the ERSPAN session under the port to be monitored. Example: `Router(config)#interface HundredGigE0/1/0/14 Router(config-if)#monitor-session mon1 ethernet direction rx-only Router(config-if-mon)#exit Router(config-if)#exit Router(config)#interface Bundle-Ether1 Router(config-if)#monitor-session mon1 ethernet direction rx-only Router(config-if-mon)#exit Router(config-if)#exit Router(config)#interface HundredGigE0/1/0/15.100 Router(config-subif)#monitor-session mon1 ethernet direction rx-only`
	4.	Verify the configuration of the ERSPAN over GRE IPv6 feature using the show monitor-session status command. `Router#show monitor-session mon1 status Monitor-session mon1 Destination interface tunnel-ip1 ================================================================================ Source Interface Dir Status --------------------- ---- ---------------------------------------------------- Hu0/1/0/14 Rx Operational Hu0/1/0/15.100 Rx Operational BE1 Rx Operational BE1.1 Rx Operational` Router#show monitor-session erspan3 status internal Thu Jul 15 06:00:14.720 UTC Information from SPAN Manager and MA on all nodes: Monitor-session erspan3 (ID 0x00000007) (Ethernet) SPAN Mgr: Destination interface tunnel-ip372 (0x0f00049c) Last error: Success Tunnel data: Mode: GREoIPv6 Source IP: 77:3:1::79 Dest IP: 95::90 VRF: ToS: 100 TTL: 200 DFbit: Not set 0/3/CPU0: Destination interface tunnel-ip372 (0x0f00049c) Tunnel data: Mode: GREoIPv6 Source IP: 77:3:1::79 Dest IP: 95::90 VRF: ToS: 100 TTL: 200 DFbit: Not set 0/RP0/CPU0: Destination interface tunnel-ip372 (0x0f00049c) Tunnel data: Mode: GREoIPv6 Source IP: 77:3:1::79 Dest IP: 95::90 VRF: ToS: 100 TTL: 200 DFbit: Not set Information from SPAN EA on all nodes: Monitor-session 0x00000007 (Ethernet) 0/3/CPU0: Name 'erspan3', destination interface tunnel-ip372 (0x0f00049c) Platform, 0/3/CPU0: Monitor Session ID: 7 Monitor Session Packets: 2427313444 Monitor Session Bytes: 480591627492

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

ERSPAN over GRE

Overview

Configuration guidelines for ERSPAN over GRE

Configuration commands use

How ERSPAN over GRE works

Summary

Workflow

Configure ERSPAN over GRE

Procedure

Example:

Example:

Example:

Need help?