Loading...
Loading...
C9300 switch (standalone or stack) configured with dot1q-tunnel on both ingress and egress port forwards the frame or packet without a VLAN tag. What is expected and what is happening in practice: 1) Frame or packet tagged with C-VLAN arrives on Cat9300's ingress port with dot1q-tunnel 2) Cat9300 should encapsulate the frame/packet with another layer of an IEEE 802.1Q tag (S-VLAN). Instead, it appears that the switch removes the C-VLAN and adds S-VLAN. The frame leaves the trunk with S-VLAN only, while we expect the frame to have both C-VLAN and S-VLAN. 3) Frame or packet arrives on egress port acting as a dot1q-tunnel without C-VLAN. S-VLAN should be stripped off, which seems to be happening but the packet leaves the switch without a single tag while it should leave it with C-VLAN only.
C9300 switch (standalone or stack) 16.11.1 or 16.9.3 Configuration on ingress port: interface TwoGigabitEthernet x/y/z / GigabitEthernet x/y/z switchport access vlan switchport mode dot1q-tunnel no cdp enable Configuration on ingress port: interface TwoGigabitEthernet x/y/z / GigabitEthernet x/y/z switchport access vlan switchport mode dot1q-tunnel no cdp enable
There is no workaround at this point.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.