22.3 Coexistence of Layer 2 switch function and other functions

When the Layer 2 switch functionality is used, other functionality might be restricted or disabled. The following table describes the restrictions regarding combinations of functionality.

Note that only functionality with compatibility restrictions is shown in the table.

Table 22-2 Limitations of MAC Addressing
Functionality used	Functionality	Restrictions
MAC Address Learning	Uplink Redundancy	Can only be partially used^#

#: Static entries cannot be used for uplink port pairs.

Table 22-3: Limitations on VLAN
Functionality used		Functionality	Restrictions
VLAN type	Port VLAN	VLAN tunneling	Partially limited #1
		Layer 2 Authentication	Partially limited #2
		Port mirroring (mirrored ports)	Partially limited #3
		Policy-Based Mirroring (Mirror Ports)	Cannot be used
	Protocol VLAN	Default VLAN	Cannot be used
		VLAN tunneling
		PVST+
		Layer 2 Authentication	Partially limited #2
		Port mirroring (mirrored ports)	Cannot be used
		Policy-Based Mirroring (Mirror Ports)
		PTP
	MAC VLAN	Default VLAN	Cannot be used
		VLAN tunneling
		VXLAN [SL-L3A]
		PVST+
		Layer 2 Authentication	Partially limited #2
		Port mirroring (mirrored ports)	Cannot be used
		Policy-Based Mirroring (Mirror Ports)
		PTP
Default VLAN		Protocol VLAN	Cannot be used
		MAC VLAN
		IGMP snooping
		MLD snooping
		Layer 2 Authentication	Partially limited #2
		Port mirroring (mirrored ports)	Partially limited #3
		Policy-Based Mirroring (Mirror Ports)	Cannot be used
Extended VLAN Functionality	Tag translation	VXLAN [SL-L3A]	Cannot be used
		PVST+
		IGMP snooping
		MLD snooping
		Uplink Redundancy	Partially limited #4
		PTP	Cannot be used
	VLAN tunneling	Port VLAN	Partially limited #1
		Protocol VLAN	Cannot be used
		MAC VLAN
		VXLAN [SL-L3A]
		PVST+
		Single Spanning Tree
		Multiple Spanning Tree
		IGMP snooping
		MLD snooping
		Layer 2 Authentication	Partially limited #2
		DHCP Snooping	Cannot be used
		Uplink Redundancy	Partially limited #4
		PTP	Cannot be used
	L2 Protocol Frame Transparency (BPDU)	PVST+	Cannot be used
		Single Spanning Tree
		MSTP
	L2 Protocol Frame Transparency (EAP)	Layer 2 Authentication	Partially limited #2
	L2 Protocol Frame Transparency (LLDP)	LLDP	Cannot be used
	L2 Protocol Frame Transparency (UDLD)	IEEE 802.3ah/UDLD	Cannot be used
	Inter-port relay blocking functionality	DHCP Snooping	Partially limited #5

Note #1: When using the VLAN tunneling functionality, do not use a native VLAN on a trunk port.
Note #2: See "Configuration Guide: Using Vol.2" "5.2.1 Layer 2 Authentication with Other Features."
Note #3: This function is available only when 802.1Q Tag grant function is used.
Note #4: Cannot be used on an uplink port.
Note #5: When DHCP snooping is enabled, even if the inter-port relay blocking functionality is set up, none of the DHCP packets received by the Switch will be subject to blocking. Also, when dynamic ARP testing is enabled, none of the ARP packets received by the Switch will be subject to blocking.

Table 22-4 Limitations on VXLAN
Functionality used	Functionality	Restrictions
VXLAN [SL-L3A]	MAC VLAN	Cannot be used
	Tag translation
	VLAN tunneling
	IGMP snooping
	MLD snooping
	PTP
	Policy-based Routing
	IPv4 multicasting
	IPv6 multicasting

