MTU - Understanding L2 MTU and Frame Handling in Network Switches
When dealing with ingress traffic on a network switch, if a frame larger than 1500 bytes (excluding the Ethernet header) arrives on a port with a Layer 2 MTU set to 1500, the frame will be dropped regardless of the IP header's DF (Don't Fragment) bit. This is because the frame is never processed or received.
For egress traffic on a Layer 2 switch, if a frame larger than 1500 bytes attempts to exit through a port with a Layer 2 MTU of 1500, it will also be dropped. This can occur if the frame enters through a port with a larger Layer 2 MTU and then tries to exit through a port with a 1500-byte Layer 2 MTU. In this scenario, the DF bit is not checked.
In contrast, on a Layer 3 switch performing routing with SVIs, the DF bit is considered during the encapsulation process from Layer 3 (IP) to Layer 2 (Ethernet). If the egress port has an Layer 2 MTU of 1500 and the IP packet exceeds this size, the DF bit will be checked. If the DF bit is not set, the packet will be fragmented into smaller frames to comply with the Layer 2 MTU of the exit interface.
Links
https://networklessons.com/ip-routing/pppoe-mtu-troubleshooting-cisco-ios/