Symptom
C9300 switch (standalone or stack) configured with dot1q-tunnel on both ingress and egress port forwards the frame or packet without a VLAN tag.
What is expected and what is happening in practice:
1) Frame or packet tagged with C-VLAN arrives on Cat9300's ingress port with dot1q-tunnel
2) Cat9300 should encapsulate the frame/packet with another layer of an IEEE 802.1Q tag (S-VLAN).
Instead, it appears that the switch removes the C-VLAN and adds S-VLAN.
The frame leaves the trunk with S-VLAN only, while we expect the frame to have both C-VLAN and S-VLAN.
3) Frame or packet arrives on egress port acting as a dot1q-tunnel without C-VLAN. S-VLAN should be stripped off, which seems to be happening but the packet leaves the switch without a single tag while it should leave it with C-VLAN only.
Conditions
C9300 switch (standalone or stack)
16.11.1 or 16.9.3
Configuration on ingress port:
interface TwoGigabitEthernet x/y/z / GigabitEthernet x/y/z
switchport access vlan
switchport mode dot1q-tunnel
no cdp enable
Configuration on ingress port:
interface TwoGigabitEthernet x/y/z / GigabitEthernet x/y/z
switchport access vlan
switchport mode dot1q-tunnel
no cdp enable
Workaround
There is no workaround at this point.
