Symptom
Catalyst 3850 is adding 2 byte VSS-monitoring trailer to the packets.
This can cause problems in environments with wireless (using tunnel CAPWAP) where authentication response (reply packets (DTLS)) coming from WLC can get drop by the Access Point when the packet passes through a 3850.
A switch reload may shift the issue to some other interface.
Conditions
For now the problem have been seen on this models:
WS-C3850-12XS
WS-C3850-24XS
WS-C3850-24XS
WS-C3850-48XS
WS-C3650-48PD
All current IOS versions are affected.
No additional condition is needed, the interfaces can present the issue randomly.
Workaround
Please contact TAC in order to get get the workaround for this issue.
Further Problem Description
-----------
