22.3 Coexistence of Layer 2 switch function and other functions
When the Layer 2 switch functionality is used, other functionality might be restricted or disabled. The following table describes the restrictions regarding combinations of functionality.
Note that only functionality with compatibility restrictions is shown in the table.
Functionality used |
Functionality |
Restrictions |
---|---|---|
MAC Address Learning |
Uplink Redundancy |
Can only be partially used# |
- #
-
Static entries cannot be used for uplink port pairs.
Functionality used |
Functionality |
Restrictions |
|
---|---|---|---|
VLAN type |
Port VLAN |
VLAN tunneling |
Partially limited #1 |
Layer 2 Authentication |
Partially limited #2 |
||
Port mirroring (mirrored ports) |
Partially limited #3 |
||
Policy-Based Mirroring (Mirror Ports) |
Cannot be used |
||
Protocol VLAN |
Default VLAN |
Cannot be used |
|
VLAN tunneling |
|||
PVST+ |
|||
Layer 2 Authentication |
Partially limited #2 |
||
Port mirroring (mirrored ports) |
Cannot be used |
||
Policy-Based Mirroring (Mirror Ports) |
|||
PTP |
|||
MAC VLAN |
Default VLAN |
Cannot be used |
|
VLAN tunneling |
|||
VXLAN [SL-L3A] |
|||
PVST+ |
|||
Layer 2 Authentication |
Partially limited #2 |
||
Port mirroring (mirrored ports) |
Cannot be used |
||
Policy-Based Mirroring (Mirror Ports) |
|||
PTP |
|||
Default VLAN |
Protocol VLAN |
Cannot be used |
|
MAC VLAN |
|||
IGMP snooping |
|||
MLD snooping |
|||
Layer 2 Authentication |
Partially limited #2 |
||
Port mirroring (mirrored ports) |
Partially limited #3 |
||
Policy-Based Mirroring (Mirror Ports) |
Cannot be used |
||
Extended VLAN Functionality |
Tag translation |
VXLAN [SL-L3A] |
Cannot be used |
PVST+ |
|||
IGMP snooping |
|||
MLD snooping |
|||
Uplink Redundancy |
Partially limited #4 |
||
PTP |
Cannot be used |
||
VLAN tunneling |
Port VLAN |
Partially limited #1 |
|
Protocol VLAN |
Cannot be used |
||
MAC VLAN |
|||
VXLAN [SL-L3A] |
|||
PVST+ |
|||
Single Spanning Tree |
|||
Multiple Spanning Tree |
|||
IGMP snooping |
|||
MLD snooping |
|||
Layer 2 Authentication |
Partially limited #2 |
||
DHCP Snooping |
Cannot be used |
||
Uplink Redundancy |
Partially limited #4 |
||
PTP |
Cannot be used |
||
L2 Protocol Frame Transparency (BPDU) |
PVST+ |
Cannot be used |
|
Single Spanning Tree |
|||
MSTP |
|||
L2 Protocol Frame Transparency (EAP) |
Layer 2 Authentication |
Partially limited #2 |
|
L2 Protocol Frame Transparency (LLDP) |
LLDP |
Cannot be used |
|
L2 Protocol Frame Transparency (UDLD) |
IEEE 802.3ah/UDLD |
Cannot be used |
|
Inter-port relay blocking functionality |
DHCP Snooping |
Partially limited #5 |
- Note #1
-
When using the VLAN tunneling functionality, do not use a native VLAN on a trunk port.
- Note #2
-
See "Configuration Guide: Using Vol.2" "5.2.1 Layer 2 Authentication with Other Features."
- Note #3
-
This function is available only when 802.1Q Tag grant function is used.
- Note #4
-
Cannot be used on an uplink port.
- Note #5
-
When DHCP snooping is enabled, even if the inter-port relay blocking functionality is set up, none of the DHCP packets received by the Switch will be subject to blocking. Also, when dynamic ARP testing is enabled, none of the ARP packets received by the Switch will be subject to blocking.
