Restrictions
Once a tunneled-node profile is applied to a port, the controller IP (primary and backup) cannot be changed.
IP address cannot be assigned to VLANs that the tunnel-node port belongs to.
No support for fragmentation and reassembly for encapsulated frames that result in an MTU violation. Such frames will be dropped. It is recommended that you configure the switch-controller path for Jumbo MTU. No support for PMTU detection for tunnel traffic.
The packets from nontunneled node ports (in the same VLAN as tunnel-node port) will not be bridged to the tunneled-node ports and conversely.
Features not allowed on a tunneled node port/VLAN with tunneled node ports/globally:
Feature |
Blocked globally/per port/ VLAN with tunneled-node-ports |
|---|---|
IP multicast routing |
Global |
Openflow |
Global |
Q-in-Q |
Global |
Distributed Trunking |
Global |
Mesh |
Global |
VXLAN |
Global |
IP address: manual and dhcp |
VLAN |
802.1x, mac auth, webauth, LMA, port security |
port |
DIPLD (IPv4/IPv6) |
port |
DSNOOP (IPv4/IPv6) |
VLAN |
ARP protect |
VLAN |
RA guard |
port |
Virus throttling |
port |
BYOD |
VLAN |
Trunk |
Profile cannot be applied to a trunk |
PBR policies |
VLAN |
VSF on a tunneled-node port |
port |
Src port/Mcast filters |
port |
DHCP client/Server/Relay |
VLAN |