Group-Interface/MLT with VLAN tagging: LACP base circuit assumes non-visible "logical-all" statementThis inherent logical-all of the group-interface base circuit can pose potential problems for applications that rely on the use and proper receipt of broadcast or multicast packets on a specified interface (ie. Check Point state synchronization).
The following is an example of a misconfigured Cisco configuration related to Crossbeam configuration referenced below.
Port channel configuration
interface Port-channel12
description WAN-MLT
switchport
switchport access vlan 195
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 191,195 <-----accidentally tagging vlan 191
switchport mode trunk
no ip address
spanning-tree portfast
Within the following line of the XOS configuration, using the "wan" base circuit to establish LACP will automatically assume the "logical-all" statement, which is not visible within the CLI configuration.
In the Crossbeam configuration referenced, the circuit "wan" is considered the base template circuit. This base circuit exchanges LACP BPDUs and is used to establish the LACP interface bundle to the adjacent, connected device.
It is important to note that if the adjacent switch has been misconfigured to trunk additional, undesired vlans within the LACP interface bundle connected to the Crossbeam X-series NPM, all related non-unicast IP tagged packets will be accepted by the base circuit and passed to the vap-group due to the implied "logical-all" configuration.