Configuring Ethernet Loopback on Cisco ASR901

Posted by

In many Ethernet testing use cases its always convenient to have an option of doing a real Ethernet loopback. The key to Ethernet loopback testing is for the device doing the loopback function to swap the source and destination MAC addresses within the Ethernet frame. The reason for this swap is to make the frame appear to be sourced from the destination of the original frame and destined to the original source.


With that functionality available we can connect an Ethernet test set, such as those from EXFO or JDSU, and run an Ethernet test with one test kit and one technician.  Having an Ethernet test set on each side of a link is not needed in this case.

I verified this configuration in a lab environment using a Cisco ASR901 router and a laptop.  I applied the following configuration of the ASR901 router:

interface gigabitEthernet0/2
service instance 1 ethernet
encapsulation untagged
bridge domain 3

This configuration creates a service instance on an GigE interface that matches untagged traffic and forwards it to bridge-domain 3. I then connected my laptop to port Gig0/2 and once the interface is up I issued ‘ethernet loopback’ command in EXEC mode.

ethernet loopback start local interface gigabitEthernet 0/2 service 
instance 1 facility source mac-address d4be.d930.e0d0 destination 
mac-address 255.255.255 timeout 9000

This command tells the A901 router to perform an Ethernet loopback on interface Gig0/2, service instance 1. This will be a facility loopback, which means it will be a loopback on an interface back out that same interface.  It will match any frames sourced from MAC address d4be.d930.e0d0 and the perform a mac swap of the source to destination and destination to source.

In order to test this I placed a static ARP entry on my PC so I could avoid performing ARPs for this test. To do this I issued the following command:

arp -s 02-55-02-55-02-55

I previously had set the IP address on my PC to

Once this once complete I issued a ping command.


This resulted in the following output in Wireshark on my PC:


This shows the ICMP echo (ping) message sent with src MAC of the PC and destination of the fictitious destination. As expected.

We then receive a packet that has been loopbacked by the ASR901 router.


You notice it was swapped and now the src is the fictitious MAC address and the destination is now the PC.  Notice that the IP header is unchanged, the SRC and DST IP addresses remain the same throughout.

Once testing is complete you can remove the loopback by issuing the following command:

ethernet loopback stop local interface gigabitEthernet 0/2 service 
instance 1


  1. Thanks for sharing this procedure. Do you any idea how we can do the same with Cisco ISR G1(18xx/28xx/38xx) and ISR G2(19xx/29xx/39xx) routers? Appreciate any input.

    1. I don’t believe its supported on those platforms. I usually see this type of functionality on the metro ethernet access products only. However let me check.

  2. Hi,
    I used this Ethernet Loopback command for testing ASR 901.

    So, setup is like this :
    All are cisco Routers except the tester.
    Tester (CE)—–PE Router———L2 MPLS VPN Cloud———–PE Router—– CE (ASR 901-Device Under Test)

    This are the steps:

    1. I enable ethernet loopback command on ASR 901 which is my DUT.
    2. I start pumping traffic now from the tester.

    Everything works just fine till step 2 and ASR 901 Router is giving back the traffic back to tester as expected because of soft loopback/dataplane loopback command i configured.

    3. Now, when I enable “Stop Loopback” command on ASR 901, I experience something weird.

    Still, tester is pumping the traffic.

    I lose the telnet access to the DUT (ASR 901) and can’t access the CLI if I am accessing the box(DUT) remotely.
    If I need to access the ASR 901(DUT) now, I need to connect the console cable directly from my Laptop to the box.

    Losing this Telnet access or Remote access to DUT happens only when he is pumping the traffic.
    NOW, if i stop the traffic, I can access the DUT(ASR 901) remotely via telnetting.

    This means, if the tester is pumping traffic to my DUT, I can’t telnet the DUT (ASR 901), But if I stop pumping the traffic, I can telnet and access the DUT (ASR 901) remotely.

    What could be the problem?

    Have I made myself clear with explaining the issue?

    1. You are clear. I can only assume that the CPU usage went really high not allowing telnet access or the input process was overrun. I’m going to see if I can duplicate this in my lab. What version of code ‘show version’ are you using and what does the ‘show processes cpu’ look like while the issue is going on?

  3. Dear Matt,

    Sorry I know I’m placing this comment in a wrong place.
    I may need your help in building up a DWDM Network.
    Mind you please send me an Email so that I can ask my questions?

    Many Thanks in advance

    1. I apologize. For some reason I missed your comments and questions. Are you looking for staff to design and build a new system or just some questions answered?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s