Symptom
CRC drop errors are seen when interface MTU change is configured AFTER tunnel-encryption configuration on the interface
Conditions
Tunnel-encryption or VxLAN secure tunnels are established on dci links only. In such cases if MTU changes are done on these interfaces with tunnel encryption enabled, CRC drop errors might be observed
interface Ethernet 1/1
mtu xxx
tunnel-encryption
Workaround
Apply MTU changes BEFORE tunnel-encryption configuration
-OR-
Remove tunnel-encryption configuration, configure MTU and reapply tunnel-encryption
Further Problem Description
Secure VXLAN EVPN Multi-Site - CloudSec or tunnel-encryption is configured only on DCI links. With this configuration if MTU changes are done prior to applying tunnel encryption there will be no issues. If done after then depending on the traffic packet size, CRC drop errors maybe observed.
Also different MTU settings on broken out cloudsec ports will not be honored
