Hello Sathish
Yes, let me clarify. This depends upon what process we are actually looking at.
When we talk about ingress traffic, if a frame larger than 1500 bytes (payload only, this does not include the Ethernet header) arrives on a port that has the L2 MTU set to 1500, then the frame will be dropped. It doesn’t matter what is found in the IP header DF bit. That is never examined for incoming traffic since the frame is never received or processed.
For egress traffic, if the traffic is being forwarded on a Layer 2 switch (that is, no decapsulation takes place up to Layer 3), then the frame will enter the switch from some port, and will attempt to be egressed out of another port. If the egress port has an L2 MTU of 1500 and the frame is larger than 1500 (again, payload only), then the frame will be dropped. This can happen if you have one port with a larger L2 MTU where those frames can enter the switch. Once they try to exit from a port with an L2 MTU of 1500 they are dropped. Again, if the switch is L2 only, then the DF bit of IP is not checked.
Now if we’re talking about a L3 switch, which is performing routing with SVIs, then we have decapsulation up to Layer 3, then here the DF bit is taken into account. This is examined during encapsulation from Layer 3 (IP) to Layer 2 (Ethernet). If the egress port has a L2 MTU of 1500, and the IP packet (including header) is larger than 1500 bytes, then the DF bit will be checked. If it is not set, the packet will be separated into two and put into two different frames to ensure that the MTU size is smaller than the L2 MTU of the exit interface. Does that make sense?
I hope this has been helpful!
Laz