Functionality used |
Functionality |
Restrictions |
---|---|---|
VXLAN [SL-L3A] |
MAC VLAN |
Cannot be used |
Tag translation |
||
VLAN tunneling |
||
IGMP snooping |
||
MLD snooping |
||
PTP |
||
Policy-based Routing |
||
IPv4 multicasting |
||
IPv6 multicasting |
Functionality |
VXLAN Access port #1 |
VXLAN Network |
|
---|---|---|---|
SNMP |
NG |
OK |
|
Link Aggregation |
OK |
OK |
|
Protocol VLAN |
NG |
OK |
|
Extended VLAN Functionality |
L2 protocol frame transparency |
OK |
NG |
Inter-port relay blocking |
# #2 |
# #2 |
|
VLAN debounce |
NG |
NG |
|
Layer 2 forwarding blocked |
NG |
NG |
|
Spanning Tree Protocols |
NG |
NG |
|
Ring Protocol |
NG |
OK |
|
Filters |
inbound |
OK #3 |
NG |
outbound |
OK #3 |
OK #4 |
|
QoS (flow-control)
|
# #5 |
NG |
|
QoS (sender function)
|
OK |
OK |
|
Layer 2 Authentication (IEEE802.1X,Web certification, MAC certification) |
NG |
NG |
|
DHCP Snooping |
NG |
NG |
|
High Reliability Based on Redundant Configurations (GSRP,VRRP, Uplink Redundant) |
NG |
NG |
|
L2 Loop Detection |
NG |
NG |
|
Storm Control |
OK |
OK |
|
Port Mirroring |
inbound |
OK |
OK |
outbound |
# #6 |
# #7 |
|
Policy-Based Mirroring |
inbound |
OK #3 |
NG |
sFlow |
NG |
NG |
|
IEEE 802.3ah/UDLD |
NG |
NG |
|
CFM |
NG |
NG |
|
LLDP |
OK #8 |
OK |
|
OADP |
NG |
NG |
|
IPv4, ARP, and ICMP |
NG |
OK |
|
DHCP and BOOTP relay agents |
NG |
NG |
|
DHCP server |
NG |
NG |
|
IPv4 unicast routing (Static, RIP,OSPF,BGP4) |
NG |
OK |
|
IPv6, NDP, and ICMPv6 |
NG |
OK |
|
RA |
NG |
NG |
|
IPv6 DHCP relay |
NG |
NG |
|
IPv6 DHCP servers |
NG |
NG |
|
IPv6 unicast routing (Static, RIPng,OSPFv3,BGP4+) |
NG |
OK |
|
VRFs |
OK |
OK |
Legend: OK: Supported #: Restricted NG: Not supported
- Notes
-
The availability of operation on VXLAN Access indicates the availability of operation on VLAN or subinterface to which VNI is mapped. The operation availability on VXLAN Network indicates the operation availability on VLAN to send and receive VXLAN frames.
- Note #1
-
When a subinterface is specified for a VXLAN Access port, the Layer 2 functionality is basically disabled. If you apply a VLAN to a VNI, the Layer 2 functionality cannot operate on VLAN.
- Note #2
-
In stacking, if a frame received from a VXLAN Access port or VXLAN Network port is sent from a member switch that differs from the member switch that received the frame, the port-to-port forwarding blocking feature does not operate.
- Note #3
-
Pre-encapsulation frame information (such as MAC headers and IP headers) is detected.
- Note #4
-
VXLAN frame information (such as MAC headers and IP headers) after encapsulation is detected.
- Note #5
-
When IP header DSCP is rewritten, the pre-encapsulation IP header is rewritten in VXLAN frame.
If user priority rewriting in VLAN Tag is set and VXLAN Network port is a trunk port, the user priority in VXLAN frame is reflected.
- Note #6
-
Mirroring of transmit frames in which VXLAN frames are decapsulated deletes VLAN Tag and outputs them from the mirror port.
- Note #7
-
When using port mirroring to check the transmit frame information of VXLAN Network port, the header information of the frame encapsulated in VXLAN cannot be acquired correctly. To check the information sent from VXLAN Network port, check it on the partner switch.
- Note #8
-
VXLAN Access subinterface mapping does not send IEEE802.1 Organizationally Specific TLVs.
Functionality used |
Functionality |
Restrictions |
---|---|---|
PVST+ |
Protocol VLAN |
Cannot be used |
MAC VLAN |
||
VLAN tunneling |
||
Tag translation |
||
L2 protocol frame transparency functionality (BPDU) |
||
Multiple Spanning Tree |
||
GSRP |
||
Layer 2 Authentication |
Can only be partially used# |
|
Uplink Redundancy |
Cannot be used |
|
PTP |
||
Single Spanning Tree |
VLAN tunneling |
Cannot be used |
L2 protocol frame transparency functionality (BPDU) |
||
Multiple Spanning Tree |
||
GSRP |
||
Layer 2 Authentication |
Can only be partially used# |
|
Uplink Redundancy |
Cannot be used |
|
PTP |
||
Multiple Spanning Tree |
VLAN tunneling |
Cannot be used |
L2 protocol frame transparency functionality (BPDU) |
||
Single Spanning Tree |
||
PVST+ |
||
Loop guard |
||
GSRP |
||
Layer 2 Authentication |
Can only be partially used# |
|
Uplink Redundancy |
Cannot be used |
|
PTP |
- #
-
See "Configuration Guide: Using Vol.2" "5.2.1 Layer 2 Authentication with Other Features."
Functionality used |
Functionality |
Restrictions |
---|---|---|
Ring Protocol |
Layer 2 Authentication |
Partially limited #1 |
Uplink Redundancy |
Partially limited #2 |
|
PTP |
Cannot be used |
- Note #1
-
See "Configuration Guide: Using Vol.2" "5.2.1 Layer 2 Authentication with Other Features."
- Note #2
-
Cannot be used with a ring port.
Functionality used |
Functionality |
Restrictions |
---|---|---|
IGMP snooping |
Default VLAN |
Cannot be used |
Tag translation |
||
VLAN tunneling |
||
VXLAN [SL-L3A] |
||
Layer 2 Authentication |
Can only be partially used# |
|
MLD snooping |
Default VLAN |
Cannot be used |
Tag translation |
||
VLAN tunneling |
||
VXLAN [SL-L3A] |
- #
-
See "Configuration Guide: Using Vol.2" "5.2.1 Layer 2 Authentication with Other Features."