Table 22-5: Availability of operation functions on VXLAN Access port and VXLAN Network port
Functionality		VXLAN Access port #1	VXLAN Network
SNMP		NG	OK
Link Aggregation		OK	OK
Protocol VLAN		NG	OK
Extended VLAN Functionality	L2 protocol frame transparency	OK	NG
	Inter-port relay blocking	#^#2	#^#2
	VLAN debounce	NG	NG
	Layer 2 forwarding blocked	NG	NG
Spanning Tree Protocols		NG	NG
Ring Protocol		NG	OK
Filters	inbound	OK^#3	NG
Filters	outbound	OK^#3	OK^#4
QoS (flow-control) User priority mapping Flow detection Bandwidth monitoring Marking Priority determination		#^#5	NG
QoS (sender function) Shaper Drop control		OK	OK
Layer 2 Authentication (IEEE802.1X,Web certification, MAC certification)		NG	NG
DHCP Snooping		NG	NG
High Reliability Based on Redundant Configurations (GSRP,VRRP, Uplink Redundant)		NG	NG
L2 Loop Detection		NG	NG
Storm Control		OK	OK
Port Mirroring	inbound	OK	OK
Port Mirroring	outbound	#^#6	#^#7
Policy-Based Mirroring	inbound	OK^#3	NG
sFlow		NG	NG
IEEE 802.3ah/UDLD		NG	NG
CFM		NG	NG
LLDP		OK^#8	OK
OADP		NG	NG
IPv4, ARP, and ICMP		NG	OK
DHCP and BOOTP relay agents		NG	NG
DHCP server		NG	NG
IPv4 unicast routing (Static, RIP,OSPF,BGP4)		NG	OK
IPv6, NDP, and ICMPv6		NG	OK
RA		NG	NG
IPv6 DHCP relay		NG	NG
IPv6 DHCP servers		NG	NG
IPv6 unicast routing (Static, RIPng,OSPFv3,BGP4+)		NG	OK
VRFs		OK	OK

Legend: OK: Supported #: Restricted NG: Not supported

Notes

The availability of operation on VXLAN Access indicates the availability of operation on VLAN or subinterface to which VNI is mapped. The operation availability on VXLAN Network indicates the operation availability on VLAN to send and receive VXLAN frames.

Note #1

When a subinterface is specified for a VXLAN Access port, the Layer 2 functionality is basically disabled. If you apply a VLAN to a VNI, the Layer 2 functionality cannot operate on VLAN.

Note #2

In stacking, if a frame received from a VXLAN Access port or VXLAN Network port is sent from a member switch that differs from the member switch that received the frame, the port-to-port forwarding blocking feature does not operate.

Note #3

Pre-encapsulation frame information (such as MAC headers and IP headers) is detected.

Note #4

VXLAN frame information (such as MAC headers and IP headers) after encapsulation is detected.

Note #5

When IP header DSCP is rewritten, the pre-encapsulation IP header is rewritten in VXLAN frame.

If user priority rewriting in VLAN Tag is set and VXLAN Network port is a trunk port, the user priority in VXLAN frame is reflected.

Note #6

Mirroring of transmit frames in which VXLAN frames are decapsulated deletes VLAN Tag and outputs them from the mirror port.

Note #7

When using port mirroring to check the transmit frame information of VXLAN Network port, the header information of the frame encapsulated in VXLAN cannot be acquired correctly. To check the information sent from VXLAN Network port, check it on the partner switch.

Note #8

VXLAN Access subinterface mapping does not send IEEE802.1 Organizationally Specific TLVs.

Table 22-6: Restrictions on spanning tree
Functionality used	Functionality	Restrictions
PVST+	Protocol VLAN	Cannot be used
	MAC VLAN
	VLAN tunneling
	Tag translation
	L2 protocol frame transparency functionality (BPDU)
	Multiple Spanning Tree
	GSRP
	Layer 2 Authentication	Can only be partially used^#
	Uplink Redundancy	Cannot be used
	PTP	Cannot be used
Single Spanning Tree	VLAN tunneling	Cannot be used
	L2 protocol frame transparency functionality (BPDU)
	Multiple Spanning Tree
	GSRP
	Layer 2 Authentication	Can only be partially used^#
	Uplink Redundancy	Cannot be used
	PTP	Cannot be used
Multiple Spanning Tree	VLAN tunneling	Cannot be used
	L2 protocol frame transparency functionality (BPDU)
	Single Spanning Tree
	PVST+
	Loop guard
	GSRP
	Layer 2 Authentication	Can only be partially used^#
	Uplink Redundancy	Cannot be used
	PTP	Cannot be used

#: See "Configuration Guide: Using Vol.2" "5.2.1 Layer 2 Authentication with Other Features."

Table 22-7: Limitations on Ring Protocol
Functionality used	Functionality	Restrictions
Ring Protocol	Layer 2 Authentication	Partially limited #1
	Uplink Redundancy	Partially limited #2
	PTP	Cannot be used

Note #1: See "Configuration Guide: Using Vol.2" "5.2.1 Layer 2 Authentication with Other Features."
Note #2: Cannot be used with a ring port.

Table 22-8: Limitations on IGMP/MLD snooping
Functionality used	Functionality	Restrictions
IGMP snooping	Default VLAN	Cannot be used
	Tag translation
	VLAN tunneling
	VXLAN [SL-L3A]
	Layer 2 Authentication	Can only be partially used^#
MLD snooping	Default VLAN	Cannot be used
	Tag translation
	VLAN tunneling
	VXLAN [SL-L3A]

#: See "Configuration Guide: Using Vol.2" "5.2.1 Layer 2 Authentication with Other Features."